Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report OrdineFornitore_Nr_2021_OV_445..exe

Overview

General Information

Sample Name:OrdineFornitore_Nr_2021_OV_445..exe
Analysis ID:434868
MD5:ca5dbe288ef27fd1a4bb491a3119285f
SHA1:2de17b7906332db8828e87afd8f24aea93a9db25
SHA256:582ef41b5d92451e2ca69cba6f821731d077fae38931556f2e2e3e09c577311d
Infos:

Most interesting Screenshot:

Detection

GuLoader
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected GuLoader
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Found potential dummy code loops (likely to delay analysis)
Machine Learning detection for sample
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Detected potential crypto function
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains strange resources
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "https://drive.google.com/uc?export=download&id=1xUEBGrPlI038P_OFJ8CjCR9Fp-zTgH1u"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

    Sigma Overview

    No Sigma rule has matched

    Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Found malware configurationShow sources
    Source: OrdineFornitore_Nr_2021_OV_445..exeMalware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=download&id=1xUEBGrPlI038P_OFJ8CjCR9Fp-zTgH1u"}
    Multi AV Scanner detection for submitted fileShow sources
    Source: OrdineFornitore_Nr_2021_OV_445..exeVirustotal: Detection: 16%Perma Link
    Machine Learning detection for sampleShow sources
    Source: OrdineFornitore_Nr_2021_OV_445..exeJoe Sandbox ML: detected
    Source: OrdineFornitore_Nr_2021_OV_445..exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

    Networking:

    barindex
    C2 URLs / IPs found in malware configurationShow sources
    Source: Malware configuration extractorURLs: https://drive.google.com/uc?export=download&id=1xUEBGrPlI038P_OFJ8CjCR9Fp-zTgH1u
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeProcess Stats: CPU usage > 98%
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02246B23 NtAllocateVirtualMemory,0_2_02246B23
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02246B52 NtAllocateVirtualMemory,0_2_02246B52
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02246BA6 NtAllocateVirtualMemory,0_2_02246BA6
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02246BEF NtAllocateVirtualMemory,0_2_02246BEF
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02246C5D NtAllocateVirtualMemory,0_2_02246C5D
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02246CD3 NtAllocateVirtualMemory,0_2_02246CD3
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_004045B00_2_004045B0
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_004046140_2_00404614
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02246B230_2_02246B23
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022442360_2_02244236
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224A2370_2_0224A237
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022436070_2_02243607
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02242E120_2_02242E12
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02240A1D0_2_02240A1D
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022436760_2_02243676
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224A27D0_2_0224A27D
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224527A0_2_0224527A
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02244A410_2_02244A41
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022436580_2_02243658
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02244E5A0_2_02244E5A
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02244EA20_2_02244EA2
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224AEAA0_2_0224AEAA
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022436B30_2_022436B3
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02240A850_2_02240A85
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02242E850_2_02242E85
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022452F50_2_022452F5
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02244AD70_2_02244AD7
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02241EDA0_2_02241EDA
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224A2DA0_2_0224A2DA
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02240B230_2_02240B23
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02242F010_2_02242F01
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02244F0B0_2_02244F0B
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022437150_2_02243715
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224AF1E0_2_0224AF1E
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02242B190_2_02242B19
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224331A0_2_0224331A
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022403630_2_02240363
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224AF750_2_0224AF75
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02244F730_2_02244F73
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02244B410_2_02244B41
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224AF420_2_0224AF42
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022453520_2_02245352
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02246B520_2_02246B52
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224AF530_2_0224AF53
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022433590_2_02243359
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02246BA60_2_02246BA6
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224AFAF0_2_0224AFAF
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224A38D0_2_0224A38D
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224379A0_2_0224379A
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022433E10_2_022433E1
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224AFF60_2_0224AFF6
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022437CF0_2_022437CF
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022433D50_2_022433D5
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02244FD70_2_02244FD7
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022453DB0_2_022453DB
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02245C260_2_02245C26
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022454350_2_02245435
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022450360_2_02245036
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022408370_2_02240837
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224383A0_2_0224383A
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224B0150_2_0224B015
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022468650_2_02246865
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02244C690_2_02244C69
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224687D0_2_0224687D
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224B0790_2_0224B079
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224B0460_2_0224B046
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224344F0_2_0224344F
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224A0540_2_0224A054
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022438510_2_02243851
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224B0530_2_0224B053
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02241C5A0_2_02241C5A
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022434AF0_2_022434AF
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022454AF0_2_022454AF
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022438B20_2_022438B2
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022448B90_2_022448B9
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022448870_2_02244887
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224688A0_2_0224688A
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224A0990_2_0224A099
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022440EA0_2_022440EA
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02244CF20_2_02244CF2
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224B0FD0_2_0224B0FD
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022450C20_2_022450C2
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022450D00_2_022450D0
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022440DD0_2_022440DD
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02248CD90_2_02248CD9
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02244D260_2_02244D26
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224A1260_2_0224A126
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224492B0_2_0224492B
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022435300_2_02243530
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224353B0_2_0224353B
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224511F0_2_0224511F
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224A11B0_2_0224A11B
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022441460_2_02244146
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224A1530_2_0224A153
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02242DA50_2_02242DA5
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02242DA70_2_02242DA7
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022449AF0_2_022449AF
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224A1AA0_2_0224A1AA
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022455B60_2_022455B6
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022435BE0_2_022435BE
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022441BA0_2_022441BA
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022441920_2_02244192
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224519D0_2_0224519D
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224A1E70_2_0224A1E7
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022409E90_2_022409E9
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022449F50_2_022449F5
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022435F30_2_022435F3
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022425FE0_2_022425FE
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022441F80_2_022441F8
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022435D50_2_022435D5
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02244DD70_2_02244DD7
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224A9D20_2_0224A9D2
    Source: OrdineFornitore_Nr_2021_OV_445..exeStatic PE information: invalid certificate
    Source: OrdineFornitore_Nr_2021_OV_445..exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
    Source: OrdineFornitore_Nr_2021_OV_445..exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
    Source: OrdineFornitore_Nr_2021_OV_445..exe, 00000000.00000002.1010993148.00000000021F0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs OrdineFornitore_Nr_2021_OV_445..exe
    Source: OrdineFornitore_Nr_2021_OV_445..exe, 00000000.00000000.663081077.0000000000422000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameLATRIA.exe vs OrdineFornitore_Nr_2021_OV_445..exe
    Source: OrdineFornitore_Nr_2021_OV_445..exe, 00000000.00000002.1011075185.00000000022B0000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameLATRIA.exeFE2XTriTech International~ vs OrdineFornitore_Nr_2021_OV_445..exe
    Source: OrdineFornitore_Nr_2021_OV_445..exeBinary or memory string: OriginalFilenameLATRIA.exe vs OrdineFornitore_Nr_2021_OV_445..exe
    Source: OrdineFornitore_Nr_2021_OV_445..exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
    Source: classification engineClassification label: mal84.troj.evad.winEXE@1/0@0/0
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeFile created: C:\Users\user\AppData\Local\Temp\~DF0CC27355BE37F9C0.TMPJump to behavior
    Source: OrdineFornitore_Nr_2021_OV_445..exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: OrdineFornitore_Nr_2021_OV_445..exeVirustotal: Detection: 16%

    Data Obfuscation:

    barindex
    Yara detected GuLoaderShow sources
    Source: Yara matchFile source: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, type: MEMORY
    Source: OrdineFornitore_Nr_2021_OV_445..exeStatic PE information: real checksum: 0x35092 should be: 0x2a962
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_00407C7D push ecx; retf 0_2_00407C7E
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_00406008 push es; ret 0_2_0040600D
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_00406E2B push FEBF90C3h; retf 0_2_00406E56
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_004080FD push edx; iretd 0_2_00408103
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_00407A81 push ds; retf 0_2_00407A82
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0040755B pushad ; retf 0_2_0040755D
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_00406D60 push esp; retf 0_2_00406DAE
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_00405D85 push edi; iretd 0_2_00405D91
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224004D push ebp; ret 0_2_0224004E
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224004F push edx; retf 0_2_0224005D
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022400D0 push ebp; ret 0_2_022400D1
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022400D2 push edx; retf 0_2_022400E0
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion:

    barindex
    Contains functionality to detect hardware virtualization (CPUID execution measurement)Show sources
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224527A 0_2_0224527A
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02244A41 0_2_02244A41
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02244E5A 0_2_02244E5A
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02244EA2 0_2_02244EA2
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022426E6 0_2_022426E6
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022452F5 0_2_022452F5
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022426C2 0_2_022426C2
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02244AD7 0_2_02244AD7
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02242700 0_2_02242700
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02244F0B 0_2_02244F0B
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02242B19 0_2_02242B19
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224331A 0_2_0224331A
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02242B71 0_2_02242B71
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02244F73 0_2_02244F73
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02242745 0_2_02242745
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02244B41 0_2_02244B41
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02245352 0_2_02245352
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02242792 0_2_02242792
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02244FD7 0_2_02244FD7
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02245036 0_2_02245036
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02242867 0_2_02242867
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02244C69 0_2_02244C69
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02242846 0_2_02242846
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224A054 0_2_0224A054
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022448B9 0_2_022448B9
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02244887 0_2_02244887
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02244CF2 0_2_02244CF2
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022450C2 0_2_022450C2
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022450D0 0_2_022450D0
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02248CD9 0_2_02248CD9
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02244D26 0_2_02244D26
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224492B 0_2_0224492B
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224290A 0_2_0224290A
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224511F 0_2_0224511F
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02242DA5 0_2_02242DA5
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02242DA7 0_2_02242DA7
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022449AF 0_2_022449AF
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224519D 0_2_0224519D
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022449F5 0_2_022449F5
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02244DD7 0_2_02244DD7
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224A9D2 0_2_0224A9D2
    Tries to detect virtualization through RDTSC time measurementsShow sources
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeRDTSC instruction interceptor: First address: 00000000004045C0 second address: 00000000004045C0 instructions: 0x00000000 rdtsc 0x00000002 cmp ecx, 51h 0x00000005 cmp ecx, 35h 0x00000008 cmp edi, 0000AFF4h 0x0000000e movd mm1, ebx 0x00000011 movd mm1, ebx 0x00000014 movd mm1, ebx 0x00000017 movd mm1, ebx 0x0000001a jne 00007F92CC38F29Fh 0x0000001c inc edi 0x0000001d cmp esi, 18h 0x00000020 cmp ebx, 15h 0x00000023 rdtsc
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_004045B0 rdtsc 0_2_004045B0
    Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected

    Anti Debugging:

    barindex
    Found potential dummy code loops (likely to delay analysis)Show sources
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeProcess Stats: CPU usage > 90% for more than 60s
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_004045B0 rdtsc 0_2_004045B0
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022462D6 mov eax, dword ptr fs:[00000030h]0_2_022462D6
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224331A mov eax, dword ptr fs:[00000030h]0_2_0224331A
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02249030 mov eax, dword ptr fs:[00000030h]0_2_02249030
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02249032 mov eax, dword ptr fs:[00000030h]0_2_02249032
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02249441 mov eax, dword ptr fs:[00000030h]0_2_02249441
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_0224A054 mov eax, dword ptr fs:[00000030h]0_2_0224A054
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02243CEF mov eax, dword ptr fs:[00000030h]0_2_02243CEF
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022440EA mov eax, dword ptr fs:[00000030h]0_2_022440EA
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_022440DD mov eax, dword ptr fs:[00000030h]0_2_022440DD
    Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
    Source: OrdineFornitore_Nr_2021_OV_445..exe, 00000000.00000002.1010932020.0000000000DB0000.00000002.00000001.sdmpBinary or memory string: Program Manager
    Source: OrdineFornitore_Nr_2021_OV_445..exe, 00000000.00000002.1010932020.0000000000DB0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
    Source: OrdineFornitore_Nr_2021_OV_445..exe, 00000000.00000002.1010932020.0000000000DB0000.00000002.00000001.sdmpBinary or memory string: Progman
    Source: OrdineFornitore_Nr_2021_OV_445..exe, 00000000.00000002.1010932020.0000000000DB0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
    Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exeCode function: 0_2_02242B19 cpuid 0_2_02242B19

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection1Virtualization/Sandbox Evasion11OS Credential DumpingSecurity Software Discovery31Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection1LSASS MemoryVirtualization/Sandbox Evasion11Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothApplication Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information1Security Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Information Discovery211Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.

    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    OrdineFornitore_Nr_2021_OV_445..exe16%VirustotalBrowse
    OrdineFornitore_Nr_2021_OV_445..exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    No contacted domains info

    Contacted IPs

    No contacted IP infos

    General Information

    Joe Sandbox Version:32.0.0 Black Diamond
    Analysis ID:434868
    Start date:15.06.2021
    Start time:15:58:28
    Joe Sandbox Product:CloudBasic
    Overall analysis duration:0h 6m 3s
    Hypervisor based Inspection enabled:false
    Report type:full
    Sample file name:OrdineFornitore_Nr_2021_OV_445..exe
    Cookbook file name:default.jbs
    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
    Number of analysed new started processes analysed:16
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • HDC enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Detection:MAL
    Classification:mal84.troj.evad.winEXE@1/0@0/0
    EGA Information:
    • Successful, ratio: 100%
    HDC Information:
    • Successful, ratio: 20.6% (good quality ratio 8.8%)
    • Quality average: 20.7%
    • Quality standard deviation: 28.3%
    HCA Information:Failed
    Cookbook Comments:
    • Adjust boot time
    • Enable AMSI
    • Found application associated with file extension: .exe
    • Override analysis time to 240s for sample files taking high CPU consumption
    Warnings:
    Show All
    • Max analysis timeout: 220s exceeded, the analysis took too long
    • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe

    Simulations

    Behavior and APIs

    No simulations

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    No context

    ASN

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    No created / dropped files found

    Static File Info

    General

    File type:PE32 executable (GUI) Intel 80386, for MS Windows
    Entropy (8bit):6.220371339599688
    TrID:
    • Win32 Executable (generic) a (10002005/4) 99.15%
    • Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81%
    • Generic Win/DOS Executable (2004/3) 0.02%
    • DOS Executable Generic (2002/1) 0.02%
    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
    File name:OrdineFornitore_Nr_2021_OV_445..exe
    File size:165640
    MD5:ca5dbe288ef27fd1a4bb491a3119285f
    SHA1:2de17b7906332db8828e87afd8f24aea93a9db25
    SHA256:582ef41b5d92451e2ca69cba6f821731d077fae38931556f2e2e3e09c577311d
    SHA512:8b062f9bb759bab77ed1274049461b71a59c91895423acca74b20afcbfe51ba6b2a6d74ff0309cb0e8dd81e923f484e70774bf2a9c69b4cda6550f68437f0712
    SSDEEP:3072:ZC1lQdla63sGvSI14DcKB8cp2UgILGvHQX:sWlaLpJLj
    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#...B...B...B..L^...B...`...B...d...B..Rich.B..........PE..L...4S.J..........................................@................

    File Icon

    Icon Hash:e8f0b2caa69e98a8

    Static PE Info

    General

    Entrypoint:0x401890
    Entrypoint Section:.text
    Digitally signed:true
    Imagebase:0x400000
    Subsystem:windows gui
    Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
    DLL Characteristics:
    Time Stamp:0x4AFE5334 [Sat Nov 14 06:50:28 2009 UTC]
    TLS Callbacks:
    CLR (.Net) Version:
    OS Version Major:4
    OS Version Minor:0
    File Version Major:4
    File Version Minor:0
    Subsystem Version Major:4
    Subsystem Version Minor:0
    Import Hash:4cd0d92faa0bc2c54919bd9657da5865

    Authenticode Signature

    Signature Valid:false
    Signature Issuer:E=Pentadrachm@Troller.tr, CN=smykkeskrin, OU=POLYURETAN, O=VANDBRERENS, L=Microcolorimetric, S=nationalliberales, C=GF
    Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
    Error Number:-2146762487
    Not Before, Not After
    • 6/15/2021 1:59:30 PM 6/15/2022 1:59:30 PM
    Subject Chain
    • E=Pentadrachm@Troller.tr, CN=smykkeskrin, OU=POLYURETAN, O=VANDBRERENS, L=Microcolorimetric, S=nationalliberales, C=GF
    Version:3
    Thumbprint MD5:06AF2709916BCE0CF03CF59BA855DE36
    Thumbprint SHA-1:AB72123C786FF25DC7F4258DB4A20D3CA00FBFB8
    Thumbprint SHA-256:C3815096127C1922171F6EF636BBECFBE8418FE97148EC9A27CB6B4FE180836A
    Serial:00

    Entrypoint Preview

    Instruction
    push 00417A60h
    call 00007F92CCDEF2B5h
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    xor byte ptr [eax], al
    add byte ptr [eax], al
    inc eax
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [edx-2E5C280Bh], bl
    cwde
    push eax
    dec edx
    wait
    or byte ptr [ebx-6F9A7022h], dh
    mov dword ptr [eax], eax
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [ecx], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [edi+4Ch], cl
    dec ecx
    inc edi
    dec edi
    push eax
    dec edi
    dec esp
    dec ecx
    push ebx
    push esp
    dec ecx
    inc ebx
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add bh, bh
    int3
    xor dword ptr [eax], eax
    or dword ptr [eax+25h], ebp
    bound ebx, dword ptr [ecx-70BD5FD9h]
    jmp 00007F92CCDEF24Bh
    aam 3Eh
    not byte ptr [ebp+59h]
    adc edi, dword ptr [ecx]
    salc
    mov bl, 00000078h
    aam 4Bh
    xchg eax, edi
    psubw mm3, mm0
    adc ch, byte ptr [edx+edi]
    dec edi
    lodsd
    xor ebx, dword ptr [ecx-48EE309Ah]
    or al, 00h
    stosb
    add byte ptr [eax-2Dh], ah
    xchg eax, ebx
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    out 60h, eax
    add dword ptr [eax], eax
    cmpsd
    pop edi
    add dword ptr [eax], eax
    add byte ptr [edi], al
    add byte ptr [edx+esi*2+73h], al
    insb
    jc 00007F92CCDEF2C4h
    or eax, 76000F01h
    jc 00007F92CCDEF336h
    imul esp, dword ptr [esi+69h], 00000063h

    Data Directories

    NameVirtual AddressVirtual Size Is in Section
    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IMPORT0x1f6b40x28.text
    IMAGE_DIRECTORY_ENTRY_RESOURCE0x220000x6d0a.rsrc
    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
    IMAGE_DIRECTORY_ENTRY_SECURITY0x280000x708.rsrc
    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x2280x20
    IMAGE_DIRECTORY_ENTRY_IAT0x10000x1e4.text
    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

    Sections

    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
    .text0x10000x1eda80x1f000False0.502488659274data6.34204533529IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
    .data0x200000x12200x1000False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
    .rsrc0x220000x6d0a0x7000False0.611921037946data6.03995475111IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

    Resources

    NameRVASizeTypeLanguageCountry
    RT_ICON0x27e620xea8data
    RT_ICON0x275ba0x8a8data
    RT_ICON0x26ef20x6c8data
    RT_ICON0x2698a0x568GLS_BINARY_LSB_FIRST
    RT_ICON0x243e20x25a8data
    RT_ICON0x2333a0x10a8data
    RT_ICON0x229b20x988data
    RT_ICON0x2254a0x468GLS_BINARY_LSB_FIRST
    RT_GROUP_ICON0x224d40x76data
    RT_VERSION0x222400x294dataKazakhKazakhstan

    Imports

    DLLImport
    MSVBVM60.DLL_CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaRecAnsiToUni, __vbaSetSystemError, __vbaRecDestruct, __vbaHresultCheckObj, __vbaLenBstrB, _adj_fdiv_m32, __vbaAryVar, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaCyStr, __vbaFPFix, __vbaFpR8, __vbaVarTstLt, _CIsin, __vbaErase, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaAryConstruct2, __vbaVarTstEq, __vbaR4Str, __vbaObjVar, DllFunctionCall, _adj_fpatan, __vbaRedim, __vbaRecUniToAnsi, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaFpCmpCy, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaR8Str, __vbaNew2, __vbaInStr, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaI4Str, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaVarAdd, __vbaLateMemCall, __vbaVarDup, __vbaStrToAnsi, __vbaFpI4, __vbaRecDestructAnsi, _CIatan, __vbaCastObj, __vbaStrMove, __vbaAryCopy, _allmul, __vbaLateIdSt, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr

    Version Infos

    DescriptionData
    Translation0x043f 0x04b0
    InternalNameLATRIA
    FileVersion1.00
    CompanyNameTriTech International
    ProductNameTriTech International
    ProductVersion1.00
    FileDescriptionTriTech International
    OriginalFilenameLATRIA.exe

    Possible Origin

    Language of compilation systemCountry where language is spokenMap
    KazakhKazakhstan

    Network Behavior

    No network behavior found

    Code Manipulations

    Statistics

    CPU Usage

    Click to jump to process

    Memory Usage

    Click to jump to process

    System Behavior

    Analysis Process: OrdineFornitore_Nr_2021_OV_445..exe PID: 6896 Parent PID: 6012

    General

    Start time:15:59:26
    Start date:15/06/2021
    Path:C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe
    Wow64 process (32bit):true
    Commandline:'C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe'
    Imagebase:0x400000
    File size:165640 bytes
    MD5 hash:CA5DBE288EF27FD1A4BB491A3119285F
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:Visual Basic
    Yara matches:
    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Author: Joe Security
    Reputation:low

    Chronological Activities

    Disassembly

    Code Analysis

    Reset < >

      Analysis Process: OrdineFornitore_Nr_2021_OV_445..exe PID: 6896 Parent PID: 6012 OrdineFornitore_Nr_2021_OV_445..exeCOMMON

      Execution Graph

      Execution Coverage:0.8%
      Dynamic/Decrypted Code Coverage:7.9%
      Signature Coverage:2.4%
      Total number of Nodes:126
      Total number of Limit Nodes:20

