Loading ...

Play interactive tourEdit tour

Windows Analysis Report URGENT SWIFT COPY FOR JUNE 14 2021.exe

Overview

General Information

Sample Name:URGENT SWIFT COPY FOR JUNE 14 2021.exe
Analysis ID:434445
MD5:13fe879d4b0acd6b10e9e4db7fcf3a49
SHA1:c513f61b28a5602768fc3a07bea6efe0b743dc26
SHA256:f3a520aa6296de59468c3a38d45660091097c056b7249a66d3443f3bd4ecf997
Tags:exe
Infos:

Most interesting Screenshot:

Detection

GuLoader
Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected GuLoader
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found potential dummy code loops (likely to delay analysis)
Potentially malicious time measurement code found
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a DirectInput object (often for capturing keystrokes)
Detected potential crypto function
PE file contains strange resources
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "https://onedrive.live.com/download?cid=BAC03012EC7BD279&resid=BAC03012EC7BD279%21114&authkey=AETxWDW7LlqQvxw"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

    Sigma Overview

    No Sigma rule has matched

    Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Found malware configurationShow sources
    Source: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmpMalware Configuration Extractor: GuLoader {"Payload URL": "https://onedrive.live.com/download?cid=BAC03012EC7BD279&resid=BAC03012EC7BD279%21114&authkey=AETxWDW7LlqQvxw"}
    Multi AV Scanner detection for submitted fileShow sources
    Source: URGENT SWIFT COPY FOR JUNE 14 2021.exeReversingLabs: Detection: 10%
    Source: URGENT SWIFT COPY FOR JUNE 14 2021.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

    Networking:

    barindex
    C2 URLs / IPs found in malware configurationShow sources
    Source: Malware configuration extractorURLs: https://onedrive.live.com/download?cid=BAC03012EC7BD279&resid=BAC03012EC7BD279%21114&authkey=AETxWDW7LlqQvxw
    Source: URGENT SWIFT COPY FOR JUNE 14 2021.exe, 00000000.00000002.575222704.00000000007EA000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeProcess Stats: CPU usage > 98%
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D5977 NtAllocateVirtualMemory,0_2_007D5977
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D5A5A NtAllocateVirtualMemory,0_2_007D5A5A
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D5A0F NtAllocateVirtualMemory,0_2_007D5A0F
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D5B02 NtAllocateVirtualMemory,0_2_007D5B02
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D5B81 NtAllocateVirtualMemory,0_2_007D5B81
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_004121600_2_00412160
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D59770_2_007D5977
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D407B0_2_007D407B
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D14700_2_007D1470
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D14630_2_007D1463
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D34510_2_007D3451
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D0C500_2_007D0C50
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D443D0_2_007D443D
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D343B0_2_007D343B
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D102F0_2_007D102F
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D402E0_2_007D402E
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3C1D0_2_007D3C1D
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D44FA0_2_007D44FA
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D0CF40_2_007D0CF4
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D10F30_2_007D10F3
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D0CDC0_2_007D0CDC
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D14BB0_2_007D14BB
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D0CAD0_2_007D0CAD
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D34AB0_2_007D34AB
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D40900_2_007D4090
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D10920_2_007D1092
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D448D0_2_007D448D
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3C830_2_007D3C83
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D41680_2_007D4168
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D296A0_2_007D296A
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3D510_2_007D3D51
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D254C0_2_007D254C
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D0D350_2_007D0D35
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D15350_2_007D1535
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D25330_2_007D2533
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D452B0_2_007D452B
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D410B0_2_007D410B
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3D010_2_007D3D01
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D0D000_2_007D0D00
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D15000_2_007D1500
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D0DFB0_2_007D0DFB
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3DF40_2_007D3DF4
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D41F40_2_007D41F4
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D95F10_2_007D95F1
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D29D30_2_007D29D3
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D19C00_2_007D19C0
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D45BD0_2_007D45BD
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D15BE0_2_007D15BE
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D19AE0_2_007D19AE
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D41A40_2_007D41A4
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3DA30_2_007D3DA3
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D259E0_2_007D259E
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D0D8F0_2_007D0D8F
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D458F0_2_007D458F
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D158E0_2_007D158E
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D96740_2_007D9674
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D2A700_2_007D2A70
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D0E620_2_007D0E62
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D42590_2_007D4259
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3E500_2_007D3E50
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D963B0_2_007D963B
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D2A2D0_2_007D2A2D
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D96210_2_007D9621
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D16200_2_007D1620
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D461C0_2_007D461C
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D5A0F0_2_007D5A0F
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D96080_2_007D9608
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D26000_2_007D2600
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D96FD0_2_007D96FD
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3EF40_2_007D3EF4
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D2ADE0_2_007D2ADE
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3AD00_2_007D3AD0
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3AC90_2_007D3AC9
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D96CB0_2_007D96CB
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D0EAC0_2_007D0EAC
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3EA10_2_007D3EA1
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D96880_2_007D9688
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3F780_2_007D3F78
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D576E0_2_007D576E
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3B640_2_007D3B64
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D0F670_2_007D0F67
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D43520_2_007D4352
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3F480_2_007D3F48
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D2B320_2_007D2B32
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D97170_2_007D9717
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3B0F0_2_007D3B0F
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D43080_2_007D4308
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D0BFC0_2_007D0BFC
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D0FCA0_2_007D0FCA
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3FC30_2_007D3FC3
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D0BBC0_2_007D0BBC
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3BBA0_2_007D3BBA
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D43A30_2_007D43A3
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D2B9E0_2_007D2B9E
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D0B950_2_007D0B95
    Source: URGENT SWIFT COPY FOR JUNE 14 2021.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
    Source: URGENT SWIFT COPY FOR JUNE 14 2021.exe, 00000000.00000002.574379251.0000000000442000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameSerails4.exe vs URGENT SWIFT COPY FOR JUNE 14 2021.exe
    Source: URGENT SWIFT COPY FOR JUNE 14 2021.exe, 00000000.00000002.575132852.00000000007C0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs URGENT SWIFT COPY FOR JUNE 14 2021.exe
    Source: URGENT SWIFT COPY FOR JUNE 14 2021.exeBinary or memory string: OriginalFilenameSerails4.exe vs URGENT SWIFT COPY FOR JUNE 14 2021.exe
    Source: URGENT SWIFT COPY FOR JUNE 14 2021.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
    Source: classification engineClassification label: mal88.troj.evad.winEXE@1/0@0/0
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeFile created: C:\Users\user\AppData\Local\Temp\~DF5BE9B5AE29950903.TMPJump to behavior
    Source: URGENT SWIFT COPY FOR JUNE 14 2021.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: URGENT SWIFT COPY FOR JUNE 14 2021.exeReversingLabs: Detection: 10%

    Data Obfuscation:

    barindex
    Yara detected GuLoaderShow sources
    Source: Yara matchFile source: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, type: MEMORY
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_00409F9B push esp; iretd 0_2_0040A018
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D8C2F push eax; ret 0_2_007D8C30
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D1FD9 push FFFFFFF6h; ret 0_2_007D1FF7
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D6BB1 push cs; retf 0_2_007D6BBD
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion:

    barindex
    Contains functionality to detect hardware virtualization (CPUID execution measurement)Show sources
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D407B 0_2_007D407B
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D1470 0_2_007D1470
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D1463 0_2_007D1463
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D402E 0_2_007D402E
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3C1D 0_2_007D3C1D
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D14BB 0_2_007D14BB
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D4090 0_2_007D4090
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3C83 0_2_007D3C83
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D296A 0_2_007D296A
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3D51 0_2_007D3D51
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D1535 0_2_007D1535
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3D01 0_2_007D3D01
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D1500 0_2_007D1500
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3DF4 0_2_007D3DF4
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D29D3 0_2_007D29D3
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D15BE 0_2_007D15BE
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3DA3 0_2_007D3DA3
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D158E 0_2_007D158E
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D2A70 0_2_007D2A70
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3E50 0_2_007D3E50
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D2A2D 0_2_007D2A2D
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3EF4 0_2_007D3EF4
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D2ADE 0_2_007D2ADE
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3AD0 0_2_007D3AD0
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3AC9 0_2_007D3AC9
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3EA1 0_2_007D3EA1
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3F78 0_2_007D3F78
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3B64 0_2_007D3B64
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3F48 0_2_007D3F48
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3B0F 0_2_007D3B0F
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3FC3 0_2_007D3FC3
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3BBA 0_2_007D3BBA
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D0B95 0_2_007D0B95
    Detected RDTSC dummy instruction sequence (likely for instruction hammering)Show sources
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeRDTSC instruction interceptor: First address: 00000000007D5B13 second address: 00000000007D5B13 instructions:
    Tries to detect virtualization through RDTSC time measurementsShow sources
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeRDTSC instruction interceptor: First address: 00000000007D5B13 second address: 00000000007D5B13 instructions:
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeRDTSC instruction interceptor: First address: 00000000007D7BBF second address: 00000000007D7BBF instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 mov byte ptr [ebx], al 0x00000005 test cl, FFFFFF8Ch 0x00000008 inc ebx 0x00000009 inc edx 0x0000000a dec ecx 0x0000000b test ecx, ecx 0x0000000d jne 00007FE24CE437DBh 0x0000000f mov al, byte ptr [edx] 0x00000011 pushad 0x00000012 mov esi, 00000046h 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeRDTSC instruction interceptor: First address: 00000000007D5C53 second address: 00000000007D5C9E instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b sub edi, C59F85C6h 0x00000011 test ecx, 1D95ACF7h 0x00000017 xor edi, 41F17E9Fh 0x0000001d jmp 00007FE24C3A1002h 0x0000001f cmp dl, FFFFFFDBh 0x00000022 test dh, dh 0x00000024 push edi 0x00000025 cmp eax, ecx 0x00000027 mov edi, dword ptr [ebp+0000027Fh] 0x0000002d test ch, dh 0x0000002f cmp bl, al 0x00000031 push dword ptr [ebp+00000140h] 0x00000037 pushad 0x00000038 lfence 0x0000003b rdtsc
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeRDTSC instruction interceptor: First address: 00000000007D53A0 second address: 00000000007D53A0 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 2022209Bh 0x00000007 xor eax, 80859C35h 0x0000000c xor eax, 9F31FB3Eh 0x00000011 xor eax, 3F964791h 0x00000016 cpuid 0x00000018 jmp 00007FE24CE43802h 0x0000001a cmp bx, cx 0x0000001d popad 0x0000001e test cl, bl 0x00000020 call 00007FE24CE437FDh 0x00000025 lfence 0x00000028 mov edx, B4C5CB13h 0x0000002d xor edx, 7102A7F7h 0x00000033 xor edx, 1935794Bh 0x00000039 xor edx, A30C15BBh 0x0000003f mov edx, dword ptr [edx] 0x00000041 lfence 0x00000044 ret 0x00000045 cmp di, FA17h 0x0000004a sub edx, esi 0x0000004c ret 0x0000004d test dx, 46E5h 0x00000052 pop ecx 0x00000053 add edi, edx 0x00000055 test cx, ax 0x00000058 dec ecx 0x00000059 cmp ecx, 00000000h 0x0000005c jne 00007FE24CE437AFh 0x0000005e jmp 00007FE24CE43806h 0x00000060 test eax, edx 0x00000062 mov dword ptr [ebp+0000025Eh], edi 0x00000068 mov edi, ecx 0x0000006a cmp ax, dx 0x0000006d push edi 0x0000006e test ax, bx 0x00000071 mov edi, dword ptr [ebp+0000025Eh] 0x00000077 call 00007FE24CE4382Bh 0x0000007c call 00007FE24CE43835h 0x00000081 lfence 0x00000084 mov edx, B4C5CB13h 0x00000089 xor edx, 7102A7F7h 0x0000008f xor edx, 1935794Bh 0x00000095 xor edx, A30C15BBh 0x0000009b mov edx, dword ptr [edx] 0x0000009d lfence 0x000000a0 ret 0x000000a1 mov esi, edx 0x000000a3 pushad 0x000000a4 rdtsc
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D407B rdtsc 0_2_007D407B
    Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected

    Anti Debugging:

    barindex
    Found potential dummy code loops (likely to delay analysis)Show sources
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeProcess Stats: CPU usage > 90% for more than 60s
    Potentially malicious time measurement code foundShow sources
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D2A70 Start: 007D2BFF End: 007D2B0A0_2_007D2A70
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D2A2D Start: 007D2BFF End: 007D2B0A0_2_007D2A2D
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D2ADE Start: 007D2BFF End: 007D2B0A0_2_007D2ADE
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D407B rdtsc 0_2_007D407B
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D3451 mov eax, dword ptr fs:[00000030h]0_2_007D3451
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D343B mov eax, dword ptr fs:[00000030h]0_2_007D343B
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D296A mov eax, dword ptr fs:[00000030h]0_2_007D296A
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D526B mov eax, dword ptr fs:[00000030h]0_2_007D526B
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D7F7D mov eax, dword ptr fs:[00000030h]0_2_007D7F7D
    Source: C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exeCode function: 0_2_007D7BD1 mov eax, dword ptr fs:[00000030h]0_2_007D7BD1
    Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
    Source: URGENT SWIFT COPY FOR JUNE 14 2021.exe, 00000000.00000002.575438310.0000000000D70000.00000002.00000001.sdmpBinary or memory string: Program Manager
    Source: URGENT SWIFT COPY FOR JUNE 14 2021.exe, 00000000.00000002.575438310.0000000000D70000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
    Source: URGENT SWIFT COPY FOR JUNE 14 2021.exe, 00000000.00000002.575438310.0000000000D70000.00000002.00000001.sdmpBinary or memory string: Progman
    Source: URGENT SWIFT COPY FOR JUNE 14 2021.exe, 00000000.00000002.575438310.0000000000D70000.00000002.00000001.sdmpBinary or memory string: Progmanlock

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection1Virtualization/Sandbox Evasion11Input Capture1Security Software Discovery41Remote ServicesInput Capture1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection1LSASS MemoryVirtualization/Sandbox Evasion11Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothApplication Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information1Security Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Information Discovery31Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.

    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    URGENT SWIFT COPY FOR JUNE 14 2021.exe11%ReversingLabsWin32.Trojan.Wacatac

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    No contacted domains info

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    https://onedrive.live.com/download?cid=BAC03012EC7BD279&resid=BAC03012EC7BD279%21114&authkey=AETxWDW7LlqQvxwfalse
      high

      Contacted IPs

      No contacted IP infos

      General Information

      Joe Sandbox Version:32.0.0 Black Diamond
      Analysis ID:434445
      Start date:15.06.2021
      Start time:00:30:18
      Joe Sandbox Product:CloudBasic
      Overall analysis duration:0h 6m 0s
      Hypervisor based Inspection enabled:false
      Report type:full
      Sample file name:URGENT SWIFT COPY FOR JUNE 14 2021.exe
      Cookbook file name:default.jbs
      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
      Number of analysed new started processes analysed:28
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • HDC enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Detection:MAL
      Classification:mal88.troj.evad.winEXE@1/0@0/0
      EGA Information:Failed
      HDC Information:
      • Successful, ratio: 2.5% (good quality ratio 0%)
      • Quality average: 0.1%
      • Quality standard deviation: 0.5%
      HCA Information:Failed
      Cookbook Comments:
      • Adjust boot time
      • Enable AMSI
      • Found application associated with file extension: .exe
      • Override analysis time to 240s for sample files taking high CPU consumption
      Warnings:
      Show All
      • Max analysis timeout: 220s exceeded, the analysis took too long
      • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
      • Not all processes where analyzed, report is missing behavior information

      Simulations

      Behavior and APIs

      No simulations

      Joe Sandbox View / Context

      IPs

      No context

      Domains

      No context

      ASN

      No context

      JA3 Fingerprints

      No context

      Dropped Files

      No context

      Created / dropped Files

      No created / dropped files found

      Static File Info

      General

      File type:PE32 executable (GUI) Intel 80386, for MS Windows
      Entropy (8bit):5.913443213153397
      TrID:
      • Win32 Executable (generic) a (10002005/4) 99.15%
      • Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81%
      • Generic Win/DOS Executable (2004/3) 0.02%
      • DOS Executable Generic (2002/1) 0.02%
      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
      File name:URGENT SWIFT COPY FOR JUNE 14 2021.exe
      File size:270336
      MD5:13fe879d4b0acd6b10e9e4db7fcf3a49
      SHA1:c513f61b28a5602768fc3a07bea6efe0b743dc26
      SHA256:f3a520aa6296de59468c3a38d45660091097c056b7249a66d3443f3bd4ecf997
      SHA512:faade3ba99908dd10a0ca2f473dd55483256cdd38d795a6c1a41f97838a56f00f8cb4431477907cf099af2733893812c854b598575bd3b4dcf8970d8b61095f4
      SSDEEP:3072:HqCxEJQKX+an/XCf1Tth5P9+Zz3YaXygA1kkX31Z902v4:K3vCf1Bh51+Zsjgqdl8
      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........c.S............&........ .......$......Rich....................PE..L....}.H.....................0.......(............@........

      File Icon

      Icon Hash:2828baa9d2777576

      Static PE Info

      General

      Entrypoint:0x402894
      Entrypoint Section:.text
      Digitally signed:false
      Imagebase:0x400000
      Subsystem:windows gui
      Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
      DLL Characteristics:
      Time Stamp:0x48F37DB6 [Mon Oct 13 16:56:22 2008 UTC]
      TLS Callbacks:
      CLR (.Net) Version:
      OS Version Major:4
      OS Version Minor:0
      File Version Major:4
      File Version Minor:0
      Subsystem Version Major:4
      Subsystem Version Minor:0
      Import Hash:adaafa2c180eccb7addf1201d12c8322

      Entrypoint Preview

      Instruction
      push 004035CCh
      call 00007FE24CC9ECC3h
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      xor byte ptr [eax], al
      add byte ptr [eax], al
      inc eax
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add al, bh
      hlt
      pop edx
      out dx, eax
      in eax, 32h
      sbb al, byte ptr [ebx-5Bh]
      stosb
      retf F444h
      aaa
      dec esp
      cmp eax, dword ptr [eax]
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [ecx], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [edx+75h], ah
      imul esi, dword ptr [ebx+65h], 62h
      outsb
      outsb
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add bh, bh
      int3
      xor dword ptr [eax], eax
      add byte ptr [eax], al
      jecxz 00007FE24CC9ECF4h
      aaa
      jl 00007FE24CC9ECF7h
      inc edi
      cmpsd
      jnc 00007FE24CC9ECE8h
      mov eax, 868A8D7Eh
      sub byte ptr [ebp-4Bh], al
      rcl ebp, 1
      xor dh, byte ptr [edi]
      inc esp
      xchg byte ptr [esi], dl
      mov ah, 3Bh
      mov edi, 3A0FD7EBh
      dec edi
      lodsd
      xor ebx, dword ptr [ecx-48EE309Ah]
      or al, 00h
      stosb
      add byte ptr [eax-2Dh], ah
      xchg eax, ebx
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      mov word ptr [esi], es
      add byte ptr [eax], al
      xchg dword ptr [esi], eax
      add byte ptr [eax], al
      add byte ptr [esi], al
      add byte ptr [edx+61h], cl
      add byte ptr fs:[di], cl
      add dword ptr [eax+eax], ecx
      jnc 00007FE24CC9ED42h
      imul esi, dword ptr [edx+69h], 65737574h

      Data Directories

      NameVirtual AddressVirtual Size Is in Section
      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_IMPORT0x3ebb40x28.text
      IMAGE_DIRECTORY_ENTRY_RESOURCE0x420000x9d8.rsrc
      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x2300x20
      IMAGE_DIRECTORY_ENTRY_IAT0x10000x1b0.text
      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

      Sections

      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
      .text0x10000x3e26c0x3f000False0.288419208829data6.04648752589IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      .data0x400000x1be80x1000False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
      .rsrc0x420000x9d80x1000False0.226806640625data2.09916860007IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

      Resources

      NameRVASizeTypeLanguageCountry
      RT_ICON0x426f00x2e8data
      RT_ICON0x425080x1e8data
      RT_ICON0x423e00x128GLS_BINARY_LSB_FIRST
      RT_GROUP_ICON0x423b00x30data
      RT_VERSION0x421500x260dataEnglishUnited States

      Imports

      DLLImport
      MSVBVM60.DLL_CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaAryMove, __vbaStrVarMove, __vbaLineInputStr, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaRecAnsiToUni, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFpR8, _CIsin, __vbaChkstk, __vbaFileClose, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaAryConstruct2, __vbaI2I4, __vbaObjVar, DllFunctionCall, _adj_fpatan, __vbaRedim, __vbaRecUniToAnsi, EVENT_SINK_Release, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaStrVarVal, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaNew2, __vbaVar2Vec, __vbaInStr, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaLateMemCall, __vbaVarDup, __vbaStrToAnsi, __vbaFpI4, __vbaVarLateMemCallLd, __vbaLateMemCallLd, _CIatan, __vbaStrMove, __vbaCastObj, _allmul, __vbaLateIdSt, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr

      Version Infos

      DescriptionData
      Translation0x0409 0x04b0
      InternalNameSerails4
      FileVersion1.00
      CompanyNameOrion Solutions
      CommentsOrion Solutions
      ProductNamebuksebenene
      ProductVersion1.00
      OriginalFilenameSerails4.exe

      Possible Origin

      Language of compilation systemCountry where language is spokenMap
      EnglishUnited States

