Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report 2FQhmYZME4.exe

Overview

General Information

Sample Name:2FQhmYZME4.exe
Analysis ID:431752
MD5:196b3c910b8d74c5916029f6eb037d5d
SHA1:37968cade61e54ce0c4ec24e83c35fadd583019f
SHA256:4f6b4079a3f1b56421cbca34d112ba6a867ff8a6bd706010bfe931ac6d635361
Tags:exeGuLoader
Infos:

Most interesting Screenshot:

Detection

GuLoader
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Potential malicious icon found
Yara detected GuLoader
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found potential dummy code loops (likely to delay analysis)
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Creates a DirectInput object (often for capturing keystrokes)
Detected potential crypto function
PE file contains strange resources
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 2FQhmYZME4.exe (PID: 6960 cmdline: 'C:\Users\user\Desktop\2FQhmYZME4.exe' MD5: 196B3C910B8D74C5916029F6EB037D5D)
  • cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "http://myurl/myfile.bin"}

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
2FQhmYZME4.exeJoeSecurity_GuLoader_1Yara detected GuLoaderJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000001.00000000.645109161.0000000000401000.00000020.00020000.sdmpJoeSecurity_GuLoader_1Yara detected GuLoaderJoe Security
      00000001.00000002.1167637296.0000000000401000.00000020.00020000.sdmpJoeSecurity_GuLoader_1Yara detected GuLoaderJoe Security

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        1.0.2FQhmYZME4.exe.400000.0.unpackJoeSecurity_GuLoader_1Yara detected GuLoaderJoe Security
          1.2.2FQhmYZME4.exe.400000.0.unpackJoeSecurity_GuLoader_1Yara detected GuLoaderJoe Security

            Sigma Overview

            No Sigma rule has matched

            Signature Overview

            Click to jump to signature section

            Show All Signature Results

            AV Detection:

            barindex
            Found malware configurationShow sources
            Source: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmpMalware Configuration Extractor: GuLoader {"Payload URL": "http://myurl/myfile.bin"}
            Multi AV Scanner detection for submitted fileShow sources
            Source: 2FQhmYZME4.exeVirustotal: Detection: 26%Perma Link
            Source: 2FQhmYZME4.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

            Networking:

            barindex
            C2 URLs / IPs found in malware configurationShow sources
            Source: Malware configuration extractorURLs: http://myurl/myfile.bin
            Source: 2FQhmYZME4.exe, 00000001.00000002.1167821842.00000000006AA000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

            System Summary:

            barindex
            Potential malicious icon foundShow sources
            Source: initial sampleIcon embedded in PE file: bad icon match: 20047c7c70f0e004
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeProcess Stats: CPU usage > 98%
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C06AA2 NtAllocateVirtualMemory,1_2_02C06AA2
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C06AA7 NtAllocateVirtualMemory,1_2_02C06AA7
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C06BB7 NtAllocateVirtualMemory,1_2_02C06BB7
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C06B1B NtAllocateVirtualMemory,1_2_02C06B1B
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C06CCD NtAllocateVirtualMemory,1_2_02C06CCD
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C06AA2 NtAllocateVirtualMemory,1_2_02C06AA2
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C06C71 NtAllocateVirtualMemory,1_2_02C06C71
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_0040560F1_2_0040560F
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_00401C101_2_00401C10
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C06AA21_2_02C06AA2
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C05AD51_2_02C05AD5
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C056DD1_2_02C056DD
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C012F11_2_02C012F1
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0A6F11_2_02C0A6F1
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C032F51_2_02C032F5
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C00EF71_2_02C00EF7
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C046A11_2_02C046A1
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0A6A51_2_02C0A6A5
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C06AA71_2_02C06AA7
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C016A91_2_02C016A9
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0A6AA1_2_02C0A6AA
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C072AF1_2_02C072AF
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C066B01_2_02C066B0
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C09EB31_2_02C09EB3
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C052B71_2_02C052B7
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C066BB1_2_02C066BB
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C046451_2_02C04645
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0AA451_2_02C0AA45
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C01E4B1_2_02C01E4B
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C05A4E1_2_02C05A4E
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0565F1_2_02C0565F
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C03A6A1_2_02C03A6A
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C01E6D1_2_02C01E6D
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0AA7E1_2_02C0AA7E
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0521E1_2_02C0521E
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0162D1_2_02C0162D
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C072311_2_02C07231
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0A63C1_2_02C0A63C
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C037D51_2_02C037D5
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C037D71_2_02C037D7
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C05BE01_2_02C05BE0
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C013E91_2_02C013E9
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C03BEF1_2_02C03BEF
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0A6A51_2_02C0A6A5
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C05B851_2_02C05B85
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0A7961_2_02C0A796
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C053B91_2_02C053B9
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0A7BA1_2_02C0A7BA
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0A7521_2_02C0A752
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C057631_2_02C05763
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C03B661_2_02C03B66
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0136A1_2_02C0136A
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C06F781_2_02C06F78
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C053001_2_02C05300
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0AB0D1_2_02C0AB0D
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C03B0E1_2_02C03B0E
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C017291_2_02C01729
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0333E1_2_02C0333E
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C008C81_2_02C008C8
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C038C91_2_02C038C9
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0A8D91_2_02C0A8D9
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C058E41_2_02C058E4
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C070E61_2_02C070E6
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C044EA1_2_02C044EA
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C058F61_2_02C058F6
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C06AA21_2_02C06AA2
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C070851_2_02C07085
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0108B1_2_02C0108B
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C050991_2_02C05099
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C054B01_2_02C054B0
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C014B51_2_02C014B5
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0A8421_2_02C0A842
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C014461_2_02C01446
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C038461_2_02C03846
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C084531_2_02C08453
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C05C6C1_2_02C05C6C
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C070771_2_02C07077
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0587D1_2_02C0587D
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C010011_2_02C01001
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C058121_2_02C05812
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0543B1_2_02C0543B
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C055C51_2_02C055C5
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C00DCB1_2_02C00DCB
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C071CE1_2_02C071CE
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C039D31_2_02C039D3
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C071D51_2_02C071D5
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0B5E71_2_02C0B5E7
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C011ED1_2_02C011ED
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C00DFF1_2_02C00DFF
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C051851_2_02C05185
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C071941_2_02C07194
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C045A31_2_02C045A3
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C015AF1_2_02C015AF
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0A9B71_2_02C0A9B7
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C059BD1_2_02C059BD
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0A9421_2_02C0A942
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C055551_2_02C05555
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0B55A1_2_02C0B55A
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0395D1_2_02C0395D
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C015621_2_02C01562
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0B56A1_2_02C0B56A
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C011791_2_02C01179
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C05D061_2_02C05D06
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0A90B1_2_02C0A90B
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C045151_2_02C04515
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0111D1_2_02C0111D
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0AD1E1_2_02C0AD1E
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C059231_2_02C05923
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C051251_2_02C05125
            Source: 2FQhmYZME4.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: 2FQhmYZME4.exe, 00000001.00000002.1168321386.00000000023C0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs 2FQhmYZME4.exe
            Source: 2FQhmYZME4.exe, 00000001.00000002.1167671564.0000000000424000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameChanneled1.exe vs 2FQhmYZME4.exe
            Source: 2FQhmYZME4.exeBinary or memory string: OriginalFilenameChanneled1.exe vs 2FQhmYZME4.exe
            Source: 2FQhmYZME4.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
            Source: classification engineClassification label: mal92.rans.troj.evad.winEXE@1/0@0/0
            Source: 2FQhmYZME4.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: 2FQhmYZME4.exeVirustotal: Detection: 26%

            Data Obfuscation:

            barindex
            Yara detected GuLoaderShow sources
            Source: Yara matchFile source: 2FQhmYZME4.exe, type: SAMPLE
            Source: Yara matchFile source: 00000001.00000000.645109161.0000000000401000.00000020.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1167637296.0000000000401000.00000020.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 1.0.2FQhmYZME4.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.2FQhmYZME4.exe.400000.0.unpack, type: UNPACKEDPE
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_00409E58 push eax; retf 1_2_00409E61
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_00406826 push ebx; ret 1_2_00406830
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_004094F4 pushfd ; ret 1_2_004094F5
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_00408355 push edx; ret 1_2_0040835C
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_00408B1F push edx; ret 1_2_00408B58
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_00406580 push ebx; retf 1_2_00406590
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_004031A9 push dword ptr [ebp-44h]; ret 1_2_0041EC24
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion:

            barindex
            Contains functionality to detect hardware virtualization (CPUID execution measurement)Show sources
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C032F5 1_2_02C032F5
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0A6A5 1_2_02C0A6A5
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C052B7 1_2_02C052B7
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C03A6A 1_2_02C03A6A
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0521E 1_2_02C0521E
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C037D5 1_2_02C037D5
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C037D7 1_2_02C037D7
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0A6A5 1_2_02C0A6A5
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C05300 1_2_02C05300
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C038C9 1_2_02C038C9
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C05099 1_2_02C05099
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C03846 1_2_02C03846
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C08453 1_2_02C08453
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C00DCB 1_2_02C00DCB
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C039D3 1_2_02C039D3
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C05185 1_2_02C05185
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0AD9B 1_2_02C0AD9B
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0395D 1_2_02C0395D
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0AD1E 1_2_02C0AD1E
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C05125 1_2_02C05125
            Detected RDTSC dummy instruction sequence (likely for instruction hammering)Show sources
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeRDTSC instruction interceptor: First address: 0000000002C09FB8 second address: 0000000002C09FB8 instructions:
            Tries to detect virtualization through RDTSC time measurementsShow sources
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeRDTSC instruction interceptor: First address: 0000000002C098FF second address: 0000000002C098FF instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b mov byte ptr [edx+ecx], al 0x0000000e inc ecx 0x0000000f jne 00007F366037329Dh 0x00000011 mov al, byte ptr [edx+ecx] 0x00000014 add ebx, esi 0x00000016 xor al, byte ptr [ebx] 0x00000018 sub ebx, esi 0x0000001a inc ebx 0x0000001b jne 00007F36603732C6h 0x0000001d pushad 0x0000001e lfence 0x00000021 rdtsc
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeRDTSC instruction interceptor: First address: 0000000002C09FB8 second address: 0000000002C09FB8 instructions:
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeRDTSC instruction interceptor: First address: 0000000002C09CD6 second address: 0000000002C09CD6 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 35C87548h 0x00000007 xor eax, 95C7301Ch 0x0000000c add eax, 0F544615h 0x00000011 add eax, 509C7498h 0x00000016 cpuid 0x00000018 jmp 00007F36603732FAh 0x0000001a cmp cl, cl 0x0000001c popad 0x0000001d call 00007F36603732C8h 0x00000022 lfence 0x00000025 mov edx, D838CC93h 0x0000002a add edx, 4B48768Eh 0x00000030 add edx, CBB48C4Bh 0x00000036 xor edx, 90CBCF78h 0x0000003c mov edx, dword ptr [edx] 0x0000003e lfence 0x00000041 jmp 00007F36603732FAh 0x00000043 cmp edx, C46AF604h 0x00000049 ret 0x0000004a sub edx, esi 0x0000004c ret 0x0000004d cmp bx, bx 0x00000050 add edi, edx 0x00000052 dec dword ptr [ebp+000000F8h] 0x00000058 cmp dword ptr [ebp+000000F8h], 00000000h 0x0000005f jne 00007F36603732A9h 0x00000061 call 00007F3660373322h 0x00000066 call 00007F3660373325h 0x0000006b lfence 0x0000006e mov edx, D838CC93h 0x00000073 add edx, 4B48768Eh 0x00000079 add edx, CBB48C4Bh 0x0000007f xor edx, 90CBCF78h 0x00000085 mov edx, dword ptr [edx] 0x00000087 lfence 0x0000008a jmp 00007F36603732FAh 0x0000008c cmp edx, C46AF604h 0x00000092 ret 0x00000093 mov esi, edx 0x00000095 pushad 0x00000096 rdtsc
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0B6C1 rdtsc 1_2_02C0B6C1
            Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected

            Anti Debugging:

            barindex
            Found potential dummy code loops (likely to delay analysis)Show sources
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeProcess Stats: CPU usage > 90% for more than 60s
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0B6C1 rdtsc 1_2_02C0B6C1
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0A6F1 mov eax, dword ptr fs:[00000030h]1_2_02C0A6F1
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0A6A5 mov eax, dword ptr fs:[00000030h]1_2_02C0A6A5
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0A6AA mov eax, dword ptr fs:[00000030h]1_2_02C0A6AA
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0A63C mov eax, dword ptr fs:[00000030h]1_2_02C0A63C
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C08FC3 mov eax, dword ptr fs:[00000030h]1_2_02C08FC3
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C037D5 mov eax, dword ptr fs:[00000030h]1_2_02C037D5
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0A6A5 mov eax, dword ptr fs:[00000030h]1_2_02C0A6A5
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0A796 mov eax, dword ptr fs:[00000030h]1_2_02C0A796
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C0A752 mov eax, dword ptr fs:[00000030h]1_2_02C0A752
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C044EA mov eax, dword ptr fs:[00000030h]1_2_02C044EA
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C09956 mov eax, dword ptr fs:[00000030h]1_2_02C09956
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C06570 mov eax, dword ptr fs:[00000030h]1_2_02C06570
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C04515 mov eax, dword ptr fs:[00000030h]1_2_02C04515
            Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
            Source: 2FQhmYZME4.exe, 00000001.00000002.1167862225.0000000000D70000.00000002.00000001.sdmpBinary or memory string: Program Manager
            Source: 2FQhmYZME4.exe, 00000001.00000002.1167862225.0000000000D70000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
            Source: 2FQhmYZME4.exe, 00000001.00000002.1167862225.0000000000D70000.00000002.00000001.sdmpBinary or memory string: Progman
            Source: 2FQhmYZME4.exe, 00000001.00000002.1167862225.0000000000D70000.00000002.00000001.sdmpBinary or memory string: Progmanlock
            Source: C:\Users\user\Desktop\2FQhmYZME4.exeCode function: 1_2_02C09968 cpuid 1_2_02C09968

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection1Virtualization/Sandbox Evasion11Input Capture1Security Software Discovery41Remote ServicesInput Capture1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
            Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection1LSASS MemoryVirtualization/Sandbox Evasion11Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothApplication Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information1Security Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Information Discovery311Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.

            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            2FQhmYZME4.exe26%VirustotalBrowse

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://myurl/myfile.bin0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            No contacted domains info

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://myurl/myfile.bintrue
            • Avira URL Cloud: safe
            		low

            Contacted IPs

            No contacted IP infos

            General Information

            Joe Sandbox Version:32.0.0 Black Diamond
            Analysis ID:431752
            Start date:09.06.2021
            Start time:08:48:15
            Joe Sandbox Product:CloudBasic
            Overall analysis duration:0h 7m 32s
            Hypervisor based Inspection enabled:false
            Report type:full
            Sample file name:2FQhmYZME4.exe
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
            Number of analysed new started processes analysed:19
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • HDC enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Detection:MAL
            Classification:mal92.rans.troj.evad.winEXE@1/0@0/0
            EGA Information:Failed
            HDC Information:Failed
            HCA Information:Failed
            Cookbook Comments:
            • Adjust boot time
            • Enable AMSI
            • Found application associated with file extension: .exe
            • Override analysis time to 240s for sample files taking high CPU consumption
            Warnings:
            Show All
            • Exclude process from analysis (whitelisted): taskhostw.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, UsoClient.exe, wuapihost.exe

            Simulations

            Behavior and APIs

            No simulations

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASN

            No context

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            No created / dropped files found

            Static File Info

            General

            File type:PE32 executable (GUI) Intel 80386, for MS Windows
            Entropy (8bit):5.650237570705559
            TrID:
            • Win32 Executable (generic) a (10002005/4) 99.15%
            • Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81%
            • Generic Win/DOS Executable (2004/3) 0.02%
            • DOS Executable Generic (2002/1) 0.02%
            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
            File name:2FQhmYZME4.exe
            File size:147456
            MD5:196b3c910b8d74c5916029f6eb037d5d
            SHA1:37968cade61e54ce0c4ec24e83c35fadd583019f
            SHA256:4f6b4079a3f1b56421cbca34d112ba6a867ff8a6bd706010bfe931ac6d635361
            SHA512:94197b2135bf0317494a30c1e800b3dba1fcc0a76299627f2361cfadafbf245dca47b8abbe9530d94f1b65013d5eccffe1e11af241c44425870553be6660d95c
            SSDEEP:1536:IFXJHkDZ+2HdXrK5feyoSP+6a3bQQ6GaXSt4lY5YGw12IjqQRsk:CJiUEXrKIIPcl6o4lBGw12IuMsk
            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#...B...B...B..L^...B...`...B...d...B..Rich.B..........PE..L......M.....................0............... ....@................

