Play interactive tour

Edit tour

Windows Analysis Report Cailbers22LongRiflorderlist.exe

Overview

General Information

Sample Name:	Cailbers22LongRiflorderlist.exe
Analysis ID:	434934
MD5:	da7e577b39dc1882d8c2f5819ead22e3
SHA1:	4c7ff9565349068f73d96f48423ee5ae4f832fa6
SHA256:	66e4fb4c25d6f26bd7322782642f7b3ffd5747ca736e64868f8a3c76467bf8c0
Tags:	exe
Infos:
Most interesting Screenshot:

Detection

GuLoader

Score:	80
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Yara detected GuLoader

C2 URLs / IPs found in malware configuration

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Detected RDTSC dummy instruction sequence (likely for instruction hammering)

Found potential dummy code loops (likely to delay analysis)

Initial sample is a PE file and has a suspicious name

Tries to detect virtualization through RDTSC time measurements

Abnormal high CPU Usage

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Creates a DirectInput object (often for capturing keystrokes)

Detected potential crypto function

PE file contains strange resources

Program does not show much activity (idle)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

Cailbers22LongRiflorderlist.exe (PID: 6364 cmdline: 'C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe' MD5: DA7E577B39DC1882D8C2F5819EAD22E3)

cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "https://onedrive.live.com/download?cid=CF699836D17ED884&resid=CF699836D17ED884%21110&authkey=AB6GufhtYFcXJ00P*"}

Yara Overview

Initial Sample

Source	Rule	Description	Author	Strings
Cailbers22LongRiflorderlist.exe	JoeSecurity_GuLoader_1	Yara detected GuLoader	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000000.329521263.0000000000401000.00000020.00020000.sdmp	JoeSecurity_GuLoader_1	Yara detected GuLoader	Joe Security
00000000.00000002.697011620.0000000000401000.00000020.00020000.sdmp	JoeSecurity_GuLoader_1	Yara detected GuLoader	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.Cailbers22LongRiflorderlist.exe.400000.0.unpack	JoeSecurity_GuLoader_1	Yara detected GuLoader	Joe Security
0.0.Cailbers22LongRiflorderlist.exe.400000.0.unpack	JoeSecurity_GuLoader_1	Yara detected GuLoader	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp

Malware Configuration Extractor: GuLoader {"Payload URL": "https://onedrive.live.com/download?cid=CF699836D17ED884&resid=CF699836D17ED884%21110&authkey=AB6GufhtYFcXJ00P*"}

Source: Cailbers22LongRiflorderlist.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Networking:

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor

URLs: https://onedrive.live.com/download?cid=CF699836D17ED884&resid=CF699836D17ED884%21110&authkey=AB6GufhtYFcXJ00P*

Source: Cailbers22LongRiflorderlist.exe, 00000000.00000002.699942002.000000000077A000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary:

Initial sample is a PE file and has a suspicious name

Show sources

Source: initial sample

Static PE information: Filename: Cailbers22LongRiflorderlist.exe

Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe

Process Stats: CPU usage > 98%

Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02225909 NtAllocateVirtualMemory,	0_2_02225909
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02225A23 NtAllocateVirtualMemory,	0_2_02225A23
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02225A6C NtAllocateVirtualMemory,	0_2_02225A6C
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02225AC6 NtAllocateVirtualMemory,	0_2_02225AC6
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02225B2C NtAllocateVirtualMemory,	0_2_02225B2C
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02225B4F NtAllocateVirtualMemory,	0_2_02225B4F
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02225938 NtAllocateVirtualMemory,	0_2_02225938
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02225998 NtAllocateVirtualMemory,	0_2_02225998
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_022259F0 NtAllocateVirtualMemory,	0_2_022259F0

Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_00412054	0_2_00412054
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02225909	0_2_02225909
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02222A24	0_2_02222A24
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_0222263A	0_2_0222263A
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02221216	0_2_02221216
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02223E1C	0_2_02223E1C
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02223E64	0_2_02223E64
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02223A6A	0_2_02223A6A
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02222A68	0_2_02222A68
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_0222127C	0_2_0222127C
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02224248	0_2_02224248
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02227E5E	0_2_02227E5E
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02224284	0_2_02224284
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02222688	0_2_02222688
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02223A93	0_2_02223A93
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02223A9C	0_2_02223A9C
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02223AE8	0_2_02223AE8
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_022212C2	0_2_022212C2
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02222AC0	0_2_02222AC0
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02223EC0	0_2_02223EC0
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_022256C8	0_2_022256C8
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_022242D0	0_2_022242D0
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02220ED8	0_2_02220ED8
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02220F32	0_2_02220F32
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02224338	0_2_02224338
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02223F0A	0_2_02223F0A
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02221308	0_2_02221308
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02222B1A	0_2_02222B1A
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02223B64	0_2_02223B64
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02223B44	0_2_02223B44
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02220F50	0_2_02220F50
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02223F50	0_2_02223F50
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_022267A1	0_2_022267A1
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_022243A4	0_2_022243A4
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02222BBA	0_2_02222BBA
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02223B88	0_2_02223B88
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02222B9A	0_2_02222B9A
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02223F98	0_2_02223F98
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02223FE1	0_2_02223FE1
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02223BEC	0_2_02223BEC
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02220FC4	0_2_02220FC4
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_0222402C	0_2_0222402C
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02223C34	0_2_02223C34
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02222C35	0_2_02222C35
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02221014	0_2_02221014
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02223467	0_2_02223467
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02221068	0_2_02221068
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02223470	0_2_02223470
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_0222207E	0_2_0222207E
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02222C4E	0_2_02222C4E
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02224454	0_2_02224454
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_022210AC	0_2_022210AC
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_022244B0	0_2_022244B0
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_022294B1	0_2_022294B1
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_022234B4	0_2_022234B4
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02223C81	0_2_02223C81
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02222C92	0_2_02222C92
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_0222949A	0_2_0222949A
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02223899	0_2_02223899
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_022294E4	0_2_022294E4
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_022244EA	0_2_022244EA
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_022210F0	0_2_022210F0
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_022294C6	0_2_022294C6
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02222CDA	0_2_02222CDA
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02223CDA	0_2_02223CDA
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02222D2D	0_2_02222D2D
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02223D32	0_2_02223D32
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_0222253B	0_2_0222253B
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02225938	0_2_02225938
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02224102	0_2_02224102
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_0222350A	0_2_0222350A
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02223170	0_2_02223170
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02229578	0_2_02229578
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02224140	0_2_02224140
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02224546	0_2_02224546
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02222544	0_2_02222544
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_022225A9	0_2_022225A9
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_022241AC	0_2_022241AC
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_022219BB	0_2_022219BB
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02221180	0_2_02221180
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02222981	0_2_02222981
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02223D86	0_2_02223D86
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02222984	0_2_02222984
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02229590	0_2_02229590
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02225998	0_2_02225998
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_022225F0	0_2_022225F0
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_022245F4	0_2_022245F4
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_022229C2	0_2_022229C2
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02223DC6	0_2_02223DC6
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_022211CC	0_2_022211CC
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_022241D8	0_2_022241D8

Source: Cailbers22LongRiflorderlist.exe

Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: Cailbers22LongRiflorderlist.exe, 00000000.00000002.699405710.0000000000442000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameNonamorousness5.exe vs Cailbers22LongRiflorderlist.exe
Source: Cailbers22LongRiflorderlist.exe, 00000000.00000002.700365167.0000000002210000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameuser32j% vs Cailbers22LongRiflorderlist.exe
Source: Cailbers22LongRiflorderlist.exe	Binary or memory string: OriginalFilenameNonamorousness5.exe vs Cailbers22LongRiflorderlist.exe

Source: Cailbers22LongRiflorderlist.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: classification engine

Classification label: mal80.troj.evad.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe

File created: C:\Users\user\AppData\Local\Temp\~DFEDBE4090EBA1C181.TMP

Jump to behavior

Source: Cailbers22LongRiflorderlist.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe

Section loaded: C:\Windows\SysWOW64\msvbvm60.dll

Jump to behavior

Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Data Obfuscation:

Yara detected GuLoader

Show sources

Source: Yara match	File source: Cailbers22LongRiflorderlist.exe, type: SAMPLE
Source: Yara match	File source: 00000000.00000000.329521263.0000000000401000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.697011620.0000000000401000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0.2.Cailbers22LongRiflorderlist.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.Cailbers22LongRiflorderlist.exe.400000.0.unpack, type: UNPACKEDPE

Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_0040A5BD push esp; retf		0_2_0040A5D9
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02228AED push eax; ret		0_2_02228AEE

Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Show sources

Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_022294B1	0_2_022294B1
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_0222949A	0_2_0222949A
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_022294E4	0_2_022294E4
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_022294FE	0_2_022294FE
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_022294C6	0_2_022294C6
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02229532	0_2_02229532
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_0222951C	0_2_0222951C
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02229560	0_2_02229560
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02229578	0_2_02229578
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02222981	0_2_02222981
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02229590	0_2_02229590

Detected RDTSC dummy instruction sequence (likely for instruction hammering)

Show sources

Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe

RDTSC instruction interceptor: First address: 0000000002229837 second address: 0000000002229837 instructions:

Tries to detect virtualization through RDTSC time measurements

Show sources

Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	RDTSC instruction interceptor: First address: 0000000002229837 second address: 0000000002229837 instructions:
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	RDTSC instruction interceptor: First address: 00000000022252B7 second address: 0000000002225356 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b mov ecx, 39CEE144h 0x00000010 xor ecx, 97ACFF28h 0x00000016 xor ecx, 6735B1C6h 0x0000001c jmp 00007FBB14A12776h 0x0000001e cmp ch, dh 0x00000020 sub ecx, C8AE504Ah 0x00000026 mov dword ptr [ebp+00000211h], eax 0x0000002c cmp al, cl 0x0000002e mov eax, ecx 0x00000030 push eax 0x00000031 mov eax, dword ptr [ebp+00000211h] 0x00000037 call 00007FBB14A127ACh 0x0000003c call 00007FBB14A127B5h 0x00000041 lfence 0x00000044 mov edx, 361ACA44h 0x00000049 xor edx, 29F260C9h 0x0000004f sub edx, 4BA41BD5h 0x00000055 xor edx, ABBA8EACh 0x0000005b mov edx, dword ptr [edx] 0x0000005d lfence 0x00000060 ret 0x00000061 mov esi, edx 0x00000063 pushad 0x00000064 rdtsc
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	RDTSC instruction interceptor: First address: 0000000002225356 second address: 000000000222532F instructions: 0x00000000 rdtsc 0x00000002 mov eax, 6CD18E72h 0x00000007 sub eax, 719C9E22h 0x0000000c xor eax, 72732D15h 0x00000011 sub eax, 8947DD44h 0x00000016 cpuid 0x00000018 jmp 00007FBB14B576F2h 0x0000001a test cl, cl 0x0000001c popad 0x0000001d call 00007FBB14B57700h 0x00000022 lfence 0x00000025 mov edx, 361ACA44h 0x0000002a xor edx, 29F260C9h 0x00000030 sub edx, 4BA41BD5h 0x00000036 xor edx, ABBA8EACh 0x0000003c mov edx, dword ptr [edx] 0x0000003e lfence 0x00000041 ret 0x00000042 sub edx, esi 0x00000044 ret 0x00000045 test eax, 78C4E04Dh 0x0000004a pop ecx 0x0000004b jmp 00007FBB14B576F6h 0x0000004d test bl, al 0x0000004f add edi, edx 0x00000051 test dh, FFFFFFE0h 0x00000054 dec ecx 0x00000055 pushad 0x00000056 lfence 0x00000059 rdtsc
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	RDTSC instruction interceptor: First address: 000000000222532F second address: 0000000002225356 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b cmp ecx, 00000000h 0x0000000e jne 00007FBB14A12714h 0x00000010 mov dword ptr [ebp+00000211h], eax 0x00000016 cmp al, cl 0x00000018 mov eax, ecx 0x0000001a push eax 0x0000001b mov eax, dword ptr [ebp+00000211h] 0x00000021 call 00007FBB14A127ACh 0x00000026 call 00007FBB14A127B5h 0x0000002b lfence 0x0000002e mov edx, 361ACA44h 0x00000033 xor edx, 29F260C9h 0x00000039 sub edx, 4BA41BD5h 0x0000003f xor edx, ABBA8EACh 0x00000045 mov edx, dword ptr [edx] 0x00000047 lfence 0x0000004a ret 0x0000004b mov esi, edx 0x0000004d pushad 0x0000004e rdtsc

Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe

Code function: 0_2_02225909 rdtsc

0_2_02225909

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Anti Debugging:

Found potential dummy code loops (likely to delay analysis)

Show sources

Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe

Process Stats: CPU usage > 90% for more than 60s

Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe

Code function: 0_2_02225909 rdtsc

0_2_02225909

Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02225204 mov eax, dword ptr fs:[00000030h]	0_2_02225204
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02227EEA mov eax, dword ptr fs:[00000030h]	0_2_02227EEA
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02227B6C mov eax, dword ptr fs:[00000030h]	0_2_02227B6C
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02223467 mov eax, dword ptr fs:[00000030h]	0_2_02223467
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02223470 mov eax, dword ptr fs:[00000030h]	0_2_02223470
Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe	Code function: 0_2_02222981 mov eax, dword ptr fs:[00000030h]	0_2_02222981

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: Cailbers22LongRiflorderlist.exe, 00000000.00000002.700096171.0000000000E00000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: Cailbers22LongRiflorderlist.exe, 00000000.00000002.700096171.0000000000E00000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: Cailbers22LongRiflorderlist.exe, 00000000.00000002.700096171.0000000000E00000.00000002.00000001.sdmp	Binary or memory string: &Program Manager
Source: Cailbers22LongRiflorderlist.exe, 00000000.00000002.700096171.0000000000E00000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe

Code function: 0_2_02220691 cpuid

0_2_02220691

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Virtualization/Sandbox Evasion11	Input Capture1	Security Software Discovery41	Remote Services	Input Capture1	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Virtualization/Sandbox Evasion11	Remote Desktop Protocol	Archive Collected Data1	Exfiltration Over Bluetooth	Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information1	Security Account Manager	Process Discovery1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Information Discovery311	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Cailbers22LongRiflorderlist.exe	2%	ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://onedrive.live.com/download?cid=CF699836D17ED884&resid=CF699836D17ED884%21110&authkey=AB6GufhtYFcXJ00P*	false		high

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:	32.0.0 Black Diamond
Analysis ID:	434934
Start date:	15.06.2021
Start time:	16:55:18
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	Cailbers22LongRiflorderlist.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	21
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal80.troj.evad.winEXE@1/0@0/0
EGA Information:	Failed
HDC Information:	Successful, ratio: 2.8% (good quality ratio 0.1%) Quality average: 4.9% Quality standard deviation: 19.8%
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe Override analysis time to 240s for sample files taking high CPU consumption
Warnings:	Show All Max analysis timeout: 220s exceeded, the analysis took too long Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe Not all processes where analyzed, report is missing behavior information VT rate limit hit for: /opt/package/joesandbox/database/analysis/434934/sample/Cailbers22LongRiflorderlist.exe

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.908882457092713
TrID:	Win32 Executable (generic) a (10002005/4) 99.15% Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Cailbers22LongRiflorderlist.exe
File size:	270336
MD5:	da7e577b39dc1882d8c2f5819ead22e3
SHA1:	4c7ff9565349068f73d96f48423ee5ae4f832fa6
SHA256:	66e4fb4c25d6f26bd7322782642f7b3ffd5747ca736e64868f8a3c76467bf8c0
SHA512:	1d0ba9a828c6ed666ad5a7ac4bfc79f2f3ba2b8f555b02980365fa686296ac8bbb2fc4cd2a0e265d2c2967d45005bcab54b9d4114410b4ffb2f75df0be7988f7
SSDEEP:	3072:SH1hZYJQKX+an/XNSn3N59UN9+xc9+OTPl3p1YCxsaX5vt42TM:eyvNy5aN8xK+OB3zYwHo
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........c.S............&........ .......$......Rich....................PE..L....8.P.....................0.......(............@........