      Network Behavior

      No network behavior found

      Code Manipulations

      Statistics

      CPU Usage

      Click to jump to process

      Memory Usage

      Click to jump to process

      High Level Behavior Distribution

      Click to dive into process behavior distribution

      System Behavior

      General

      Start time:00:31:04
      Start date:15/06/2021
      Path:C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exe
      Wow64 process (32bit):true
      Commandline:'C:\Users\user\Desktop\URGENT SWIFT COPY FOR JUNE 14 2021.exe'
      Imagebase:0x400000
      File size:270336 bytes
      MD5 hash:13FE879D4B0ACD6B10E9E4DB7FCF3A49
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:Visual Basic
      Yara matches:
      • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Author: Joe Security
      Reputation:low

      Disassembly

      Code Analysis

      Reset < >

        Executed Functions

        APIs
        • NtAllocateVirtualMemory.NTDLL(8D03DD96,0000014C), ref: 007D5BAB
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID: AllocateMemoryVirtual
        • String ID:
        • API String ID: 2167126740-0
        • Opcode ID: 6c664455fbf1ec470c17d6f52e0033ac17c11b8f424a4e63c2fcdbda7777c79a
        • Instruction ID: 20a0133da2219b4e592c76e8dbb6466d17e9a5f7602ea001755411d5bfbae3d4
        • Opcode Fuzzy Hash: 6c664455fbf1ec470c17d6f52e0033ac17c11b8f424a4e63c2fcdbda7777c79a
        • Instruction Fuzzy Hash: 026147B1204749CFCB20AE35C8A83EB77B6EF69340F54852ADC899B361D3344A459B51
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • NtAllocateVirtualMemory.NTDLL(8D03DD96,0000014C), ref: 007D5BAB
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID: AllocateMemoryVirtual
        • String ID:
        • API String ID: 2167126740-0
        • Opcode ID: ef17d280ae41e1bfd4890a75f75950c30f72664e62bd52facd7d72302a340bea
        • Instruction ID: 207a44ce0a588c8dfc7d5ec325b8640d2c8b2f87564c5294194a7b35a9ceb730
        • Opcode Fuzzy Hash: ef17d280ae41e1bfd4890a75f75950c30f72664e62bd52facd7d72302a340bea
        • Instruction Fuzzy Hash: BA41FDB4604749DFDB30AE38C8647EA7BF1EF59350F54492ADC89DB261E3348A418B52
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • NtAllocateVirtualMemory.NTDLL(8D03DD96,0000014C), ref: 007D5BAB
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID: AllocateMemoryVirtual
        • String ID:
        • API String ID: 2167126740-0
        • Opcode ID: f6264753e11b441b3da6b2c2ae1131f04329b61eac55c79cd0c71eee4a329d9d
        • Instruction ID: 0c3e5cbb2d1a623d116c957fb1db584552fd99ff185f2e594508ca5bbdaa0abe
        • Opcode Fuzzy Hash: f6264753e11b441b3da6b2c2ae1131f04329b61eac55c79cd0c71eee4a329d9d
        • Instruction Fuzzy Hash: 5441EAB4604759DBDB30AE38C865BEE7BF1EF59340F55442EDC89AB221D3348A409B52
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • NtAllocateVirtualMemory.NTDLL(8D03DD96,0000014C), ref: 007D5BAB
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID: AllocateMemoryVirtual
        • String ID:
        • API String ID: 2167126740-0
        • Opcode ID: 828db9db7f0384cf9c8e93971219b2b4b5525fcf97a52e7d59f03707a5e6e44c
        • Instruction ID: 40836cb1d6c99ee1d534862f1660d14ccfa9b8880e3de987e447bf8094c63ebe
        • Opcode Fuzzy Hash: 828db9db7f0384cf9c8e93971219b2b4b5525fcf97a52e7d59f03707a5e6e44c
        • Instruction Fuzzy Hash: AA21EDB910474ADFDB30AE34C8697EB77B1EF59324F50082ADC8AAB221D3348A419F41
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • NtAllocateVirtualMemory.NTDLL(8D03DD96,0000014C), ref: 007D5BAB
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID: AllocateMemoryVirtual
        • String ID:
        • API String ID: 2167126740-0
        • Opcode ID: fa02344341a676053bf72f37b12205b77b59fd26a710fe834ec77428eb5a74f7
        • Instruction ID: f45dc6e1510127362c910b97cc5d4c1dcb54ae474e711219c14852152fdd2c53
        • Opcode Fuzzy Hash: fa02344341a676053bf72f37b12205b77b59fd26a710fe834ec77428eb5a74f7
        • Instruction Fuzzy Hash: E411CE70104685CBDB22AF75C8687EA37B4EF6D314F94481EDC8E9B221D3358B01AB51
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • VirtualAlloc.KERNELBASE(00000000,0000E000,00001000,?,00425D8C,?,?,?), ref: 0041230D
        Memory Dump Source
        • Source File: 00000000.00000002.574108221.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.574090351.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.574364744.0000000000440000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.574379251.0000000000442000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: AllocVirtual
        • String ID:
        • API String ID: 4275171209-0
        • Opcode ID: 02bd21ca44ca1ab28c4f150dc1817860b6d96dec36308c97b94ce70348ad328e
        • Instruction ID: 126ca8fa7feddb4328962d41c8911199c9719d96258d7eafe4871d1aa2672e6c
        • Opcode Fuzzy Hash: 02bd21ca44ca1ab28c4f150dc1817860b6d96dec36308c97b94ce70348ad328e
        • Instruction Fuzzy Hash: A93100339053184BD7D24A308A80B89AA81EF6A341B32C76BDD34F7620D77D599B838C
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • __vbaStrCat.MSVBVM60(00408178,9/9), ref: 0043E69C
        • #557.MSVBVM60(00000008), ref: 0043E6B0
        • __vbaFreeVar.MSVBVM60 ref: 0043E6C7
        • __vbaOnError.MSVBVM60(00000000), ref: 0043E6D7
        • __vbaNew2.MSVBVM60(00404A3C,00440DC0), ref: 0043E6EF
        • __vbaHresultCheckObj.MSVBVM60(00000000,0071ED94,00404A2C,00000014), ref: 0043E714
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,00404A4C,000000E0), ref: 0043E73E
        • __vbaStrMove.MSVBVM60 ref: 0043E753
        • __vbaFreeObj.MSVBVM60 ref: 0043E758
        • #539.MSVBVM60(00000008,00000001,00000001,00000001), ref: 0043E768
        • __vbaStrVarMove.MSVBVM60(00000008), ref: 0043E772
        • __vbaStrMove.MSVBVM60 ref: 0043E77D
        • __vbaFreeVar.MSVBVM60 ref: 0043E782
        • __vbaNew2.MSVBVM60(00404A3C,00440DC0), ref: 0043E79A
        • __vbaHresultCheckObj.MSVBVM60(00000000,0071ED94,00404A2C,00000014), ref: 0043E7BF
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,00404A4C,0000013C), ref: 0043E816
        • __vbaFreeObj.MSVBVM60 ref: 0043E81F
        • #539.MSVBVM60(00000008,00000001,00000001,00000001), ref: 0043E82F
        • __vbaStrVarMove.MSVBVM60(00000008), ref: 0043E839
        • __vbaStrMove.MSVBVM60 ref: 0043E844
        • __vbaFreeVar.MSVBVM60 ref: 0043E849
        • #535.MSVBVM60 ref: 0043E84F
        • #569.MSVBVM60(00000003), ref: 0043E859
        • __vbaVarDup.MSVBVM60 ref: 0043E87B
        • #645.MSVBVM60(00000008,00000000), ref: 0043E886
        • __vbaStrMove.MSVBVM60 ref: 0043E891
        • __vbaFreeVar.MSVBVM60 ref: 0043E896
        • __vbaFreeStr.MSVBVM60(0043E8DB), ref: 0043E8C9
        • __vbaFreeStr.MSVBVM60 ref: 0043E8CE
        • __vbaFreeStr.MSVBVM60 ref: 0043E8D3
        • __vbaFreeStr.MSVBVM60 ref: 0043E8D8
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.574108221.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.574090351.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.574364744.0000000000440000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.574379251.0000000000442000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: __vba$Free$Move$CheckHresult$#539New2$#535#557#569#645Error
        • String ID: 9/9$liniehybriden$tmmen
        • API String ID: 345979831-2612214716
        • Opcode ID: 94b69502f1f5d35ad8214ebbcaae1d14bcca286147aa5b7d10c427e4d6464de8
        • Instruction ID: ac9e52434b9d87ab2a1b8e732e2b2fe5de69b9e97f0a88b25b4e2848648657c9
        • Opcode Fuzzy Hash: 94b69502f1f5d35ad8214ebbcaae1d14bcca286147aa5b7d10c427e4d6464de8
        • Instruction Fuzzy Hash: 4D7118B5D01208AFCB04EFA4DD89ADDBBB4FF48700F10442AE546B72A4DB746989CB58
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #702.MSVBVM60(?,000000FF,000000FE,000000FE,000000FE), ref: 0043E5CA
        • __vbaStrMove.MSVBVM60 ref: 0043E5D5
        • __vbaFreeVar.MSVBVM60 ref: 0043E5DE
        • __vbaFreeStr.MSVBVM60(0043E60E), ref: 0043E607
        Memory Dump Source
        • Source File: 00000000.00000002.574108221.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.574090351.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.574364744.0000000000440000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.574379251.0000000000442000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: __vba$Free$#702Move
        • String ID:
        • API String ID: 1078434368-0
        • Opcode ID: 4763610efe997dd852dd0d7718946ce9a93dde3d141a14f6ec089b6554c02273
        • Instruction ID: 87392ad326f010e09d60bfa53cc93c0ea6c288e6b165405bfb2a0ce56e843525
        • Opcode Fuzzy Hash: 4763610efe997dd852dd0d7718946ce9a93dde3d141a14f6ec089b6554c02273
        • Instruction Fuzzy Hash: 2601E170C05219ABCB00DF95DE49B9EBBB8AB54725F208325E421725E0DB785905CB95
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.574108221.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.574090351.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.574364744.0000000000440000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.574379251.0000000000442000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: #100
        • String ID: VB5!6&*
        • API String ID: 1341478452-3593831657
        • Opcode ID: dc6009527168095843866eaaf619f3e053dfdf5db9e689f30cdf5326821c49a3
        • Instruction ID: e07ae50c816969588ea5211ed06faa446e267d880994c0338d18c142cd670914
        • Opcode Fuzzy Hash: dc6009527168095843866eaaf619f3e053dfdf5db9e689f30cdf5326821c49a3
        • Instruction Fuzzy Hash: 15E0488656E3C21ED747223519650996F7048539A430A11E3D1C4DE0FBD49D590EC337
        Uniqueness

