Play interactive tour

Edit tour

Analysis Report FACTURA Y ALBARANES (2).exe

Overview

General Information

Sample Name:	FACTURA Y ALBARANES (2).exe
Analysis ID:	430638
MD5:	0a2ce5a915bf643953baf2fcf3b25a5e
SHA1:	21a26264df4f615da898b38ef9332ff66d24b505
SHA256:	5a5428877719d24368bc14761dee49adf676fd883abd3a8c30b84c0b0c7e13f5
Infos:
Most interesting Screenshot:

Detection

GuLoader

Score:	92
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for submitted file

Potential malicious icon found

Yara detected GuLoader

C2 URLs / IPs found in malware configuration

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Detected RDTSC dummy instruction sequence (likely for instruction hammering)

Found potential dummy code loops (likely to delay analysis)

Tries to detect virtualization through RDTSC time measurements

Abnormal high CPU Usage

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Detected potential crypto function

PE file contains strange resources

Program does not show much activity (idle)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

FACTURA Y ALBARANES (2).exe (PID: 6124 cmdline: 'C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe' MD5: 0A2CE5A915BF643953BAF2FCF3B25A5E)

cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "https://drive.google.com/uc?export=download&id=10cWvVkUqjSi-M-x6hHokSklVF3h_YX3c"}

Yara Overview

Initial Sample

Source	Rule	Description	Author	Strings
FACTURA Y ALBARANES (2).exe	JoeSecurity_GuLoader_1	Yara detected GuLoader	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: FACTURA Y ALBARANES (2).exe

Malware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=download&id=10cWvVkUqjSi-M-x6hHokSklVF3h_YX3c"}

Multi AV Scanner detection for submitted file

Show sources

Source: FACTURA Y ALBARANES (2).exe	Virustotal: Detection: 27%			Perma Link
Source: FACTURA Y ALBARANES (2).exe	ReversingLabs: Detection: 19%

Source: FACTURA Y ALBARANES (2).exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Networking:

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor

URLs: https://drive.google.com/uc?export=download&id=10cWvVkUqjSi-M-x6hHokSklVF3h_YX3c

System Summary:

Potential malicious icon found

Show sources

Source: initial sample

Icon embedded in PE file: bad icon match: 20047c7c70f0e004

Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe

Process Stats: CPU usage > 98%

Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6A440 NtAllocateVirtualMemory,	1_2_02B6A440
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6A496 NtAllocateVirtualMemory,	1_2_02B6A496
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6A6FC NtAllocateVirtualMemory,	1_2_02B6A6FC
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6A434 NtAllocateVirtualMemory,	1_2_02B6A434
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6A653 NtAllocateVirtualMemory,	1_2_02B6A653
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6A44E NtAllocateVirtualMemory,	1_2_02B6A44E
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6A7C7 NtAllocateVirtualMemory,	1_2_02B6A7C7
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6A5C9 NtAllocateVirtualMemory,	1_2_02B6A5C9
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6A52C NtAllocateVirtualMemory,	1_2_02B6A52C
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6A75E NtAllocateVirtualMemory,	1_2_02B6A75E

Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6A440	1_2_02B6A440
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67EB9	1_2_02B67EB9
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B66EA0	1_2_02B66EA0
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B648A1	1_2_02B648A1
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B68096	1_2_02B68096
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6A496	1_2_02B6A496
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6529A	1_2_02B6529A
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B64A80	1_2_02B64A80
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6708A	1_2_02B6708A
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B69EF1	1_2_02B69EF1
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B678E5	1_2_02B678E5
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B676EE	1_2_02B676EE
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67AEA	1_2_02B67AEA
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B650D5	1_2_02B650D5
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67CDB	1_2_02B67CDB
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B716CD	1_2_02B716CD
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6A434	1_2_02B6A434
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67C32	1_2_02B67C32
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67A31	1_2_02B67A31
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67E1C	1_2_02B67E1C
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B64806	1_2_02B64806
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B66E02	1_2_02B66E02
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B65208	1_2_02B65208
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6E07D	1_2_02B6E07D
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6746D	1_2_02B6746D
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67656	1_2_02B67656
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B65046	1_2_02B65046
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67840	1_2_02B67840
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6A44E	1_2_02B6A44E
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B64C4A	1_2_02B64C4A
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B631BD	1_2_02B631BD
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B64BBD	1_2_02B64BBD
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B675A8	1_2_02B675A8
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67796	1_2_02B67796
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B64F97	1_2_02B64F97
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67D92	1_2_02B67D92
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6439E	1_2_02B6439E
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67B9B	1_2_02B67B9B
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6798C	1_2_02B6798C
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B681F3	1_2_02B681F3
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B64FF0	1_2_02B64FF0
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67FFD	1_2_02B67FFD
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B649E4	1_2_02B649E4
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B66FE8	1_2_02B66FE8
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B671DF	1_2_02B671DF
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B673CC	1_2_02B673CC
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B631C8	1_2_02B631C8
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B64732	1_2_02B64732
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6473E	1_2_02B6473E
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6813E	1_2_02B6813E
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67139	1_2_02B67139
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B64F27	1_2_02B64F27
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B64F22	1_2_02B64F22
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67323	1_2_02B67323
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B64B1F	1_2_02B64B1F
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6531F	1_2_02B6531F
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6E51C	1_2_02B6E51C
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67504	1_2_02B67504
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67562	1_2_02B67562
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6516A	1_2_02B6516A
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67F6A	1_2_02B67F6A
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B66D57	1_2_02B66D57
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B66D55	1_2_02B66D55
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67555	1_2_02B67555
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B64940	1_2_02B64940

Source: FACTURA Y ALBARANES (2).exe

Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: FACTURA Y ALBARANES (2).exe, 00000001.00000002.732171971.0000000000423000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameabjections.exe vs FACTURA Y ALBARANES (2).exe
Source: FACTURA Y ALBARANES (2).exe, 00000001.00000002.733780596.00000000020A0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameuser32j% vs FACTURA Y ALBARANES (2).exe
Source: FACTURA Y ALBARANES (2).exe	Binary or memory string: OriginalFilenameabjections.exe vs FACTURA Y ALBARANES (2).exe

Source: FACTURA Y ALBARANES (2).exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: classification engine

Classification label: mal92.rans.troj.evad.winEXE@1/0@0/0

Source: FACTURA Y ALBARANES (2).exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe

Section loaded: C:\Windows\SysWOW64\msvbvm60.dll

Jump to behavior

Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: FACTURA Y ALBARANES (2).exe	Virustotal: Detection: 27%
Source: FACTURA Y ALBARANES (2).exe	ReversingLabs: Detection: 19%

Data Obfuscation:

Yara detected GuLoader

Show sources

Source: Yara match	File source: FACTURA Y ALBARANES (2).exe, type: SAMPLE
Source: Yara match	File source: 1.2.FACTURA Y ALBARANES (2).exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.FACTURA Y ALBARANES (2).exe.400000.0.unpack, type: UNPACKEDPE

Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_0040AC0D push ebx; iretd	1_2_0040AC0E
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_0040AEB5 push ecx; iretd	1_2_0040AEBA
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_00407B26 push es; ret	1_2_00407B27

Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion:

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Show sources

Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67EB9	1_2_02B67EB9
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B66EA0	1_2_02B66EA0
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B68096	1_2_02B68096
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6828C	1_2_02B6828C
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6708A	1_2_02B6708A
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B65EF0	1_2_02B65EF0
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B678E5	1_2_02B678E5
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B676EE	1_2_02B676EE
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67AEA	1_2_02B67AEA
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B65CD6	1_2_02B65CD6
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67CDB	1_2_02B67CDB
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B65CD8	1_2_02B65CD8
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B716CD	1_2_02B716CD
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67C32	1_2_02B67C32
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67A31	1_2_02B67A31
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67E1C	1_2_02B67E1C
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6601B	1_2_02B6601B
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B66E02	1_2_02B66E02
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6E07D	1_2_02B6E07D
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6746D	1_2_02B6746D
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67656	1_2_02B67656
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B65E5B	1_2_02B65E5B
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67840	1_2_02B67840
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B675A8	1_2_02B675A8
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67796	1_2_02B67796
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67D92	1_2_02B67D92
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6439E	1_2_02B6439E
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B65F9A	1_2_02B65F9A
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B68D9A	1_2_02B68D9A
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67B9B	1_2_02B67B9B
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B68D81	1_2_02B68D81
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6798C	1_2_02B6798C
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B681F3	1_2_02B681F3
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67FFD	1_2_02B67FFD
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B66FE8	1_2_02B66FE8
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B671DF	1_2_02B671DF
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B65DD9	1_2_02B65DD9
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B673CC	1_2_02B673CC
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B65D3E	1_2_02B65D3E
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6813E	1_2_02B6813E
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67139	1_2_02B67139
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B64F22	1_2_02B64F22
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67323	1_2_02B67323
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B63B2D	1_2_02B63B2D
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6E51C	1_2_02B6E51C
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67504	1_2_02B67504
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67562	1_2_02B67562
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67F6A	1_2_02B67F6A
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B66D57	1_2_02B66D57
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B67555	1_2_02B67555
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B66145	1_2_02B66145
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B63B42	1_2_02B63B42
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B68343	1_2_02B68343

Detected RDTSC dummy instruction sequence (likely for instruction hammering)

Show sources

Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe

RDTSC instruction interceptor: First address: 0000000002B6F14D second address: 0000000002B6F14D instructions:

Tries to detect virtualization through RDTSC time measurements

Show sources

Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	RDTSC instruction interceptor: First address: 0000000002B6F0DE second address: 0000000002B6F0DE instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b add esi, 02h 0x0000000e cmp word ptr [esi], 0000h 0x00000012 jne 00007F89544D0805h 0x00000014 mov ebx, edx 0x00000016 shl edx, 05h 0x00000019 add edx, ebx 0x0000001b movzx ebx, byte ptr [esi] 0x0000001e cmp cx, dx 0x00000021 add edx, ebx 0x00000023 xor edx, 370C63DEh 0x00000029 pushad 0x0000002a lfence 0x0000002d rdtsc
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	RDTSC instruction interceptor: First address: 0000000002B6F14D second address: 0000000002B6F14D instructions:

Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe

Code function: 1_2_02B6A440 rdtsc

1_2_02B6A440

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Anti Debugging:

Found potential dummy code loops (likely to delay analysis)

Show sources

Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe

Process Stats: CPU usage > 90% for more than 60s

Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe

Code function: 1_2_02B6A440 rdtsc

1_2_02B6A440

Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6E88D mov eax, dword ptr fs:[00000030h]	1_2_02B6E88D
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B65CD6 mov eax, dword ptr fs:[00000030h]	1_2_02B65CD6
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B65CD8 mov eax, dword ptr fs:[00000030h]	1_2_02B65CD8
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B695A4 mov eax, dword ptr fs:[00000030h]	1_2_02B695A4
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B695A2 mov eax, dword ptr fs:[00000030h]	1_2_02B695A2
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B64F22 mov eax, dword ptr fs:[00000030h]	1_2_02B64F22
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe	Code function: 1_2_02B6EF17 mov eax, dword ptr fs:[00000030h]	1_2_02B6EF17

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: FACTURA Y ALBARANES (2).exe, 00000001.00000002.733408157.0000000000C60000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: FACTURA Y ALBARANES (2).exe, 00000001.00000002.733408157.0000000000C60000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: FACTURA Y ALBARANES (2).exe, 00000001.00000002.733408157.0000000000C60000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: FACTURA Y ALBARANES (2).exe, 00000001.00000002.733408157.0000000000C60000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe

Code function: 1_2_02B68869 cpuid

1_2_02B68869

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Virtualization/Sandbox Evasion11	OS Credential Dumping	Security Software Discovery41	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Virtualization/Sandbox Evasion11	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information1	Security Account Manager	Process Discovery1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Information Discovery311	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
FACTURA Y ALBARANES (2).exe	28%	Virustotal		Browse
FACTURA Y ALBARANES (2).exe	19%	ReversingLabs	Win32.Trojan.Mucc

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:	32.0.0 Black Diamond
Analysis ID:	430638
Start date:	07.06.2021
Start time:	17:55:34
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 7m 38s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	FACTURA Y ALBARANES (2).exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	29
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal92.rans.troj.evad.winEXE@1/0@0/0
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 3.9% (good quality ratio 0.4%) Quality average: 4% Quality standard deviation: 6.3%
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe Override analysis time to 240s for sample files taking high CPU consumption
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	4.640178061841888
TrID:	Win32 Executable (generic) a (10002005/4) 99.15% Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	FACTURA Y ALBARANES (2).exe
File size:	143360
MD5:	0a2ce5a915bf643953baf2fcf3b25a5e
SHA1:	21a26264df4f615da898b38ef9332ff66d24b505
SHA256:	5a5428877719d24368bc14761dee49adf676fd883abd3a8c30b84c0b0c7e13f5
SHA512:	9f79397ffdef767bd1d7ae12395be4b9172b556e6626b0811a22670acc645d7367f5dadeb5b1b4007e4c0f1829494cea55e2d3a28cddc16aa43f43bbab820574
SSDEEP:	3072:CBWkR/6N08mSDea0rRzkaNTBW1NieJHz:CBWkR/E3Tia0RzkaNTBW1NieJ
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#...B...B...B..L^...B...`...B...d...B..Rich.B..........PE..L......`.....................0....................@................

File Icon


Icon Hash:	20047c7c70f0e004

Static PE Info

General
Entrypoint:	0x4014b8
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL Characteristics:
Time Stamp:	0x60BE0213 [Mon Jun 7 11:25:07 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	b1d5215cf0ff1abab4dacdc311d642d4

Entrypoint Preview

Instruction
push 0040174Ch
call 00007F8954A9F945h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
inc eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx+ecx], dl
mov eax, A877D7F6h
inc edx
mov ebp, 67C8D32Ch
jo 00007F8954A9F9B4h
rol dword ptr [eax], 1
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ebp+6Fh], ch
outsd
outsb
bound esp, dword ptr [ebp+61h]
insd
jnc 00007F8954A9F952h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
dec esp
xor dword ptr [eax], eax
or bh, dl
shl byte ptr [esp+ecx*4-10h], 1
push edi
mov ecx, BB1A9748h
mov ecx, AD154E6Ch
mul bh
jnc 00007F8954A9F8E8h
fimul dword ptr [eax-1365B9C2h]
mov ch, A5h
aad 8Ch
adc dword ptr [ebx+33AD4F3Ah], ebp
cdq
iretw
adc dword ptr [edi+00AA000Ch], esi
pushad
rcl dword ptr [ebx+00000000h], cl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
mov eax, dword ptr [ecx]
add byte ptr [eax], al
dec esi
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
jnc 00007F8954A9F9BBh
insb
outsb
imul ebp, dword ptr [esi+67h], 656E7265h
jnc 00007F8954A9F952h
or eax, 00000801h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x20194	0x28	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x23000	0xa04	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x228	0x20
IMAGE_DIRECTORY_ENTRY_IAT	0x1000	0x154	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x1f70c	0x20000	False	0.333885192871	data	4.89089028239	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.data	0x21000	0x1234	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x23000	0xa04	0x1000	False	0.181396484375	data	2.20390073464	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0x238d4	0x130	data
RT_ICON	0x235ec	0x2e8	data
RT_ICON	0x234c4	0x128	GLS_BINARY_LSB_FIRST
RT_GROUP_ICON	0x23494	0x30	data
RT_VERSION	0x23150	0x344	data	Sesotho (Sutu)	South Africa

Imports

DLL

Import

MSVBVM60.DLL

_CIcos, _adj_fptan, __vbaVarMove, __vbaHresultCheck, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, __vbaEnd, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaRecAnsiToUni, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaVarTstLt, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaStrCmp, __vbaR4Str, DllFunctionCall, _adj_fpatan, __vbaLateIdCallLd, __vbaRecUniToAnsi, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaFileOpen, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaI4Str, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaVarAdd, __vbaLateMemCall, __vbaVarDup, __vbaStrToAnsi, __vbaFpI4, _CIatan, __vbaStrMove, __vbaCastObj, _allmul, __vbaLateIdSt, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj

Version Infos

Description	Data
Translation	0x0430 0x04b0
LegalCopyright	Yonyou Network
InternalName	abjections
FileVersion	1.00
CompanyName	Yonyou Network
LegalTrademarks	Yonyou Network
Comments	Yonyou Network
ProductName	Yonyou Network
ProductVersion	1.00
FileDescription	Yonyou Network
OriginalFilename	abjections.exe

Possible Origin

Language of compilation system	Country where language is spoken	Map
Sesotho (Sutu)	South Africa

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

System Behavior

Analysis Process: FACTURA Y ALBARANES (2).exe PID: 6124 Parent PID: 5720

General

Start time:	17:56:23
Start date:	07/06/2021
Path:	C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe'
Imagebase:	0x400000
File size:	143360 bytes
MD5 hash:	0A2CE5A915BF643953BAF2FCF3B25A5E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Visual Basic
Reputation:	low

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: FACTURA Y ALBARANES (2).exe PID: 6124 Parent PID: 5720 FACTURA Y ALBARANES (2).exeCOMMON

Execution Graph

Execution Coverage:	1.4%
Dynamic/Decrypted Code Coverage:	21.4%
Signature Coverage:	7%
Total number of Nodes:	271
Total number of Limit Nodes:	67

Executed Functions

Function 02B6A44E, Relevance: 1.8, APIs: 1, Instructions: 301
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4db29861e42517c092aea39b55eb8d0e9cf1eb73c732df90308cc3a6252da2a7
Instruction ID: 1326e6d8cd995856d6c5276c1531e416fbce0834af2702e3f68cee6afdb6c35a
Opcode Fuzzy Hash: 4db29861e42517c092aea39b55eb8d0e9cf1eb73c732df90308cc3a6252da2a7
Instruction Fuzzy Hash: 43917B7A6042499FDF204E748C9D3FA3BB2DF16B10F5506A9DC87AB201D3399946CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02B6A434, Relevance: 1.8, APIs: 1, Instructions: 284
memorynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAllocateVirtualMemory.NTDLL(0942C62A,0000014C,0000014C), ref: 02B6A836

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: 830e42a9698897f45abbde8ba59cf29d050a97917dab52bf94e2464cc8f64a2d
Instruction ID: e624220e26a1c7d56d166a3f3d331c6b5e9d1dc81dbaebeb365c63a16eb72c8f
Opcode Fuzzy Hash: 830e42a9698897f45abbde8ba59cf29d050a97917dab52bf94e2464cc8f64a2d
Instruction Fuzzy Hash: E291CE7A2043499FDF208E74CC9D7FA3BA2DF16744F5102ADDC86AB212D33A9845CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02B6A440, Relevance: 1.8, APIs: 1, Instructions: 254
memorynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAllocateVirtualMemory.NTDLL(0942C62A,0000014C,0000014C), ref: 02B6A836

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: c25618921f430b92a7017390e2fbd63de483bf8ca370b72517b25478a5c1cb20
Instruction ID: a34117823ddc85c15c9ecd254c17cedaa22288b2cf1db114a6329dade3b8c335
Opcode Fuzzy Hash: c25618921f430b92a7017390e2fbd63de483bf8ca370b72517b25478a5c1cb20
Instruction Fuzzy Hash: 8081687A6043498FDF214E748CAD7FA3BA2EF16700F5506ADDC86AF241D33A9945CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02B6A52C, Relevance: 1.7, APIs: 1, Instructions: 242
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d562a70d7e8b375c0c90b848df56d299bbe3b20e9326becd2bad35100824b81
Instruction ID: bb92b5c2bc6a822f90fb49d54ca048d67dd4522bf4c6878313fbb5c6e39469fc
Opcode Fuzzy Hash: 7d562a70d7e8b375c0c90b848df56d299bbe3b20e9326becd2bad35100824b81
Instruction Fuzzy Hash: BA71597A6042498FDF218E748C6C7FA3B72EF16B00F6106A9DC876F201D7399946CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02B6A496, Relevance: 1.7, APIs: 1, Instructions: 240
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a21bc889c7cf84f79224d2742447b48dcfe836cbca05654b19d5543d2d9bf418
Instruction ID: 4ee41271538632ba9bf2496f22f425d58e1659ddf15ebcde2b4c1415a3b8ce30
Opcode Fuzzy Hash: a21bc889c7cf84f79224d2742447b48dcfe836cbca05654b19d5543d2d9bf418
Instruction Fuzzy Hash: 01718A7A604249CFDF204E74CC9D3FA3BA2EF56750F5606A9DC86AF201D73A8945CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02B6A5C9, Relevance: 1.7, APIs: 1, Instructions: 220
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac1e49f3fa6c5b6018e213c5bc0c5d6615f3744c1018b663692f07a02591ace2
Instruction ID: 9eb8ef9a17f1941178acfbd52ec105d78420eba69d9fb0bdad48f0e180709951
Opcode Fuzzy Hash: ac1e49f3fa6c5b6018e213c5bc0c5d6615f3744c1018b663692f07a02591ace2
Instruction Fuzzy Hash: 5561437A6042498BDF218E748CAC7FA3B71EF16B40F6106E9DC876F201D7399846CB41

Uniqueness

Uniqueness Score: -1.00%

Function 02B6A653, Relevance: 1.7, APIs: 1, Instructions: 202
memorynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAllocateVirtualMemory.NTDLL(0942C62A,0000014C,0000014C), ref: 02B6A836

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: f484f0728982e59dd22280d0cbaa0f65c8b60d538fd3e554866edee6cb88d46a
Instruction ID: c3d57f1ce8c356dc4faf8b6d0a07860dd675845bb37af7092ad23857cc4fe2be
Opcode Fuzzy Hash: f484f0728982e59dd22280d0cbaa0f65c8b60d538fd3e554866edee6cb88d46a
Instruction Fuzzy Hash: D551327A604259CBDF218E709CAC7FA3B61EF16B50F6502E8DC876F201C73A9806C741

Uniqueness

Uniqueness Score: -1.00%

Function 02B6A6FC, Relevance: 1.7, APIs: 1, Instructions: 179
memorynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAllocateVirtualMemory.NTDLL(0942C62A,0000014C,0000014C), ref: 02B6A836

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: ba2315d691344e65a472be6b3f09691184c122343d592b3b3845b9f2e541b59d
Instruction ID: 36513767bf3368b1da4a7c80a843e268215a164ae37e6186b484039bcb1eaef0
Opcode Fuzzy Hash: ba2315d691344e65a472be6b3f09691184c122343d592b3b3845b9f2e541b59d
Instruction Fuzzy Hash: 9451317A20024A9BDB219E708CAC7FA3B71EF16E54F6506E8DC976F201C73A9806D751

Uniqueness

Uniqueness Score: -1.00%

Function 02B6A75E, Relevance: 1.7, APIs: 1, Instructions: 166
memorynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAllocateVirtualMemory.NTDLL(0942C62A,0000014C,0000014C), ref: 02B6A836

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: abc7c1f3466be7c5ff09abc3857c5b2e8d8c387769219660d7121231f24818d6
Instruction ID: b5b49e1f1279865d062a64baf9dc5675655c2aa91359e9e1d99f4ffc92d7ebf5
Opcode Fuzzy Hash: abc7c1f3466be7c5ff09abc3857c5b2e8d8c387769219660d7121231f24818d6
Instruction Fuzzy Hash: 3151257A50828ACFCF229E748CA87F93BA1EF17654F1901E9DC966F252C3399805CB41

Uniqueness

Uniqueness Score: -1.00%

Function 02B6A7C7, Relevance: 1.7, APIs: 1, Instructions: 155
memorynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAllocateVirtualMemory.NTDLL(0942C62A,0000014C,0000014C), ref: 02B6A836

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: e9bb4bd93aedcd69d38a3a062ab9e0d7a9cc9fbfb8c6fd8d04b2cafbc1966e75
Instruction ID: d48e56c7e153c47012fd452c28de2650ee805d76a7d804608714e5f04426bb44
Opcode Fuzzy Hash: e9bb4bd93aedcd69d38a3a062ab9e0d7a9cc9fbfb8c6fd8d04b2cafbc1966e75
Instruction Fuzzy Hash: 2141323E20420A8BDA215E708CAD7FA3B71EF2BE54F6517E8DD932F111C73A5806D651

Uniqueness

Uniqueness Score: -1.00%

Function 0041BFB0, Relevance: 330.7, APIs: 175, Strings: 13, Instructions: 1669COMMON

Download Yara Rule

APIs

__vbaVarDup.MSVBVM60 ref: 0041C0EC
#563.MSVBVM60(?), ref: 0041C0F9
__vbaFreeVar.MSVBVM60 ref: 0041C112
#531.MSVBVM60(Sammenskruendes), ref: 0041C122
#606.MSVBVM60(00000001,?), ref: 0041C145
__vbaStrMove.MSVBVM60 ref: 0041C153
__vbaStrCmp.MSVBVM60(00402BA0,00000000), ref: 0041C15F
__vbaFreeStr.MSVBVM60 ref: 0041C175
__vbaFreeVar.MSVBVM60 ref: 0041C181
__vbaNew2.MSVBVM60(00402BC4,004213C0), ref: 0041C19F
__vbaObjSetAddref.MSVBVM60(?,00401168), ref: 0041C1B5
__vbaHresultCheckObj.MSVBVM60(00000000,02A4EDD4,00402BB4,00000010), ref: 0041C1D5
__vbaFreeObj.MSVBVM60 ref: 0041C1DD
__vbaFreeObj.MSVBVM60 ref: 0041C1F1
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041C212
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041C22E
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402BD4,00000158), ref: 0041C258
__vbaFreeObj.MSVBVM60 ref: 0041C2C3
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041C2DC
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041C2F8
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402BD4,000001E0), ref: 0041C322
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041C337
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041C353
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402BD4,000001A0), ref: 0041C37D
__vbaStrCopy.MSVBVM60 ref: 0041C38A
__vbaHresultCheckObj.MSVBVM60(00000000,00401168,00402614,000006F8), ref: 0041C3D9
__vbaFreeStr.MSVBVM60 ref: 0041C3E1
__vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0041C3F7
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041C413
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041C42F
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402BF8,00000130), ref: 0041C459
__vbaLateIdCallLd.MSVBVM60(00000002,?,00000000,00000000), ref: 0041C46D
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041C489
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041C4A5
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402BD4,000001D8), ref: 0041C4CF
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041C4E4
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041C500
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402C1C,00000048), ref: 0041C524
__vbaStrCopy.MSVBVM60 ref: 0041C531
__vbaStrVarMove.MSVBVM60(00000002), ref: 0041C53E
__vbaStrMove.MSVBVM60 ref: 0041C54C
__vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 0041C5A4
__vbaFreeObjList.MSVBVM60(00000004,?,?,?,?), ref: 0041C5C8
__vbaFreeVar.MSVBVM60 ref: 0041C5D7
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041C5F0
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041C60C
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402C2C,00000150), ref: 0041C636
__vbaHresultCheckObj.MSVBVM60(00000000,00401168,00402614,000006FC), ref: 0041C675
__vbaFreeObj.MSVBVM60 ref: 0041C67D
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041C696
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041C6B2
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402BF8,00000050), ref: 0041C6D6
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041C6EB
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041C707
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402C2C,000000E8), ref: 0041C731
__vbaStrMove.MSVBVM60 ref: 0041C753
__vbaFreeStr.MSVBVM60 ref: 0041C78E
__vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0041C7A4
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041C7D0
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041C7EC
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402C1C,000001E0), ref: 0041C816
__vbaStrMove.MSVBVM60 ref: 0041C842
__vbaStrCopy.MSVBVM60 ref: 0041C853
__vbaHresultCheckObj.MSVBVM60(00000000,00401168,00402614,00000700), ref: 0041C893
__vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0041C8A5
__vbaFreeObj.MSVBVM60 ref: 0041C8B4
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041C8CD
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041C8E9
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402BF8,00000190), ref: 0041C913
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041C928
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041C944
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402C1C,00000070), ref: 0041C968
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041C97D
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041C999
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402C1C,000001C8), ref: 0041C9C3
__vbaStrCopy.MSVBVM60 ref: 0041C9D0
__vbaHresultCheckObj.MSVBVM60(00000000,00401168,00402614,00000704), ref: 0041CA23
__vbaFreeStr.MSVBVM60 ref: 0041CA2B
__vbaFreeObjList.MSVBVM60(00000003,?,?,?), ref: 0041CA48
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041CA64
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041CA80
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402C1C,000001F0), ref: 0041CAAA
__vbaFreeObj.MSVBVM60 ref: 0041CAE4
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041CAFD
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041CB19
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402BD4,00000128), ref: 0041CB43
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041CB58
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041CB74
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402C2C,00000088), ref: 0041CB9E
__vbaHresultCheckObj.MSVBVM60(00000000,00401168,00402614,00000708), ref: 0041CBE2
__vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0041CBF4
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041CC10
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041CC2C
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402BD4,000000E0), ref: 0041CC56
__vbaHresultCheckObj.MSVBVM60(00000000,00401168,00402614,0000070C), ref: 0041CC93
__vbaFreeObj.MSVBVM60 ref: 0041CC9B
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041CCB4
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041CCD0
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402C2C,00000148), ref: 0041CCFA
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041CD0F
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041CD2B
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402C2C,00000048), ref: 0041CD4F
__vbaStrMove.MSVBVM60 ref: 0041CD7B
__vbaFreeStrList.MSVBVM60(00000002,00000000,?), ref: 0041CDBB
__vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0041CDD1
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041CDED
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041CE09
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402C1C,00000058), ref: 0041CE2D
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041CE42
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041CE5E
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402C2C,00000148), ref: 0041CE88
__vbaStrMove.MSVBVM60 ref: 0041CEA0
__vbaHresultCheckObj.MSVBVM60(00000000,00401168,00402614,00000710), ref: 0041CED9
__vbaFreeStr.MSVBVM60 ref: 0041CEE1
__vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0041CEF7
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041CF13
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041CF2F
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402C1C,00000178), ref: 0041CF59
__vbaFreeObj.MSVBVM60 ref: 0041CF93
__vbaStrCopy.MSVBVM60 ref: 0041CFA4
__vbaFreeStr.MSVBVM60 ref: 0041CFD6
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041CFEF
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041D00B
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402C1C,000001E0), ref: 0041D035
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041D04A
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041D066
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402BD4,00000218), ref: 0041D090
__vbaStrMove.MSVBVM60 ref: 0041D0BC
__vbaHresultCheckObj.MSVBVM60(00000000,00401168,00402614,00000714), ref: 0041D10B
__vbaFreeStrList.MSVBVM60(00000002,00000000,?), ref: 0041D11D
__vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0041D133
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041D14F
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041D16B
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402BF8,00000120), ref: 0041D195
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041D1AA
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041D1C6
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402BD4,00000110), ref: 0041D1F0
__vbaStrCopy.MSVBVM60 ref: 0041D209
__vbaLateIdCallLd.MSVBVM60(00000002,?,00000000,00000000), ref: 0041D223
__vbaI4Var.MSVBVM60(00000000), ref: 0041D22D
__vbaHresultCheckObj.MSVBVM60(00000000,00401168,00402614,00000718), ref: 0041D263
__vbaFreeStr.MSVBVM60 ref: 0041D26B
__vbaFreeObjList.MSVBVM60(00000003,?,?,?), ref: 0041D288
__vbaFreeVar.MSVBVM60 ref: 0041D297
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041D2B0
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041D2CC
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402BD4,000000D8), ref: 0041D2F6
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041D30B
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041D327
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402C1C,00000170), ref: 0041D351
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041D366
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041D382
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402C1C,00000170), ref: 0041D3AC
__vbaStrCopy.MSVBVM60 ref: 0041D3D1
__vbaFreeStr.MSVBVM60 ref: 0041D411
__vbaFreeObjList.MSVBVM60(00000003,?,?,?), ref: 0041D42E
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041D44A
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041D466
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402C1C,00000130), ref: 0041D490
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041D4A5
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041D4C1
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402BD4,00000130), ref: 0041D4EB
__vbaHresultCheckObj.MSVBVM60(00000000,00401168,00402614,0000071C), ref: 0041D556
__vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0041D568
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041D584
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041D5A0
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402C1C,000001C0), ref: 0041D5CA
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041D5DF
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041D5FB
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402C2C,00000110), ref: 0041D625
__vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0041D661
__vbaHresultCheckObj.MSVBVM60(00000000,00401168,004025E4,000002B4), ref: 0041D685
__vbaVarAdd.MSVBVM60(00000002,00000008,?), ref: 0041D6BF
__vbaVarMove.MSVBVM60 ref: 0041D6C6
__vbaVarTstLt.MSVBVM60(00000002,?), ref: 0041D6E7