            File Icon

            Icon Hash:20047c7c70f0e004

            Static PE Info

            General

            Entrypoint:0x401c10
            Entrypoint Section:.text
            Digitally signed:false
            Imagebase:0x400000
            Subsystem:windows gui
            Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
            DLL Characteristics:
            Time Stamp:0x4DF9EBE1 [Thu Jun 16 11:41:21 2011 UTC]
            TLS Callbacks:
            CLR (.Net) Version:
            OS Version Major:4
            OS Version Minor:0
            File Version Major:4
            File Version Minor:0
            Subsystem Version Major:4
            Subsystem Version Minor:0
            Import Hash:9b8686288ab82fdbf8ede30bc55c83b7

            Entrypoint Preview

            Instruction
            push 00401FE0h
            call 00007F3660A839B5h
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            xor byte ptr [eax], al
            add byte ptr [eax], al
            inc eax
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax-79h], bh
            daa
            mov ecx, 458AEB90h
            xchg eax, esp
            mov ecx, 6720C397h
            lodsb
            sbb al, byte ptr [eax]
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [ecx], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add al, bh
            je 00007F3660A839BBh
            add dh, byte ptr [esi+61h]
            outsb
            jbe 00007F3660A83A35h
            imul esi, dword ptr [ebx+76h], 61h
            outsb
            add byte ptr fs:[eax], cl
            inc ecx
            add byte ptr [eax], al
            add byte ptr [eax], al
            add bh, bh
            int3
            xor dword ptr [eax], eax
            bswap edi
            into
            insd
            outsd
            or dh, ah
            movsb
            inc edi
            test eax, 7072E7DFh
            inc ecx
            xchg eax, esp
            jle 00007F3660A83962h
            pop eax
            xor byte ptr [ecx-32h], cl
            jle 00007F3660A83A04h
            scasd
            mov word ptr [ecx], gs
            pop ds
            xchg eax, esp
            jbe 00007F3660A83A09h
            cmp cl, byte ptr [edi-53h]
            xor ebx, dword ptr [ecx-48EE309Ah]
            or al, 00h
            stosb
            add byte ptr [eax-2Dh], ah
            xchg eax, ebx
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            mov esi, 61000002h
            add byte ptr [eax], al
            add byte ptr [eax], al
            or dword ptr [eax], eax
            push edi
            inc ebp
            inc ecx
            dec esp
            push esp
            dec eax
            inc esi
            push ebp
            dec esp
            add byte ptr [53001501h], cl
            push esp
            push edx
            pop ecx
            dec ebx

            Data Directories

            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IMPORT0x20ea40x28.text
            IMAGE_DIRECTORY_ENTRY_RESOURCE0x240000x950.rsrc
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x2280x20
            IMAGE_DIRECTORY_ENTRY_IAT0x10000x1c4.text
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

            Sections

            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x10000x205680x21000False0.359463778409data5.90249486753IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            .data0x220000x12500x1000False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
            .rsrc0x240000x9500x1000False0.17138671875data2.02462742549IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

            Resources

            NameRVASizeTypeLanguageCountry
            RT_ICON0x248200x130data
            RT_ICON0x245380x2e8data
            RT_ICON0x244100x128GLS_BINARY_LSB_FIRST
            RT_GROUP_ICON0x243e00x30data
            RT_VERSION0x241500x290MS Windows COFF PA-RISC object fileEnglishUnited States

            Imports

            DLLImport
            MSVBVM60.DLL_CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaRecAnsiToUni, __vbaStrCat, __vbaSetSystemError, __vbaRecDestruct, __vbaHresultCheckObj, __vbaLenBstrB, _adj_fdiv_m32, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaCyStr, __vbaFpR8, __vbaVarTstLt, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaAryConstruct2, __vbaObjVar, __vbaI2I4, DllFunctionCall, _adj_fpatan, __vbaLateIdCallLd, __vbaRecUniToAnsi, EVENT_SINK_Release, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaFpCmpCy, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaFileOpen, __vbaNew2, __vbaInStr, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaVarAdd, __vbaLateMemCall, __vbaVarDup, __vbaStrToAnsi, __vbaFpI4, __vbaLateMemCallLd, __vbaRecDestructAnsi, _CIatan, __vbaStrMove, __vbaCastObj, _allmul, __vbaLateIdSt, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr

            Version Infos

            DescriptionData
            Translation0x0409 0x04b0
            InternalNameChanneled1
            FileVersion1.00
            CompanyNameMortagage
            CommentsMortagage
            ProductNameMortagage
            ProductVersion1.00
            FileDescriptionMortagage
            OriginalFilenameChanneled1.exe

            Possible Origin

            Language of compilation systemCountry where language is spokenMap
            EnglishUnited States

            Network Behavior

            No network behavior found

            Code Manipulations

            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            System Behavior

            Analysis Process: 2FQhmYZME4.exe PID: 6960 Parent PID: 5796

            General

            Start time:08:49:02
            Start date:09/06/2021
            Path:C:\Users\user\Desktop\2FQhmYZME4.exe
            Wow64 process (32bit):true
            Commandline:'C:\Users\user\Desktop\2FQhmYZME4.exe'
            Imagebase:0x400000
            File size:147456 bytes
            MD5 hash:196B3C910B8D74C5916029F6EB037D5D
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:Visual Basic
            Yara matches:
            • Rule: JoeSecurity_GuLoader_1, Description: Yara detected GuLoader, Source: 00000001.00000000.645109161.0000000000401000.00000020.00020000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_GuLoader_1, Description: Yara detected GuLoader, Source: 00000001.00000002.1167637296.0000000000401000.00000020.00020000.sdmp, Author: Joe Security
            Reputation:low

            Chronological Activities

            Disassembly

            Code Analysis

            Reset < >

              Analysis Process: 2FQhmYZME4.exe PID: 6960 Parent PID: 5796 2FQhmYZME4.exeCOMMON

              Executed Functions

              Function 0040560F, Relevance: 10.7, APIs: 1, Strings: 6, Instructions: 224memoryCOMMON
              Download Yara Rule
              APIs
              • VirtualAlloc.KERNELBASE(00000000,00011000,-0000000181EDDA4D,-000000019E17BB68), ref: 004058C2
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1167637296.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.1167629721.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.1167663876.0000000000422000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.1167671564.0000000000424000.00000002.00020000.sdmp Download File
              Yara matches
              Similarity
              • API ID: AllocVirtual
              • String ID: &$@$B$M$g$i
              • API String ID: 4275171209-2821872231
              • Opcode ID: da84e44af8f14611bd754cdb7c49e2ac208ed4d144c6e94c5d52257a4b3ab944
              • Instruction ID: 0f9c7f05aebde5f013560356427a5822ec956812a20a820e01acb2bd2285c388
              • Opcode Fuzzy Hash: da84e44af8f14611bd754cdb7c49e2ac208ed4d144c6e94c5d52257a4b3ab944
              • Instruction Fuzzy Hash: 6251CC512A67854AFF781434D6E173F1116EB9A700F70AE3BC553EAECADA2EC4C14623
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00401C10, Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 606COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1167637296.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.1167629721.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.1167663876.0000000000422000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.1167671564.0000000000424000.00000002.00020000.sdmp Download File
              Yara matches
              Similarity
              • API ID: #100
              • String ID: VB5!6&*
              • API String ID: 1341478452-3593831657
              • Opcode ID: 5db43764b623bf388b4102bbf79ac74f1abfd55820cb64c34b3379b87138b989
              • Instruction ID: 7829ea0dc8c588223b4a5f6d1bccf63e5c0d65e10b7ead7dbb38770f08cbca38
              • Opcode Fuzzy Hash: 5db43764b623bf388b4102bbf79ac74f1abfd55820cb64c34b3379b87138b989
              • Instruction Fuzzy Hash: F602526144E7C28FC3178B709CA66A27FB4EE1321431A45EBC8C1CE4F3E22D595AD766
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C06AA7, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 200memorynativeCOMMON
              Download Yara Rule
              APIs
              • NtAllocateVirtualMemory.NTDLL(-23776A7D), ref: 02C06D08
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID: AllocateMemoryVirtual
              • String ID: 8)r^
              • API String ID: 2167126740-2996639162
              • Opcode ID: 0037192d09949a17eeeecf0f63c258bc7866d6ea57477c223c61e59d7f704172
              • Instruction ID: 2322829bece422b0a92bcd0ee281d76848c1c41fda27abf054753a4ca1e5b083
              • Opcode Fuzzy Hash: 0037192d09949a17eeeecf0f63c258bc7866d6ea57477c223c61e59d7f704172
              • Instruction Fuzzy Hash: 645168B54582C5DBCB649F36CCC67FE3BA9EF16304F40021DDC8A9B256E2318615CB9A
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C06B1B, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 194memorynativeCOMMON
              Download Yara Rule
              APIs
              • NtAllocateVirtualMemory.NTDLL(-23776A7D), ref: 02C06D08
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID: AllocateMemoryVirtual
              • String ID: 8)r^
              • API String ID: 2167126740-2996639162
              • Opcode ID: 6406c18d0afa887825a29181a8ec730ffa4f7630e5af1df3ccf425b9c7810b8c
              • Instruction ID: e14936e948d27d6be37950c0e2bb6f085b61678d3314357a80cc4e4124be91b3
              • Opcode Fuzzy Hash: 6406c18d0afa887825a29181a8ec730ffa4f7630e5af1df3ccf425b9c7810b8c
              • Instruction Fuzzy Hash: 105139B54582C4DBCB649F358CC67FE3BA9EF06315F40021DDC8A9B256E2318616C79A
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C06AA2, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 171memorynativeCOMMON
              Download Yara Rule
              APIs
              • NtAllocateVirtualMemory.NTDLL(-23776A7D), ref: 02C06D08
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID: AllocateMemoryVirtual
              • String ID: 8)r^
              • API String ID: 2167126740-2996639162
              • Opcode ID: 42cc1e5a623358fa2112c0d890f44cd3da1178982269e4108f16829fd1f2f449
              • Instruction ID: 3f036a2ab6b76fb118a036cf9eb9f665d67830d327c8a56a4d257b596c296ef2
              • Opcode Fuzzy Hash: 42cc1e5a623358fa2112c0d890f44cd3da1178982269e4108f16829fd1f2f449
              • Instruction Fuzzy Hash: EA5133B05082C5DBDB249F36CC857FA3AA5EF1A304F40022DDC8A9B256E7318A55CB96
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C06BB7, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 164memorynativeCOMMON
              Download Yara Rule
              APIs
              • NtAllocateVirtualMemory.NTDLL(-23776A7D), ref: 02C06D08
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID: AllocateMemoryVirtual
              • String ID: 8)r^
              • API String ID: 2167126740-2996639162
              • Opcode ID: a4fa171b5876c3f2450b7546901aa0888b7b1afb6d7df1e7240b8a2f2839e5bd
              • Instruction ID: 69587c23697d84727b9d8465a2de7b040a8c1429a9cc38b3109a0df4e9802701
              • Opcode Fuzzy Hash: a4fa171b5876c3f2450b7546901aa0888b7b1afb6d7df1e7240b8a2f2839e5bd
              • Instruction Fuzzy Hash: 105125B54542C4D7CF20DF36CCC67F93BA9EF06305F44025DEC8A9B246E23186268799
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C06C71, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 134memorynativeCOMMON
              Download Yara Rule
              APIs
              • NtAllocateVirtualMemory.NTDLL(-23776A7D), ref: 02C06D08
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID: AllocateMemoryVirtual
              • String ID: 8)r^
              • API String ID: 2167126740-2996639162
              • Opcode ID: 033a0804c43402baf3c6c400330e43f12abc7ad8d1362c67059d95e3adb46e6f
              • Instruction ID: 394eb3c1afe648bbd4cb9713fc8a8808eee988b908f93114534b20118d8f9a3d
              • Opcode Fuzzy Hash: 033a0804c43402baf3c6c400330e43f12abc7ad8d1362c67059d95e3adb46e6f
              • Instruction Fuzzy Hash: B83139A54942C4D6CF60DF368CC67F93B69EF07215F84035EECC55A247F231862686A9
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C06CCD, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 130memorynativeCOMMON
              Download Yara Rule
              APIs
              • NtAllocateVirtualMemory.NTDLL(-23776A7D), ref: 02C06D08
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID: AllocateMemoryVirtual
              • String ID: 8)r^
              • API String ID: 2167126740-2996639162
              • Opcode ID: d238d02457340e74ce467a276301f668fe94d788b8854b960a9e0401bfd60cf1
              • Instruction ID: 386a2f4abca7b8249fee8c70d6e1c28fa3624c16ee664254ea97449a3d7800fe
              • Opcode Fuzzy Hash: d238d02457340e74ce467a276301f668fe94d788b8854b960a9e0401bfd60cf1
              • Instruction Fuzzy Hash: D33126A54A42C0D6CF61DF368CC66F93B68DF07215F44035DECC55A197F132822682E9
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00403116, Relevance: 493.0, APIs: 250, Strings: 30, Instructions: 3000COMMON
              Download Yara Rule
              APIs
              • __vbaChkstk.MSVBVM60(?,00401976), ref: 004131AE
              • __vbaAryConstruct2.MSVBVM60(?,00403D04,00000011,?,?,?,?,00401976), ref: 004131FA
              • __vbaAryConstruct2.MSVBVM60(?,00403D20,00000002,?,?,?,?,00401976), ref: 0041320E
              • __vbaVarDup.MSVBVM60 ref: 0041323B
              • #591.MSVBVM60(?), ref: 00413248
              • __vbaStrMove.MSVBVM60 ref: 00413256
              • __vbaStrCat.MSVBVM60(00403B00,Strin,00000000), ref: 00413267
              • __vbaStrMove.MSVBVM60 ref: 00413275