File Icon


Icon Hash:	2828bae9d2777576

Static PE Info

General
Entrypoint:	0x402894
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL Characteristics:
Time Stamp:	0x50E938CB [Sun Jan 6 08:41:47 2013 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	adaafa2c180eccb7addf1201d12c8322

Entrypoint Preview

Instruction
push 004035CCh
call 00007FBB149B2783h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
inc eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], bh
in eax, dx
lodsb
fxch7 st(7)
inc ecx
xchg eax, esi
or eax, CE5BEE49h
jle 00007FBB149B27DFh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax], eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
insb
imul esi, dword ptr [ebx+74h], 6C617665h
add byte ptr [bx+si], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add bh, bh
int3
xor dword ptr [eax], eax
add byte ptr [edi+00h], dh
scasb
push es
add byte ptr [edi-2877B1F6h], cl
mov esi, EDC7B255h
sbb dword ptr [eax-24h], FFFFFFF2h
sbb edi, dword ptr [ecx]
dec esi
mov ebx, 6A7E8640h
lds esi, fword ptr [ecx]
jmp 00007FBB63D55FFBh
lodsd
xor ebx, dword ptr [ecx-48EE309Ah]
or al, 00h
stosb
add byte ptr [eax-2Dh], ah
xchg eax, ebx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
mov es, word ptr [esi]
add byte ptr [eax], al
mov dword ptr [esi], eax
add byte ptr [eax], al
add byte ptr [edx], cl
add byte ptr [ebx+74h], dl
popad
jc 00007FBB149B27FAh
jc 00007FBB149B27C6h
add byte ptr [42000B01h], cl
jc 00007FBB149B27F8h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x3e9f4	0x28	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x42000	0x9ec	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x230	0x20
IMAGE_DIRECTORY_ENTRY_IAT	0x1000	0x1b0	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x3e0ac	0x3f000	False	0.288361080109	data	6.04226982534	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.data	0x40000	0x1be8	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x42000	0x9ec	0x1000	False	0.229248046875	data	2.11966183681	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0x42704	0x2e8	data
RT_ICON	0x4251c	0x1e8	data
RT_ICON	0x423f4	0x128	GLS_BINARY_LSB_FIRST
RT_GROUP_ICON	0x423c4	0x30	data
RT_VERSION	0x42150	0x274	data	English	United States

Imports

DLL

Import

MSVBVM60.DLL

_CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaAryMove, __vbaStrVarMove, __vbaLineInputStr, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaRecAnsiToUni, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFpR8, _CIsin, __vbaChkstk, __vbaFileClose, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaAryConstruct2, __vbaI2I4, __vbaObjVar, DllFunctionCall, _adj_fpatan, __vbaRedim, __vbaRecUniToAnsi, EVENT_SINK_Release, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaStrVarVal, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaNew2, __vbaVar2Vec, __vbaInStr, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaLateMemCall, __vbaVarDup, __vbaStrToAnsi, __vbaFpI4, __vbaVarLateMemCallLd, __vbaLateMemCallLd, _CIatan, __vbaStrMove, __vbaCastObj, _allmul, __vbaLateIdSt, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr

Version Infos

Description	Data
Translation	0x0409 0x04b0
InternalName	Nonamorousness5
FileVersion	1.00
CompanyName	Orion Solutions
Comments	Orion Solutions
ProductName	listevalg
ProductVersion	1.00
OriginalFilename	Nonamorousness5.exe

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

System Behavior

Analysis Process: Cailbers22LongRiflorderlist.exe PID: 6364 Parent PID: 5880

General

Start time:	16:56:09
Start date:	15/06/2021
Path:	C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe'
Imagebase:	0x400000
File size:	270336 bytes
MD5 hash:	DA7E577B39DC1882D8C2F5819EAD22E3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Visual Basic
Yara matches:	Rule: JoeSecurity_GuLoader_1, Description: Yara detected GuLoader, Source: 00000000.00000000.329521263.0000000000401000.00000020.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_GuLoader_1, Description: Yara detected GuLoader, Source: 00000000.00000002.697011620.0000000000401000.00000020.00020000.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: Cailbers22LongRiflorderlist.exe PID: 6364 Parent PID: 5880 Cailbers22LongRiflorderlist.exeCOMMON

Executed Functions

Function 02225909, Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 393memorynativeCOMMON