Strings

Whiney, xrefs: 0041C526
FORSRGELSES, xrefs: 0041D3C0
Frihedsheltens, xrefs: 0041D3E3
Daftardar7, xrefs: 0041CF99
BEGROANS, xrefs: 0041C877
CARCINEMIA, xrefs: 0041D1F8
}D, xrefs: 0041D0A8
, xrefs: 0041C131
Sammenskruendes, xrefs: 0041C11D
rA9S, xrefs: 0041C3D2, 0041C66E, 0041C88C, 0041CA1C, 0041CBDB, 0041CC8C, 0041CED2, 0041D104, 0041D25C, 0041D54F
Estancieros, xrefs: 0041C9C5
Logria1, xrefs: 0041C37F
skattejagters, xrefs: 0041C848

Memory Dump Source

Source File: 00000001.00000002.732106946.000000000041B000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.731931619.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.731949710.0000000000401000.00000020.00020000.sdmp Download File
Associated: 00000001.00000002.732154968.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.732171971.0000000000423000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID: __vba$CheckHresult$Free$New2$List$Move$Copy$CallLate$#531#563#606Addref
String ID: $BEGROANS$CARCINEMIA$Daftardar7$Estancieros$FORSRGELSES$Frihedsheltens$Logria1$Sammenskruendes$Whiney$rA9S$skattejagters$}D
API String ID: 450096576-830647692
Opcode ID: 689ffeecd3421ab935b3ec74c214559e1e8f2ddd81ed03173febcecdb8ecbb45
Instruction ID: bfc14d7794d28373379f34b5458f725c4825010bb9600be4966b89223d5b3af6
Opcode Fuzzy Hash: 689ffeecd3421ab935b3ec74c214559e1e8f2ddd81ed03173febcecdb8ecbb45
Instruction Fuzzy Hash: B0E27FB0600219AFDB25DF50CD88FDA77BCBF58704F0085AAF549F71A0DA745A858F68

Uniqueness

Uniqueness Score: -1.00%

Function 004014B8, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 292
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

#100.MSVBVM60(VB5!6&*), ref: 004014BD

Strings

VB5!6&*, xrefs: 004014B8

Memory Dump Source

Source File: 00000001.00000002.731949710.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.731931619.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.732106946.000000000041B000.00000020.00020000.sdmp Download File
Associated: 00000001.00000002.732154968.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.732171971.0000000000423000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID: #100
String ID: VB5!6&*
API String ID: 1341478452-3593831657
Opcode ID: e51ff022794fbb21be7ebfafff5774ad5c1216ed86007ff79d6925d712a6e1cc
Instruction ID: cb5ef688d5c21c52c4e7dfd95e69f7aca3f4692edc987fc66bf8a31ef4d5ce7e
Opcode Fuzzy Hash: e51ff022794fbb21be7ebfafff5774ad5c1216ed86007ff79d6925d712a6e1cc
Instruction Fuzzy Hash: 99A1ED6284E3D18FC7138B709DA91917FB0AE2322471E09DBC4C2DF1B3E26D595AD726

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 02B67AEA, Relevance: 3.0, Strings: 2, Instructions: 543COMMON

Download Yara Rule

Strings

1, xrefs: 02B67B37
N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: 1$N"bj
API String ID: 0-4027302028
Opcode ID: 6f1c3d63a9b941f5b8c682faeba214bbf0852c68cdf06627041c4889de563454
Instruction ID: fc3c5e468564a9780ab172837a7157e0e6f88c2304ab90bba397be2c15656796
Opcode Fuzzy Hash: 6f1c3d63a9b941f5b8c682faeba214bbf0852c68cdf06627041c4889de563454
Instruction Fuzzy Hash: 990286752043069FEB304E34CD993EA77B3EF12740F65426DDC8A9B284D779898ACB02

Uniqueness

Uniqueness Score: -1.00%

Function 02B6439E, Relevance: 2.7, Strings: 2, Instructions: 175COMMON

Download Yara Rule

Strings

Vx#, xrefs: 02B64597
Vx#, xrefs: 02B6459C

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: Vx#$Vx#
API String ID: 0-1775738196
Opcode ID: 524acd4cfe831f3795cd63e386a1f980993e0fdbd63390b44c05f755e7ba8c4e
Instruction ID: 5f310eefbd1efb0706687b8cfe4aa3fbb07586add6e70cec7585fbee7bc5d47e
Opcode Fuzzy Hash: 524acd4cfe831f3795cd63e386a1f980993e0fdbd63390b44c05f755e7ba8c4e
Instruction Fuzzy Hash: 35513A7160034B9FDF34AE688DA87EB37A7EF9A350F90816DEC89C7254D7358884CA05

Uniqueness

Uniqueness Score: -1.00%

Function 02B6EF17, Relevance: 2.6, Strings: 2, Instructions: 64COMMON

Download Yara Rule

Strings

lqF, xrefs: 02B6EF83
lqF, xrefs: 02B6EF88

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: lqF$lqF
API String ID: 0-1288853309
Opcode ID: 499d5765455b5b56ae7462125acba88cea16a76987eda6d48519e4c5e62782f1
Instruction ID: 15c2a3c1e76cd400ff59288f2922dce4e08468ee0db5c23cee10dd0199196313
Opcode Fuzzy Hash: 499d5765455b5b56ae7462125acba88cea16a76987eda6d48519e4c5e62782f1
Instruction Fuzzy Hash: 7611C1353042058FEB14DE29C5D8BBA37A2EF69390F4081ADE94ACB714D33ADC81C611

Uniqueness

Uniqueness Score: -1.00%

Function 02B716CD, Relevance: 2.4, Strings: 1, Instructions: 1185COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: b979d18a9bbdca9dc89411603c0176f31b177e87dcb7e910e53d86968041df07
Instruction ID: 09412af5418cfdf9a1f4a484bc6abb2a8a6065db2b62d75dba2ec454424225a3
Opcode Fuzzy Hash: b979d18a9bbdca9dc89411603c0176f31b177e87dcb7e910e53d86968041df07
Instruction Fuzzy Hash: E49287716043069FEF349E38C9993EA77A3EF56390F95426EDC8A87254D33989C5CB02

Uniqueness

Uniqueness Score: -1.00%

Function 02B6E51C, Relevance: 2.4, Strings: 1, Instructions: 1184COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: dc60090c850ac0beaf871fd56e08f8feee7c4efe0a885bb3922b49079ac55eb3
Instruction ID: d6b0ec733741ce3b866403aa8ba8f10469c665a5618148779c8da6c935c0579c
Opcode Fuzzy Hash: dc60090c850ac0beaf871fd56e08f8feee7c4efe0a885bb3922b49079ac55eb3
Instruction Fuzzy Hash: F99275716043069FEB349E34CD987EA7BA3FF56350F95822DDC8A87294D3798985CB02

Uniqueness

Uniqueness Score: -1.00%

Function 02B6E07D, Relevance: 2.4, Strings: 1, Instructions: 1126COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: 01f481f3be89f7c60b9300c211162d6f18ce82a4831553d2b08de1e84c7c6e67
Instruction ID: b957c9480fde9224bcdadde758208afbec1aad2abebfe9dd66600a3571981226
Opcode Fuzzy Hash: 01f481f3be89f7c60b9300c211162d6f18ce82a4831553d2b08de1e84c7c6e67
Instruction Fuzzy Hash: 1B8275756043069FEB349E38CD987EA77A3FF56350F95826EDC8A87244D3398985CB02

Uniqueness

Uniqueness Score: -1.00%

Function 02B66D57, Relevance: 2.3, Strings: 1, Instructions: 1012COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: 01a14ea97a764b4ac7f3cffbcd2dcdefd9c11de16f52b2cd0c7efbe2b0b84e7c
Instruction ID: e48380218cff38589b67a678c929ce359a42e10ba50eea0106cdf72d2af1eaa2
Opcode Fuzzy Hash: 01a14ea97a764b4ac7f3cffbcd2dcdefd9c11de16f52b2cd0c7efbe2b0b84e7c
Instruction Fuzzy Hash: 977274752043069FEB348E34CD993EA7BB2FF52350F95826DDC8A87254D7798986CB02

Uniqueness

Uniqueness Score: -1.00%

Function 02B66E02, Relevance: 2.2, Strings: 1, Instructions: 993COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: 817230b469f87656367d6f4d797e1faf800e5f5717a2d71c8e2558210800c818
Instruction ID: 74f72606ffc4c5e090060333139e285618811b009f42aae81ecbed8378df748d
Opcode Fuzzy Hash: 817230b469f87656367d6f4d797e1faf800e5f5717a2d71c8e2558210800c818
Instruction Fuzzy Hash: 507275752043069FEB348E34CD993EA7BB2FF52750F95826DDC8A87244D7398986CB02

Uniqueness

Uniqueness Score: -1.00%

Function 02B66EA0, Relevance: 2.2, Strings: 1, Instructions: 967COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: 7660afadbf332dfa6184e8fdbc66761bf442414df1e6a71515c0824b5915fcdb
Instruction ID: 27913bbf88875e8aba06b2356b9f0b62903e78d489e45eb33785cfc1a09594fc
Opcode Fuzzy Hash: 7660afadbf332dfa6184e8fdbc66761bf442414df1e6a71515c0824b5915fcdb
Instruction Fuzzy Hash: 0D7286752043069FEB348E34CD993EA7BB2FF52350F95826DDC8A87244D7798986CB02

Uniqueness

Uniqueness Score: -1.00%

Function 02B66FE8, Relevance: 2.2, Strings: 1, Instructions: 918COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: 4efa295eb6bdb5183c90bd4b33be13ee9798baffea9f1192941374639cf15a76
Instruction ID: a048769759d136c8dfcb068963ac1a1fe4b1c767fc5f0f1e95ba99f8ad98d4d4
Opcode Fuzzy Hash: 4efa295eb6bdb5183c90bd4b33be13ee9798baffea9f1192941374639cf15a76
Instruction Fuzzy Hash: 3B6297752043069FEB344E34CD993EA7BB2FF52350F95826DDC8A87284D7798986DB02

Uniqueness

Uniqueness Score: -1.00%

Function 02B6708A, Relevance: 2.1, Strings: 1, Instructions: 894COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: c84b954604ea45e075c4492afd6cfd9076c085fdc514a01ece0502920b1b79bd
Instruction ID: b9d03b45470e1e0a5730ce1a3caa77bf8b25f7c4dfb3a4335c63735520a5d511
Opcode Fuzzy Hash: c84b954604ea45e075c4492afd6cfd9076c085fdc514a01ece0502920b1b79bd
Instruction Fuzzy Hash: EF6297756043069FEB344E34CD993EA7BB2FF52350F95826DDC8A87294D7398986CB02

Uniqueness

Uniqueness Score: -1.00%

Function 02B67139, Relevance: 2.1, Strings: 1, Instructions: 879COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: 3b4da323cc2ad1db37e5506b6ac15605f09ad8eabb0d26c82bc433f01c5a1918
Instruction ID: 9b5a0dad83d72d6f826b5976898b6656a8ab62dbcac4fbcbb2603634b777520a
Opcode Fuzzy Hash: 3b4da323cc2ad1db37e5506b6ac15605f09ad8eabb0d26c82bc433f01c5a1918
Instruction Fuzzy Hash: 0262A8752043069FEB344E34CD993EA7BB2FF52750F55826DDC8A87284D7398986CB02

Uniqueness

Uniqueness Score: -1.00%

Function 02B671DF, Relevance: 2.1, Strings: 1, Instructions: 859COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: 3949bd62b530aa99dcaf7c78dff3337a993564a35a65269fcdcc7c64d9158b66
Instruction ID: 31ed6981ce267c4202c0c977eb03c6ad9cb0780093dfdb8bdae13d9fbc62548f
Opcode Fuzzy Hash: 3949bd62b530aa99dcaf7c78dff3337a993564a35a65269fcdcc7c64d9158b66
Instruction Fuzzy Hash: 8E5296752043069FEB344E34CD993EA7BB2FF52750F95826DDC8A87284D7398986CB02

Uniqueness

Uniqueness Score: -1.00%

Function 02B67323, Relevance: 2.1, Strings: 1, Instructions: 815COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: 8f62f14c523f63046bf8ea31e2d11bf1b7e3728843d03559fc8705557479349b
Instruction ID: d25460f0186421b7d3312ce09785ccad223ccc572f899bd11c0010f8c907bb0a
Opcode Fuzzy Hash: 8f62f14c523f63046bf8ea31e2d11bf1b7e3728843d03559fc8705557479349b
Instruction Fuzzy Hash: 835286752003069FEF344E34CD993EA7BB2FF52750F658269DC8A87294D7798986CB02

Uniqueness

Uniqueness Score: -1.00%

Function 02B673CC, Relevance: 2.0, Strings: 1, Instructions: 790COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: e09783ab10a8ed95898fc2bc026481511515c7eaac07a06a79e3622e4f5deb7d
Instruction ID: b54567b7473406589169fa62e554cab0ef91f779c0e4bb10687b08ef51a871ed
Opcode Fuzzy Hash: e09783ab10a8ed95898fc2bc026481511515c7eaac07a06a79e3622e4f5deb7d
Instruction Fuzzy Hash: B74297752003069FEB344E34CD993EA7BB2FF52750F65826DDC8A87294D7798986CB02

Uniqueness

Uniqueness Score: -1.00%

Function 02B6746D, Relevance: 2.0, Strings: 1, Instructions: 767COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: a7fc45b1fd2afd8d04737660091b9d26777ffe3cd6a11674998f055bcea3e541
Instruction ID: 1da591289acecdc0e4a5c6bc00837cb59d50ac918f4adb97e95a2649538ff81b
Opcode Fuzzy Hash: a7fc45b1fd2afd8d04737660091b9d26777ffe3cd6a11674998f055bcea3e541
Instruction Fuzzy Hash: 4E4296752003069FEB344E34CD993EA7BB2FF52750F65826DDC8A87294D7798986CB02

Uniqueness

Uniqueness Score: -1.00%

Function 02B67504, Relevance: 2.0, Strings: 1, Instructions: 744COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: b9277576b9b313c2886e0cdecf563ab27bb7d4d57d7fdc859c1444fb36bfcd06
Instruction ID: cdf17bcaed9f40ae2aa7f1991f61307aaf9d411a37fc4d746867163b681275ce
Opcode Fuzzy Hash: b9277576b9b313c2886e0cdecf563ab27bb7d4d57d7fdc859c1444fb36bfcd06
Instruction Fuzzy Hash: 564285752003069FEB344E34CD993EA7BB2FF52750F65826DDC8A87294D7798986CB02