      Graph

      execution_graph 21166 41a7b0 __vbaChkstk 21167 41a805 __vbaAryConstruct2 __vbaR8Str __vbaFPFix __vbaFpR8 21166->21167 21168 41a91c 21167->21168 21169 41a84f 21167->21169 21170 41a942 __vbaGenerateBoundsError 21168->21170 21171 41a936 21168->21171 21172 41a882 21169->21172 21173 41a866 __vbaNew2 21169->21173 21170->21171 21175 41a983 21171->21175 21176 41a98f __vbaGenerateBoundsError 21171->21176 21174 41a88c __vbaCastObj __vbaObjSet 21172->21174 21173->21174 21178 41a8d2 21174->21178 21177 41a99b #682 __vbaFpR8 21175->21177 21176->21177 21179 41aa04 __vbaFreeVar 21177->21179 21180 41a8e3 __vbaHresultCheckObj 21178->21180 21181 41a906 21178->21181 21184 41aa40 __vbaVarDup #667 __vbaStrMove __vbaFreeVar 21179->21184 21185 41aa98 #685 __vbaObjSet 21179->21185 21182 41a910 __vbaFreeObj 21180->21182 21181->21182 21182->21168 21184->21185 21186 41aad2 21185->21186 21187 41aae3 __vbaHresultCheckObj 21186->21187 21188 41ab06 21186->21188 21189 41ab10 __vbaFreeObj 21187->21189 21188->21189 21190 41ab40 21189->21190 21191 41abf9 21189->21191 21192 41ab50 __vbaNew2 21190->21192 21193 41ab6c 21190->21193 21271 41c630 21191->21271 21194 41ab76 __vbaObjVar __vbaObjSetAddref 21192->21194 21193->21194 21195 41abaf 21194->21195 21198 41abc0 __vbaHresultCheckObj 21195->21198 21199 41abe3 21195->21199 21196 41ac41 21197 41ac50 __vbaHresultCheckObj 21196->21197 21200 41ac73 __vbaStrCopy 21196->21200 21197->21200 21201 41abed __vbaFreeObj 21198->21201 21199->21201 21203 41ad53 __vbaFreeStr __vbaStrCopy 21200->21203 21201->21191 21204 41addc 21203->21204 21205 41adeb __vbaHresultCheckObj 21204->21205 21206 41ae0e 21204->21206 21207 41ae18 __vbaFreeStr __vbaStrCopy 21205->21207 21206->21207 21208 41aedc __vbaFreeStr __vbaStrCopy 21207->21208 21209 41af2c 21208->21209 21210 41af3b __vbaHresultCheckObj 21209->21210 21211 41af5e 21209->21211 21212 41af68 __vbaFreeStr __vbaStrCopy __vbaStrCopy 21210->21212 21211->21212 21213 41afcd __vbaFreeStrList 21212->21213 21214 41b017 __vbaStrCopy 21213->21214 21215 41b0b8 21214->21215 21216 41b0c7 __vbaHresultCheckObj 21215->21216 21217 41b0ea 21215->21217 21218 41b0f4 __vbaFreeStr 21216->21218 21217->21218 21219 41b18b __vbaStrCopy 21218->21219 21220 41b20b 21219->21220 21221 41b21a __vbaHresultCheckObj 21220->21221 21222 41b23d 21220->21222 21223 41b247 __vbaFreeStr 21221->21223 21222->21223 21224 41b2c0 __vbaStrCopy __vbaStrCopy 21223->21224 21225 41b330 __vbaFreeStrList 21224->21225 21226 41b374 21225->21226 21227 41b383 __vbaHresultCheckObj 21226->21227 21228 41b3a6 21226->21228 21227->21228 21229 41b3d5 __vbaHresultCheckObj 21228->21229 21230 41b3f8 21228->21230 21231 41b402 __vbaStrCopy 21229->21231 21230->21231 21232 41b48d __vbaFreeStr 21231->21232 21233 41b4ec 21232->21233 21234 41b4fb __vbaHresultCheckObj 21233->21234 21235 41b51e 21233->21235 21234->21235 21236 41b5b3 __vbaHresultCheckObj 21235->21236 21237 41b5d6 21235->21237 21238 41b5e0 __vbaStrCopy __vbaStrCopy 21236->21238 21237->21238 21239 41b66f __vbaFreeStrList 21238->21239 21240 41b6ee __vbaStrCopy 21239->21240 21241 41b740 21240->21241 21242 41b772 21241->21242 21243 41b74f __vbaHresultCheckObj 21241->21243 21244 41b77c __vbaFreeStr 21242->21244 21243->21244 21245 41b7e0 __vbaStrCopy __vbaStrCopy 21244->21245 21247 41b8d6 21245->21247 21248 41b8e5 __vbaHresultCheckObj 21247->21248 21249 41b908 21247->21249 21250 41b912 __vbaFreeStrList __vbaStrCopy 21248->21250 21249->21250 21251 41b9a2 21250->21251 21252 41b9b1 __vbaHresultCheckObj 21251->21252 21253 41b9d4 21251->21253 21254 41b9de __vbaFreeStr 21252->21254 21253->21254 21255 41ba46 21254->21255 21256 41ba55 __vbaHresultCheckObj 21255->21256 21257 41ba78 21255->21257 21258 41ba82 __vbaStrCopy 21256->21258 21257->21258 21259 41bb24 21258->21259 21260 41bb33 __vbaHresultCheckObj 21259->21260 21261 41bb56 21259->21261 21262 41bb60 __vbaFreeStr 21260->21262 21261->21262 21263 41bb9a 21262->21263 21264 41bbab __vbaHresultCheckObj 21263->21264 21265 41bbce 21263->21265 21266 41bbd8 __vbaOnError __vbaVarMove 21264->21266 21265->21266 21267 41bc1e __vbaVarAdd __vbaVarMove __vbaVarTstLt 21266->21267 21268 41bc98 21267->21268 21269 41bc9a 21267->21269 21268->21267 21269->21269 21272 41c667 #517 __vbaStrMove __vbaStrCmp __vbaFreeStr 21271->21272 21273 41c6b6 __vbaFpI4 21272->21273 21274 41c6de __vbaLenBstrB 21272->21274 21278 41c6c9 21273->21278 21275 41c781 #704 __vbaStrMove __vbaFreeVar 21274->21275 21276 41c6f2 21274->21276 21277 41c7e3 __vbaFreeStr 21275->21277 21279 41c6fa __vbaNew2 21276->21279 21281 41c70a 21276->21281 21277->21196 21278->21274 21280 41c6cf __vbaHresultCheckObj 21278->21280 21279->21281 21280->21274 21282 41c720 __vbaHresultCheckObj 21281->21282 21283 41c72f 21281->21283 21282->21283 21284 41c766 __vbaHresultCheckObj 21283->21284 21285 41c778 __vbaFreeObj 21283->21285 21284->21285 21285->21275 21286 4047d1 21287 404831 VirtualAlloc 21286->21287 21288 4048fc 21287->21288 21289 2246cd3 21290 2246ceb NtAllocateVirtualMemory 21289->21290 21291 2246d56 21290->21291 21292 4018ac 21293 4018b3 21292->21293 21294 401879 EVENT_SINK_AddRef 21293->21294 21295 401890 #100 21294->21295 21295->21294

      Executed Functions

      Function 004045B0, Relevance: 4.7, APIs: 1, Strings: 2, Instructions: 173memoryCOMMONCrypto
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 135 4045b0-4045b3 136 4045b9-4045da 135->136 136->136 137 4045dc-40475b 136->137 140 40475e-404781 137->140 140->140 141 404783-4049cf VirtualAlloc 140->141 145 4049d2-404a21 call 404a36 141->145 148 404a23-404a2c 145->148
      C-Code - Quality: 29%
      			E004045B0(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				intOrPtr* _t8;
				void* _t10;
				intOrPtr* _t12;
				void* _t31;
				void* _t38;

				_t38 = __edi;
				do {
					_t38 = _t38 + 1;
					asm("rdtsc");
					asm("movd mm1, ebx");
					asm("movd mm1, ebx");
					asm("movd mm1, ebx");
					asm("movd mm1, ebx");
				} while (_t38 != 0xaff4);
				asm("packssdw xmm7, xmm7");
				asm("por xmm2, xmm5");
				_t8 =  *((intOrPtr*)(0x401004));
				 *0xc54318d5 =  *0xc54318d5 + _t8;
				asm("movd xmm1, eax");
				asm("paddb xmm7, xmm4");
				do {
					_t8 = _t8 - 1;
				} while (0x74966fac !=  *_t8);
				asm("fldlg2");
				asm("fldl2t");
				_t10 = VirtualAlloc(0, 0x10000, 0x1000, 0x40); // executed
				asm("por mm6, mm4");
				asm("fld1");
				_t31 = 0xb8fc;
				while(1) {
					asm("stc");
					_t12 =  *((intOrPtr*)(_t10 - 0x81));
					 *_t12 =  *_t12 + _t12;
					_push(_t12);
					asm("faddp st2, st0");
					asm("paddsb mm0, mm1");
					goto L12;
				}
			}








      0x004045b0
      0x004045b9
      0x004045b9
      0x004045c0
      0x004045ce
      0x004045d1
      0x004045d4
      0x004045d7
      0x004045d7
      0x00404609
      0x0040460d
      0x0040469a
      0x004046d6
      0x004046f0
      0x004046f4
      0x0040475e
      0x00404767
      0x0040477f
      0x004047cb
      0x004047cd
      0x00404891
      0x00404899
      0x0040489c
      0x00404954
      0x0040495c
      0x0040495e
      0x0040495f
      0x00404961
      0x0040496e
      0x00404972
      0x00404974
      0x004049cf
      0x004049cf

      APIs
      • VirtualAlloc.KERNELBASE(00000000,00010000,00001000,00000040), ref: 00404891
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: AllocVirtual
      • String ID: !$;
      • API String ID: 4275171209-2251160903
      • Opcode ID: 3e478fac65ce32016b45fb8ec6df7e4a849c362f18ef631f1a9e8a1c76db4715
      • Instruction ID: dee1619f673d83a432e1f556fe78f43e634754488efc9b82dac798062537d611
      • Opcode Fuzzy Hash: 3e478fac65ce32016b45fb8ec6df7e4a849c362f18ef631f1a9e8a1c76db4715
      • Instruction Fuzzy Hash: 6A51C092B113514AFF782068C9E076D6143EBC5344F728A3BCA96FBDC9DA7D88C15243
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02246B23, Relevance: 1.7, APIs: 1, Instructions: 186memorynativeCOMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      • NtAllocateVirtualMemory.NTDLL ref: 02246D00
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID: AllocateMemoryVirtual
      • String ID:
      • API String ID: 2167126740-0
      • Opcode ID: 1361aa2e95937e71f8a32ca0184b6b3ae7f351c8eeb4dc5d6a2b15a86df11843
      • Instruction ID: 5767d420cfdb823315ddf1d302bee6bcb619f75181fb136e7cc99bef25ef1401
      • Opcode Fuzzy Hash: 1361aa2e95937e71f8a32ca0184b6b3ae7f351c8eeb4dc5d6a2b15a86df11843
      • Instruction Fuzzy Hash: 965176766183458BEB64AFB8CC853E93BF1EF0A750F44452EDDCA8B154EB308685CB12
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02246B52, Relevance: 1.7, APIs: 1, Instructions: 180memorynativeCOMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      • NtAllocateVirtualMemory.NTDLL ref: 02246D00
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID: AllocateMemoryVirtual
      • String ID:
      • API String ID: 2167126740-0
      • Opcode ID: 34bc30678e898fcbc9528d623987a95504e1a47aee9435ec58be7465dc39362f
      • Instruction ID: d45716f2f5855ffd89fdfa321fce2b08d616fb5bcd9f29dc66300ff2e425ee66
      • Opcode Fuzzy Hash: 34bc30678e898fcbc9528d623987a95504e1a47aee9435ec58be7465dc39362f
      • Instruction Fuzzy Hash: 865163756183458FEB64AEB4CC853E97BF1EF0A790F04452EDDCA8B055EB308685CB12
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02246BA6, Relevance: 1.7, APIs: 1, Instructions: 169memorynativeCOMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      • NtAllocateVirtualMemory.NTDLL ref: 02246D00
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID: AllocateMemoryVirtual
      • String ID:
      • API String ID: 2167126740-0
      • Opcode ID: 83e86c3e8515b6ea395b1a502c447e2906d99d5c2cf55c5f7ef0b1f6011c1831
      • Instruction ID: 018d1a9838578e4cbe29e580fb15b7cdfedf6fa8e7797999632ab348e1851c26
      • Opcode Fuzzy Hash: 83e86c3e8515b6ea395b1a502c447e2906d99d5c2cf55c5f7ef0b1f6011c1831
      • Instruction Fuzzy Hash: 865173766183458FEB24AFB4CC853E877E0EF0A750F44452ECDCA8B155EB308682CB02
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02246BEF, Relevance: 1.7, APIs: 1, Instructions: 154memorynativeCOMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      • NtAllocateVirtualMemory.NTDLL ref: 02246D00
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID: AllocateMemoryVirtual
      • String ID:
      • API String ID: 2167126740-0
      • Opcode ID: f110dc50ee608721e5b7013af2f2760ac2947c1ac604d69118f90b0a8112623e
      • Instruction ID: 14d4465e8439556c89b0bbe373d51ef68a2b69c4f8f4b1eff8a2d9c5c3befd76
      • Opcode Fuzzy Hash: f110dc50ee608721e5b7013af2f2760ac2947c1ac604d69118f90b0a8112623e
      • Instruction Fuzzy Hash: 0F51437651834A8BEB60EFB4CC853E877B1EF0A790F44482DDDCA8B155EB708685CB12
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02246C5D, Relevance: 1.6, APIs: 1, Instructions: 135memorynativeCOMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      • NtAllocateVirtualMemory.NTDLL ref: 02246D00
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID: AllocateMemoryVirtual
      • String ID:
      • API String ID: 2167126740-0
      • Opcode ID: 20a6f66d48cce0af24e61bef7bbd6fcc19478103f186264a1b529166520f23fe
      • Instruction ID: fff6ad94bae0c9cf534e90bd6fc1d5d49a4d4678e72a6cb24d4b66e5b78effa0
      • Opcode Fuzzy Hash: 20a6f66d48cce0af24e61bef7bbd6fcc19478103f186264a1b529166520f23fe
      • Instruction Fuzzy Hash: 9F4148765183458BEB60EFB4CC853E87BA0FF0A794F44492EDDC69B015EB708642CB52
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02246CD3, Relevance: 1.6, APIs: 1, Instructions: 109memorynativeCOMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      • NtAllocateVirtualMemory.NTDLL ref: 02246D00
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID: AllocateMemoryVirtual
      • String ID:
      • API String ID: 2167126740-0
      • Opcode ID: 4885985f3912abdb4dd9921e11c7fbb2ea8a7a61425075fb72855693082c7c31
      • Instruction ID: b4913daa88928afe7e4aae6cfae4e20d946c10863f8f9871910ad1d06484412c
      • Opcode Fuzzy Hash: 4885985f3912abdb4dd9921e11c7fbb2ea8a7a61425075fb72855693082c7c31
      • Instruction Fuzzy Hash: 1331787A5243868BEB60EFB18C813E877A0FF0AB94F10082DD9C68B015EB70C645DB52
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00404614, Relevance: 1.5, APIs: 1, Instructions: 229memoryCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 247 404614-40475b 250 40475e-404781 247->250 250->250 251 404783-4049cf VirtualAlloc 250->251 255 4049d2-404a21 call 404a36 251->255 258 404a23-404a2c 255->258
      APIs
      • VirtualAlloc.KERNELBASE(00000000,00010000,00001000,00000040), ref: 00404891
      Memory Dump Source
      • Source File: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: AllocVirtual
      • String ID:
      • API String ID: 4275171209-0
      • Opcode ID: e41b1216f9715ce53566568ca50fde395daded5b178be3bf9b68270fdf80a084
      • Instruction ID: a319029205d7675d0c0e56db3996916195b706d0e44812e0a5a5daef69844660
      • Opcode Fuzzy Hash: e41b1216f9715ce53566568ca50fde395daded5b178be3bf9b68270fdf80a084
      • Instruction Fuzzy Hash: 1941CEA2B113514AFF782168C9E076D6102EBC5344F72CA3BCA97EBDD9D97D88C14243
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0041A7B0, Relevance: 230.4, APIs: 80, Strings: 51, Instructions: 1128COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 0 41a7b0-41a849 __vbaChkstk __vbaAryConstruct2 __vbaR8Str __vbaFPFix __vbaFpR8 2 41a91c-41a934 0->2 3 41a84f-41a864 0->3 4 41a942-41a948 __vbaGenerateBoundsError 2->4 5 41a936-41a940 2->5 6 41a882 3->6 7 41a866-41a880 __vbaNew2 3->7 8 41a94e-41a981 4->8 5->8 9 41a88c-41a8e1 __vbaCastObj __vbaObjSet 6->9 7->9 10 41a983-41a98d 8->10 11 41a98f-41a995 __vbaGenerateBoundsError 8->11 16 41a8e3-41a904 __vbaHresultCheckObj 9->16 17 41a906 9->17 12 41a99b-41aa02 #682 __vbaFpR8 10->12 11->12 14 41aa10 12->14 15 41aa04-41aa0e 12->15 19 41aa1a-41aa3e __vbaFreeVar 14->19 15->19 18 41a910-41a916 __vbaFreeObj 16->18 17->18 18->2 20 41aa40-41aa92 __vbaVarDup #667 __vbaStrMove __vbaFreeVar 19->20 21 41aa98-41aae1 #685 __vbaObjSet 19->21 20->21 23 41aae3-41ab04 __vbaHresultCheckObj 21->23 24 41ab06 21->24 25 41ab10-41ab3a __vbaFreeObj 23->25 24->25 26 41ab40-41ab4e 25->26 27 41abf9-41ac4e call 41c630 25->27 28 41ab50-41ab6a __vbaNew2 26->28 29 41ab6c 26->29 34 41ac50-41ac71 __vbaHresultCheckObj 27->34 35 41ac73 27->35 30 41ab76-41abbe __vbaObjVar __vbaObjSetAddref 28->30 29->30 36 41abc0-41abe1 __vbaHresultCheckObj 30->36 37 41abe3 30->37 38 41ac7d-41ade9 __vbaStrCopy __vbaFreeStr __vbaStrCopy 34->38 35->38 39 41abed-41abf3 __vbaFreeObj 36->39 37->39 43 41adeb-41ae0c __vbaHresultCheckObj 38->43 44 41ae0e 38->44 39->27 45 41ae18-41af39 __vbaFreeStr __vbaStrCopy __vbaFreeStr __vbaStrCopy 43->45 44->45 48 41af3b-41af5c __vbaHresultCheckObj 45->48 49 41af5e 45->49 50 41af68-41b0c5 __vbaFreeStr __vbaStrCopy * 2 __vbaFreeStrList __vbaStrCopy 48->50 49->50 54 41b0c7-41b0e8 __vbaHresultCheckObj 50->54 55 41b0ea 50->55 56 41b0f4-41b218 __vbaFreeStr __vbaStrCopy 54->56 55->56 59 41b21a-41b23b __vbaHresultCheckObj 56->59 60 41b23d 56->60 61 41b247-41b381 __vbaFreeStr __vbaStrCopy * 2 __vbaFreeStrList 59->61 60->61 65 41b383-41b3a4 __vbaHresultCheckObj 61->65 66 41b3a6 61->66 67 41b3b0-41b3d3 65->67 66->67 69 41b3d5-41b3f6 __vbaHresultCheckObj 67->69 70 41b3f8 67->70 71 41b402-41b4f9 __vbaStrCopy __vbaFreeStr 69->71 70->71 74 41b4fb-41b51c __vbaHresultCheckObj 71->74 75 41b51e 71->75 76 41b528-41b5b1 74->76 75->76 78 41b5b3-41b5d4 __vbaHresultCheckObj 76->78 79 41b5d6 76->79 80 41b5e0-41b74d __vbaStrCopy * 2 __vbaFreeStrList __vbaStrCopy 78->80 79->80 84 41b772 80->84 85 41b74f-41b770 __vbaHresultCheckObj 80->85 86 41b77c-41b8e3 __vbaFreeStr __vbaStrCopy * 2 84->86 85->86 91 41b8e5-41b906 __vbaHresultCheckObj 86->91 92 41b908 86->92 93 41b912-41b99b __vbaFreeStrList __vbaStrCopy 91->93 92->93 94 41b9a2-41b9af 93->94 95 41b9b1-41b9d2 __vbaHresultCheckObj 94->95 96 41b9d4 94->96 97 41b9de-41ba53 __vbaFreeStr 95->97 96->97 99 41ba55-41ba76 __vbaHresultCheckObj 97->99 100 41ba78 97->100 101 41ba82-41bb31 __vbaStrCopy 99->101 100->101 103 41bb33-41bb54 __vbaHresultCheckObj 101->103 104 41bb56 101->104 105 41bb60-41bba9 __vbaFreeStr 103->105 104->105 107 41bbab-41bbcc __vbaHresultCheckObj 105->107 108 41bbce 105->108 109 41bbd8-41bc18 __vbaOnError __vbaVarMove 107->109 108->109 110 41bc1e-41bc96 __vbaVarAdd __vbaVarMove __vbaVarTstLt 109->110 111 41bc98 110->111 112 41bc9a-41bca1 110->112 111->110 113 41bcab-41bcb2 112->113 113->113 114 41bcb4 113->114 115 41bcb6-41bcbd 114->115 115->115 116 41bcbf-41bcc0 115->116
      APIs
      • __vbaChkstk.MSVBVM60(?,004015C6), ref: 0041A7CE
      • __vbaAryConstruct2.MSVBVM60(?,0041954C,00000005,?,?,?,?,004015C6), ref: 0041A81A
      • __vbaR8Str.MSVBVM60(00418DCC,?,?,?,?,004015C6), ref: 0041A82C
      • __vbaFPFix.MSVBVM60(?,?,?,?,004015C6), ref: 0041A832
      • __vbaFpR8.MSVBVM60(?,?,?,?,004015C6), ref: 0041A838
      • __vbaNew2.MSVBVM60(00418FC8,00420390,?,?,?,?,004015C6), ref: 0041A870
      • __vbaCastObj.MSVBVM60(?,00418F98,Octavarium8), ref: 0041A8AB
      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041A8B9
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00418FB8,00000040), ref: 0041A8F8
      • __vbaFreeObj.MSVBVM60 ref: 0041A916
      • __vbaGenerateBoundsError.MSVBVM60 ref: 0041A942
      • __vbaGenerateBoundsError.MSVBVM60 ref: 0041A98F
      • #682.MSVBVM60(?,0000000A), ref: 0041A9EB
      • __vbaFpR8.MSVBVM60 ref: 0041A9F1
      • __vbaFreeVar.MSVBVM60 ref: 0041AA2F
      • __vbaVarDup.MSVBVM60 ref: 0041AA6E
      • #667.MSVBVM60(0000000A), ref: 0041AA7B
      • __vbaStrMove.MSVBVM60 ref: 0041AA86
      • __vbaFreeVar.MSVBVM60 ref: 0041AA92
      • #685.MSVBVM60 ref: 0041AA9F
      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041AAAD
      • __vbaHresultCheckObj.MSVBVM60(00000000,00000002,00418FF4,0000001C), ref: 0041AAF8
      • __vbaFreeObj.MSVBVM60 ref: 0041AB2B
      • __vbaNew2.MSVBVM60(00418FC8,00420390), ref: 0041AB5A
      • __vbaObjVar.MSVBVM60(?), ref: 0041AB88
      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 0041AB96
      • __vbaHresultCheckObj.MSVBVM60(00000000,00000002,00418FB8,00000010), ref: 0041ABD5
      • __vbaFreeObj.MSVBVM60 ref: 0041ABF3
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00418B18,000006F8), ref: 0041AC65
      • __vbaStrCopy.MSVBVM60 ref: 0041ACF9
      • __vbaFreeStr.MSVBVM60 ref: 0041AD67
      • __vbaStrCopy.MSVBVM60 ref: 0041AD9C
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00418B18,000006FC), ref: 0041AE00
      • __vbaFreeStr.MSVBVM60 ref: 0041AE36
      • __vbaStrCopy.MSVBVM60 ref: 0041AE4E
      • __vbaFreeStr.MSVBVM60 ref: 0041AEE2
      • __vbaStrCopy.MSVBVM60 ref: 0041AEFA
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00418B18,00000700), ref: 0041AF50
      • __vbaFreeStr.MSVBVM60 ref: 0041AF77
      • __vbaStrCopy.MSVBVM60 ref: 0041AF8F
      • __vbaStrCopy.MSVBVM60 ref: 0041AFA0
      • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0041AFDD
      • __vbaStrCopy.MSVBVM60 ref: 0041B065
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00418B18,00000704), ref: 0041B0DC
      • __vbaFreeStr.MSVBVM60 ref: 0041B112
      • __vbaStrCopy.MSVBVM60 ref: 0041B19D
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00418B18,00000708), ref: 0041B22F
      • __vbaFreeStr.MSVBVM60 ref: 0041B259
      • __vbaStrCopy.MSVBVM60 ref: 0041B2E6
      • __vbaStrCopy.MSVBVM60 ref: 0041B2F7
      • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0041B340
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00418B18,0000070C), ref: 0041B398
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00418B18,00000710), ref: 0041B3EA
      • __vbaStrCopy.MSVBVM60 ref: 0041B414
      • __vbaFreeStr.MSVBVM60 ref: 0041B493
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00418B18,00000714), ref: 0041B510
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00418B18,00000718), ref: 0041B5C8
      • __vbaStrCopy.MSVBVM60 ref: 0041B60A
      • __vbaStrCopy.MSVBVM60 ref: 0041B625
      • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0041B67F
      • __vbaStrCopy.MSVBVM60 ref: 0041B718
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00418B18,0000071C), ref: 0041B764
      • __vbaFreeStr.MSVBVM60 ref: 0041B790
      • __vbaStrCopy.MSVBVM60 ref: 0041B880
      • __vbaStrCopy.MSVBVM60 ref: 0041B89B
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00418B18,00000720), ref: 0041B8FA
      • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0041B930
      • __vbaStrCopy.MSVBVM60 ref: 0041B95F
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00418B18,00000724), ref: 0041B9C6
      • __vbaFreeStr.MSVBVM60 ref: 0041B9E4
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00418B18,00000728), ref: 0041BA6A
      • __vbaStrCopy.MSVBVM60 ref: 0041BAC4
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00418B18,0000072C), ref: 0041BB48
      • __vbaFreeStr.MSVBVM60 ref: 0041BB7E
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00418AE8,000002B4), ref: 0041BBC0
      • __vbaOnError.MSVBVM60(000000FF), ref: 0041BBE1
      • __vbaVarMove.MSVBVM60 ref: 0041BC18
      • __vbaVarAdd.MSVBVM60(?,00000002,?), ref: 0041BC4E
      • __vbaVarMove.MSVBVM60 ref: 0041BC5C
      • __vbaVarTstLt.MSVBVM60(00008003,?), ref: 0041BC8B
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: __vba$Free$CheckCopyHresult$List$ErrorMove$BoundsGenerateNew2$#667#682#685AddrefCastChkstkConstruct2
      • String ID: 3|Y$4$APPENDICITTERNES$Anlgsbidragets$Beshivers$CHANGOAN$Chartrede3$Dissociation$Dorothys5$EXTENTIONS$E$FAKULTETSBEREGNINGERNE$Gospelmonger$HOBOISM$Integralregningen4$KATHLIN$LOCALIZATION$MUTAROTATE$Maiolicas5$Octavarium8$PIPESTEM$RUPICAPRA$Respirationer8$Spiralbundenes6$Sprgernes$TANDEMEN$TILKALDEVAGTERNE$Trigonia9$Turcyklerne$U$Unconvertedness9$Unembroidered$Unmodestly1$Wisps$[[;$cottonseed$diodont$enkepensionisters$fejlbedmme$fremtvinge$hosieries$kontrabger$milieuankenvns$p!3X$perspectively$rO$rebourbonize$shama$theol$tournant$zQ
      • API String ID: 3975164697-234304538
      • Opcode ID: 5a2a8018efa4cde8c13a9bde9af32ae75b79a26c57b86414ce9a9c10363af0a5
      • Instruction ID: 608176f469cbaa39019c9160e591e0eef1c3c2e7542f84494918ca4b08745da7
      • Opcode Fuzzy Hash: 5a2a8018efa4cde8c13a9bde9af32ae75b79a26c57b86414ce9a9c10363af0a5
      • Instruction Fuzzy Hash: 37C2E3B4941228EFDB24DF50DD98BDABBB4FB48304F1081DAE5096B290DB746AC5CF94
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0041C630, Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 129COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      • #517.MSVBVM60(00419570), ref: 0041C681
      • __vbaStrMove.MSVBVM60 ref: 0041C68C
      • __vbaStrCmp.MSVBVM60(00419568,00000000), ref: 0041C698
      • __vbaFreeStr.MSVBVM60 ref: 0041C6AB
      • __vbaFpI4.MSVBVM60 ref: 0041C6BE
      • __vbaHresultCheckObj.MSVBVM60(00000000,00401388,00418AE8,00000064), ref: 0041C6D8
      • __vbaLenBstrB.MSVBVM60(00419578), ref: 0041C6E3
      • __vbaNew2.MSVBVM60(00418FC8,00420390), ref: 0041C704
      • __vbaHresultCheckObj.MSVBVM60(00000000,0225EDC4,00418FB8,0000001C), ref: 0041C729
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00419590,00000060), ref: 0041C772
      • __vbaFreeObj.MSVBVM60 ref: 0041C77B
      • #704.MSVBVM60(?,000000FF,000000FE,000000FE,000000FE), ref: 0041C797
      • __vbaStrMove.MSVBVM60 ref: 0041C7A2
      • __vbaFreeVar.MSVBVM60 ref: 0041C7AB
      • __vbaFreeStr.MSVBVM60(0041C7ED), ref: 0041C7E6
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: __vba$Free$CheckHresult$Move$#517#704BstrNew2
      • String ID: STANNY
      • API String ID: 2680288682-3551176376
      • Opcode ID: 087a6ccad5a1b3be6bb8af1620a91ad29817699e23e75d5e930684386c6b6425
      • Instruction ID: 28b8506f2b1691d9d0028aec12c822e20e9491b96cb46f335d6051fe8aa4741e
      • Opcode Fuzzy Hash: 087a6ccad5a1b3be6bb8af1620a91ad29817699e23e75d5e930684386c6b6425
      • Instruction Fuzzy Hash: B7417FB1940209EFCB04DF94DD89ADEBBB5FB48710F60812AF556B32A0DB385981CF58
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00401890, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 149 401890-4018ee #100 150 401879-40187e EVENT_SINK_AddRef 149->150 150->149
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: #100
      • String ID: VB5!6&*
      • API String ID: 1341478452-3593831657
      • Opcode ID: 4a2d0fa638383781a8b9778ab70f5b0730962c47793f25797524f8816787cf32
      • Instruction ID: 7fbf6a5f9e4a99306b998e5b3d756d7a9ee717be473f515700aac5095594a612
      • Opcode Fuzzy Hash: 4a2d0fa638383781a8b9778ab70f5b0730962c47793f25797524f8816787cf32
      • Instruction Fuzzy Hash: 7401936144EBC09FC30B17B19C6AA927F748D0321830A42EBD481DE4B3C62C4D89CB37
      Uniqueness