              • __vbaStrCmp.MSVBVM60(00000000), ref: 0041327C
              • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 004132A1
              • __vbaFreeVar.MSVBVM60(?,?,00401976), ref: 004132B0
              • __vbaNew2.MSVBVM60(00403B24,004223CC,?,?,Function_00001976), ref: 004132DF
              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403B14,00000014), ref: 00413348
              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403B34,000000E8), ref: 004133B1
              • __vbaStrMove.MSVBVM60 ref: 004133EB
              • __vbaFreeObj.MSVBVM60 ref: 004133F7
              • #702.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE), ref: 00413427
              • __vbaStrMove.MSVBVM60 ref: 00413435
              • __vbaFreeVar.MSVBVM60 ref: 00413441
              • __vbaNew2.MSVBVM60(004028D8,00422010), ref: 00413468
              • __vbaObjSet.MSVBVM60(?,00000000), ref: 004134A5
              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403B44,000000F8), ref: 004134F6
              • __vbaNew2.MSVBVM60(004028D8,00422010), ref: 00413521
              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041355E
              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403B54,000000F0), ref: 004135AF
              • __vbaNew2.MSVBVM60(004028D8,00422010), ref: 004135DA
              • __vbaObjSet.MSVBVM60(?,00000000), ref: 00413617
              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403B64,00000100), ref: 00413668
              • __vbaNew2.MSVBVM60(00403B24,004223CC), ref: 00413693
              • __vbaChkstk.MSVBVM60(?), ref: 00413749
              • __vbaChkstk.MSVBVM60(?), ref: 00413778
              • __vbaChkstk.MSVBVM60(?), ref: 004137A7
              • __vbaChkstk.MSVBVM60(?), ref: 004137D6
              • __vbaChkstk.MSVBVM60(?), ref: 00413805
              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403B14,00000044), ref: 00413867
              • __vbaChkstk.MSVBVM60 ref: 004138B0
              • __vbaLateIdSt.MSVBVM60(?,00000000), ref: 004138E3
              • __vbaFreeObjList.MSVBVM60(00000003,?,?,?), ref: 00413900
              • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?,?,?,?,Function_00001976), ref: 00413919
              • #585.MSVBVM60(00000000,00000000,?,?,00401976), ref: 0041392D
              • __vbaFpR8.MSVBVM60(?,?,00401976), ref: 00413933
              • __vbaNew2.MSVBVM60(00403B24,004223CC,?,?,?,?,?,?,?,?,?,Function_00001976), ref: 00413964
              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403B14,00000014), ref: 004139CD
              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403B34,000000E0), ref: 00413A36
              • __vbaStrMove.MSVBVM60 ref: 00413A70
              • __vbaFreeObj.MSVBVM60 ref: 00413A7C
              • #611.MSVBVM60 ref: 00413A89
              • __vbaStrMove.MSVBVM60 ref: 00413A94
              • #569.MSVBVM60(0000004E), ref: 00413AAA
              • #534.MSVBVM60(?,?,00401976), ref: 00413ABD
              • __vbaSetSystemError.MSVBVM60(00000000,?,?,00401976), ref: 00413AD7
              • #536.MSVBVM60(00000002), ref: 00413B0F
              • __vbaStrMove.MSVBVM60 ref: 00413B1A
              • __vbaFreeVar.MSVBVM60 ref: 00413B26
              • __vbaNew2.MSVBVM60(00403B24,004223CC), ref: 00413B46
              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403B14,00000014), ref: 00413BAF
              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403B34,000000F8), ref: 00413C18
              • __vbaStrMove.MSVBVM60 ref: 00413C4F
              • __vbaFreeObj.MSVBVM60 ref: 00413C5B
              • __vbaNew2.MSVBVM60(00403B24,004223CC), ref: 00413C82
              • __vbaLateMemCallLd.MSVBVM60(00000002,?,vF5LV3hoE187,00000000), ref: 00413CBE
              • __vbaObjVar.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00001976), ref: 00413CC8
              • __vbaObjSetAddref.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00001976), ref: 00413CD6
              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403B14,0000000C), ref: 00413D15
              • __vbaFreeObj.MSVBVM60 ref: 00413D33
              • __vbaFreeVar.MSVBVM60 ref: 00413D3F
              • __vbaStrCopy.MSVBVM60 ref: 00413D57
              • __vbaStrToAnsi.MSVBVM60(?,00000000), ref: 00413D65
              • __vbaSetSystemError.MSVBVM60(00711E46,000773CF,?), ref: 00413D87
              • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 00413DB5
              • #554.MSVBVM60 ref: 00413DD4
              • __vbaNew2.MSVBVM60(00403B24,004223CC), ref: 00413DF4
              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403B14,00000014), ref: 00413E5D
              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403B34,00000078), ref: 00413EC0
              • __vbaFreeObj.MSVBVM60 ref: 00413EEC
              • __vbaNew2.MSVBVM60(004028D8,00422010), ref: 00413F0C
              • __vbaObjSet.MSVBVM60(?,00000000), ref: 00413F49
              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403B88,00000130), ref: 00413F9A
              • #532.MSVBVM60(?), ref: 00413FB9
              • __vbaFreeStr.MSVBVM60 ref: 00413FC5
              • __vbaFreeObj.MSVBVM60 ref: 00413FD1
              • __vbaRecUniToAnsi.MSVBVM60(00403624,?,?,00000000,00000000,?,?,?,?,?,00401976), ref: 00413FF5
              • __vbaRecUniToAnsi.MSVBVM60(0040360C,?,?,00000000,?,?,?,?,?,00401976), ref: 0041400F
              • __vbaStrToAnsi.MSVBVM60(?,00403B9C,00000000,00000000,?,?,?,?,?,00401976), ref: 00414024
              • __vbaSetSystemError.MSVBVM60(00000000,00000000,00000000,?,?,?,?,?,00401976), ref: 0041403B
              • __vbaRecAnsiToUni.MSVBVM60(00403624,?,?,?,?,?,?,?,00401976), ref: 00414054
              • __vbaRecAnsiToUni.MSVBVM60(0040360C,?,?,?,?,?,?,?,00401976), ref: 0041406D
              • __vbaFreeStr.MSVBVM60 ref: 00414090
              • __vbaNew2.MSVBVM60(00403B24,004223CC), ref: 004140BF
              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403B14,0000004C), ref: 00414128
              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403BA0,00000028), ref: 00414184
              • __vbaFreeObj.MSVBVM60 ref: 004141A2
              • __vbaOnError.MSVBVM60(00000000), ref: 004141B1
              • __vbaFpI4.MSVBVM60 ref: 004141C4
              • __vbaHresultCheckObj.MSVBVM60(00000000,?,004033BC,00000064), ref: 004141FA
              • __vbaSetSystemError.MSVBVM60(00000000), ref: 00414226
              • __vbaNew2.MSVBVM60(00403B24,004223CC), ref: 00414256
              • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403B14,00000014), ref: 004142BF
              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403B34,000000D8), ref: 00414328
              • __vbaStrMove.MSVBVM60 ref: 00414362
              • __vbaFreeObj.MSVBVM60 ref: 0041436E
              • #611.MSVBVM60 ref: 0041437B
              • __vbaStrMove.MSVBVM60 ref: 00414386
              • __vbaFpI4.MSVBVM60 ref: 00414399
              • __vbaHresultCheckObj.MSVBVM60(00000000,?,004033BC,000002C8), ref: 004143EB
              • __vbaNew2.MSVBVM60(004028D8,00422010), ref: 0041441D
              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041445A
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1167637296.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.1167629721.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.1167663876.0000000000422000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.1167671564.0000000000424000.00000002.00020000.sdmp Download File
              Yara matches
              Similarity
              • API ID: __vba$CheckHresult$Free$New2$Move$Chkstk$Ansi$Error$ListSystem$#611Construct2Late$#532#534#536#554#569#585#591#702AddrefCallCopy
              • String ID: "$>]CK$C$Convulsibility$OMKRSLENS$QV$Qh$6@$Qh(<@$Rh$6@$SHAMANERE$Strin$flyvske$h =@$k$motorboatman$vF5LV3hoE187$}#h$}#h$}#h$}#h$}#jPhL<@$}#j`h<<@$}#j`hD;@$}#jph<<@$}#jphD;@$}&h$}&h$}&h$}&h$}&h
              • API String ID: 4048454160-296521815
              • Opcode ID: 84cf86fc3c7a07ebd30e76fa2671415db1589809f8f4ee4328e3540ffa7bba13
              • Instruction ID: c8895423515cb0db8e6099d43232bc73a719f781c1ae728975b24433f5eeb410
              • Opcode Fuzzy Hash: 84cf86fc3c7a07ebd30e76fa2671415db1589809f8f4ee4328e3540ffa7bba13
              • Instruction Fuzzy Hash: 5663F8B4900228DFDB24DF50CD88FDAB7B9BB88305F1045E9E60AA7291DB745AC5CF58
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004206C0, Relevance: 61.4, APIs: 30, Strings: 5, Instructions: 193COMMON
              Download Yara Rule
              APIs
              • __vbaStrCopy.MSVBVM60 ref: 0042071E
              • __vbaNew2.MSVBVM60(004028D8,00422010), ref: 00420737
              • __vbaObjSet.MSVBVM60(?,00000000), ref: 00420750
              • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403B44,0000016C), ref: 00420773
              • __vbaFreeObj.MSVBVM60 ref: 0042077C
              • #692.MSVBVM60(?,Columellae,Arriage), ref: 00420790
              • __vbaVarTstNe.MSVBVM60(?,?), ref: 004207A8
              • __vbaFreeVar.MSVBVM60 ref: 004207BB
              • #535.MSVBVM60 ref: 004207C3
              • #705.MSVBVM60(?,00000000), ref: 004207DE
              • __vbaStrMove.MSVBVM60 ref: 004207EF
              • __vbaFreeVar.MSVBVM60 ref: 004207F4
              • #716.MSVBVM60(00000002,Legemsdelenes8,00000000), ref: 00420801
              • __vbaLateIdSt.MSVBVM60(?,00000000), ref: 00420829
              • __vbaFreeVar.MSVBVM60 ref: 00420832
              • __vbaCyStr.MSVBVM60(00403E98), ref: 00420841
              • __vbaFpCmpCy.MSVBVM60(00000000), ref: 0042084F
              • #535.MSVBVM60 ref: 0042085D
              • __vbaStrCat.MSVBVM60(:22,22:22), ref: 0042086F
              • __vbaStrMove.MSVBVM60 ref: 0042087A
              • #541.MSVBVM60(?,00000000), ref: 00420881
              • __vbaStrVarMove.MSVBVM60(?), ref: 0042088B
              • __vbaStrMove.MSVBVM60 ref: 00420896
              • __vbaFreeStr.MSVBVM60 ref: 0042089B
              • __vbaFreeVar.MSVBVM60 ref: 004208A4
              • __vbaHresultCheckObj.MSVBVM60(00000000,004018F8,004033BC,000002B0), ref: 00420902
              • __vbaFreeStr.MSVBVM60(0042095C), ref: 00420946
              • __vbaFreeObj.MSVBVM60 ref: 0042094B
              • __vbaFreeStr.MSVBVM60 ref: 00420954
              • __vbaFreeStr.MSVBVM60 ref: 00420959
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1167637296.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.1167629721.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.1167663876.0000000000422000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.1167671564.0000000000424000.00000002.00020000.sdmp Download File
              Yara matches
              Similarity
              • API ID: __vba$Free$Move$#535CheckHresult$#541#692#705#716CopyLateNew2
              • String ID: 22:22$:22$Arriage$Columellae$Legemsdelenes8
              • API String ID: 2203292901-4205766236
              • Opcode ID: 00857ccd1eb27e7e066e80e5231b2a44fd226f74fda184e61d22dcc01be9cff5
              • Instruction ID: bbc96a69682c389d18ed4365aa4a4b227cc528754af0c0e09e7fbb423274e84d
              • Opcode Fuzzy Hash: 00857ccd1eb27e7e066e80e5231b2a44fd226f74fda184e61d22dcc01be9cff5
              • Instruction Fuzzy Hash: 9D812CB4E002199FCB04DFA4D988A9EBFB8FF48700F10812AF506B72A1DB745945CF98
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0041EEE0, Relevance: 45.3, APIs: 30, Instructions: 254COMMON
              Download Yara Rule
              APIs
              • #615.MSVBVM60 ref: 0041EF4A
              • #660.MSVBVM60(?,?,?,00000001,00000001), ref: 0041EF7D
              • __vbaVarTstNe.MSVBVM60(?,?), ref: 0041EF9E
              • __vbaFreeVarList.MSVBVM60(00000003,00000002,0000000A,?), ref: 0041EFB5
              • __vbaNew2.MSVBVM60(00403B24,004223CC), ref: 0041EFD9
              • __vbaHresultCheckObj.MSVBVM60(00000000,024AEF84,00403B14,00000014), ref: 0041EFFE
              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403B34,00000110), ref: 0041F028
              • __vbaStrMove.MSVBVM60 ref: 0041F03D
              • __vbaFreeObj.MSVBVM60 ref: 0041F042
              • #611.MSVBVM60 ref: 0041F048
              • __vbaStrMove.MSVBVM60 ref: 0041F053
              • __vbaNew2.MSVBVM60(004028D8,00422010), ref: 0041F068
              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041F087
              • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403C3C,00000188), ref: 0041F0AA
              • __vbaNew2.MSVBVM60(004028D8,00422010), ref: 0041F0C3
              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041F0DC
              • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403C3C,00000178), ref: 0041F0FF
              • __vbaLateIdCallLd.MSVBVM60(00000002,?,00000000,00000000), ref: 0041F10F
              • __vbaNew2.MSVBVM60(00403B24,004223CC), ref: 0041F12B
              • __vbaHresultCheckObj.MSVBVM60(00000000,024AEF84,00403B14,0000004C), ref: 0041F150
              • __vbaStrVarMove.MSVBVM60(00000002,?), ref: 0041F163
              • __vbaStrMove.MSVBVM60 ref: 0041F16E
              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403BA0,00000024), ref: 0041F18C
              • __vbaStrMove.MSVBVM60 ref: 0041F19B
              • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0041F1AB
              • __vbaFreeObjList.MSVBVM60(00000004,?,?,?,?), ref: 0041F1C3
              • __vbaFreeVar.MSVBVM60 ref: 0041F1CF
              • __vbaFreeStr.MSVBVM60(0041F23A), ref: 0041F22D
              • __vbaFreeStr.MSVBVM60 ref: 0041F232
              • __vbaFreeStr.MSVBVM60 ref: 0041F237
              Memory Dump Source
              • Source File: 00000001.00000002.1167637296.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.1167629721.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.1167663876.0000000000422000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.1167671564.0000000000424000.00000002.00020000.sdmp Download File
              Yara matches
              Similarity
              • API ID: __vba$Free$CheckHresult$Move$New2$List$#611#615#660CallLate
              • String ID:
              • API String ID: 2982621179-0
              • Opcode ID: 4127c09dfbbdace5e03a07f9a337f5936f244fd20484317a31bd11ce1970e2c1
              • Instruction ID: c3b7e4cb207380e5c127c52c39cce64be04bae16bde774659e5b674eacdf5154
              • Opcode Fuzzy Hash: 4127c09dfbbdace5e03a07f9a337f5936f244fd20484317a31bd11ce1970e2c1
              • Instruction Fuzzy Hash: 93A13C71900219AFDB10DF94DD88EEEBBB9FB48B04F10412AF501B72A1DBB45946CFA4
              Uniqueness

