Play interactive tour

Edit tour

Analysis Report vbc.exe.vir

Overview

General Information

Sample Name:	vbc.exe.vir (renamed file extension from vir to exe)
Analysis ID:	430813
MD5:	788016c9072423914b96f0d15a61812d
SHA1:	040f85b4ef512bb74990becfa1a5029f92eb65c7
SHA256:	df34f3d4030a5ea484108271f749ca5fbc3af0f415051e98b342a505c88971e4
Infos:
Most interesting Screenshot:

Detection

GuLoader

Score:	88
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for submitted file

Potential malicious icon found

Yara detected GuLoader

C2 URLs / IPs found in malware configuration

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Found potential dummy code loops (likely to delay analysis)

Tries to detect virtualization through RDTSC time measurements

Abnormal high CPU Usage

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Creates a DirectInput object (often for capturing keystrokes)

Detected potential crypto function

Found large amount of non-executed APIs

PE file contains strange resources

Program does not show much activity (idle)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

vbc.exe.exe (PID: 3564 cmdline: 'C:\Users\user\Desktop\vbc.exe.exe' MD5: 788016C9072423914B96F0D15A61812D)

cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "https://bara-seck.com/bin_YIuwAXdc211.bin, https://wizumiya.co.jp/html/user_data/"}

Yara Overview

Initial Sample

Source	Rule	Description	Author	Strings
vbc.exe.exe	JoeSecurity_GuLoader_1	Yara detected GuLoader	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.1277517703.0000000000401000.00000020.00020000.sdmp	JoeSecurity_GuLoader_1	Yara detected GuLoader	Joe Security
00000000.00000000.194728526.0000000000401000.00000020.00020000.sdmp	JoeSecurity_GuLoader_1	Yara detected GuLoader	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
0.0.vbc.exe.exe.400000.0.unpack	JoeSecurity_GuLoader_1	Yara detected GuLoader	Joe Security
0.2.vbc.exe.exe.400000.0.unpack	JoeSecurity_GuLoader_1	Yara detected GuLoader	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: vbc.exe.exe

Malware Configuration Extractor: GuLoader {"Payload URL": "https://bara-seck.com/bin_YIuwAXdc211.bin, https://wizumiya.co.jp/html/user_data/"}

Multi AV Scanner detection for submitted file

Show sources

Source: vbc.exe.exe

Virustotal: Detection: 13%

Perma Link

Source: vbc.exe.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Networking:

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor

URLs: https://bara-seck.com/bin_YIuwAXdc211.bin, https://wizumiya.co.jp/html/user_data/

Source: vbc.exe.exe, 00000000.00000002.1278845441.000000000079A000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary:

Potential malicious icon found

Show sources

Source: initial sample

Icon embedded in PE file: bad icon match: 20047c7c70f0e004

Source: C:\Users\user\Desktop\vbc.exe.exe

Process Stats: CPU usage > 98%

Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B699A NtAllocateVirtualMemory,	0_2_022B699A
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B6A34 NtAllocateVirtualMemory,	0_2_022B6A34
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B6A99 NtAllocateVirtualMemory,	0_2_022B6A99
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B6AD4 NtAllocateVirtualMemory,	0_2_022B6AD4
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B6B59 NtAllocateVirtualMemory,	0_2_022B6B59
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B6BCC NtAllocateVirtualMemory,	0_2_022B6BCC
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B6C02 NtAllocateVirtualMemory,	0_2_022B6C02
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B69AE NtAllocateVirtualMemory,	0_2_022B69AE
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B69E4 NtAllocateVirtualMemory,	0_2_022B69E4

Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_00405607	0_2_00405607
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_004032F5	0_2_004032F5
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B699A	0_2_022B699A
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B5627	0_2_022B5627
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B6A34	0_2_022B6A34
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B3209	0_2_022B3209
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022BB608	0_2_022BB608
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022BA614	0_2_022BA614
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B5A68	0_2_022B5A68
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B3A62	0_2_022B3A62
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B5278	0_2_022B5278
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B3249	0_2_022B3249
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022BB650	0_2_022BB650
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022BA6A0	0_2_022BA6A0
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B5688	0_2_022B5688
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022BB69C	0_2_022BB69C
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B92EF	0_2_022B92EF
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B3AF8	0_2_022B3AF8
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B4EF2	0_2_022B4EF2
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022BA6F0	0_2_022BA6F0
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022BA2D8	0_2_022BA2D8
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B2F27	0_2_022B2F27
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B5B08	0_2_022B5B08
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B5302	0_2_022B5302
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B3300	0_2_022B3300
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B4F1C	0_2_022B4F1C
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B5712	0_2_022B5712
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B9768	0_2_022B9768
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022BA76C	0_2_022BA76C
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B5B58	0_2_022B5B58
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B33AC	0_2_022B33AC
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B57A5	0_2_022B57A5
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B43B8	0_2_022B43B8
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B4F98	0_2_022B4F98
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B5394	0_2_022B5394
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B5BE7	0_2_022B5BE7
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022BB3F8	0_2_022BB3F8
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022BA7C7	0_2_022BA7C7
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B582E	0_2_022B582E
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B4404	0_2_022B4404
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B5004	0_2_022B5004
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B5418	0_2_022B5418
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022BB410	0_2_022BB410
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022BA814	0_2_022BA814
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B5069	0_2_022B5069
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B5466	0_2_022B5466
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022BB45D	0_2_022BB45D
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B245C	0_2_022B245C
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B2452	0_2_022B2452
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B4454	0_2_022B4454
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B58B8	0_2_022B58B8
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B44B2	0_2_022B44B2
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B5C99	0_2_022B5C99
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022BB493	0_2_022BB493
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022BA890	0_2_022BA890
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B3895	0_2_022B3895
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022BB4E0	0_2_022BB4E0
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B50F8	0_2_022B50F8
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B38FC	0_2_022B38FC
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B54FC	0_2_022B54FC
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022BA4F1	0_2_022BA4F1
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B24C7	0_2_022B24C7
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B593E	0_2_022B593E
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B4910	0_2_022B4910
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B5578	0_2_022B5578
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B4544	0_2_022B4544
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B69AE	0_2_022B69AE
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B39A0	0_2_022B39A0
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B3189	0_2_022B3189
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B4988	0_2_022B4988
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022BB588	0_2_022BB588
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B5181	0_2_022B5181
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022BA580	0_2_022BA580
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B9984	0_2_022B9984
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B39E8	0_2_022B39E8
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B69E4	0_2_022B69E4
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B51FA	0_2_022B51FA
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022BA5C8	0_2_022BA5C8
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B59CF	0_2_022B59CF
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022BB5CC	0_2_022BB5CC
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B45D1	0_2_022B45D1

Source: vbc.exe.exe

Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: vbc.exe.exe, 00000000.00000002.1277664800.0000000000424000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameSuperintellectually.exe vs vbc.exe.exe
Source: vbc.exe.exe	Binary or memory string: OriginalFilenameSuperintellectually.exe vs vbc.exe.exe

Source: vbc.exe.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: classification engine

Classification label: mal88.rans.troj.evad.winEXE@1/0@0/0

Source: vbc.exe.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\vbc.exe.exe

Section loaded: C:\Windows\SysWOW64\msvbvm60.dll

Jump to behavior

Source: C:\Users\user\Desktop\vbc.exe.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: vbc.exe.exe

Virustotal: Detection: 13%

Data Obfuscation:

Yara detected GuLoader

Show sources

Source: Yara match	File source: vbc.exe.exe, type: SAMPLE
Source: Yara match	File source: 00000000.00000002.1277517703.0000000000401000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.194728526.0000000000401000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0.0.vbc.exe.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vbc.exe.exe.400000.0.unpack, type: UNPACKEDPE

Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_00403112 push dword ptr [ebp-44h]; ret	0_2_0041ECC4
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B4A3C push AFBDCFF2h; iretd	0_2_022B4A2E
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B7F05 push edx; ret	0_2_022B7F12
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B2B1B push ebp; retf	0_2_022B2B0A
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022BA965 push eax; ret	0_2_022BA956

Source: C:\Users\user\Desktop\vbc.exe.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vbc.exe.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vbc.exe.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vbc.exe.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vbc.exe.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Show sources

Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022BBB2B	0_2_022BBB2B
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022BBB26	0_2_022BBB26
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B3895	0_2_022B3895

Tries to detect virtualization through RDTSC time measurements

Show sources

Source: C:\Users\user\Desktop\vbc.exe.exe

RDTSC instruction interceptor: First address: 00000000022B9BBF second address: 00000000022B9BBF instructions: 0x00000000 rdtsc 0x00000002 mov eax, 4A1014F8h 0x00000007 xor eax, 91CBACF6h 0x0000000c xor eax, 7F9DE2BDh 0x00000011 xor eax, A4465AB2h 0x00000016 cpuid 0x00000018 popad 0x00000019 call 00007F8D1C47F904h 0x0000001e lfence 0x00000021 mov edx, C49425E1h 0x00000026 xor edx, 40636495h 0x0000002c sub edx, D2D01692h 0x00000032 xor edx, CDD92AF6h 0x00000038 mov edx, dword ptr [edx] 0x0000003a lfence 0x0000003d jmp 00007F8D1C47F8F6h 0x0000003f test al, bl 0x00000041 cmp al, E3h 0x00000043 jmp 00007F8D1C47F8F6h 0x00000045 cmp ch, 0000006Dh 0x00000048 cmp bh, ah 0x0000004a ret 0x0000004b sub edx, esi 0x0000004d ret 0x0000004e add edi, edx 0x00000050 dec dword ptr [ebp+000000F8h] 0x00000056 cmp dword ptr [ebp+000000F8h], 00000000h 0x0000005d jne 00007F8D1C47F874h 0x0000005f jmp 00007F8D1C47F8F6h 0x00000061 test ah, ch 0x00000063 call 00007F8D1C47F8E6h 0x00000068 call 00007F8D1C47F925h 0x0000006d lfence 0x00000070 mov edx, C49425E1h 0x00000075 xor edx, 40636495h 0x0000007b sub edx, D2D01692h 0x00000081 xor edx, CDD92AF6h 0x00000087 mov edx, dword ptr [edx] 0x00000089 lfence 0x0000008c jmp 00007F8D1C47F8F6h 0x0000008e test al, bl 0x00000090 cmp al, E3h 0x00000092 jmp 00007F8D1C47F8F6h 0x00000094 cmp ch, 0000006Dh 0x00000097 cmp bh, ah 0x00000099 ret 0x0000009a mov esi, edx 0x0000009c pushad 0x0000009d rdtsc

Source: C:\Users\user\Desktop\vbc.exe.exe

Code function: 0_2_022B3209 rdtsc

0_2_022B3209

Source: C:\Users\user\Desktop\vbc.exe.exe

API coverage: 7.0 %

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Anti Debugging:

Found potential dummy code loops (likely to delay analysis)

Show sources

Source: C:\Users\user\Desktop\vbc.exe.exe

Process Stats: CPU usage > 90% for more than 60s

Source: C:\Users\user\Desktop\vbc.exe.exe

Code function: 0_2_022B3209 rdtsc

0_2_022B3209

Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022BA614 mov eax, dword ptr fs:[00000030h]	0_2_022BA614
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B43B8 mov eax, dword ptr fs:[00000030h]	0_2_022B43B8
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B3FB8 mov eax, dword ptr fs:[00000030h]	0_2_022B3FB8
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B642D mov eax, dword ptr fs:[00000030h]	0_2_022B642D
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B4404 mov eax, dword ptr fs:[00000030h]	0_2_022B4404
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B9840 mov eax, dword ptr fs:[00000030h]	0_2_022B9840
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B4454 mov eax, dword ptr fs:[00000030h]	0_2_022B4454
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B3895 mov eax, dword ptr fs:[00000030h]	0_2_022B3895
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022BA4F1 mov eax, dword ptr fs:[00000030h]	0_2_022BA4F1
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022B8D1F mov eax, dword ptr fs:[00000030h]	0_2_022B8D1F
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022BA580 mov eax, dword ptr fs:[00000030h]	0_2_022BA580
Source: C:\Users\user\Desktop\vbc.exe.exe	Code function: 0_2_022BA5C8 mov eax, dword ptr fs:[00000030h]	0_2_022BA5C8

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: vbc.exe.exe, 00000000.00000002.1279108448.0000000000D20000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: vbc.exe.exe, 00000000.00000002.1279108448.0000000000D20000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: vbc.exe.exe, 00000000.00000002.1279108448.0000000000D20000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: vbc.exe.exe, 00000000.00000002.1279108448.0000000000D20000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\Desktop\vbc.exe.exe

Code function: 0_2_022BBB2B cpuid

0_2_022BBB2B

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Virtualization/Sandbox Evasion11	Input Capture1	Security Software Discovery31	Remote Services	Input Capture1	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Virtualization/Sandbox Evasion11	Remote Desktop Protocol	Archive Collected Data1	Exfiltration Over Bluetooth	Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information1	Security Account Manager	Process Discovery1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Information Discovery211	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
vbc.exe.exe	13%	Virustotal		Browse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://bara-seck.com/bin_YIuwAXdc211.bin, https://wizumiya.co.jp/html/user_data/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://bara-seck.com/bin_YIuwAXdc211.bin, https://wizumiya.co.jp/html/user_data/	true	Avira URL Cloud: safe	unknown

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:	32.0.0 Black Diamond
Analysis ID:	430813
Start date:	08.06.2021
Start time:	02:40:39
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 11m 32s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	vbc.exe.vir (renamed file extension from vir to exe)
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	35
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal88.rans.troj.evad.winEXE@1/0@0/0
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 16.1% (good quality ratio 5.2%) Quality average: 17.8% Quality standard deviation: 27.1%
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, RuntimeBroker.exe, backgroundTaskHost.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, MusNotifyIcon.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.60090149728624
TrID:	Win32 Executable (generic) a (10002005/4) 99.15% Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	vbc.exe.exe
File size:	147456
MD5:	788016c9072423914b96f0d15a61812d
SHA1:	040f85b4ef512bb74990becfa1a5029f92eb65c7
SHA256:	df34f3d4030a5ea484108271f749ca5fbc3af0f415051e98b342a505c88971e4
SHA512:	c9a75e6b54113d3d02c32d314ff76cc82b9bd4b88d07fec6b7636417e49184ebb691ecf63db3aac8dd4a96e49392959638c70ab20412f1c4454ac7963266c2c4
SSDEEP:	3072:JX84PzFh5UOkyp2te2+4lM20JMN0z3wnz:xxFjpYF+4lM20JMN0z3A
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#...B...B...B..L^...B...`...B...d...B..Rich.B..........PE..L...x..Q.....................0............... ....@................