Download Yara Rule

APIs

NtAllocateVirtualMemory.NTDLL(0000014C,CC36397B,0000014C), ref: 02225B57

Strings

r, xrefs: 02220891
h[, xrefs: 02225B40

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID: AllocateMemoryVirtual
String ID: h[$r
API String ID: 2167126740-1806513824
Opcode ID: 25d6ccaec5aa9e8399db736f7d88a64076b478baeadb449f97f95987ac8c8424
Instruction ID: 34d72cc17f44cf911c1b817447596633f168d0a559309417e49c980a9ed0c98c
Opcode Fuzzy Hash: 25d6ccaec5aa9e8399db736f7d88a64076b478baeadb449f97f95987ac8c8424
Instruction Fuzzy Hash: ABD1B071624359EFDB34AEB4CC613EB37A2EF55350F95802ECC869B118D7358989CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02225938, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 166memorynativeCOMMON

Download Yara Rule

APIs

NtAllocateVirtualMemory.NTDLL(0000014C,CC36397B,0000014C), ref: 02225B57

Strings

h[, xrefs: 02225B40

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID: AllocateMemoryVirtual
String ID: h[
API String ID: 2167126740-1238515259
Opcode ID: 3b7c4f21992cd986f5ec6e44dd82d4ceeb83e8855ba615256cb3ac36cf8e8309
Instruction ID: 97eabcfb88564d55f5cc781b05740f85d32d3e0e5e720d8c1aaad7709e80e775
Opcode Fuzzy Hash: 3b7c4f21992cd986f5ec6e44dd82d4ceeb83e8855ba615256cb3ac36cf8e8309
Instruction Fuzzy Hash: 0A5168B1620359AFDB359E65CCB17EB77A6EF49310FD9402EDC4A8B214C7318999CB02

Uniqueness

Uniqueness Score: -1.00%

Function 02225A23, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 147memorynativeCOMMON

Download Yara Rule

APIs

NtAllocateVirtualMemory.NTDLL(0000014C,CC36397B,0000014C), ref: 02225B57

Strings

h[, xrefs: 02225B40

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID: AllocateMemoryVirtual
String ID: h[
API String ID: 2167126740-1238515259
Opcode ID: f18b3d70e1087bcd2d57d7099fb97a7c646855e8439d04693beede2643665d48
Instruction ID: 028691b87de1695f735d4ca57982f7b3eb7cb484ee9dee727da903121fada8c9
Opcode Fuzzy Hash: f18b3d70e1087bcd2d57d7099fb97a7c646855e8439d04693beede2643665d48
Instruction Fuzzy Hash: 8F4158B1630359AFEB359E658CA17EF37A2AF59300FD9412DCC0A9B219C3358959CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02225998, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 147memorynativeCOMMON

Download Yara Rule

APIs

NtAllocateVirtualMemory.NTDLL(0000014C,CC36397B,0000014C), ref: 02225B57

Strings

h[, xrefs: 02225B40

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID: AllocateMemoryVirtual
String ID: h[
API String ID: 2167126740-1238515259
Opcode ID: 8c9dd2339184564412327e8cb6d87f2639938bec7c88f5a46fc7255631e8047b
Instruction ID: 654726d283e8a70e7faf13e96efc91cbf717707dd80d1e6318565b854de00310
Opcode Fuzzy Hash: 8c9dd2339184564412327e8cb6d87f2639938bec7c88f5a46fc7255631e8047b
Instruction Fuzzy Hash: FA5179B1620359AFDB359E65CCA17EB77A6AF49310FD9412ECC0A8B218C7318959CB12

Uniqueness

Uniqueness Score: -1.00%

Function 022259F0, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 131memorynativeCOMMON

Download Yara Rule

APIs

NtAllocateVirtualMemory.NTDLL(0000014C,CC36397B,0000014C), ref: 02225B57

Strings

h[, xrefs: 02225B40

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID: AllocateMemoryVirtual
String ID: h[
API String ID: 2167126740-1238515259
Opcode ID: 511bf9f0e47572f4ff98161bd49abea137ed241b02622c5b79fcfbec032fe357
Instruction ID: dd6757b6cfaf47bc0b888bf745bdccd362b9bad0ebb07015812af06213723e61
Opcode Fuzzy Hash: 511bf9f0e47572f4ff98161bd49abea137ed241b02622c5b79fcfbec032fe357
Instruction Fuzzy Hash: C94158B1520359EFDB359E64CCA17EB37A6EF49310F98412DDC0A9B228C7318998CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02225A6C, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 104memorynativeCOMMON