              Uniqueness Score: -1.00%

              Non-executed Functions

              Function 02C032F5, Relevance: 8.5, Strings: 6, Instructions: 957COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: =s%y$Y/^o$n^$r,;;$-<$\
              • API String ID: 0-1022854219
              • Opcode ID: 35f1414206ba3daa5947ede60006c0049f055b4a201cf3dd0d4b8bdfaa2f4729
              • Instruction ID: b2b0c31e05964d54cc7f7c176741c3844f54de2df402a1f2e6a8fe9b31b0646c
              • Opcode Fuzzy Hash: 35f1414206ba3daa5947ede60006c0049f055b4a201cf3dd0d4b8bdfaa2f4729
              • Instruction Fuzzy Hash: 7E820EB1608345DFDB689F39C8857EABBA2FF54350F51452EDC8A9B290D3709A81CF42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C00DCB, Relevance: 7.1, Strings: 5, Instructions: 832COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID: AllocateMemoryVirtual
              • String ID: ")u$>$gs]$?f$KT
              • API String ID: 2167126740-78905243
              • Opcode ID: d9b7c752292ffa726100c774701b7b5fa22421c66f419ee1843181200db8fdea
              • Instruction ID: 227a09b8b2a47de50e21d8a888a844ee12ae4d4f259ff966609f559832d4d529
              • Opcode Fuzzy Hash: d9b7c752292ffa726100c774701b7b5fa22421c66f419ee1843181200db8fdea
              • Instruction Fuzzy Hash: 835247716042858BCB34DF39CCD57EE7BA6AF89300F54822EDC8E8B295D7708A46CB55
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C0A6A5, Relevance: 6.0, Strings: 4, Instructions: 986COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: =s%y$n^$-<$\
              • API String ID: 0-1167201876
              • Opcode ID: 30f9acfc7305a5dd3941e254e702c107a4807a94e074f7550a62411bc8561a1f
              • Instruction ID: 68c40258c774dec8f029a85ae064b55a040e640a6c8cce2065358cdfec2f1403
              • Opcode Fuzzy Hash: 30f9acfc7305a5dd3941e254e702c107a4807a94e074f7550a62411bc8561a1f
              • Instruction Fuzzy Hash: 5A9236715083858FDB658F38C8C47DABBA1FF55320F55826ECD9A8B2E5D3748981CB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C08453, Relevance: 5.6, Strings: 4, Instructions: 603COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: =s%y$n^$-<$\
              • API String ID: 0-1167201876
              • Opcode ID: a36d867a86bf215b408bf8f70a74b3db0bc91f560d938dc4239845030c3e1a22
              • Instruction ID: 4878ad3d5dc04b8091b88859a1f6887ee59f36227da5352a4c2cdd62da28ac42
              • Opcode Fuzzy Hash: a36d867a86bf215b408bf8f70a74b3db0bc91f560d938dc4239845030c3e1a22
              • Instruction Fuzzy Hash: E232FEB1604345DFDB689F25C8857EABBB2FF54350F91812DDC8A9B290D7709A81CF82
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C05099, Relevance: 5.6, Strings: 4, Instructions: 598COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: =s%y$n^$-<$\
              • API String ID: 0-1167201876
              • Opcode ID: 2a4e81b966f5eceba2886cc64a6cac1eb6909a169efd6b6208ad10849e8c8ffd
              • Instruction ID: f7c79d354dc233478dfaa1f2202db08ac5b3be5dedd316a773ff3208bd13fa86
              • Opcode Fuzzy Hash: 2a4e81b966f5eceba2886cc64a6cac1eb6909a169efd6b6208ad10849e8c8ffd
              • Instruction Fuzzy Hash: CF32EDB1604345DFDB689F25C8857EABBA2FF54310F91812DDC8A9B290D3709A91CF86
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C05125, Relevance: 5.6, Strings: 4, Instructions: 579COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: =s%y$n^$-<$\
              • API String ID: 0-1167201876
              • Opcode ID: 88ca9452be317ae2a850653a146a0a7c68cb37858672475b8257d51bd1aecc25
              • Instruction ID: e63d47c9864c9e97890095c07066fc9affc79b2ccee389626ccc9f6e49ad3f1c
              • Opcode Fuzzy Hash: 88ca9452be317ae2a850653a146a0a7c68cb37858672475b8257d51bd1aecc25
              • Instruction Fuzzy Hash: 4A32FDB15043459FDB689F25CC857EABBB2FF54310F91812DDC8A9B290D3709A91CF86
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C05185, Relevance: 5.6, Strings: 4, Instructions: 573COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: =s%y$n^$-<$\
              • API String ID: 0-1167201876
              • Opcode ID: 5049452f2cefa5d1b211ac6ca8eae9c0783073fef4b93f0218416f79d3c7c76a
              • Instruction ID: 4bb20835edd709bb46ed6cbcad9bed3013328b9b883bd2026fbfae5cef1a3289
              • Opcode Fuzzy Hash: 5049452f2cefa5d1b211ac6ca8eae9c0783073fef4b93f0218416f79d3c7c76a
              • Instruction Fuzzy Hash: 9832FEB15443459FDB689F25CC817EABBB2FF54310F91812DDC8A9B290D3709A91CF86
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C0521E, Relevance: 5.6, Strings: 4, Instructions: 550COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: =s%y$n^$-<$\
              • API String ID: 0-1167201876
              • Opcode ID: a7c7336c5f5363ff07fe7d2fa2fe58b1c53bf0e8a2cc004357599c0349e9b454
              • Instruction ID: 0b408a8dca81fb91bbae94873a9b3b7fc694af3ce73376100404bbfdf556d3fc
              • Opcode Fuzzy Hash: a7c7336c5f5363ff07fe7d2fa2fe58b1c53bf0e8a2cc004357599c0349e9b454
              • Instruction Fuzzy Hash: 1422FEB15043499FDB689F25CC857EABBB2FF54350F81812DDC8A9B290D3709A91CF86
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C05300, Relevance: 5.5, Strings: 4, Instructions: 534COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: =s%y$n^$-<$\
              • API String ID: 0-1167201876
              • Opcode ID: 086807a20adc86322953eb002f40351f3c1abca4033c770c1333e9a7a69132de
              • Instruction ID: 750656823475f7cc7d9e44330fc4010ffa960d4f9e480a20a637bc2f172004f1
              • Opcode Fuzzy Hash: 086807a20adc86322953eb002f40351f3c1abca4033c770c1333e9a7a69132de
              • Instruction Fuzzy Hash: F2220DB15043499FDB689F25CC817EABBB6FF54300F81812DDC8A9B290D3709A95CF86
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C052B7, Relevance: 5.5, Strings: 4, Instructions: 529COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: =s%y$n^$-<$\
              • API String ID: 0-1167201876
              • Opcode ID: e8315ad44bbe05249dc5ba3cd298547492c51b3e90fc2568720322413ab0ebe2
              • Instruction ID: 0b251faa80f156d18528728f9fe1093cea7760a0c948728af143c1d3a4cd6455
              • Opcode Fuzzy Hash: e8315ad44bbe05249dc5ba3cd298547492c51b3e90fc2568720322413ab0ebe2
              • Instruction Fuzzy Hash: E622FCB15043499FDB689F25CC817EABBB2FF54340F81812DDC8A9B290D3709A95CF86
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C053B9, Relevance: 5.5, Strings: 4, Instructions: 494COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: =s%y$n^$-<$\
              • API String ID: 0-1167201876
              • Opcode ID: 76775edb6d8fe480818a906a91963b774421583bdf7822de9a1a14a18dc40e1c
              • Instruction ID: c92ff77fd88359bcbb7f0ce118f643eb91013a20db9fe31a4c3624a7e1f5bdef
              • Opcode Fuzzy Hash: 76775edb6d8fe480818a906a91963b774421583bdf7822de9a1a14a18dc40e1c
              • Instruction Fuzzy Hash: 3D120FB15443499FDB689F25CC817EA7BB2FF54314F81812DDC8A9B290C3309A95CF86
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C0543B, Relevance: 4.2, Strings: 3, Instructions: 477COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: =s%y$n^$\
              • API String ID: 0-2705746204
              • Opcode ID: 22c52d7a7db4d9e57060a0fa0852705287104a2de3dd45418e7af64d92593fa0
              • Instruction ID: 8a9edfc24e94e527d5a597cc325165066e44d6cc1ce05a2b3b65a873080f2f2b
              • Opcode Fuzzy Hash: 22c52d7a7db4d9e57060a0fa0852705287104a2de3dd45418e7af64d92593fa0
              • Instruction Fuzzy Hash: 53120EB15443499FDB689F25CC857EA7BB2FF54344F81822DDC8A9B290C3309A95CF86
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C054B0, Relevance: 4.2, Strings: 3, Instructions: 463COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: =s%y$n^$\
              • API String ID: 0-2705746204
              • Opcode ID: 5c9a5ff54dde1ee03637d54efc63395043dca90916c487b0284c286e3611d521
              • Instruction ID: 42a4119474d21ab24025010baebed044f8fbfa8b1922587cbca95664d258d08f
              • Opcode Fuzzy Hash: 5c9a5ff54dde1ee03637d54efc63395043dca90916c487b0284c286e3611d521
              • Instruction Fuzzy Hash: 5502FEB15443499FDB689F25CC857EABBB2FF54304F81422DDC8A9B290C3319A95CF86
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C05555, Relevance: 4.2, Strings: 3, Instructions: 439COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: =s%y$n^$\
              • API String ID: 0-2705746204
              • Opcode ID: eda5ed0569ae5af3803884b5b6b7ee519904d6f318c98726918e71e301e9d5ae
              • Instruction ID: c4fa04f6cce97d7133d0339d5e945389dea1e7fa3086a5ff8a748f9d0260679f
              • Opcode Fuzzy Hash: eda5ed0569ae5af3803884b5b6b7ee519904d6f318c98726918e71e301e9d5ae
              • Instruction Fuzzy Hash: CC02FCB25443499FDB689F24CC857EA7BB2FF54344F81422DDC8A9B290C3319A95CF86
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C055C5, Relevance: 4.2, Strings: 3, Instructions: 422COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: =s%y$n^$\
              • API String ID: 0-2705746204
              • Opcode ID: f5c1c6161dc9bec0f4a598321dcc64671a1961bdf1eff5d3c94a6bb1132ae160
              • Instruction ID: 37c24b25096c36169c66fbd1f845eb3f7e97a6317a80f9501b0b62153f6c6b32
              • Opcode Fuzzy Hash: f5c1c6161dc9bec0f4a598321dcc64671a1961bdf1eff5d3c94a6bb1132ae160
              • Instruction Fuzzy Hash: 3DF1FCB15443499FDB689F24CC857EA7BB2FF54344F81422EDC8A9B290C3319A95CF86
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C0565F, Relevance: 4.1, Strings: 3, Instructions: 398COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: =s%y$n^$\
              • API String ID: 0-2705746204
              • Opcode ID: 1c857e43de767936b6703590f7e68f73e92e37637f48de97f2a0c8a6017a1246
              • Instruction ID: 9e6c04bc09273ed219ce4bda3033440e2822cb82a80544be4a80018ce4b8bfa5
              • Opcode Fuzzy Hash: 1c857e43de767936b6703590f7e68f73e92e37637f48de97f2a0c8a6017a1246
              • Instruction Fuzzy Hash: E9F10CB15443499FDB689F24CC857EA7BB6FF54304F81412EDC8A9B2A0C3319A85CF86
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C056DD, Relevance: 4.1, Strings: 3, Instructions: 387COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: =s%y$n^$\
              • API String ID: 0-2705746204
              • Opcode ID: 19e1f021c1b42a4eaccd95a23e9023a983987a618460c4609be0b9dd79a7ffb2
              • Instruction ID: 7ca43014c132664106bd99b13b35f8010055fb36903faac8fbaf6181c3461297
              • Opcode Fuzzy Hash: 19e1f021c1b42a4eaccd95a23e9023a983987a618460c4609be0b9dd79a7ffb2
              • Instruction Fuzzy Hash: 22E1FFB15542889FDB789F24CC857EE7BB6FF58304F81412EDC869B290C3718A85CB86
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C00DFF, Relevance: 2.9, Strings: 2, Instructions: 448COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: ?f$KT
              • API String ID: 0-1823608447
              • Opcode ID: d297626ea7f12f94d4ac66d840dd1d02272352544e4b36e0c7a6872a43ae72b3
              • Instruction ID: 4460c25c070a7951a2eb9f6ccd450d4bac0edb861041ab93dfd4936c80f4a285
              • Opcode Fuzzy Hash: d297626ea7f12f94d4ac66d840dd1d02272352544e4b36e0c7a6872a43ae72b3
              • Instruction Fuzzy Hash: DAF13570A082C58BDB34DF29CCD57EE77A6AF85300F54822DDC8E8B295C7748A85CB46
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C00EF7, Relevance: 2.9, Strings: 2, Instructions: 411COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: ?f$KT
              • API String ID: 0-1823608447
              • Opcode ID: 654f87477ab85ab17990c76cf802ddf611fbe9a6e1ae499f667f62799fd41efc
              • Instruction ID: 5cdf48cc22c5477e9d8ae914c11c01264778fc9748c41e13802561487f161f63
              • Opcode Fuzzy Hash: 654f87477ab85ab17990c76cf802ddf611fbe9a6e1ae499f667f62799fd41efc
              • Instruction Fuzzy Hash: 7EE12670A082C59BDB34DF29CCD57EE7BA6AF85300F54822EDC8D8B295C7748A45CB46
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C01001, Relevance: 2.9, Strings: 2, Instructions: 366COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: ?f$KT
              • API String ID: 0-1823608447
              • Opcode ID: 9d80a8e123c6664d6e188d5869d0ddd192542393d4cdd09266c2400acca3fa17
              • Instruction ID: 04998033f4bb85cf2fefed430d5519fcc9f020935136c1027e409221ed60d273
              • Opcode Fuzzy Hash: 9d80a8e123c6664d6e188d5869d0ddd192542393d4cdd09266c2400acca3fa17
              • Instruction Fuzzy Hash: 6ED148706082C59BDB34DE39CCC57EE77A6AF85310F55821EDC8E87295C7748A42CB46
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C05763, Relevance: 2.9, Strings: 2, Instructions: 364COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: =s%y$\
              • API String ID: 0-2605746771
              • Opcode ID: 39e7f14155a394b3f27c782623ab76e068912b313ad940843d53f44dde33bf2d
              • Instruction ID: 915b11d8176618afac1e1fc9e2c7cf2f7d0e7ee07b941146b156c1a57733d95b
              • Opcode Fuzzy Hash: 39e7f14155a394b3f27c782623ab76e068912b313ad940843d53f44dde33bf2d
              • Instruction Fuzzy Hash: FDE1FEB15442889FDB699F24CC857EE7BB6FF58344F81412EDC8A9B290C3714A85CB86
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C0108B, Relevance: 2.9, Strings: 2, Instructions: 352COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: ?f$KT
              • API String ID: 0-1823608447
              • Opcode ID: f7dade133c6bfd3b7b195aa0dbd15bb302c675731942a478fd185d51823a8412
              • Instruction ID: 9d13bb5939c9cc2a21bf539e8ba6c36a537fe211bde90e544187f6692a873899
              • Opcode Fuzzy Hash: f7dade133c6bfd3b7b195aa0dbd15bb302c675731942a478fd185d51823a8412
              • Instruction Fuzzy Hash: 47C158716082C59BDB34DF398CC57EE7BA6AF86310F54821EDC8E8B295C3748645CB46
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C05812, Relevance: 2.8, Strings: 2, Instructions: 312COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: =s%y$\
              • API String ID: 0-2605746771
              • Opcode ID: 30e3c3a0328d806856d26f3513caa74db80eeaca4612d27c400ac19aa9d97780
              • Instruction ID: b5534e76ee4e0668179fec5cede755bf4eccbcb98dcc632faf56eec4107ad7c4
              • Opcode Fuzzy Hash: 30e3c3a0328d806856d26f3513caa74db80eeaca4612d27c400ac19aa9d97780
              • Instruction Fuzzy Hash: EED1EC715042499FDB699F24CC857EE7BB2FF58354F81412EDC8A9B2A0C3714A85CF42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C0333E, Relevance: 2.7, Strings: 2, Instructions: 205COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: Y/^o$r,;;
              • API String ID: 0-3682591831
              • Opcode ID: 79292460333b934522a86d36e0c1d81335922dac7af7e2d7e6b4806cbf67cd2f
              • Instruction ID: 53ad5941954460c7cdb9401808f5609922936b1060bafffcf4ab1210cbfc3ba6
              • Opcode Fuzzy Hash: 79292460333b934522a86d36e0c1d81335922dac7af7e2d7e6b4806cbf67cd2f
              • Instruction Fuzzy Hash: 696176B26442859BDB30CF69CC847EE7BE9EF99300F40412EEC899B255D3708A46CB56
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C0587D, Relevance: 1.6, Strings: 1, Instructions: 318COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: =s%y
              • API String ID: 0-3029872662
              • Opcode ID: c98b8e5d9d1d7abe05dfa8748d2eca4119d00f0e2e5144b4407cc2b56a06b860
              • Instruction ID: 386771bc2627e7fbed0c3da74a7af7d79dbccf089e4c5d02941546005b00c0a7
              • Opcode Fuzzy Hash: c98b8e5d9d1d7abe05dfa8748d2eca4119d00f0e2e5144b4407cc2b56a06b860
              • Instruction Fuzzy Hash: 6BC1FEB15442889FDB699F34CCC57EE7BA6FF58344F81412EDC869B2A0C3714A85CB86
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C058E4, Relevance: 1.6, Strings: 1, Instructions: 316COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: =s%y
              • API String ID: 0-3029872662
              • Opcode ID: 930a77d75521577ae8153c1f343e8ec457398ac1fe30979af535d37db4f5e3de
              • Instruction ID: fdc6ee028ff8a00b1beaf6328c707d3b84bdd4be8986db251984319d37b848d5
              • Opcode Fuzzy Hash: 930a77d75521577ae8153c1f343e8ec457398ac1fe30979af535d37db4f5e3de
              • Instruction Fuzzy Hash: 97C1EC715442889FDB699F64CCC17EE7BA2FF58344F81412EDC8A9B2A0C3714A85CF86
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C0111D, Relevance: 1.6, Strings: 1, Instructions: 305COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: KT
              • API String ID: 0-2612697023
              • Opcode ID: 5125dcb2249849d4f4480c4b6a01090f8104b2c9535d48b653f5e69950f8ddc7
              • Instruction ID: d53da8e7fa39812ac6810463a957379b63d97a0de92566e937e5e2f8faa0be87
              • Opcode Fuzzy Hash: 5125dcb2249849d4f4480c4b6a01090f8104b2c9535d48b653f5e69950f8ddc7
              • Instruction Fuzzy Hash: A3B148706083859FDB389F29CC857EEBBA2AF85310F55C21EDC8D87295C7748A45CB46