File Icon


Icon Hash:	20047c7c70f0e004

Static PE Info

General
Entrypoint:	0x401c10
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL Characteristics:
Time Stamp:	0x51CF9578 [Sun Jun 30 02:18:32 2013 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	9b8686288ab82fdbf8ede30bc55c83b7

Entrypoint Preview

Instruction
push 00402064h
call 00007F8D1C7E3AC5h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
inc eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ebx+ebx*2], dl
jp 00007F8D1C7E3AAAh
push ss
mov ecx, esp
dec esi
pushfd
jmp 00007F8D1C7E3AA7h
add byte ptr [edi-11h], ah
or dword ptr [esi+00000000h], 00010000h
add byte ptr [eax], al
add byte ptr [eax], al
loopne 00007F8D1C7E3B43h
or byte ptr [ebx], al
push eax
dec eax
inc ebp
push edx
inc ebp
inc ebx
push edx
inc ecx
push esp
dec ecx
inc ecx
dec esi
add byte ptr [eax], cl
inc ecx
add byte ptr [eax], al
add byte ptr [eax], al
add bh, bh
int3
xor dword ptr [eax], eax
imul esp, dword ptr [edi-68h]
mov dword ptr [ebp-4Ch], ebx
cmpsb
inc edx
popfd
add esp, dword ptr [ebx-2F00031Dh]
stc
jecxz 00007F8D1C7E3B0Dh
mov al, al
push 00000049h
lodsd
popfd
cmp byte ptr [edx], 00000003h
and al, AFh
xor al, 3Ah
dec edi
lodsd
xor ebx, dword ptr [ecx-48EE309Ah]
or al, 00h
stosb
add byte ptr [eax-2Dh], ah
xchg eax, ebx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
mov al, byte ptr [48000002h]
add byte ptr [eax], al
add byte ptr [eax], al
or byte ptr [eax], al
jne 00007F8D1C7E3B40h
bound esp, dword ptr [ebp+77h]
popad
jc 00007F8D1C7E3B37h
add byte ptr [6C000901h], cl
popad
jbe 00007F8D1C7E3B46h
insb
outsb

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x20f44	0x28	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x24000	0x970	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x228	0x20
IMAGE_DIRECTORY_ENTRY_IAT	0x1000	0x1c4	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x20608	0x21000	False	0.357185132576	data	5.84922850488	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.data	0x22000	0x1250	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x24000	0x970	0x1000	False	0.1728515625	data	2.05495100774	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0x24840	0x130	data
RT_ICON	0x24558	0x2e8	data
RT_ICON	0x24430	0x128	GLS_BINARY_LSB_FIRST
RT_GROUP_ICON	0x24400	0x30	data
RT_VERSION	0x24150	0x2b0	data	English	United States

Imports

DLL

Import

MSVBVM60.DLL

_CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaRecAnsiToUni, __vbaStrCat, __vbaSetSystemError, __vbaRecDestruct, __vbaHresultCheckObj, __vbaLenBstrB, _adj_fdiv_m32, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaCyStr, __vbaFpR8, __vbaVarTstLt, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaAryConstruct2, __vbaObjVar, __vbaI2I4, DllFunctionCall, _adj_fpatan, __vbaLateIdCallLd, __vbaRecUniToAnsi, EVENT_SINK_Release, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaFpCmpCy, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaFileOpen, __vbaNew2, __vbaInStr, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaVarAdd, __vbaLateMemCall, __vbaVarDup, __vbaStrToAnsi, __vbaFpI4, __vbaLateMemCallLd, __vbaRecDestructAnsi, _CIatan, __vbaStrMove, __vbaCastObj, _allmul, __vbaLateIdSt, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr

Version Infos

Description	Data
Translation	0x0409 0x04b0
InternalName	Superintellectually
FileVersion	1.00
CompanyName	Mortagage
Comments	Mortagage
ProductName	Mortagage
ProductVersion	1.00
FileDescription	Mortagage
OriginalFilename	Superintellectually.exe

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

System Behavior

Analysis Process: vbc.exe.exe PID: 3564 Parent PID: 5576

General

Start time:	02:41:23
Start date:	08/06/2021
Path:	C:\Users\user\Desktop\vbc.exe.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\vbc.exe.exe'
Imagebase:	0x400000
File size:	147456 bytes
MD5 hash:	788016C9072423914B96F0D15A61812D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Visual Basic
Yara matches:	Rule: JoeSecurity_GuLoader_1, Description: Yara detected GuLoader, Source: 00000000.00000002.1277517703.0000000000401000.00000020.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_GuLoader_1, Description: Yara detected GuLoader, Source: 00000000.00000000.194728526.0000000000401000.00000020.00020000.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: vbc.exe.exe PID: 3564 Parent PID: 5576 vbc.exe.exeCOMMON

Execution Graph

Execution Coverage:	0.6%
Dynamic/Decrypted Code Coverage:	15.1%
Signature Coverage:	17%
Total number of Nodes:	53
Total number of Limit Nodes:	4

Executed Functions

Function 00405607, Relevance: 12.2, APIs: 1, Strings: 7, Instructions: 222
memoryCOMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 80%

			E00405607() {
				intOrPtr* _t6;
				signed int _t13;
				intOrPtr* _t20;
				void* _t34;
				void* _t44;
				signed int _t52;
				void* _t63;

				 *_t6 =  *_t6 + 1;
				asm("ds insb");
				_t52 = 0;
				do {
					_t13 = 0 ^ _t52;
					_t52 = _t52 + 1;
				} while (_t13 != 0x536fd28);
				_t20 =  *((intOrPtr*)((0x87149ead + 0x01e0ad78 ^ 0xf783e3ba ^ 0xb8d7c295) + 0x26e204dd - 0xee4361db));
				do {
					_t20 = _t20 + 0xffffffff;
					asm("pushfd");
					asm("popfd");
				} while ( *_t20 != 0xa4e7986a);
				_t34 = VirtualAlloc(0, 0x11000, 0x47fc8b7e, 0x40); // executed
				_t63 = _t34;
				_t44 = 0xc26c;
				do {
					 *(_t63 + _t44) = 0 ^  *(0x405945 + _t44);
					 *(_t63 + _t44) =  *(_t63 + _t44) ^ 0x79d450ae;
					_t44 = _t44 - 0x242 + 0x23e;
				} while (_t44 >= 0);
				goto __esi;
			}

0x00405609
0x0040560b
0x0040564e
0x0040565b
0x004056a9
0x004056b2
0x004056bc
0x00405715
0x00405772
0x0040577b
0x00405784
0x00405785
0x00405785
0x004058b6
0x004058be
0x004058d1
0x004058df
0x004058f4
0x00405901
0x0040592c
0x0040592c
0x0040593b

APIs

VirtualAlloc.KERNELBASE(00000000,00011000,-A698BEE1,-701FE186), ref: 004058B6

Strings

G, xrefs: 004056CC
G, xrefs: 004056C4
M, xrefs: 00405717
\, xrefs: 0040578B
m, xrefs: 0040576F
B, xrefs: 00405660
N, xrefs: 00405735

Memory Dump Source

Source File: 00000000.00000002.1277517703.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1277491525.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1277641723.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1277664800.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vbc.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: B$G$G$M$N$\$m
API String ID: 4275171209-1638369550
Opcode ID: 6aaa44ac9328c5fc59eae02315971c758db56c3df8ff6a5b5333c837eee56bcb
Instruction ID: cd2d7263d1acb82f942c81449b742b1542fc2dae31ce3c1e812fe4dbfb7c626b
Opcode Fuzzy Hash: 6aaa44ac9328c5fc59eae02315971c758db56c3df8ff6a5b5333c837eee56bcb
Instruction Fuzzy Hash: 5A51CF912A63424AEF781074C6E073F2156DB47740F70AE3BD947EAEC9D96EC8C18627

Uniqueness

Uniqueness Score: -1.00%

Function 022B6A34, Relevance: 1.7, APIs: 1, Instructions: 177
memorynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAllocateVirtualMemory.NTDLL(27DC283A,0BE6794A), ref: 022B6BF8

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: 163241d34750f720740f19f88c7641a2ab88edf2624c49c98888d03ce04860f6
Instruction ID: ef865c79c0640451dcdda9962b62d25f472e35f9f23ded11431dded979b7b726
Opcode Fuzzy Hash: 163241d34750f720740f19f88c7641a2ab88edf2624c49c98888d03ce04860f6
Instruction Fuzzy Hash: DA518BB11353489FCB36CFA4CC557FE3AADEF4A354F108129D94AAF255C2744641CB06

Uniqueness

Uniqueness Score: -1.00%

Function 022B6AD4, Relevance: 1.6, APIs: 1, Instructions: 140
memorynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAllocateVirtualMemory.NTDLL(27DC283A,0BE6794A), ref: 022B6BF8

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: fa45247ed6b49ccfab3719fecd02be4641fa8e805061054d5e801b7f94ed23ec
Instruction ID: b9c65b646ea2e37526e2b938222f569e6d5981abdfd359418d93a9fac68b192f
Opcode Fuzzy Hash: fa45247ed6b49ccfab3719fecd02be4641fa8e805061054d5e801b7f94ed23ec
Instruction Fuzzy Hash: 0B4157B5139348DFCB32CFA4CC45BFA3BADEF46384F148119E949AB229C2715681CB46

Uniqueness

Uniqueness Score: -1.00%

Function 022B6B59, Relevance: 1.6, APIs: 1, Instructions: 136
memorynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAllocateVirtualMemory.NTDLL(27DC283A,0BE6794A), ref: 022B6BF8

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: 625006f3725b7b683cbdabd0a7800c5256b09f6489a984651c5464a8518f0477
Instruction ID: 5b5600582c6ea15550b60707abcbe0508b2a1641db2a31537526e688a4cf4a52
Opcode Fuzzy Hash: 625006f3725b7b683cbdabd0a7800c5256b09f6489a984651c5464a8518f0477
Instruction Fuzzy Hash: 9B4136B613A3889FD732CF948C98AEA3EBCEF46384F588195D944BF216C2704901CB12

Uniqueness

Uniqueness Score: -1.00%

Function 022B69E4, Relevance: 1.6, APIs: 1, Instructions: 126
memorynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAllocateVirtualMemory.NTDLL(27DC283A,0BE6794A), ref: 022B6BF8

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: 5a056cd762db351f64daa7be92debf1bd82c8e75e37d3c23748fafddd240db2b
Instruction ID: 7feaab2c54015b27a92414c9dfd338c0e6bb58ad0271e6c38fafd30a6d01460b
Opcode Fuzzy Hash: 5a056cd762db351f64daa7be92debf1bd82c8e75e37d3c23748fafddd240db2b
Instruction Fuzzy Hash: 29412971524349CFDB758F64CC597FE37A9EF49340F10412EEC0AAB258C6719A40CB46

Uniqueness

Uniqueness Score: -1.00%

Function 022B699A, Relevance: 1.6, APIs: 1, Instructions: 110
memorynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAllocateVirtualMemory.NTDLL(27DC283A,0BE6794A), ref: 022B6BF8

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: b28c0cccd32d80a73e0709367fce6e4bfc400576202682587feaa532ad31c4a5
Instruction ID: ad561dd34a0b6e63c279950c6512d1f996e5f61c2c9256886157e9bb4371b61c
Opcode Fuzzy Hash: b28c0cccd32d80a73e0709367fce6e4bfc400576202682587feaa532ad31c4a5
Instruction Fuzzy Hash: 614126B1528289DFCB758F64CC547FE37AAEF49340F50401EE849AB214C7718A40CB46

Uniqueness

Uniqueness Score: -1.00%

Function 022B69AE, Relevance: 1.6, APIs: 1, Instructions: 108
memorynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAllocateVirtualMemory.NTDLL(27DC283A,0BE6794A), ref: 022B6BF8

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: 6be92f4e756d3e966a73a7d05bc05fbe2be1e7f19a5ab9676efc643ec0a9ec4b
Instruction ID: 44848d456d385e919e1e61a5994f5d7a27e34141a25e35d29b4a8aeb50ea1815
Opcode Fuzzy Hash: 6be92f4e756d3e966a73a7d05bc05fbe2be1e7f19a5ab9676efc643ec0a9ec4b
Instruction Fuzzy Hash: CC41F671628245DFDB758F74CC55BFE3BAAEF48350F50412EEC4AAB218C6719A80CB46

Uniqueness

Uniqueness Score: -1.00%

Function 022B6C02, Relevance: 1.6, APIs: 1, Instructions: 100
memorynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAllocateVirtualMemory.NTDLL(27DC283A,0BE6794A), ref: 022B6BF8

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: 60399837f5311dcfc21fc58f3687f110cceefe7474e607885d27daf2e672664a
Instruction ID: 098d366af0c6c6c5dbf5c0b1ea273fe8255bfe13b82064f215edbb81aab7cfe6
Opcode Fuzzy Hash: 60399837f5311dcfc21fc58f3687f110cceefe7474e607885d27daf2e672664a
Instruction Fuzzy Hash: C53128B613A3989EC732CF948C95AEA3F6DEF46385F540485E985BF226C2B04A01C712

Uniqueness

Uniqueness Score: -1.00%

Function 022B6A99, Relevance: 1.6, APIs: 1, Instructions: 83
memorynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAllocateVirtualMemory.NTDLL(27DC283A,0BE6794A), ref: 022B6BF8

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: ef8405b1d50fbf3262afc7833e89e53a57ee1e896a73977d469c045efc5ca284
Instruction ID: d9b707fd2af085f1f65e2d21572a95e9b271ab13d50539431dfcafbf6e81309a
Opcode Fuzzy Hash: ef8405b1d50fbf3262afc7833e89e53a57ee1e896a73977d469c045efc5ca284
Instruction Fuzzy Hash: BF31E2B5524298DFDB72CF74CC44BEE3BA5EF48344F544119EC49AB224C3719A41CB86

Uniqueness

Uniqueness Score: -1.00%

Function 022B6BCC, Relevance: 1.5, APIs: 1, Instructions: 43
memorynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAllocateVirtualMemory.NTDLL(27DC283A,0BE6794A), ref: 022B6BF8

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: aec803f3349d474a6868e3d8073c7bb9084e8b561928ef2c9407638f76c30f44
Instruction ID: abf7d86f3e0bcd7de596fc9d4fbfcb499dc495142ed00e838761d2041adce3bc
Opcode Fuzzy Hash: aec803f3349d474a6868e3d8073c7bb9084e8b561928ef2c9407638f76c30f44
Instruction Fuzzy Hash: 3601D871515294DFCB32CFA8CC44BEE3BA9EF09314F044115EC49EB224C7319A41CB82