Uniqueness

Uniqueness Score: -1.00%

Function 02B675A8, Relevance: 2.0, Strings: 1, Instructions: 728COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: 9a557076e2d3e3ea84706d399adba3ac79ece5dbb00ce639dee3c6bf52c0bf60
Instruction ID: 4d8ba03a29792887ece492f13ee277faffd1df0b64cc9ade685c0ce19bdb3b5c
Opcode Fuzzy Hash: 9a557076e2d3e3ea84706d399adba3ac79ece5dbb00ce639dee3c6bf52c0bf60
Instruction Fuzzy Hash: D04285752003069FEB344E34CD993EA7BB2FF12750F65826DDC8A87294D7798986DB02

Uniqueness

Uniqueness Score: -1.00%

Function 02B67656, Relevance: 2.0, Strings: 1, Instructions: 706COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: 84cf8f7c41cdd0b0854920e912abd6eb98058da4231094d45c00ec57df9a6f31
Instruction ID: b535cf213cb361ffe82ea54b086598197d408737d3aeb5396fec5a1fb3064626
Opcode Fuzzy Hash: 84cf8f7c41cdd0b0854920e912abd6eb98058da4231094d45c00ec57df9a6f31
Instruction Fuzzy Hash: 3B3286752003069FEB344E34CD993EA7BB2FF12750F65826DDC8A97294D7798986CB02

Uniqueness

Uniqueness Score: -1.00%

Function 02B67562, Relevance: 1.9, Strings: 1, Instructions: 694COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: 4b9971181cf0b3d6f540985d6d9007554dd38858a75a19d717c5b60b16c28600
Instruction ID: f65b8059059c8a29cea608417e7031652323cd9e0f2c118eba28926e7f2df6bb
Opcode Fuzzy Hash: 4b9971181cf0b3d6f540985d6d9007554dd38858a75a19d717c5b60b16c28600
Instruction Fuzzy Hash: 2D3275712043069FEB344E34CD993EA7BB2FF52350F55826EDC8A97290D3798989CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02B676EE, Relevance: 1.9, Strings: 1, Instructions: 691COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: 053821e90506927a42d333cf459ddbca6311ce0f072d83f94ef1e4343b7df527
Instruction ID: b0a1508995fcca912bd9776564f66c40105f64ae905b8a8ec31202b029f64235
Opcode Fuzzy Hash: 053821e90506927a42d333cf459ddbca6311ce0f072d83f94ef1e4343b7df527
Instruction Fuzzy Hash: 583285752003069FEB344E74CD993EA7BB2FF12750F65826DDC8A87284D7798986CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02B67555, Relevance: 1.9, Strings: 1, Instructions: 687COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: b20acf079a7070e08e3ee3225d4f1a08ec4ed3604f5114bde86975c7b64d9a2e
Instruction ID: 77f4d4ecfea718d059bcf43c387cf491b3a12e74673b80ee8600cce59bc7a48a
Opcode Fuzzy Hash: b20acf079a7070e08e3ee3225d4f1a08ec4ed3604f5114bde86975c7b64d9a2e
Instruction Fuzzy Hash: AF3263712043069FEB348E38C9993EA77B2FF52350F54826ADC8A97294D37989C5CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02B64F22, Relevance: 1.9, Strings: 1, Instructions: 661COMMON

Download Yara Rule

Strings

*2q, xrefs: 02B6590D

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: *2q
API String ID: 0-4200797449
Opcode ID: 301c92fe53302db15b1e860e205d54e54a390da99edc2bb365321b02850250c8
Instruction ID: e661debdb9772963c39efab1a9198bfd4fdf51c47db4a6f225e2b29d7f85b6ed
Opcode Fuzzy Hash: 301c92fe53302db15b1e860e205d54e54a390da99edc2bb365321b02850250c8
Instruction Fuzzy Hash: 5A32E171B04746DFDB34CE28CCA8BEA73A6BF49350F85426DDC9987240D738A995CB80

Uniqueness

Uniqueness Score: -1.00%

Function 02B67796, Relevance: 1.9, Strings: 1, Instructions: 659COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: 06ace785a528eaec16b024a461e9c3f50c22bc487248271021471e5df7197c2d
Instruction ID: bb31e5564237b9110959112438eb428bf52a56f2b257e6916a1cfa74a19e8b97
Opcode Fuzzy Hash: 06ace785a528eaec16b024a461e9c3f50c22bc487248271021471e5df7197c2d
Instruction Fuzzy Hash: 292284752003069FEF344E34CD993EA77B2EF52750F65426DDC8A8B284D779898ACB42

Uniqueness

Uniqueness Score: -1.00%

Function 02B67840, Relevance: 1.9, Strings: 1, Instructions: 637COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: 30c77d6c27d9232b2e1821efa68e3aeaad292be04ed68c809abf489cb2fdd92f
Instruction ID: ba9efb392547eee2e0f7a03b8a5bc1db26c7794007f03bc63f04ba5085bec289
Opcode Fuzzy Hash: 30c77d6c27d9232b2e1821efa68e3aeaad292be04ed68c809abf489cb2fdd92f
Instruction Fuzzy Hash: F12284752003069FEF344E34CD993EA37B2EF52750F65426DDC8A9B284D779898ADB02

Uniqueness

Uniqueness Score: -1.00%

Function 02B678E5, Relevance: 1.9, Strings: 1, Instructions: 616COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: 137e01f61cb8dc5a6114cc280ebe7b785ed9890f788aad83ba121b1260cb4fd7
Instruction ID: 7b44830652c1aabcf674c64b6149a11aeb6a2c168865a830fee50eb66070b967
Opcode Fuzzy Hash: 137e01f61cb8dc5a6114cc280ebe7b785ed9890f788aad83ba121b1260cb4fd7
Instruction Fuzzy Hash: 1B2296752003069FEF344E34CD997EA37B3EF42750F65426DDC8A9B284D779898A9B02

Uniqueness

Uniqueness Score: -1.00%

Function 02B6798C, Relevance: 1.8, Strings: 1, Instructions: 592COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: c060dc5d00405d4b6bf54b8571e30fb04da38e57969f77baa960c51082fc0921
Instruction ID: 450b5bc60bd200c859b2ba0188f254cbbb7fe8bfe39f0965541096abe2fd1438
Opcode Fuzzy Hash: c060dc5d00405d4b6bf54b8571e30fb04da38e57969f77baa960c51082fc0921
Instruction Fuzzy Hash: BE1296752003069FEF304E34CD997EA37B3EF52750F65426DDC8A9B284D379898A9B02

Uniqueness

Uniqueness Score: -1.00%

Function 02B67A31, Relevance: 1.8, Strings: 1, Instructions: 569COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: 7483be6968bb6b1e1403a25df1eff46c151df5200dc51c320c5be7e3f193cba2
Instruction ID: bd09a01c4604432e3921a1ad86d812b38467d6a38d6062a661887adf9ad6966c
Opcode Fuzzy Hash: 7483be6968bb6b1e1403a25df1eff46c151df5200dc51c320c5be7e3f193cba2
Instruction Fuzzy Hash: 8E1298752003069FEB304E34CD993EA77B3EF12740F65426DDCCA9B244D779898A9B02

Uniqueness

Uniqueness Score: -1.00%

Function 02B67B9B, Relevance: 1.8, Strings: 1, Instructions: 513COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: 72ed5e426153d63ea6ed50334d0730742a1cfa9fb4d88aeebcb078805b44d855
Instruction ID: 26c40bf38d11bacb0cde465af70787aeb94fa32da9a2ee81e5eeca900bc42b5f
Opcode Fuzzy Hash: 72ed5e426153d63ea6ed50334d0730742a1cfa9fb4d88aeebcb078805b44d855
Instruction Fuzzy Hash: 8C0287752003069FEB304E74CD997EA77B3EF12750F654269DCCA9B284D779898ACB02

Uniqueness

Uniqueness Score: -1.00%

Function 02B64F27, Relevance: 1.8, Strings: 1, Instructions: 504COMMON

Download Yara Rule

Strings

*2q, xrefs: 02B6590D

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: *2q
API String ID: 0-4200797449
Opcode ID: d7b8aed365816a03bf36898a7dd6c98717b1bb383b9cfc8b31fc511dd762fe8b
Instruction ID: ce9dc6e764425740565066c49910ac9cac8d64c40b1fa937d14bba9f3d061a41
Opcode Fuzzy Hash: d7b8aed365816a03bf36898a7dd6c98717b1bb383b9cfc8b31fc511dd762fe8b
Instruction Fuzzy Hash: C302123570470A9FDB34CE28CCA8BEA77A2FF45750F95426DDC9987240D738A956CB80

Uniqueness

Uniqueness Score: -1.00%

Function 02B67C32, Relevance: 1.7, Strings: 1, Instructions: 497COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: 9840ab98c9291cce3c6ee62c7eed8025e6502e50ece47b347a32ee08fc0c55aa
Instruction ID: 9a09307c730e8d18c3d99f8bb92eff05bd7a98a6b1a1af0f08c0af9f8d948160
Opcode Fuzzy Hash: 9840ab98c9291cce3c6ee62c7eed8025e6502e50ece47b347a32ee08fc0c55aa
Instruction Fuzzy Hash: B9F1867520030A9FEB304E74CD997EA77B3EF12740F654269DCCA9B244D77A8989CB02

Uniqueness

Uniqueness Score: -1.00%

Function 02B64F97, Relevance: 1.7, Strings: 1, Instructions: 489COMMON

Download Yara Rule

Strings

*2q, xrefs: 02B6590D

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: *2q
API String ID: 0-4200797449
Opcode ID: 8434c411b30cde51888ed1e56201128b0f59e05ba50ce07806cf7ee154d2cfca
Instruction ID: b43cc36055f571b6ebdc7dc0524e0be95c3ade36b12157fbcd55f3db5954161c
Opcode Fuzzy Hash: 8434c411b30cde51888ed1e56201128b0f59e05ba50ce07806cf7ee154d2cfca
Instruction Fuzzy Hash: 4302113570470A9FDB38CE28CCA8BEA77A2FF45750F95826DDC9987240D734A956CB80

Uniqueness

Uniqueness Score: -1.00%

Function 02B67D92, Relevance: 1.7, Strings: 1, Instructions: 471COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: 25d9e99b463129fb91d81259db3536adb7318c9fec56c422c0bc8421fb048dec
Instruction ID: 3099136c88c6ae41dd7d1658008922292ad0c39bce7f2757a590aa2842a927ab
Opcode Fuzzy Hash: 25d9e99b463129fb91d81259db3536adb7318c9fec56c422c0bc8421fb048dec
Instruction Fuzzy Hash: 7EE17A792003069FEB304E74CD997EA7773FF12B40F6142A9DCC69B154D77A898A9B02

Uniqueness

Uniqueness Score: -1.00%

Function 02B67CDB, Relevance: 1.7, Strings: 1, Instructions: 468COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: 2351dd6454ff3c08dfa6ced58687df109e37cbc10a1d286eee3375574919dd56
Instruction ID: 301b219e2c0f0971562b814f969e52a183c6f3637aad9e773105961c29db3012
Opcode Fuzzy Hash: 2351dd6454ff3c08dfa6ced58687df109e37cbc10a1d286eee3375574919dd56
Instruction Fuzzy Hash: CEF1667520030A9FEB304E74CD997EA77B3EF12740F654269DC8A9B254D77A89C9CB02

Uniqueness

Uniqueness Score: -1.00%

Function 02B65046, Relevance: 1.7, Strings: 1, Instructions: 465COMMON

Download Yara Rule

Strings

*2q, xrefs: 02B6590D

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: *2q
API String ID: 0-4200797449
Opcode ID: 13d3351b08c796cfe7391189c85f3f9a90e4b96b9a330ad6d2c0ec24500eda4a
Instruction ID: ae41c073da4f2f4360736c671cea5651f9447386698cdbbb0157bd4444a95f89
Opcode Fuzzy Hash: 13d3351b08c796cfe7391189c85f3f9a90e4b96b9a330ad6d2c0ec24500eda4a
Instruction Fuzzy Hash: A4F1113570470ADBDB38CE28CDA8BEA77A2FF45750F95426DCC9987240D738A856CB80

Uniqueness

Uniqueness Score: -1.00%

Function 02B650D5, Relevance: 1.7, Strings: 1, Instructions: 454COMMON

Download Yara Rule

Strings

*2q, xrefs: 02B6590D

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: *2q
API String ID: 0-4200797449
Opcode ID: 1ece347a8c486fd23e1ce0cc159dd6b871f028ddbdab4c0f3f7c0770227cffc5
Instruction ID: f779a093caa3ff19bef891a2ea98c702288f3fb827e1afbe15e171914d14ea54
Opcode Fuzzy Hash: 1ece347a8c486fd23e1ce0cc159dd6b871f028ddbdab4c0f3f7c0770227cffc5
Instruction Fuzzy Hash: ECF1F1357047069BDB348E38C8A8BEA77A2FF45750F95426DCC9987240DB34A956CB80

Uniqueness

Uniqueness Score: -1.00%

Function 02B64FF0, Relevance: 1.7, Strings: 1, Instructions: 438COMMON

Download Yara Rule

Strings

*2q, xrefs: 02B6590D

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: *2q
API String ID: 0-4200797449
Opcode ID: 21d155a1786f660be99f6d7178d0f9cc8dc9f7d099bb9fef6fe7ceeaa107c488
Instruction ID: e4a45bed8d7ee852a5b6a8651f7b890f50ecdc3a2f04fd3495434c2d0ce15d26
Opcode Fuzzy Hash: 21d155a1786f660be99f6d7178d0f9cc8dc9f7d099bb9fef6fe7ceeaa107c488
Instruction Fuzzy Hash: 83F1D27170474ADFDB28CF28CDA8BEA73A2BF45350F88822DDC9987640D734A955CB81

Uniqueness

Uniqueness Score: -1.00%

Function 02B6516A, Relevance: 1.7, Strings: 1, Instructions: 429COMMON

Download Yara Rule

Strings

*2q, xrefs: 02B6590D

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: *2q
API String ID: 0-4200797449
Opcode ID: 2fc25037ed3283159e8e7e0af3706124ae00231d803654ed1bf4ea12c8e88585
Instruction ID: cbb41db237ca359b499aa2cb51e6cb70497e36fc9bf9a8dfdbc2d964fdd8f170
Opcode Fuzzy Hash: 2fc25037ed3283159e8e7e0af3706124ae00231d803654ed1bf4ea12c8e88585
Instruction Fuzzy Hash: 7CE10235704706DBDB34CE38CCA8BEA77A2FF55750F98826DCC9987240D734A9568B80

Uniqueness

Uniqueness Score: -1.00%

Function 02B67F6A, Relevance: 1.7, Strings: 1, Instructions: 421COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: 278e5fd9c05741ab8534a5ffa8fa9deb80005068ad3a74dc0e1ba36e7e04dd0d
Instruction ID: ff51fb9252b0625a2f7010e506ab83f74834d255998c340d7a57b849f102552c
Opcode Fuzzy Hash: 278e5fd9c05741ab8534a5ffa8fa9deb80005068ad3a74dc0e1ba36e7e04dd0d
Instruction Fuzzy Hash: 35D1AC7920030A9FDB314E74CD597EA3B73FF12B40F6142A9DC8A8B154C77A898AD702

Uniqueness

Uniqueness Score: -1.00%

Function 02B67E1C, Relevance: 1.7, Strings: 1, Instructions: 418COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: 75d99447da2e59e8ae5859db1ecaa7bca24356808f95711f09a61206a3bc40e7
Instruction ID: 824a4f9645ea44ad4be0c4959fa0ea5e08493c3152fca6f63d8253d910a0f9c7
Opcode Fuzzy Hash: 75d99447da2e59e8ae5859db1ecaa7bca24356808f95711f09a61206a3bc40e7
Instruction Fuzzy Hash: 3FD1897520030A9FDB304E74CD997EA77B3FF12740F654269DC8A9B154D77A8989CB02