        Uniqueness Score: -1.00%

        Non-executed Functions

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID: sye$iLA$iLA
        • API String ID: 0-2423288640
        • Opcode ID: 5703404acea45211da8436f141363ef7001bde327d4328c59d1b084fd015e03a
        • Instruction ID: b45ba92870854c99b1ceb07c0b1578b61c06c28caf639dca96ef2d165b5890a6
        • Opcode Fuzzy Hash: 5703404acea45211da8436f141363ef7001bde327d4328c59d1b084fd015e03a
        • Instruction Fuzzy Hash: 6352FFB1608349DFDB249F34CD893EABBB2FF55350F65412EDC8A9B210D33899858B42
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID: sye$iLA
        • API String ID: 0-4198868790
        • Opcode ID: 1581a05f05bf7d4ddb6447543cd3c5a4986700cf26cce922b3556e76a90aa833
        • Instruction ID: 097609c9790225288d8be503fbd81fa5a600f85d93da8178cea38d1c8bbad61b
        • Opcode Fuzzy Hash: 1581a05f05bf7d4ddb6447543cd3c5a4986700cf26cce922b3556e76a90aa833
        • Instruction Fuzzy Hash: BFB264B160834ADFDB345E68C9887EA77B2FF55350F65412EEC8A9B301D3798981CB42
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID: sye$iLA
        • API String ID: 0-4198868790
        • Opcode ID: f69ee295cecedb99c2c764419e1c9317cf8eec17960dedaf60eb98e5b0dcc420
        • Instruction ID: 77379b0816670daea60a5e6a99238c63955b2d77b073252c9f1654de6b876f41
        • Opcode Fuzzy Hash: f69ee295cecedb99c2c764419e1c9317cf8eec17960dedaf60eb98e5b0dcc420
        • Instruction Fuzzy Hash: E562FFB1608349DFDB259F34CC897EA7BB2FF55350F65412EEC8A9B210D33989858B42
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID: sye$iLA
        • API String ID: 0-4198868790
        • Opcode ID: 1cd322c6323b31a79ac9d6e67bae6542e1ad24c38387d5b9ef0cb805fbd29300
        • Instruction ID: bc0f254f33d68946e2cc1928fbddd3cb4ebf7d67f02dce336619d5eed574aa66
        • Opcode Fuzzy Hash: 1cd322c6323b31a79ac9d6e67bae6542e1ad24c38387d5b9ef0cb805fbd29300
        • Instruction Fuzzy Hash: 9652FFB1604349DFDB249E34CD893EABBB2FF55350F65812EDC8A9B210D3789985CB42
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID: sye$iLA
        • API String ID: 0-4198868790
        • Opcode ID: 1f5564fd0a03fffb66bd1e15e8681a5eb046b0ab59aaabebf814e5fbe02874e2
        • Instruction ID: 261b843efade687ebbaa8e5cddfd63e9d429f033999454b56cc73eaa5d117b4d
        • Opcode Fuzzy Hash: 1f5564fd0a03fffb66bd1e15e8681a5eb046b0ab59aaabebf814e5fbe02874e2
        • Instruction Fuzzy Hash: D552F0B1604349DFDB249E34CD893EABBB2FF55350F65812EDC8A9B210D3789985CB42
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID: sye$iLA
        • API String ID: 0-4198868790
        • Opcode ID: 48008e1b3688ea7207d5ae7b7205ae8627bb8a82695a9c5eb4ed64b72143500f
        • Instruction ID: 2a1c53817c884061eb5f38b9b16738a2419237c9ada2a73f90ef06d728b98b95
        • Opcode Fuzzy Hash: 48008e1b3688ea7207d5ae7b7205ae8627bb8a82695a9c5eb4ed64b72143500f
        • Instruction Fuzzy Hash: 2C42F0B1608349DFDB249E34CD493EABBB2FF55350F65812EDC8A9B210D3789985CB42
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID: sye$iLA
        • API String ID: 0-4198868790
        • Opcode ID: 4199da1c69c6e636ec9deb76f177bebc46d785fab2f70a1785068b24627e67e8
        • Instruction ID: dbef7a68f230c572eeb54f1e65ff67c1ce5530be68aa0461c25f76abc7321a32
        • Opcode Fuzzy Hash: 4199da1c69c6e636ec9deb76f177bebc46d785fab2f70a1785068b24627e67e8
        • Instruction Fuzzy Hash: 7542FFB1604349DFDB249E34CD893EABBB2FF55350F65812EDC8A9B210D3789985CB42
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID: sye$iLA
        • API String ID: 0-4198868790
        • Opcode ID: 495cbee90e19c475694cb4c5575958c8afcf54cb1604f9b8cc20989aeace67e3
        • Instruction ID: 2a572915b488abff2f73bbd6a3592af45cf875206cc00107956ab0fdd5489368
        • Opcode Fuzzy Hash: 495cbee90e19c475694cb4c5575958c8afcf54cb1604f9b8cc20989aeace67e3
        • Instruction Fuzzy Hash: D542EEB1608349DFDB259E34CD593EA7BB2FF55350F65812EDC8A9B210D3388985CB42
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID: sye$iLA
        • API String ID: 0-4198868790
        • Opcode ID: 42643703566d4fb96f328a75620471fd002dc747e1b6157641cf019e4e21a1d7
        • Instruction ID: b81ec23b7ce54abbbdc7829d0d7d2cecb403481a1496f0c6d318702bd619959d
        • Opcode Fuzzy Hash: 42643703566d4fb96f328a75620471fd002dc747e1b6157641cf019e4e21a1d7
        • Instruction Fuzzy Hash: C7320FB1604349DFDB259F24CD893EA7BB2FF55350F65812EDC8A9B210D3389985CB42
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID: sye$iLA
        • API String ID: 0-4198868790
        • Opcode ID: a38e7fcabb8d0c0a662ca840fa764930006c11f83ce0711e5d7e839099fa5363
        • Instruction ID: 1cd53d37102b47e9c0305b509e42a1cf37d874bdfc4be63bd4f5aca3112d4b6e
        • Opcode Fuzzy Hash: a38e7fcabb8d0c0a662ca840fa764930006c11f83ce0711e5d7e839099fa5363
        • Instruction Fuzzy Hash: A03211B1604349DFDB259F24CD893EA7BB2FF55350F65812EDC8A9B210D3388A85CB42
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID: sye$iLA
        • API String ID: 0-4198868790
        • Opcode ID: 8876511e6de78d560457c3ea7a9cd310f0a3bbe46195fa7dac43c592fe6e185b
        • Instruction ID: 3f8815aa6754748971ef09d158adf9b21ab36e725f247ed3e6b72104d67fb8fd
        • Opcode Fuzzy Hash: 8876511e6de78d560457c3ea7a9cd310f0a3bbe46195fa7dac43c592fe6e185b
        • Instruction Fuzzy Hash: 243221B1608345DFDB259F24CC893EA7BB2FF55350F65852EDC8A9B210D3388981CB42
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID: sye$iLA
        • API String ID: 0-4198868790
        • Opcode ID: 6ec429bf67412486600e75ff4e6135a8d9cced95c532a7431d2dd077f8b0e515
        • Instruction ID: b74cad7b10f0acfb6e980cfe5efaa79424892806ce3650323dccc121245c10cd
        • Opcode Fuzzy Hash: 6ec429bf67412486600e75ff4e6135a8d9cced95c532a7431d2dd077f8b0e515
        • Instruction Fuzzy Hash: 2F3220B1604349DFDB249F24CD997EA7BB2FF55350F65812EDC8A9B210D3388A81CB42
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID: sye$iLA
        • API String ID: 0-4198868790
        • Opcode ID: 0fd60ab4a2aace1711aa3d1dcaf873012234def86b982bbd7ede8c6e1e308ac1
        • Instruction ID: 0fa9c9f7a62ae133da07976ff4cb3d03fee46d86f7d2f3bb483ebfd48523585d
        • Opcode Fuzzy Hash: 0fd60ab4a2aace1711aa3d1dcaf873012234def86b982bbd7ede8c6e1e308ac1
        • Instruction Fuzzy Hash: 702210B1604349DFDB249F24CD997EA7BB2FF55350F65812EEC8A9B210D3398981CB42
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID: sye$iLA
        • API String ID: 0-4198868790
        • Opcode ID: dfa49015ff0c006b3767d4848247afcd41586ff74f4198359e6147384c748e72
        • Instruction ID: c3f1423e1bf3c0f17e4c5905fd49a1fbf6a759bb2a11eb093928a83f77077c16
        • Opcode Fuzzy Hash: dfa49015ff0c006b3767d4848247afcd41586ff74f4198359e6147384c748e72
        • Instruction Fuzzy Hash: 43221FB160434ADFDB249F24CD993EABBB2FF55350F55812EDC8A9B210D3398991CB42
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID: sye$iLA
        • API String ID: 0-4198868790
        • Opcode ID: 994fc0a6a41b18d8c82db04a408f273b9e0f98981913b7d81bec92d06e6119fe
        • Instruction ID: 6ead0e36145870ac1be0e88e8033f1ed9836dce47d7d8544f726c2469c44e4b4
        • Opcode Fuzzy Hash: 994fc0a6a41b18d8c82db04a408f273b9e0f98981913b7d81bec92d06e6119fe
        • Instruction Fuzzy Hash: 64222FB560434ADFDB249F24CD993EA7BB1FF55350F65822EDC8A9B210D3398981CB42
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID: sye$iLA
        • API String ID: 0-4198868790
        • Opcode ID: 5423882b2aaa773de18e37d7b09c377efc28c741467166150cd2f2aa3e8b6d1a
        • Instruction ID: 22deb96e5bc79aa9758d0ceaddf16bf34d9cda213b72b2c73258c22c6002b8fc
        • Opcode Fuzzy Hash: 5423882b2aaa773de18e37d7b09c377efc28c741467166150cd2f2aa3e8b6d1a
        • Instruction Fuzzy Hash: 36220EB160434ADFDB249F24CD993EABBB2FF55350F55812EDC8A9B210D3398991CB42
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID: sye$iLA
        • API String ID: 0-4198868790
        • Opcode ID: 2dc40c0541a5977c0574c3f1c8179d66e3e431e359b19138a1f1c87cd5edc3e4
        • Instruction ID: 5189f8881d57a75c5a6c72a76f5d072b6875d0e09cb81734daa442b540fa01d7
        • Opcode Fuzzy Hash: 2dc40c0541a5977c0574c3f1c8179d66e3e431e359b19138a1f1c87cd5edc3e4
        • Instruction Fuzzy Hash: BB121FB160434ADFDB249F24CD993EABBB2FF55350F55812EDC8A9B210D3398991CB42
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID: jNB$rRD~
        • API String ID: 0-151226946
        • Opcode ID: bce78c0003c6fe8f655b3f542a5016f70d718211e299c2d6cc67073f9087a68a
        • Instruction ID: 56838302c6ffc65935da14e0f7de706a4c65d3c9e0d20d293155fc31f3a5e3b5