Uniqueness

Uniqueness Score: -1.00%

Function 00420760, Relevance: 61.4, APIs: 30, Strings: 5, Instructions: 193
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaStrCopy.MSVBVM60 ref: 004207BE
__vbaNew2.MSVBVM60(004028D4,00422010), ref: 004207D7
__vbaObjSet.MSVBVM60(?,00000000), ref: 004207F0
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403B24,0000016C), ref: 00420813
__vbaFreeObj.MSVBVM60 ref: 0042081C
#692.MSVBVM60(?,Columellae,Arriage), ref: 00420830
__vbaVarTstNe.MSVBVM60(?,?), ref: 00420848
__vbaFreeVar.MSVBVM60 ref: 0042085B
#535.MSVBVM60 ref: 00420863
#705.MSVBVM60(?,00000000), ref: 0042087E
__vbaStrMove.MSVBVM60 ref: 0042088F
__vbaFreeVar.MSVBVM60 ref: 00420894
#716.MSVBVM60(00000002,Legemsdelenes8,00000000), ref: 004208A1
__vbaLateIdSt.MSVBVM60(?,00000000), ref: 004208C9
__vbaFreeVar.MSVBVM60 ref: 004208D2
__vbaCyStr.MSVBVM60(00403E98), ref: 004208E1
__vbaFpCmpCy.MSVBVM60(00000000), ref: 004208EF
#535.MSVBVM60 ref: 004208FD
__vbaStrCat.MSVBVM60(:22,22:22), ref: 0042090F
__vbaStrMove.MSVBVM60 ref: 0042091A
#541.MSVBVM60(?,00000000), ref: 00420921
__vbaStrVarMove.MSVBVM60(?), ref: 0042092B
__vbaStrMove.MSVBVM60 ref: 00420936
__vbaFreeStr.MSVBVM60 ref: 0042093B
__vbaFreeVar.MSVBVM60 ref: 00420944
__vbaHresultCheckObj.MSVBVM60(00000000,004018F8,004033B4,000002B0), ref: 004209A2
__vbaFreeStr.MSVBVM60(004209FC), ref: 004209E6
__vbaFreeObj.MSVBVM60 ref: 004209EB
__vbaFreeStr.MSVBVM60 ref: 004209F4
__vbaFreeStr.MSVBVM60 ref: 004209F9

Strings

:22, xrefs: 00420908
22:22, xrefs: 00420903
Legemsdelenes8, xrefs: 0042089B
Columellae, xrefs: 0042082A
Arriage, xrefs: 00420822

Memory Dump Source

Source File: 00000000.00000002.1277517703.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1277491525.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1277641723.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1277664800.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vbc.jbxd

Yara matches

Similarity

API ID: __vba$Free$Move$#535CheckHresult$#541#692#705#716CopyLateNew2
String ID: 22:22$:22$Arriage$Columellae$Legemsdelenes8
API String ID: 2203292901-4205766236
Opcode ID: e75d59b36dc0a4c12d6f5f29aaa1810fafa4fdd8ab4da9859b105439a53c14a6
Instruction ID: 588a02375b37a5dc4cdaf10f020ea95a87c33b56efd193f52180a8df3f8c80dd
Opcode Fuzzy Hash: e75d59b36dc0a4c12d6f5f29aaa1810fafa4fdd8ab4da9859b105439a53c14a6
Instruction Fuzzy Hash: 8D812CB4E002199FCB04DFA4D988A9EBFB8FF48700F10812AF506B72A1DB745945CF98

Uniqueness

Uniqueness Score: -1.00%

Function 0041EF80, Relevance: 45.3, APIs: 30, Instructions: 254
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

#615.MSVBVM60 ref: 0041EFEA
#660.MSVBVM60(?,?,?,00000001,00000001), ref: 0041F01D
__vbaVarTstNe.MSVBVM60(?,?), ref: 0041F03E
__vbaFreeVarList.MSVBVM60(00000003,00000002,0000000A,?), ref: 0041F055
__vbaNew2.MSVBVM60(00403B04,004223CC), ref: 0041F079
__vbaHresultCheckObj.MSVBVM60(00000000,006DEF84,00403AF4,00000014), ref: 0041F09E
__vbaHresultCheckObj.MSVBVM60(00000000,?,00403B14,00000110), ref: 0041F0C8
__vbaStrMove.MSVBVM60 ref: 0041F0DD
__vbaFreeObj.MSVBVM60 ref: 0041F0E2
#611.MSVBVM60 ref: 0041F0E8
__vbaStrMove.MSVBVM60 ref: 0041F0F3
__vbaNew2.MSVBVM60(004028D4,00422010), ref: 0041F108
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041F127
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403C3C,00000188), ref: 0041F14A
__vbaNew2.MSVBVM60(004028D4,00422010), ref: 0041F163
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041F17C
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403C3C,00000178), ref: 0041F19F
__vbaLateIdCallLd.MSVBVM60(00000002,?,00000000,00000000), ref: 0041F1AF
__vbaNew2.MSVBVM60(00403B04,004223CC), ref: 0041F1CB
__vbaHresultCheckObj.MSVBVM60(00000000,006DEF84,00403AF4,0000004C), ref: 0041F1F0
__vbaStrVarMove.MSVBVM60(00000002,?), ref: 0041F203
__vbaStrMove.MSVBVM60 ref: 0041F20E
__vbaHresultCheckObj.MSVBVM60(00000000,?,00403BA0,00000024), ref: 0041F22C
__vbaStrMove.MSVBVM60 ref: 0041F23B
__vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0041F24B
__vbaFreeObjList.MSVBVM60(00000004,?,?,?,?), ref: 0041F263
__vbaFreeVar.MSVBVM60 ref: 0041F26F
__vbaFreeStr.MSVBVM60(0041F2DA), ref: 0041F2CD
__vbaFreeStr.MSVBVM60 ref: 0041F2D2
__vbaFreeStr.MSVBVM60 ref: 0041F2D7

Memory Dump Source

Source File: 00000000.00000002.1277517703.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1277491525.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1277641723.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1277664800.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vbc.jbxd

Yara matches

Similarity

API ID: __vba$Free$CheckHresult$Move$New2$List$#611#615#660CallLate
String ID:
API String ID: 2982621179-0
Opcode ID: 21c1c4f57584ee9cdd249026f335948281fef39cc3968cad8f8268aab0bee8c2
Instruction ID: 97570f39915fefb06b26cca69daf60d72f9100c5eb8db6294caf2a8534cfb5cf
Opcode Fuzzy Hash: 21c1c4f57584ee9cdd249026f335948281fef39cc3968cad8f8268aab0bee8c2
Instruction Fuzzy Hash: 95A12A71900219AFDB14DF94DD88EEEBBB9FB48B01F10412AF501B72A1DBB45946CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 00401C10, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

#100.MSVBVM60(VB5!6&*), ref: 00401C15

Strings

VB5!6&*, xrefs: 00401C10

Memory Dump Source

Source File: 00000000.00000002.1277517703.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1277491525.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1277641723.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1277664800.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vbc.jbxd

Yara matches

Similarity

API ID: #100
String ID: VB5!6&*
API String ID: 1341478452-3593831657
Opcode ID: 76913bf2a4bc06c8bf97173d6ed5919010b4f7642140350421f585fe3a32359e
Instruction ID: 2e99f95d0f959578955c45692793700660a55f6ce094be2f64c896591163535b
Opcode Fuzzy Hash: 76913bf2a4bc06c8bf97173d6ed5919010b4f7642140350421f585fe3a32359e
Instruction Fuzzy Hash: F8E07655A8E3C05FD31717704D6A6A13F70881321131A41E79589EA5F3C1AC8C4AC36B

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 022B2F27, Relevance: 3.2, Strings: 2, Instructions: 683COMMON

Download Yara Rule

Strings

%H7, xrefs: 022B30A3
zNN, xrefs: 022B2FC4

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID: %H7$zNN
API String ID: 0-1679823386
Opcode ID: af59053f316ee37892a1d235806030d11ada2f93b4ecfe92a0784b9de01b2f6e
Instruction ID: 02a33649d555f765a10dddc78beea329afd32dd266ebfbb3d6a7885b3cc6f834
Opcode Fuzzy Hash: af59053f316ee37892a1d235806030d11ada2f93b4ecfe92a0784b9de01b2f6e
Instruction Fuzzy Hash: 2A523071A24349DFDB758F64CD447EAB7A6FF48340F85821EEC899B214C3745A81CB82

Uniqueness

Uniqueness Score: -1.00%

Function 022B9984, Relevance: 3.2, Strings: 2, Instructions: 651COMMON

Download Yara Rule

Strings

`, xrefs: 022B9A89
Lh, xrefs: 022B99EE

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID: Lh$`
API String ID: 0-2465639706
Opcode ID: 7bb6a36ee4266abe547e84b5b7ea58c6bc5268ee1005badb106dadbe72e1ac2e
Instruction ID: a6d6498db6e17d07b31190810bc5026c88d0d0fad5f259d8e9d2fcede04179e5
Opcode Fuzzy Hash: 7bb6a36ee4266abe547e84b5b7ea58c6bc5268ee1005badb106dadbe72e1ac2e
Instruction Fuzzy Hash: 52422E71A24349DFDB759E64CC847EAB7A2FF09390F85821ADD899B214C3744A91CF82

Uniqueness

Uniqueness Score: -1.00%

Function 022BBB2B, Relevance: 1.3, Strings: 1, Instructions: 75COMMON

Download Yara Rule

Strings

W#*^, xrefs: 022BBC1A

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID: W#*^
API String ID: 0-2922225765
Opcode ID: 212a568bb97eb1179f4f686c733b6a406cc5493351f0af889b6b710f74d2c5d6
Instruction ID: 995121c1347ec8df1d8df9f9af89465a848d52ef59fbacbd11d35318c99f3133
Opcode Fuzzy Hash: 212a568bb97eb1179f4f686c733b6a406cc5493351f0af889b6b710f74d2c5d6
Instruction Fuzzy Hash: 9A113BB11303059FD722CBE4C684B9A3661EF163ECF5141A2ED47DB1AAD7B8C881D625

Uniqueness

Uniqueness Score: -1.00%

Function 022BBB26, Relevance: 1.3, Strings: 1, Instructions: 66COMMON

Download Yara Rule

Strings

W#*^, xrefs: 022BBC1A

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID: W#*^
API String ID: 0-2922225765
Opcode ID: bdfc5d82522cdc183892bdfcca538b23e10a8197d8a8f0e356a863a9af9fbb69
Instruction ID: 11c62ecd47a1bf857e0a8b7b711a8fdc46b4f7b3dd9af3c9109247e7dcc249ab
Opcode Fuzzy Hash: bdfc5d82522cdc183892bdfcca538b23e10a8197d8a8f0e356a863a9af9fbb69
Instruction Fuzzy Hash: 94110DB1120300AFD723CBD4C6C4B997655FF193E8F1142A0DD46DB166D7B4D841D624

Uniqueness

Uniqueness Score: -1.00%

Function 022B3895, Relevance: 1.1, Instructions: 1086COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4ea76a2d3cc988faec3f161374593149a9c2f2f0c6085f6bf1e05d0f1c98955
Instruction ID: ea5585d57b4607cbd993eb70a6444960233ee81ba17d407e42ac8f5b62566e7c
Opcode Fuzzy Hash: a4ea76a2d3cc988faec3f161374593149a9c2f2f0c6085f6bf1e05d0f1c98955
Instruction Fuzzy Hash: FE922171A24349DFDB359F68CC847EAB7A6FF49350F45422AEC899B214C7709A81CF81

Uniqueness

Uniqueness Score: -1.00%

Function 022B3189, Relevance: .8, Instructions: 779COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d12e47d4b30420a0c3a881603403f23821016e0d52b4e71b8834fbf4f186cd
Instruction ID: 20449f4f2d9ab9680bee532193bd7efa872f92d4de61ead90d5072cf28aa2543
Opcode Fuzzy Hash: e6d12e47d4b30420a0c3a881603403f23821016e0d52b4e71b8834fbf4f186cd
Instruction Fuzzy Hash: 3A621F71A24349DFDB759F68CC447EAB7A2FF48350F85812EEC899B254C3745A81CB82

Uniqueness

Uniqueness Score: -1.00%

Function 022B92EF, Relevance: .7, Instructions: 741COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c4aba140bb44a4a82e399595313f4e464d767b26d3afe36236935d0b090ea6a
Instruction ID: f21584b06aeb427a8619a6c49a27278772f64a82480382bd875bd6a36e1bac40
Opcode Fuzzy Hash: 4c4aba140bb44a4a82e399595313f4e464d767b26d3afe36236935d0b090ea6a
Instruction Fuzzy Hash: E3523271A24345DFDB359FB4CC847EA77A2FF49380F45811AED899B254C3748A91CB82

Uniqueness

Uniqueness Score: -1.00%

Function 022B5069, Relevance: .7, Instructions: 717COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7aac72100d7aa382456fe864851fad798abde83cc737ab5deef0b8d5ff282b43
Instruction ID: fdbf3abd4ad090f660628134645a5b3c8b924111d776c966805c38d3f21d5b2d
Opcode Fuzzy Hash: 7aac72100d7aa382456fe864851fad798abde83cc737ab5deef0b8d5ff282b43
Instruction Fuzzy Hash: 454276B1625349DFDB368FB4CC847DA7BA6FF49380F85421ADD899B254C3704991CB82

Uniqueness

Uniqueness Score: -1.00%

Function 022B9768, Relevance: .7, Instructions: 707COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5dec529255945457c96a20dc89686c2e7c0ff8d9346a726e886c76abcbd743e6
Instruction ID: 4a5f45689441b3dc5288211ecb641d7a83b351ec19a640eedd86217271c8c1cb
Opcode Fuzzy Hash: 5dec529255945457c96a20dc89686c2e7c0ff8d9346a726e886c76abcbd743e6
Instruction Fuzzy Hash: 91523271A24349DFDB358FB4CD847EAB7A6FF09380F45821ADD899B214C3704A91CB82

Uniqueness

Uniqueness Score: -1.00%

Function 022B5004, Relevance: .6, Instructions: 636COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7feffb232bc28c3bf3911817b067dea5fda7167519783ca107ea2204f8a670a7
Instruction ID: 264e51f56c26ed848c1687b964700605dedb73fdb7bf6e13fa5b2a699084763f
Opcode Fuzzy Hash: 7feffb232bc28c3bf3911817b067dea5fda7167519783ca107ea2204f8a670a7
Instruction Fuzzy Hash: 00423171A24349DFDB758F74CC847EA7BA6FF09340F85821AED899B214C3705A91CB82