      Uniqueness Score: -1.00%

      Function 004046FA, Relevance: 1.4, APIs: 1, Instructions: 148memoryCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 259 4046fa-4046fb 260 4046d6-4046f8 259->260 261 4046fd-404757 259->261 262 404758-40475b 260->262 261->262 263 40475e-404781 262->263 263->263 264 404783-4049cf VirtualAlloc 263->264 268 4049d2-404a21 call 404a36 264->268 271 404a23-404a2c 268->271
      C-Code - Quality: 66%
      			E004046FA(intOrPtr* __eax, signed int __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t20;
				void* _t22;
				intOrPtr* _t24;
				signed int _t27;
				void* _t40;

				_t20 = __eax;
				_pop(es);
				if(__eflags >= 0) {
					 *__eax =  *__eax + __eax;
					_t27 = __ebx ^ 0x725431e8;
					asm("movd xmm1, eax");
					asm("paddb xmm7, xmm4");
				} else {
					_t1 = __ecx - 0x76767677;
					 *_t1 =  *((intOrPtr*)(__ecx - 0x76767677)) + __ecx;
					__eflags =  *_t1;
					 *((intOrPtr*)(__ecx - 0x76767677)) = __ecx;
					 *((intOrPtr*)(__ecx - 0x76767677)) = __ecx;
					 *((intOrPtr*)(__ecx - 0x76767677)) = __ecx;
					 *((intOrPtr*)(__ecx - 0x76767677)) = __ecx;
					 *((intOrPtr*)(__ecx - 0x76767677)) = __ecx;
					 *((intOrPtr*)(__ecx - 0x76767677)) = __ecx;
					 *((intOrPtr*)(__ecx - 0x76767677)) = __ecx;
					 *((intOrPtr*)(__ecx - 0x76767677)) = __ecx;
					 *((intOrPtr*)(__ecx - 0x76767677)) = __ecx;
					 *((intOrPtr*)(__ecx - 0x76767677)) = __ecx;
					 *((intOrPtr*)(__ecx - 0x76767677)) = __ecx;
					 *((intOrPtr*)(__ecx - 0x76767677)) = __ecx;
					 *((intOrPtr*)(__ecx - 0x76767677)) = __ecx;
					 *((intOrPtr*)(__ecx - 0x76767677)) = __ecx;
					 *((intOrPtr*)(__ebx - 0x77ca506)) = __eax;
				}
				do {
					_t20 = _t20 - 1;
				} while (_t27 !=  *_t20);
				asm("fldlg2");
				asm("fldl2t");
				_t22 = VirtualAlloc(0, 0x10000, 0x1000, 0x40); // executed
				asm("por mm6, mm4");
				asm("fld1");
				_t40 = 0xb8fc;
				while(1) {
					asm("stc");
					_t24 =  *((intOrPtr*)(_t22 - 0x81));
					 *_t24 =  *_t24 + _t24;
					_push(_t24);
					asm("faddp st2, st0");
					asm("paddsb mm0, mm1");
					goto L10;
				}
			}








      0x004046fa
      0x004046fa
      0x004046fb
      0x004046d6
      0x004046e4
      0x004046f0
      0x004046f4
      0x004046fd
      0x004046fd
      0x004046fd
      0x004046fd
      0x00404703
      0x00404709
      0x0040470f
      0x00404715
      0x0040471b
      0x00404721
      0x00404727
      0x0040472d
      0x00404733
      0x00404739
      0x0040473f
      0x00404745
      0x0040474b
      0x00404751
      0x00404757
      0x00404757
      0x0040475e
      0x00404767
      0x0040477f
      0x004047cb
      0x004047cd
      0x00404891
      0x00404899
      0x0040489c
      0x00404954
      0x0040495c
      0x0040495e
      0x0040495f
      0x00404961
      0x0040496e
      0x00404972
      0x00404974
      0x004049cf
      0x004049cf

      APIs
      • VirtualAlloc.KERNELBASE(00000000,00010000,00001000,00000040), ref: 00404891
      Memory Dump Source
      • Source File: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: AllocVirtual
      • String ID:
      • API String ID: 4275171209-0
      • Opcode ID: 1d227a5c7f50f97db787206f7c2d2ff7b30f98f60c38511a4f7a0d7fd7eb6dda
      • Instruction ID: 3ab92b53bbb26dc51e9b0c0a4609c34efe27b18cec28487f4271c75a2237da19
      • Opcode Fuzzy Hash: 1d227a5c7f50f97db787206f7c2d2ff7b30f98f60c38511a4f7a0d7fd7eb6dda
      • Instruction Fuzzy Hash: 3741FFA2B163914AFF382128C9E076C6242EBC5340F328A7FC647EB9C9E97D84C15243
      Uniqueness

      Uniqueness Score: -1.00%

      Function 004047D1, Relevance: 1.4, APIs: 1, Instructions: 131memoryCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 272 4047d1-40489e VirtualAlloc 274 4048fc-4049cf 272->274 276 4049d2-404a21 call 404a36 274->276 279 404a23-404a2c 276->279
      C-Code - Quality: 37%
      			E004047D1(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t7;
				intOrPtr* _t9;
				void* _t18;

				_t7 = VirtualAlloc(0, 0x10000, 0x1000, 0x40); // executed
				asm("por mm6, mm4");
				asm("fld1");
				_t18 = 0xb8fc;
				while(1) {
					asm("stc");
					_t9 =  *((intOrPtr*)(_t7 - 0x81));
					 *_t9 =  *_t9 + _t9;
					_push(_t9);
					asm("faddp st2, st0");
					asm("paddsb mm0, mm1");
					goto L5;
				}
			}






      0x00404891
      0x00404899
      0x0040489c
      0x00404954
      0x0040495c
      0x0040495e
      0x0040495f
      0x00404961
      0x0040496e
      0x00404972
      0x00404974
      0x004049cf
      0x004049cf

      APIs
      • VirtualAlloc.KERNELBASE(00000000,00010000,00001000,00000040), ref: 00404891
      Memory Dump Source
      • Source File: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: AllocVirtual
      • String ID:
      • API String ID: 4275171209-0
      • Opcode ID: eb2afaf57ba767ab4cdea4361881f2ce51dd2d23286f9f88c54bcb06f6c0af35
      • Instruction ID: fef7ce6e718ae8100549e1bc9c1328c539439322496510119e45b5237726466b
      • Opcode Fuzzy Hash: eb2afaf57ba767ab4cdea4361881f2ce51dd2d23286f9f88c54bcb06f6c0af35
      • Instruction Fuzzy Hash: CA21DEE2F157910AFF382068C9E076C6143DB94740F72893BCA46EB9C9E93C84C00253
      Uniqueness

      Uniqueness Score: -1.00%

      Non-executed Functions

      Function 0224A054, Relevance: 2.9, Strings: 1, Instructions: 1639COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: piv
      • API String ID: 0-1928818113
      • Opcode ID: 9a39bece64f8cf9f17f3c02e772a40ed5fd7826b0bc11216f382c81a2cab53c7
      • Instruction ID: 01c3c769de6ae482e1d03aae3f7fb4d2193213425b76c847b582cd87e2b1c2a1
      • Opcode Fuzzy Hash: 9a39bece64f8cf9f17f3c02e772a40ed5fd7826b0bc11216f382c81a2cab53c7
      • Instruction Fuzzy Hash: 6FC2D031A543468FDF359F78CD943DA7BA2AF12360F95822ECCC68B199D7748585CB02
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224331A, Relevance: 2.0, Strings: 1, Instructions: 778COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: %v|E
      • API String ID: 0-1676154647
      • Opcode ID: 803add12532b302a6054085eaa974aa654b34ea2a9ae6b8ed5dbfb10e6e52faf
      • Instruction ID: c1a8b279c280331acefde85d62fbe6cc895fe3be0ade853f26c927d899846460
      • Opcode Fuzzy Hash: 803add12532b302a6054085eaa974aa654b34ea2a9ae6b8ed5dbfb10e6e52faf
      • Instruction Fuzzy Hash: E2523331714746DFDB28DE78CCA4BEA73A2BF59390F954229DC898B244DB319981CB81
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02243359, Relevance: 1.7, Strings: 1, Instructions: 468COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: %v|E
      • API String ID: 0-1676154647
      • Opcode ID: 64954018898b44a0186490976d1af2f30d01623f854f62fe7bf5226f99a0397b
      • Instruction ID: cb61b6d023adb829caf144b452d8f8350568f31c5b97d7b929f0a66f374ba57b
      • Opcode Fuzzy Hash: 64954018898b44a0186490976d1af2f30d01623f854f62fe7bf5226f99a0397b
      • Instruction Fuzzy Hash: BD021031714746DFDB28DE78CCA4BEA73A2BF49380F65422DDC898B244DB719985CB81
      Uniqueness

      Uniqueness Score: -1.00%

      Function 022433E1, Relevance: 1.7, Strings: 1, Instructions: 441COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: %v|E
      • API String ID: 0-1676154647
      • Opcode ID: 5c12c17bf34b157d7d516f1acc087cf085fb7f8170bc16e1d08e6c397fb1dc93
      • Instruction ID: 750db5cc9d6c4f64e0e79d76adf875b28b1a9aa3d40ba2b48e490a52500d5c1f
      • Opcode Fuzzy Hash: 5c12c17bf34b157d7d516f1acc087cf085fb7f8170bc16e1d08e6c397fb1dc93
      • Instruction Fuzzy Hash: D0F11131710746DFDB28DE78CC94BEA73A2BF59380FA5422DDC9987244DB319986CB81
      Uniqueness

      Uniqueness Score: -1.00%

      Function 022433D5, Relevance: 1.7, Strings: 1, Instructions: 437COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: %v|E
      • API String ID: 0-1676154647
      • Opcode ID: d26c1a9389ddaf5a6421af911800e01f31e62ced5f5ac2a44eced58013487cc6
      • Instruction ID: f0e5e8552452aea790e642460c6280b9f71c8038f5ac9280f7f33401e2b1ea52
      • Opcode Fuzzy Hash: d26c1a9389ddaf5a6421af911800e01f31e62ced5f5ac2a44eced58013487cc6
      • Instruction Fuzzy Hash: 4CF12231710746DFDB28DE68CCA4BEA73E2BF59380FA5422DDC9987244DB719981CB81
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224344F, Relevance: 1.7, Strings: 1, Instructions: 417COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: %v|E
      • API String ID: 0-1676154647
      • Opcode ID: 49158610b2b4d779c21a97345fede719789d534de43b26762c29ca21b9d2cfab
      • Instruction ID: 40bb4d3a820a51ddab7c87831601feb0b183c887898e3be36b47bd703d7da7f0
      • Opcode Fuzzy Hash: 49158610b2b4d779c21a97345fede719789d534de43b26762c29ca21b9d2cfab
      • Instruction Fuzzy Hash: 7AE10031714746DFDB28DE68CC94BEA73E2BF19380FA5422DDC9987244DB319986CB81
      Uniqueness

      Uniqueness Score: -1.00%

      Function 022434AF, Relevance: 1.6, Strings: 1, Instructions: 395COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: %v|E
      • API String ID: 0-1676154647
      • Opcode ID: dcac701252f82806d43871b7214980e1fdd499379cef2475e78fb00826ea318e
      • Instruction ID: 500e9a46891be9cf6bac042a632da5613830be0ca3590f6f53dcef0121908d9f
      • Opcode Fuzzy Hash: dcac701252f82806d43871b7214980e1fdd499379cef2475e78fb00826ea318e
      • Instruction Fuzzy Hash: 56E10F31714746DFDB28DE78C894BEA73E2BF19380F65422DDC9987244EB319986CB81
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224353B, Relevance: 1.6, Strings: 1, Instructions: 371COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: %v|E
      • API String ID: 0-1676154647
      • Opcode ID: 1594a5abf2a9f7a7b81d031a7d04b076977acd0233d24ec0fb717a0b4a0edeb6
      • Instruction ID: 3bb7412856b18da9ae1bf7e53a20f7d8d8092b781ba541629928e8f49786e5f1
      • Opcode Fuzzy Hash: 1594a5abf2a9f7a7b81d031a7d04b076977acd0233d24ec0fb717a0b4a0edeb6
      • Instruction Fuzzy Hash: FFD10131610746DFDB28DE68CC94BEA73E2BF19380F65422DDC998B244EB319985CB81
      Uniqueness

      Uniqueness Score: -1.00%

      Function 022435BE, Relevance: 1.6, Strings: 1, Instructions: 370COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: %v|E
      • API String ID: 0-1676154647
      • Opcode ID: 73c6a903ae6c8a4dfcd37e925d9f0ca7692f3875e57c8590f3023fe23eb6ceff
      • Instruction ID: 1519656083d144d5a538118d96b9d777a2fb3df15281736f6995d1321037a2e6
      • Opcode Fuzzy Hash: 73c6a903ae6c8a4dfcd37e925d9f0ca7692f3875e57c8590f3023fe23eb6ceff
      • Instruction Fuzzy Hash: E7D12131710746DFDB28DE68CCA4BEA73E2BF19380F65422DDC998B244DB319985CB81
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02243530, Relevance: 1.6, Strings: 1, Instructions: 367COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: %v|E
      • API String ID: 0-1676154647
      • Opcode ID: 6c434d431d415ecf00412c7775b175d9e216d11449f9150becc87bc24bb1d5b3
      • Instruction ID: a104299a9ee8a781fd372cc0b8709b84c97355efd03c592e8f0bd28fce9697d1
      • Opcode Fuzzy Hash: 6c434d431d415ecf00412c7775b175d9e216d11449f9150becc87bc24bb1d5b3
      • Instruction Fuzzy Hash: 3DD10131714746DFDB28DE68CCA4BEA73E2BF19380F65422DDC998B244DB319985CB81
      Uniqueness

      Uniqueness Score: -1.00%

      Function 022435D5, Relevance: 1.6, Strings: 1, Instructions: 364COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: %v|E
      • API String ID: 0-1676154647
      • Opcode ID: 0b9845fd2cdfd4e4448f6e2aefec7f9f74e3d4b0b37e1009f3ef86bdbc606736
      • Instruction ID: 385bd82c7cb284ea8da151b1db7365a30aeae571f5d37a2981dd904c71c83317
      • Opcode Fuzzy Hash: 0b9845fd2cdfd4e4448f6e2aefec7f9f74e3d4b0b37e1009f3ef86bdbc606736
      • Instruction Fuzzy Hash: 6ED12331614746DFDB28DE68CCA4BEA73F2BF59380F654229DC898B244DB319985CB81
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02243658, Relevance: 1.6, Strings: 1, Instructions: 346COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: %v|E
      • API String ID: 0-1676154647
      • Opcode ID: dedbb9c952d42175936f447075378dec4d4ae7ba3e61aa1ef461ea92fbe627b2
      • Instruction ID: d96d6a5514156af926decb6595effb2c7ba013426e915dd07f3a58a6521b1b87
      • Opcode Fuzzy Hash: dedbb9c952d42175936f447075378dec4d4ae7ba3e61aa1ef461ea92fbe627b2
      • Instruction Fuzzy Hash: 9CC12231614746DFDB28DE68CCA4BEA73F2BF55380F65422DDC8987244DB319986CB81
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02243607, Relevance: 1.6, Strings: 1, Instructions: 339COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: %v|E
      • API String ID: 0-1676154647
      • Opcode ID: 1f2fa2f85c895b8d68ddf68469ef64e7624b3564c6fefd0e4e29888b4910d157
      • Instruction ID: 6ae0ee1738c1989a219273740e7e710550e22030f3662f4788449159c46ae2c0
      • Opcode Fuzzy Hash: 1f2fa2f85c895b8d68ddf68469ef64e7624b3564c6fefd0e4e29888b4910d157
      • Instruction Fuzzy Hash: 56C12231610746CFDB28DE68CC94BEA73F2BF05380F65422DDC998B244EB319986CB81
      Uniqueness

      Uniqueness Score: -1.00%

      Function 022435F3, Relevance: 1.6, Strings: 1, Instructions: 337COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: %v|E
      • API String ID: 0-1676154647
      • Opcode ID: 6a5ac04fc8d63c21545108c2d62f94880fd32cd085f9548ed77b4c864b88406c
      • Instruction ID: 4415ad7c68e43d51ce60f2c4c754b0f43ea19eaa7f2684d9ba082b97d977478b
      • Opcode Fuzzy Hash: 6a5ac04fc8d63c21545108c2d62f94880fd32cd085f9548ed77b4c864b88406c
      • Instruction Fuzzy Hash: 8FC11131614746DFDB28DE68CCA4BEA73F2BF15380F65422DDC898B244DB319986CB81
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02243676, Relevance: 1.6, Strings: 1, Instructions: 322COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: %v|E
      • API String ID: 0-1676154647
      • Opcode ID: a052ee76bb6923f331d239302b28fcecca5ea0945bce983936a6bc4afccfaba7
      • Instruction ID: 7bd269b88446516fda11c72c449e7ea8e4fe5f5eadd73f63323b25279950988b
      • Opcode Fuzzy Hash: a052ee76bb6923f331d239302b28fcecca5ea0945bce983936a6bc4afccfaba7
      • Instruction Fuzzy Hash: 9BC12131710746DFDB28DE68CCA4BEA73F2BF15390F654229DC998B244DB319986CB81
      Uniqueness