        • Opcode Fuzzy Hash: bce78c0003c6fe8f655b3f542a5016f70d718211e299c2d6cc67073f9087a68a
        • Instruction Fuzzy Hash: D3912275608346CFDB34AE24C9957EA77B6AFA4350F95442FEC8A97305D3348A83CB12
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID: jNB$rRD~
        • API String ID: 0-151226946
        • Opcode ID: 5b43911aa763eefeb6bb6f5f6a90b2d85f19dc5f780fcab6db8ee1b2306131b4
        • Instruction ID: 1cb397a6140ae52b5bcf5b0931ba524f2aefedb8f7c070fe6b3e4c89a90d8c33
        • Opcode Fuzzy Hash: 5b43911aa763eefeb6bb6f5f6a90b2d85f19dc5f780fcab6db8ee1b2306131b4
        • Instruction Fuzzy Hash: FB713175604346CFDB34AE34C8A57EAB7B6EF65350F95442EDD8AA7711C3348A82CB02
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID: jNB$rRD~
        • API String ID: 0-151226946
        • Opcode ID: 1a7d295724f7860d491580640e73f0302b5178c80b70bfe1c7f5a3cb3e28f9a9
        • Instruction ID: 185b6444632b11ae60f5175928c6a3c97e3d0d3dfb2606207efe0d7f09ed3916
        • Opcode Fuzzy Hash: 1a7d295724f7860d491580640e73f0302b5178c80b70bfe1c7f5a3cb3e28f9a9
        • Instruction Fuzzy Hash: 50613275604346CFDB34AE34C8A57EA77B6EF64350FA5402FDD89A7716C3349A828B02
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID: ZZZ9$f
        • API String ID: 0-3024570698
        • Opcode ID: cee7b0fb7dd9fc6af76c8eb60c253d5f60741b9e8ff60f995b08b424fa748f68
        • Instruction ID: e6ab4e446e125d07e2a039737cbab00695b184947f956321f0f34bd7e06bd724
        • Opcode Fuzzy Hash: cee7b0fb7dd9fc6af76c8eb60c253d5f60741b9e8ff60f995b08b424fa748f68
        • Instruction Fuzzy Hash: C05156B5504245DFCB389E78C9157EA37B6AF65360F94411FEC8AA7310D734CA828B53
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID: jNB$rRD~
        • API String ID: 0-151226946
        • Opcode ID: 02423fb02e40f48025f1f71e59f25fe7c30d86cb35830e4b6d50f6dc0e26e4bc
        • Instruction ID: 6d8e2368024673e1d321880d22dd6a9283ac5971138e1d679de0dd0e73df4c39
        • Opcode Fuzzy Hash: 02423fb02e40f48025f1f71e59f25fe7c30d86cb35830e4b6d50f6dc0e26e4bc
        • Instruction Fuzzy Hash: B5512275204346CFDB349E24C8A07EA77B6FFA8350FA4402EDD9997316C3348A828B02
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID: iLA
        • API String ID: 0-827228374
        • Opcode ID: def2e3c53db17784c1d8c4ec667d0852b7da00adb31baf3f81733e98cfec87b5
        • Instruction ID: 1e387f97a088e8f4dcd5895eab0a604c5e29990b6ddc5fe26796b0be766aab3a
        • Opcode Fuzzy Hash: def2e3c53db17784c1d8c4ec667d0852b7da00adb31baf3f81733e98cfec87b5
        • Instruction Fuzzy Hash: 6932BB7170474ADFDB24CE28CD90BDAB7B2BF59350F54822ADC898B341D738A946CB91
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID: sye
        • API String ID: 0-3712150053
        • Opcode ID: afe579209142ee4eba1e89698d0d7eea4196e3192a1a0de1df52c7672c4dac1a
        • Instruction ID: 24031cf0d945ed7c652e59a867c47650bf298dfc768631c5defc64ed5996e991
        • Opcode Fuzzy Hash: afe579209142ee4eba1e89698d0d7eea4196e3192a1a0de1df52c7672c4dac1a
        • Instruction Fuzzy Hash: 5D121EB160434ADFDB249F24C9993EABBB2FF55350F55812EDC8A9B210D3398991CB42
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID: sye
        • API String ID: 0-3712150053
        • Opcode ID: 7fb20b43f2622c2b4fbb5c77ff4bb34563cab2c7d80415ab97445c528127267c
        • Instruction ID: c59a9503352aa269daf4ad37f442de841d16605f13f1217256bbc765d1263d37
        • Opcode Fuzzy Hash: 7fb20b43f2622c2b4fbb5c77ff4bb34563cab2c7d80415ab97445c528127267c
        • Instruction Fuzzy Hash: E2022FB160434ADFDB249F24CC997EA7BB1FF55350F55812EDC8A9B210D3398991CB42
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID: sye
        • API String ID: 0-3712150053
        • Opcode ID: d2b3880bc20d27d6a44921c571f894233655d7ada6e07b6c754ca0939eaec259
        • Instruction ID: e47b59462d6ba43e6af2bb380722a6ae6b62507cc4c553d84aa240b7c22c9725
        • Opcode Fuzzy Hash: d2b3880bc20d27d6a44921c571f894233655d7ada6e07b6c754ca0939eaec259
        • Instruction Fuzzy Hash: 73021DB120434ADFDB249F24C8997EA7BB2FF55340F55812EDC8A9B210D3398A91CB42
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID: sye
        • API String ID: 0-3712150053
        • Opcode ID: 14491b35308aa87440631f37d2af4d0b1c2200ae0ac781f3ba5f6b850093fc1c
        • Instruction ID: d43b5a908dd3bc312d32715a889a314cc3060a32d3cf021f08745027623270c9
        • Opcode Fuzzy Hash: 14491b35308aa87440631f37d2af4d0b1c2200ae0ac781f3ba5f6b850093fc1c
        • Instruction Fuzzy Hash: 5E022EB160438ADFDB249F24CC997EA7BB2FF55350F55812EDC8A8B210D7398991CB42
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID: sye
        • API String ID: 0-3712150053
        • Opcode ID: ec1fbc2e7034e383147b1b7e1c23b6ac507bf9a654468962ab9ef5982854a2df
        • Instruction ID: e8ec0d3c0c0c147bf74f2b6735adc0ed84c2c3775084f1524204f6eafd80dcf2
        • Opcode Fuzzy Hash: ec1fbc2e7034e383147b1b7e1c23b6ac507bf9a654468962ab9ef5982854a2df
        • Instruction Fuzzy Hash: D5F10DB1604349DFDF24AE25CC997EA7BB2FF55340F55812EDC8A8B210D7398A81DB42
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID: ZZZ9
        • API String ID: 0-4220429930
        • Opcode ID: 006a39f69373c81dcfe90952195cbfa9a28fad6bc5405b561708813611c6dfa3
        • Instruction ID: 1ea3ec5f451204f83a837318d3b576646fe2ef55e4bbd3b84f21e3a97e647e9d
        • Opcode Fuzzy Hash: 006a39f69373c81dcfe90952195cbfa9a28fad6bc5405b561708813611c6dfa3
        • Instruction Fuzzy Hash: 07818775608241DFCB38AE78C9447E977B6EF55350F94412FEC8A9B340D3388A82CB52
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID: ZZZ9
        • API String ID: 0-4220429930
        • Opcode ID: 23f04a7ecb46fb441e7909e6eb0dd867fc5b222f1a27e3196b12be3b3f759d72
        • Instruction ID: a0cf6ade33e44595ff691d1c62b30a357227a0b1165b6956189c9e104cf1af01
        • Opcode Fuzzy Hash: 23f04a7ecb46fb441e7909e6eb0dd867fc5b222f1a27e3196b12be3b3f759d72
        • Instruction Fuzzy Hash: B65166B55042418FCB359E78C9547EA37B6AF65350FD4801FEC8AAB350D3388A82CB03
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID: iLA
        • API String ID: 0-827228374
        • Opcode ID: 068cab1bf896ac6d01c9f9946ba1d923176afcc1b45d4b352f8b10575e69f0eb
        • Instruction ID: 9603297256e0447aac0ab415c43919c5d693dc46699e1abad48dd7d2f2d36e45
        • Opcode Fuzzy Hash: 068cab1bf896ac6d01c9f9946ba1d923176afcc1b45d4b352f8b10575e69f0eb
        • Instruction Fuzzy Hash: 04513631148305DFDB286E38C5A43BA26B6EF92324F65552FCE838B758D72CD8819B53
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID: iLA
        • API String ID: 0-827228374
        • Opcode ID: 6b4d20c3dd81ad9e99f301429dc2cb2d13e5ec43fa8398642082b2074ebbb326
        • Instruction ID: 92c33be602019e96958a9a4917efe43e6923f429580dc96023e4299703552d9a
        • Opcode Fuzzy Hash: 6b4d20c3dd81ad9e99f301429dc2cb2d13e5ec43fa8398642082b2074ebbb326
        • Instruction Fuzzy Hash: 20313571259300DFCB689E288991BEA77B6EF85350F518A1FDC8A8B284D7344E818B57
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: daf1889e946ebcacd8366b68a9de93516eeb6090dc6fd4b7a9f6529589272a36
        • Instruction ID: 07f0a2fcce62d40ff00c521a3aeedbb1028379ce6aab9efc614f9e280d9fd969
        • Opcode Fuzzy Hash: daf1889e946ebcacd8366b68a9de93516eeb6090dc6fd4b7a9f6529589272a36
        • Instruction Fuzzy Hash: 55F1CC7160830ADBDF352E28C9547EE37B7AF92360FA1412FDC8A97305D7798A80C652
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 214a3015c4b5587e1438a104342c5f7f9530e52ef2ac98604dd3c477e83d1fa8
        • Instruction ID: 1e52ac46f11698c1777e455987b127b27ebf3e3fdffe0bfc1240da2f6053c58c
        • Opcode Fuzzy Hash: 214a3015c4b5587e1438a104342c5f7f9530e52ef2ac98604dd3c477e83d1fa8
        • Instruction Fuzzy Hash: 7FE1CDB1608306DBDB352E68C9587EE37B7AF92360F61412FDC8A97305D7798A80C652
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 0f369208545d5dd3b94e9fe18157ba62d947e6fdbff90f6d60812e5bffa98eab
        • Instruction ID: 5273aa1723ccd93b20ff2d1c3a87f85a02ec36b134472f19eb7f0f58fb3cb8a0
        • Opcode Fuzzy Hash: 0f369208545d5dd3b94e9fe18157ba62d947e6fdbff90f6d60812e5bffa98eab
        • Instruction Fuzzy Hash: A8E1CDB1608306DBDF352E68C9587EE3777AF92360F61402FDC8AA7305D7798A80C652
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 41f33147ea684efad9dd6c4e21113a9ef1a018542f44eaa5d68adffcfe9ca1d4
        • Instruction ID: 126ec8d106f1ef9062437faef8bb8688efc768918a3db5954ff9d045649818a0
        • Opcode Fuzzy Hash: 41f33147ea684efad9dd6c4e21113a9ef1a018542f44eaa5d68adffcfe9ca1d4