Uniqueness

Uniqueness Score: -1.00%

Function 022B4F1C, Relevance: .6, Instructions: 628COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ba5018fbe6116008b1371a9fe8689b8aa930f52639dcba707a56e7356a7cd77
Instruction ID: becebaec59f1d691a18ac5b443ec93c6d3b2622f0c39772f28b3631cfe29e371
Opcode Fuzzy Hash: 7ba5018fbe6116008b1371a9fe8689b8aa930f52639dcba707a56e7356a7cd77
Instruction Fuzzy Hash: 08422F71A24349DFDB758F64CD847EAB7A6FF09340F85822EDC899B254C3744A91CB82

Uniqueness

Uniqueness Score: -1.00%

Function 022B4F98, Relevance: .6, Instructions: 612COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31e649f61f8ccce506f7d0ce9916642f9f52fff35757abc87e87b0db76e5f9cd
Instruction ID: 1cb6c91e11f07ba8380185cff03daea04e7083480d0755ed70137477c0ef4eb4
Opcode Fuzzy Hash: 31e649f61f8ccce506f7d0ce9916642f9f52fff35757abc87e87b0db76e5f9cd
Instruction Fuzzy Hash: 5A423F71A24349DFDB758F64CC847EAB7B6FF09340F85821AED899B214C3745A91CB82

Uniqueness

Uniqueness Score: -1.00%

Function 022B51FA, Relevance: .6, Instructions: 609COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a78f1fea1e4f7f0dc26aea9efbb30b2d5da345291933ab4527313eb995543fc6
Instruction ID: 6535f76d2503576eb99918f9ed3feed6924ede2386363ef590d7e695c68b16e5
Opcode Fuzzy Hash: a78f1fea1e4f7f0dc26aea9efbb30b2d5da345291933ab4527313eb995543fc6
Instruction Fuzzy Hash: 7B322271A24349DFDB368F64CC847EA7BA6FF49350F85421ADD899B254C3704A91CB82

Uniqueness

Uniqueness Score: -1.00%

Function 022B5181, Relevance: .6, Instructions: 594COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acbee10efd54a2b223b3b6377dc31c6c44eabc9cb2b6b8afb2e598ec1ba42578
Instruction ID: 5dbf300d3eb5b1878e1f8cef6efd8bb431adc67dc2bd8b8c38516185819d705a
Opcode Fuzzy Hash: acbee10efd54a2b223b3b6377dc31c6c44eabc9cb2b6b8afb2e598ec1ba42578
Instruction Fuzzy Hash: 233223B1A24349DFDB368F74CC847EA7BA6FF49350F85421ADD899B254C3704A91CB82

Uniqueness

Uniqueness Score: -1.00%

Function 022B50F8, Relevance: .6, Instructions: 581COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 891fc3232064c7f2705f13d0619ed31515c22df6456dfd81b74e46b2862ec2f4
Instruction ID: b608d252b9a63336e68a652754a4c391d9268ad0a52843640b9338e1cb8b0e5e
Opcode Fuzzy Hash: 891fc3232064c7f2705f13d0619ed31515c22df6456dfd81b74e46b2862ec2f4
Instruction Fuzzy Hash: 67325371A24349DFDB358F74CC847EA7BA6FF49350F85821AED899B254C3704A90CB82

Uniqueness

Uniqueness Score: -1.00%

Function 022B5278, Relevance: .6, Instructions: 558COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 452a457f7b9235976ca15b11a365805bbe26b321fd487939017cb7e7366287ef
Instruction ID: fd2c98445c11e24ce25d95e0f56f997e8906266188cdd3b1d4350c3af298da08
Opcode Fuzzy Hash: 452a457f7b9235976ca15b11a365805bbe26b321fd487939017cb7e7366287ef
Instruction Fuzzy Hash: DA224371A24349DFDB358F64CC847EA7BA6FF49350F85811AED499B254C3B44A90CF82

Uniqueness

Uniqueness Score: -1.00%

Function 022B5302, Relevance: .5, Instructions: 538COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81681d40022b6f51b3caf9096906a2177eba33917098cae19c36f4e9f0f4bb87
Instruction ID: f597071fb154d1885066e6a0d2d466868fd21ba46c789319a1f2857054d2a1e0
Opcode Fuzzy Hash: 81681d40022b6f51b3caf9096906a2177eba33917098cae19c36f4e9f0f4bb87
Instruction Fuzzy Hash: 5C225271A24349DFDB368FB4CC847EA7BA6FF09350F85411ADD899B254C3B45A90CB82

Uniqueness

Uniqueness Score: -1.00%

Function 022B5418, Relevance: .5, Instructions: 518COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 352fe5f55c6590d76e6f50efad318373fda21ff517a2911a39c8c0328acc2c06
Instruction ID: 0bcbd3c6ab93c91c14e8bc135d365fa693dfc664f8efddee6f905e3140fdbaee
Opcode Fuzzy Hash: 352fe5f55c6590d76e6f50efad318373fda21ff517a2911a39c8c0328acc2c06
Instruction Fuzzy Hash: B11242B1624349DFDB368F64CC847EA7BB5FF09390F85811ADD899B254C3B44A90CB82

Uniqueness

Uniqueness Score: -1.00%

Function 022B5394, Relevance: .5, Instructions: 493COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 130a6f5c7f995678811702cd5d5d0bb0819f3443f0770f0a33a76e383e3b31c2
Instruction ID: d4676bc1e1b989b4e3f7bd926da173b41fef3f18a710e3c15044b633c73069cb
Opcode Fuzzy Hash: 130a6f5c7f995678811702cd5d5d0bb0819f3443f0770f0a33a76e383e3b31c2
Instruction Fuzzy Hash: 11122171A24349DFDB368FA4CC847EA7BA6FF09350F85811ADD899B254C3744A90CF82

Uniqueness

Uniqueness Score: -1.00%

Function 022B5578, Relevance: .5, Instructions: 479COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 910130a55bac9042929b829441880f4ee58b517f679eead153fc9fa291f210c4
Instruction ID: 1bb3daaa6e4ae2bdf13d8cf5f7077c095e62e69c4d570db7d3297fb1b96cd9b3
Opcode Fuzzy Hash: 910130a55bac9042929b829441880f4ee58b517f679eead153fc9fa291f210c4
Instruction Fuzzy Hash: FB025471A24349DFDB368F64CC857EA7BB2FF09390F858119DD898B255C3B44A90CB82

Uniqueness

Uniqueness Score: -1.00%

Function 022B54FC, Relevance: .5, Instructions: 452COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93169fd36132484fa65fe54f6525424fed470a4becd224443a789e8d615f2731
Instruction ID: 65a6a968e8135ff5a3aa09a8e9f9f39516557ec43d67abe4ac65b6eafdbd807b
Opcode Fuzzy Hash: 93169fd36132484fa65fe54f6525424fed470a4becd224443a789e8d615f2731
Instruction Fuzzy Hash: 0F023071A24349DFDB368F64CC857EA7BB2FF09390F858119ED899B254C3745A90CB82

Uniqueness

Uniqueness Score: -1.00%

Function 022B5466, Relevance: .4, Instructions: 447COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eabac61a35874820a9e67b88831ce86d59c3afa506f951b9d16f5080fb624eba
Instruction ID: 92863311961ca6fab108f19db0a7576a2fa1732f3eebfd06d51c676f4e2747b6
Opcode Fuzzy Hash: eabac61a35874820a9e67b88831ce86d59c3afa506f951b9d16f5080fb624eba
Instruction Fuzzy Hash: 76023171624349DFDB368F64CC857EA7BB1FF09390F858119DD899B254C3745A90CB82

Uniqueness

Uniqueness Score: -1.00%

Function 022B5688, Relevance: .4, Instructions: 442COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9743f752e6bc2bcb28cd3075185904b4b8323cdf4d67ea46b6e7037a59d86cef
Instruction ID: 50969c6dda5f93d23c335a601a6ce9caa6091eea74f52a5c681b7e0a36b39162
Opcode Fuzzy Hash: 9743f752e6bc2bcb28cd3075185904b4b8323cdf4d67ea46b6e7037a59d86cef
Instruction Fuzzy Hash: 52F12271534348DFDB368FA4CD857EA3BA6FF09390F854119ED8A9B255C3B44A90CB42

Uniqueness

Uniqueness Score: -1.00%

Function 022B5627, Relevance: .4, Instructions: 437COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f35bc20349c51d4883a7075a2ba4f3d9bfaed79781c3606141fb03abe48fde94
Instruction ID: 3ef7fabaa241ddc3b7c002f6109da67085bff443c0a502ae8e2ccd4df7bd7dcc
Opcode Fuzzy Hash: f35bc20349c51d4883a7075a2ba4f3d9bfaed79781c3606141fb03abe48fde94
Instruction Fuzzy Hash: 75F15471628348DFDB368F64CC857EA3BA6FF09390F85411DED899B254C3B44A91CB82

Uniqueness

Uniqueness Score: -1.00%

Function 022B5712, Relevance: .4, Instructions: 403COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bd252f66fec5a2b958df1959e1731794eb60ca5cae9d30f88d9a85c6a24883d
Instruction ID: eae614901ba2593e500fedc9f4f2927e689c558f2e5edc4a726613147fac1f3d
Opcode Fuzzy Hash: 9bd252f66fec5a2b958df1959e1731794eb60ca5cae9d30f88d9a85c6a24883d
Instruction Fuzzy Hash: A1E14671928348DFDB368F64CC857EA3BA6FF09380F954119ED899F255C3744A94CB42

Uniqueness

Uniqueness Score: -1.00%

Function 022B57A5, Relevance: .4, Instructions: 399COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ed67f99d93b7018b9cf8bd6bc7ac881c31b731bbad5813531b061b379057d5d
Instruction ID: 0f0b920cad6c37c842c422f9379eaf80dbc92dd932f19343fc4a41ec6775a321
Opcode Fuzzy Hash: 8ed67f99d93b7018b9cf8bd6bc7ac881c31b731bbad5813531b061b379057d5d
Instruction Fuzzy Hash: 64E14471A24348DFDF368FA4CC847EA37A6FF0A390F854119ED899B255C3744A91DB42

Uniqueness

Uniqueness Score: -1.00%

Function 022B582E, Relevance: .4, Instructions: 367COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4f3eac02ba672a64b081f7907d20e2e2db990d14fc56ce8e207dd9e96677a0a
Instruction ID: 305ac53e56de69c4e91cd176733d5999275d945c6c413fc74527380a4aad6df7
Opcode Fuzzy Hash: f4f3eac02ba672a64b081f7907d20e2e2db990d14fc56ce8e207dd9e96677a0a
Instruction Fuzzy Hash: 1ED12271624348DFDB368FA4CC857EA37A6FF09380F854119EE8A8F265C3744A81CB42

Uniqueness

Uniqueness Score: -1.00%

Function 022B58B8, Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d49f9b8f97c57bffd3b2fd0ec3646f822b02cc0b05555f1421faed0bdc49b498
Instruction ID: 438d265e3ce3aad26f37861439580af34f276b9d0faf79f144ff955cc1c52edd
Opcode Fuzzy Hash: d49f9b8f97c57bffd3b2fd0ec3646f822b02cc0b05555f1421faed0bdc49b498
Instruction Fuzzy Hash: B4C12471624348DFDB768FA4CC857EA37A6FF09390F854119EE898F265C3744991CB42

Uniqueness

Uniqueness Score: -1.00%

Function 022B3FB8, Relevance: .3, Instructions: 321COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0590002932e3328fa3425d70c54cf95fe604a7e2522bb2da26e90e1d520a912
Instruction ID: 6fe1d6387b4e6434d62d14fa7d6b1ab42ec0d074165cebb228ac427da18a6f5f
Opcode Fuzzy Hash: a0590002932e3328fa3425d70c54cf95fe604a7e2522bb2da26e90e1d520a912
Instruction Fuzzy Hash: 5CA10072630249DBCB35DF98CC94BE977A5FF49390F54422AEC599B305CB70A940CB91

Uniqueness

Uniqueness Score: -1.00%

Function 022B593E, Relevance: .3, Instructions: 313COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f92376a3fed96be4d3ed47d296e1fce249524fc9fe4c1e503d87876471a1201
Instruction ID: c2e80be050e22dfa011d26925fae29d9e89e02963092f57eacc1e368e95258db
Opcode Fuzzy Hash: 2f92376a3fed96be4d3ed47d296e1fce249524fc9fe4c1e503d87876471a1201
Instruction Fuzzy Hash: 35C13171628348DFDB368F64CC857DA7BB6FF09390F854519EE898B225C3744A94CB42

Uniqueness

Uniqueness Score: -1.00%

Function 022BA4F1, Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d19573b08974d39ea8f48a7a7568e64086099794cb698ff7629d05acfe5761a4
Instruction ID: d7e80b6c9433e9d46227c9e0ee0aace08399e98323ae4e63b21bb9c2c9e07d9c
Opcode Fuzzy Hash: d19573b08974d39ea8f48a7a7568e64086099794cb698ff7629d05acfe5761a4
Instruction Fuzzy Hash: 00B16B711383858FC712CF78C8587DB7FE2AF56390F15825AD8958B3AAD7748A41CB12

Uniqueness

Uniqueness Score: -1.00%

Function 022B59CF, Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 663f87907cb7e64006481bd2dacfb97750ce751f46ecb97d544bd01034418677
Instruction ID: 61b6f7626135f2338cfab73895dd24e6a69a8299ed14795b348bcdd5fca9df6c
Opcode Fuzzy Hash: 663f87907cb7e64006481bd2dacfb97750ce751f46ecb97d544bd01034418677
Instruction Fuzzy Hash: 89B13471624348DFDB368FA4CC857DA77A6FF0A390F854119EE898F265C3754A90CB42

Uniqueness

Uniqueness Score: -1.00%

Function 022B5B58, Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53ec16e6f9e0e8afa82463667ed9828154b8dcf2ea477ce6d2eae46125e3a655
Instruction ID: a7bc06957e9606bb3510d2f0e6dce0bcaa5541babd1df262cde2ec73476000e8
Opcode Fuzzy Hash: 53ec16e6f9e0e8afa82463667ed9828154b8dcf2ea477ce6d2eae46125e3a655
Instruction Fuzzy Hash: F19135B1634249DFDB768FA4CC857DA7BA5FF06380F844159EE898F229C3B04990CB42

Uniqueness

Uniqueness Score: -1.00%

Function 022B39E8, Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5024c79427032ceb7b76421a7b233313b5aab19ae336b95f017f99ec5d1f28ea
Instruction ID: bfd9a45b7e34b00483949f4cbd71ff6e0c602aba467550234e8500963a44599d
Opcode Fuzzy Hash: 5024c79427032ceb7b76421a7b233313b5aab19ae336b95f017f99ec5d1f28ea
Instruction Fuzzy Hash: 0F912172625649DFCB39CF68CC80BDABBA5FF49350F09426AEC898B345C7706941CB91