Uniqueness

Uniqueness Score: -1.00%

Function 02B65208, Relevance: 1.7, Strings: 1, Instructions: 412COMMON

Download Yara Rule

Strings

*2q, xrefs: 02B6590D

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: *2q
API String ID: 0-4200797449
Opcode ID: 2cdca2e5d92d958d02150e7821b2e71c9a5103f05c86810480418e1fc0339d3d
Instruction ID: acfd8cfcb433eeb47774f3f250e6d36bbf8f8fe08c4d9fa545243ab718bc5c18
Opcode Fuzzy Hash: 2cdca2e5d92d958d02150e7821b2e71c9a5103f05c86810480418e1fc0339d3d
Instruction Fuzzy Hash: 20E10335704706CBDB34CE38CCA8BEA77A2FF85750F99826DDC9987240DB3499568B81

Uniqueness

Uniqueness Score: -1.00%

Function 02B67EB9, Relevance: 1.7, Strings: 1, Instructions: 406COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: b72cdaf0811c581279886bdc066c807fce70be7cd138c87e5e4a4df74414566c
Instruction ID: a81a6d300c897ac1cfc192bb791037aa7331d1cd07e7d8c5bdd2fb384e1f6d1b
Opcode Fuzzy Hash: b72cdaf0811c581279886bdc066c807fce70be7cd138c87e5e4a4df74414566c
Instruction Fuzzy Hash: C4D1997520030A9FEB304E74CD997EA3773FF12B40F618269DC8A9B154D77A8989CB02

Uniqueness

Uniqueness Score: -1.00%

Function 02B6529A, Relevance: 1.6, Strings: 1, Instructions: 394COMMON

Download Yara Rule

Strings

*2q, xrefs: 02B6590D

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: *2q
API String ID: 0-4200797449
Opcode ID: 7a6b3922359ef2a63ccf1a15f592fca10e68076ba5a7338ded136897fa658b04
Instruction ID: e9c6a684ffbabee0726ddf361ea33bf8e26db408ab257fc545073261ca0bf914
Opcode Fuzzy Hash: 7a6b3922359ef2a63ccf1a15f592fca10e68076ba5a7338ded136897fa658b04
Instruction Fuzzy Hash: F8D12335704706CBDB348E38CCA8BEA37A2FF95750F99826DDC898B244DB349956CB41

Uniqueness

Uniqueness Score: -1.00%

Function 02B67FFD, Relevance: 1.6, Strings: 1, Instructions: 344COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: 09086d92148b1bc44ab3ec5cf0ff1bd9381c7ddb68d47df5382c2bcf82a1cca5
Instruction ID: 00e315cb5a8b6f466dad265d078bd391fa971a79828e1844e38c5714c8c9f142
Opcode Fuzzy Hash: 09086d92148b1bc44ab3ec5cf0ff1bd9381c7ddb68d47df5382c2bcf82a1cca5
Instruction Fuzzy Hash: 16B1977920020A9FEF304E74CD997EA3773FF12740F558269DC8A9B254D73A8989CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02B68096, Relevance: 1.6, Strings: 1, Instructions: 332COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: a8eeb47d68675b569865f898fcf2e9a67e594c64f8d0b76179e25b55d33fb754
Instruction ID: 84ac4b80c6e357e5687525fb31f7c36720c63f1d6a56f6e0abf00a34d83eeff5
Opcode Fuzzy Hash: a8eeb47d68675b569865f898fcf2e9a67e594c64f8d0b76179e25b55d33fb754
Instruction Fuzzy Hash: 3CB1867A20020A9FDF304E74CD597EA3773FF12B40F658269DC8A9B154D73A9989CB02

Uniqueness

Uniqueness Score: -1.00%

Function 02B6531F, Relevance: 1.6, Strings: 1, Instructions: 327COMMON

Download Yara Rule

Strings

*2q, xrefs: 02B6590D

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: *2q
API String ID: 0-4200797449
Opcode ID: 59a9d51ea56a0b7db739fe7f87b4039eacdaa8a89f34870c226782d5087def82
Instruction ID: 8b4d384b3ff915ed24195b871f85e1fc0154b700ecee1c8b242312d5be80a7ec
Opcode Fuzzy Hash: 59a9d51ea56a0b7db739fe7f87b4039eacdaa8a89f34870c226782d5087def82
Instruction Fuzzy Hash: B4C1DF71704746CFDB38CE28CDA8BEA73A2BF85390F88826DDC9987240D7349951CB80

Uniqueness

Uniqueness Score: -1.00%

Function 02B6473E, Relevance: 1.6, Strings: 1, Instructions: 324COMMON

Download Yara Rule

Strings

,I*, xrefs: 02B648FE

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: ,I*
API String ID: 0-804518743
Opcode ID: 8276f06f86e179aa164934133d57c6a341a5c8a0d57a247827215a894594c282
Instruction ID: 7c41a55d32c4c56a7758a1aa3e31201d75be6aa61f8946e5199c30f98fdb12ed
Opcode Fuzzy Hash: 8276f06f86e179aa164934133d57c6a341a5c8a0d57a247827215a894594c282
Instruction Fuzzy Hash: 66A19C3A2047499FDB304E788D087EB3BB6EF56B60F95426DDC8ACB284D7358847C642

Uniqueness

Uniqueness Score: -1.00%

Function 02B64806, Relevance: 1.6, Strings: 1, Instructions: 322COMMON

Download Yara Rule

Strings

,I*, xrefs: 02B648FE

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: ,I*
API String ID: 0-804518743
Opcode ID: dc171ed7e30d8195e4c9d0dd2dfeb672ec03ca9e7965a322daf8b2917eec27ce
Instruction ID: 9533c3b2209c6ea976ab7222408aaf899962f5687e0815453ea62ddcb0a4af06
Opcode Fuzzy Hash: dc171ed7e30d8195e4c9d0dd2dfeb672ec03ca9e7965a322daf8b2917eec27ce
Instruction Fuzzy Hash: 2DA1693A2047459BDB304E788D087EB3BB2EF52F50FA647ADCC968B284D73598478642

Uniqueness

Uniqueness Score: -1.00%

Function 02B6813E, Relevance: 1.6, Strings: 1, Instructions: 306COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: a62cd37c254a2d670521c1b2a4e4108145a093f23e5fa6ccafabdbef89f20a54
Instruction ID: adafb1d7c768c85d539a21e83b4d1005d850a11edac691518551247e6c2df291
Opcode Fuzzy Hash: a62cd37c254a2d670521c1b2a4e4108145a093f23e5fa6ccafabdbef89f20a54
Instruction Fuzzy Hash: 1EA1657920020A9BDB304E74CD597EA3773EF16B50F65826CDC8A8B144D77A99C9CB02

Uniqueness

Uniqueness Score: -1.00%

Function 02B64732, Relevance: 1.6, Strings: 1, Instructions: 301COMMON

Download Yara Rule

Strings

,I*, xrefs: 02B648FE

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: ,I*
API String ID: 0-804518743
Opcode ID: f9ccedaf1663a0f342265c0ba6383a9936cc175332bd07848b3c3360ea618d6e
Instruction ID: 902b07ea2f8f47e8b95a08cb3f54249e53f49cd1e5a5fc89e6a25119c91c2410
Opcode Fuzzy Hash: f9ccedaf1663a0f342265c0ba6383a9936cc175332bd07848b3c3360ea618d6e
Instruction Fuzzy Hash: E0A166756043459FDB308E7C8D483EB3BA7AF563A0F85422EDC89DB294D3358982CA42

Uniqueness

Uniqueness Score: -1.00%

Function 02B681F3, Relevance: 1.5, Strings: 1, Instructions: 284COMMON

Download Yara Rule

Strings

N"bj, xrefs: 02B68280

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: N"bj
API String ID: 0-2615862271
Opcode ID: 7aae499f77e271109a434c2004180aec051ff44368d5abf89cc11d6a87c634ac
Instruction ID: cbbcbf6ef9fdcc073d47715fbccdb939fbb225eea9dad58f0c506429dfeb752c
Opcode Fuzzy Hash: 7aae499f77e271109a434c2004180aec051ff44368d5abf89cc11d6a87c634ac
Instruction Fuzzy Hash: 9D91767920020A9FDB304E74CD597EA3773FF12B40F61826CDD8A8B144D73A998ADB06

Uniqueness

Uniqueness Score: -1.00%

Function 02B648A1, Relevance: 1.5, Strings: 1, Instructions: 249COMMON

Download Yara Rule

Strings

,I*, xrefs: 02B648FE

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: ,I*
API String ID: 0-804518743
Opcode ID: 11678f0abf0a9471161360d294e7f1f8f67c3a6f33283fc2b18657b28d0bdc26
Instruction ID: 6f8bb121c9a6676b53bc777afd22729210551285b04ccd52bcea2581e2c1d34d
Opcode Fuzzy Hash: 11678f0abf0a9471161360d294e7f1f8f67c3a6f33283fc2b18657b28d0bdc26
Instruction Fuzzy Hash: A4815B3A6047459FDB344E788D087EB7BB6EF56BA0F96425DDC898B284D7308943C742

Uniqueness

Uniqueness Score: -1.00%

Function 02B69EF1, Relevance: 1.4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

B@, xrefs: 02B6A219

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID: B@
API String ID: 0-3644578000
Opcode ID: a4d22a0bbdb8900a5bfb4c32d3011df70ef7d6c1b93e98ff1b6d547b3214be33
Instruction ID: 8cfb1ac3740ea4cfccd1205f88ee715a32d3b78ba4d4ad6d8415178fc9f2033f
Opcode Fuzzy Hash: a4d22a0bbdb8900a5bfb4c32d3011df70ef7d6c1b93e98ff1b6d547b3214be33
Instruction Fuzzy Hash: E24159315043148FEF30DD758A587DB3BA6DF56390F91811EDE859B208D3384AC2CA56

Uniqueness

Uniqueness Score: -1.00%

Function 02B6828C, Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d83af3508c8873ed0e6dabfc587beb31c9e1f0ca0769e6e1e81d800826393cb0
Instruction ID: 5ba11b1175f45f8b62daef625eee29ccf032faf04cd43ddcd13ed9be3adf564b
Opcode Fuzzy Hash: d83af3508c8873ed0e6dabfc587beb31c9e1f0ca0769e6e1e81d800826393cb0
Instruction Fuzzy Hash: 4791677520020A9FDF314E74CD597EA3773EF12B40F6042A9DD8A4B245D73A998ADB42

Uniqueness

Uniqueness Score: -1.00%

Function 02B64940, Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16e75627d6f574c18cdaae84a1ab2a820a630fd39ff321f1d032dfc77411949b
Instruction ID: da0a32f1f5320d8003c910a86af408b5c69473293855ac736edd2c19493d60f0
Opcode Fuzzy Hash: 16e75627d6f574c18cdaae84a1ab2a820a630fd39ff321f1d032dfc77411949b
Instruction Fuzzy Hash: 4481563A2047459FDB354E788C087EB7BB2EF56BA0F96466DDC968B284D73188438642

Uniqueness

Uniqueness Score: -1.00%

Function 02B65CD8, Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea11bcfd2269646776bb5027435984aef0f1c45a6be051d27354f2833e081100
Instruction ID: bc8cba6a3b319db7ba503f9063aed00861cf3d48f023729dd30d4ac62fb8c958
Opcode Fuzzy Hash: ea11bcfd2269646776bb5027435984aef0f1c45a6be051d27354f2833e081100
Instruction Fuzzy Hash: 9F7127357007468FDB308E68CCA8BE977B6FF45B50F914269DC9A8B240D7399D46CB10

Uniqueness

Uniqueness Score: -1.00%

Function 02B68343, Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2841f9a38e39b2026893524b43fd8f96d8e6803d5a70e06cca5d4aeb026a822
Instruction ID: 2ed51286f48d2d02da384ab477511b13aec27873a20f1a1ec97095c47dd0353f
Opcode Fuzzy Hash: c2841f9a38e39b2026893524b43fd8f96d8e6803d5a70e06cca5d4aeb026a822
Instruction Fuzzy Hash: 547145792002099BDF344E74CD597EA3773EF12B00F6542ACED8A5B144D73A998ADB12

Uniqueness

Uniqueness Score: -1.00%

Function 02B65D3E, Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 868c2198a4f70e9ef5c80c5c970144c389d6d50ce79a7a8c402a947569771f46
Instruction ID: ecf1c918433114ce9e1e9f8be8fad853662bc67af2d2ee23f6d7e3d54d09cee2
Opcode Fuzzy Hash: 868c2198a4f70e9ef5c80c5c970144c389d6d50ce79a7a8c402a947569771f46
Instruction Fuzzy Hash: AE7137797007058FDB348E68CCA9BEA37A6FF45B40F91427DDC8A8B241DB359D468B00

Uniqueness

Uniqueness Score: -1.00%

Function 02B631C8, Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8122882d4eca4a6d5e0ad3de62b2e65694f6039c0067bf8ae2c3153b6af57129
Instruction ID: e6a9ddf83db3cdb1a129ae3cf2a8f110c27e6b4654c741482c4eba0f200d4a66
Opcode Fuzzy Hash: 8122882d4eca4a6d5e0ad3de62b2e65694f6039c0067bf8ae2c3153b6af57129
Instruction Fuzzy Hash: 3E713875700349CFDB304E7488987EA3BA2EF56F50F9902AECD8A4B255C77549868B12

Uniqueness

Uniqueness Score: -1.00%

Function 02B65DD9, Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bffe7070703bf4ac66486f118d2f5bcde72c853ef0f467b98d297ac58aff6b5f
Instruction ID: 5bf2dbe5fe59fa7324edcc37bf73648c174449d8e2da30e55ad89564bdddc4cd
Opcode Fuzzy Hash: bffe7070703bf4ac66486f118d2f5bcde72c853ef0f467b98d297ac58aff6b5f
Instruction Fuzzy Hash: 1D6128397007468BDB308E68CCA8BEA37A6FF45B50FA1426DDD9A8B240D7399D479710

Uniqueness

Uniqueness Score: -1.00%

Function 02B649E4, Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a86eeb048e70db16513368cf3a26ffe7c9d391883df77b68ac680de52d1779df
Instruction ID: 58ca30757c1c8f2d7f59edd0bf71e6f5d72977571f90501b160b8af3a4fac811
Opcode Fuzzy Hash: a86eeb048e70db16513368cf3a26ffe7c9d391883df77b68ac680de52d1779df
Instruction Fuzzy Hash: C161573A2047459FDB304E788C087EB3BB2EF56F60F96436DDC9A8B284D73189438601

Uniqueness

Uniqueness Score: -1.00%

Function 02B65E5B, Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43a24d4b696019a820eae68a421c03819def439106ec11f6edecba478243dcf7
Instruction ID: b3dd0e43a836dbf39990a70ffcd266d815206351d6f80ff1d72027ec96f7c9d6
Opcode Fuzzy Hash: 43a24d4b696019a820eae68a421c03819def439106ec11f6edecba478243dcf7
Instruction Fuzzy Hash: 0F5126397003468BDB309E68CCA8BE977B6EF55B40FA1427DDC9A8B240DB399D479710

Uniqueness

Uniqueness Score: -1.00%

Function 02B64A80, Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab0d70491cdd97e73228224fe3b7264f394808ff6f7acdfc02394023bd786c8b
Instruction ID: a098a9c38bf3f657a9d20abf6db226a4012f987d5485c2be8004a98863ded926
Opcode Fuzzy Hash: ab0d70491cdd97e73228224fe3b7264f394808ff6f7acdfc02394023bd786c8b
Instruction Fuzzy Hash: 7C51363A2047459BDB344E788C187EB3BB6EF56F60F96435DDC9A8B284C73189438716

Uniqueness

Uniqueness Score: -1.00%

Function 02B65EF0, Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7e9950f17fdb4b8a57e042cca361b171aedae4fdd677cf131616e25b6ae899f
Instruction ID: 12ebb7154f0165b823b054345178193bb93b4a159beb8edd5a7f4f4a8c3adbb3
Opcode Fuzzy Hash: f7e9950f17fdb4b8a57e042cca361b171aedae4fdd677cf131616e25b6ae899f
Instruction Fuzzy Hash: 7D51253A3003068BD7705E788CA8BE937B6EF56B50FE24269DC868B204DB399D479711