        • Instruction Fuzzy Hash: 35D1AEB1608306DBDF352E68C9587EE37B7AF96360F61402FDC8AA7305D7798A40C652
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: d3cd4f1859b1222db2eb71707217b98796c1f12a13106a52034ecb8d4ca697cb
        • Instruction ID: c1f712c0c5b09988db0b1f8772442d4a7202746bda6ccc7f090faddceceeb180
        • Opcode Fuzzy Hash: d3cd4f1859b1222db2eb71707217b98796c1f12a13106a52034ecb8d4ca697cb
        • Instruction Fuzzy Hash: 79F10DB1604349DFDF24AE24CC997EA77B2FF54340F55812EDC8A9B210D7398A81DB42
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 18323a601538fb5efdc09927d67656634dfcde48431b7d542fc580ac7deeb162
        • Instruction ID: 85a3960ef5ef90f651c4138d91693c86287d1c58cee8e55cd815df0280e48e87
        • Opcode Fuzzy Hash: 18323a601538fb5efdc09927d67656634dfcde48431b7d542fc580ac7deeb162
        • Instruction Fuzzy Hash: D4D1ACB1608306DBDF352E68C9547EE37B7AF92360F61412FDC8AA7305D7798980C652
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 828de3522cc224e028b3304581b6024920e527a4ed2801725e90ed3cf2ad04a8
        • Instruction ID: d924d2d927b52697b365c37e075cf6099e216dca4e5cfa8ab97de493de18db20
        • Opcode Fuzzy Hash: 828de3522cc224e028b3304581b6024920e527a4ed2801725e90ed3cf2ad04a8
        • Instruction Fuzzy Hash: 45D1C0B1608306DBDF362E64C9547EA3777AFA2360F61412FDC8AA7306D7798A40C752
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: ab16e774f66b7ed8fdd28c1eedf8dafd9157637aa10a9a8f21a1b0703379f5dc
        • Instruction ID: c03333c91c4f6b18b876f09e7a4fba5d76a7cd7cfd6f81e8c26c9459aa879410
        • Opcode Fuzzy Hash: ab16e774f66b7ed8fdd28c1eedf8dafd9157637aa10a9a8f21a1b0703379f5dc
        • Instruction Fuzzy Hash: E1F1FDB1604389DFDF24AE25CC997EA77B2FF58340F55812EECCA9B210D73949819B02
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 43a6af36ba84cc6d674ca422790b334714b9dae91c05e64332e13a866cf95b0a
        • Instruction ID: 6d9e57094ec0cb6b5f68f41402eba9ae88875f9ae84678cfbbf557f72c4bc65a
        • Opcode Fuzzy Hash: 43a6af36ba84cc6d674ca422790b334714b9dae91c05e64332e13a866cf95b0a
        • Instruction Fuzzy Hash: 1DD1ADB1608306DBDF352E68CA547EE37B7AF92360F61412FDC8AA7305D7798980C652
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 2a4930881562a42fecb59459d615b07a66eb03cc69b8177b01da8cd3c0d13451
        • Instruction ID: 76407c2a44562afbd3af12ef3b37b599f76f7575adc0c7856bd23be3737136f6
        • Opcode Fuzzy Hash: 2a4930881562a42fecb59459d615b07a66eb03cc69b8177b01da8cd3c0d13451
        • Instruction Fuzzy Hash: 00D1BEB1608306DBDF352E68C9547EE3777AF92360F61412FDC8AA7305D7798980C652
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 20dd0e0149cbe9578f89ead8a8ec2916885751fb2b21c3c3cf5e8c0afe7cb5f4
        • Instruction ID: b9eeeda340da230244b025bd040416a51a0de9bc7bec0546a55ddb838ff8da7b
        • Opcode Fuzzy Hash: 20dd0e0149cbe9578f89ead8a8ec2916885751fb2b21c3c3cf5e8c0afe7cb5f4
        • Instruction Fuzzy Hash: 9BE1EEB170474ADFDB24CF28C890BDAB7B6BF59300F54422ADC9887341D778AA56CB91
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 3f6fee132d3d05a36d67412da8b083f174f23753d53d5d2bdcc07e78573383a6
        • Instruction ID: c7c57199d6f588ff4344f0351eccee44a5045857bdd19427dbbdeef091e74117
        • Opcode Fuzzy Hash: 3f6fee132d3d05a36d67412da8b083f174f23753d53d5d2bdcc07e78573383a6
        • Instruction Fuzzy Hash: 29E1FFB1504389DFDF34AE24CC997EA77B2FF59340F55802EED8A9B210D7794A819B02
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: ac4484a839c76f025f9e89c963707b56a2189ccb7496c9091bb1ca58d8242b25
        • Instruction ID: d8317a2fdbb0ad373bb998963efa6c2ed5bf7ee250a3e93ee1928c37adf357bb
        • Opcode Fuzzy Hash: ac4484a839c76f025f9e89c963707b56a2189ccb7496c9091bb1ca58d8242b25
        • Instruction Fuzzy Hash: 16C1E0B1608305DBDF352E64C9547EA3777AFA2360F61412FDC8AA7305D7798A40C652
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 7400c36840548ce105873cd7f7b3eb25a25316b0dd19d0be2952697989fd5f19
        • Instruction ID: 6423d8b59595bd094c97dbff1d19296312b47740369e5332632c1311e0a2aabb
        • Opcode Fuzzy Hash: 7400c36840548ce105873cd7f7b3eb25a25316b0dd19d0be2952697989fd5f19
        • Instruction Fuzzy Hash: 71C1BEB1608305DBDF352E64C9147EA37B7EFA6360FA1412FDC8AA7305D7798A40C652
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: faebdfc027a9bd373884886c98a7a7454081a1e57cf2faedc950dbfd9f6d029f
        • Instruction ID: 56633db5215164fdd76952ffd37c4f0b9e055ace76176891d565d747df966694
        • Opcode Fuzzy Hash: faebdfc027a9bd373884886c98a7a7454081a1e57cf2faedc950dbfd9f6d029f
        • Instruction Fuzzy Hash: 41E10EB5504389DFDF24AE25CC997EA37B2FF58340F55402EECCA9B210D7794A819B02
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: c97467cb180e315778d7f9f18bf412ad5d57ac42f1cf59fc7a907de123561cb6
        • Instruction ID: 2ed6ae1ff01e449232683914a9e28676c1e5c075d78c8fff55058a65b8146236
        • Opcode Fuzzy Hash: c97467cb180e315778d7f9f18bf412ad5d57ac42f1cf59fc7a907de123561cb6
        • Instruction Fuzzy Hash: 0AE1EE7170474ADFDB28CF28C890BDAB7B6BF59300F54822ADC9887341D774AA56CB91
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: ca05d03227173c1ad4ecaf2050d31a7653d1f5818372626a87809d197ff82ebd
        • Instruction ID: 7864651297cf42307178d54a9e58b1ba59edabe308a6c17cdfb4845ec4fa3b2d
        • Opcode Fuzzy Hash: ca05d03227173c1ad4ecaf2050d31a7653d1f5818372626a87809d197ff82ebd
        • Instruction Fuzzy Hash: B1B1B0B1608305DBDF362E64C9147EA3777EFA6360F61402FDC8AA7306E7798A40C652
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: ca4f16f03449a8bf464d69b88993503e2600690e4ff7853bdb35c403a743fe12
        • Instruction ID: 435b5c6867def5c52230216b4c936411f60f04b72eb4f0fdcc91eea218377a0e
        • Opcode Fuzzy Hash: ca4f16f03449a8bf464d69b88993503e2600690e4ff7853bdb35c403a743fe12
        • Instruction Fuzzy Hash: 55D1FE7170474ADFDB28CF28C890BDAB7B6BF59300F54422ADC9887341D774AA56CB91
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: ec344c74e648b3946dd24350eb09b331b21441490e34eb983ffd56b0631b393f
        • Instruction ID: 173b7af28afe0eeb70f9dd675587227b255adf016008117aeaf1dba0041e34a5
        • Opcode Fuzzy Hash: ec344c74e648b3946dd24350eb09b331b21441490e34eb983ffd56b0631b393f
        • Instruction Fuzzy Hash: 98D11FB5504389DFDF25AE24CC997EA37B2FF58340F55812EECCA9B210D7794A819B02
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 1b432a78ff27a0d121580bb2276dbfdee11b5668e8caa04b53ff71a597f2c124
        • Instruction ID: 035f44c95f2cda2ad02b74a94cd0fcd41fe3badd17f4d57946e2bbd42a7b4580
        • Opcode Fuzzy Hash: 1b432a78ff27a0d121580bb2276dbfdee11b5668e8caa04b53ff71a597f2c124
        • Instruction Fuzzy Hash: CBB1B0B1608306DBDF362E54C9147EA3777EFA6360F61412FDC8AA7306E7798A40C652
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: c1ca311332219798065d4d9e8679fb1579100b055b555448d7d3024c418cdf8a
        • Instruction ID: 71591e4b5c6ba2b6e810085420b25f71cf2ff61c48c20808cbc7904cc5696c71
        • Opcode Fuzzy Hash: c1ca311332219798065d4d9e8679fb1579100b055b555448d7d3024c418cdf8a
        • Instruction Fuzzy Hash: 8BC100B5504389DFDF35AE24CC987EA37B2FF59340F55812EED8A9B210D73949819B02
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 12a0bb67cc013886f913424ea5059e9561b8152a8333ad3a5ae8efcdeb5b3508
        • Instruction ID: 02013fba40520367ae84fc1b009306593177a305cc1a821834783ae5d9c19755
        • Opcode Fuzzy Hash: 12a0bb67cc013886f913424ea5059e9561b8152a8333ad3a5ae8efcdeb5b3508
        • Instruction Fuzzy Hash: 4AC1DDB170474A9FDB28CE28C890BDAB7B6BF59300F54422ADC9887341D774AA56CB91
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: d3973fbd7aa069f107f76cbb9e4f95ec1a173692a55ee8752352f86212dc173d
        • Instruction ID: ec0b8ce6255b769b7f52a4c2024d027671dc3502a210debac36b3daf8577b90a
        • Opcode Fuzzy Hash: d3973fbd7aa069f107f76cbb9e4f95ec1a173692a55ee8752352f86212dc173d
        • Instruction Fuzzy Hash: 98C10EB5504389DFDF359E24CC987EA37B2FF58340F55812AED8A9B310D73989818B42
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 4ed29b1cc402e2fed377dd8e253f6e30a68936592c35a61bed3501bde3f96ae3
        • Instruction ID: e7996e55daded37661a8ee310fafda9435ebf9c3190a41246f30eb28c371b016
        • Opcode Fuzzy Hash: 4ed29b1cc402e2fed377dd8e253f6e30a68936592c35a61bed3501bde3f96ae3
        • Instruction Fuzzy Hash: 07C1EDB170474ADFDB24CE28CC94BDAB7B6BF59300F54822ADC9887341D7749A86CB91
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 29c84eef3b8d42073057b65b3ab63417078550628564bc7440a6ef1760a23f5b
        • Instruction ID: 1309df8ab7f125991e3c6eab8ee811803747d6540e5aa7cfe8036ee82a68e79d