      Uniqueness Score: -1.00%

      Function 022436B3, Relevance: 1.6, Strings: 1, Instructions: 314COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: %v|E
      • API String ID: 0-1676154647
      • Opcode ID: 6724108f16dd2b0f7b650dba015987afdac305aeeee8eb35cd4ee7d104879334
      • Instruction ID: ca65bd51d0e131a5be25c648a5cbd531b37b6f3755789244a3111ca20ee6efad
      • Opcode Fuzzy Hash: 6724108f16dd2b0f7b650dba015987afdac305aeeee8eb35cd4ee7d104879334
      • Instruction Fuzzy Hash: 63B12331610746DFDB28DE68CCA4BEA73F2BF05390F65422DDC9987244EB359986CB81
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02243715, Relevance: 1.5, Strings: 1, Instructions: 293COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: %v|E
      • API String ID: 0-1676154647
      • Opcode ID: a5ef8187596e8b641a33999e2b3aaef00a2d241fc1fac6ef78113609ac33376a
      • Instruction ID: 66407155bf7f786291955099a340c0986a4f6c592f59f49bff59172abf8614b8
      • Opcode Fuzzy Hash: a5ef8187596e8b641a33999e2b3aaef00a2d241fc1fac6ef78113609ac33376a
      • Instruction Fuzzy Hash: 50B10131614746DFDB28DE68C8A0BEA73F2BF06390F65422DDCD987244DB359986CB81
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224383A, Relevance: 1.5, Strings: 1, Instructions: 262COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: %v|E
      • API String ID: 0-1676154647
      • Opcode ID: 5d798f7bf3ae572dc30e9a24d61df67513df40b208bc31e02b42a14feded9a0f
      • Instruction ID: 57a7e4371a81607f5addef4fd3a143d7e17da757f2adb74bb9a8619b7950bbf4
      • Opcode Fuzzy Hash: 5d798f7bf3ae572dc30e9a24d61df67513df40b208bc31e02b42a14feded9a0f
      • Instruction Fuzzy Hash: 61911231610746DFDB28DE68CCA4BEA73B2BF06390FA54229DCD987144EB359985CB81
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224379A, Relevance: 1.5, Strings: 1, Instructions: 259COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: %v|E
      • API String ID: 0-1676154647
      • Opcode ID: 9ccaf5a12f7fdff1e828204cfdd036df5949fa10556542c78313f5bf57df6169
      • Instruction ID: 2b3dc1e3b5a2a497e9a638a529f58afcf1be0fc1742503c23be90f501a37086f
      • Opcode Fuzzy Hash: 9ccaf5a12f7fdff1e828204cfdd036df5949fa10556542c78313f5bf57df6169
      • Instruction Fuzzy Hash: A9910230614746DFDB28DE68C8A4BEA73F2BF05390F654229DC9987244DB319985CB82
      Uniqueness

      Uniqueness Score: -1.00%

      Function 022437CF, Relevance: 1.5, Strings: 1, Instructions: 255COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: %v|E
      • API String ID: 0-1676154647
      • Opcode ID: 51f1bda4a7dcc2239171421aa104aa6d7392fc6d363ac877c2318818b6f90fd0
      • Instruction ID: 2c52808265e32fee038f75a632cb1b95c2edaa01c87b541234cc4f1b2bd2be33
      • Opcode Fuzzy Hash: 51f1bda4a7dcc2239171421aa104aa6d7392fc6d363ac877c2318818b6f90fd0
      • Instruction Fuzzy Hash: 14910331610746DFDB28DE78CC947DA73B2BF05390F654229DC9987144DB319985CB81
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02243851, Relevance: 1.5, Strings: 1, Instructions: 255COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: %v|E
      • API String ID: 0-1676154647
      • Opcode ID: 0470d9f64ce6b074c29e8ffaa517cdc57373045f254a74f4ce6e39cf147418a2
      • Instruction ID: ac2c89ac132e4bcc8e72949ac57edc47d5fbe2f84abd4b669d20c850313f6ca7
      • Opcode Fuzzy Hash: 0470d9f64ce6b074c29e8ffaa517cdc57373045f254a74f4ce6e39cf147418a2
      • Instruction Fuzzy Hash: C6912231610746DFCB28DE78C8A4BEA77F2BF06390FA54229DCC987244DB359985CB81
      Uniqueness

      Uniqueness Score: -1.00%

      Function 022438B2, Relevance: 1.5, Strings: 1, Instructions: 218COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: %v|E
      • API String ID: 0-1676154647
      • Opcode ID: 8f95c3457d89dae316f848048b367bc61f2c7d2d4f11f978ba699de9af3c4e7d
      • Instruction ID: 6b5ea054a095b3563c591bba6c589d236376c7517bcd2b9c92887cf431a54cd9
      • Opcode Fuzzy Hash: 8f95c3457d89dae316f848048b367bc61f2c7d2d4f11f978ba699de9af3c4e7d
      • Instruction Fuzzy Hash: DE81F230610746DFCB28DE78C8A4BEA73F2BF06390F654229DC99C7244DB359986CB81
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02241EDA, Relevance: 1.4, Strings: 1, Instructions: 173COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: ~{*
      • API String ID: 0-3290885548
      • Opcode ID: e11901330cb9295cb756ac0df5a65da2b3a3731fd5bfd47be4506d0ae37e7c61
      • Instruction ID: f72f08f16ca3d5208c953d44ea25b14588b8aa5d44dcf3515b6d2348c37d40ca
      • Opcode Fuzzy Hash: e11901330cb9295cb756ac0df5a65da2b3a3731fd5bfd47be4506d0ae37e7c61
      • Instruction Fuzzy Hash: 6F51F331714349DFEB348EA9DCA47EA37E7AF99350F85422DACCA97254D7318982CB01
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02248CD9, Relevance: 1.4, Instructions: 1420COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: b993bab9739b8efef0d3d22f95bb84045c447bbed54830569d5ebab5e824662f
      • Instruction ID: 7fb9d12348cefb1666ae64bdd0b450add2ee60b5facb223de49d1a1312909759
      • Opcode Fuzzy Hash: b993bab9739b8efef0d3d22f95bb84045c447bbed54830569d5ebab5e824662f
      • Instruction Fuzzy Hash: 8EA28971A1030A9FDB385EB489A43EA37A2FF56350F95412EDCCA97208DB7489C5CB42
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224A9D2, Relevance: 1.2, Instructions: 1152COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 6214743bc7af8762a78f26c6c12eb44078dab3470baced770b0cb5758604545c
      • Instruction ID: 2d0ee7543fd7c2e1c12941e829b7a68840398a34c462abf7433524f995400cfd
      • Opcode Fuzzy Hash: 6214743bc7af8762a78f26c6c12eb44078dab3470baced770b0cb5758604545c
      • Instruction Fuzzy Hash: FA82CA7161430A9FEB389EB4CD947EA37A2FF12350F95412EDCC697208DB748985CB42
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02244887, Relevance: .9, Instructions: 924COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 1305f8cabe32767ea785c90b7ff5408ac7dd0fb93cc07b3dad1983558426490d
      • Instruction ID: d912410aff753a4d593c2e92c3baade2e19ef0b6cfac4d85a75ed85752a4bbbb
      • Opcode Fuzzy Hash: 1305f8cabe32767ea785c90b7ff5408ac7dd0fb93cc07b3dad1983558426490d
      • Instruction Fuzzy Hash: 1C62B771A1030ADFDF389EB4C9943DA7BA2FF56350F95412ADCCA97208DB748985CB42
      Uniqueness

      Uniqueness Score: -1.00%

      Function 022448B9, Relevance: .9, Instructions: 918COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 79d23346dba220db5ec6ac479b5123795370a64071b8cb9bfc7bf6a2394f9977
      • Instruction ID: 8a79f9db7676b53d601b63b6a986039673c310b88649c5df0e87cf9f8ac5c537
      • Opcode Fuzzy Hash: 79d23346dba220db5ec6ac479b5123795370a64071b8cb9bfc7bf6a2394f9977
      • Instruction Fuzzy Hash: C462B871A1030ADFDF389EB4C9943DA7BA2FF56350F95412ADCCA97208DB748985CB42
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224492B, Relevance: .9, Instructions: 893COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 7951e8a30d784def363a90ec8fa4abf5a36ee7d90cf7849d068c06c933d739b9
      • Instruction ID: 6ce6ef8b670ec8c72dfba804623dc6bbc1bbcb3fb1055acd147c41767acfc6dc
      • Opcode Fuzzy Hash: 7951e8a30d784def363a90ec8fa4abf5a36ee7d90cf7849d068c06c933d739b9
      • Instruction Fuzzy Hash: DC62B871A1030A9FDB389EB4C9943DA3BA2FF56350F95812ADCCA97208DB748985CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Function 022449AF, Relevance: .9, Instructions: 866COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 608008f736486656514fa9efe04551ba62fe5c6528dc7151d4f36ff8244674ad
      • Instruction ID: 61c430c5b4d5d3739967510d4003081d6f2fe64fd9cd4b781377ddcd2fa3b0db
      • Opcode Fuzzy Hash: 608008f736486656514fa9efe04551ba62fe5c6528dc7151d4f36ff8244674ad
      • Instruction Fuzzy Hash: 3962B871A1030A9FDF399EB4CD943DA3BA2FF56350F95412ADCCA9B208DB748985CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Function 022449F5, Relevance: .9, Instructions: 858COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 819eb12f9fc5015c96d8e6b754371e03f1bbc807e907031ef51277e468c2aad2
      • Instruction ID: 6259543b39c7a3ba85ad7ef731231ba2f39fa0001d61c52d2a0165728031f823
      • Opcode Fuzzy Hash: 819eb12f9fc5015c96d8e6b754371e03f1bbc807e907031ef51277e468c2aad2
      • Instruction Fuzzy Hash: 0C52B871A1030A9FDF399EB4C9943DA3BA3FF56350F95412ADCCA97208DB748985CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02244A41, Relevance: .8, Instructions: 844COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 1b4a36cd324750076aaff8253ea6dbd89e690e5159ff4fab25f2be7057adc133
      • Instruction ID: 3d0edbfbff6b8c92055a14efcad63b1297d226eb4722644eee2392b4b6425a4e
      • Opcode Fuzzy Hash: 1b4a36cd324750076aaff8253ea6dbd89e690e5159ff4fab25f2be7057adc133
      • Instruction Fuzzy Hash: 66529871A1030A9FDF399EB4CD943DA3BA3FF56350F954129DC8A9B208DB748985CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02244AD7, Relevance: .8, Instructions: 814COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 082bca27d39f0eb8394589d53fbb11a580d7dd02c995b9ec511a5037525117f6
      • Instruction ID: 96d05359b2344760c8d315f2b99d0179be0d9a8c0ef2360335231a8e104fa5ed
      • Opcode Fuzzy Hash: 082bca27d39f0eb8394589d53fbb11a580d7dd02c995b9ec511a5037525117f6
      • Instruction Fuzzy Hash: 36529871A1030A9FEF399EB48D943DA3BA3FF56350F954129DC8A9B208DB748985CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02244B41, Relevance: .8, Instructions: 790COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: fbf314fc542b757046de97ca8ee0800153c6acde9a888f7ac57ed4b373bbf65c
      • Instruction ID: e6fad03f0bccd03fab82bfb4730bcda8eaaf8cba4bcb37cfa063f1f7a22c52b8
      • Opcode Fuzzy Hash: fbf314fc542b757046de97ca8ee0800153c6acde9a888f7ac57ed4b373bbf65c
      • Instruction Fuzzy Hash: 38528871A1030A9FEF399EB48D943DA3BA3FF56350F958129DCC697208DB748985CB42
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02244C69, Relevance: .7, Instructions: 741COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: c0d38bccd1abb285fb4b9b944df9dfe2f09ff825125d80d733d3cd98ee2d1ccf
      • Instruction ID: 5256d133bdfe7455b2543f63d5fdaf20824664c567237096c9a742f52592644d
      • Opcode Fuzzy Hash: c0d38bccd1abb285fb4b9b944df9dfe2f09ff825125d80d733d3cd98ee2d1ccf
      • Instruction Fuzzy Hash: 71429771A1030A9FEF399EB48D943DA3BA3FF56350F958129DCC597208DB748989CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02244CF2, Relevance: .7, Instructions: 706COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 33b29d291a757db5a7fcadcf5723f545b93b287549cfa968685a7c649b09bebd
      • Instruction ID: 7099a35e2ca9e62309acd07e6d8d3a2f015090cf086f7bf706bee0420d2470c3
      • Opcode Fuzzy Hash: 33b29d291a757db5a7fcadcf5723f545b93b287549cfa968685a7c649b09bebd
      • Instruction Fuzzy Hash: 08328871A1030A9FEF395EB4C9943DA3BA3BF56350F958129DCC697208DB748989CB42
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02244D26, Relevance: .7, Instructions: 703COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 32e7907fef3059d51f66680b64666359eee65f6e8df4e30506b827c941343056
      • Instruction ID: 9fbacbb252a1f1047f00796c4b0eba499d54714b08c538d4623e5f7d07078c3c
      • Opcode Fuzzy Hash: 32e7907fef3059d51f66680b64666359eee65f6e8df4e30506b827c941343056
      • Instruction Fuzzy Hash: 0E329831A1030A9FEF395EB4C9943DA3BB3BF56390F958129DCC597208DB748989CB42
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02244DD7, Relevance: .7, Instructions: 665COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 4690234c93b1b2e67a83ac875418639325212f77c64dfc625eb25c1b51d12bb9
      • Instruction ID: 301000e86569ca55b7d3db39383cf3a4321c5aec7c249b8eff7a8ad6344c2075
      • Opcode Fuzzy Hash: 4690234c93b1b2e67a83ac875418639325212f77c64dfc625eb25c1b51d12bb9
      • Instruction Fuzzy Hash: DF329871A1030A9FEF359EB489943DA7BB3FF52390F958129DCC597208DB748989CB42
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02244E5A, Relevance: .6, Instructions: 636COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 4b41c219a976400c427c30ec45d0a4280b5be19d0a76a355bd848a144b0cd9e6
      • Instruction ID: ba19267486c128314efbccdb67b77d7d5da9e81349fd6f3cb02aa2b8752244ab
      • Opcode Fuzzy Hash: 4b41c219a976400c427c30ec45d0a4280b5be19d0a76a355bd848a144b0cd9e6
      • Instruction Fuzzy Hash: A1228771A1030A9FEF359EB489943DA3BB3BF56390F958129DCC697108DB744989CB82
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02244EA2, Relevance: .6, Instructions: 625COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 42a92a2a5e596df891f737c3eb28a853a859fac37f999182841e506ba0b534ee
      • Instruction ID: a854186039519b026872067a693af1688d3bf593de23560847de56d5257cf6cc
      • Opcode Fuzzy Hash: 42a92a2a5e596df891f737c3eb28a853a859fac37f999182841e506ba0b534ee
      • Instruction Fuzzy Hash: A7228871A1030A9FEF355EB489943DA3BB3FF56390F958129DCC597108DB748989CB82
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02244F0B, Relevance: .6, Instructions: 605COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 7e9f38d46abb02a73e65033631e2ccb4cffb62643863122713e55d542b5264e0
      • Instruction ID: 4b3ebdf1ceb29302b8cc37947ee3300666916d67fdc3f642aeb63e125db569da
      • Opcode Fuzzy Hash: 7e9f38d46abb02a73e65033631e2ccb4cffb62643863122713e55d542b5264e0
      • Instruction Fuzzy Hash: B2228731A1030A9FEF355EB48D943DA3BA3FF56390F958129DCC997108DB758989CB82
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02244F73, Relevance: .6, Instructions: 586COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 963c2a501f0b48ae5d061ac0688789099b80bd1e2a36c8ddab34aad9f8520cb8
      • Instruction ID: 1b69e23505892af8cbc9daaa327dfac2523bbfa397e2a5c258372872550cd666
      • Opcode Fuzzy Hash: 963c2a501f0b48ae5d061ac0688789099b80bd1e2a36c8ddab34aad9f8520cb8
      • Instruction Fuzzy Hash: 1A128731A1030A9FEF355EB48D943DA3BA3EF66390F954129DCC59B108DBB54989CB42
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02244FD7, Relevance: .6, Instructions: 570COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: a069ec1e54c22490436753f92185b7e031a65a81665bd0ea149b0f04f5648797
      • Instruction ID: 462c7e3ee183f78e659545fd02bd8943e342e54c6c12f21060eca43873401b40
      • Opcode Fuzzy Hash: a069ec1e54c22490436753f92185b7e031a65a81665bd0ea149b0f04f5648797
      • Instruction Fuzzy Hash: FD12AA31A1030A9FEF355EB48D943DA3BA3EF66390F954129DCC59B108DBB549C9CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02245036, Relevance: .6, Instructions: 552COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 0c13bbab8ed48add5bf8d1f224794d2e3bedb60db6b504eb25d11dc4c8358017
      • Instruction ID: 1883fa0893890e9c43e4f67d4a6c7762dd8491143fd66ba7e8ca1c0f272fb1fc
      • Opcode Fuzzy Hash: 0c13bbab8ed48add5bf8d1f224794d2e3bedb60db6b504eb25d11dc4c8358017
      • Instruction Fuzzy Hash: 4B12A971A1030A9FEF354EB4CD943DA3BA3EF663A0F954129DCC69B108DBB54989CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Function 022450C2, Relevance: .5, Instructions: 529COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 74f19366d9650b07d05a2579bff6cc4ec1195bf7f2fc20d15969144cd999dfe1
      • Instruction ID: 47d58c00392816a785c601cbd98fa4de8d44d3527473452223dde0d83b025927
      • Opcode Fuzzy Hash: 74f19366d9650b07d05a2579bff6cc4ec1195bf7f2fc20d15969144cd999dfe1
      • Instruction Fuzzy Hash: A202AB71A1030A9FEF354EB48D943DA3BB3EF663A0F954129DCC69B108DBB54989CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Function 022450D0, Relevance: .5, Instructions: 515COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: b303d6f2bf680824dc82582411feb415b6ef1cf086795b17168a23e015cc3fe2
      • Instruction ID: cb7694b9d9e77357f5e2d4f7b5466aa11462fd3cd126be695c943d3d43bc9c10
      • Opcode Fuzzy Hash: b303d6f2bf680824dc82582411feb415b6ef1cf086795b17168a23e015cc3fe2
      • Instruction Fuzzy Hash: 3E02BB71A1030A9FEF354EB48D943DA3BB3EF663A0F954129DCC69B108DBB54989CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224511F, Relevance: .5, Instructions: 503COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 3c44e4c5480796abcd001705b5e044fcc8249dddb7b985162328849cac46cc76
      • Instruction ID: c3f71b2b3bc49f08fe3c209d6dc6083b21561bc630778472b1d63922d5951305
      • Opcode Fuzzy Hash: 3c44e4c5480796abcd001705b5e044fcc8249dddb7b985162328849cac46cc76
      • Instruction Fuzzy Hash: C702B932A1030A9FEF355EB48D943DA3BB3EF663A0F954129DCC59B108DBB14989CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224519D, Relevance: .5, Instructions: 475COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: ae10de20fcadd547dde5c6edd86a7af022a70bdb98d73b402066e1fae16d8eb7
      • Instruction ID: dfa359ffd2ef17ab75d7d507fe1324fa03760b02b69355cf943d4b30518ce9ff
      • Opcode Fuzzy Hash: ae10de20fcadd547dde5c6edd86a7af022a70bdb98d73b402066e1fae16d8eb7
      • Instruction Fuzzy Hash: F0F1A972A1030A9FEF354EB48D943DA3BA3EF663A0F954129DCC59B108DBB14989CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224527A, Relevance: .4, Instructions: 432COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 11614be548951e52fc079db4b4a0596aed92a9386d8239bdf8d75ce8040319e2
      • Instruction ID: 9b8d13181b46cb6f34ae4622136501f6f6cf5d6c4418aabfb36ecc67c88169d0
      • Opcode Fuzzy Hash: 11614be548951e52fc079db4b4a0596aed92a9386d8239bdf8d75ce8040319e2
      • Instruction Fuzzy Hash: 27E1BB71A1031A9FEF354EB48D903DA3BA3FF563A0F954129DCC69B148DBB14989CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02245352, Relevance: .4, Instructions: 412COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: abdc60f766488831952789b6d9cd357f449ea6113ac8a52920802f2aaef50d72
      • Instruction ID: c66b03a21b9cc0a7086f70084f449694f5aec553a1d3102b37e9eb81f8a0dafd
      • Opcode Fuzzy Hash: abdc60f766488831952789b6d9cd357f449ea6113ac8a52920802f2aaef50d72
      • Instruction Fuzzy Hash: FEE1CA71A1034A9FEF355EB48D943DA3BA3FF663A0F954129DCC69B108CB714989CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Function 022452F5, Relevance: .4, Instructions: 400COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: c7df70dabde6654df5141af162ae265174bcf989303b71f6bee9c47154dcd334
      • Instruction ID: 0d3fdfcdf0f239fa42c0342158e41aae9c10e69647efe39e59bf235fc6ee351f
      • Opcode Fuzzy Hash: c7df70dabde6654df5141af162ae265174bcf989303b71f6bee9c47154dcd334
      • Instruction Fuzzy Hash: 5DD1C971A1034A9FEF354EB48D903DA3BA3FF663A0F954129DCC69B108DB714989CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02241C5A, Relevance: .4, Instructions: 392COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 904798b9fedd0f4efdf18f6432b808f2fbe4360235d0c3f77a0d30a740f9e247
      • Instruction ID: f98a5d55dbcad7f66758fcc17f63cd2ebd2f63b0654bbfba16309dac360a4d96
      • Opcode Fuzzy Hash: 904798b9fedd0f4efdf18f6432b808f2fbe4360235d0c3f77a0d30a740f9e247
      • Instruction Fuzzy Hash: 23D18E3562434ADFDB38AE7489A47EE37A2EF45350F90442DEDCA97148DB3186C5CB02
      Uniqueness

      Uniqueness Score: -1.00%

      Function 022453DB, Relevance: .4, Instructions: 350COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: beb10c3d6965e40e5310ff6b0971356d5cee12be921c787610799bfddc88bf07
      • Instruction ID: 0c8b97c2a9e43b2e1fbede898cdacd547447150d72a461b310efa51af5ce4a7e
      • Opcode Fuzzy Hash: beb10c3d6965e40e5310ff6b0971356d5cee12be921c787610799bfddc88bf07
      • Instruction Fuzzy Hash: 84C1CB71A1034A9FDF365EB48DA03DA37A3FF563A0F954129DCCA9B108DBB14989CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02245435, Relevance: .3, Instructions: 332COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 9917bb1256c6b29aa0c8cb0780446c758fff9be758156cf585c47abde694a576
      • Instruction ID: e73f5ce168383a3eec31bce0aa2ff4d39d1bbef872ffe6ade37fcd8750d408ac
      • Opcode Fuzzy Hash: 9917bb1256c6b29aa0c8cb0780446c758fff9be758156cf585c47abde694a576
      • Instruction Fuzzy Hash: C2C1BB71A1034A9FDF355EB48DA43DA37A3FF563A0FA54129DCC69B108DBB04989CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02245C26, Relevance: .3, Instructions: 330COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: e2d1d44ae5c3e981e8867ebce88468ecbebdbe453581e956721ac68ca0ebbb3a
      • Instruction ID: eed9b0beddd3afa0f27cb1a031c23c4c2d9e8556afc765680e2a9ae0c44906bb
      • Opcode Fuzzy Hash: e2d1d44ae5c3e981e8867ebce88468ecbebdbe453581e956721ac68ca0ebbb3a
      • Instruction Fuzzy Hash: 99B17D35A243168FDB28AEB889A47EA37E2EF55350F90452EDDC6D714CDB3186C5CB02
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224687D, Relevance: .3, Instructions: 326COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 0faaa06bdf32753e62180bb99fb947144d99b538e755186f145eb63a17f45aa3
      • Instruction ID: 711f9b67c0b6514345f01defc1861ac669cba92f07261cf2411f18d5c6690017
      • Opcode Fuzzy Hash: 0faaa06bdf32753e62180bb99fb947144d99b538e755186f145eb63a17f45aa3
      • Instruction Fuzzy Hash: D6B188356243068FDB28AE78C9A03EA77E2EF55390F95442EDDC6D7558DB3086C5CB02
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02240837, Relevance: .3, Instructions: 322COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: f7d4fb50bb8c6d2705b1423b99ba43b8c12565261c21e0535a92bd2106fdf8dc
      • Instruction ID: b50dcc6ee0975eaa3bd86aefaf744cd18d4e9edf7374a731c32be27497bbdabf
      • Opcode Fuzzy Hash: f7d4fb50bb8c6d2705b1423b99ba43b8c12565261c21e0535a92bd2106fdf8dc
      • Instruction Fuzzy Hash: 08B16A356203468FDB289E7889A43EA37E2EF55390F95442EDDCAD7208DB3486C6CB11
      Uniqueness