Uniqueness

Uniqueness Score: -1.00%

Function 022B3A62, Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a830438ce2b17317ebe8a8ad7885b776be24a853aa9ce915f96ace6938397746
Instruction ID: 519f65208ccd19fa376f7118d2049e68ef89b2d240397cbe27c9fdb45fd2fb5d
Opcode Fuzzy Hash: a830438ce2b17317ebe8a8ad7885b776be24a853aa9ce915f96ace6938397746
Instruction Fuzzy Hash: 29914571225349DFC72ACF68CC80BDABBA5FF46350F1842AADC898B356C7706841CB91

Uniqueness

Uniqueness Score: -1.00%

Function 004032F5, Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1277517703.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1277491525.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1277641723.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1277664800.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vbc.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77374fa8304f3c9ef560f339c4d523eae080b8e32333fbbc0f910cc6a2c397d2
Instruction ID: d06bbbcef7a87fada47f156dfdf28ccd353d8f5c36d68e9fcfbb6f640da30531
Opcode Fuzzy Hash: 77374fa8304f3c9ef560f339c4d523eae080b8e32333fbbc0f910cc6a2c397d2
Instruction Fuzzy Hash: B481D36108E7C05FD7038B758CAA5A57FB4EE0321570D45EFC8C28F4E3C218594AC76A

Uniqueness

Uniqueness Score: -1.00%

Function 022B38FC, Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 564a282ed870d5b982cbeabc6bcfffe31d6ac953fa7b8a6e1d2343d852716271
Instruction ID: 3b03f831eba74f5f407c4401df6779c921786fc16977e53b51354e61f67c4eba
Opcode Fuzzy Hash: 564a282ed870d5b982cbeabc6bcfffe31d6ac953fa7b8a6e1d2343d852716271
Instruction Fuzzy Hash: 2AA1F072624245DFDB39CF68CC40BEAB7A5FF49350F09826AEC899B354D7706981CB90

Uniqueness

Uniqueness Score: -1.00%

Function 022BA5C8, Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4417b287ec5d87b302ff2aa446cf20978ca773428d6115144d89bec36105551
Instruction ID: 09ec90e82370585dfeaba2a102d32e4a16fd3da1a394f3512200d9156c1d8eb9
Opcode Fuzzy Hash: d4417b287ec5d87b302ff2aa446cf20978ca773428d6115144d89bec36105551
Instruction Fuzzy Hash: 53A1A4615287828EDB238B78C898B96BFD15F13370F59C2DAC4A54F1EBD3748546C712

Uniqueness

Uniqueness Score: -1.00%

Function 022BA580, Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d551790131b0b3a227988d46f0ea6f54f75976d7ce172e1a70b6ea7b3e29ea0
Instruction ID: 3c95a412699514ea9afc4569109cfb21d0325772eb7114c2e97df486f12eb248
Opcode Fuzzy Hash: 7d551790131b0b3a227988d46f0ea6f54f75976d7ce172e1a70b6ea7b3e29ea0
Instruction Fuzzy Hash: 49A1A3615287828EDB238B78C898B96BFD15F13370F59C2DAC4A54F1EBD3B88546C712

Uniqueness

Uniqueness Score: -1.00%

Function 022BA614, Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46d3afcb58826bfb21597c1d0ec4fbf2ccec9d3419d7bdc35f42cc2d79793c8f
Instruction ID: d2d983f62dcebeaa72d54834d970b25dd353a124552b5b2423a294938711c9f3
Opcode Fuzzy Hash: 46d3afcb58826bfb21597c1d0ec4fbf2ccec9d3419d7bdc35f42cc2d79793c8f
Instruction Fuzzy Hash: EAA1B3615287828EDB238B78C898B96BFD15F13370F59C2DAC4A54F1EBE3788146C712

Uniqueness

Uniqueness Score: -1.00%

Function 022BA6F0, Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d16240c993d1d247463cc7fd05413bd67def5db511fa4bebabcddfde74795af5
Instruction ID: 2458bbfa4b18ccbaf857ffdd1a6b8690d85bec270a7325752f8f0cbe26f2e69e
Opcode Fuzzy Hash: d16240c993d1d247463cc7fd05413bd67def5db511fa4bebabcddfde74795af5
Instruction Fuzzy Hash: D591B3615287C24DDB238B788899B96BED15F133B0F59C3DAC4E64E1EBE3A48146C713

Uniqueness

Uniqueness Score: -1.00%

Function 022B3249, Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c72a8d4601fdd4836ab8e626c9570b31d092bf13c4ad81291a0d38b1d1b64b3
Instruction ID: daa74385d97df31214f30899e9c5f715f55736485d9238ef9da86593cbb4479f
Opcode Fuzzy Hash: 7c72a8d4601fdd4836ab8e626c9570b31d092bf13c4ad81291a0d38b1d1b64b3
Instruction Fuzzy Hash: 05619BB55393489BD735CF98CC446DEBAEAFF86390FA0455DE8899B219C3B04981CB03

Uniqueness

Uniqueness Score: -1.00%

Function 022B33AC, Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0526b2262ccf6679d01b38e1374828f56a772583e2cad2c765d9723e332fb5e
Instruction ID: cd58177fc068ccb93bf5cbd369c72f4fbc7a2a28384f28d6f1be693b288556b4
Opcode Fuzzy Hash: f0526b2262ccf6679d01b38e1374828f56a772583e2cad2c765d9723e332fb5e
Instruction Fuzzy Hash: DC7164B103A3889FC727CFA88C556DA7BB8FF82394F94459DD5C58B256C3A04886CB13

Uniqueness

Uniqueness Score: -1.00%

Function 022BA814, Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee03a704f184b2865ae20e02edc5d12e4527f1fd6870a7efc3f0121d32d94901
Instruction ID: 8f2e1df24144b578f346a4b032160f05fa844ebef4da9f37acaca0f0fc593658
Opcode Fuzzy Hash: ee03a704f184b2865ae20e02edc5d12e4527f1fd6870a7efc3f0121d32d94901
Instruction Fuzzy Hash: DF6169A143978549DB238BB888A9BDA7ED59F133E4F58C3D6C5A24E5DFE3A44042C313

Uniqueness

Uniqueness Score: -1.00%

Function 022B5C99, Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61adc8d448a38e7558cafa9eecedf3587859ea82d37fcd7f0b95012a7648c7d5
Instruction ID: 5f4ab9e5faa8f7624b239fd4be1ffa7632e0d061f727d0d42b094b431e9e7b5d
Opcode Fuzzy Hash: 61adc8d448a38e7558cafa9eecedf3587859ea82d37fcd7f0b95012a7648c7d5
Instruction Fuzzy Hash: 427158B55353489FDB368FA4CC857DA3BAAFF06380F904119EE499F219C3B05591CB42

Uniqueness

Uniqueness Score: -1.00%

Function 022B5BE7, Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72dfbf88c1871626026bdb61888ff4cfb529b4b157a17b77b6a4b72dcb4cc4f3
Instruction ID: 7df5a25fb998f03485a0431cdc390bd350e896505023dc4316db9300d9b7f599
Opcode Fuzzy Hash: 72dfbf88c1871626026bdb61888ff4cfb529b4b157a17b77b6a4b72dcb4cc4f3
Instruction Fuzzy Hash: 928127B1524349AFDF768FA4CC847DA3BA5FF09384F844119EE898F259C3B44990CB42

Uniqueness

Uniqueness Score: -1.00%

Function 022BA6A0, Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c71b15f9f59dc313528ef822b80a2481fcd1d77b56870c549080b20a8b5b860e
Instruction ID: 0a90c47407e85629d6e28d301918824948668a136f4ea874e7cc7e9b75561bcc
Opcode Fuzzy Hash: c71b15f9f59dc313528ef822b80a2481fcd1d77b56870c549080b20a8b5b860e
Instruction Fuzzy Hash: 5D8192615287C28DDB238B788899B95BFD15F13360F59C3DAC4E54E1EBE3A88146C713

Uniqueness

Uniqueness Score: -1.00%

Function 022BA7C7, Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2568293dbab02212be468223f2b066200ec443bf991abf07c9dc617bd5637eb6
Instruction ID: a36dfe5c1085433ef01e4488995d79ec1463a8b53f375f11a11e0b641db5e5d0
Opcode Fuzzy Hash: 2568293dbab02212be468223f2b066200ec443bf991abf07c9dc617bd5637eb6
Instruction Fuzzy Hash: 0B71C1614287814DDB238B788899BD6BED15F133B4F59C3DAC5A64E1EBE3A88142C313

Uniqueness

Uniqueness Score: -1.00%

Function 022BB493, Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c416e3a67bdce9661514d72b4517589fba6649a5218311fa31834a8457653934
Instruction ID: b8dccbaeb77fbddb1576f9fdf82d2a00fce7a82eb7a2f1fb37a2af2a7836684b
Opcode Fuzzy Hash: c416e3a67bdce9661514d72b4517589fba6649a5218311fa31834a8457653934
Instruction Fuzzy Hash: CA518AB1137B0889CB2B8EE4C9B67F62A69FF523DDF948156DD439B159C3A08440CB13

Uniqueness

Uniqueness Score: -1.00%

Function 022BA76C, Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9db50d2506813d14c1c1c8f4aa9131ff362c2452bed6cda87e465d41ce554571
Instruction ID: 22d224ea245f1a20b76dcb642eeb3a1872394bc593640d125aed73e4a655288e
Opcode Fuzzy Hash: 9db50d2506813d14c1c1c8f4aa9131ff362c2452bed6cda87e465d41ce554571
Instruction Fuzzy Hash: 8071B3614287824DDB238B788899B96BFD15F133B4F1DC3DAC5A54E1EBE3A88146C313

Uniqueness

Uniqueness Score: -1.00%

Function 022B3209, Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de8f5098f81fdb7bf35fb40e339f3135ed2014d802ca452f247f6fabe90d994d
Instruction ID: db364b446ddf148ff9650610ceba9f3c93a885f46ad055ee0e7da26b9e52b521
Opcode Fuzzy Hash: de8f5098f81fdb7bf35fb40e339f3135ed2014d802ca452f247f6fabe90d994d
Instruction Fuzzy Hash: 826147755283489FDB359F68CC457EABBE6EF85350F51441DD8899B269C3B08982CB03

Uniqueness

Uniqueness Score: -1.00%

Function 022B5A68, Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 641e0553f3190a977692db2e5e0b5d34b3819ad2852da01d63279f66a8c9502b
Instruction ID: e47b6d45d9beea8ae7520da629ef2d1cb0c4cfb8e659f4d329ae983d41e88048
Opcode Fuzzy Hash: 641e0553f3190a977692db2e5e0b5d34b3819ad2852da01d63279f66a8c9502b
Instruction Fuzzy Hash: A3810171614249DFDF7A9F64CC857EA77B2FF09380F848119EE898B228D3754A90CB42

Uniqueness

Uniqueness Score: -1.00%

Function 022B44B2, Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bf32e9ce8205c9f45e5bec672a812288a28f02fea9770dafa8c773a676a1f83
Instruction ID: 9acecb2e9ef420b998371c10f8898f6fe961e0b0612c6e8210149c6e390e5884
Opcode Fuzzy Hash: 7bf32e9ce8205c9f45e5bec672a812288a28f02fea9770dafa8c773a676a1f83
Instruction Fuzzy Hash: 5E51CCB2535308DFC725AFA48CD4ADA7ABAFF923D5F664519D9816B21BC3B04440CB02

Uniqueness

Uniqueness Score: -1.00%

Function 022BB410, Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd0034fcd0642868e360238f15919495fd8e3094ffb699d0fbcd3e511b6c23cc
Instruction ID: 050822abf0ea54d838304c1dba31b2884f24e1fb22dc791b1eba220acd2689c3
Opcode Fuzzy Hash: dd0034fcd0642868e360238f15919495fd8e3094ffb699d0fbcd3e511b6c23cc
Instruction Fuzzy Hash: D9519B711367088ACB2BCEE4C8A67F62A99EF463DDF504156DD439B15CC3A08480CB13

Uniqueness

Uniqueness Score: -1.00%

Function 022B39A0, Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e72edddb1240e2078cccd79b02670bbfbc77e0b2cf386716f319ffe284c3cbf6
Instruction ID: 5c28a8794d43e2073d7b1bc279d303ebc9fc0ca62f9ff6ec39b5757f6fa701ec
Opcode Fuzzy Hash: e72edddb1240e2078cccd79b02670bbfbc77e0b2cf386716f319ffe284c3cbf6
Instruction Fuzzy Hash: 1781CE71624245DFDB29CF68CC84BDAB7A1FF49350F09822AEC899B354D770A990CB90

Uniqueness

Uniqueness Score: -1.00%

Function 022BB4E0, Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fffc901ef994fe74077b1cc67978184eecf1932c685a0a4ad36be0a81c20694
Instruction ID: 8b29ec6822112ccb401f48635f86d3719193f0ed249cf15206bc08b69a8e4959
Opcode Fuzzy Hash: 2fffc901ef994fe74077b1cc67978184eecf1932c685a0a4ad36be0a81c20694
Instruction Fuzzy Hash: 8C5178B1137B088ACA3B8EE4C9B67F62A69FF423DDF948155DD439B65DC3A08440CB12

Uniqueness

Uniqueness Score: -1.00%

Function 022BB45D, Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cd02f431e500e08323a16ad23b792cfaa04ec91920a001432f0a9118cdb4af7
Instruction ID: e30e6a0527fec9ef839caec8c2e82e832c266d9a33c19e36b9f975f8c3b4d095
Opcode Fuzzy Hash: 7cd02f431e500e08323a16ad23b792cfaa04ec91920a001432f0a9118cdb4af7
Instruction Fuzzy Hash: DF5178B11367098ADA3BCEE4C9B67F62AA9EF423DDF944156DD439B15CC3A08480CB12

Uniqueness

Uniqueness Score: -1.00%

Function 022B3AF8, Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b031fd4442a170d4fe231d8a77641eec06336096398b055c6128c99b3e458ead
Instruction ID: 4306fec0cfe11dfe1ed23ce3197805060b51c8106fbed1d81b752dc21fa95214
Opcode Fuzzy Hash: b031fd4442a170d4fe231d8a77641eec06336096398b055c6128c99b3e458ead
Instruction Fuzzy Hash: C4711171224345DFCB26CF68CC80BDAB7A1FF06360F0942AAEC9987255D770A991CF91