Uniqueness

Uniqueness Score: -1.00%

Function 02B65CD6, Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06705285923db2b8afa5e323381c0a1080e33e67455f1894c77b30b381f9dea1
Instruction ID: 241c450009713d789f9bc66c748ea36551e1d6c649ff876a5d3f4d2bc0c90b56
Opcode Fuzzy Hash: 06705285923db2b8afa5e323381c0a1080e33e67455f1894c77b30b381f9dea1
Instruction Fuzzy Hash: AA61D271B00746CFDB349E18CCA8BE973A6BF45350F95416DEC999B240D739AD86CB40

Uniqueness

Uniqueness Score: -1.00%

Function 02B631BD, Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ea2e30e922e2cf67d099c8f5d56a35325af781b06bad872d80c471afe21b161
Instruction ID: 4bf6893ca9284540c10d12cb94abb747259d34b1e67e45653befe5b7aad5eb32
Opcode Fuzzy Hash: 0ea2e30e922e2cf67d099c8f5d56a35325af781b06bad872d80c471afe21b161
Instruction Fuzzy Hash: E4613671B04349CFDF348E68C8947EA37E6AF95B50F89016EDC899B295C7348E81CB12

Uniqueness

Uniqueness Score: -1.00%

Function 02B64B1F, Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0ddb94e968fafade8583274cbaf85835b9da837d6f06c341a9ecd6fb00dbd6c
Instruction ID: 84ff8d1f0c40de3ef2ccb6f123d4557a2f08eee1634be22c836097c67732570d
Opcode Fuzzy Hash: b0ddb94e968fafade8583274cbaf85835b9da837d6f06c341a9ecd6fb00dbd6c
Instruction Fuzzy Hash: E651363A2047459BDB348E788D1C7EB7BB3EF56F60F96475D8C968B284C73189438612

Uniqueness

Uniqueness Score: -1.00%

Function 02B63B42, Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7c15422f8d5cf0c8cc99c9286674e460eb61256c85f16e399a306a86dea1284
Instruction ID: 9df3bde101bd7bd54ce34fc4ed6ba7ba4e3d008ed5676932895eb465517097a0
Opcode Fuzzy Hash: a7c15422f8d5cf0c8cc99c9286674e460eb61256c85f16e399a306a86dea1284
Instruction Fuzzy Hash: 1841D32F2112199BE6601EB49C1C9FA7F71EB62E10BB257D8D9934F104CB364C476326

Uniqueness

Uniqueness Score: -1.00%

Function 02B65F9A, Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe7f5befa7bf29b915ce79c3443a01a82d2965e675fec0ee119ca79d8740d724
Instruction ID: 03c7919bd29edb8a8c4ed81ebe44b6938b1110b1fb33a3d1f7f02acf82d6237a
Opcode Fuzzy Hash: fe7f5befa7bf29b915ce79c3443a01a82d2965e675fec0ee119ca79d8740d724
Instruction Fuzzy Hash: 9041452A2003458BD7305D748C98BE97766FB56F10FE203A8CDD68B244C73A5C879711

Uniqueness

Uniqueness Score: -1.00%

Function 02B6601B, Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe062e85a05ccbb8c12409956794f6e174c2fd4f3ce7ac41e9cc2eff7ecb0a51
Instruction ID: dc9e546b600816c0b9464b8f66677f0535d02fe7dea9643b9e7a684b7e582e98
Opcode Fuzzy Hash: fe062e85a05ccbb8c12409956794f6e174c2fd4f3ce7ac41e9cc2eff7ecb0a51
Instruction Fuzzy Hash: 1241242A3402058BD7705EB48C987EA7B66FB56F10FE243B8DDC68B104C73A9C8B9715

Uniqueness

Uniqueness Score: -1.00%

Function 02B64BBD, Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48ebadb0bcb60da70f3e0d14bfd5f35e37c835039230129a73b8e5331c8ad662
Instruction ID: 5f3139a65c1cb0b92eebd73e5d058e491bca149814b3893c9615064f62fde6f6
Opcode Fuzzy Hash: 48ebadb0bcb60da70f3e0d14bfd5f35e37c835039230129a73b8e5331c8ad662
Instruction Fuzzy Hash: EE41483E2147059BDB344D788D187EB7FB3EF56E60FA6479D8C968B288C73188438612

Uniqueness

Uniqueness Score: -1.00%

Function 02B64C4A, Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e435ce16eb016b96d93b86e1455d6a2944638cf4c7209ce83d778974ca353762
Instruction ID: 1c6cdb4ca77f5b85e62c9095cd20911d7e815000b0c7a5a0b3d3a2afa760e98a
Opcode Fuzzy Hash: e435ce16eb016b96d93b86e1455d6a2944638cf4c7209ce83d778974ca353762
Instruction Fuzzy Hash: D631377A7047059BDB344E788D087E73FB3EF56E50F96479E8C868B288DB7588438612

Uniqueness

Uniqueness Score: -1.00%

Function 02B66145, Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7ac23272848459133b2d0125bdc58dc8fb57656d5e6b996dfe5d08b85e1ceff
Instruction ID: 1457b004165583eaea689b8d4fcc9f6086d6447db155234aec96aa11e096858c
Opcode Fuzzy Hash: e7ac23272848459133b2d0125bdc58dc8fb57656d5e6b996dfe5d08b85e1ceff
Instruction Fuzzy Hash: 1621C12E20020557E66129749D1DBE97B31FB52E50FB217E8CDD34B149CB3E58876622

Uniqueness

Uniqueness Score: -1.00%

Function 02B68D9A, Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6620271c83c3af26956161c390c00196c4c2a39d0c35edcf8884679e15d7b252
Instruction ID: 155cd203b044db4f7440ec096b449511930d3da808d7b8cbf1369cc02ea51778
Opcode Fuzzy Hash: 6620271c83c3af26956161c390c00196c4c2a39d0c35edcf8884679e15d7b252
Instruction Fuzzy Hash: E611E62E34110546A6700EB48D1C6EA7F72EB63E20EB287DCC9A34F206CB79890B1761

Uniqueness

Uniqueness Score: -1.00%

Function 02B66D55, Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c69fb94b1bf3075adb7994c5eca3e804ad7d0ad44206c0d1b85801531a571979
Instruction ID: 28a921002171a94842374679a80efc32656e9b4d9d3fee28eff063f533bcdb91
Opcode Fuzzy Hash: c69fb94b1bf3075adb7994c5eca3e804ad7d0ad44206c0d1b85801531a571979
Instruction Fuzzy Hash: 1921263A2083128FDB24AE3089A17EB7BF76FB47D0F87453D9C8697614C3698895C602

Uniqueness

Uniqueness Score: -1.00%

Function 02B63B2D, Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecea91578f9a2544f775d19aeb32f13d6a35c6d448c56a327aee055977c6b798
Instruction ID: 89fd839a096676c22eb1aa06f08321ed8d66f33516ca7027246bed252d336232
Opcode Fuzzy Hash: ecea91578f9a2544f775d19aeb32f13d6a35c6d448c56a327aee055977c6b798
Instruction Fuzzy Hash: 2C213275A093548FEB306F7988487EE3BB2AF05250FA5861DEC89D7104C3354D81CB56

Uniqueness

Uniqueness Score: -1.00%

Function 02B695A4, Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8e999e6d28aed79e1eec5879337744cf354d4800818bafb4f7f71b7b9a11895
Instruction ID: d6cf6c71014bd2169cccee70322c51bc28db9e16b83e05027f874c62e05545dc
Opcode Fuzzy Hash: d8e999e6d28aed79e1eec5879337744cf354d4800818bafb4f7f71b7b9a11895
Instruction Fuzzy Hash: EE014F2F351A4547A9A11DB0992D9A27F30E727D107B35BD8C6934F10ACB399C0B6322

Uniqueness

Uniqueness Score: -1.00%

Function 02B68869, Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8570a95ee61bc4094934489dcb01be9ed9eeca3c5c06a744fe9eccf026bacd7e
Instruction ID: 0f351b8dd3dbecea835303346d3036df2030eca3b607594761272b120ec20941
Opcode Fuzzy Hash: 8570a95ee61bc4094934489dcb01be9ed9eeca3c5c06a744fe9eccf026bacd7e
Instruction Fuzzy Hash: 17115736100349ABDF392E64CD583F93BA3BF01300F984068FDCA561A1DB2B8A948F52

Uniqueness

Uniqueness Score: -1.00%

Function 02B68D81, Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5bbad0faebf7d940ce90532b74f6b99ea55c76544af7d9860ee715283e54f6f
Instruction ID: 60802d8070457c4bfeb95561b68c982199b8c638320e525340481195d00de7af
Opcode Fuzzy Hash: f5bbad0faebf7d940ce90532b74f6b99ea55c76544af7d9860ee715283e54f6f
Instruction Fuzzy Hash: 13F04C71A843418BE7305BB9891C7ED76E5EF46330FA580ADDCD057105D3B84E818FA2

Uniqueness

Uniqueness Score: -1.00%

Function 02B6E88D, Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06a53d7d1a06cf9230bb7546d8df446362275eaccb71a4a86b344212b17563fb
Instruction ID: a6c6952002dbe36ef9e1b89844edf44a3bdcd956948cffb9890faaacc2ea1036
Opcode Fuzzy Hash: 06a53d7d1a06cf9230bb7546d8df446362275eaccb71a4a86b344212b17563fb
Instruction Fuzzy Hash: 75C08C39A00101CBCF62EA44C298FA037A2BF18B20BD004E4B10AC7695C369E800CB00

Uniqueness

Uniqueness Score: -1.00%

Function 02B695A2, Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.738021580.0000000002B60000.00000040.00000001.sdmp, Offset: 02B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2b60000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8cf436a64781ee52d23abc6cff6e1e2b4e853e1048bc0dcc5c33c7b6f5396e9
Instruction ID: 8e47758ab5ef3be3cbd1671ea9c81323a5d2d9d8fcb0bbe724f5d3c8cb41574a
Opcode Fuzzy Hash: a8cf436a64781ee52d23abc6cff6e1e2b4e853e1048bc0dcc5c33c7b6f5396e9
Instruction Fuzzy Hash: 52C08CB3A019828BEF12CA28C588B407360EF28B24F8A00D0E803CF711E224EC00CF01

Uniqueness

Uniqueness Score: -1.00%

Function 0041F5F0, Relevance: 35.1, APIs: 17, Strings: 3, Instructions: 136
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaStrCopy.MSVBVM60 ref: 0041F645
__vbaStrCopy.MSVBVM60 ref: 0041F64F
#515.MSVBVM60(?,?,00000002), ref: 0041F668
__vbaVarTstNe.MSVBVM60(?,?), ref: 0041F684
__vbaFreeVar.MSVBVM60 ref: 0041F690
__vbaNew2.MSVBVM60(00402BC4,004213C0), ref: 0041F6B1
__vbaHresultCheckObj.MSVBVM60(00000000,02A4EDD4,00402BB4,0000004C), ref: 0041F6D6
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402F2C,00000024), ref: 0041F704
__vbaStrMove.MSVBVM60 ref: 0041F713
__vbaFreeObj.MSVBVM60 ref: 0041F71C
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041F735
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041F74E
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402C2C,00000068), ref: 0041F76F
__vbaFreeObj.MSVBVM60 ref: 0041F77E
__vbaFreeStr.MSVBVM60(0041F7C7), ref: 0041F7BA
__vbaFreeStr.MSVBVM60 ref: 0041F7BF
__vbaFreeStr.MSVBVM60 ref: 0041F7C4

Strings

CAREENING, xrefs: 0041F6E5
var, xrefs: 0041F647
Monascidian, xrefs: 0041F6EA

Memory Dump Source

Source File: 00000001.00000002.732106946.000000000041B000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.731931619.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.731949710.0000000000401000.00000020.00020000.sdmp Download File
Associated: 00000001.00000002.732154968.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.732171971.0000000000423000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID: __vba$Free$CheckHresult$CopyNew2$#515Move
String ID: CAREENING$Monascidian$var
API String ID: 860825397-1736873049
Opcode ID: 78ea30ab12c7f20767e5714ffd9ca992d0b1893639dda74fb39581b790f3edca
Instruction ID: ab013336a3f730676e49ee436d7681ce630f158b2661c41e02ea5700158ca2ed
Opcode Fuzzy Hash: 78ea30ab12c7f20767e5714ffd9ca992d0b1893639dda74fb39581b790f3edca
Instruction Fuzzy Hash: 90513B75D40249AFCB14DF94DD88EDEBBB8FF58700F20452AE501B72A0D7785986CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 0041F990, Relevance: 31.7, APIs: 21, Instructions: 182
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaVarDup.MSVBVM60 ref: 0041F9F0
#522.MSVBVM60(?,?), ref: 0041F9FE
__vbaVarTstNe.MSVBVM60(?,?), ref: 0041FA1A
__vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0041FA2D
__vbaHresultCheckObj.MSVBVM60(00000000,?,004025E4,00000160), ref: 0041FA61
__vbaNew2.MSVBVM60(00402BC4,004213C0), ref: 0041FA79
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041FA98
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041FAB1
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402C2C,00000120), ref: 0041FAD8
__vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0041FAF6
__vbaStrVarMove.MSVBVM60(00000000), ref: 0041FB00
__vbaStrMove.MSVBVM60 ref: 0041FB0B
__vbaObjSet.MSVBVM60(?,?,00000000), ref: 0041FB17
__vbaHresultCheckObj.MSVBVM60(00000000,02A4EDD4,00402BB4,00000040), ref: 0041FB39
__vbaFreeStr.MSVBVM60 ref: 0041FB42
__vbaFreeObjList.MSVBVM60(00000003,?,?,?), ref: 0041FB56
__vbaFreeVar.MSVBVM60 ref: 0041FB62
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041FB7B
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041FB94
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402C2C,000000E8), ref: 0041FBBB
__vbaFreeObj.MSVBVM60 ref: 0041FBCA

Memory Dump Source

Source File: 00000001.00000002.732106946.000000000041B000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.731931619.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.731949710.0000000000401000.00000020.00020000.sdmp Download File
Associated: 00000001.00000002.732154968.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.732171971.0000000000423000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID: __vba$Free$CheckHresult$New2$ListMove$#522CallLate
String ID:
API String ID: 3206667697-0
Opcode ID: fb49b3570186712d0c2942a5865ab00bfb1c4c4ff545ed7e8288df97fef1809a
Instruction ID: 0ef622d1a4087add27c18ae658be6b115eeec513ba9468ada49728a259804a29
Opcode Fuzzy Hash: fb49b3570186712d0c2942a5865ab00bfb1c4c4ff545ed7e8288df97fef1809a
Instruction Fuzzy Hash: 63612BB1900249AFDB14DF94DD88EDEBBB8FF48300F50452AF545B32A0D7785589CB68

Uniqueness

Uniqueness Score: -1.00%

Function 0041EEC0, Relevance: 21.1, APIs: 14, Instructions: 113
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaStrCopy.MSVBVM60 ref: 0041EF12
__vbaI4Str.MSVBVM60(00402E7C), ref: 0041EF1D
#697.MSVBVM60(00000000), ref: 0041EF24
__vbaStrMove.MSVBVM60 ref: 0041EF2F
__vbaStrCmp.MSVBVM60(00402B74,00000000), ref: 0041EF3B
__vbaFreeStr.MSVBVM60 ref: 0041EF4E
__vbaNew2.MSVBVM60(00402BC4,004213C0), ref: 0041EF6F
__vbaHresultCheckObj.MSVBVM60(00000000,02A4EDD4,00402BB4,0000001C), ref: 0041EF94
__vbaCastObj.MSVBVM60(?,00402D58), ref: 0041EFC8
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041EFD3
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402E9C,00000058), ref: 0041EFED
__vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0041EFFD
__vbaFreeObj.MSVBVM60(0041F044), ref: 0041F034
__vbaFreeStr.MSVBVM60 ref: 0041F03D