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C05923, Relevance: 1.6, Strings: 1, Instructions: 301COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: =s%y
              • API String ID: 0-3029872662
              • Opcode ID: dd1c9476d99a6e9f1f7fb96f3359f7d30fad65e8ba2a667ecda6735200de86ab
              • Instruction ID: 73aa3d68bc509eec343137d25ca60322922b68585c06f0c1a6ccbd82079ae348
              • Opcode Fuzzy Hash: dd1c9476d99a6e9f1f7fb96f3359f7d30fad65e8ba2a667ecda6735200de86ab
              • Instruction Fuzzy Hash: F5C1FEB11542889FDB699F34CCC57EE7BA6FF58344F81012EDC8A9B2A0C3714A85CB46
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C058F6, Relevance: 1.5, Strings: 1, Instructions: 294COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: =s%y
              • API String ID: 0-3029872662
              • Opcode ID: d56ee19d2447f790c5df1eb9f1f21ef05619eefb477089c948cf683b8fc8623c
              • Instruction ID: 136c40b07d79ff32cff5850c5e4892d30791faf84b57ca86a176a9a561077565
              • Opcode Fuzzy Hash: d56ee19d2447f790c5df1eb9f1f21ef05619eefb477089c948cf683b8fc8623c
              • Instruction Fuzzy Hash: EFC1DB725442489FDB699F64CC857EE7BB2FF58354F81412EDC8A9B2A0C3714A85CF82
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C059BD, Relevance: 1.5, Strings: 1, Instructions: 276COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: =s%y
              • API String ID: 0-3029872662
              • Opcode ID: a4b200053420f8cb9ad9471f1bd0a2cee2b951150f8fc1d0151a4eba5d29f647
              • Instruction ID: ac132b06619986807a314bcec163dcd14288594642af1a03dd6eca1f3b57b317
              • Opcode Fuzzy Hash: a4b200053420f8cb9ad9471f1bd0a2cee2b951150f8fc1d0151a4eba5d29f647
              • Instruction Fuzzy Hash: 30B1ECB11542889FDB699F24CCC57EE7BB5FF19304F81012EDD8A8B2A0C3714A95CB86
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C05A4E, Relevance: 1.5, Strings: 1, Instructions: 257COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: =s%y
              • API String ID: 0-3029872662
              • Opcode ID: 4964cff20464c1b765ec9747f9eba13afcba4245be4de2bd29bb2bd86d837bc3
              • Instruction ID: 1364abb1a30708d6f8989b5cec83607c685a9b422fb561fb25f6b9fd9921cba7
              • Opcode Fuzzy Hash: 4964cff20464c1b765ec9747f9eba13afcba4245be4de2bd29bb2bd86d837bc3
              • Instruction Fuzzy Hash: 39A1EFB11542889FCB699F24CCC67EA7BB5FF19304F81012EDD868B2A0D3714A95CB86
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C05AD5, Relevance: 1.5, Strings: 1, Instructions: 238COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: =s%y
              • API String ID: 0-3029872662
              • Opcode ID: 46b6fcd9af6ace145ce3114304e6db8bc19330580b447e3263b93c123b120571
              • Instruction ID: 5039887562519438a6ea132fbe5b00f42c819f4441875346063f9eb82b83ad49
              • Opcode Fuzzy Hash: 46b6fcd9af6ace145ce3114304e6db8bc19330580b447e3263b93c123b120571
              • Instruction Fuzzy Hash: F891DEB11542889FDB699F24CCC57EA7BA5FF19308F41012EDD8A8B2A0D3714A95CF86
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C0B5E7, Relevance: 1.5, Strings: 1, Instructions: 219COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: #<yb
              • API String ID: 0-3824353779
              • Opcode ID: 05051dd660b3eadf2839a1e297e6aabc12843500ee751867068ec1b49f5575d2
              • Instruction ID: 0e857734c729999d27c13a7d5875d10b871f1e5dedf531db32bbed56f8cb072a
              • Opcode Fuzzy Hash: 05051dd660b3eadf2839a1e297e6aabc12843500ee751867068ec1b49f5575d2
              • Instruction Fuzzy Hash: 54518DA14E4280DFCF58DA3688D77B93A58EF4221DF44035ED8438B5D3E371C956C6AA
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C05B85, Relevance: 1.4, Strings: 1, Instructions: 187COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: =s%y
              • API String ID: 0-3029872662
              • Opcode ID: fe4cae644470145ab210f12ac91f6cba9425cc60111eb205f6f4f070ba70bd46
              • Instruction ID: 4d02ca08b53875fd857b16d33300e03b739af7b6701b4e7d864c43a5705ab0f5
              • Opcode Fuzzy Hash: fe4cae644470145ab210f12ac91f6cba9425cc60111eb205f6f4f070ba70bd46
              • Instruction Fuzzy Hash: 0481DD711042489FDB799F64CCC5BEA7BA6FF18318F91012ADD8A8B2A0C7715A94CF46
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C0B56A, Relevance: 1.4, Strings: 1, Instructions: 187COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: #<yb
              • API String ID: 0-3824353779
              • Opcode ID: e6b71e12483d06378958d406d2638eff5bb371def9819244a15b1a5b94e4421a
              • Instruction ID: cdd9da577d73b683cb813b897fcf0cf543046dd06674acab7e5b277c3265692a
              • Opcode Fuzzy Hash: e6b71e12483d06378958d406d2638eff5bb371def9819244a15b1a5b94e4421a
              • Instruction Fuzzy Hash: 9A515D714A0280CFCF68DE3688D77B93A59EF42219F45035ED8438B5E2E331CD46CA6A
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C0B55A, Relevance: 1.4, Strings: 1, Instructions: 133COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: #<yb
              • API String ID: 0-3824353779
              • Opcode ID: fceb7b0049f08960a410ef94920677c6fd70f00b1234faefb522e190adde18c8
              • Instruction ID: 533cd7b97a7f0106388243381681e13021b45118ca9fe34764e3a3cb4c5a7ae5
              • Opcode Fuzzy Hash: fceb7b0049f08960a410ef94920677c6fd70f00b1234faefb522e190adde18c8
              • Instruction Fuzzy Hash: 3C418631954301CFDB2DDE26C6E17B83AA2EF8135CF16426EC8078B6E5D3348E85CA12
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C0B6C1, Relevance: 1.3, Strings: 1, Instructions: 99COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID: #<yb
              • API String ID: 0-3824353779
              • Opcode ID: 7844a3ffcdce41679112e229283114ccde3357228f0aa6055d38533d4b93c8a2
              • Instruction ID: 600851c7e9a7f5c7d2ea79a0b2688992ae04e7bfbdbe7f48674c50a881ff575c
              • Opcode Fuzzy Hash: 7844a3ffcdce41679112e229283114ccde3357228f0aa6055d38533d4b93c8a2
              • Instruction Fuzzy Hash: F7313731554305CFDB2CDE26C5E1BB83BA2EF41358F0A466AC8079B6E5D334DD85CA52
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C037D5, Relevance: .5, Instructions: 526COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8785d2e2d7dbae243f4cf495860d30587cd7a9e7db32fec99cba9acb323a92a5
              • Instruction ID: dcdf6bad6ea77d957ffbf64cf457462a21652f9b08476702765df4e8653815b1
              • Opcode Fuzzy Hash: 8785d2e2d7dbae243f4cf495860d30587cd7a9e7db32fec99cba9acb323a92a5
              • Instruction Fuzzy Hash: 95229B71604685DFCB68CF29CCD4BEAB7E1FF58300F15422ADC999B290DB30A945CB95
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C037D7, Relevance: .4, Instructions: 363COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 555f24f8159f9136d226e0dfa22a4fdff7ef585ec8cce9af961fcb31a55f312b
              • Instruction ID: 01ac0bb8d5ae9e55a21396aad6f7bd3ce37c9f263a23b93084f670e5d58e8bb4
              • Opcode Fuzzy Hash: 555f24f8159f9136d226e0dfa22a4fdff7ef585ec8cce9af961fcb31a55f312b
              • Instruction Fuzzy Hash: 6BE1DB716047899FCB68CF29C8C0BEAB7E5FF48304F05422EDC8987281D730AA51CB85
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C03846, Relevance: .3, Instructions: 347COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e861382875b4340caa2cf0960eb48e59c54b99cb0f8801ab11b92a26bcf34f87
              • Instruction ID: dcb10815b497f5b208b683d861c6bf8e298df6c5a75682fb6fcae0d3dcaa44f2
              • Opcode Fuzzy Hash: e861382875b4340caa2cf0960eb48e59c54b99cb0f8801ab11b92a26bcf34f87
              • Instruction Fuzzy Hash: B2D1DA7160478A9FCB68CF29CCC4BEAB7A5FF48300F45422EDC9987681D730AA55CB95
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C038C9, Relevance: .3, Instructions: 326COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0282ac50c920763b5ec3b88ffedf95aa8b1257e27463adcf446232abedc46f58
              • Instruction ID: 820fea4af585d9efdb3e3b7e45412cd58efc5e8b05dd9620fa416f98031fa864
              • Opcode Fuzzy Hash: 0282ac50c920763b5ec3b88ffedf95aa8b1257e27463adcf446232abedc46f58
              • Instruction Fuzzy Hash: B2D1EB71600686DFCB68CF29CCC4BEAB7A5FF49300F45422EDC9987281DB30AA55CB95
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C01179, Relevance: .3, Instructions: 324COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3bdebcfc8d9fec62e0885fd0c4d22ee838d67d691c3ffba6ce69b94e58cd03e2
              • Instruction ID: 9f4e892889e67c6d405ce6343dbd8f65232e9e321f1d12c7b95d80154a0e1600
              • Opcode Fuzzy Hash: 3bdebcfc8d9fec62e0885fd0c4d22ee838d67d691c3ffba6ce69b94e58cd03e2
              • Instruction Fuzzy Hash: C6B146706082C59BDB34DE398C857EE7BA6EF86314F55821DDC8D87295C3708646CB46
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C011ED, Relevance: .3, Instructions: 311COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0a30661fcc12104b081589dc313cc0bd25d715de7dacbd861340b27943a86fb4
              • Instruction ID: f3285daf9935abff11a4f92beb4e33e12cf6199fab54841f1b10a34f3a624792
              • Opcode Fuzzy Hash: 0a30661fcc12104b081589dc313cc0bd25d715de7dacbd861340b27943a86fb4
              • Instruction Fuzzy Hash: ACB145706082C59BDB349E398C857FE7BA6EF86310F58821DDC8D87295C3718686CB46
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C0395D, Relevance: .3, Instructions: 310COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ed45526a1de4cf2770ca19eab59f026aabb6cd2e9e71054445a2229de5916057
              • Instruction ID: 0b5abcc858c32f517592750327f0e0a6754daccc413bff9eaa37b2f59727e8f5
              • Opcode Fuzzy Hash: ed45526a1de4cf2770ca19eab59f026aabb6cd2e9e71054445a2229de5916057
              • Instruction Fuzzy Hash: 21C1DB716046859FCB68CF28CCC5BEAB7A5FF49304F05422DEC89CB281DB31AA55CB95
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C039D3, Relevance: .3, Instructions: 293COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 547ae4988c56f71643549c3d159e491f6a94dabfffed0058e9495ccf290bcd82
              • Instruction ID: 53b9377b6485e3b887ba22aa5acb0ef35d17d90fe2b15c0f756a3b9cd752ca3e
              • Opcode Fuzzy Hash: 547ae4988c56f71643549c3d159e491f6a94dabfffed0058e9495ccf290bcd82
              • Instruction Fuzzy Hash: 9FB1ED716442859FCB68DF28CCC4BEAB7E5FF49300F054229EC89CB291DB71AA55CB85
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C03A6A, Relevance: .3, Instructions: 273COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fbde0e73c35133cde4911d9f81973b36e00a1cee87c0246384162b17d95abb74
              • Instruction ID: 8db46ca198fab480dcdf35737f3ecb3a3800a41574450ceee4500abec9846246
              • Opcode Fuzzy Hash: fbde0e73c35133cde4911d9f81973b36e00a1cee87c0246384162b17d95abb74
              • Instruction Fuzzy Hash: C6A10F716402859FCB68DF28CCC4BEAB7E5FF49300F45422AEC89CB291D771AA51CB95
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C012F1, Relevance: .3, Instructions: 266COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fafff4bf0c74c09ff6923c3e9fc315b8c46d787e7deec496c6064bea7aa0b1f4
              • Instruction ID: e5d3f963ab34cdf5a59a86d51e43212dc8ea547e96af09e6806bd9be0a992af7
              • Opcode Fuzzy Hash: fafff4bf0c74c09ff6923c3e9fc315b8c46d787e7deec496c6064bea7aa0b1f4
              • Instruction Fuzzy Hash: E69156709083C59BCB389E398CC57FEBBA6EF86310F59861DDC8A87295C3714685C786
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C0A6AA, Relevance: .3, Instructions: 264COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 505693745d5234fd33a0ac3e362072e7f4a9b95bcef5fe77b327b11940db9a85
              • Instruction ID: d76f7ac0e3118917c8bcfa00fca023fa2a3f4b51ebc03e1cba14a071d6d89c0c
              • Opcode Fuzzy Hash: 505693745d5234fd33a0ac3e362072e7f4a9b95bcef5fe77b327b11940db9a85
              • Instruction Fuzzy Hash: 25A1AF615483C18EDB21CB39C8D8B56BFD1AF03324F4A82DAC9AA4F2E7D3758545C716
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C05BE0, Relevance: .3, Instructions: 264COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ace3c94def2417664c038ef2eefa65641928c177d8db2fb6cb72988c74cec249
              • Instruction ID: 9f70709c0af0d98b7a7ab83de8423db3d93a8dc4057baa3f84b26c0747e762c1
              • Opcode Fuzzy Hash: ace3c94def2417664c038ef2eefa65641928c177d8db2fb6cb72988c74cec249
              • Instruction Fuzzy Hash: 8791F4B10902889FCF699F34CCC67E93B69FF15318F84025EDD858B191D3718996CB9A
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C0A6F1, Relevance: .3, Instructions: 262COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a5a99ef98ef72c58b6380ae9cfd7e17a6326a56cfbb046c41318a14ba9b72749
              • Instruction ID: f111c4b6fc52ecb976b7addc3bd95ec3d2acf020375a0997315706871a3eb4c0
              • Opcode Fuzzy Hash: a5a99ef98ef72c58b6380ae9cfd7e17a6326a56cfbb046c41318a14ba9b72749
              • Instruction Fuzzy Hash: F1A1AF615487C18EDB22CB39C8C8B56BFD19F03324F0A82DAC9A94F2E7D3758546C716
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C0A63C, Relevance: .3, Instructions: 260COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c59f1e67307ca936668b1fa33ea24f48d0441a6f6d49ce6ce495b62328c2ced5
              • Instruction ID: 2854b54f2881da60aa8274ff4196c723eff58990991bb8d13d371e23349102f9
              • Opcode Fuzzy Hash: c59f1e67307ca936668b1fa33ea24f48d0441a6f6d49ce6ce495b62328c2ced5
              • Instruction Fuzzy Hash: B9A1AE615483C18EDB21CB39C8D8B56BBD1AF03324F4AC2DAC9AA4F2E7D3758545C716
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C0A796, Relevance: .3, Instructions: 260COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8e8b360d4a78c34404d925e77ad867fceb921d8ba9f581906be360daa9690d93
              • Instruction ID: ac3ce5b16c21086827dde4be93c82cb1c7a981d3f5071d975e3bf461c190f2e2
              • Opcode Fuzzy Hash: 8e8b360d4a78c34404d925e77ad867fceb921d8ba9f581906be360daa9690d93
              • Instruction Fuzzy Hash: 67A1C0615487C18EDB22CB38C8C8B56BFD19F03324F4AC2DAC9A94F1E7D3698546C712
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C0A752, Relevance: .3, Instructions: 256COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c6e26890dda1f2cc49773c00bf4ccb14de24c92cc1ce35e79fe8daa8fd37083b
              • Instruction ID: 6919eaf8ba86b41b8abe27f68d4ae06c9e699258b42649b493c445f4efde9394
              • Opcode Fuzzy Hash: c6e26890dda1f2cc49773c00bf4ccb14de24c92cc1ce35e79fe8daa8fd37083b
              • Instruction Fuzzy Hash: B3A1DE615583C18EDB22CB38C8C9B56BFD19F03324F0A82DAC9AA4F1E7E3758546C716
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C0136A, Relevance: .2, Instructions: 249COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 814ec84d7f98b486b865765d476c35a7f7c22b6f5b05c6743276138ab1c5a961
              • Instruction ID: 53ed7ede05a74262d4a5431f05d85aeef9290e19b4008e6d0bbee6bf39adfe19
              • Opcode Fuzzy Hash: 814ec84d7f98b486b865765d476c35a7f7c22b6f5b05c6743276138ab1c5a961
              • Instruction Fuzzy Hash: 058177705083C49ACB349E398CC57FEBBA6EF86310F54861EDC8A872D5C3714685C786
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C0A7BA, Relevance: .2, Instructions: 248COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c7f8c0e127fd83d2e8d5f819a136c262072e6dbd24435ec7bc2ecb5e2f0d5d30
              • Instruction ID: f3bd5ba0ec16f55b771b59715b56bd3dc6fad38afda99e28d8217a05ae782a47
              • Opcode Fuzzy Hash: c7f8c0e127fd83d2e8d5f819a136c262072e6dbd24435ec7bc2ecb5e2f0d5d30
              • Instruction Fuzzy Hash: EA91CF615487C18EDB22CB38C8C9B56BFD19F03324F4A82DAC9AA4F1E7E3758546C716
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C03B0E, Relevance: .2, Instructions: 236COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 430fc288b37ab39da8edf392b7c296689421fbe0705e04e888250b0294aa2a82
              • Instruction ID: 323c3e85c19980b3e9ef7906fcbd1fe26c33bedfa6651d52a4bba9bae93b3f29
              • Opcode Fuzzy Hash: 430fc288b37ab39da8edf392b7c296689421fbe0705e04e888250b0294aa2a82
              • Instruction Fuzzy Hash: 9D911D716402859FCB68CF28CCC4BEAB7E5FF49300F45422AEC89CB291D731AA15CB95
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C07077, Relevance: .2, Instructions: 236COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID: AllocateMemoryVirtual
              • String ID:
              • API String ID: 2167126740-0
              • Opcode ID: 680991c1677ae8adbb7cc22cfe1a77594dbbed40f533a28680769ef0783b4fe5
              • Instruction ID: 3b669550c349bb28085137330a5f2af6ceaa18b1397a6449c3e30bee7c73a77e
              • Opcode Fuzzy Hash: 680991c1677ae8adbb7cc22cfe1a77594dbbed40f533a28680769ef0783b4fe5
              • Instruction Fuzzy Hash: 06A1D0B160438A9FDB38CF69CD94BEE77A2AF54340F44812EDC4A9B690E7309A45DB11
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C07085, Relevance: .2, Instructions: 230COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID: AllocateMemoryVirtual
              • String ID:
              • API String ID: 2167126740-0
              • Opcode ID: 4c5bd8980ae1035f5b1e42f94cc0e6f55ea27164194ee3874f947f7102e755f6
              • Instruction ID: b3e757bbfc52f696b52c3028c1e8d977c14c4e4ede2f0f24e4552874d6eecce3
              • Opcode Fuzzy Hash: 4c5bd8980ae1035f5b1e42f94cc0e6f55ea27164194ee3874f947f7102e755f6
              • Instruction Fuzzy Hash: 8E9110B15043899FDB38CF69CC85BFE77A5AF55300F04412EEC8A9B290E7309A46CB55
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C06F78, Relevance: .2, Instructions: 229COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID: AllocateMemoryVirtual
              • String ID:
              • API String ID: 2167126740-0
              • Opcode ID: 3998a77eb1db9edbf4aadcd380e7954f6dc51167e0d8713bcbc9379d4007a6d7
              • Instruction ID: e2d440657ac4a9375b91e3237cc11a0166246e8e02037945502e70f6745eb274
              • Opcode Fuzzy Hash: 3998a77eb1db9edbf4aadcd380e7954f6dc51167e0d8713bcbc9379d4007a6d7
              • Instruction Fuzzy Hash: CA813571508385CBCF24AF7988D17EE3BA5EF5A394F46012EDDC69B281D7318942CB92
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C03B66, Relevance: .2, Instructions: 228COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ab2c4471ca4edc6095d4fdca2b3b3368e4a31a05a0e2ffc71adf4c5a3c45fd77
              • Instruction ID: a660b52b5cb08276103db9b41d68c84fcfbad654f7b93e84a1a26289096a613b
              • Opcode Fuzzy Hash: ab2c4471ca4edc6095d4fdca2b3b3368e4a31a05a0e2ffc71adf4c5a3c45fd77
              • Instruction Fuzzy Hash: BE8130716402859FCB68CF28CCC4BEAB7E5FF49300F45422AEC89CB291C771AA11CB95
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C013E9, Relevance: .2, Instructions: 227COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8b1ded3d754f4545a616db73a672458c8e537821b64736eb444c97b165fb324b
              • Instruction ID: d58a7d5132ae9e09a038474e2bd8219b2fa9e7aa3b34f16ae453ed087109be2d
              • Opcode Fuzzy Hash: 8b1ded3d754f4545a616db73a672458c8e537821b64736eb444c97b165fb324b
              • Instruction Fuzzy Hash: A1719A709083C59BCB349E398CC67BEBBA6EF82310F55861EDD89872D6C3714685C786
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C0A842, Relevance: .2, Instructions: 224COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 90df87135aa5dfdfd4e6b15bdf39a278f5bbeda95366bf132c33716b441ab85e
              • Instruction ID: f867c18a9d1de16083c7ad9535e6654a21994d1e354b0a0be9a7d35c8ee29e2a
              • Opcode Fuzzy Hash: 90df87135aa5dfdfd4e6b15bdf39a278f5bbeda95366bf132c33716b441ab85e
              • Instruction Fuzzy Hash: C481B0515487C18EDB228B39888DB56BED19F03324F4EC3DAC9E64E1E7E3698146C316
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C070E6, Relevance: .2, Instructions: 221COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9eb2d41c6f4764407ac57db7ac7c5819a5b364150217ccf61a92ecf984f3b72e
              • Instruction ID: e588d0ee5a3972d23848d962a30d0e6575b3e3e105488994e3779a2201fbe278
              • Opcode Fuzzy Hash: 9eb2d41c6f4764407ac57db7ac7c5819a5b364150217ccf61a92ecf984f3b72e
              • Instruction Fuzzy Hash: 478100B15043899FDF38CE79CC85BEE7BA5AF45300F44412EDC8A9B681E7309A46CB55
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C01446, Relevance: .2, Instructions: 219COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 27722012f60156e07262f83ab90b621cb933a0926177f3c0c76f9f503f2a90ef
              • Instruction ID: 34ad7660664964e697a3e886e8235905be127959d1c31c5c6ebed22b9600e3dd
              • Opcode Fuzzy Hash: 27722012f60156e07262f83ab90b621cb933a0926177f3c0c76f9f503f2a90ef
              • Instruction Fuzzy Hash: 76718B705083C59ACB349F398CCA7BEBBA6EF82310F55861EDD89872D6C3714685C786
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C008C8, Relevance: .2, Instructions: 216COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c2cb8ca0169290559a3e02ea2d3dbe44104c515ea642253c330b3eef4d22a20b
              • Instruction ID: 3ea6e810b7585d0cdd725a77ee591355fec0e05e84b6f26f9ad609dcc5ca9da7
              • Opcode Fuzzy Hash: c2cb8ca0169290559a3e02ea2d3dbe44104c515ea642253c330b3eef4d22a20b
              • Instruction Fuzzy Hash: C1714571608346CBCB68AF3989D57EE77A5EF56350F02422EDCC697281D7318982CB82
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C03BEF, Relevance: .2, Instructions: 209COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f8fe0e6b88890ba442a4a715877463eaac7fb0e22012e81f05bc5f808d81bd92
              • Instruction ID: 4982e6a2c2449d089bb6a7de4c41740aa4f470a014f7b2e3a23019e4af953242
              • Opcode Fuzzy Hash: f8fe0e6b88890ba442a4a715877463eaac7fb0e22012e81f05bc5f808d81bd92
              • Instruction Fuzzy Hash: 6171FF71240285DBCB68DF28CCC1BEAB7A5FF49300F44426DEC898B292D771AA55CB95
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C0A942, Relevance: .2, Instructions: 201COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a3a9eecfee63500c205a9425117c165bb88947665cf254066ebd8d801004b4d8
              • Instruction ID: 271ed77a59fce6cbeff6ecfe31c1bc35872a4a3569939ddea230cfcfe348570f
              • Opcode Fuzzy Hash: a3a9eecfee63500c205a9425117c165bb88947665cf254066ebd8d801004b4d8
              • Instruction Fuzzy Hash: E971C2619587C18EDB228B3988CDB66BED19F03234F4EC3DAC9E64E1E7D3658146C316
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C01E6D, Relevance: .2, Instructions: 197COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: efb4326b6b998cd5856a8ac8f1b858706bfb9723a1ef4182914129841e13c6e7
              • Instruction ID: defeb32c44913982ab776975de21df5c1eaa2b646d0cf25042bd781048d4b8ec
              • Opcode Fuzzy Hash: efb4326b6b998cd5856a8ac8f1b858706bfb9723a1ef4182914129841e13c6e7
              • Instruction Fuzzy Hash: CD5137741087C6AAC732DA3C8CC9BFA7E61AF07260F84839EDCC9972D6C3755512C291
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C014B5, Relevance: .2, Instructions: 197COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7dea218138ac9f911a16a64e983dedbfe58c5af9ef2b106e692e4a70fc891df0
              • Instruction ID: a20fe1fc8b6263465c071fea0d8ac7e7c99ba1eec05a76c9af30c891146fc238
              • Opcode Fuzzy Hash: 7dea218138ac9f911a16a64e983dedbfe58c5af9ef2b106e692e4a70fc891df0
              • Instruction Fuzzy Hash: A0619A709083C59ACB359E398CCA3BEBBA6EF42310F59861EDD89871D6C3714685C787
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C044EA, Relevance: .2, Instructions: 193COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 23fd844d719e23935c7b6c24937551f628085e62d1be957a380786935cf1de22
              • Instruction ID: 7f53aa21721d9781556849acae789a6573a32549645286bcb32d7ace26bd6991
              • Opcode Fuzzy Hash: 23fd844d719e23935c7b6c24937551f628085e62d1be957a380786935cf1de22
              • Instruction Fuzzy Hash: 3A7120B1508344CFDB289F69CDD8BDAB7A5AF19310F15425DED4A8B2E1D3349A81CF02
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C05C6C, Relevance: .2, Instructions: 192COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b777b9e0ca20b6a77cb755f37f78223f74b57f87d3c887c25261428f01a4d55e
              • Instruction ID: 04742125daffb73d37fb7940ab1ebfd0375f685bd39d01470f1baac6ee685942
              • Opcode Fuzzy Hash: b777b9e0ca20b6a77cb755f37f78223f74b57f87d3c887c25261428f01a4d55e
              • Instruction Fuzzy Hash: 0671EEB11402889FCF769F64CCC5BE93BA5FF29318F84012ADD858B191D3714A99CF8A
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C071CE, Relevance: .2, Instructions: 192COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 49f0787161a8e10058981dde167f905683bd851c210ed2373de0671ddf5e2bff
              • Instruction ID: b4e77b82ef1204195c639734d3bc1243b1d3cfd605eb63c25b01619c5a724a12
              • Opcode Fuzzy Hash: 49f0787161a8e10058981dde167f905683bd851c210ed2373de0671ddf5e2bff
              • Instruction Fuzzy Hash: AE71F0B15042CADFCF38CE69CC95BEE7BA5AF45340F04412EEC4A9B681E7309A45CB65
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C04515, Relevance: .2, Instructions: 190COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 51e4992a1fe4156c096926e972be6108c1a31538e6558891e0657010360df6f2
              • Instruction ID: 896395e003490fbe567daccf40df90fc2e93fa4677917f5c432b7b8f47b3c8d0
              • Opcode Fuzzy Hash: 51e4992a1fe4156c096926e972be6108c1a31538e6558891e0657010360df6f2
              • Instruction Fuzzy Hash: EC6179B1554384CFCB749F65CCD97EA77A9EF16310F41025DDD498B2A2E3708A42CB15
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C071D5, Relevance: .2, Instructions: 186COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c2efb39096da1de4cdba730a640c2c3cd79ee902ee788f630aedc498ecb87a08
              • Instruction ID: ea3560a4b1061405afe9ba1c66a3c0a829c0d05de6f6dd84228ed6ae6285c423
              • Opcode Fuzzy Hash: c2efb39096da1de4cdba730a640c2c3cd79ee902ee788f630aedc498ecb87a08
              • Instruction Fuzzy Hash: 0271E2B150428A9FCF38CE69CD84BEE7BA5AF48340F04412EDD4ADB691E730AA45CB55
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C07194, Relevance: .2, Instructions: 184COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 45adec2a0bfa1a7ac65d667fdf52e87c4fb8f91f70ff0c5154d1e0be7a993079
              • Instruction ID: b7f967b9a0c3905b6f8537b94749a62485fe0b4ee60d1127058d9f31756bda0b
              • Opcode Fuzzy Hash: 45adec2a0bfa1a7ac65d667fdf52e87c4fb8f91f70ff0c5154d1e0be7a993079
              • Instruction Fuzzy Hash: FB71EFB150428A9FCF38CF69CD95BEE7BA5AF05340F04412EEC4ADB681E7309A45CB55
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C0A90B, Relevance: .2, Instructions: 180COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a7d14af133d168a5966bc4604dcd1827d61320c9df0ca30d624de0efac59da27
              • Instruction ID: 1035305377da0ee5c9c3df1216fb42811e0d24b10467cdb755339d758dc9913c
              • Opcode Fuzzy Hash: a7d14af133d168a5966bc4604dcd1827d61320c9df0ca30d624de0efac59da27
              • Instruction Fuzzy Hash: 897170219487C18EDB228B39C88CB56BFD19F43324F1EC2EAC9A94F1E7D3698545C712
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C07231, Relevance: .2, Instructions: 178COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: acceb3b490250cf04bf9497a60c2bf6eac7bce53585e723ab1e2fa4f209bb292
              • Instruction ID: 3565b81989b3c218f744dac558733b5477f531bdfabb8d94042ab7bc643cabe5
              • Opcode Fuzzy Hash: acceb3b490250cf04bf9497a60c2bf6eac7bce53585e723ab1e2fa4f209bb292
              • Instruction Fuzzy Hash: FE610EB15442CA9FCF38CE29CC85BEE3BA5AF45340F00422EDC4ADB681E7309A46CB55
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C0A9B7, Relevance: .2, Instructions: 176COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e7b33504a5dcc450c4a4bd2dc07b890c2976c79f06f54a7e00c469dfa9432a8a
              • Instruction ID: bb20d7fbda0cbe8ed2a2da257c0a1ebc3c45b3d5b8c4edd10715380403d6d59a
              • Opcode Fuzzy Hash: e7b33504a5dcc450c4a4bd2dc07b890c2976c79f06f54a7e00c469dfa9432a8a
              • Instruction Fuzzy Hash: 6D51C0618587C18ADB229B3888CDB56BED19F03234F5DC3EAC9E64E1E7E3658146C317
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C0A8D9, Relevance: .2, Instructions: 174COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e9461fa416ad3f0203692ce0564e64b56163234736a549d581c197b5513ff16b
              • Instruction ID: d2c5a9e72905a01bb676ab6b30d5f670e5573b913a129541f92fcda331acad10
              • Opcode Fuzzy Hash: e9461fa416ad3f0203692ce0564e64b56163234736a549d581c197b5513ff16b
              • Instruction Fuzzy Hash: 90716F219487C18EDB228B39888CB56BED19F13324F1EC2DAC9EA4F1E7D3698545C713
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C01562, Relevance: .2, Instructions: 172COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 41e5ff538a817851736787dc70e561e2c156bfc72124e75d787fb098969f5c22
              • Instruction ID: 7e5c52d12b6c77bbcfaece646a5e33ded51b4f49b0a4cf0b1ddffea3b80b94d9
              • Opcode Fuzzy Hash: 41e5ff538a817851736787dc70e561e2c156bfc72124e75d787fb098969f5c22
              • Instruction Fuzzy Hash: B95188705083C59ACB319F398C897BEBBA6EF42310F44864EDC858B2D6C3714656C79A
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C015AF, Relevance: .2, Instructions: 170COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2cc49d7168c3b6d203d3bc90f117d7689945dcb1b60a030e5435568f81c7e3dc
              • Instruction ID: a98e81bdace822fc4229e5e0163bc7567a5927676e556b8f0b135e405f9d2b60
              • Opcode Fuzzy Hash: 2cc49d7168c3b6d203d3bc90f117d7689945dcb1b60a030e5435568f81c7e3dc
              • Instruction Fuzzy Hash: 8C5177715183C59ACB219F398C8A3BEBBA5EF42310F45874EDCC58B2D6C3710656C79A
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C09EB3, Relevance: .2, Instructions: 168COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e426b233f1aed682407342b962be8eabbbe83b6ab7d66637cc032469a8cf2676
              • Instruction ID: 033242239d2f781e00ef825fea25c103e1e5435a2eaa7f2b420352095b03c9ca
              • Opcode Fuzzy Hash: e426b233f1aed682407342b962be8eabbbe83b6ab7d66637cc032469a8cf2676
              • Instruction Fuzzy Hash: C6515671908305DFEB349E29C8D43EAB7B2AF88764F15402ECD8A472D0D7319A81CB46
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C045A3, Relevance: .2, Instructions: 168COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4f5ef1c3cc21b7541223bbdb8bb90d64fca7534d492a887d838fd6eaed225d44
              • Instruction ID: 3a74d884c54a966afb00edb7a9d25fd3c6cf15b82c81ede0aca60c9d453ac0a1
              • Opcode Fuzzy Hash: 4f5ef1c3cc21b7541223bbdb8bb90d64fca7534d492a887d838fd6eaed225d44
              • Instruction Fuzzy Hash: AF5188B1558384DFCB349F798CD97EE7669EF56310F41022EED498B2D2E3318A42CA16
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C01E4B, Relevance: .2, Instructions: 165COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID: AllocateMemoryVirtual
              • String ID:
              • API String ID: 2167126740-0
              • Opcode ID: 2989e8108fdabfd6bfb4b4144ce812473e9296112f78541009fc5e677b960314
              • Instruction ID: 320fbbe27e47ebd9a52102deb321c3e47bb32106bb1dab1db951571402eb9944
              • Opcode Fuzzy Hash: 2989e8108fdabfd6bfb4b4144ce812473e9296112f78541009fc5e677b960314
              • Instruction Fuzzy Hash: D951F3341087C69BC732DA3D8C89BFABAA2AF46360F89839DDCD9972D5C3745942C741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C05D06, Relevance: .2, Instructions: 164COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 76277220b8b1a676241cb6ecc4e5496fd5f09fe9c5af97b452b645af98dab03a
              • Instruction ID: 7dbb6a4ecaaf5dd221f1902ee3f59308c7774a407468dbbd05edc0874c736464
              • Opcode Fuzzy Hash: 76277220b8b1a676241cb6ecc4e5496fd5f09fe9c5af97b452b645af98dab03a
              • Instruction Fuzzy Hash: 1451C0B11402899FCF659F64CCC1BEA7BA5FF29314F404129DD898B191D3718995CF86
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C072AF, Relevance: .2, Instructions: 161COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1055360b3ec73c6427b23ae155a4d11bd4bd7cf7912211dfe3846998503b851d
              • Instruction ID: 8e7f1561b5a4092bc9e00db54ac64e17e4c5e4c85bfafb272b98b09724bd38ca
              • Opcode Fuzzy Hash: 1055360b3ec73c6427b23ae155a4d11bd4bd7cf7912211dfe3846998503b851d
              • Instruction Fuzzy Hash: 2E510FB15542CA9FCF38CE28CD85BEE3BA5AF45340F00412EDC4ADB681E7309646CB55
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C0AA45, Relevance: .1, Instructions: 148COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: df9e5b04674e02ebb0295e4a602f82477c2ee2fadb7e63b0ead7c18439f6726e
              • Instruction ID: 34151983088a63bdbca89a312122e4fbc1572d0e8a70836819bf7e5d2537dbf8
              • Opcode Fuzzy Hash: df9e5b04674e02ebb0295e4a602f82477c2ee2fadb7e63b0ead7c18439f6726e
              • Instruction Fuzzy Hash: E24115608547C18ACF219F3888C9766BBD1EF03234F4983EAC9E64E1DBD3658146C727
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C0162D, Relevance: .1, Instructions: 147COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 34a4ec4a0c56fa85fd3f20ba5dbf62786869ee96146bba7f2e2747fb772dda28
              • Instruction ID: a58ba4a8c2085e2d00822b7520ceb122b60b9b018d642ffd80d8a40fde52b36d
              • Opcode Fuzzy Hash: 34a4ec4a0c56fa85fd3f20ba5dbf62786869ee96146bba7f2e2747fb772dda28
              • Instruction Fuzzy Hash: D55169719086C59ACB31DF398C893AEBBA5AF42310F45874DDCC987696C3710656C78A
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C04645, Relevance: .1, Instructions: 146COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 53b7f34a9eb6abf3fc3c19f1b0917472218d711064889f3bb30a6a0125aaf71f
              • Instruction ID: 50755482fc38300349d5535b00f394c9d2dd329bbb8bbc01a982732579a00ff0
              • Opcode Fuzzy Hash: 53b7f34a9eb6abf3fc3c19f1b0917472218d711064889f3bb30a6a0125aaf71f
              • Instruction Fuzzy Hash: 534168B16683C4DFCF749F688CD97EA3669EF56314F54022EED0A8B2D2D3318942CA15