      Uniqueness Score: -1.00%

      Function 022454AF, Relevance: .3, Instructions: 304COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: f4615e8cc6b71511b37150c97093eb54687cd5ca83b9faa78612ac511fa9c838
      • Instruction ID: 8f990da3d1826b25018f4208e9b9e6f4568de5d371345109ac2100db4000ad40
      • Opcode Fuzzy Hash: f4615e8cc6b71511b37150c97093eb54687cd5ca83b9faa78612ac511fa9c838
      • Instruction Fuzzy Hash: C7B1A97161030A9FDF365EB48DA43DA37A3FF663A0FA54029DCC69B148DB718989CB41
      Uniqueness

      Uniqueness Score: -1.00%

      Function 022409E9, Relevance: .3, Instructions: 299COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 40225b0e5cfa95c8e8aea881ab340fa7559437d353e6177f442e355139ffb2b1
      • Instruction ID: 5e3b9a5c19a030b5a6192d3303a8c5ca9d3f45c43c8669f70203085649762d5c
      • Opcode Fuzzy Hash: 40225b0e5cfa95c8e8aea881ab340fa7559437d353e6177f442e355139ffb2b1
      • Instruction Fuzzy Hash: C3A19035A243168FDB28AEB889A47EA37E2EF45390F90451EDDC6D714CDB3486C5CB02
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224A099, Relevance: .3, Instructions: 294COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 45c533037a2538c388f3b2d8af5e470b2a74dc970469289b589201f049df94a1
      • Instruction ID: 2720e4aa0b8238307d8fa3d2245c495e21b15cbdb8a3aa639647df92e40b04f4
      • Opcode Fuzzy Hash: 45c533037a2538c388f3b2d8af5e470b2a74dc970469289b589201f049df94a1
      • Instruction Fuzzy Hash: 39B115219583C28DEB268B7889987867F925F13274F8EC3DACCE54F1EBD7658046C712
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224A11B, Relevance: .3, Instructions: 293COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 4b3b339a12b20b981064988b7c46f026587f3fe1cda6d3486569ea4cd98ae50f
      • Instruction ID: ca3d2707ac10338a65bd7ac8ec7e292ec01648106629fc3b39b87c802fa683a8
      • Opcode Fuzzy Hash: 4b3b339a12b20b981064988b7c46f026587f3fe1cda6d3486569ea4cd98ae50f
      • Instruction Fuzzy Hash: B4B127119987C38DEB268B7889687826F925F13274F8EC3DACCE54F1EBD7658046C712
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02242DA5, Relevance: .3, Instructions: 284COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: b26debf31b69f0e17de618b84c191c46fb9cf4aafef3e6a5b6ab590f61759606
      • Instruction ID: 1e6890c7e63dbde91c5890efddd4dcf89809013c5c91dcc42630ec990864904a
      • Opcode Fuzzy Hash: b26debf31b69f0e17de618b84c191c46fb9cf4aafef3e6a5b6ab590f61759606
      • Instruction Fuzzy Hash: FBA15632514349DFCB349E688CA87EB7366EF953A0F92451EECC69B248D7714D86CB02
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224A126, Relevance: .3, Instructions: 261COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 094fbd50f1b5460243c4fb3fc0c2eedc2dd6d15723b0dc41e010fa31cd3362f7
      • Instruction ID: a2737892f7b114caf8e306a74184da6bfeed5ced035a345009d954c344d6b795
      • Opcode Fuzzy Hash: 094fbd50f1b5460243c4fb3fc0c2eedc2dd6d15723b0dc41e010fa31cd3362f7
      • Instruction Fuzzy Hash: F4A107119587C38DEB268B7889687866E924F13274F8DC3DACCE54F1EBD7654046C313
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02242DA7, Relevance: .3, Instructions: 261COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 739be600e5baeca03d49b57e689f21475b055e344b8ab84f52180b242a9b2a1a
      • Instruction ID: 6733ee37f5bfecdaadb80a6366a3c98a60ca17a15f25972672260cdfe71eeecf
      • Opcode Fuzzy Hash: 739be600e5baeca03d49b57e689f21475b055e344b8ab84f52180b242a9b2a1a
      • Instruction Fuzzy Hash: 7F914732514389DFCB34AE688C687EA73A6EF91390F96051AECC69B244D7714D86CB42
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224A153, Relevance: .3, Instructions: 255COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: cc5f548625af08187dbfe20f3b0970a21b84b60aa5928d51d006fe752290894e
      • Instruction ID: 25dd43a25655689887fc331c3c3e548c50c066336154a0f4afe2eecf8fee1260
      • Opcode Fuzzy Hash: cc5f548625af08187dbfe20f3b0970a21b84b60aa5928d51d006fe752290894e
      • Instruction Fuzzy Hash: 9491F6519987C38DEB268B7889587866E925F13274F8DC3DACCE54F0EBD7A58046C313
      Uniqueness

      Uniqueness Score: -1.00%

      Function 022455B6, Relevance: .2, Instructions: 245COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 686254668d71243648c7545caf84b25a10eed366946f6ce564b74d53edd69920
      • Instruction ID: 37259990e12d8dcb2e2ac2aec09de08bc358c7d49945347216d9c33f7ad7e84a
      • Opcode Fuzzy Hash: 686254668d71243648c7545caf84b25a10eed366946f6ce564b74d53edd69920
      • Instruction Fuzzy Hash: 4E91CA71A1034A9FDF359EB48DA03DA37A3FF663A0F954129DCC99B148CB718889CB40
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02242E12, Relevance: .2, Instructions: 238COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 9c0b34ae7ea085ad5e638250885943cf9b0f4f1d4e5fc5531dff1af70d70425a
      • Instruction ID: 5d98d3209db499bda4d5b41945ea29b23d8e053b5a68e170e53cadb145fd2135
      • Opcode Fuzzy Hash: 9c0b34ae7ea085ad5e638250885943cf9b0f4f1d4e5fc5531dff1af70d70425a
      • Instruction Fuzzy Hash: E1818A31514389DFCB349E288CA87EB73A6EF92390F96051EDDCAA7244D7714D86CB42
      Uniqueness

      Uniqueness Score: -1.00%

      Function 022425FE, Relevance: .2, Instructions: 236COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 97924fe7efa2a51826038a1202bb14bd2aa0624fa4ef462c97ffa26d6d68448e
      • Instruction ID: 6b1cdc53773f12f97a152e4a5d74731585d5115b5e17fe421b1847f7fd283b02
      • Opcode Fuzzy Hash: 97924fe7efa2a51826038a1202bb14bd2aa0624fa4ef462c97ffa26d6d68448e
      • Instruction Fuzzy Hash: B5818C35A243068FDB28AE7889A03EA37E2EF15350F91442EDDC6D764CDB3486C5CB02
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224A1AA, Relevance: .2, Instructions: 233COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 8ca941fc626cc3156374225f49a0ce8489dd475673bdbe45d5ed26a2885921d0
      • Instruction ID: 63a35e4ae03bf34d754932b6f461b8aa4efb586abd7ff4cdbc94763be1c36ec9
      • Opcode Fuzzy Hash: 8ca941fc626cc3156374225f49a0ce8489dd475673bdbe45d5ed26a2885921d0
      • Instruction Fuzzy Hash: EA81E7519987C38DEB268B78896C7866E925F13274F8DC3DACCE64F0EBD7A54046C312
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02240A1D, Relevance: .2, Instructions: 228COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 426b06d8f1bab142dceeb169b41693ea0fd0db4975ac6ebffeb9054daf95d9ca
      • Instruction ID: 2e5f9ab59b128cf8a00485fee0ed47f36b59e8edcfe357aa96716b8bbb44fabd
      • Opcode Fuzzy Hash: 426b06d8f1bab142dceeb169b41693ea0fd0db4975ac6ebffeb9054daf95d9ca
      • Instruction Fuzzy Hash: 0B718D35A243468FDB28AE78C9943EA37E1EF45350F55482DDDCAD7648DB3486C5CB02
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224A1E7, Relevance: .2, Instructions: 224COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: bd8b52de883a21dddd391c0c8444211f55d929eb037d3f778a838ee1faf85ef9
      • Instruction ID: b200c84a041c3fb00a3d8d331288179950f35b81488fb59f2bb35c0a3617526c
      • Opcode Fuzzy Hash: bd8b52de883a21dddd391c0c8444211f55d929eb037d3f778a838ee1faf85ef9
      • Instruction Fuzzy Hash: AE8128119A87838DEB358B7889987866F925F13274F8DC3A9CCE64F0EBD7654046C313
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02240A85, Relevance: .2, Instructions: 219COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 300cb6f3209b7e7f4fd63e78fe667ba86e03ca57c0faa8160b47efee092a1d5f
      • Instruction ID: 3a035bfc7317ad195e8b0ef04333aab326536191a8b7f742588f9e730c13a559
      • Opcode Fuzzy Hash: 300cb6f3209b7e7f4fd63e78fe667ba86e03ca57c0faa8160b47efee092a1d5f
      • Instruction Fuzzy Hash: E2718A31A243468FDB28AE78C9943EA37E1EF46350F55052DDDCAEB648DB3086C5CB42
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02242E85, Relevance: .2, Instructions: 213COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 7443a1d569dd570dc3cf2949d7239a065c75aa037fa8d056245de2c1494cdfd4
      • Instruction ID: 20922714184994c50604cf4b832ffe7c56537dd37d37817c87dfef7bb6361e1f
      • Opcode Fuzzy Hash: 7443a1d569dd570dc3cf2949d7239a065c75aa037fa8d056245de2c1494cdfd4
      • Instruction Fuzzy Hash: C1715631514389DFCB34AE388CA87EA77B2EF91390FA5451EDDCA9B254D7704986CB02
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224A237, Relevance: .2, Instructions: 208COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: c8a6a2fdd144dacc4750e87181a6c0201bb251bfe3d1e974724120974edd4b21
      • Instruction ID: 79d47df1894370a20b70c7165a0cc99f2b59f666c6c024e7ec9fff18c897f15d
      • Opcode Fuzzy Hash: c8a6a2fdd144dacc4750e87181a6c0201bb251bfe3d1e974724120974edd4b21
      • Instruction Fuzzy Hash: 9B7139519A838349EF365B7889687866B925F13274F4DC3AACCE64F0EFE7654086C313
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02243CEF, Relevance: .2, Instructions: 201COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: ed8c2be106fc1ba700e6f35bba56fcb0ad3acbc079012ade4529be1b37bb66fb
      • Instruction ID: 4656cf94e6f34ed7cff0af1beae62a67e54b0dc1d62c7dadfaf5601838859d37
      • Opcode Fuzzy Hash: ed8c2be106fc1ba700e6f35bba56fcb0ad3acbc079012ade4529be1b37bb66fb
      • Instruction Fuzzy Hash: BC613772B147568FDB289E78CC607D973F2BF587A0F590229EC99DB284DB319D818B40
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224A27D, Relevance: .2, Instructions: 194COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: d72b8ec973294ed3e9c0cfc79fbdd8e3529b1288ada9955e6557ea21ad42d9e0
      • Instruction ID: 4f765ae5cd50b86002c21e74db3f860b2f49e2d44b47add2f979dbd20eb6921b
      • Opcode Fuzzy Hash: d72b8ec973294ed3e9c0cfc79fbdd8e3529b1288ada9955e6557ea21ad42d9e0
      • Instruction Fuzzy Hash: 3C614A658A43838AEF354AB889A47966B929F03274F4983A9CCE24F1DFD7654046C712
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02240B23, Relevance: .2, Instructions: 191COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 74f6d7e719d644d3138aab6c7486427c7a3de64b920ce9a37bdcf7122562c56b
      • Instruction ID: 4031c0752c040b7f437c9996802b6445e617aacec0c94275057e0f2238afbcd0
      • Opcode Fuzzy Hash: 74f6d7e719d644d3138aab6c7486427c7a3de64b920ce9a37bdcf7122562c56b
      • Instruction Fuzzy Hash: 3B518C35A243058FDB289EB889A43E937E1EF06350F95452EDDC6EB248DB3086C5CB51
      Uniqueness

      Uniqueness Score: -1.00%

      Function 022440DD, Relevance: .2, Instructions: 190COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 93abc59236220a783cf4099e3f19848fbd6454ce19223fecca27a48e0748dcd9
      • Instruction ID: 65ecce5cb67befa770e61f02989338849de50ea381291761b7f9082f7952c8d7
      • Opcode Fuzzy Hash: 93abc59236220a783cf4099e3f19848fbd6454ce19223fecca27a48e0748dcd9
      • Instruction Fuzzy Hash: 6D6163741543068FCB28AE38C9957EA77B2FF963C0F558019CCCA9B118CB71894ACB02
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02242F01, Relevance: .2, Instructions: 187COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 1d7c5b66b23802d2d236f26bd408b0a92dee7238e91b3be65caa50c829c476aa
      • Instruction ID: 37658ccd9487aab4e0991947e2642915a45a1da62e6038b317023f6c5554dd5a
      • Opcode Fuzzy Hash: 1d7c5b66b23802d2d236f26bd408b0a92dee7238e91b3be65caa50c829c476aa
      • Instruction Fuzzy Hash: 05616932114389DFCB349E388C987EA37B6EF91390FA5051EDCCA9B254D7705986CB02
      Uniqueness

      Uniqueness Score: -1.00%

      Function 022440EA, Relevance: .2, Instructions: 182COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 4caea14335149b0b556862542f4f79c86873f63bac36dedae6f16f04f292f2ac
      • Instruction ID: 323c3e9cb4ed189cd7ac20d7e38cfd0f1330cefa5992d63dad985d049049b153
      • Opcode Fuzzy Hash: 4caea14335149b0b556862542f4f79c86873f63bac36dedae6f16f04f292f2ac
      • Instruction Fuzzy Hash: 2D51A8755583468FDB28AE38D9957EA37B2FF967C0F55401DCCCA9B128CBB1450ACB02
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02240363, Relevance: .2, Instructions: 179COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 02163ee94a85412d84955ef52fbb1e785084a7cee715baaa149b0ad459391c24
      • Instruction ID: 97aeea72f858f202ca34a89648bcda9dfefa492c6d4549d359f858942848ced3
      • Opcode Fuzzy Hash: 02163ee94a85412d84955ef52fbb1e785084a7cee715baaa149b0ad459391c24
      • Instruction Fuzzy Hash: 93513775A643069FEB287AB48AB57EA33E29F523A0FC9441ECCC787545EB7145C4CB02
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224AEAA, Relevance: .2, Instructions: 176COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: b45670d87194734ca1f5adb0fb1b15d4ef285d104e290d5cac74ea5f97b8161e
      • Instruction ID: 0f7c371d9b94d9017e896ba042e42c43555dce864bd080687d97709d47734882
      • Opcode Fuzzy Hash: b45670d87194734ca1f5adb0fb1b15d4ef285d104e290d5cac74ea5f97b8161e
      • Instruction Fuzzy Hash: E0518C719783028EDF2D9DF885643FA33A2EF15359F91422ADC93A74ACDFA5C484C602
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224A2DA, Relevance: .2, Instructions: 172COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 26763599b305d91e4d7ac5334532781f977eb6756d8be36aa96da80430cf63da
      • Instruction ID: e5eec33c3433d9734c2ffd3aa4ef2fa6913029d1d243f754fa79623dfc68fdee
      • Opcode Fuzzy Hash: 26763599b305d91e4d7ac5334532781f977eb6756d8be36aa96da80430cf63da
      • Instruction Fuzzy Hash: 1E513F61CA438389DF355EB889A43967B929F13274F4883A9CCE64E1DED7654046C712
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02242700, Relevance: .2, Instructions: 168COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: b4bdd3272cdde7163b994576773453fe3589c189482444422eaaa914745039fa
      • Instruction ID: d141da788d242a37e145c8a073ecb657987a3780fc20845da15e4850059061b8
      • Opcode Fuzzy Hash: b4bdd3272cdde7163b994576773453fe3589c189482444422eaaa914745039fa
      • Instruction Fuzzy Hash: 38518E71A24309DFEB384EE9CD847EA3663EF85750FD0421AED4A57248DBB14981CB12
      Uniqueness

      Uniqueness Score: -1.00%

      Function 022426E6, Relevance: .2, Instructions: 165COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 0ccbac8471afc758552a9710183a6912da52f2ef9bb9a38c1a4f5422535b5fbb
      • Instruction ID: a1474f9fb6c94a4bf880c34eae346e989cca7d74b5a71d40e54d26378d1e574d
      • Opcode Fuzzy Hash: 0ccbac8471afc758552a9710183a6912da52f2ef9bb9a38c1a4f5422535b5fbb
      • Instruction Fuzzy Hash: F4518F71624305DFEB345ED9CD847EA3663EF95350FD0421AED4A97248DBB48A81CB12
      Uniqueness

      Uniqueness Score: -1.00%

      Function 022426C2, Relevance: .2, Instructions: 163COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: f9ce275b1bca61024f15c7042cbd9e83722f9912e226df9b4bf073a0f05b099c
      • Instruction ID: 1e93b4bd405caf8b5e37042b13cb43fc7798b6a916bbbab5b935b13a420fd3bd
      • Opcode Fuzzy Hash: f9ce275b1bca61024f15c7042cbd9e83722f9912e226df9b4bf073a0f05b099c
      • Instruction Fuzzy Hash: C4515D71628345DFE7349EE5CC847E63763EF55310F94421AED8A57248DBB44A81CB12
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02244146, Relevance: .2, Instructions: 163COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: a57b8423c326cb482996fce1cf6ff7da552dcecbc2096112d706fd8c8415c8fc
      • Instruction ID: f0f8e311547006f94bcd92473693d8d4ab4f1c4bfd9e8df05b75afb37a135910
      • Opcode Fuzzy Hash: a57b8423c326cb482996fce1cf6ff7da552dcecbc2096112d706fd8c8415c8fc
      • Instruction Fuzzy Hash: 285172755583468FDB28AE3899957EA37B2EF967C0F14401D8CCA9B118DBB1860ACB02
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224AF1E, Relevance: .2, Instructions: 157COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 84f3d3ef01ceed80f38aa907b454ea1dfbd40864b3389a78114641445ca30a1d
      • Instruction ID: e9f0a66d7446bf72b880041412e65df7c6be1ab7bb0839adbfa9a12e7aa8245b
      • Opcode Fuzzy Hash: 84f3d3ef01ceed80f38aa907b454ea1dfbd40864b3389a78114641445ca30a1d
      • Instruction Fuzzy Hash: 6E415971938302CEDF2D9DF885647BA7361EF15359F91462ACC93A74ACCFA5C485CA02
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224AF75, Relevance: .2, Instructions: 157COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: e9075cee352991deafa7e3836ec8e08c1f371e4209ae08e7aed229ccb476743c
      • Instruction ID: 78d12b1c03f002562ace03e99d0bd23f7ea0a072bd0a2175f25573b666e008e2
      • Opcode Fuzzy Hash: e9075cee352991deafa7e3836ec8e08c1f371e4209ae08e7aed229ccb476743c
      • Instruction Fuzzy Hash: 075149319383028EDF2CAEB885953EA7361FF12359F95452DDCD2A7458DFA4C484CA12
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224AF53, Relevance: .2, Instructions: 156COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: c024fb2add3e9841fd75f71e02143239d1fe1ed10ea80b028258ebebb68053d4
      • Instruction ID: 7ea3e3b7817725d6c4015e6760d11936862a8253c74116843e379ff4d5df1ece
      • Opcode Fuzzy Hash: c024fb2add3e9841fd75f71e02143239d1fe1ed10ea80b028258ebebb68053d4
      • Instruction Fuzzy Hash: 6C4177319383028EDF2DADB885643FA73A1EF11359F91452ADC93A74ACDFA5C484CA12
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224AF42, Relevance: .2, Instructions: 152COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 25958e1729f0ccb0e492cde1b16f0e2050b386973a9dde385162b5c1405302e6
      • Instruction ID: e9215a4e4f91fc14e972ceeb8bad9286d6fa13794053dd70f5dc9dbf05bc3653
      • Opcode Fuzzy Hash: 25958e1729f0ccb0e492cde1b16f0e2050b386973a9dde385162b5c1405302e6
      • Instruction Fuzzy Hash: DB415931938302CEDF2D9DB8C1A43BA73A1EF11359F91412ADC93A74ACCFA5C485CA02
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224B015, Relevance: .2, Instructions: 150COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 83ae08d7d751404bd0e564f63acc6365a519e53988c6db66175c6a3c10bd1442
      • Instruction ID: b677079119ed274a39be818dca2f3edd0a8f4593baa5ac6b0122653833c0612e
      • Opcode Fuzzy Hash: 83ae08d7d751404bd0e564f63acc6365a519e53988c6db66175c6a3c10bd1442
      • Instruction Fuzzy Hash: 82414934924302CFDB2CAEB8C5A53A633A1FF06359F95452DDC92A7458DFB0D484CB12
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02244192, Relevance: .1, Instructions: 149COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 1aed9e4f5e34e0e70918bc88ff32a376442a2d062578418b589c685c6a74ac8a
      • Instruction ID: efcf747a8b3cdeb23fbb1803a75171a8fd71349756304279b0420a250a47e9fb
      • Opcode Fuzzy Hash: 1aed9e4f5e34e0e70918bc88ff32a376442a2d062578418b589c685c6a74ac8a
      • Instruction Fuzzy Hash: 875196755583468BDB28AE389D957EA37B3AFD57D0F54401E8CCA5B108DBB1460BCB02
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224AFAF, Relevance: .1, Instructions: 147COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 1da01236c5b2d4e67189972d3a0bbc411eecb357857e13e6885cfee5fcddb8d9
      • Instruction ID: 58ac520e6378c2660d2fd29dbd986907b62eb7edfb3638a888e631bc026b3b0e
      • Opcode Fuzzy Hash: 1da01236c5b2d4e67189972d3a0bbc411eecb357857e13e6885cfee5fcddb8d9
      • Instruction Fuzzy Hash: 1E4157309343028EDF2CAEB885A53FA73A1FF11359F914529DC93A74ACDFA5C485CA12
      Uniqueness