Uniqueness

Uniqueness Score: -1.00%

Function 022B245C, Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d03c95abad084989206b6c478a3a2a4f225e045d00be5199faab504c64c99a2
Instruction ID: 79784358944fa1f1feed57d6e9ddfa44ebe05dc07b390688ab92fa7b9d997767
Opcode Fuzzy Hash: 6d03c95abad084989206b6c478a3a2a4f225e045d00be5199faab504c64c99a2
Instruction Fuzzy Hash: CB612972529388DFDB32CFA88C897CA7BB5EF4A350F45425ADC8C9B255D3305A41C752

Uniqueness

Uniqueness Score: -1.00%

Function 022B4454, Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 865a65a13a8c83e60a5e0a30dee68bc9acfe3f3872881b97d4e88806e026a093
Instruction ID: 63e4a02cb70ee8798232d7dca65149fb686f023fcf904ed2291f54580bbb965f
Opcode Fuzzy Hash: 865a65a13a8c83e60a5e0a30dee68bc9acfe3f3872881b97d4e88806e026a093
Instruction Fuzzy Hash: FD61D272435344DFD721AFA4CCD4BD9BBB5FF52394F668559D8856B12AC3B08841CB02

Uniqueness

Uniqueness Score: -1.00%

Function 022B24C7, Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb1538b9a575228d4f05afb237d922b8128ae2a096cdf5671d7822430e1adaff
Instruction ID: 484526d61ff6328631d7d5f62bc05c762eeae3b5781f71d8a562e9b36c55d918
Opcode Fuzzy Hash: eb1538b9a575228d4f05afb237d922b8128ae2a096cdf5671d7822430e1adaff
Instruction Fuzzy Hash: 405128B2639348DBDB31CFA88C897DA7BB6EF8A390F544219EC4C9B655C7705A40C741

Uniqueness

Uniqueness Score: -1.00%

Function 022B5B08, Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9772f554254942de214a4135225716b290c0d92744cafd2e91db3c97875f2991
Instruction ID: 137eb3102969595792626cc96f5a48ccad89f17ca5467826e2d83a1b038235d9
Opcode Fuzzy Hash: 9772f554254942de214a4135225716b290c0d92744cafd2e91db3c97875f2991
Instruction Fuzzy Hash: EF71F071614249EFDF7A9EA4CC847EA37B6FF08340F844129EE898B264C3754AD0CB42

Uniqueness

Uniqueness Score: -1.00%

Function 022BA890, Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3a78c09ac1be5ad036f186f204d2ebe76a8067c04da5ab986cf9ac0c534377a
Instruction ID: 613dcce90bd858655ba1d1eeb016eefcd0c02535282708c19286d00187e01515
Opcode Fuzzy Hash: f3a78c09ac1be5ad036f186f204d2ebe76a8067c04da5ab986cf9ac0c534377a
Instruction Fuzzy Hash: E151F96183478649DF239BB88899BD5BFC19F133A4F59C3D9C5A24E1DBE3A84042C713

Uniqueness

Uniqueness Score: -1.00%

Function 022B43B8, Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca1b0e06b4dd51223b583c3e5e7d63e9202e515c843cd7268a1c94a5395bd412
Instruction ID: 1d1e8b6b087bfd40fd6a334a9342ab62ad852b2689ff626744d138036e2e1366
Opcode Fuzzy Hash: ca1b0e06b4dd51223b583c3e5e7d63e9202e515c843cd7268a1c94a5395bd412
Instruction Fuzzy Hash: 8B619B72424341DFD726AF74C888BD9B7B2FF553A4F16855ADC859B16AD3B08980CF02

Uniqueness

Uniqueness Score: -1.00%

Function 022B4910, Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bc02f29c024d24e2747f87a6077e3a269ed0f66c97dd4892e7b159f358cbb07
Instruction ID: 33876e5e674c7cc4d665cd0729d73ae90a8a8e0df9214d996951634bd42ed04b
Opcode Fuzzy Hash: 5bc02f29c024d24e2747f87a6077e3a269ed0f66c97dd4892e7b159f358cbb07
Instruction Fuzzy Hash: 4651A8B19397848FD7259F64CCA97DABBA5FF86394F91415EC8814B22BC3704901CF42

Uniqueness

Uniqueness Score: -1.00%

Function 022B4988, Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8920313d3fdebcd8854a0eca229e930e118c9dc927886c8f848051c4ef7decd3
Instruction ID: b91b01d0e460868dc31325e5bdcb581e3d3d52d950be207edfd8c000b2d3b91e
Opcode Fuzzy Hash: 8920313d3fdebcd8854a0eca229e930e118c9dc927886c8f848051c4ef7decd3
Instruction Fuzzy Hash: 0751ADB553AB84CFD726AF6488E57DABFA5FF46390F91418AC9818B21BC3744501CB82

Uniqueness

Uniqueness Score: -1.00%

Function 022B3300, Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a41c43e226552560f179ea4889f1b01b6cf7fbac9c96596a1b7246d434f8dd3
Instruction ID: 99fdc75bdda36fc9b56054cd275c1f489b22e85d3782dc46aa2dbd329dd8821b
Opcode Fuzzy Hash: 7a41c43e226552560f179ea4889f1b01b6cf7fbac9c96596a1b7246d434f8dd3
Instruction Fuzzy Hash: 0E5157755283489FDB35DF68CC447EE7BA6FF89390F50445DE8898B258C3B04985CB02

Uniqueness

Uniqueness Score: -1.00%

Function 022B4544, Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f84e961f3f94fe0d17f96f2e92a60ef7431c35302e45c4a329e35632f34ce393
Instruction ID: 943ec5297a7d96b9ef9ad921ba56c312a4297b535ee11af5a8c26b4f04d9ddde
Opcode Fuzzy Hash: f84e961f3f94fe0d17f96f2e92a60ef7431c35302e45c4a329e35632f34ce393
Instruction Fuzzy Hash: A1519BB34353089FDB21AFA4CC94BD9B7A6FF963D0F664519D8856B21AC3B04981CB02

Uniqueness

Uniqueness Score: -1.00%

Function 022B45D1, Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30498b5dafd2e6feb144535d4c281282b094273f769daecd63dab903c0ccee3e
Instruction ID: 8709e099e34f1529cdda2b1fd8eb341ac801e4a48c4f90be5ad2ee7811e4251c
Opcode Fuzzy Hash: 30498b5dafd2e6feb144535d4c281282b094273f769daecd63dab903c0ccee3e
Instruction Fuzzy Hash: A851E0B3435348CFD722AFA4CC947D9BBB6BF963D0F66454AD8845B25AC3B04900CB02

Uniqueness

Uniqueness Score: -1.00%

Function 022B4404, Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b39102bb991bf3fcd27872036696a1788f679005a21ed8f1718125d72d1a9bf
Instruction ID: 748f1f39e9f56b7494fcbcc4d851552c8d9ec481f6130117469fe1003898f03a
Opcode Fuzzy Hash: 4b39102bb991bf3fcd27872036696a1788f679005a21ed8f1718125d72d1a9bf
Instruction Fuzzy Hash: A4517972524345DFDB25AFA4C884BD9B7B2BF51394F26855ADC856B26AC3B08D80CF02

Uniqueness

Uniqueness Score: -1.00%

Function 022BB69C, Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 346ab0fa4b03817692b53cc53a18ffb20d2f69d1bb75c5fec67b99c80a99d7c2
Instruction ID: 5bf1d7c501d3b0716e35ffa275157734789c71d90dbdc24a7788d7405c64f339
Opcode Fuzzy Hash: 346ab0fa4b03817692b53cc53a18ffb20d2f69d1bb75c5fec67b99c80a99d7c2
Instruction Fuzzy Hash: CA414A71033B0D89D63B8FF8C96A7F63A59AF063DDF914156DD439B269C3A08881CB12

Uniqueness

Uniqueness Score: -1.00%

Function 022B2452, Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 760c725acf5098f743ad4705dd54de826ba03f914daa3787c008227a8a8f71d8
Instruction ID: 70eccc88b86d4b443edd1a851b26659b136cfddefaa42c9225889f6623243085
Opcode Fuzzy Hash: 760c725acf5098f743ad4705dd54de826ba03f914daa3787c008227a8a8f71d8
Instruction Fuzzy Hash: A551C272A143589FDB35CEA8CC887CA7BB6AF88350F55422AEC4CDB254D7319A80CB51

Uniqueness

Uniqueness Score: -1.00%

Function 022BB3F8, Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1445477e1c8e141ed1e0d6f6c25355ca7dff5d46b3c17bccb0e94d2e5a09e5b
Instruction ID: 54fbc85669a4409530413fe6c2369cf1fd59ab6e80086e4af2a3d31e382c8ee3
Opcode Fuzzy Hash: f1445477e1c8e141ed1e0d6f6c25355ca7dff5d46b3c17bccb0e94d2e5a09e5b
Instruction Fuzzy Hash: 68412331535606CEDF3B8EB8C5653F636A1AF09398F55812BCC478B5A8D770C981CE02

Uniqueness

Uniqueness Score: -1.00%

Function 022BB650, Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0e34dffe81dcf0a585a75ab24217fef3793b8bf02f159565f1116123cd14841
Instruction ID: e8b59292d76054a31c15d38e2a46122998cdda0a11b1c5bee54dab1e8024aad3
Opcode Fuzzy Hash: e0e34dffe81dcf0a585a75ab24217fef3793b8bf02f159565f1116123cd14841
Instruction Fuzzy Hash: A5412771136B098FDB3B8EB4C9657F53BA5AF06399F558056DC439B268C371C981CB02

Uniqueness

Uniqueness Score: -1.00%

Function 022BB588, Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b4ce5017c957a1ea9cc8c972a2b574a6b442a56dea337144c5997a4d30eb681
Instruction ID: 4eebfb3b7c5af51c4157b0994ce4423bac80abbe82191e8a6ff017055632c63d
Opcode Fuzzy Hash: 1b4ce5017c957a1ea9cc8c972a2b574a6b442a56dea337144c5997a4d30eb681
Instruction Fuzzy Hash: 97310F30132A058FDB3B8EB4C5657FA37A1AF09398F42801ACC47DB668D771C981CE02

Uniqueness

Uniqueness Score: -1.00%

Function 022BB5CC, Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fc21a5646dd9bf69abc5ae98bc15ff47f4fb3e3167948025395264f08052c7d
Instruction ID: fe7cf42ad91a26d10943e130553665ed84c70790c3d81394a06f28bfbf4a5547
Opcode Fuzzy Hash: 3fc21a5646dd9bf69abc5ae98bc15ff47f4fb3e3167948025395264f08052c7d
Instruction Fuzzy Hash: F2310131132605CFDB3B8EB4C5657FA37A1AF09398F56805ACC479B668C771C981CE02

Uniqueness

Uniqueness Score: -1.00%

Function 022BB608, Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f079b5fc365f4833a0b7b032346acb1c9fa75b3c58714c7f8014315248582a16
Instruction ID: 7c73c67eb4cd7c9be4f2b4e53885c449b9fbcbee83e8088f9c67bf8f4ec3286c
Opcode Fuzzy Hash: f079b5fc365f4833a0b7b032346acb1c9fa75b3c58714c7f8014315248582a16
Instruction Fuzzy Hash: 0931F331132A06CFDB3A8EB4C5657F637A1AF05398F56805ADC479B668C771C981CE01

Uniqueness

Uniqueness Score: -1.00%

Function 022BA2D8, Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6099537cb7402c80d3203d14f62422916120b9fe22ac5ffe205dd70cbbbfe523
Instruction ID: 9f9d7b474aecb6aad104346fda8172d4a577413d6c5bb61d7bfb931d78acfddd
Opcode Fuzzy Hash: 6099537cb7402c80d3203d14f62422916120b9fe22ac5ffe205dd70cbbbfe523
Instruction Fuzzy Hash: B7119B72109384CFEF609E7589557EABBF29FD2390F56011ECC528B195C7708947C746

Uniqueness

Uniqueness Score: -1.00%

Function 022B4EF2, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8fc833b3871cf2532a5a6d07a96833c8064835953cd3551f2f794cdd955c739
Instruction ID: ae7a7f9408f1efec8738efe1e6336298d5617454f82c50a1f247158328c533af
Opcode Fuzzy Hash: b8fc833b3871cf2532a5a6d07a96833c8064835953cd3551f2f794cdd955c739
Instruction Fuzzy Hash: 6D11E5725693128BDBA86F608E456EFB3F5AF05390F03082E8DC1A7214C7745A85CF43

Uniqueness

Uniqueness Score: -1.00%

Function 022B9840, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 350999c10d4f3f6881859e77e7d04e6195f1ddaf7c63df6a9d40d268115e0a92
Instruction ID: 30f548344dfc1a13559772b54932076dde74df00d3dcac7377926f5453207d1d
Opcode Fuzzy Hash: 350999c10d4f3f6881859e77e7d04e6195f1ddaf7c63df6a9d40d268115e0a92
Instruction Fuzzy Hash: 3CF0AC757216428FCB26CF89D5D4FD973A5EF58740F4184A9EA05CB229C730ED84CE10

Uniqueness

Uniqueness Score: -1.00%

Function 022B642D, Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f5f38d5069c62a54b06ca7a118b5a9d75310c1476662608606b61fd2332d01b
Instruction ID: 4adbba74ae3a006651e0c2bdb515fd12e26de6d65b19d09f26019a9fd7cf7666
Opcode Fuzzy Hash: 2f5f38d5069c62a54b06ca7a118b5a9d75310c1476662608606b61fd2332d01b
Instruction Fuzzy Hash: A7B092B62415808FEF02CA08C4A1B4073B1F705644F4804D0E402CB751C228FD00CA00

Uniqueness

Uniqueness Score: -1.00%

Function 022B8D1F, Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1279957944.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_22b0000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b2f9b3144f5195bdf1b3c4a5cef9fb52eb7f0661b0ee9218a83b531a69b4b8b
Instruction ID: 936ede9af84026244ae2cf8e5180d093d3c05ea59ede23646716e5fc1676f09f
Opcode Fuzzy Hash: 1b2f9b3144f5195bdf1b3c4a5cef9fb52eb7f0661b0ee9218a83b531a69b4b8b
Instruction Fuzzy Hash: 2CB09231220640CFCE86CA09C280EC073B4BF10B80F010881F8018BA22C364E800CA00

Uniqueness

Uniqueness Score: -1.00%

Function 00420A30, Relevance: 82.5, APIs: 39, Strings: 8, Instructions: 264COMMON