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C0AA7E, Relevance: .1, Instructions: 146COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e511a541022dcad51f658a34c2789b490e3d04fc9e05561081b84a52cabe1def
              • Instruction ID: 5dca86687c8370482603d23356670f0f7130dca22989b935f6ef7775ad7340ae
              • Opcode Fuzzy Hash: e511a541022dcad51f658a34c2789b490e3d04fc9e05561081b84a52cabe1def
              • Instruction Fuzzy Hash: 564115618547C18ACF21DF3888C9766BBD1EF43224F1983EAC9D68E1DBD3658146C727
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C046A1, Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 08b777b529a38d470ef04b74e6a076a7835c484b4bcc161b4674c0ac2e29f4cd
              • Instruction ID: 82a4de6e329462c59ffea0c3b1b46b528c7603d89877fee1e0ac7016a8037ead
              • Opcode Fuzzy Hash: 08b777b529a38d470ef04b74e6a076a7835c484b4bcc161b4674c0ac2e29f4cd
              • Instruction Fuzzy Hash: 954176B25A4384DFCF749F688CD97EA3669EF56214F40031AEE0A4B2D2D3318942CA65
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C016A9, Relevance: .1, Instructions: 132COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 36a4419d32ad844de016850665d5c490e5076416f544674121db576e1767abab
              • Instruction ID: 4952df7f10c85758c00f41da5ec5d587a5b0a9c8dd461e3bfb6e921d29613c5c
              • Opcode Fuzzy Hash: 36a4419d32ad844de016850665d5c490e5076416f544674121db576e1767abab
              • Instruction Fuzzy Hash: 814129704587C59ACB31CF3D8CC93AEBEA4AF43324F94838EDC89865D6C2724656C796
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C0AD1E, Relevance: .1, Instructions: 112COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 52bee0476b204bb47b9171cf6b1ccc95879a4f6b76ce78602bcc785ecde4d8ab
              • Instruction ID: 7787218e6c631c4eb0d2118664062cdb1288005fa98aaf211115efac5dcce3b9
              • Opcode Fuzzy Hash: 52bee0476b204bb47b9171cf6b1ccc95879a4f6b76ce78602bcc785ecde4d8ab
              • Instruction Fuzzy Hash: 4831BDA59543C046DF65CA34C8D93BA7A059F42325F90836ECFD2490DBE7B08253C26B
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C01729, Relevance: .1, Instructions: 111COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0005e8347886c93d5d875b392439964dc8a7ba7fc7cf5c3a868c4181de3a519b
              • Instruction ID: 783d5e7764e479a1b0f381833d3b661968c05a54af806e5f5113791ce5af1923
              • Opcode Fuzzy Hash: 0005e8347886c93d5d875b392439964dc8a7ba7fc7cf5c3a868c4181de3a519b
              • Instruction Fuzzy Hash: 46318C608586C96ACB31CF3D88C93AEBE59AF43324F94838EDC84875C7C2725216C3D6
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C0AD9B, Relevance: .1, Instructions: 103COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b1067b32e5d251847feb084f7316bbcb4eac51665bdd2b89e90fa19559c658c5
              • Instruction ID: 6951ae5045c5f757352dd1666ef1b5b050b26a3d8e0488f81f989e3ce528566a
              • Opcode Fuzzy Hash: b1067b32e5d251847feb084f7316bbcb4eac51665bdd2b89e90fa19559c658c5
              • Instruction Fuzzy Hash: 3221AC959943C046DF65C93888D93BE7A05CF43225F8483AEDED2491DBE3B08253C26A
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C0AB0D, Relevance: .1, Instructions: 98COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 32f7948e4c94a25e88c07fbcbb2c583bf54a8612958025d5c98432ec5c6f5654
              • Instruction ID: 995f671023c8edfccafc7ce040c7d278b59e94b8e3c79a793b84c9c6b809f9b1
              • Opcode Fuzzy Hash: 32f7948e4c94a25e88c07fbcbb2c583bf54a8612958025d5c98432ec5c6f5654
              • Instruction Fuzzy Hash: 0C31E5708447818EDF258F3888C9766BBD1EF43324F1982EAC9A68E1DBD37A4141C713
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C066BB, Relevance: .1, Instructions: 94COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7119e2ab6ec131cf3fd4b418c92cbf3bb0b7186c94a0847b5fe0fb7f0fe91d83
              • Instruction ID: 14df083281a818db2abc99a540177eff3f6432e2fce5008b82ee92bc225fd714
              • Opcode Fuzzy Hash: 7119e2ab6ec131cf3fd4b418c92cbf3bb0b7186c94a0847b5fe0fb7f0fe91d83
              • Instruction Fuzzy Hash: 8F217DB38A82D5CBCB606E348C826F9376CEF51311F86061EDCC6D7652D3718592C799
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C066B0, Relevance: .1, Instructions: 73COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ec6a118b51c843a286b0ff5627215199edfe68db06c80d23f07f88aed5c6da3a
              • Instruction ID: 97e6d4e5912f5dfaef7ef8918a1be8a6cded9f95cbdd488b360d06be04f533ac
              • Opcode Fuzzy Hash: ec6a118b51c843a286b0ff5627215199edfe68db06c80d23f07f88aed5c6da3a
              • Instruction Fuzzy Hash: 7E212672918215CFD7605E38D880ADE77A5AFA1360F97051FD8C6E7760D3719981CB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C09956, Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1c3f69db757ec428a7bbd75ed4ce692cc8ea33d1cb374dbff192d2d6b7ef0384
              • Instruction ID: 6f8bbfee750799a8590ad2e1bd47a017c0600dbbcf2321bba6326e74a6bdc012
              • Opcode Fuzzy Hash: 1c3f69db757ec428a7bbd75ed4ce692cc8ea33d1cb374dbff192d2d6b7ef0384
              • Instruction Fuzzy Hash: 08F01C75B05601CFC714DF04C5D5F9AB3A2BFA5B80F118065D8598B666C730ED04CA10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C09968, Relevance: .0, Instructions: 24COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 235b9729254b4ec3ad7d96c8800e3341a4d5a0ab7db69c5decbd2ba415e489e0
              • Instruction ID: eaaa9142711479cb0694fac76b5cd3c7ee7ac6738fbc708a67b5b25e50164b39
              • Opcode Fuzzy Hash: 235b9729254b4ec3ad7d96c8800e3341a4d5a0ab7db69c5decbd2ba415e489e0
              • Instruction Fuzzy Hash: C3E01A75A042018FC725CF04C6C1B997362AF95B40F208064D85C8B2A6D771AE48C651
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C08FC3, Relevance: .0, Instructions: 6COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7b50c2421cc2fa70b41d43e1c509998d12eb5d8ab14cbe5cac97ad1e202b403a
              • Instruction ID: 8f1fe3b94699e1fbe2a3fcd6504e12412deb678500b261f2c3fb563ad8588b6f
              • Opcode Fuzzy Hash: 7b50c2421cc2fa70b41d43e1c509998d12eb5d8ab14cbe5cac97ad1e202b403a
              • Instruction Fuzzy Hash: A7B09230211540CFCE96CA0AC180F4073B1BB48A00F4204C0E4028BA52C225E800CA40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02C06570, Relevance: .0, Instructions: 6COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.1168698485.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e0ec8044d55284a10f5932728e6c4a76dbf9d83842d798d8e448099b51cb11e3
              • Instruction ID: a026a310f9d08bb1d858143eb29fddbf5fc3d9bc52f9beb0b7c2352c6f2dcf67
              • Opcode Fuzzy Hash: e0ec8044d55284a10f5932728e6c4a76dbf9d83842d798d8e448099b51cb11e3
              • Instruction Fuzzy Hash: CDB002B66515819FEF56DB08D591B4073A4FB55648B0904D0E412DB712D224E910CA04
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00420990, Relevance: 82.5, APIs: 39, Strings: 8, Instructions: 264COMMON
              Download Yara Rule
              APIs
              • __vbaNew2.MSVBVM60(004028D8,00422010), ref: 004209E3
              • __vbaObjSet.MSVBVM60(?,00000000), ref: 00420A02
              • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403B64,00000134), ref: 00420A47
              • __vbaFreeObj.MSVBVM60 ref: 00420A54
              • __vbaLenBstrB.MSVBVM60(00403EBC), ref: 00420A5F
              • __vbaNew2.MSVBVM60(00403B24,004223CC), ref: 00420A81
              • __vbaHresultCheckObj.MSVBVM60(00000000,024AEF84,00403B14,00000014), ref: 00420AA6
              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403B34,00000138), ref: 00420ACF
              • __vbaFreeObj.MSVBVM60 ref: 00420AD4
              • #690.MSVBVM60(Godset,Fourpounder,Nittenaarigt4,FILMDOM), ref: 00420AEE
              • __vbaNew2.MSVBVM60(004028D8,00422010), ref: 00420B07
              • __vbaObjSet.MSVBVM60(?,00000000), ref: 00420B20
              • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403BC0,00000120), ref: 00420B43
              • __vbaNew2.MSVBVM60(004028D8,00422010), ref: 00420B58
              • __vbaObjSet.MSVBVM60(?,00000000), ref: 00420B71
              • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403B88,00000130), ref: 00420B94
              • __vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 00420BA2
              • __vbaI4Var.MSVBVM60(00000000), ref: 00420BAC
              • __vbaInStr.MSVBVM60(00000000,?,PETHER,00000000), ref: 00420BC0
              • __vbaFreeStr.MSVBVM60 ref: 00420BCF
              • __vbaFreeObjList.MSVBVM60(00000003,?,?,?), ref: 00420BDF
              • __vbaFreeVar.MSVBVM60 ref: 00420BEB
              • __vbaStrCat.MSVBVM60(00403F78,00403F6C,00000002), ref: 00420C05
              • __vbaStrMove.MSVBVM60 ref: 00420C16
              • __vbaInStr.MSVBVM60(00000000,00403F78,00000000), ref: 00420C20
              • __vbaFreeStr.MSVBVM60 ref: 00420C33
              • #703.MSVBVM60(?,000000FF,000000FE,000000FE,000000FE), ref: 00420C54
              • __vbaStrMove.MSVBVM60 ref: 00420C5F
              • __vbaFreeVar.MSVBVM60 ref: 00420C6A
              • __vbaStrCat.MSVBVM60(00403F94,15:15:), ref: 00420C76
              • __vbaStrMove.MSVBVM60 ref: 00420C81
              • #541.MSVBVM60(00000002,00000000), ref: 00420C88
              • __vbaStrVarMove.MSVBVM60(00000002), ref: 00420C92
              • __vbaStrMove.MSVBVM60 ref: 00420C9D
              • __vbaFreeStr.MSVBVM60 ref: 00420CA2
              • __vbaFreeVar.MSVBVM60 ref: 00420CA7
              • #580.MSVBVM60(Diaphysial,00000001), ref: 00420CB0
              • __vbaFreeStr.MSVBVM60(00420CF8), ref: 00420CF0
              • __vbaFreeStr.MSVBVM60 ref: 00420CF5
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1167637296.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.1167629721.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.1167663876.0000000000422000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.1167671564.0000000000424000.00000002.00020000.sdmp Download File
              Yara matches
              Similarity
              • API ID: __vba$Free$CheckHresultMove$New2$#541#580#690#703BstrCallLateList
              • String ID: 15:15:$Afgiftsperioderne3$Diaphysial$FILMDOM$Fourpounder$Godset$Nittenaarigt4$PETHER
              • API String ID: 132566401-2679451372
              • Opcode ID: e057cd6bddb2a7e870e7e090fca35366fab9f92bd7c456bdb5620bf0b97dfe87
              • Instruction ID: fa6563274d4348cda589a010f9da647bd6669277f0728cd73f1a27b777d72cba
              • Opcode Fuzzy Hash: e057cd6bddb2a7e870e7e090fca35366fab9f92bd7c456bdb5620bf0b97dfe87
              • Instruction Fuzzy Hash: C6918171A40215AFCB14DFA4DE89FDE7BB8EF48705F10412AF502B72E1DA74A905CB68
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0041FAE0, Relevance: 75.6, APIs: 42, Strings: 1, Instructions: 337COMMON
              Download Yara Rule
              APIs
              • __vbaStrCopy.MSVBVM60 ref: 0041FB41
              • __vbaHresultCheckObj.MSVBVM60(00000000,004018A8,004033BC,00000114), ref: 0041FB6A
              • __vbaHresultCheckObj.MSVBVM60(00000000,004018A8,004033BC,00000110), ref: 0041FB93
              • __vbaNew2.MSVBVM60(00403B24,004223CC), ref: 0041FBB1
              • __vbaHresultCheckObj.MSVBVM60(00000000,024AEF84,00403B14,00000014), ref: 0041FBD6
              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403B34,00000110), ref: 0041FBFC
              • __vbaStrMove.MSVBVM60 ref: 0041FC0B
              • __vbaFreeObj.MSVBVM60 ref: 0041FC14
              • __vbaNew2.MSVBVM60(00403B24,004223CC), ref: 0041FC2D
              • __vbaHresultCheckObj.MSVBVM60(00000000,024AEF84,00403B14,00000014), ref: 0041FC52
              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403B34,00000130), ref: 0041FC78
              • __vbaStrMove.MSVBVM60 ref: 0041FC87
              • __vbaFreeObj.MSVBVM60 ref: 0041FC90
              • __vbaNew2.MSVBVM60(004028D8,00422010), ref: 0041FCA9
              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041FCC2
              • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403B44,00000128), ref: 0041FCE9
              • _adj_fdiv_m64.MSVBVM60 ref: 0041FD0E
              • __vbaFpI4.MSVBVM60(43540000,?,42500000), ref: 0041FD3F
              • __vbaHresultCheckObj.MSVBVM60(00000000,004018A8,004033BC,000002C0,?,42500000), ref: 0041FD7E
              • __vbaFreeObj.MSVBVM60(?,42500000), ref: 0041FD83
              • #538.MSVBVM60(?,000007DB,0000000B,0000000B), ref: 0041FD96
              • #557.MSVBVM60(?), ref: 0041FDA0
              • __vbaFreeVar.MSVBVM60(?,42500000), ref: 0041FDBD
              • __vbaNew2.MSVBVM60(00403B24,004223CC), ref: 0041FDDB
              • __vbaHresultCheckObj.MSVBVM60(00000000,024AEF84,00403B14,00000014), ref: 0041FE00
              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403B34,000000D8), ref: 0041FE26
              • __vbaStrMove.MSVBVM60 ref: 0041FE3B
              • __vbaFreeObj.MSVBVM60 ref: 0041FE40
              • #535.MSVBVM60 ref: 0041FE46
              • __vbaVarDup.MSVBVM60 ref: 0041FE62
              • #667.MSVBVM60(?), ref: 0041FE6C
              • __vbaStrMove.MSVBVM60 ref: 0041FE77
              • __vbaFreeVar.MSVBVM60 ref: 0041FE7C
              • __vbaNew2.MSVBVM60(004028D8,00422010), ref: 0041FE91
              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041FEAA
              • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403BF4,00000078), ref: 0041FECB
              • __vbaFreeObj.MSVBVM60 ref: 0041FED6
              • __vbaFreeStr.MSVBVM60(0041FF20), ref: 0041FF09
              • __vbaFreeStr.MSVBVM60 ref: 0041FF0E
              • __vbaFreeStr.MSVBVM60 ref: 0041FF13
              • __vbaFreeStr.MSVBVM60 ref: 0041FF18
              • __vbaFreeStr.MSVBVM60 ref: 0041FF1D
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1167637296.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.1167629721.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.1167663876.0000000000422000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.1167671564.0000000000424000.00000002.00020000.sdmp Download File
              Yara matches
              Similarity
              • API ID: __vba$Free$CheckHresult$New2$Move$#535#538#557#667Copy_adj_fdiv_m64
              • String ID: Udstyringer4
              • API String ID: 551562340-2591053628
              • Opcode ID: 830686ad3cbab055e1b37ec1902714f65d8677b06c7a9cc1bb7ba1c6869fc796
              • Instruction ID: 231223afcbeaf150e86558060e181ed491184cb173e17b2c3e2a52fbbf55f01b
              • Opcode Fuzzy Hash: 830686ad3cbab055e1b37ec1902714f65d8677b06c7a9cc1bb7ba1c6869fc796
              • Instruction Fuzzy Hash: 24C19470A00219ABCB14DFA4DD88EEEBBB8FF48705F10852AF505B71B1DB745946CB68
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0041F260, Relevance: 63.2, APIs: 35, Strings: 1, Instructions: 229COMMON
              Download Yara Rule
              APIs
              • __vbaStrCat.MSVBVM60(00403D5C,00403D54), ref: 0041F2C8
              • __vbaStrMove.MSVBVM60 ref: 0041F2D5
              • __vbaStrCat.MSVBVM60(00403D64,00000000), ref: 0041F2DD
              • __vbaStrMove.MSVBVM60 ref: 0041F2E4
              • __vbaFreeStr.MSVBVM60 ref: 0041F2EF
              • #514.MSVBVM60(?,00000002), ref: 0041F2F7
              • __vbaStrMove.MSVBVM60 ref: 0041F302
              • __vbaStrCmp.MSVBVM60(00403D64,00000000), ref: 0041F30A
              • __vbaFreeStr.MSVBVM60 ref: 0041F31D
              • __vbaNew2.MSVBVM60(00403B24,004223CC), ref: 0041F33A
              • __vbaHresultCheckObj.MSVBVM60(00000000,024AEF84,00403B14,00000014), ref: 0041F365
              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403B34,000000E8), ref: 0041F393
              • __vbaStrMove.MSVBVM60 ref: 0041F3A4
              • __vbaFreeObj.MSVBVM60 ref: 0041F3A9
              • #536.MSVBVM60(?), ref: 0041F3BE
              • __vbaStrMove.MSVBVM60 ref: 0041F3C9
              • __vbaFreeVar.MSVBVM60 ref: 0041F3CE
              • #570.MSVBVM60(00000010), ref: 0041F3D6
              • __vbaStrCat.MSVBVM60(00403D74,00403D6C), ref: 0041F3FC
              • #632.MSVBVM60(?,?,00000002,00000002), ref: 0041F41A
              • __vbaVarTstNe.MSVBVM60(?,?), ref: 0041F43F
              • __vbaFreeVarList.MSVBVM60(00000003,00000008,00000002,?), ref: 0041F456
              • __vbaNew2.MSVBVM60(00403B24,004223CC), ref: 0041F47A
              • __vbaHresultCheckObj.MSVBVM60(00000000,024AEF84,00403B14,00000014), ref: 0041F49F
              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403B34,000000C8), ref: 0041F4C8
              • __vbaFreeObj.MSVBVM60 ref: 0041F4CD
              • #613.MSVBVM60(00000002,00000008), ref: 0041F4E6
              • __vbaStrVarMove.MSVBVM60(00000002), ref: 0041F4F0
              • __vbaStrMove.MSVBVM60 ref: 0041F4FB
              • __vbaFreeVarList.MSVBVM60(00000002,00000008,00000002), ref: 0041F50A