        • Opcode Fuzzy Hash: 29c84eef3b8d42073057b65b3ab63417078550628564bc7440a6ef1760a23f5b
        • Instruction Fuzzy Hash: CC91DFB1608305ABDF392E68C9147EA37B3AF62360F61401FDC86A7306D7798A80C613
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 16ef87ff0c8d6de7f888f31e637f78697ad4776f00a0ceedc374eab8483427e6
        • Instruction ID: f893afe8fba8e78a4bc7e31f61ad918d17720949a3b16af75a248ce1b22091ab
        • Opcode Fuzzy Hash: 16ef87ff0c8d6de7f888f31e637f78697ad4776f00a0ceedc374eab8483427e6
        • Instruction Fuzzy Hash: EBB120B5104389DFDF359E24CC987EA37B2FF59380F55812AED8A9B210D7394A81DB42
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 0ebdc99c1a3af53ce4b988a54ceaff5c7db347d7e2ec442f9901909caf05446e
        • Instruction ID: 96049e50fa7d2ef5522ad72f52cd49fd7fb8382822697f98560117d21001a92f
        • Opcode Fuzzy Hash: 0ebdc99c1a3af53ce4b988a54ceaff5c7db347d7e2ec442f9901909caf05446e
        • Instruction Fuzzy Hash: AEB1FEB1704749DFDB24CE28CC94BDAB7B6BF59310F55422ADC888B341D3749A86CB91
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 1ecdd89e49db3c1f547da02484ace40c273194b013f8e9b6c95648ef65fff041
        • Instruction ID: b3b25e2e22bddcb2b5da9d3a68d248db1e60a1413cd00e66da25d2095d2d7aef
        • Opcode Fuzzy Hash: 1ecdd89e49db3c1f547da02484ace40c273194b013f8e9b6c95648ef65fff041
        • Instruction Fuzzy Hash: 29A10FB5104389DFDF35AE24CC987EA37B2FF59380F55812AED8A9B210D7394A81CB41
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 0299e524907f17493734e68b5f7ff77382e87600c2ee049ae38bfd480960207a
        • Instruction ID: aa978cf9725effb8912017a6c89219dc4092438de1afa8b14bf9f6c6db045586
        • Opcode Fuzzy Hash: 0299e524907f17493734e68b5f7ff77382e87600c2ee049ae38bfd480960207a
        • Instruction Fuzzy Hash: E281C0B1608305ABDF392E68C9547EA37B7AF66360F61401FDC86A7346D7798A80C613
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 6b4a4cc5ed256e3fe654803fa8983f857c58688571393372fa56b2c424d8b1dc
        • Instruction ID: 64909497ecff3ce4ea4c85d457a7f92311f5132c9c8ac2e177878e8ee615605e
        • Opcode Fuzzy Hash: 6b4a4cc5ed256e3fe654803fa8983f857c58688571393372fa56b2c424d8b1dc
        • Instruction Fuzzy Hash: 589120B5104389DFDF35AE24CD987EA37B2FF59380F55812AED8A9B210C7394A859B01
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 0e23332ec59545622acbc2a3e506e80c85c5ea938db448d790dfa83ab0880c65
        • Instruction ID: 9909ae0b412e80e0b2fb4db96b18878dfab7885f424d3d7e39145681e5005e92
        • Opcode Fuzzy Hash: 0e23332ec59545622acbc2a3e506e80c85c5ea938db448d790dfa83ab0880c65
        • Instruction Fuzzy Hash: 17719F71608305EBDF392E58C9547EA32B7AF52360FA1405FDC86A7345E7798A81C613
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 303bf016858d39f872fa761c7702d5b34bb00a06683cb3d2e7a726179efe170a
        • Instruction ID: 4f3a84336d6bb7fecbfdc5532568c440f3498138f69c64bf2bfee73ac26f5e5e
        • Opcode Fuzzy Hash: 303bf016858d39f872fa761c7702d5b34bb00a06683cb3d2e7a726179efe170a
        • Instruction Fuzzy Hash: A0911FB5104389DFCF35AE24CD987EA3BB2FF59380F55812AED8A9B210D7394985CB41
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 46e694c7c25abca3cf9db66b10cd073db6f19e47e863185e95f454852d3425a7
        • Instruction ID: d67c8f1122fe5adaa5bafebe0eeabf815a92d202c99b2fa1f43ce0d0182bf365
        • Opcode Fuzzy Hash: 46e694c7c25abca3cf9db66b10cd073db6f19e47e863185e95f454852d3425a7
        • Instruction Fuzzy Hash: F58110B1104389DFDF359E64CC987DA3B72FF58380F15812AED8A9B210D73A8985DB41
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 30af9e8d7201ffc75ed67c67d2db52e9614f97bcac1b33ce96dbc66b1105a843
        • Instruction ID: 459d7185a7a8ffd454f53091253c7fe079eaf355000fd74311f95325fb1bda7d
        • Opcode Fuzzy Hash: 30af9e8d7201ffc75ed67c67d2db52e9614f97bcac1b33ce96dbc66b1105a843
        • Instruction Fuzzy Hash: 2061AF71608305EFDF392E68C5547EA32B7AF62360F61401FDC86A7346E77A8A818613
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 4eb539a7d32c4de936fa241cc0f144171840adc367ad834aa60d383ad9d6c4f4
        • Instruction ID: e1d412ee8ef04331260c666a010f71b7b605f1a8099691acb874a06b8dd0a1d0
        • Opcode Fuzzy Hash: 4eb539a7d32c4de936fa241cc0f144171840adc367ad834aa60d383ad9d6c4f4
        • Instruction Fuzzy Hash: 828110B1104389DFDF359E24CC987DA3BB2FF58380F15812AED8A9B210D73A4A85CB41
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 4574e3c61a73731a08f78f7e8a79367d7fe70bf5ef0367ed3e2c95fcdee859c8
        • Instruction ID: 0b0ead1226c58161726b31094d35b58593a139ab9cd162f8ac2b478230e4e7b8
        • Opcode Fuzzy Hash: 4574e3c61a73731a08f78f7e8a79367d7fe70bf5ef0367ed3e2c95fcdee859c8
        • Instruction Fuzzy Hash: 3251BE71608305EFCB792E68C5557EA33B3AF62360F61401FDC86A7346D77A8A818A03
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: d0a16f3f943dac81458fd164b93b24bac24ec573a9ffdb18ae152a6bab62c239
        • Instruction ID: 4890b30a30e59645895847298a189579dc132961cd660bf86618973a2201c021
        • Opcode Fuzzy Hash: d0a16f3f943dac81458fd164b93b24bac24ec573a9ffdb18ae152a6bab62c239
        • Instruction Fuzzy Hash: 377111B1104389DFDF35AE24CDA87DA3B72FF68780F54412AED8A9B310C73A59819B41
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 4cea59b2202fccafb1f301043a658156c61af9e85f837066324dd96c407aa768
        • Instruction ID: e5fcdf41f2d41257da3356bb0955f83b6bbe97d091eb0370bb75aa6eff375f91
        • Opcode Fuzzy Hash: 4cea59b2202fccafb1f301043a658156c61af9e85f837066324dd96c407aa768
        • Instruction Fuzzy Hash: 36618B7060834ADFCF359E7889E83DA37B2EF15390F99012AEC8957352D3794981CB82
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 07ca0bef8901a1fdc2a0491bd400e56730efe90cecf3cb098cfd28f51e24598d
        • Instruction ID: 827bc32e2813be505c337ede8a9ffe7330a880b7f0c3c1c3b5cc60ba323796c0
        • Opcode Fuzzy Hash: 07ca0bef8901a1fdc2a0491bd400e56730efe90cecf3cb098cfd28f51e24598d
        • Instruction Fuzzy Hash: 91617C7060834ADFCF359E7889D47DA37B2EF05390F95012AEC8957392E3794981CB42
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: b5d2a7fbd9351c7aac59ec594c1e878dfe5ed1653c8d59b2ef527d6783fe1d0a
        • Instruction ID: b9d523aa9e0bd268802aa482fe99dbf92fe4dc741ce07495a17849c1a1fce72e
        • Opcode Fuzzy Hash: b5d2a7fbd9351c7aac59ec594c1e878dfe5ed1653c8d59b2ef527d6783fe1d0a
        • Instruction Fuzzy Hash: FC51AB7064834ADFCB359E78C5A83DA37B1EF15390F99012AECC957352D3794982CB42
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 5131a92f7733888e3a1f8fae34a79ff01aa4b32fd0f5cbac94ce8cb07a6dd539
        • Instruction ID: 39971d30e46ff62f1c93293aa62d416c4d8200ee2c84b24bff9caea1f20aa354
        • Opcode Fuzzy Hash: 5131a92f7733888e3a1f8fae34a79ff01aa4b32fd0f5cbac94ce8cb07a6dd539
        • Instruction Fuzzy Hash: 50513571608245DBCB30AE64CC18BEA77B6AF98750F95012FEC8D9B351C7364A81DB52
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 26c8d09ad3b457b01b48378bc02ec76064f6c6b56e771b5c18f49192c11913d2
        • Instruction ID: 9d90322403753b6b0e4f4b6ef2cc4b4be66f66ed66caf3f95ddc168e0b27deda
        • Opcode Fuzzy Hash: 26c8d09ad3b457b01b48378bc02ec76064f6c6b56e771b5c18f49192c11913d2
        • Instruction Fuzzy Hash: 7B513371608245DBCB34AE64CC08BEE77B2AF84750FA5012FEC8D9B240C7364A81CB52
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: d3012ab4e9857421c6df37fe66f8082a4f4a389848616fec91209ba0ef43c8b8
        • Instruction ID: 202184fcdc5d384d0fc4b93cbd28bf5b072677d4150e00845ea2e43395f18dd1
        • Opcode Fuzzy Hash: d3012ab4e9857421c6df37fe66f8082a4f4a389848616fec91209ba0ef43c8b8
        • Instruction Fuzzy Hash: 6B516B7460834ADFCB359E7885E83DA37B2EF15350F99011AEDC957352D37949818B42
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 55c5632be5ef34c20b77ddd206e15870ab0331f25e8bd274ed22be69dd4e8e1b
        • Instruction ID: 06542e7be1bb933d45d7c4ea10e60fe3ee84b4f629d84595624a5dbbc930e166
        • Opcode Fuzzy Hash: 55c5632be5ef34c20b77ddd206e15870ab0331f25e8bd274ed22be69dd4e8e1b
        • Instruction Fuzzy Hash: 8951687060834AEFCB259FB889D83DA7BB2EF49350F99001AECC557252D7798981CA47
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 095b675ce1a7d12f3ef94c0fcd9880c491b63c84d434c4b2ee6283e791ab1d16
        • Instruction ID: 2300422228a6e24590bc8d57896f26676eacaf1de8258d8d5aff0193965830e5
        • Opcode Fuzzy Hash: 095b675ce1a7d12f3ef94c0fcd9880c491b63c84d434c4b2ee6283e791ab1d16
        • Instruction Fuzzy Hash: A4414331104304CFDB282E38C1A83F627B6EF61324FA9545FCE929B754D338D981AB92
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 291f326f823180f11aed675b0ac8541f0a5c16978f953aea600ee0a3dc676cf8