      Uniqueness Score: -1.00%

      Function 022441BA, Relevance: .1, Instructions: 145COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: a0d0ff3cf7dfd81b0b0584075c309690b1263527af87a9d2b1eb45c21158f3c1
      • Instruction ID: f6c89220dbd61d045e1d5f17dc9b68206f2c51c737baa617b0218c89109adf8e
      • Opcode Fuzzy Hash: a0d0ff3cf7dfd81b0b0584075c309690b1263527af87a9d2b1eb45c21158f3c1
      • Instruction Fuzzy Hash: E94176755583468BDB38AE389D953EA37B3EFD67D0F54401E8CCA9B108DBB1060ACB02
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224B079, Relevance: .1, Instructions: 144COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 80d8015fce9c0ee7890c4df73c0735059712bbb98cc42eb5ceb1e878445b744b
      • Instruction ID: ba86ae46f671cc316eb3d60c9fa3744ccd93a81d17e9f865dc4482e627feb3d6
      • Opcode Fuzzy Hash: 80d8015fce9c0ee7890c4df73c0735059712bbb98cc42eb5ceb1e878445b744b
      • Instruction Fuzzy Hash: 22417A358243028FDB2CEEB885953A977A1FF02358FA5096DDCD2A7468DFB0C484DB12
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02242745, Relevance: .1, Instructions: 141COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 4294a7f0a3b687cb0fe53b4fdb6ecdc65b6518c5916749f8e096318bea318272
      • Instruction ID: 266950c93459ef54b8b9987af7f7a7170fbe0cd2fabff4a8eae5d8b13f9ca5a0
      • Opcode Fuzzy Hash: 4294a7f0a3b687cb0fe53b4fdb6ecdc65b6518c5916749f8e096318bea318272
      • Instruction Fuzzy Hash: C3415C72628345DFEB345FE9CC847DA3763EF99350F944119ED8957208EBB48A40CB21
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02242792, Relevance: .1, Instructions: 140COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 63da67fb87a40a2eea1c72111460776113eebc34e0a3ba5291eb21609684aaec
      • Instruction ID: ca8f8d522d8720378cd30f89f05ff96c897e0459a13e19bd67d5590fc23c8860
      • Opcode Fuzzy Hash: 63da67fb87a40a2eea1c72111460776113eebc34e0a3ba5291eb21609684aaec
      • Instruction Fuzzy Hash: 24417B71628345DFEB344FE9CD847DA3763EF96350F80411AED898B249DBB44A40CB62
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224AFF6, Relevance: .1, Instructions: 140COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 9efb6cc8dac7e0179236873b87f67b477454ac209b59290700996d06124e97ef
      • Instruction ID: d80ab1567d28684b137b26c249ee360a1784670407b2002cccc6088632cd161d
      • Opcode Fuzzy Hash: 9efb6cc8dac7e0179236873b87f67b477454ac209b59290700996d06124e97ef
      • Instruction Fuzzy Hash: F54156309343028FDF2CAEB8C5A53BA37A1FF16359F95452DDC93A7468CBA4D484CA02
      Uniqueness

      Uniqueness Score: -1.00%

      Function 022441F8, Relevance: .1, Instructions: 134COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: a87da0be7b08f9631a4b30ad1c9c855b47340b54e86a9dcd3f9024da3c5a1661
      • Instruction ID: 9e92b6631b79dfd22e3efcdad3f3d8e3747ff3a20c5f035354f9583fcb720565
      • Opcode Fuzzy Hash: a87da0be7b08f9631a4b30ad1c9c855b47340b54e86a9dcd3f9024da3c5a1661
      • Instruction Fuzzy Hash: 294176745583468BDB38AE399D943EB37B3AFD57D0F54401E8CC99B108CBB10A0BCA02
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224B053, Relevance: .1, Instructions: 133COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: f8e86ba4bbf9eb7edca6a7768864c0e604c76facc29f9e5e7c4a79b8de843f41
      • Instruction ID: 619d640e0297e5ed5410d0a98832e75804d3af46fce0ea7faa6ab7e5b9949a3e
      • Opcode Fuzzy Hash: f8e86ba4bbf9eb7edca6a7768864c0e604c76facc29f9e5e7c4a79b8de843f41
      • Instruction Fuzzy Hash: A4415A309243028FDF2CAEB8C5A53EA77A1FF16359F91442DDC93A7468DBA4C485CA52
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224A38D, Relevance: .1, Instructions: 128COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 2cf1c1275d0dc2e702e881ce311035f5a60de3a107dffa1a70b612da38c979c7
      • Instruction ID: 9bd464232686a891238576c522e8aec15e374c5d4830c856b3053456b3ab2913
      • Opcode Fuzzy Hash: 2cf1c1275d0dc2e702e881ce311035f5a60de3a107dffa1a70b612da38c979c7
      • Instruction Fuzzy Hash: B6415961CA438349DF259F7849947D6BA929F432B0F4983A9CCA24F0DED7654046C712
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224B046, Relevance: .1, Instructions: 128COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: f4d838cc382000353ff03abaafc2f26639ddfefac3c5e81873ec53f7b02f6d15
      • Instruction ID: 0bfc193fd0f4fdb51e9b46c1266482839175356760244a8f0285eadd2f74b310
      • Opcode Fuzzy Hash: f4d838cc382000353ff03abaafc2f26639ddfefac3c5e81873ec53f7b02f6d15
      • Instruction Fuzzy Hash: AA4137309343028FDF2CAEB8C1A57BA77A1EF5635DF91412DDC93A7468CBA5C485CA42
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02244236, Relevance: .1, Instructions: 124COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 96c39a46682cf30ff5fcd6c44da14bb028c96d1da65f859b3eccee4fd4e4e4ea
      • Instruction ID: dd700c281ef61fe2215a7c889954939897f316a96a0dc7182d6a0bb1aafd66fc
      • Opcode Fuzzy Hash: 96c39a46682cf30ff5fcd6c44da14bb028c96d1da65f859b3eccee4fd4e4e4ea
      • Instruction Fuzzy Hash: A74175754583468BDB38AE389D903EA37B3FF96B90F54441D8CC99B108CB710A4ACB02
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02242B71, Relevance: .1, Instructions: 119COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: fc511099af4ffcfc3bb65c1a1a2118ebe9b28f3a9c426a4d46b7d92762b8556b
      • Instruction ID: b0a7fc4ccfd21859b586f17fa97c9e134c0306f882b3a60f70a07de1c08420f1
      • Opcode Fuzzy Hash: fc511099af4ffcfc3bb65c1a1a2118ebe9b28f3a9c426a4d46b7d92762b8556b
      • Instruction Fuzzy Hash: 20412531A04359CBDB705FB88C843DA77A6AF063A0F91022AADC8A7254D7319E81CF42
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02242B19, Relevance: .1, Instructions: 118COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 39ef9ccba79ea0e4f9b4ee22255541b1ed420ad7a63d1fd7a78ea8728a7fc633
      • Instruction ID: c7575a47a471acbcd48361b2595928cfdd5c29cada60f009cbcd53653e58f1ab
      • Opcode Fuzzy Hash: 39ef9ccba79ea0e4f9b4ee22255541b1ed420ad7a63d1fd7a78ea8728a7fc633
      • Instruction Fuzzy Hash: 5C412631618355DFDB745FB89C843DA77A2AF163A0F92022AECC8A7254D7319E81CF42
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02242867, Relevance: .1, Instructions: 114COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 2dee329e78e343e84cc5ee3150c26cb1323cd67e083c23031a3b068afd0c7830
      • Instruction ID: 49f8ec0ff442ed2adede381a69ddc79ba35464e70ee5aef94eb105a15322497e
      • Opcode Fuzzy Hash: 2dee329e78e343e84cc5ee3150c26cb1323cd67e083c23031a3b068afd0c7830
      • Instruction Fuzzy Hash: 1B31BAB2928355CEE7394EEAC9403D97762EF46350FE0461EFE818B209DBB44581CA75
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224B0FD, Relevance: .1, Instructions: 110COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 0cd07c62db0e35fe3237a869c3d67981dff20245b9fce0c102ae0c74021a88d0
      • Instruction ID: 22b30cc257996116a61377d65a8d04dbebd7121b34733c1de8e7add1dcf4a9ba
      • Opcode Fuzzy Hash: 0cd07c62db0e35fe3237a869c3d67981dff20245b9fce0c102ae0c74021a88d0
      • Instruction Fuzzy Hash: 33317B308243028EDF2CEEB8C1947AA77A1FF12359F91456DCCD2A7068CBB0C084DB12
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02246865, Relevance: .1, Instructions: 88COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: c443f9f5084253b2fde99128d24401e6eaabf716ed210a70a8a8a136fe108248
      • Instruction ID: 2e62f0aa40f4736286c867faa772a6a3a95df711dc71605d7ced2c7617d2f6d9
      • Opcode Fuzzy Hash: c443f9f5084253b2fde99128d24401e6eaabf716ed210a70a8a8a136fe108248
      • Instruction Fuzzy Hash: 643134351183429FDB282E78CA563EABFE1EF52390F06042E8CC297069D364058ACB03
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02242846, Relevance: .1, Instructions: 87COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: e78b1520d99dd082ffbc51a40cf7886920eaf462989bb94ac8ffc170ab56eabb
      • Instruction ID: 77b1cf8c6984b032491da2118fba582fe5c9d894135f27fdb68098c6b350fb1c
      • Opcode Fuzzy Hash: e78b1520d99dd082ffbc51a40cf7886920eaf462989bb94ac8ffc170ab56eabb
      • Instruction Fuzzy Hash: 05214CB1528255CEE7349FAAC9803E67362EF96310FA04519EE8587208EBB44640C765
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224688A, Relevance: .1, Instructions: 81COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 9d61f6d25dc235ffdcf618bc91ecf2fcea0ab2e529998f670322b581aacd1884
      • Instruction ID: 7dfe21d0d16bd2a9803d74c23c7c686b0b5cd6cb53cc806aaf5a0241b538a9e7
      • Opcode Fuzzy Hash: 9d61f6d25dc235ffdcf618bc91ecf2fcea0ab2e529998f670322b581aacd1884
      • Instruction Fuzzy Hash: BD212B36518341DFDB286E38DA963EABBE2EF52390F46092DDCC693458D7704585CB13
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0224290A, Relevance: .1, Instructions: 67COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 76b45703f0cb00690da0ac2dbb31daa0dc8db7d2aa6b9763ae4e8bb7e9497b1d
      • Instruction ID: fcd55bbbdcb992e0d4aa37d9eadc4cbb5903363751f0650f68df7b10da186cb7
      • Opcode Fuzzy Hash: 76b45703f0cb00690da0ac2dbb31daa0dc8db7d2aa6b9763ae4e8bb7e9497b1d
      • Instruction Fuzzy Hash: 4B119C62924215CAFB315BEAC9043E67763DF92320FA08556ED828730CEBF489818766
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02249441, Relevance: .0, Instructions: 37COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 8c12da4dd42b7d5e9cdab17c78ece2b9bb7115a11ba65aecae92ee5fc4aa8aa9
      • Instruction ID: f6ea7db7824e260131bd47d61501d6425d8620f12f88a5d774ad85232aec7dc6
      • Opcode Fuzzy Hash: 8c12da4dd42b7d5e9cdab17c78ece2b9bb7115a11ba65aecae92ee5fc4aa8aa9
      • Instruction Fuzzy Hash: 73F0A4313612018FD728CE64C5D0BD673A6AF66750FDA4156D94587298C730D8C0CB10
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02249032, Relevance: .0, Instructions: 16COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: d6cd900957f4ce67419530429b629f12969efd630a759b93eed92c31e608f4b5
      • Instruction ID: ca74cd5edf7edf1ea48c6abd304eae1f2a3424b2bff2c4804c4bf2e3c3475002
      • Opcode Fuzzy Hash: d6cd900957f4ce67419530429b629f12969efd630a759b93eed92c31e608f4b5
      • Instruction Fuzzy Hash: 72D017356185848FE314EE28D4D1B4073A5FF45B50FA4488CE1D5C7941EB78E614CB60
      Uniqueness

      Uniqueness Score: -1.00%

      Function 02249030, Relevance: .0, Instructions: 9COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 4841bc0ec92c33c5b7683f55a34b443b24ade1ea32f33e48f19ceb5fabf3df52
      • Instruction ID: eff25e327c4947d65d0f8a7a7b89094548c4b513acb83ff4a4b38bc6b41b3e18
      • Opcode Fuzzy Hash: 4841bc0ec92c33c5b7683f55a34b443b24ade1ea32f33e48f19ceb5fabf3df52
      • Instruction Fuzzy Hash: 1BC04C30634945CFD755DE18C1A0B8173A6EB45B60F9156C0E0528B9D5C39AE945C640
      Uniqueness

      Uniqueness Score: -1.00%

      Function 022462D6, Relevance: .0, Instructions: 7COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, Offset: 02240000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_2240000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: a89a6ef7ffefeb1197f748c38292f19f3c03b4555d07a6fcc0cc3f11ed2cd21a
      • Instruction ID: 359aa6ca8fd6c91da8950a5da2f84d0a67bbb527930f5a8d2fe3f86bec534773
      • Opcode Fuzzy Hash: a89a6ef7ffefeb1197f748c38292f19f3c03b4555d07a6fcc0cc3f11ed2cd21a
      • Instruction Fuzzy Hash: F8C092B6201A808FEF02CB0CD882B4073A0FB05798B080AD0E462CFBA2C324EA00CA00
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0041EF60, Relevance: 66.7, APIs: 32, Strings: 6, Instructions: 188COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      • __vbaStrCopy.MSVBVM60 ref: 0041EFBE
      • __vbaStrCopy.MSVBVM60 ref: 0041EFC8
      • #523.MSVBVM60(?), ref: 0041EFCE
      • __vbaStrMove.MSVBVM60 ref: 0041EFDF
      • __vbaStrCmp.MSVBVM60(00419944,00000000), ref: 0041EFE7
      • __vbaFreeStr.MSVBVM60 ref: 0041EFFA
      • __vbaNew2.MSVBVM60(00418FC8,00420390), ref: 0041F017
      • __vbaHresultCheckObj.MSVBVM60(00000000,0225EDC4,00418FB8,0000004C), ref: 0041F03C
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,004194C0,00000024), ref: 0041F06A
      • __vbaStrMove.MSVBVM60 ref: 0041F079
      • __vbaFreeObj.MSVBVM60 ref: 0041F07E
      • __vbaStrCopy.MSVBVM60 ref: 0041F08C
      • #514.MSVBVM60(?,00000002), ref: 0041F098
      • __vbaStrMove.MSVBVM60 ref: 0041F0A3
      • __vbaStrCmp.MSVBVM60(004197AC,00000000), ref: 0041F0AB
      • __vbaFreeStr.MSVBVM60 ref: 0041F0BE
      • __vbaNew2.MSVBVM60(00418FC8,00420390), ref: 0041F0DB
      • __vbaObjVar.MSVBVM60(?), ref: 0041F0ED
      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 0041F0F8
      • __vbaHresultCheckObj.MSVBVM60(00000000,0225EDC4,00418FB8,00000010), ref: 0041F112
      • __vbaFreeObj.MSVBVM60 ref: 0041F11B
      • #591.MSVBVM60(?), ref: 0041F139
      • __vbaStrMove.MSVBVM60 ref: 0041F144
      • __vbaStrCmp.MSVBVM60(Long,00000000), ref: 0041F14C
      • __vbaFreeStr.MSVBVM60 ref: 0041F15F
      • __vbaFreeVar.MSVBVM60 ref: 0041F168
      • __vbaInStr.MSVBVM60(00000000,alogical,REINVOLVE,FFD81A79), ref: 0041F183
      • __vbaFreeStr.MSVBVM60(0041F1D7), ref: 0041F1BC
      • __vbaFreeStr.MSVBVM60 ref: 0041F1C1
      • __vbaFreeStr.MSVBVM60 ref: 0041F1C6
      • __vbaFreeVar.MSVBVM60 ref: 0041F1CB
      • __vbaFreeStr.MSVBVM60 ref: 0041F1D4
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: __vba$Free$Move$CheckCopyHresult$New2$#514#523#591Addref
      • String ID: Long$REINVOLVE$USKARA$alogical$stamhusene$var
      • API String ID: 841602701-1234315806
      • Opcode ID: 75b05c388be75936a483a5978979b720ddab83af2b4c514fd7118fc006c92c04
      • Instruction ID: caa5c79ee01a3de21965b202f86fb43de8a668e60b77db61920ce2fab4f1e1a8
      • Opcode Fuzzy Hash: 75b05c388be75936a483a5978979b720ddab83af2b4c514fd7118fc006c92c04
      • Instruction Fuzzy Hash: D1612075940218EFCB14DFA0DD499DEBBB8FF58704F20412AE942B72A0DB785D46CB98
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0041D320, Relevance: 47.4, APIs: 23, Strings: 4, Instructions: 184COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      • #616.MSVBVM60(004196D0,00000001), ref: 0041D37C
      • __vbaStrMove.MSVBVM60 ref: 0041D387
      • __vbaStrCmp.MSVBVM60(00419570,00000000), ref: 0041D393
      • __vbaFreeStr.MSVBVM60 ref: 0041D3A6
      • __vbaNew2.MSVBVM60(00418FC8,00420390), ref: 0041D3C7
      • __vbaHresultCheckObj.MSVBVM60(00000000,0225EDC4,00418FB8,0000001C), ref: 0041D3EC
      • __vbaCastObj.MSVBVM60(?,00418F98), ref: 0041D41D
      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041D428
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00419590,00000058), ref: 0041D442
      • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0041D452
      • __vbaR8Str.MSVBVM60(00418DCC), ref: 0041D460
      • __vbaFPFix.MSVBVM60 ref: 0041D466
      • __vbaFpR8.MSVBVM60 ref: 0041D46C
      • __vbaNew2.MSVBVM60(00418FC8,00420390), ref: 0041D491
      • __vbaCastObj.MSVBVM60(?,00418F98,Ahmadi4), ref: 0041D4AD
      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041D4B8
      • __vbaHresultCheckObj.MSVBVM60(00000000,0225EDC4,00418FB8,00000040), ref: 0041D4D2
      • __vbaFreeObj.MSVBVM60 ref: 0041D4DB
      • #693.MSVBVM60(00419568), ref: 0041D4E6
      • __vbaLateMemCall.MSVBVM60(?,DKZS7J25CXmkxACsM60,00000002), ref: 0041D53B
      • __vbaFreeObj.MSVBVM60(0041D58D), ref: 0041D580
      • __vbaFreeObj.MSVBVM60 ref: 0041D585
      • __vbaFreeObj.MSVBVM60 ref: 0041D58A
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: __vba$Free$CheckHresult$CastNew2$#616#693CallLateListMove
      • String ID: / M$Ahmadi4$DKZS7J25CXmkxACsM60$regnvejrsdage
      • API String ID: 2204028333-2499015258
      • Opcode ID: f65148dda4516f2489459253a01408684c5dd5b5952281d06a8c3e877eaa8a8d
      • Instruction ID: f18641d0949fbe19dcc21701a29f753cb718065ee910ebca43313434301962db
      • Opcode Fuzzy Hash: f65148dda4516f2489459253a01408684c5dd5b5952281d06a8c3e877eaa8a8d
      • Instruction Fuzzy Hash: 36612DB1D40218EFCB04DFA4DD49A9EBBB9FF58701F10812AF905B72A1D7785981CB98
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0041E100, Relevance: 43.9, APIs: 22, Strings: 3, Instructions: 188COMMON
      Download Yara Rule
      C-Code - Quality: 19%
      			E0041E100(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, void* _a12, void* _a16) {
				char _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v40;
				void* _v44;
				void* _v48;
				intOrPtr _v52;
				void* _v56;
				char _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char _v76;
				intOrPtr _v80;
				char* _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				char _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				intOrPtr _v156;
				signed int _v176;
				intOrPtr _v180;
				intOrPtr _v204;
				intOrPtr* _v208;
				intOrPtr _v212;
				signed int _t108;
				signed int _t111;
				intOrPtr _t129;
				intOrPtr* _t131;
				intOrPtr _t132;
				intOrPtr* _t165;
				intOrPtr* _t166;
				intOrPtr* _t167;
				intOrPtr* _t168;
				intOrPtr* _t169;
				void* _t177;
				void* _t179;
				intOrPtr* _t180;

				_t180 = _t179 - 0x18;
				 *[fs:0x0] = _t180;
				L004015C0();
				_v28 = _t180;
				_v24 = 0x4014b8;
				_v20 = 0;
				_v16 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx,  *[fs:0x0], 0x4015c6, _t177);
				_v8 = 1;
				__imp____vbaStrCopy();
				__imp____vbaStrCopy();
				_v8 = 2;
				_v68 = 0x4b;
				_v76 = 2;
				_t108 =  &_v76;
				__imp__#572(_t108);
				__imp____vbaStrMove();
				__imp____vbaStrCmp(0x419650, _t108);
				asm("sbb eax, eax");
				_t111 =  ~( ~( ~_t108));
				_v176 = _t111;
				__imp____vbaFreeStr();
				__imp____vbaFreeVar();
				if(_v176 != 0) {
					_v8 = 3;
					_v8 = 4;
					if( *0x420390 != 0) {
						_v208 = 0x420390;
					} else {
						__imp____vbaNew2(0x418fc8, 0x420390);
						_v208 = 0x420390;
					}
					_v176 =  *_v208;
					_v148 = 0x2de1a4;
					_v156 = 3;
					_v132 = 0x25d0df;
					_v140 = 3;
					_v116 = 0x18;
					_v124 = 2;
					_v100 = 0x3e303a;
					_v108 = 3;
					_v84 = L"Styrtflyvere";
					_v92 = 8;
					L004015C0();
					_t165 = _t180;
					 *_t165 = _v156;
					 *((intOrPtr*)(_t165 + 4)) = _v152;
					 *((intOrPtr*)(_t165 + 8)) = _v148;
					 *((intOrPtr*)(_t165 + 0xc)) = _v144;
					L004015C0();
					_t166 = _t180;
					 *_t166 = _v140;
					 *((intOrPtr*)(_t166 + 4)) = _v136;
					 *((intOrPtr*)(_t166 + 8)) = _v132;
					 *((intOrPtr*)(_t166 + 0xc)) = _v128;
					L004015C0();
					_t167 = _t180;
					 *_t167 = _v124;
					 *((intOrPtr*)(_t167 + 4)) = _v120;
					 *((intOrPtr*)(_t167 + 8)) = _v116;
					 *((intOrPtr*)(_t167 + 0xc)) = _v112;
					L004015C0();
					_t168 = _t180;
					 *_t168 = _v108;
					 *((intOrPtr*)(_t168 + 4)) = _v104;
					_t63 =  &_v100; // 0x3e303a
					 *((intOrPtr*)(_t168 + 8)) =  *_t63;
					 *((intOrPtr*)(_t168 + 0xc)) = _v96;
					L004015C0();
					_t169 = _t180;
					 *_t169 = _v92;
					 *((intOrPtr*)(_t169 + 4)) = _v88;
					 *(_t169 + 8) = _v84;
					 *((intOrPtr*)(_t169 + 0xc)) = _v80;
					_t129 =  *((intOrPtr*)( *_v176 + 0x44))(_v176,  &_v60);
					asm("fclex");
					_v180 = _t129;
					if(_v180 >= 0) {
						_v212 = 0;
					} else {
						_t132 = _v180;
						__imp____vbaHresultCheckObj(_t132, _v176, 0x418fb8, 0x44);
						_v212 = _t132;
					}
					_v204 = _v60;
					_v60 = 0;
					_v68 = _v204;
					_v76 = 9;
					L004015C0();
					_t131 = _t180;
					 *_t131 = _v76;
					 *((intOrPtr*)(_t131 + 4)) = _v72;
					 *((intOrPtr*)(_t131 + 8)) = _v68;
					 *((intOrPtr*)(_t131 + 0xc)) = _v64;
					_t111 = _v40;
					__imp____vbaLateIdSt(_t111, 0);
					__imp____vbaFreeVar();
				}
				_v8 = 6;
				__imp____vbaOnError(0xffffffff);
				_v8 = 7;
				_v52 = 0x3768dc;
				__imp____vbaFreeObj(0x41e432);
				__imp____vbaFreeStr();
				__imp____vbaFreeStr();
				return _t111;
			}
























