Memory Dump Source

Source File: 00000001.00000002.732106946.000000000041B000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.731931619.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.731949710.0000000000401000.00000020.00020000.sdmp Download File
Associated: 00000001.00000002.732154968.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.732171971.0000000000423000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID: __vba$Free$CheckHresult$#697CastCopyListMoveNew2
String ID:
API String ID: 1550409211-0
Opcode ID: eb942d619078aeddeec77cbca8f8ac1bbe37223c7a681ce9cf62d6d8140f17ee
Instruction ID: 722be8caad980de399cdea0b4a29fa962d30c82995a96d39400d53a0891d9ad6
Opcode Fuzzy Hash: eb942d619078aeddeec77cbca8f8ac1bbe37223c7a681ce9cf62d6d8140f17ee
Instruction Fuzzy Hash: 6F416D70D40245AFCB04DF95DA49ADEBBB8FF58701F10812AF942F72A0D7785985CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 0041ED80, Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 76
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

#591.MSVBVM60(?), ref: 0041EDC9
__vbaStrMove.MSVBVM60 ref: 0041EDD4
__vbaStrCmp.MSVBVM60(Integer,00000000), ref: 0041EDE0
__vbaFreeStr.MSVBVM60 ref: 0041EDF3
__vbaFreeVar.MSVBVM60 ref: 0041EDFC
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041EE1A
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041EE33
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402C1C,00000080), ref: 0041EE5A
__vbaFreeObj.MSVBVM60 ref: 0041EE69

Strings

KK, xrefs: 0041EDBB
Integer, xrefs: 0041EDDB

Memory Dump Source

Source File: 00000001.00000002.732106946.000000000041B000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.731931619.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.731949710.0000000000401000.00000020.00020000.sdmp Download File
Associated: 00000001.00000002.732154968.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.732171971.0000000000423000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID: __vba$Free$#591CheckHresultMoveNew2
String ID: Integer$KK
API String ID: 609433361-2898439456
Opcode ID: 928d0957fc26e24ae36358753a1968918cd7998fb515b05cc8f1c54212181cc4
Instruction ID: 6133db0a354fa35f7d31807db24cba90a3e7d3ad9a0a26be86770ae79bfc40c6
Opcode Fuzzy Hash: 928d0957fc26e24ae36358753a1968918cd7998fb515b05cc8f1c54212181cc4
Instruction Fuzzy Hash: 2C218F759402159BCB10DF95DD49FEEBBB8FB58700F104026E942F32A0D7785945CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0041F4C0, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 74COMMON

Download Yara Rule

APIs

#606.MSVBVM60(00000001,?), ref: 0041F514
__vbaStrMove.MSVBVM60 ref: 0041F51F
__vbaStrCmp.MSVBVM60(00402BA0,00000000), ref: 0041F52B
__vbaFreeStr.MSVBVM60 ref: 0041F53E
__vbaFreeVar.MSVBVM60 ref: 0041F547
__vbaNew2.MSVBVM60(00402BC4,004213C0), ref: 0041F564
__vbaObjSetAddref.MSVBVM60(?,00401218), ref: 0041F57A
__vbaHresultCheckObj.MSVBVM60(00000000,02A4EDD4,00402BB4,00000010), ref: 0041F597
__vbaFreeObj.MSVBVM60 ref: 0041F5A0

Strings

, xrefs: 0041F506

Memory Dump Source

Source File: 00000001.00000002.732106946.000000000041B000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.731931619.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.731949710.0000000000401000.00000020.00020000.sdmp Download File
Associated: 00000001.00000002.732154968.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.732171971.0000000000423000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID: __vba$Free$#606AddrefCheckHresultMoveNew2
String ID:
API String ID: 2885364696-3916222277
Opcode ID: f3d2ae090de1fede9ce56962be37397b8fcfda2fa62de1a124af6d45ed8b3169
Instruction ID: 304de142ec2372348ca09147cb8754b516c76a1b047d4a0b207708428015a1a7
Opcode Fuzzy Hash: f3d2ae090de1fede9ce56962be37397b8fcfda2fa62de1a124af6d45ed8b3169
Instruction Fuzzy Hash: 9C216075900255AFCB00DFA4DE89AEEBBB8FF08705F50412AE942F36A1D7781945CF98

Uniqueness

Uniqueness Score: -1.00%

Function 0041EC30, Relevance: 16.6, APIs: 11, Instructions: 89COMMON

Download Yara Rule

APIs

#538.MSVBVM60(?,000007DB,0000000B,0000000B), ref: 0041EC71
#557.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004012C6), ref: 0041EC7B
__vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,004012C6), ref: 0041EC98
#570.MSVBVM60(0000004F,?,?,?,?,?,?,?,?,?,?,?,?,?,004012C6), ref: 0041ECA1
__vbaNew2.MSVBVM60(00401C84,00421010,?,?,?,?,?,?,?,?,?,?,?,?,?,004012C6), ref: 0041ECBA
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,004012C6), ref: 0041ECD3
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402BF8,00000158), ref: 0041ECFA
__vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0041ED0A
__vbaI4Var.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004012C6), ref: 0041ED14
__vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0041ED27
__vbaFreeVar.MSVBVM60 ref: 0041ED33

Memory Dump Source

Source File: 00000001.00000002.732106946.000000000041B000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.731931619.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.731949710.0000000000401000.00000020.00020000.sdmp Download File
Associated: 00000001.00000002.732154968.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.732171971.0000000000423000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID: __vba$Free$#538#557#570CallCheckHresultLateListNew2
String ID:
API String ID: 729259385-0
Opcode ID: 02611bac101a4858a0bb6d2bdef537d6c9e7b82122826640fd25e670cd58bbf4
Instruction ID: 24abf2e7a8989ff15148d6cf4ef91e85c298b9e8f6062372e1376e18f3afecf8
Opcode Fuzzy Hash: 02611bac101a4858a0bb6d2bdef537d6c9e7b82122826640fd25e670cd58bbf4
Instruction Fuzzy Hash: 82319C74940245AFCB10DBA5DD89EEEB7B8FF98B00F14442AF542B72A0D7785485CB68

Uniqueness

Uniqueness Score: -1.00%

Function 0041FC30, Relevance: 15.1, APIs: 10, Instructions: 95COMMON

Download Yara Rule

APIs

__vbaStrCopy.MSVBVM60 ref: 0041FC82
__vbaVarDup.MSVBVM60 ref: 0041FC9C
#528.MSVBVM60(?,?), ref: 0041FCAA
__vbaVarTstNe.MSVBVM60(?,?), ref: 0041FCC6
__vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0041FCD9
__vbaNew2.MSVBVM60(00402BC4,004213C0), ref: 0041FCF9
__vbaHresultCheckObj.MSVBVM60(00000000,02A4EDD4,00402BB4,0000001C), ref: 0041FD1E
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402E9C,00000050), ref: 0041FD3E
__vbaFreeObj.MSVBVM60 ref: 0041FD47
__vbaFreeStr.MSVBVM60(0041FD7F), ref: 0041FD78

Memory Dump Source

Source File: 00000001.00000002.732106946.000000000041B000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.731931619.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.731949710.0000000000401000.00000020.00020000.sdmp Download File
Associated: 00000001.00000002.732154968.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.732171971.0000000000423000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID: __vba$Free$CheckHresult$#528CopyListNew2
String ID:
API String ID: 1123914322-0
Opcode ID: 26f2a962e7644463aba4889c028640b8a3266038c7f441d34674a6900d6bd686
Instruction ID: daa61bb5593ba9e6d786f72eca0b6145d07f1c006afdafe557e4bbafb1960a5f
Opcode Fuzzy Hash: 26f2a962e7644463aba4889c028640b8a3266038c7f441d34674a6900d6bd686
Instruction Fuzzy Hash: 9C314A74D00249ABCB04DF95D949AEEFBB8FF58704F10802AE512B72A0D7B8554ACF94

Uniqueness

Uniqueness Score: -1.00%

Function 0041EA20, Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 47COMMON

Download Yara Rule

APIs

__vbaStrCopy.MSVBVM60 ref: 0041EA5D
__vbaI4Str.MSVBVM60(00402E7C), ref: 0041EA68
#698.MSVBVM60(?,00000000), ref: 0041EA73
__vbaVarTstNe.MSVBVM60(?,?), ref: 0041EA8F
__vbaFreeVar.MSVBVM60 ref: 0041EA9A
#569.MSVBVM60(00000068), ref: 0041EAA7
__vbaFreeStr.MSVBVM60(0041EAD9), ref: 0041EAD2

Strings

G*, xrefs: 0041EAAD

Memory Dump Source

Source File: 00000001.00000002.732106946.000000000041B000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.731931619.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.731949710.0000000000401000.00000020.00020000.sdmp Download File
Associated: 00000001.00000002.732154968.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.732171971.0000000000423000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID: __vba$Free$#569#698Copy
String ID: G*
API String ID: 3581547392-626655979
Opcode ID: 67d9f4a6444ba2c249f004cc89a7060a41d57fb845bf95828e3de9892a974614
Instruction ID: 89edc167916361620c3bc3e5e764da1cc7e7f352d06193df80b95097fccb978a
Opcode Fuzzy Hash: 67d9f4a6444ba2c249f004cc89a7060a41d57fb845bf95828e3de9892a974614
Instruction Fuzzy Hash: AD114CB5C002499BCB10DFA5DA49ADEFBB8FF48700F10C12AE512B36A0D7B85549CF65

Uniqueness

Uniqueness Score: -1.00%

Function 0041E870, Relevance: 13.6, APIs: 9, Instructions: 116COMMON

Download Yara Rule

APIs

#693.MSVBVM60(00402B74), ref: 0041E8C7
#685.MSVBVM60 ref: 0041E8D5
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041E8E6
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041E91F
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041E938
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402BD4,000001A8), ref: 0041E95E
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402E68,00000044), ref: 0041E991
__vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0041E9A1
__vbaFreeVarList.MSVBVM60(00000004,?,?,?,?), ref: 0041E9B9

Memory Dump Source

Source File: 00000001.00000002.732106946.000000000041B000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.731931619.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.731949710.0000000000401000.00000020.00020000.sdmp Download File
Associated: 00000001.00000002.732154968.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.732171971.0000000000423000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID: __vba$CheckFreeHresultList$#685#693New2
String ID:
API String ID: 587155547-0
Opcode ID: 633335c55037173fdfa804b0530e133147a6988a2768c7ebec95ea0030eb2017
Instruction ID: f00e1fd5caf2b0181bcd04a8dce6936be41d92387c23762ebf0bb613b5a2ef68
Opcode Fuzzy Hash: 633335c55037173fdfa804b0530e133147a6988a2768c7ebec95ea0030eb2017
Instruction Fuzzy Hash: 1D4128B1D00208AFCB14DFD9C988AEEBBB8FB48700F50842AF655F7290D6785946CF65

Uniqueness

Uniqueness Score: -1.00%

Function 0041F310, Relevance: 12.1, APIs: 8, Instructions: 120COMMON

Download Yara Rule

APIs

__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041F363
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041F37C
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402C1C,00000224), ref: 0041F403
__vbaFreeObj.MSVBVM60 ref: 0041F412
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041F427
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041F440
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402BD4,000000D0), ref: 0041F467
__vbaFreeObj.MSVBVM60 ref: 0041F476

Memory Dump Source

Source File: 00000001.00000002.732106946.000000000041B000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.731931619.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.731949710.0000000000401000.00000020.00020000.sdmp Download File
Associated: 00000001.00000002.732154968.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.732171971.0000000000423000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID: __vba$CheckFreeHresultNew2
String ID:
API String ID: 1645334062-0
Opcode ID: ecae6a0964fab977ee891d4616a99a1c1848f5bc2adebada6a247037e02e5d5b
Instruction ID: f518913095c4270323d944241a2a6a507406ab3ca89c3e53bf2ed0b5ccd302c9
Opcode Fuzzy Hash: ecae6a0964fab977ee891d4616a99a1c1848f5bc2adebada6a247037e02e5d5b
Instruction Fuzzy Hash: 75413C74A00215AFCB14DFA9C989E9ABBF8FF48700F10846AE445F7365D7789846CF94

Uniqueness

Uniqueness Score: -1.00%

Function 0041FDA0, Relevance: 12.1, APIs: 8, Instructions: 101COMMON

Download Yara Rule

APIs

__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041FDF3
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041FE12
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041FE2E
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041FE47
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402C1C,000000E8), ref: 0041FE6A
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402BD4,000001EC), ref: 0041FEAA
__vbaFreeStr.MSVBVM60 ref: 0041FEB3
__vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0041FEC3

Memory Dump Source

Source File: 00000001.00000002.732106946.000000000041B000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.731931619.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.731949710.0000000000401000.00000020.00020000.sdmp Download File
Associated: 00000001.00000002.732154968.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.732171971.0000000000423000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID: __vba$CheckFreeHresultNew2$List
String ID:
API String ID: 2509323985-0
Opcode ID: 82801fa06d98f8988d36847560587581e44ee3641b07330358fe5bd3b32fb3fa
Instruction ID: 265576681f73253530fb7b58b4160c65502e49ebb5ab9e41163a1b3c46cec712
Opcode Fuzzy Hash: 82801fa06d98f8988d36847560587581e44ee3641b07330358fe5bd3b32fb3fa
Instruction Fuzzy Hash: 04314FB0A00255AFC710DFA8CD49F9E7BF8FB08700F10856AF545F7661D77899468BA4

Uniqueness

Uniqueness Score: -1.00%

Function 0041F190, Relevance: 12.1, APIs: 8, Instructions: 98COMMON

Download Yara Rule

APIs

__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041F1D7
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041F1F6
__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041F212
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041F22B
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402C1C,00000198), ref: 0041F24E
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402BD4,000001EC), ref: 0041F28E
__vbaFreeStr.MSVBVM60 ref: 0041F297
__vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0041F2A7

Memory Dump Source

Source File: 00000001.00000002.732106946.000000000041B000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.731931619.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.731949710.0000000000401000.00000020.00020000.sdmp Download File
Associated: 00000001.00000002.732154968.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.732171971.0000000000423000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID: __vba$CheckFreeHresultNew2$List
String ID:
API String ID: 2509323985-0
Opcode ID: 76338486432618879145626e36be3a5f32a91823a4f1c9a40455ccdfd6de1234
Instruction ID: 5e207c2f6b8576daa31851fab6e0fb0103df42e13183a89598496eaa42773502
Opcode Fuzzy Hash: 76338486432618879145626e36be3a5f32a91823a4f1c9a40455ccdfd6de1234
Instruction Fuzzy Hash: 5D319EB4A00244AFC700DFA4DD89FDE7BB8FB48700F20447AF505F72A1D67999468B68

Uniqueness

Uniqueness Score: -1.00%

Function 0041EB00, Relevance: 12.1, APIs: 8, Instructions: 78COMMON

Download Yara Rule

APIs

#713.MSVBVM60(00402E88,?,?,?,?,?,?,?,?,?,?,?,004012C6), ref: 0041EB45
__vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,004012C6), ref: 0041EB50
__vbaStrCmp.MSVBVM60(00402E94,00000000,?,?,?,?,?,?,?,?,?,?,?,004012C6), ref: 0041EB5C
__vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,004012C6), ref: 0041EB6F
__vbaNew2.MSVBVM60(00402BC4,004213C0,?,?,?,?,?,?,?,?,?,?,?,004012C6), ref: 0041EB8C
__vbaHresultCheckObj.MSVBVM60(00000000,02A4EDD4,00402BB4,0000001C,?,?,?,?,?,?,?,?,?,?,?,004012C6), ref: 0041EBB1
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402E9C,00000050,?,?,?,?,?,?,?,?,?,?,?,004012C6), ref: 0041EBD1
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,004012C6), ref: 0041EBDA