        • Instruction ID: e432d010bfc1cbaafaeaa102ff0b8172a721ace5babba1547068b4edb677a446
        • Opcode Fuzzy Hash: 291f326f823180f11aed675b0ac8541f0a5c16978f953aea600ee0a3dc676cf8
        • Instruction Fuzzy Hash: 2A411221148305DFEB282D38C5A43F622B5EFA1320F69556FCE939B754D72CD881A753
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 41591769cd1c728de2ef7e9629cc68da28978fe1b91369ca5f637e2da0e905c3
        • Instruction ID: 8580c7b0ae893af23705d69cdb75c8ec35cc5d2e45f4eafc68a7a8b0dd92e443
        • Opcode Fuzzy Hash: 41591769cd1c728de2ef7e9629cc68da28978fe1b91369ca5f637e2da0e905c3
        • Instruction Fuzzy Hash: 6E414431148305DFDB282E38C1A43B622B5EFA1320F69516FCA839B754D32CD880A753
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 99be300d86fc2265c73cbe19e727221d381765724885d887e7b46c2eb4b5ffc9
        • Instruction ID: f71612091abae65ae6cf86d3c46e3e6210626db62e888501d7d063bc1f5558dc
        • Opcode Fuzzy Hash: 99be300d86fc2265c73cbe19e727221d381765724885d887e7b46c2eb4b5ffc9
        • Instruction Fuzzy Hash: DE416A7460834ADFCB35AEB8C5A83DA77B2EF15390FD9012AECC457252D37949818B43
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 7c613d45c0a2e1f6d88dbd4d954e1c55a09eb8730efc241afe1c981f27a1ad54
        • Instruction ID: 027ded3a1a0ee904c5bf5f12dfba621d671401b939e6eba42b666127582b5900
        • Opcode Fuzzy Hash: 7c613d45c0a2e1f6d88dbd4d954e1c55a09eb8730efc241afe1c981f27a1ad54
        • Instruction Fuzzy Hash: C6412131114305DFEB292E38C5A83E623B6EFA1320F69555FCA929B754D328D881AB52
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: f2a3e2275ccac1d5106b52c5f52c898c5e571ef5f162047b46f4df3309c20fbd
        • Instruction ID: 178bcdc9dc2b7f488a39cb0e911372652ff5b47ae27613df96914f5f28454eba
        • Opcode Fuzzy Hash: f2a3e2275ccac1d5106b52c5f52c898c5e571ef5f162047b46f4df3309c20fbd
        • Instruction Fuzzy Hash: 36412131114305DFEB282E38C5A43F623B6EFA1320F69515FCE929B358D32CD881AB52
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: fa4e03c239ef880391fffbc43443a0d650f3acd03173eaddb82f212e8da659d8
        • Instruction ID: f5bc5c2bcaba83162465b07df6714186756de40f5dea4f047347f836e96fcc9d
        • Opcode Fuzzy Hash: fa4e03c239ef880391fffbc43443a0d650f3acd03173eaddb82f212e8da659d8
        • Instruction Fuzzy Hash: 17413635114305DFDB282E38C5A83F623B5EF61320F65555FCA929B364C3389985A753
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 9e16779c71c4ed7e80c2559981a3708d1f9ed3b98920c7ea1947dc435c010de6
        • Instruction ID: 6d8b8cfe7e282252d6b2ff9334b9201d418eb12f79930b3e4e470e55e5244b21
        • Opcode Fuzzy Hash: 9e16779c71c4ed7e80c2559981a3708d1f9ed3b98920c7ea1947dc435c010de6
        • Instruction Fuzzy Hash: 26418A7460834ADFCB356EB8C5A83DB77B2EF15390F99052AECC457252D37989818783
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 18fdba2b9247c5662d229436a93fbe3ad4996619e67f55684aaff8291cea047a
        • Instruction ID: fe346a9a7237189def742f8c156e5e653b4d5191cda5004a257bc3c1e24da292
        • Opcode Fuzzy Hash: 18fdba2b9247c5662d229436a93fbe3ad4996619e67f55684aaff8291cea047a
        • Instruction Fuzzy Hash: AE412431114305DFEB282E38C5A83A637B5EF61320F6A555FCA939B364D338D980D693
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 2679ec9196dfdffc7d19fc30dc5cafd1d65b12bfac60082423e483609d3d508b
        • Instruction ID: 04e94632307a9e21dc5fce0d96409f9da79096823f53349350736746780c17aa
        • Opcode Fuzzy Hash: 2679ec9196dfdffc7d19fc30dc5cafd1d65b12bfac60082423e483609d3d508b
        • Instruction Fuzzy Hash: C4412231104305DFEB282E38C5A83F637B5EFA1320F65655FCE929B354C33899819A92
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: df5af9b34a9963cfcaee0a8c67ee2f740e8a915422b2f1c8fecbed7bd1c64afc
        • Instruction ID: 138adc2fb015e78e6095ff9853e5382ea8058ef5ef6244e1a2f3c73a37e85228
        • Opcode Fuzzy Hash: df5af9b34a9963cfcaee0a8c67ee2f740e8a915422b2f1c8fecbed7bd1c64afc
        • Instruction Fuzzy Hash: A1318A7060838ADFCB25AFB8C4A83DA37B2EF25390F99041AECC457352D3794981D742
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 38a20d5a18d6907e6e78964e1574a493edbaf7cbd8d36e0768a7034a2ace90e0
        • Instruction ID: 2190ae9fd6bf491865f4ff6096494cb15e8b922db651e3b66d5cbd5e38d09346
        • Opcode Fuzzy Hash: 38a20d5a18d6907e6e78964e1574a493edbaf7cbd8d36e0768a7034a2ace90e0
        • Instruction Fuzzy Hash: E4F017753082019FD729DF18C6C0F9A73B1AB95750F24816AE8168B365EB38DC45DB11
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 17346b8c6afb1533a4310913632341c8134745709e8678e11818b5bd886dfb94
        • Instruction ID: b747c7f5b4916cb5601f932288da719b6690394a960311c81eb8f7834b7380c7
        • Opcode Fuzzy Hash: 17346b8c6afb1533a4310913632341c8134745709e8678e11818b5bd886dfb94
        • Instruction Fuzzy Hash: FCB092BA2416C28FEF02DE08C491B4073B0FB04A84B0904D0E442CF711D228E900CA00
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.575162168.00000000007D0000.00000040.00000001.sdmp, Offset: 007D0000, based on PE: false
        Yara matches
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: f0cd2fa4f07b17e4515b0402186e7f32880fdbfe9e53b0bd654cd23f6705b344
        • Instruction ID: 8b399288813417a48647ace071702b9cefeb61a55ecf2600d08be85ad1936ae5
        • Opcode Fuzzy Hash: f0cd2fa4f07b17e4515b0402186e7f32880fdbfe9e53b0bd654cd23f6705b344
        • Instruction Fuzzy Hash: B7B09270615640CFCA89CA08C2A0E40B3B0FB08B80F8104C1E842C7B21E328E800C900
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • #648.MSVBVM60(?), ref: 0043E958
        • __vbaFreeVar.MSVBVM60 ref: 0043E963
        • __vbaStrCmp.MSVBVM60(00407E10,00000000), ref: 0043E974
        • #645.MSVBVM60(?,00000000), ref: 0043E995
        • __vbaStrMove.MSVBVM60 ref: 0043E9A0
        • __vbaStrCmp.MSVBVM60(00407E10,00000000), ref: 0043E9AC
        • __vbaFreeStr.MSVBVM60 ref: 0043E9BE
        • __vbaFreeStr.MSVBVM60(0043EA2D), ref: 0043EA26
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.574108221.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.574090351.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.574364744.0000000000440000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.574379251.0000000000442000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: __vba$Free$#645#648Move
        • String ID: %@
        • API String ID: 2957232524-2048787947
        • Opcode ID: f20246f3a7ca9b0561f61ef1ffff1c0262240c5b117a41fdf2cca23992d788af
        • Instruction ID: 4f025f3cb46ed6ce20b85d213837a22c5bdf3b1ffcd3ad6c119196e1da7bec22
        • Opcode Fuzzy Hash: f20246f3a7ca9b0561f61ef1ffff1c0262240c5b117a41fdf2cca23992d788af
        • Instruction Fuzzy Hash: 763172B4D01209EFCB10DF95DA49AAEBBB8FF88700F20411AF911B72A0D7785945CF94
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • __vbaNew2.MSVBVM60(00404A3C,00440DC0), ref: 0043EAAD
        • __vbaHresultCheckObj.MSVBVM60(00000000,0071ED94,00404A2C,00000014), ref: 0043EAD2
        • __vbaHresultCheckObj.MSVBVM60(00000000,?,00404A4C,00000058), ref: 0043EAF6
        • __vbaVarLateMemCallLd.MSVBVM60(?,?,Value,00000000), ref: 0043EB0A
        • __vbaStrVarVal.MSVBVM60(?,00000000), ref: 0043EB18
        • #690.MSVBVM60(?,Options,Show Tips at Startup,00000000), ref: 0043EB2D
        • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0043EB3D
        • __vbaFreeObj.MSVBVM60 ref: 0043EB49
        • __vbaFreeVar.MSVBVM60 ref: 0043EB52
        • __vbaFreeVar.MSVBVM60(0043EB8F), ref: 0043EB88
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.574108221.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
        • Associated: 00000000.00000002.574090351.0000000000400000.00000002.00020000.sdmp Download File
        • Associated: 00000000.00000002.574364744.0000000000440000.00000004.00020000.sdmp Download File
        • Associated: 00000000.00000002.574379251.0000000000442000.00000002.00020000.sdmp Download File
        Similarity
        • API ID: __vba$Free$CheckHresult$#690CallLateListNew2
        • String ID: Options$Show Tips at Startup$Value
        • API String ID: 2162649039-3815377432
        • Opcode ID: 915bb5daf988063ae4b0ad1cecc9fc5657383e520aaed637eaee40b502e74a8a
        • Instruction ID: 5ef568625a191e4a34c96bac290380458015c9bd5b2d38a71ba0ed0dde704e9a
        • Opcode Fuzzy Hash: 915bb5daf988063ae4b0ad1cecc9fc5657383e520aaed637eaee40b502e74a8a
        • Instruction Fuzzy Hash: A03150B1D40208ABCB04DF95DE49EDEBBB8FF58711F14442AF541B31A0DAB8A945CB68
        Uniqueness

        Uniqueness Score: -1.00%