Download Yara Rule

APIs

__vbaNew2.MSVBVM60(004028D4,00422010), ref: 00420A83
__vbaObjSet.MSVBVM60(?,00000000), ref: 00420AA2
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403B44,00000134), ref: 00420AE7
__vbaFreeObj.MSVBVM60 ref: 00420AF4
__vbaLenBstrB.MSVBVM60(00403EBC), ref: 00420AFF
__vbaNew2.MSVBVM60(00403B04,004223CC), ref: 00420B21
__vbaHresultCheckObj.MSVBVM60(00000000,006DEF84,00403AF4,00000014), ref: 00420B46
__vbaHresultCheckObj.MSVBVM60(00000000,?,00403B14,00000138), ref: 00420B6F
__vbaFreeObj.MSVBVM60 ref: 00420B74
#690.MSVBVM60(Godset,Fourpounder,Nittenaarigt4,FILMDOM), ref: 00420B8E
__vbaNew2.MSVBVM60(004028D4,00422010), ref: 00420BA7
__vbaObjSet.MSVBVM60(?,00000000), ref: 00420BC0
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403BC0,00000120), ref: 00420BE3
__vbaNew2.MSVBVM60(004028D4,00422010), ref: 00420BF8
__vbaObjSet.MSVBVM60(?,00000000), ref: 00420C11
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403B84,00000130), ref: 00420C34
__vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 00420C42
__vbaI4Var.MSVBVM60(00000000), ref: 00420C4C
__vbaInStr.MSVBVM60(00000000,?,PETHER,00000000), ref: 00420C60
__vbaFreeStr.MSVBVM60 ref: 00420C6F
__vbaFreeObjList.MSVBVM60(00000003,?,?,?), ref: 00420C7F
__vbaFreeVar.MSVBVM60 ref: 00420C8B
__vbaStrCat.MSVBVM60(00403F74,00403F68,00000002), ref: 00420CA5
__vbaStrMove.MSVBVM60 ref: 00420CB6
__vbaInStr.MSVBVM60(00000000,00403F74,00000000), ref: 00420CC0
__vbaFreeStr.MSVBVM60 ref: 00420CD3
#703.MSVBVM60(?,000000FF,000000FE,000000FE,000000FE), ref: 00420CF4
__vbaStrMove.MSVBVM60 ref: 00420CFF
__vbaFreeVar.MSVBVM60 ref: 00420D0A
__vbaStrCat.MSVBVM60(00403F90,15:15:), ref: 00420D16
__vbaStrMove.MSVBVM60 ref: 00420D21
#541.MSVBVM60(00000002,00000000), ref: 00420D28
__vbaStrVarMove.MSVBVM60(00000002), ref: 00420D32
__vbaStrMove.MSVBVM60 ref: 00420D3D
__vbaFreeStr.MSVBVM60 ref: 00420D42
__vbaFreeVar.MSVBVM60 ref: 00420D47
#580.MSVBVM60(Diaphysial,00000001), ref: 00420D50
__vbaFreeStr.MSVBVM60(00420D98), ref: 00420D90
__vbaFreeStr.MSVBVM60 ref: 00420D95

Strings

FILMDOM, xrefs: 00420B7A
Fourpounder, xrefs: 00420B84
Godset, xrefs: 00420B89
PETHER, xrefs: 00420C58
15:15:, xrefs: 00420D0C
Nittenaarigt4, xrefs: 00420B7F
Diaphysial, xrefs: 00420D4B
Afgiftsperioderne3, xrefs: 00420B4D

Memory Dump Source

Source File: 00000000.00000002.1277517703.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1277491525.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1277641723.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1277664800.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vbc.jbxd

Yara matches

Similarity

API ID: __vba$Free$CheckHresultMove$New2$#541#580#690#703BstrCallLateList
String ID: 15:15:$Afgiftsperioderne3$Diaphysial$FILMDOM$Fourpounder$Godset$Nittenaarigt4$PETHER
API String ID: 132566401-2679451372
Opcode ID: c44e469090c67ae13d2a13ca24766108d45330c1ceb7b572b32620d4845e833c
Instruction ID: 42e26ee7674c61e587b3bee346f73981c436f5b7f7ea14654fc3470444efa83f
Opcode Fuzzy Hash: c44e469090c67ae13d2a13ca24766108d45330c1ceb7b572b32620d4845e833c
Instruction Fuzzy Hash: 86916071A00215AFDB14DFA4DE89FDEBBB8EF08705F10412AF501B72E1DA74A905CB68

Uniqueness

Uniqueness Score: -1.00%

Function 0041FB80, Relevance: 75.6, APIs: 42, Strings: 1, Instructions: 337COMMON

Download Yara Rule

APIs

__vbaStrCopy.MSVBVM60 ref: 0041FBE1
__vbaHresultCheckObj.MSVBVM60(00000000,004018A8,004033B4,00000114), ref: 0041FC0A
__vbaHresultCheckObj.MSVBVM60(00000000,004018A8,004033B4,00000110), ref: 0041FC33
__vbaNew2.MSVBVM60(00403B04,004223CC), ref: 0041FC51
__vbaHresultCheckObj.MSVBVM60(00000000,006DEF84,00403AF4,00000014), ref: 0041FC76
__vbaHresultCheckObj.MSVBVM60(00000000,?,00403B14,00000110), ref: 0041FC9C
__vbaStrMove.MSVBVM60 ref: 0041FCAB
__vbaFreeObj.MSVBVM60 ref: 0041FCB4
__vbaNew2.MSVBVM60(00403B04,004223CC), ref: 0041FCCD
__vbaHresultCheckObj.MSVBVM60(00000000,006DEF84,00403AF4,00000014), ref: 0041FCF2
__vbaHresultCheckObj.MSVBVM60(00000000,?,00403B14,00000130), ref: 0041FD18
__vbaStrMove.MSVBVM60 ref: 0041FD27
__vbaFreeObj.MSVBVM60 ref: 0041FD30
__vbaNew2.MSVBVM60(004028D4,00422010), ref: 0041FD49
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041FD62
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403B24,00000128), ref: 0041FD89
_adj_fdiv_m64.MSVBVM60 ref: 0041FDAE
__vbaFpI4.MSVBVM60(43540000,?,42500000), ref: 0041FDDF
__vbaHresultCheckObj.MSVBVM60(00000000,004018A8,004033B4,000002C0,?,42500000), ref: 0041FE1E
__vbaFreeObj.MSVBVM60(?,42500000), ref: 0041FE23
#538.MSVBVM60(?,000007DB,0000000B,0000000B), ref: 0041FE36
#557.MSVBVM60(?), ref: 0041FE40
__vbaFreeVar.MSVBVM60(?,42500000), ref: 0041FE5D
__vbaNew2.MSVBVM60(00403B04,004223CC), ref: 0041FE7B
__vbaHresultCheckObj.MSVBVM60(00000000,006DEF84,00403AF4,00000014), ref: 0041FEA0
__vbaHresultCheckObj.MSVBVM60(00000000,?,00403B14,000000D8), ref: 0041FEC6
__vbaStrMove.MSVBVM60 ref: 0041FEDB
__vbaFreeObj.MSVBVM60 ref: 0041FEE0
#535.MSVBVM60 ref: 0041FEE6
__vbaVarDup.MSVBVM60 ref: 0041FF02
#667.MSVBVM60(?), ref: 0041FF0C
__vbaStrMove.MSVBVM60 ref: 0041FF17
__vbaFreeVar.MSVBVM60 ref: 0041FF1C
__vbaNew2.MSVBVM60(004028D4,00422010), ref: 0041FF31
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041FF4A
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403BF4,00000078), ref: 0041FF6B
__vbaFreeObj.MSVBVM60 ref: 0041FF76
__vbaFreeStr.MSVBVM60(0041FFC0), ref: 0041FFA9
__vbaFreeStr.MSVBVM60 ref: 0041FFAE
__vbaFreeStr.MSVBVM60 ref: 0041FFB3
__vbaFreeStr.MSVBVM60 ref: 0041FFB8
__vbaFreeStr.MSVBVM60 ref: 0041FFBD

Strings

Udstyringer4, xrefs: 0041FEF4

Memory Dump Source

Source File: 00000000.00000002.1277517703.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1277491525.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1277641723.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1277664800.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vbc.jbxd

Yara matches

Similarity

API ID: __vba$Free$CheckHresult$New2$Move$#535#538#557#667Copy_adj_fdiv_m64
String ID: Udstyringer4
API String ID: 551562340-2591053628
Opcode ID: 63cdb0dfa8a0c355ccc2f7c17e20e77f75bc8f2747198e2dc2c4b9022c052d8b
Instruction ID: a5aed0d19fe336784878571ae7ca05d928afe65cd4deace0b85f95e7370d51d6
Opcode Fuzzy Hash: 63cdb0dfa8a0c355ccc2f7c17e20e77f75bc8f2747198e2dc2c4b9022c052d8b
Instruction Fuzzy Hash: 79C18330A00219ABCB14DFA5DD88EEEBBB8FF48705F108126F505B71A1DB745946CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 0041F300, Relevance: 63.2, APIs: 35, Strings: 1, Instructions: 229COMMON

Download Yara Rule

APIs

__vbaStrCat.MSVBVM60(00403D5C,00403D54), ref: 0041F368
__vbaStrMove.MSVBVM60 ref: 0041F375
__vbaStrCat.MSVBVM60(00403D64,00000000), ref: 0041F37D
__vbaStrMove.MSVBVM60 ref: 0041F384
__vbaFreeStr.MSVBVM60 ref: 0041F38F
#514.MSVBVM60(?,00000002), ref: 0041F397
__vbaStrMove.MSVBVM60 ref: 0041F3A2
__vbaStrCmp.MSVBVM60(00403D64,00000000), ref: 0041F3AA
__vbaFreeStr.MSVBVM60 ref: 0041F3BD
__vbaNew2.MSVBVM60(00403B04,004223CC), ref: 0041F3DA
__vbaHresultCheckObj.MSVBVM60(00000000,006DEF84,00403AF4,00000014), ref: 0041F405
__vbaHresultCheckObj.MSVBVM60(00000000,?,00403B14,000000E8), ref: 0041F433
__vbaStrMove.MSVBVM60 ref: 0041F444
__vbaFreeObj.MSVBVM60 ref: 0041F449
#536.MSVBVM60(?), ref: 0041F45E
__vbaStrMove.MSVBVM60 ref: 0041F469
__vbaFreeVar.MSVBVM60 ref: 0041F46E
#570.MSVBVM60(00000010), ref: 0041F476
__vbaStrCat.MSVBVM60(00403D74,00403D6C), ref: 0041F49C
#632.MSVBVM60(?,?,00000002,00000002), ref: 0041F4BA
__vbaVarTstNe.MSVBVM60(?,?), ref: 0041F4DF
__vbaFreeVarList.MSVBVM60(00000003,00000008,00000002,?), ref: 0041F4F6
__vbaNew2.MSVBVM60(00403B04,004223CC), ref: 0041F51A
__vbaHresultCheckObj.MSVBVM60(00000000,006DEF84,00403AF4,00000014), ref: 0041F53F
__vbaHresultCheckObj.MSVBVM60(00000000,?,00403B14,000000C8), ref: 0041F568
__vbaFreeObj.MSVBVM60 ref: 0041F56D
#613.MSVBVM60(00000002,00000008), ref: 0041F586
__vbaStrVarMove.MSVBVM60(00000002), ref: 0041F590
__vbaStrMove.MSVBVM60 ref: 0041F59B
__vbaFreeVarList.MSVBVM60(00000002,00000008,00000002), ref: 0041F5AA
__vbaFileOpen.MSVBVM60(00000020,000000FF,000000B4,kombinationsuddannelse), ref: 0041F5C1

Strings

kombinationsuddannelse, xrefs: 0041F5B3

Memory Dump Source

Source File: 00000000.00000002.1277517703.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1277491525.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1277641723.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1277664800.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vbc.jbxd

Yara matches

Similarity

API ID: __vba$FreeMove$CheckHresult$ListNew2$#514#536#570#613#632FileOpen
String ID: kombinationsuddannelse
API String ID: 2582689820-1354069041
Opcode ID: bfb987d76cb037c35753d71a0d98b4e7f23534fa03ac59c957fbcf2b9e7831c2
Instruction ID: a29950b4bc2b4324be59e283bf1d2f4ce530db0b89be06039d628a562cf0eba1
Opcode Fuzzy Hash: bfb987d76cb037c35753d71a0d98b4e7f23534fa03ac59c957fbcf2b9e7831c2
Instruction Fuzzy Hash: FC915D71900219AFCB10DFA4DD89EEEBBB8FF58700F10412AE505B72A1DB74594ACFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0041F630, Relevance: 47.5, APIs: 25, Strings: 2, Instructions: 243COMMON

Download Yara Rule

APIs

#610.MSVBVM60(?), ref: 0041F6AA
#610.MSVBVM60(?), ref: 0041F6B0
__vbaVarAdd.MSVBVM60(?,?,?,00000001,00000001), ref: 0041F6D5
#662.MSVBVM60(?,00403DB0,?,00000000), ref: 0041F6E9
__vbaVarTstNe.MSVBVM60(?,?), ref: 0041F70A
__vbaFreeVarList.MSVBVM60(00000004,?,?,?,?), ref: 0041F725
#536.MSVBVM60(?), ref: 0041F746
__vbaStrMove.MSVBVM60 ref: 0041F751
__vbaFreeVar.MSVBVM60 ref: 0041F75A
__vbaNew2.MSVBVM60(00403B04,004223CC), ref: 0041F772
__vbaHresultCheckObj.MSVBVM60(00000000,006DEF84,00403AF4,00000014), ref: 0041F797
__vbaHresultCheckObj.MSVBVM60(00000000,?,00403B14,00000118), ref: 0041F7C4
__vbaI2I4.MSVBVM60 ref: 0041F7D0
__vbaFreeObj.MSVBVM60 ref: 0041F7D9
__vbaNew2.MSVBVM60(004028D4,00422010), ref: 0041F804
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041F81D
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403C4C,00000180), ref: 0041F847
__vbaLateMemCall.MSVBVM60(?,cvJmrvNfRhBzOP3gU202,00000003), ref: 0041F8BF
__vbaFreeObj.MSVBVM60 ref: 0041F8CB
__vbaNew2.MSVBVM60(004028D4,00422010), ref: 0041F8E4
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041F8FD
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403B44,00000134), ref: 0041F946
__vbaFreeObj.MSVBVM60 ref: 0041F94F
__vbaFreeStr.MSVBVM60(0041F998), ref: 0041F988
__vbaFreeObj.MSVBVM60 ref: 0041F991

Strings

cvJmrvNfRhBzOP3gU202, xrefs: 0041F89F
Subfreshman, xrefs: 0041F7F3

Memory Dump Source

Source File: 00000000.00000002.1277517703.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1277491525.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1277641723.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1277664800.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vbc.jbxd