      0x0041e103
      0x0041e112
      0x0041e11e
      0x0041e126
      0x0041e129
      0x0041e130
      0x0041e137
      0x0041e147
      0x0041e14a
      0x0041e157
      0x0041e163
      0x0041e169
      0x0041e170
      0x0041e177
      0x0041e17e
      0x0041e182
      0x0041e18d
      0x0041e199
      0x0041e1a1
      0x0041e1a5
      0x0041e1a7
      0x0041e1b1
      0x0041e1ba
      0x0041e1c9
      0x0041e1cf
      0x0041e1d6
      0x0041e1e4
      0x0041e202
      0x0041e1e6
      0x0041e1f0
      0x0041e1f6
      0x0041e1f6
      0x0041e214
      0x0041e21a
      0x0041e224
      0x0041e22e
      0x0041e235
      0x0041e23f
      0x0041e246
      0x0041e24d
      0x0041e254
      0x0041e25b
      0x0041e262
      0x0041e272
      0x0041e277
      0x0041e27f
      0x0041e287
      0x0041e290
      0x0041e299
      0x0041e2a1
      0x0041e2a6
      0x0041e2ae
      0x0041e2b6
      0x0041e2bc
      0x0041e2c2
      0x0041e2ca
      0x0041e2cf
      0x0041e2d4
      0x0041e2d9
      0x0041e2df
      0x0041e2e5
      0x0041e2ed
      0x0041e2f2
      0x0041e2f7
      0x0041e2fc
      0x0041e2ff
      0x0041e302
      0x0041e308
      0x0041e310
      0x0041e315
      0x0041e31a
      0x0041e31f
      0x0041e325
      0x0041e32b
      0x0041e33d
      0x0041e340
      0x0041e342
      0x0041e34f
      0x0041e374
      0x0041e351
      0x0041e35f
      0x0041e366
      0x0041e36c
      0x0041e36c
      0x0041e381
      0x0041e387
      0x0041e394
      0x0041e397
      0x0041e3a3
      0x0041e3a8
      0x0041e3ad
      0x0041e3b2
      0x0041e3b8
      0x0041e3be
      0x0041e3c3
      0x0041e3c7
      0x0041e3d0
      0x0041e3d0
      0x0041e3d6
      0x0041e3df
      0x0041e3e5
      0x0041e3ec
      0x0041e419
      0x0041e422
      0x0041e42b
      0x0041e431