Memory Dump Source

Source File: 00000001.00000002.732106946.000000000041B000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.731931619.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.731949710.0000000000401000.00000020.00020000.sdmp Download File
Associated: 00000001.00000002.732154968.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.732171971.0000000000423000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID: __vba$CheckFreeHresult$#713MoveNew2
String ID:
API String ID: 1476637831-0
Opcode ID: 4d667a37001f0543297e708ab74c34aee23688e8af34de10aed96200e9671c48
Instruction ID: 7675fae8713c1bfda72cddb46bf5bd1ab00edde875317590dd0da4c8a7fa4f3c
Opcode Fuzzy Hash: 4d667a37001f0543297e708ab74c34aee23688e8af34de10aed96200e9671c48
Instruction Fuzzy Hash: C2219F78940254ABCB14DFA5DD49EAEBBB8FF58B00F204027F942F72A0D7785941CB98

Uniqueness

Uniqueness Score: -1.00%

Function 0041F880, Relevance: 9.1, APIs: 6, Instructions: 68COMMON

Download Yara Rule

APIs

#592.MSVBVM60(?), ref: 0041F8C2
__vbaFreeVar.MSVBVM60 ref: 0041F8D9
__vbaNew2.MSVBVM60(00402BC4,004213C0), ref: 0041F8F7
__vbaHresultCheckObj.MSVBVM60(00000000,02A4EDD4,00402BB4,0000001C), ref: 0041F91C
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402E9C,00000050), ref: 0041F93C
__vbaFreeObj.MSVBVM60 ref: 0041F945

Memory Dump Source

Source File: 00000001.00000002.732106946.000000000041B000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.731931619.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.731949710.0000000000401000.00000020.00020000.sdmp Download File
Associated: 00000001.00000002.732154968.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.732171971.0000000000423000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID: __vba$CheckFreeHresult$#592New2
String ID:
API String ID: 3172800638-0
Opcode ID: 68cf7300671ae7bb46869264f69b0088b4220fd4016c1b55e19b8e700e297f49
Instruction ID: 35cb48298b0ae76b1e98f088851a7fc6870521d39ecbd96e445180aafbea52e6
Opcode Fuzzy Hash: 68cf7300671ae7bb46869264f69b0088b4220fd4016c1b55e19b8e700e297f49
Instruction Fuzzy Hash: 8F21A774900255ABDB10EF94CE49FDE7BB8FF18B04F10002AF541F31A0D77858498BA8

Uniqueness

Uniqueness Score: -1.00%

Function 0041FFE0, Relevance: 9.1, APIs: 6, Instructions: 60COMMON

Download Yara Rule

APIs

__vbaVarDup.MSVBVM60 ref: 0042003A
#564.MSVBVM60(?,?), ref: 00420048
__vbaHresultCheck.MSVBVM60(00000000), ref: 00420053
__vbaVarTstNe.MSVBVM60(?,?), ref: 0042006F
__vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 00420081
#568.MSVBVM60(00000093), ref: 00420094

Memory Dump Source

Source File: 00000001.00000002.732106946.000000000041B000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.731931619.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.731949710.0000000000401000.00000020.00020000.sdmp Download File
Associated: 00000001.00000002.732154968.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.732171971.0000000000423000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID: __vba$#564#568CheckFreeHresultList
String ID:
API String ID: 1114338403-0
Opcode ID: 7dfba4ed05ac5f16e920f110de3f25a931f1c852470d521cdb49323efaf7def0
Instruction ID: 5ecfdba0441884d4dcd74d4b582ece85505d0c7e06da6db3a456bc2fab7b15fd
Opcode Fuzzy Hash: 7dfba4ed05ac5f16e920f110de3f25a931f1c852470d521cdb49323efaf7def0
Instruction Fuzzy Hash: B72113B5C00258EBDB00DFD4EA89ADDBFB8FB48B04F50411AF506BB290D7B45589CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0041FF10, Relevance: 9.1, APIs: 6, Instructions: 52COMMON

Download Yara Rule

APIs

__vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,004012C6), ref: 0041FF47
__vbaNew2.MSVBVM60(00401C84,00421010,?,?,?,?,?,?,?,004012C6), ref: 0041FF60
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,004012C6), ref: 0041FF79
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402BD4,00000208,?,?,?,?,?,?,?,004012C6), ref: 0041FF9C
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,004012C6), ref: 0041FFA5
__vbaFreeStr.MSVBVM60(0041FFC6,?,?,?,?,?,?,?,004012C6), ref: 0041FFBF

Memory Dump Source

Source File: 00000001.00000002.732106946.000000000041B000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.731931619.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.731949710.0000000000401000.00000020.00020000.sdmp Download File
Associated: 00000001.00000002.732154968.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.732171971.0000000000423000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID: __vba$Free$CheckCopyHresultNew2
String ID:
API String ID: 4138333463-0
Opcode ID: 93773987456975d75316d28c2f282f5e0d1e684eab0bb57497dae8213c174309
Instruction ID: 71be9adc1c66374da049f240537449594785c1c803ced8c78d88efe321110156
Opcode Fuzzy Hash: 93773987456975d75316d28c2f282f5e0d1e684eab0bb57497dae8213c174309
Instruction Fuzzy Hash: FF118F74540244ABC710DF94DE89FEF7BB8AB58701F20442AF542F36A0D7785986CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0041F070, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67
COMMON

Download Yara Rule

C-Code - Quality: 17%

			E0041F070(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr _v40;
				intOrPtr _v48;
				intOrPtr* _t21;
				intOrPtr* _t23;
				intOrPtr* _t25;
				void* _t28;
				intOrPtr* _t30;
				intOrPtr* _t40;
				void* _t41;
				void* _t43;
				intOrPtr _t44;
				intOrPtr _t45;

				_t44 = _t43 - 0xc;
				 *[fs:0x0] = _t44;
				_t45 = _t44 - 0x2c;
				_v16 = _t45;
				_v12 = 0x4011e8;
				_v8 = 0;
				_t21 = _a4;
				 *((intOrPtr*)( *_t21 + 4))(_t21, __edi, __esi, __ebx,  *[fs:0x0], 0x4012c6, _t41);
				_t23 =  *0x421010; // 0x5e2090
				_v32 = 0;
				_v28 = 0;
				_v36 = 0;
				if(_t23 == 0) {
					__imp____vbaNew2(0x401c84, 0x421010);
					_t23 =  *0x421010; // 0x5e2090
				}
				_t25 =  &_v36;
				__imp____vbaObjSet(_t25,  *((intOrPtr*)( *_t23 + 0x318))(_t23));
				_t30 = _t45 - 0x10;
				 *_t30 = 0xa;
				_t40 = _t25;
				 *((intOrPtr*)(_t30 + 4)) = _v48;
				 *((intOrPtr*)(_t30 + 8)) = 0x80020004;
				 *((intOrPtr*)(_t30 + 0xc)) = _v40;
				_t28 =  *((intOrPtr*)( *_t40 + 0x1ec))(_t40, L"Skottehistorien");
				asm("fclex");
				if(_t28 < 0) {
					__imp____vbaHresultCheckObj(_t28, _t40, 0x402bd4, 0x1ec);
				}
				__imp____vbaFreeObj();
				_v32 = 0x99500000;
				_v28 = 0x4202a36b;
				asm("wait");
				_push(0x41f154);
				return _t28;
			}

0x0041f073
0x0041f082
0x0041f089
0x0041f08f
0x0041f092
0x0041f09b
0x0041f09e
0x0041f0a4
0x0041f0a7
0x0041f0ae
0x0041f0b1
0x0041f0b4
0x0041f0b7
0x0041f0c3
0x0041f0c9
0x0041f0c9
0x0041f0d8
0x0041f0dc
0x0041f0e5
0x0041f0ec
0x0041f0f1
0x0041f0f5
0x0041f0fd
0x0041f109
0x0041f10c
0x0041f112
0x0041f116
0x0041f124
0x0041f124
0x0041f12d
0x0041f133
0x0041f13a
0x0041f141
0x0041f142
0x00000000

APIs

__vbaNew2.MSVBVM60(00401C84,00421010,?,?,?,?,?,?,?,?,?,?,?,?,?,004012C6), ref: 0041F0C3
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,004012C6), ref: 0041F0DC
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402BD4,000001EC), ref: 0041F124
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004012C6), ref: 0041F12D

Strings

Skottehistorien, xrefs: 0041F103

Memory Dump Source

Source File: 00000001.00000002.732106946.000000000041B000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.731931619.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.731949710.0000000000401000.00000020.00020000.sdmp Download File
Associated: 00000001.00000002.732154968.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.732171971.0000000000423000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID: __vba$CheckFreeHresultNew2
String ID: Skottehistorien
API String ID: 1645334062-3067532313
Opcode ID: 01da7776b9487827f5003c777402ba1380033da356e87f28f0f9c95ad386f8b0
Instruction ID: aa24143507985dcb2a8eeb3f831779061b23ed3e318f68c1992da7b401c6ecbc
Opcode Fuzzy Hash: 01da7776b9487827f5003c777402ba1380033da356e87f28f0f9c95ad386f8b0
Instruction Fuzzy Hash: E2213E70A40244ABCB04DFA9C989ADABBF8FB59700F10846AE505F72A1D77899458F94

Uniqueness

Uniqueness Score: -1.00%

Function 0041E780, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

__vbaNew2.MSVBVM60(00401C84,00421010), ref: 0041E7C3
__vbaObjSet.MSVBVM60(00000000,00000000), ref: 0041E7DC
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402BD4,000001EC), ref: 0041E824
__vbaFreeObj.MSVBVM60 ref: 0041E82D

Strings

weet, xrefs: 0041E803

Memory Dump Source

Source File: 00000001.00000002.732106946.000000000041B000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.731931619.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.731949710.0000000000401000.00000020.00020000.sdmp Download File
Associated: 00000001.00000002.732154968.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.732171971.0000000000423000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID: __vba$CheckFreeHresultNew2
String ID: weet
API String ID: 1645334062-3595723829
Opcode ID: 242114ef20f6e9b1156f601307df7a1a41395db0388f6c49c0bea7ee59078b4a
Instruction ID: 8b5f8d096aaec732dc64b07e4e46dccd5fec2a3f57bdf89ad79a7e1254b2ca22
Opcode Fuzzy Hash: 242114ef20f6e9b1156f601307df7a1a41395db0388f6c49c0bea7ee59078b4a
Instruction Fuzzy Hash: 0B117FB4A00245AFD704EFA9C949F9ABBF8FB08700F10842AF945F76A0D77859418BD5

Uniqueness

Uniqueness Score: -1.00%

Function 0041F7F0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42
COMMON

Download Yara Rule

C-Code - Quality: 20%

			E0041F7F0(intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v24;
				intOrPtr* _t13;
				signed char _t14;
				intOrPtr* _t15;
				void* _t18;
				void* _t23;
				void* _t25;
				intOrPtr _t27;

				 *[fs:0x0] = _t27;
				_v16 = _t27 - 0x18;
				_v12 = 0x401240;
				_v8 = 0;
				_t13 = _a4;
				_t14 =  *((intOrPtr*)( *_t13 + 4))(_t13, _t23, _t25, _t18,  *[fs:0x0], 0x4012c6);
				__imp____vbaR4Str(0x402f40);
				asm("fcomp dword [0x401238]");
				asm("fnstsw ax");
				if((_t14 & 0x00000040) == 0) {
					__imp____vbaFileOpen(0x20, 0xffffffff, 0x30, L"imprejudice");
				}
				_t15 = _a4;
				 *((intOrPtr*)( *_t15 + 8))(_t15);
				 *[fs:0x0] = _v24;
				return _v8;
			}

0x0041f802
0x0041f80f
0x0041f812
0x0041f819
0x0041f820
0x0041f826
0x0041f82e
0x0041f834
0x0041f83a
0x0041f83f
0x0041f84c
0x0041f84c
0x0041f852
0x0041f858
0x0041f863
0x0041f86e

APIs

__vbaR4Str.MSVBVM60(00402F40,?,?,?,?,?,?,?,?,004012C6), ref: 0041F82E
__vbaFileOpen.MSVBVM60(00000020,000000FF,00000030,imprejudice,?,?,?,?,?,?,?,?,004012C6), ref: 0041F84C

Strings

imprejudice, xrefs: 0041F841

Memory Dump Source

Source File: 00000001.00000002.732106946.000000000041B000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.731931619.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.731949710.0000000000401000.00000020.00020000.sdmp Download File
Associated: 00000001.00000002.732154968.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.732171971.0000000000423000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID: __vba$FileOpen
String ID: imprejudice
API String ID: 1444369698-3142114848
Opcode ID: dcfd7739af887f63779cc7f9cddc81069eaa02b89360733ddb1e2832f69ea373
Instruction ID: c3d2013679ca875341305e04cb1851d4a4eec9860b4b668a021dd8150d18ddfa
Opcode Fuzzy Hash: dcfd7739af887f63779cc7f9cddc81069eaa02b89360733ddb1e2832f69ea373
Instruction Fuzzy Hash: 66018F75A40204EFC700DF98DA49F4ABBB8FB48B51F1082AAF945B77E0C7B85940CB95

Uniqueness

Uniqueness Score: -1.00%

Function 004200E0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON

Download Yara Rule

APIs

__vbaVarTstNe.MSVBVM60(?,?), ref: 00420134
#532.MSVBVM60(Emotionen3), ref: 00420144

Strings

Emotionen3, xrefs: 0042013F

Memory Dump Source

Source File: 00000001.00000002.732106946.000000000041B000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.731931619.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.731949710.0000000000401000.00000020.00020000.sdmp Download File
Associated: 00000001.00000002.732154968.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.732171971.0000000000423000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURA Y ALBARANES (2).jbxd

Similarity

API ID: #532__vba
String ID: Emotionen3
API String ID: 1414456671-3255538820
Opcode ID: acf762c993f483e184547f9bae952c285327626bd03eabf389bd01ff9536b5a9
Instruction ID: b15ad1656fa039549e3912ed06df6950b1a7d66bd520fb4e3012a07771b0ef1b
Opcode Fuzzy Hash: acf762c993f483e184547f9bae952c285327626bd03eabf389bd01ff9536b5a9
Instruction Fuzzy Hash: F8F012B4941248ABCB10DF94DA4DBDEBBF8FB18745F60405EF501722D1C7B91A098F69

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report FACTURA Y ALBARANES (2).exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: GuLoader

Yara Overview

Initial Sample

Sigma Overview

Signature Overview

AV Detection:

Compliance:

Networking:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Network Behavior

Code Manipulations

Statistics

CPU Usage

Memory Usage

System Behavior

Analysis Process: FACTURA Y ALBARANES (2).exe PID: 6124 Parent PID: 5720

General

Chronological Activities

Disassembly

Code Analysis

Analysis Process: FACTURA Y ALBARANES (2).exe PID: 6124 Parent PID: 5720 FACTURA Y ALBARANES (2).exeCOMMON

Execution Graph

Graph

Executed Functions

Function 02B6A44E, Relevance: 1.8, APIs: 1, Instructions: 301
COMMON

Function 02B6A434, Relevance: 1.8, APIs: 1, Instructions: 284
memorynativeCOMMON

Function 02B6A440, Relevance: 1.8, APIs: 1, Instructions: 254
memorynativeCOMMON

Function 02B6A52C, Relevance: 1.7, APIs: 1, Instructions: 242
COMMON

Function 02B6A496, Relevance: 1.7, APIs: 1, Instructions: 240
COMMON

Function 02B6A5C9, Relevance: 1.7, APIs: 1, Instructions: 220
COMMON

Function 02B6A653, Relevance: 1.7, APIs: 1, Instructions: 202
memorynativeCOMMON

Function 02B6A6FC, Relevance: 1.7, APIs: 1, Instructions: 179
memorynativeCOMMON

Function 02B6A75E, Relevance: 1.7, APIs: 1, Instructions: 166
memorynativeCOMMON

Function 02B6A7C7, Relevance: 1.7, APIs: 1, Instructions: 155
memorynativeCOMMON

Function 004014B8, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 292
COMMON