              • __vbaFileOpen.MSVBVM60(00000020,000000FF,000000B4,kombinationsuddannelse), ref: 0041F521
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1167637296.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.1167629721.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.1167663876.0000000000422000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.1167671564.0000000000424000.00000002.00020000.sdmp Download File
              Yara matches
              Similarity
              • API ID: __vba$FreeMove$CheckHresult$ListNew2$#514#536#570#613#632FileOpen
              • String ID: kombinationsuddannelse
              • API String ID: 2582689820-1354069041
              • Opcode ID: f7840ed38d94dd04d1cd2ea255f7d12540ec061983a5bdd7ab530a5bbc0d3f94
              • Instruction ID: 48bfcdac87721c0f83c96b5cf5fcdb4252e26222db99d2a2114edc0bc40228cf
              • Opcode Fuzzy Hash: f7840ed38d94dd04d1cd2ea255f7d12540ec061983a5bdd7ab530a5bbc0d3f94
              • Instruction Fuzzy Hash: F5915B71D00219ABCB10DFA4DD89EEEBBB8FF48704F10412AE505B72A1DB745949CFA8
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0041F590, Relevance: 47.5, APIs: 25, Strings: 2, Instructions: 243COMMON
              Download Yara Rule
              APIs
              • #610.MSVBVM60(?), ref: 0041F60A
              • #610.MSVBVM60(?), ref: 0041F610
              • __vbaVarAdd.MSVBVM60(?,?,?,00000001,00000001), ref: 0041F635
              • #662.MSVBVM60(?,00403DB0,?,00000000), ref: 0041F649
              • __vbaVarTstNe.MSVBVM60(?,?), ref: 0041F66A
              • __vbaFreeVarList.MSVBVM60(00000004,?,?,?,?), ref: 0041F685
              • #536.MSVBVM60(?), ref: 0041F6A6
              • __vbaStrMove.MSVBVM60 ref: 0041F6B1
              • __vbaFreeVar.MSVBVM60 ref: 0041F6BA
              • __vbaNew2.MSVBVM60(00403B24,004223CC), ref: 0041F6D2
              • __vbaHresultCheckObj.MSVBVM60(00000000,024AEF84,00403B14,00000014), ref: 0041F6F7
              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403B34,00000118), ref: 0041F724
              • __vbaI2I4.MSVBVM60 ref: 0041F730
              • __vbaFreeObj.MSVBVM60 ref: 0041F739
              • __vbaNew2.MSVBVM60(004028D8,00422010), ref: 0041F764
              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041F77D
              • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403C4C,00000180), ref: 0041F7A7
              • __vbaLateMemCall.MSVBVM60(?,cvJmrvNfRhBzOP3gU202,00000003), ref: 0041F81F
              • __vbaFreeObj.MSVBVM60 ref: 0041F82B
              • __vbaNew2.MSVBVM60(004028D8,00422010), ref: 0041F844
              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041F85D
              • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403B64,00000134), ref: 0041F8A6
              • __vbaFreeObj.MSVBVM60 ref: 0041F8AF
              • __vbaFreeStr.MSVBVM60(0041F8F8), ref: 0041F8E8
              • __vbaFreeObj.MSVBVM60 ref: 0041F8F1
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1167637296.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.1167629721.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.1167663876.0000000000422000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.1167671564.0000000000424000.00000002.00020000.sdmp Download File
              Yara matches
              Similarity
              • API ID: __vba$Free$CheckHresult$New2$#610$#536#662CallLateListMove
              • String ID: Subfreshman$cvJmrvNfRhBzOP3gU202
              • API String ID: 214454802-1209823192
              • Opcode ID: 7badf9e17b4f1f1e8adc430cde354871014868422eaec725177d22f7d19c7c9b
              • Instruction ID: 480ae12d271a90ae4a6be520db28a2f5cdb48be9f789153bf3c94382df24f6eb
              • Opcode Fuzzy Hash: 7badf9e17b4f1f1e8adc430cde354871014868422eaec725177d22f7d19c7c9b
              • Instruction Fuzzy Hash: C0A14C71D00218AFCB14DFA5DA49ADEFBB8FF48300F1081AAE549B72A1D7745A85CF94
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004200E0, Relevance: 31.7, APIs: 21, Instructions: 171COMMON
              Download Yara Rule
              APIs
              • __vbaStrCat.MSVBVM60(00403E3C,00403E3C), ref: 0042013C
              • #513.MSVBVM60(?,?,00000002), ref: 00420156
              • __vbaVarTstNe.MSVBVM60(?,?), ref: 00420172
              • __vbaFreeVarList.MSVBVM60(00000002,00000008,?), ref: 00420185
              • #610.MSVBVM60(00000008), ref: 0042019B
              • #552.MSVBVM60(?,00000008,00000001), ref: 004201AB
              • __vbaVarMove.MSVBVM60 ref: 004201B7
              • __vbaFreeVar.MSVBVM60 ref: 004201C6
              • #703.MSVBVM60(00000008,000000FF,000000FE,000000FE,000000FE), ref: 004201E2
              • __vbaStrMove.MSVBVM60 ref: 004201ED
              • __vbaFreeVar.MSVBVM60 ref: 004201F6
              • __vbaNew2.MSVBVM60(00403B24,004223CC), ref: 0042020A
              • __vbaHresultCheckObj.MSVBVM60(00000000,024AEF84,00403B14,0000004C), ref: 0042022F
              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403BA0,0000002C), ref: 00420279
              • __vbaFreeObj.MSVBVM60 ref: 00420282
              • __vbaNew2.MSVBVM60(004028D8,00422010), ref: 0042029B
              • __vbaObjSet.MSVBVM60(?,00000000), ref: 004202B4
              • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403B64,00000090), ref: 004202DB
              • __vbaFreeObj.MSVBVM60 ref: 004202EA
              • __vbaFreeStr.MSVBVM60(0042032B), ref: 0042031B
              • __vbaFreeVar.MSVBVM60 ref: 00420324
              Memory Dump Source
              • Source File: 00000001.00000002.1167637296.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.1167629721.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.1167663876.0000000000422000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.1167671564.0000000000424000.00000002.00020000.sdmp Download File
              Yara matches
              Similarity
              • API ID: __vba$Free$CheckHresult$MoveNew2$#513#552#610#703List
              • String ID:
              • API String ID: 1404482011-0
              • Opcode ID: 7f466af613ec9ce0d8d8b1609183387f95fa6eaad7af180c9e6b430d9027e7ba
              • Instruction ID: 8563bcddc98412c6b2d9d476e34a6972226b831563e85fa126edce7881141ce1
              • Opcode Fuzzy Hash: 7f466af613ec9ce0d8d8b1609183387f95fa6eaad7af180c9e6b430d9027e7ba
              • Instruction Fuzzy Hash: 2D611870900219EFCB14DFA4DD89EAEBBB8FF48705F20422AE505B72A1DBB45945CF54
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004204D0, Relevance: 30.1, APIs: 20, Instructions: 137COMMON
              Download Yara Rule
              APIs
              • __vbaStrCopy.MSVBVM60 ref: 00420513
              • #538.MSVBVM60(?,000007DB,0000000B,0000000B), ref: 00420526
              • #557.MSVBVM60(?), ref: 00420530
              • __vbaFreeVar.MSVBVM60 ref: 00420547
              • __vbaNew2.MSVBVM60(00403B24,004223CC), ref: 00420568
              • __vbaHresultCheckObj.MSVBVM60(00000000,024AEF84,00403B14,00000014), ref: 0042058D
              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403B34,000000D8), ref: 004205B7
              • __vbaStrMove.MSVBVM60 ref: 004205CC
              • __vbaFreeObj.MSVBVM60 ref: 004205D1
              • #535.MSVBVM60 ref: 004205D7
              • __vbaNew2.MSVBVM60(004028D8,00422010), ref: 004205F2
              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0042060B
              • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403BB0,00000050), ref: 0042062C
              • #667.MSVBVM60(?), ref: 00420646
              • __vbaStrMove.MSVBVM60 ref: 00420651
              • __vbaFreeObj.MSVBVM60 ref: 00420656
              • __vbaFreeVar.MSVBVM60 ref: 0042065F
              • __vbaFreeStr.MSVBVM60(0042069F), ref: 00420692
              • __vbaFreeStr.MSVBVM60 ref: 00420697
              • __vbaFreeStr.MSVBVM60 ref: 0042069C
              Memory Dump Source
              • Source File: 00000001.00000002.1167637296.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.1167629721.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.1167663876.0000000000422000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.1167671564.0000000000424000.00000002.00020000.sdmp Download File
              Yara matches
              Similarity
              • API ID: __vba$Free$CheckHresult$MoveNew2$#535#538#557#667Copy
              • String ID:
              • API String ID: 1266673281-0
              • Opcode ID: 7f79ac0d813159211cac69a845b53e2b5ee71698286cadb33d2ab93ebe5670c8
              • Instruction ID: 2891159b4f60c15e9b8349b61e7c541d4bd38c8e4fe4f5e75be11360ec97e329
              • Opcode Fuzzy Hash: 7f79ac0d813159211cac69a845b53e2b5ee71698286cadb33d2ab93ebe5670c8
              • Instruction Fuzzy Hash: 2D514D71A00209ABCB14DFA4DE89EDEBBF8EF58701F504126E502B72A0DB745985CF68
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00420D10, Relevance: 13.6, APIs: 9, Instructions: 83COMMON
              Download Yara Rule
              APIs
              • __vbaChkstk.MSVBVM60(?,00401976), ref: 00420D2E
              • __vbaOnError.MSVBVM60(00000000,?,?,?,?,00401976), ref: 00420D6A
              • #677.MSVBVM60(00000000,3FF00000,00000000,3FF00000,00000000,40100000,0000000A,0000000A), ref: 00420DB0
              • __vbaFpR8.MSVBVM60 ref: 00420DB6
              • __vbaFreeVarList.MSVBVM60(00000002,0000000A,0000000A), ref: 00420DF5
              • __vbaOnError.MSVBVM60(000000FF,?,?,00401976), ref: 00420E0F
              • #593.MSVBVM60(0000000A), ref: 00420E2E
              • __vbaFreeVar.MSVBVM60 ref: 00420E3A
              • #570.MSVBVM60(000000B2), ref: 00420E53
              Memory Dump Source
              • Source File: 00000001.00000002.1167637296.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.1167629721.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.1167663876.0000000000422000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.1167671564.0000000000424000.00000002.00020000.sdmp Download File
              Yara matches
              Similarity
              • API ID: __vba$ErrorFree$#570#593#677ChkstkList
              • String ID:
              • API String ID: 520763419-0
              • Opcode ID: 28d15049abd8c96208b5edff753ff5af2a91df26cd7c5d6a67fb37e18f8cc6ae
              • Instruction ID: f22fd35fba29ba563796d0df18da3d232628d3c020bf38ce1bf7b9ff0dc800aa
              • Opcode Fuzzy Hash: 28d15049abd8c96208b5edff753ff5af2a91df26cd7c5d6a67fb37e18f8cc6ae
              • Instruction Fuzzy Hash: 753117B0901308EBEB10DF90DA49BDEBBB4FF04704F208159F645BA2A4D7B91A84CF59
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0041FF50, Relevance: 12.1, APIs: 8, Instructions: 106COMMON
              Download Yara Rule
              APIs
              • __vbaNew2.MSVBVM60(004028D8,00422010), ref: 0041FFA9
              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041FFC8
              • __vbaNew2.MSVBVM60(004028D8,00422010), ref: 0041FFE4
              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041FFFD
              • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403B64,00000048), ref: 0042001A
              • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403C3C,000001EC), ref: 0042005A
              • __vbaFreeStr.MSVBVM60 ref: 00420063
              • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 00420073
              Memory Dump Source
              • Source File: 00000001.00000002.1167637296.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.1167629721.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.1167663876.0000000000422000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.1167671564.0000000000424000.00000002.00020000.sdmp Download File
              Yara matches
              Similarity
              • API ID: __vba$CheckFreeHresultNew2$List
              • String ID:
              • API String ID: 2509323985-0
              • Opcode ID: 29f5da922efe6075f4057789a51e5720bb2f08514b6014b63bd06b542d905309
              • Instruction ID: 8f0d9fe11ca6a897ba9e7dde3d97d91f2629ccbd087a869995a550dd71c9b25b
              • Opcode Fuzzy Hash: 29f5da922efe6075f4057789a51e5720bb2f08514b6014b63bd06b542d905309
              • Instruction Fuzzy Hash: 81414171A00214AFDB10DFA8D945F9EBBF8FB08B00F10816AF545F7251D6799946CBA8
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00420360, Relevance: 12.1, APIs: 8, Instructions: 101COMMON
              Download Yara Rule
              APIs
              • __vbaNew2.MSVBVM60(004028D8,00422010), ref: 004203B3
              • __vbaObjSet.MSVBVM60(?,00000000), ref: 004203D2
              • __vbaNew2.MSVBVM60(004028D8,00422010), ref: 004203EE
              • __vbaObjSet.MSVBVM60(?,00000000), ref: 00420407
              • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403B44,00000148), ref: 0042042A
              • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403C3C,000001EC), ref: 0042046A
              • __vbaFreeStr.MSVBVM60 ref: 00420473
              • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 00420483
              Memory Dump Source
              • Source File: 00000001.00000002.1167637296.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.1167629721.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.1167663876.0000000000422000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.1167671564.0000000000424000.00000002.00020000.sdmp Download File
              Yara matches
              Similarity
              • API ID: __vba$CheckFreeHresultNew2$List
              • String ID:
              • API String ID: 2509323985-0
              • Opcode ID: 9f8fe6a090c8eb6267e5efed84d44729eba5860d8a7046815a632ea10354ac6b
              • Instruction ID: 99953ab5d208cb7d8311e9f671f43556dd09941c3197d9ee0e2a8119e2d8ab32
              • Opcode Fuzzy Hash: 9f8fe6a090c8eb6267e5efed84d44729eba5860d8a7046815a632ea10354ac6b
              • Instruction Fuzzy Hash: 11314E70A00214AFC710DFA8DD49F9EBBF8FB08B04F50816AF945F72A1D6789946CB94
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0041F920, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
              Download Yara Rule
              APIs
              • __vbaNew2.MSVBVM60(004028D8,00422010), ref: 0041F963
              • __vbaObjSet.MSVBVM60(00000000,00000000), ref: 0041F97C
              • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403C3C,000001EC), ref: 0041F9C4
              • __vbaFreeObj.MSVBVM60 ref: 0041F9CD
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1167637296.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.1167629721.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.1167663876.0000000000422000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.1167671564.0000000000424000.00000002.00020000.sdmp Download File
              Yara matches
              Similarity
              • API ID: __vba$CheckFreeHresultNew2
              • String ID: Protozoers3
              • API String ID: 1645334062-1714416233
              • Opcode ID: 01eca251b4c02b30c266f777fc0763c8ce9a230c7116948c0675c65c4fe0b8e9
              • Instruction ID: 087e528e7d48c43339b9fd97a99cc15cb6e6d83a3ab212daaf4f8e33a7a4fb3a
              • Opcode Fuzzy Hash: 01eca251b4c02b30c266f777fc0763c8ce9a230c7116948c0675c65c4fe0b8e9
              • Instruction Fuzzy Hash: D71184B0A00205ABD710AF68CA49F9ABBB8FB08700F108139F505F3290D3789945CB99
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0041FA00, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
              Download Yara Rule
              APIs
              • __vbaNew2.MSVBVM60(004028D8,00422010), ref: 0041FA43
              • __vbaObjSet.MSVBVM60(00000000,00000000), ref: 0041FA5C
              • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403B88,000001D0), ref: 0041FA9F
              • __vbaFreeObj.MSVBVM60 ref: 0041FAA8
              Memory Dump Source
              • Source File: 00000001.00000002.1167637296.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.1167629721.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.1167663876.0000000000422000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.1167671564.0000000000424000.00000002.00020000.sdmp Download File
              Yara matches
              Similarity
              • API ID: __vba$CheckFreeHresultNew2
              • String ID:
              • API String ID: 1645334062-0
              • Opcode ID: 5bf0cf22bf1a9eeab911895eea568c8b18f0f32451684c929a351af4c71ab6e8
              • Instruction ID: 07ab822bcfed81bcf203bc07bd4140f67079efd18126395c9379c71577950573
              • Opcode Fuzzy Hash: 5bf0cf22bf1a9eeab911895eea568c8b18f0f32451684c929a351af4c71ab6e8
              • Instruction Fuzzy Hash: 051182B4A00205AFD710DF68CA49F9ABBB8FF48700F108539F949F3690D7786945CBA9
              Uniqueness

              Uniqueness Score: -1.00%