      APIs
      • __vbaChkstk.MSVBVM60(?,004015C6), ref: 0041E11E
      • __vbaStrCopy.MSVBVM60(?,?,?,?,004015C6), ref: 0041E157
      • __vbaStrCopy.MSVBVM60(?,?,?,?,004015C6), ref: 0041E163
      • #572.MSVBVM60(00000002), ref: 0041E182
      • __vbaStrMove.MSVBVM60 ref: 0041E18D
      • __vbaStrCmp.MSVBVM60(00419650,00000000), ref: 0041E199
      • __vbaFreeStr.MSVBVM60 ref: 0041E1B1
      • __vbaFreeVar.MSVBVM60 ref: 0041E1BA
      • __vbaNew2.MSVBVM60(00418FC8,00420390), ref: 0041E1F0
      • __vbaChkstk.MSVBVM60(?), ref: 0041E272
      • __vbaChkstk.MSVBVM60(?), ref: 0041E2A1
      • __vbaChkstk.MSVBVM60(?), ref: 0041E2CA
      • __vbaChkstk.MSVBVM60(?), ref: 0041E2ED
      • __vbaChkstk.MSVBVM60(?), ref: 0041E310
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00418FB8,00000044), ref: 0041E366
      • __vbaChkstk.MSVBVM60 ref: 0041E3A3
      • __vbaLateIdSt.MSVBVM60(?,00000000), ref: 0041E3C7
      • __vbaFreeVar.MSVBVM60 ref: 0041E3D0
      • __vbaOnError.MSVBVM60(000000FF), ref: 0041E3DF
      • __vbaFreeObj.MSVBVM60(0041E432), ref: 0041E419
      • __vbaFreeStr.MSVBVM60 ref: 0041E422
      • __vbaFreeStr.MSVBVM60 ref: 0041E42B
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: __vba$Chkstk$Free$Copy$#572CheckErrorHresultLateMoveNew2
      • String ID: :0>$K$Styrtflyvere
      • API String ID: 2653743283-736788265
      • Opcode ID: dcd1fe8f201540f1dc346a9051b66dfd110fff8bd158f2aa139c1c0ac781bb2d
      • Instruction ID: d6259960bc59118f6c9588299d307e98f6b0ed9f9ec4bb898632046538af357f
      • Opcode Fuzzy Hash: dcd1fe8f201540f1dc346a9051b66dfd110fff8bd158f2aa139c1c0ac781bb2d
      • Instruction Fuzzy Hash: 6C91D4B4A00219DFDB14DF94D988B9DFBB0FF49304F1082A9E809AB391DB789985CF55
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0041D8D0, Relevance: 43.9, APIs: 21, Strings: 4, Instructions: 140COMMON
      Download Yara Rule
      APIs
      • #609.MSVBVM60 ref: 0041D913
      • #557.MSVBVM60(?), ref: 0041D927
      • __vbaFreeVar.MSVBVM60 ref: 0041D943
      • #532.MSVBVM60(LEMMON), ref: 0041D94F
      • __vbaStrCopy.MSVBVM60 ref: 0041D95D
      • #619.MSVBVM60(00000008,?,00000001), ref: 0041D97A
      • __vbaVarTstNe.MSVBVM60(?,00000008), ref: 0041D996
      • __vbaFreeVar.MSVBVM60 ref: 0041D9A1
      • __vbaNew2.MSVBVM60(00418FC8,00420390), ref: 0041D9BA
      • __vbaCastObj.MSVBVM60(?,00418F98,Orthic6), ref: 0041D9D6
      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041D9E1
      • __vbaHresultCheckObj.MSVBVM60(00000000,0225EDC4,00418FB8,00000040), ref: 0041D9FB
      • __vbaFreeObj.MSVBVM60 ref: 0041DA04
      • #592.MSVBVM60(00000008), ref: 0041DA22
      • __vbaFreeVar.MSVBVM60 ref: 0041DA39
      • #716.MSVBVM60(00000002,balconet,00000000), ref: 0041DA4A
      • __vbaLateIdSt.MSVBVM60(?,00000000), ref: 0041DA71
      • __vbaFreeVar.MSVBVM60 ref: 0041DA7A
      • __vbaFreeObj.MSVBVM60(0041DABA), ref: 0041DAA9
      • __vbaFreeStr.MSVBVM60 ref: 0041DAAE
      • __vbaFreeObj.MSVBVM60 ref: 0041DAB7
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: __vba$Free$#532#557#592#609#619#716CastCheckCopyHresultLateNew2
      • String ID: LEMMON$Orthic6$balconet$var
      • API String ID: 659672329-1975531295
      • Opcode ID: a2c318e2a5f35f9d4804225e181fa5ce00584433d5a4fe362c4886650a01a05c
      • Instruction ID: 1cf5b35fb5edf47a53c86b2264972707b610115d36b95a791fd4aa6b5ca10c81
      • Opcode Fuzzy Hash: a2c318e2a5f35f9d4804225e181fa5ce00584433d5a4fe362c4886650a01a05c
      • Instruction Fuzzy Hash: E3512DB5D10259DFCB04DFA4DD88AEEBBB8FF48700F14412AE506B72A0DB745985CB58
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0041CAF0, Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 142COMMON
      Download Yara Rule
      APIs
      • __vbaStrCopy.MSVBVM60 ref: 0041CB5A
      • __vbaStrCopy.MSVBVM60 ref: 0041CB62
      • __vbaAryConstruct2.MSVBVM60(?,00419634,00000008), ref: 0041CB6F
      • #708.MSVBVM60(?,?,004195D8,000000FF,00000000), ref: 0041CB98
      • __vbaAryVar.MSVBVM60(00002008,?), ref: 0041CBA7
      • __vbaAryCopy.MSVBVM60(?,?), ref: 0041CBB8
      • __vbaFreeVar.MSVBVM60 ref: 0041CBC1
      • #709.MSVBVM60(ABC,004195EC,000000FF,00000000), ref: 0041CBD4
      • __vbaNew2.MSVBVM60(00418FC8,00420390), ref: 0041CBF5
      • __vbaHresultCheckObj.MSVBVM60(00000000,0225EDC4,00418FB8,0000004C), ref: 0041CC1A
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,004194C0,00000024), ref: 0041CC48
      • __vbaStrMove.MSVBVM60 ref: 0041CC57
      • __vbaFreeObj.MSVBVM60 ref: 0041CC60
      • __vbaFreeStr.MSVBVM60(0041CCCA), ref: 0041CCA1
      • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 0041CCB6
      • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 0041CCBD
      • __vbaFreeStr.MSVBVM60 ref: 0041CCC2
      • __vbaFreeStr.MSVBVM60 ref: 0041CCC7
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: __vba$Free$Copy$CheckDestructHresult$#708#709Construct2MoveNew2
      • String ID: ABC$AGENTROMANENS$INTIMIDERENDE
      • API String ID: 2689911527-2217087508
      • Opcode ID: 7ef93f432a12f2085a9ffbededa80b2556110ff99c151af70eccc7a85e058a8f
      • Instruction ID: b32451ff75992ec72130d0bb127d975609e53f513c4748972d4bff2b17de4e7e
      • Opcode Fuzzy Hash: 7ef93f432a12f2085a9ffbededa80b2556110ff99c151af70eccc7a85e058a8f
      • Instruction Fuzzy Hash: 7B510871940219AFCB10DFA5DD88ADEBBB9FF48B00F20451AF505B72A0D7745946CF98
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0041DED0, Relevance: 31.6, APIs: 16, Strings: 2, Instructions: 150COMMON
      Download Yara Rule
      APIs
      • __vbaStrCopy.MSVBVM60 ref: 0041DF28
      • __vbaR4Str.MSVBVM60(004197E8), ref: 0041DF33
      • #571.MSVBVM60(00000090), ref: 0041DF4B
      • __vbaRedim.MSVBVM60(00000880,00000010,?,00000000,00000001,00000003,00000000), ref: 0041DF66
      • __vbaVarMove.MSVBVM60 ref: 0041DF93
      • __vbaVarMove.MSVBVM60 ref: 0041DFBB
      • __vbaVarMove.MSVBVM60 ref: 0041DFD4
      • __vbaVarMove.MSVBVM60 ref: 0041DFF7
      • #665.MSVBVM60(?,3F800000,?), ref: 0041E006
      • __vbaErase.MSVBVM60(00000000,?), ref: 0041E012
      • __vbaVarTstNe.MSVBVM60(?,?), ref: 0041E033
      • __vbaFreeVar.MSVBVM60 ref: 0041E03E
      • __vbaLateMemCall.MSVBVM60(?,fWwJoUA211,00000002), ref: 0041E09C
      • #535.MSVBVM60 ref: 0041E0A5
      • __vbaFreeStr.MSVBVM60(0041E0E8), ref: 0041E0D8
      • __vbaFreeObj.MSVBVM60 ref: 0041E0E1
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: __vba$Move$Free$#535#571#665CallCopyEraseLateRedim
      • String ID: fWwJoUA211$fyrsten
      • API String ID: 4182679710-1652693923
      • Opcode ID: 4600cb71727f79699fe6bbc5228d991beb9e5db691721bc7a1595fb5e672ed27
      • Instruction ID: 29456258f6a561efaddf5a2ec61042aad2c26475ed31fa904f408689ff4866c5
      • Opcode Fuzzy Hash: 4600cb71727f79699fe6bbc5228d991beb9e5db691721bc7a1595fb5e672ed27
      • Instruction Fuzzy Hash: 85515CB0D10218DFDB14DFA9DA44B9DBBB8FF48700F10816EE50AAB261C7746945CF95
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0041F200, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 144COMMON
      Download Yara Rule
      APIs
      • __vbaNew2.MSVBVM60(00418FC8,00420390), ref: 0041F273
      • __vbaHresultCheckObj.MSVBVM60(00000000,0225EDC4,00418FB8,00000014), ref: 0041F298
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,004195A0,00000138), ref: 0041F2C5
      • __vbaFreeObj.MSVBVM60 ref: 0041F2CE
      • #598.MSVBVM60 ref: 0041F2D4
      • #713.MSVBVM60(0041965C), ref: 0041F2DF
      • __vbaStrMove.MSVBVM60 ref: 0041F2F0
      • __vbaStrCmp.MSVBVM60(004199D8,00000000), ref: 0041F2F8
      • __vbaFreeStr.MSVBVM60 ref: 0041F30B
      • __vbaVarDup.MSVBVM60 ref: 0041F36B
      • #596.MSVBVM60(?,?,?,?,?,?,?), ref: 0041F390
      • __vbaStrMove.MSVBVM60 ref: 0041F39B
      • __vbaFreeVarList.MSVBVM60(00000007,?,?,?,?,?,?,?), ref: 0041F3BE
      • __vbaFreeStr.MSVBVM60(0041F415), ref: 0041F40E
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: __vba$Free$CheckHresultMove$#596#598#713ListNew2
      • String ID: Brattiness$WORMWEED
      • API String ID: 3835960986-1329719434
      • Opcode ID: a6c4bf91066df5ea06ae6fb43f602f241b29793eb9b99cde75dd78968b8b7694
      • Instruction ID: 487e9de6edf722343b5732fabaee56e441fac62dd3d1d21fdd4af93085ba8f1a
      • Opcode Fuzzy Hash: a6c4bf91066df5ea06ae6fb43f602f241b29793eb9b99cde75dd78968b8b7694
      • Instruction Fuzzy Hash: 3851F8B5D00228AFCB14DFA4DD84AEEBBB8FF58700F14416EE50AA7260DB745945CF58
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0041D110, Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 141COMMON
      Download Yara Rule
      APIs
      • __vbaStrCopy.MSVBVM60 ref: 0041D153
      • #673.MSVBVM60(00000000,40280000,00000000,3FF00000,00000000,3FF00000,00000000,3FF00000,?), ref: 0041D184
      • __vbaFpR8.MSVBVM60 ref: 0041D18A
      • __vbaFreeVar.MSVBVM60 ref: 0041D1A2
      • __vbaNew2.MSVBVM60(00418FC8,00420390), ref: 0041D1C5
      • __vbaHresultCheckObj.MSVBVM60(00000000,0225EDC4,00418FB8,0000001C), ref: 0041D1EA
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00419590,0000005C), ref: 0041D236
      • __vbaStrMove.MSVBVM60 ref: 0041D245
      • __vbaFreeObj.MSVBVM60 ref: 0041D24E
      • __vbaVarDup.MSVBVM60 ref: 0041D267
      • #562.MSVBVM60(00000002), ref: 0041D271
      • __vbaFreeVar.MSVBVM60 ref: 0041D288
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00418AE8,0000015C), ref: 0041D2B3
      • __vbaFreeStr.MSVBVM60(0041D2F5), ref: 0041D2ED
      • __vbaFreeStr.MSVBVM60 ref: 0041D2F2
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: __vba$Free$CheckHresult$#562#673CopyMoveNew2
      • String ID: #
      • API String ID: 2854755871-2455148248
      • Opcode ID: 73aa42266bb0f8db648681f8033bee1c8832a01f6432bc915864a6f25952aed4
      • Instruction ID: b8933a68663f8d609696fb9f0fc7bbd3de994d44c241bc57d4a0be510a4b9c3a
      • Opcode Fuzzy Hash: 73aa42266bb0f8db648681f8033bee1c8832a01f6432bc915864a6f25952aed4
      • Instruction Fuzzy Hash: E3513AB0901219EFCB14DF94DE88ADEBBB4FF48704F10442AE505B72A5D7785A45CFA8
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0041CE40, Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 132COMMON
      Download Yara Rule
      APIs
      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004015C6), ref: 0041CE8C
      • #516.MSVBVM60(00419568), ref: 0041CE97
      • __vbaHresultCheckObj.MSVBVM60(00000000,004013F0,00418AE8,00000084), ref: 0041CEDE
      • __vbaHresultCheckObj.MSVBVM60(00000000,004013F0,00418AE8,000000B0), ref: 0041CF07
      • __vbaInStr.MSVBVM60(00000000,Sternutate5,Reinkarnations6,FF95B7DE), ref: 0041CF29
      • __vbaCyStr.MSVBVM60(00419578), ref: 0041CF34
      • __vbaFpCmpCy.MSVBVM60(00000000), ref: 0041CF42
      • __vbaHresultCheckObj.MSVBVM60(00000000,004013F0,00418AE8,00000160), ref: 0041CF6B
      • __vbaNew2.MSVBVM60(00418FC8,00420390), ref: 0041CF7F
      • __vbaObjSet.MSVBVM60(?,?,liberaliseredes), ref: 0041CF9D
      • __vbaHresultCheckObj.MSVBVM60(00000000,0225EDC4,00418FB8,00000040), ref: 0041CFB7
      • __vbaFreeObj.MSVBVM60 ref: 0041CFBC
      • __vbaFreeStr.MSVBVM60(0041CFEF), ref: 0041CFE8
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: __vba$CheckHresult$Free$#516CopyNew2
      • String ID: Reinkarnations6$Sternutate5$liberaliseredes
      • API String ID: 162232608-491731586
      • Opcode ID: b91bf42c04368c6fafc61729e405a2004b049aacddd057892a4b2b64891e3a9e
      • Instruction ID: 0884467411c4b2960024bad226c383fcd8ff7eb65c8073da26b2b61b117d3246
      • Opcode Fuzzy Hash: b91bf42c04368c6fafc61729e405a2004b049aacddd057892a4b2b64891e3a9e
      • Instruction Fuzzy Hash: 10415071A40208EFCB109F95CD89EDEBBB8FF48740F20442AF545B22A0C7785986CB6D
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0041EAC0, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 122COMMON
      Download Yara Rule
      APIs
      • __vbaStrCopy.MSVBVM60 ref: 0041EB03
      • #592.MSVBVM60(?), ref: 0041EB1B
      • __vbaFreeVar.MSVBVM60 ref: 0041EB38
      • #716.MSVBVM60(00000002,Flormelisens,00000000), ref: 0041EB49
      • __vbaLateIdSt.MSVBVM60(?,00000000), ref: 0041EB70
      • __vbaFreeVar.MSVBVM60 ref: 0041EB79
      • #591.MSVBVM60(00000002), ref: 0041EB8D
      • __vbaStrMove.MSVBVM60 ref: 0041EB98
      • __vbaStrCmp.MSVBVM60(Integer,00000000), ref: 0041EBA4
      • __vbaFreeStr.MSVBVM60 ref: 0041EBB7
      • __vbaFreeVar.MSVBVM60 ref: 0041EBC0
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00418AE8,000002B0), ref: 0041EC23
      • __vbaFreeStr.MSVBVM60(0041EC56), ref: 0041EC46
      • __vbaFreeObj.MSVBVM60 ref: 0041EC4F
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: __vba$Free$#591#592#716CheckCopyHresultLateMove
      • String ID: Flormelisens$Integer
      • API String ID: 1524073685-4215170933
      • Opcode ID: d7f80969213d0ebee8c94df339baa150cfb40bb8f52355a52987040f8b758c94
      • Instruction ID: 456beadb2c36fdf6196fada8d1c640061cf752a4d721179dda4a3cd37323df29
      • Opcode Fuzzy Hash: d7f80969213d0ebee8c94df339baa150cfb40bb8f52355a52987040f8b758c94
      • Instruction Fuzzy Hash: 8E41F7B5D00219DFCB04DFA9D988ADEBBF4EF48704F10811AE916B7250DB349945CFA5
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0041C820, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 120COMMON
      Download Yara Rule
      APIs
      • __vbaStrCopy.MSVBVM60 ref: 0041C872
      • __vbaNew2.MSVBVM60(00418FC8,00420390), ref: 0041C88A
      • __vbaHresultCheckObj.MSVBVM60(00000000,0225EDC4,00418FB8,00000014), ref: 0041C8AF
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,004195A0,000000C0), ref: 0041C8DC
      • __vbaFreeObj.MSVBVM60 ref: 0041C8E5
      • __vbaI4Str.MSVBVM60(004195B4), ref: 0041C8F0
      • #697.MSVBVM60(00000000), ref: 0041C8F7
      • __vbaStrMove.MSVBVM60 ref: 0041C902
      • __vbaStrCmp.MSVBVM60(00419568,00000000), ref: 0041C90E
      • __vbaFreeStr.MSVBVM60 ref: 0041C921
      • __vbaVarDup.MSVBVM60 ref: 0041C95C
      • #595.MSVBVM60(?,00000000,?,?,?), ref: 0041C973
      • __vbaFreeVarList.MSVBVM60(00000004,?,?,?,?), ref: 0041C98B
      • __vbaFreeStr.MSVBVM60(0041C9D3), ref: 0041C9CC
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: __vba$Free$CheckHresult$#595#697CopyListMoveNew2
      • String ID: Ladyfern
      • API String ID: 1407992400-3055842903
      • Opcode ID: 6a2b9f3be4016e9ef6754d36a178e8db9c3fcd18ae520a6aba12c66cab918dbd
      • Instruction ID: e929eb91a8dde3b6ec24e6e31a64798bdd096658176b38d9db0807974d1caf82
      • Opcode Fuzzy Hash: 6a2b9f3be4016e9ef6754d36a178e8db9c3fcd18ae520a6aba12c66cab918dbd
      • Instruction Fuzzy Hash: E44149B5D40218EFCB14DFA4DD88AEEBBB8FF58701F10412AE506B7260D7745945CBA8
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0041ED40, Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 150COMMON
      Download Yara Rule
      APIs
      • __vbaStrCopy.MSVBVM60 ref: 0041ED98
      • __vbaStrCopy.MSVBVM60 ref: 0041EDA0
      • __vbaVarDup.MSVBVM60 ref: 0041EDB7
      • #557.MSVBVM60(?), ref: 0041EDC1
      • __vbaFreeVar.MSVBVM60 ref: 0041EDD8
      • __vbaNew2.MSVBVM60(00418FC8,00420390), ref: 0041EDF9
      • __vbaHresultCheckObj.MSVBVM60(00000000,0225EDC4,00418FB8,00000044), ref: 0041EEC5
      • __vbaLateIdSt.MSVBVM60(?,00000000), ref: 0041EEFC
      • __vbaFreeVar.MSVBVM60 ref: 0041EF05
      • __vbaFreeStr.MSVBVM60(0041EF3F), ref: 0041EF2E
      • __vbaFreeStr.MSVBVM60 ref: 0041EF33
      • __vbaFreeObj.MSVBVM60 ref: 0041EF38
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: __vba$Free$Copy$#557CheckHresultLateNew2
      • String ID: 11/11/11$STJERNEBANNERETS
      • API String ID: 1685214773-2241783135
      • Opcode ID: 7a2dd9c1a480d66bb69a5bfa50950c08d1ac4f2aabaf717d3f0709408f65f399
      • Instruction ID: d9d941dbf0358534cec07e89a24b02f185a38f8ecae1523ae75ed21c64a628b9
      • Opcode Fuzzy Hash: 7a2dd9c1a480d66bb69a5bfa50950c08d1ac4f2aabaf717d3f0709408f65f399
      • Instruction Fuzzy Hash: 156102B4E10219DFCB04DFA8D984A9DBBB4FF48700F20816EE809AB355D735A946CF94
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0041D5C0, Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 127COMMON
      Download Yara Rule
      APIs
      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,004015C6), ref: 0041D5FA
      • __vbaLenBstrB.MSVBVM60(00419738,?,?,?,?,?,?,?,?,?,?,?,?,?,004015C6), ref: 0041D605
      • __vbaNew2.MSVBVM60(00418FC8,00420390,?,?,?,?,?,?,?,?,?,?,?,?,?,004015C6), ref: 0041D626
      • __vbaHresultCheckObj.MSVBVM60(00000000,0225EDC4,00418FB8,0000001C), ref: 0041D64B
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00419590,00000060), ref: 0041D692
      • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004015C6), ref: 0041D69B
      • __vbaR8Str.MSVBVM60(00419578,?,?,?,?,?,?,?,?,?,?,?,?,?,004015C6), ref: 0041D6A6
      • __vbaNew2.MSVBVM60(00418FC8,00420390,?,?,?,?,?,?,?,?,?,?,?,?,?,004015C6), ref: 0041D6CF
      • __vbaHresultCheckObj.MSVBVM60(00000000,0225EDC4,00418FB8,0000001C), ref: 0041D6F4
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00419590,00000060), ref: 0041D739
      • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004015C6), ref: 0041D742
      • __vbaFreeStr.MSVBVM60(0041D764,?,?,?,?,?,?,?,?,?,?,?,?,?,004015C6), ref: 0041D75D
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: __vba$CheckHresult$Free$New2$BstrCopy
      • String ID: Hcf2$selvskyldnerens
      • API String ID: 1694226141-3694423406
      • Opcode ID: 07311f71ee19648413c310d0292b3588c9d9bae00232cd797958f97bd43ae174
      • Instruction ID: badc3960b12bb514c08af50d28d36d2513e2f72c78df006fbc8b63073a0a4653
      • Opcode Fuzzy Hash: 07311f71ee19648413c310d0292b3588c9d9bae00232cd797958f97bd43ae174
      • Instruction Fuzzy Hash: 5541A1B0A40204EFDB14DF54D989B9ABBF5FF48700F20402AE905B72A1D7389881CBAD
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0041E8D0, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 134COMMON
      Download Yara Rule
      APIs
      • __vbaStrCopy.MSVBVM60 ref: 0041E925
      • #675.MSVBVM60(00000000,3FF00000,00000000,3FF00000,00000000,3FF00000,00000000,3FF00000,?,?), ref: 0041E961
      • __vbaFpR8.MSVBVM60 ref: 0041E967
      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0041E992
      • __vbaNew2.MSVBVM60(00418FC8,00420390), ref: 0041E9B6
      • __vbaHresultCheckObj.MSVBVM60(00000000,0225EDC4,00418FB8,0000001C), ref: 0041E9DB
      • __vbaCastObj.MSVBVM60(?,00418F98), ref: 0041EA0F
      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041EA1A
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00419590,00000058), ref: 0041EA34
      • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0041EA44
      • __vbaFreeObj.MSVBVM60(0041EA93), ref: 0041EA83
      • __vbaFreeStr.MSVBVM60 ref: 0041EA8C
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: __vba$Free$CheckHresultList$#675CastCopyNew2
      • String ID: f
      • API String ID: 3755904742-2497717191
      • Opcode ID: 4da5249092f1587329f2110ec6e47803913b7624891bca745f44bc78e340746c
      • Instruction ID: e1a6be81e5bece8410179cc8592734130e030f3fd174e0e3072f2e353b857fcd
      • Opcode Fuzzy Hash: 4da5249092f1587329f2110ec6e47803913b7624891bca745f44bc78e340746c
      • Instruction Fuzzy Hash: 845138B4D00209AFCB14DF95DD49ADEBBB8FF58700F10452AF901B72A0D7785985CBA8
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0041E460, Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 90COMMON
      Download Yara Rule
      APIs
      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004015C6), ref: 0041E4AC
      • __vbaI4Str.MSVBVM60(004195B4), ref: 0041E4B7
      • #537.MSVBVM60(00000000), ref: 0041E4BE
      • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004015C6), ref: 0041E4C9
      • __vbaStrCmp.MSVBVM60(00419568,00000000), ref: 0041E4D5
      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004015C6), ref: 0041E4E8
      • #569.MSVBVM60(0000007D), ref: 0041E4F5
      • __vbaNew2.MSVBVM60(00418FC8,00420390), ref: 0041E50D
      • __vbaHresultCheckObj.MSVBVM60(00000000,0225EDC4,00418FB8,00000014), ref: 0041E532
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,004195A0,00000108), ref: 0041E55C
      • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004015C6), ref: 0041E565
      • __vbaFreeStr.MSVBVM60(0041E596), ref: 0041E58F
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: __vba$Free$CheckHresult$#537#569CopyMoveNew2
      • String ID: Z:
      • API String ID: 206667357-3347152531
      • Opcode ID: 90525d6bf7ec007ca37a277d7c92120b2e9ac09f177a0284d2b688aef910a7e8
      • Instruction ID: 3bf1a9632af7dff5bdfc802cac4ddcd03b12264524b97e09b4c613435b64c840
      • Opcode Fuzzy Hash: 90525d6bf7ec007ca37a277d7c92120b2e9ac09f177a0284d2b688aef910a7e8
      • Instruction Fuzzy Hash: C6317E75940204EFCB00DFA5DD49ADEBBB9EF58705F10801AE942B72A0D7745981CBA8
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0041E6C0, Relevance: 21.1, APIs: 14, Instructions: 129COMMON
      Download Yara Rule
      APIs
      • __vbaStrCopy.MSVBVM60 ref: 0041E70C
      • __vbaStrCopy.MSVBVM60 ref: 0041E714
      • __vbaVarDup.MSVBVM60 ref: 0041E72A
      • #528.MSVBVM60(?,?), ref: 0041E738
      • __vbaVarTstNe.MSVBVM60(?,?), ref: 0041E754
      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0041E767
      • _adj_fdiv_m64.MSVBVM60 ref: 0041E7A1
      • __vbaFpI4.MSVBVM60(434A0000,?,432A0000), ref: 0041E7CA
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00418AE8,000002C0,?,432A0000), ref: 0041E7FE
      • #672.MSVBVM60(00000000,40080000,00000000,3FF00000,00000000,3FF00000,00000000,3FF00000), ref: 0041E81C
      • __vbaFpR8.MSVBVM60(?,432A0000), ref: 0041E822
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00418AE8,0000015C), ref: 0041E855
      • __vbaFreeStr.MSVBVM60(0041E89A), ref: 0041E892
      • __vbaFreeStr.MSVBVM60 ref: 0041E897
      Memory Dump Source
      • Source File: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: __vba$Free$CheckCopyHresult$#528#672List_adj_fdiv_m64
      • String ID:
      • API String ID: 3083713436-0
      • Opcode ID: a85666e7cf2222c0887e8511d9365ae76580ed8155d15532e4780f56cd845aac
      • Instruction ID: f8eca732edf4a466438013f48c10bc575e57b5c88bc8bea6e9f8e73cca5d9f90
      • Opcode Fuzzy Hash: a85666e7cf2222c0887e8511d9365ae76580ed8155d15532e4780f56cd845aac
      • Instruction Fuzzy Hash: 3C414D75800259EFDB109F95ED48EDEBBB8FF98700F10412AE946B72A0C7781945CF98
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0041F440, Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 78COMMON
      Download Yara Rule
      APIs
      • #709.MSVBVM60(ABC,004195EC,000000FF,00000000), ref: 0041F490
      • __vbaNew2.MSVBVM60(00418FC8,00420390,?,?,?,?,?,?,?,?,?,?,?,?,?,004015C6), ref: 0041F4B1
      • __vbaHresultCheckObj.MSVBVM60(00000000,0225EDC4,00418FB8,0000004C), ref: 0041F4D6
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,004194C0,00000024), ref: 0041F504
      • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,004015C6), ref: 0041F513
      • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,004015C6), ref: 0041F51C
      • __vbaFreeStr.MSVBVM60(0041F54D), ref: 0041F546
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: __vba$CheckFreeHresult$#709MoveNew2
      • String ID: ABC$Cowage8$_%/$struktureringens
      • API String ID: 586110247-3033734978
      • Opcode ID: 5735f277963401956e3d349e55f372e477fd2043d57920acaca0e688279e784a
      • Instruction ID: 4a4620da6e7de06a20bacd4259cffe557169844434617441bc8f60ccf763adf5
      • Opcode Fuzzy Hash: 5735f277963401956e3d349e55f372e477fd2043d57920acaca0e688279e784a
      • Instruction Fuzzy Hash: C6215E74940218EFCB00DF95CD49EEEBBB9FF59700F20412AE501B32A1D7785986CBA8
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0041DAD0, Relevance: 18.1, APIs: 12, Instructions: 98COMMON
      Download Yara Rule
      APIs
      • __vbaStrCopy.MSVBVM60 ref: 0041DB19
      • #610.MSVBVM60(?), ref: 0041DB29
      • #661.MSVBVM60(?,004197E0,00000000,3FF00000,?), ref: 0041DB3E
      • #610.MSVBVM60(?), ref: 0041DB48
      • __vbaVarAdd.MSVBVM60(?,?,?,?), ref: 0041DB68
      • __vbaVarTstNe.MSVBVM60(00000000), ref: 0041DB6F
      • __vbaFreeVarList.MSVBVM60(00000004,?,?,?,?), ref: 0041DB8A
      • __vbaNew2.MSVBVM60(00418FC8,00420390), ref: 0041DBAA
      • __vbaObjSetAddref.MSVBVM60(?,?), ref: 0041DBC0
      • __vbaHresultCheckObj.MSVBVM60(00000000,0225EDC4,00418FB8,00000010), ref: 0041DBDA
      • __vbaFreeObj.MSVBVM60 ref: 0041DBE3
      • __vbaFreeStr.MSVBVM60(0041DC24), ref: 0041DC1D
      Memory Dump Source
      • Source File: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: __vba$Free$#610$#661AddrefCheckCopyHresultListNew2
      • String ID:
      • API String ID: 2727823956-0
      • Opcode ID: ac10805d5a20077d47cd2810821c8b6f4dd2316c12d364250446d8a071181564
      • Instruction ID: 230e516ec453a5175dbd12070efc2d2d533779da790f3c4031b2492282223d68
      • Opcode Fuzzy Hash: ac10805d5a20077d47cd2810821c8b6f4dd2316c12d364250446d8a071181564
      • Instruction Fuzzy Hash: B83107B1C00208AFCB14DF94DD89EDEBBB8EF58701F10451AFA02B7264D7746585CBA8
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0041D780, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 90COMMON
      Download Yara Rule
      APIs
      • __vbaStrCopy.MSVBVM60 ref: 0041D7D2
      • __vbaStrCopy.MSVBVM60 ref: 0041D7DA
      • __vbaLenBstrB.MSVBVM60(004195D8), ref: 0041D7E1
      • __vbaNew2.MSVBVM60(00418FC8,00420390), ref: 0041D802
      • __vbaHresultCheckObj.MSVBVM60(00000000,0225EDC4,00418FB8,0000001C), ref: 0041D827
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00419590,00000060), ref: 0041D86C
      • __vbaFreeObj.MSVBVM60 ref: 0041D875
      • __vbaFreeStr.MSVBVM60(0041D8A5), ref: 0041D89D
      • __vbaFreeStr.MSVBVM60 ref: 0041D8A2
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: __vba$Free$CheckCopyHresult$BstrNew2
      • String ID: Pariahdom
      • API String ID: 952761346-409920013
      • Opcode ID: 8d0c61c3786a24bb7f59474b6d023853cdc6c5ff646f79a936cb28797f4d9b54
      • Instruction ID: df778848b83cac648595648754e23b609db191831d98ca29672edbe05925c1f6
      • Opcode Fuzzy Hash: 8d0c61c3786a24bb7f59474b6d023853cdc6c5ff646f79a936cb28797f4d9b54
      • Instruction Fuzzy Hash: BB3130B0D40219EFCB04EF55D945ADEBBF9FF58700F20805AE905B7260D778A941CBA8
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0041CD00, Relevance: 16.6, APIs: 11, Instructions: 84COMMON
      Download Yara Rule
      APIs
      • #589.MSVBVM60(00000001), ref: 0041CD39
      • __vbaNew2.MSVBVM60(00418FC8,00420390), ref: 0041CD58
      • __vbaObjVar.MSVBVM60(?), ref: 0041CD6A
      • __vbaObjSetAddref.MSVBVM60(?,00000000), ref: 0041CD75
      • __vbaHresultCheckObj.MSVBVM60(00000000,0225EDC4,00418FB8,00000010), ref: 0041CD8F
      • __vbaFreeObj.MSVBVM60 ref: 0041CD98
      • __vbaVarDup.MSVBVM60 ref: 0041CDB2
      • #563.MSVBVM60(?), ref: 0041CDBC
      • __vbaFreeVar.MSVBVM60 ref: 0041CDD2
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00418AE8,00000254), ref: 0041CE00
      • __vbaFreeVar.MSVBVM60(0041CE2A), ref: 0041CE23
      Memory Dump Source
      • Source File: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: __vba$Free$CheckHresult$#563#589AddrefNew2
      • String ID:
      • API String ID: 4111642175-0
      • Opcode ID: 6345eadd4e7e2d6d270c3dd391fcdc3e3efa09d9121951f098f249673aea672c
      • Instruction ID: e8d98b2c7b87a31e397c845ccad855d4d782e23e83d2625cadc288dc5b1d9f67
      • Opcode Fuzzy Hash: 6345eadd4e7e2d6d270c3dd391fcdc3e3efa09d9121951f098f249673aea672c
      • Instruction Fuzzy Hash: A3319F71940248EFCB10DF90DE89ADEBBB8FF48701F20442AF546B65A0D7785A85CB68
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0041DD10, Relevance: 15.1, APIs: 10, Instructions: 126COMMON
      Download Yara Rule
      APIs
      • #675.MSVBVM60(00000000,3FF00000,00000000,3FF00000,00000000,3FF00000,00000000,3FF00000,?,?), ref: 0041DD8F
      • __vbaFpR8.MSVBVM60 ref: 0041DD95
      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0041DDC0
      • __vbaNew2.MSVBVM60(00418FC8,00420390), ref: 0041DDE4
      • __vbaHresultCheckObj.MSVBVM60(00000000,0225EDC4,00418FB8,0000001C), ref: 0041DE09
      • __vbaCastObj.MSVBVM60(?,00418F98), ref: 0041DE3D
      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041DE48
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00419590,00000058), ref: 0041DE62
      • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0041DE72
      • __vbaFreeObj.MSVBVM60(0041DEB1), ref: 0041DEAA
      Memory Dump Source
      • Source File: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: __vba$Free$CheckHresultList$#675CastNew2
      • String ID:
      • API String ID: 4155307349-0
      • Opcode ID: 4fd38f950b416b44139c3152e131eb9615502a0a07a035df2b4c93b533c4dfc8
      • Instruction ID: 30143ffcb2d0f2f5482306271d3cbcabbc3e3acf5a87ac2ef34e2dcc27456919
      • Opcode Fuzzy Hash: 4fd38f950b416b44139c3152e131eb9615502a0a07a035df2b4c93b533c4dfc8
      • Instruction Fuzzy Hash: F44148B1D00209ABCB10DF94DD49EEEBBB8FF98701F10412AF905A72A4D7785881CB68
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0041E5C0, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 64COMMON
      Download Yara Rule
      APIs
      • __vbaStrCopy.MSVBVM60 ref: 0041E600
      • #647.MSVBVM60(?,?), ref: 0041E61C
      • __vbaVarTstEq.MSVBVM60(?,?), ref: 0041E638
      • __vbaFreeVarList.MSVBVM60(00000002,0000000A,?), ref: 0041E64B
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00418AE8,00000254), ref: 0041E67C
      • __vbaFreeStr.MSVBVM60(0041E6AB), ref: 0041E6A4
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: __vba$Free$#647CheckCopyHresultList
      • String ID: POSTRACHITIC
      • API String ID: 2401509751-678742266
      • Opcode ID: d61967529939a7df500bbcf9209813b629c69d37ff625f40d88be84309c35d82
      • Instruction ID: 106ca65eebfa990dd8e8ba581cdf9dcf879d6bdd338cd88f6cbcb4d6f9554d25
      • Opcode Fuzzy Hash: d61967529939a7df500bbcf9209813b629c69d37ff625f40d88be84309c35d82
      • Instruction Fuzzy Hash: C6213AB5C41208AFCB00DF95DA48ADEBBF8EF58705F60401AE505B7260C7745A45CB69
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0041F580, Relevance: 12.1, APIs: 8, Instructions: 79COMMON
      Download Yara Rule
      APIs
      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004015C6), ref: 0041F5D5
      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004015C6), ref: 0041F5DD
      • __vbaNew2.MSVBVM60(00418FC8,00420390), ref: 0041F5F1
      • __vbaHresultCheckObj.MSVBVM60(00000000,0225EDC4,00418FB8,00000014), ref: 0041F616
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,004195A0,00000078), ref: 0041F63A
      • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004015C6), ref: 0041F643
      • __vbaFreeStr.MSVBVM60(0041F67A), ref: 0041F672
      • __vbaFreeStr.MSVBVM60 ref: 0041F677
      Memory Dump Source
      • Source File: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: __vba$Free$CheckCopyHresult$New2
      • String ID:
      • API String ID: 2951551410-0
      • Opcode ID: d67e7590e2c40d502d29ec0e80f4620948d59080ca60edef99697370645eaab3
      • Instruction ID: 8766841f2600c9b86615c1fb9893fd5ce74e3509c5d272ebdfef5de3a4be91b3
      • Opcode Fuzzy Hash: d67e7590e2c40d502d29ec0e80f4620948d59080ca60edef99697370645eaab3
      • Instruction Fuzzy Hash: 5B31FC75D40619AFCB00DFA5DD45ADEBBB8FF98710F10802AE805B7260D7785946CFA8
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0041EC70, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 52COMMON
      Download Yara Rule
      APIs
      • #693.MSVBVM60(00419568), ref: 0041ECA9
      • __vbaLateMemCall.MSVBVM60(?,jzctSVi5FWdAxrCVevklAQhR5ry7101,00000002), ref: 0041ECFE
      • __vbaFreeObj.MSVBVM60(0041ED1D), ref: 0041ED16
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: __vba$#693CallFreeLate
      • String ID: *n'$INSTRUKSERNES$jzctSVi5FWdAxrCVevklAQhR5ry7101
      • API String ID: 1592858805-1345887564
      • Opcode ID: aadfc9e1e1ab0f4e7830810e63693a00ed2e4a4d2828b94b2bce1280c45d115d
      • Instruction ID: 34a3d8705ee8ee200a84ebf2534b162aaf3851a2347d6a979a46b57269fdec88
      • Opcode Fuzzy Hash: aadfc9e1e1ab0f4e7830810e63693a00ed2e4a4d2828b94b2bce1280c45d115d
      • Instruction Fuzzy Hash: 34115BB4D00209AFC704EF6DCA46B9EBBF4FB48704F24802AE409AB350D3399941CB95
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0041C9F0, Relevance: 9.1, APIs: 6, Instructions: 64COMMON
      Download Yara Rule
      APIs
      • __vbaNew2.MSVBVM60(00418FC8,00420390,?,?,?,?,?,?,?,?,?,?,?,?,004015C6), ref: 0041CA37
      • __vbaHresultCheckObj.MSVBVM60(00000000,0225EDC4,00418FB8,00000014), ref: 0041CA5C
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,004195A0,000000E0), ref: 0041CA86
      • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,004015C6), ref: 0041CA95
      • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,004015C6), ref: 0041CA9E
      • __vbaFreeStr.MSVBVM60(0041CACF), ref: 0041CAC8
      Memory Dump Source
      • Source File: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: __vba$CheckFreeHresult$MoveNew2
      • String ID:
      • API String ID: 2347022188-0
      • Opcode ID: 0dc01c155d7804a57e6d23aadfeb729cb5c1390c36b10a9ad23789016fd9de7d
      • Instruction ID: 39f1dc6a701b86b38c5fa93a3123c012917fbfa630da08b9536b1184437b34fc
      • Opcode Fuzzy Hash: 0dc01c155d7804a57e6d23aadfeb729cb5c1390c36b10a9ad23789016fd9de7d
      • Instruction Fuzzy Hash: D4215B70940209AFCB05DF55CD89EEEBBB8FF58741F10411AF901B32A0D7785982CBA8
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0041D020, Relevance: 9.1, APIs: 6, Instructions: 63COMMON
      Download Yara Rule
      APIs
      • __vbaNew2.MSVBVM60(00418FC8,00420390,?,?,?,?,?,?,?,?,?,?,?,004015C6), ref: 0041D067
      • __vbaHresultCheckObj.MSVBVM60(00000000,0225EDC4,00418FB8,00000014,?,?,?,?,?,?,?,?,?,?,?,004015C6), ref: 0041D08C
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,004195A0,000000E0,?,?,?,?,?,?,?,?,?,?,?,004015C6), ref: 0041D0B6
      • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,004015C6), ref: 0041D0C5
      • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,004015C6), ref: 0041D0CE
      • __vbaFreeStr.MSVBVM60(0041D0F8,?,?,?,?,?,?,?,?,?,?,?,004015C6), ref: 0041D0F1
      Memory Dump Source
      • Source File: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: __vba$CheckFreeHresult$MoveNew2
      • String ID:
      • API String ID: 2347022188-0
      • Opcode ID: 14de3b1a3b4eee7004bc76dfd50172a0c0e32a12aaf4277a7128176e7a7a0a64
      • Instruction ID: d8ae48522fba6f0ea055929ab5103c02c70c001f5a6ee4a6ffd6610f561359e6
      • Opcode Fuzzy Hash: 14de3b1a3b4eee7004bc76dfd50172a0c0e32a12aaf4277a7128176e7a7a0a64
      • Instruction Fuzzy Hash: 882151B4D40209AFCB14DF55CD89EEEBBB8FF58705F20441AF501B32A0D6785986CBA9
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0041DC40, Relevance: 9.1, APIs: 6, Instructions: 51COMMON
      Download Yara Rule
      APIs
      • __vbaOnError.MSVBVM60(00000000), ref: 0041DC84
      • #613.MSVBVM60(?,?), ref: 0041DC9D
      • __vbaStrVarMove.MSVBVM60(?), ref: 0041DCA7
      • __vbaStrMove.MSVBVM60 ref: 0041DCB2
      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0041DCC1
      • __vbaFreeStr.MSVBVM60(0041DCEF), ref: 0041DCE8
      Memory Dump Source
      • Source File: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: __vba$FreeMove$#613ErrorList
      • String ID:
      • API String ID: 3707155126-0
      • Opcode ID: 2d4aa3d804bc772975bfe2d7451f5711df95ad9830c38b565cf3d90e07f885c0
      • Instruction ID: 7f0845ded8def6d28eef0f87a4af2c47446567ab39f1d6f9b0513e8c1c44ab8c
      • Opcode Fuzzy Hash: 2d4aa3d804bc772975bfe2d7451f5711df95ad9830c38b565cf3d90e07f885c0
      • Instruction Fuzzy Hash: F111FBB5C00258AFCB04DFA9D948ADEBBB8FB48700F10C52AF512B6260D7785605CFA5
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0041C570, Relevance: 6.0, APIs: 4, Instructions: 47COMMON
      Download Yara Rule
      APIs
      • __vbaVarDup.MSVBVM60 ref: 0041C5B4
      • #563.MSVBVM60(00000000), ref: 0041C5BE
      • __vbaFreeVar.MSVBVM60 ref: 0041C5D4
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00418AE8,00000254), ref: 0041C602
      Memory Dump Source
      • Source File: 00000000.00000002.1010716535.0000000000411000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.1010677086.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010684944.0000000000401000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010702451.0000000000404000.00000020.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010730564.0000000000420000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.1010741889.0000000000422000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_OrdineFornitore_Nr_2021_OV_445.jbxd
      Similarity
      • API ID: __vba$#563CheckFreeHresult
      • String ID:
      • API String ID: 912165593-0
      • Opcode ID: 1053e860d4ddcde748986b49a0c077e2d4803402542ccf74f1cadbaa4a9c1e61
      • Instruction ID: 9d0cdb20d62ec6ad919d18b6a58b294ab71512f455de67e1c6e4784567617810
      • Opcode Fuzzy Hash: 1053e860d4ddcde748986b49a0c077e2d4803402542ccf74f1cadbaa4a9c1e61
      • Instruction Fuzzy Hash: F1016D75941258ABCB04DFA0CD89BCEBBB8FF48B45F10402AF542B7190D7785588CBA9
      Uniqueness

      Uniqueness Score: -1.00%