Yara matches

Similarity

API ID: __vba$Free$CheckHresult$New2$#610$#536#662CallLateListMove
String ID: Subfreshman$cvJmrvNfRhBzOP3gU202
API String ID: 214454802-1209823192
Opcode ID: ff7c4b5bb5d7a63940c27be789ff1e68a3964ad2223bad89b4b5de17f0c0472c
Instruction ID: e6ccf02644d90ac4c6ff753b05a46cd74f3712768d0fd5cd73ebe926c54648e6
Opcode Fuzzy Hash: ff7c4b5bb5d7a63940c27be789ff1e68a3964ad2223bad89b4b5de17f0c0472c
Instruction Fuzzy Hash: 01A14D71900219AFCB14DFA5CA49ADEFBB8FF48300F1081AAE549B72A1D7745A85CF94

Uniqueness

Uniqueness Score: -1.00%

Function 00420180, Relevance: 31.7, APIs: 21, Instructions: 171COMMON

Download Yara Rule

APIs

__vbaStrCat.MSVBVM60(00403E3C,00403E3C), ref: 004201DC
#513.MSVBVM60(?,?,00000002), ref: 004201F6
__vbaVarTstNe.MSVBVM60(?,?), ref: 00420212
__vbaFreeVarList.MSVBVM60(00000002,00000008,?), ref: 00420225
#610.MSVBVM60(00000008), ref: 0042023B
#552.MSVBVM60(?,00000008,00000001), ref: 0042024B
__vbaVarMove.MSVBVM60 ref: 00420257
__vbaFreeVar.MSVBVM60 ref: 00420266
#703.MSVBVM60(00000008,000000FF,000000FE,000000FE,000000FE), ref: 00420282
__vbaStrMove.MSVBVM60 ref: 0042028D
__vbaFreeVar.MSVBVM60 ref: 00420296
__vbaNew2.MSVBVM60(00403B04,004223CC), ref: 004202AA
__vbaHresultCheckObj.MSVBVM60(00000000,006DEF84,00403AF4,0000004C), ref: 004202CF
__vbaHresultCheckObj.MSVBVM60(00000000,?,00403BA0,0000002C), ref: 00420319
__vbaFreeObj.MSVBVM60 ref: 00420322
__vbaNew2.MSVBVM60(004028D4,00422010), ref: 0042033B
__vbaObjSet.MSVBVM60(?,00000000), ref: 00420354
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403B44,00000090), ref: 0042037B
__vbaFreeObj.MSVBVM60 ref: 0042038A
__vbaFreeStr.MSVBVM60(004203CB), ref: 004203BB
__vbaFreeVar.MSVBVM60 ref: 004203C4

Memory Dump Source

Source File: 00000000.00000002.1277517703.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1277491525.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1277641723.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1277664800.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vbc.jbxd

Yara matches

Similarity

API ID: __vba$Free$CheckHresult$MoveNew2$#513#552#610#703List
String ID:
API String ID: 1404482011-0
Opcode ID: ee1faf422f3003e15e724cbbd4e7a9879f860b5bc0bc1a6407cdcbead9eb90b6
Instruction ID: 455e4156c59bc49c05f1ecfaae0522823b37e83f2d0480cb3630b870ffa411ee
Opcode Fuzzy Hash: ee1faf422f3003e15e724cbbd4e7a9879f860b5bc0bc1a6407cdcbead9eb90b6
Instruction Fuzzy Hash: DB612870900219EFCB14DFA5DD89EAEBBB8FF48700F20422AE505B72A1DBB45945CF54

Uniqueness

Uniqueness Score: -1.00%

Function 00420570, Relevance: 30.1, APIs: 20, Instructions: 137COMMON

Download Yara Rule

APIs

__vbaStrCopy.MSVBVM60 ref: 004205B3
#538.MSVBVM60(?,000007DB,0000000B,0000000B), ref: 004205C6
#557.MSVBVM60(?), ref: 004205D0
__vbaFreeVar.MSVBVM60 ref: 004205E7
__vbaNew2.MSVBVM60(00403B04,004223CC), ref: 00420608
__vbaHresultCheckObj.MSVBVM60(00000000,006DEF84,00403AF4,00000014), ref: 0042062D
__vbaHresultCheckObj.MSVBVM60(00000000,?,00403B14,000000D8), ref: 00420657
__vbaStrMove.MSVBVM60 ref: 0042066C
__vbaFreeObj.MSVBVM60 ref: 00420671
#535.MSVBVM60 ref: 00420677
__vbaNew2.MSVBVM60(004028D4,00422010), ref: 00420692
__vbaObjSet.MSVBVM60(?,00000000), ref: 004206AB
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403BB0,00000050), ref: 004206CC
#667.MSVBVM60(?), ref: 004206E6
__vbaStrMove.MSVBVM60 ref: 004206F1
__vbaFreeObj.MSVBVM60 ref: 004206F6
__vbaFreeVar.MSVBVM60 ref: 004206FF
__vbaFreeStr.MSVBVM60(0042073F), ref: 00420732
__vbaFreeStr.MSVBVM60 ref: 00420737
__vbaFreeStr.MSVBVM60 ref: 0042073C

Memory Dump Source

Source File: 00000000.00000002.1277517703.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1277491525.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1277641723.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1277664800.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vbc.jbxd

Yara matches

Similarity

API ID: __vba$Free$CheckHresult$MoveNew2$#535#538#557#667Copy
String ID:
API String ID: 1266673281-0
Opcode ID: a0a40541d0cb2a5bf65bc44a6253a56232a0093ff23ddaacd3abd8a7de42d046
Instruction ID: 6607838cf95ba9acda3e8375f94669e30b8eae9e18ec2a34d3024b4591e91aed
Opcode Fuzzy Hash: a0a40541d0cb2a5bf65bc44a6253a56232a0093ff23ddaacd3abd8a7de42d046
Instruction Fuzzy Hash: 8B513D75A00209ABCB14DFA4DD89DDEBBB8EF58701F504126E502B71A0DB746945CF68

Uniqueness

Uniqueness Score: -1.00%

Function 00420DB0, Relevance: 13.6, APIs: 9, Instructions: 83COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401976), ref: 00420DCE
__vbaOnError.MSVBVM60(00000000,?,?,?,?,00401976), ref: 00420E0A
#677.MSVBVM60(00000000,3FF00000,00000000,3FF00000,00000000,40100000,0000000A,0000000A), ref: 00420E50
__vbaFpR8.MSVBVM60 ref: 00420E56
__vbaFreeVarList.MSVBVM60(00000002,0000000A,0000000A), ref: 00420E95
__vbaOnError.MSVBVM60(000000FF,?,?,00401976), ref: 00420EAF
#593.MSVBVM60(0000000A), ref: 00420ECE
__vbaFreeVar.MSVBVM60 ref: 00420EDA
#570.MSVBVM60(000000B2), ref: 00420EF3

Memory Dump Source

Source File: 00000000.00000002.1277517703.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1277491525.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1277641723.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1277664800.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vbc.jbxd

Yara matches

Similarity

API ID: __vba$ErrorFree$#570#593#677ChkstkList
String ID:
API String ID: 520763419-0
Opcode ID: 29ccffa14d2f6d46561f90d1b6c877f61edd806bad138b6a191d7fadbe4608cf
Instruction ID: 9385373380759d1f2a81f6603e13f3a659b7bb5adfd9f0e2d0be6f450aa01169
Opcode Fuzzy Hash: 29ccffa14d2f6d46561f90d1b6c877f61edd806bad138b6a191d7fadbe4608cf
Instruction Fuzzy Hash: E53106B0940308EBEB10DF90DA49BDEBBB4FF04704F208159F645BA2A4D7B91A84CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0041FFF0, Relevance: 12.1, APIs: 8, Instructions: 106COMMON

Download Yara Rule

APIs

__vbaNew2.MSVBVM60(004028D4,00422010), ref: 00420049
__vbaObjSet.MSVBVM60(?,00000000), ref: 00420068
__vbaNew2.MSVBVM60(004028D4,00422010), ref: 00420084
__vbaObjSet.MSVBVM60(?,00000000), ref: 0042009D
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403B44,00000048), ref: 004200BA
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403C3C,000001EC), ref: 004200FA
__vbaFreeStr.MSVBVM60 ref: 00420103
__vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 00420113

Memory Dump Source

Source File: 00000000.00000002.1277517703.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1277491525.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1277641723.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1277664800.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vbc.jbxd

Yara matches

Similarity

API ID: __vba$CheckFreeHresultNew2$List
String ID:
API String ID: 2509323985-0
Opcode ID: cd30ecdf455ebf70ddc73841b7b807069b218e4013ed8a274121516d09e0e728
Instruction ID: ef5bcce86daf7da030ae36ebcd60fcc7aadc9c0573fa85c19dee0fae6f8b9c6d
Opcode Fuzzy Hash: cd30ecdf455ebf70ddc73841b7b807069b218e4013ed8a274121516d09e0e728
Instruction Fuzzy Hash: E0414F70A00214AFDB10DFA8D949F9EBBF8FB08B00F10856AF545F7261D7799945CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00420400, Relevance: 12.1, APIs: 8, Instructions: 101COMMON

Download Yara Rule

APIs

__vbaNew2.MSVBVM60(004028D4,00422010), ref: 00420453
__vbaObjSet.MSVBVM60(?,00000000), ref: 00420472
__vbaNew2.MSVBVM60(004028D4,00422010), ref: 0042048E
__vbaObjSet.MSVBVM60(?,00000000), ref: 004204A7
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403B24,00000148), ref: 004204CA
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403C3C,000001EC), ref: 0042050A
__vbaFreeStr.MSVBVM60 ref: 00420513
__vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 00420523

Memory Dump Source

Source File: 00000000.00000002.1277517703.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1277491525.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1277641723.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1277664800.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vbc.jbxd

Yara matches

Similarity

API ID: __vba$CheckFreeHresultNew2$List
String ID:
API String ID: 2509323985-0
Opcode ID: a2071b61a7202e04b75360936087e2492d7a220808ab2a5d8bbbf419c69bdd20
Instruction ID: c704e87aac97ec993272537ad2146c4f329e7777fe86d18470da97266f9c0404
Opcode Fuzzy Hash: a2071b61a7202e04b75360936087e2492d7a220808ab2a5d8bbbf419c69bdd20
Instruction Fuzzy Hash: 62314F70A00215AFCB10DF68D949F9EBBFCFB08B00F10812AF545F72A1D6789946CB94

Uniqueness

Uniqueness Score: -1.00%

Function 0041F9C0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

__vbaNew2.MSVBVM60(004028D4,00422010), ref: 0041FA03
__vbaObjSet.MSVBVM60(00000000,00000000), ref: 0041FA1C
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403C3C,000001EC), ref: 0041FA64
__vbaFreeObj.MSVBVM60 ref: 0041FA6D

Strings

Protozoers3, xrefs: 0041FA33

Memory Dump Source

Source File: 00000000.00000002.1277517703.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1277491525.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1277641723.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1277664800.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vbc.jbxd

Yara matches

Similarity

API ID: __vba$CheckFreeHresultNew2
String ID: Protozoers3
API String ID: 1645334062-1714416233
Opcode ID: a2ed4e6f40a7f87e8801078197837dc667b6f619a83d610d88e2f7c91abc8a6d
Instruction ID: 8f8059133f9f25bf57fe36c0ac1d84c7846eea6178015834385b3913e1d2ed5f
Opcode Fuzzy Hash: a2ed4e6f40a7f87e8801078197837dc667b6f619a83d610d88e2f7c91abc8a6d
Instruction Fuzzy Hash: BB118E70A40205AFD710DF68CA49F9ABBB8FB08701F108139F945F3290D3789946CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0041FAA0, Relevance: 6.1, APIs: 4, Instructions: 55COMMON

Download Yara Rule

APIs

__vbaNew2.MSVBVM60(004028D4,00422010), ref: 0041FAE3
__vbaObjSet.MSVBVM60(00000000,00000000), ref: 0041FAFC
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403B84,000001D0), ref: 0041FB3F
__vbaFreeObj.MSVBVM60 ref: 0041FB48

Memory Dump Source

Source File: 00000000.00000002.1277517703.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1277491525.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1277641723.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1277664800.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_vbc.jbxd

Yara matches

Similarity

API ID: __vba$CheckFreeHresultNew2
String ID:
API String ID: 1645334062-0
Opcode ID: 343723605564e5551143048d35fc541db7b513a0b87d67b4c4d2a0c0584f40a7
Instruction ID: 7ec4e4469cbc53c64ea6f1f8346515a4eaf6af61a8bbf4ba1369729cb2954dd8
Opcode Fuzzy Hash: 343723605564e5551143048d35fc541db7b513a0b87d67b4c4d2a0c0584f40a7
Instruction Fuzzy Hash: 531191B4A00305AFD710DF68CA49F9ABBB8FB08700F108539F945F3690D7786945CBA9

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report vbc.exe.vir

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: GuLoader

Yara Overview

Initial Sample

Memory Dumps

Unpacked PEs

Sigma Overview

Signature Overview

AV Detection:

Compliance:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Network Behavior

Code Manipulations

Statistics

CPU Usage

Memory Usage

System Behavior

Analysis Process: vbc.exe.exe PID: 3564 Parent PID: 5576

General

Chronological Activities

Disassembly

Code Analysis

Function 00405607, Relevance: 12.2, APIs: 1, Strings: 7, Instructions: 222
memoryCOMMONCrypto

Function 022B6A34, Relevance: 1.7, APIs: 1, Instructions: 177
memorynativeCOMMON

Function 022B6AD4, Relevance: 1.6, APIs: 1, Instructions: 140
memorynativeCOMMON

Function 022B6B59, Relevance: 1.6, APIs: 1, Instructions: 136
memorynativeCOMMON

Function 022B69E4, Relevance: 1.6, APIs: 1, Instructions: 126
memorynativeCOMMON

Function 022B699A, Relevance: 1.6, APIs: 1, Instructions: 110
memorynativeCOMMON

Function 022B69AE, Relevance: 1.6, APIs: 1, Instructions: 108
memorynativeCOMMON

Function 022B6C02, Relevance: 1.6, APIs: 1, Instructions: 100
memorynativeCOMMON

Function 022B6A99, Relevance: 1.6, APIs: 1, Instructions: 83
memorynativeCOMMON

Function 022B6BCC, Relevance: 1.5, APIs: 1, Instructions: 43
memorynativeCOMMON

Function 00420760, Relevance: 61.4, APIs: 30, Strings: 5, Instructions: 193
COMMON

Function 0041EF80, Relevance: 45.3, APIs: 30, Instructions: 254
COMMON

Function 00401C10, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23
COMMON