Download Yara Rule

APIs

NtAllocateVirtualMemory.NTDLL(0000014C,CC36397B,0000014C), ref: 02225B57

Strings

h[, xrefs: 02225B40

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID: AllocateMemoryVirtual
String ID: h[
API String ID: 2167126740-1238515259
Opcode ID: 50ac93cb2a2a33e02120bd3d3b4c6bf90aeb06938635aacff35b29bc0da27002
Instruction ID: e3f02c3c634fa3ad0e46d55a10de9bcba7367dab72850a2f97abfed092c7405a
Opcode Fuzzy Hash: 50ac93cb2a2a33e02120bd3d3b4c6bf90aeb06938635aacff35b29bc0da27002
Instruction Fuzzy Hash: 3C3168B11207A5EFDB369F68CCA07DB37A6AF4A310F98412DDC4A8B219C7318955CB01

Uniqueness

Uniqueness Score: -1.00%

Function 02225AC6, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 85memorynativeCOMMON

Download Yara Rule

APIs

NtAllocateVirtualMemory.NTDLL(0000014C,CC36397B,0000014C), ref: 02225B57

Strings

h[, xrefs: 02225B40

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID: AllocateMemoryVirtual
String ID: h[
API String ID: 2167126740-1238515259
Opcode ID: 8ead2d26e7511416cbc81122aef0f8e0375bb245ad5ec2f3657a8acf4f43c19e
Instruction ID: ccdababd0808bf699ce45903f42387dde41d3e66e2061c0c6ba2f6793f25f235
Opcode Fuzzy Hash: 8ead2d26e7511416cbc81122aef0f8e0375bb245ad5ec2f3657a8acf4f43c19e
Instruction Fuzzy Hash: D82105B1520369AFDB359F64CCA17EF37A6AF49310F984129D80E9B215C7318655CB41

Uniqueness

Uniqueness Score: -1.00%

Function 02225B4F, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 85memorynativeCOMMON

Download Yara Rule

APIs

NtAllocateVirtualMemory.NTDLL(0000014C,CC36397B,0000014C), ref: 02225B57

Strings

h[, xrefs: 02225B40

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID: AllocateMemoryVirtual
String ID: h[
API String ID: 2167126740-1238515259
Opcode ID: 89cd5813c200ee1dfae9da5ece81cce4d66acdd9d963ef47afb21a800fbb56be
Instruction ID: 27fd8f506c972297c3e7fdfb5cac1248d15583b38461d4381179a25323c37ca9
Opcode Fuzzy Hash: 89cd5813c200ee1dfae9da5ece81cce4d66acdd9d963ef47afb21a800fbb56be
Instruction Fuzzy Hash: F0216E71524369AFCB365F64CCA07DF37A1EF0A310F98406ED84ACB215C7354959CB51

Uniqueness

Uniqueness Score: -1.00%

Function 02225B2C, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 68memorynativeCOMMON

Download Yara Rule

APIs

NtAllocateVirtualMemory.NTDLL(0000014C,CC36397B,0000014C), ref: 02225B57

Strings

h[, xrefs: 02225B40

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID: AllocateMemoryVirtual
String ID: h[
API String ID: 2167126740-1238515259
Opcode ID: be063f728e11afe7900151fc21a3d11c0ad6da9a506f11ede4173eb1f1bccf33
Instruction ID: 731dfea027305b2b1f7efcc900fce76b1516ecd918edbfac83a181e5d000415d
Opcode Fuzzy Hash: be063f728e11afe7900151fc21a3d11c0ad6da9a506f11ede4173eb1f1bccf33
Instruction Fuzzy Hash: 84110471620364AFDB369F64CC907EF3765AF0A311F9C4128E849CB225C7328A54CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00412054, Relevance: 1.4, APIs: 1, Instructions: 117memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,0000E000,00001000,?,00425BCC,?,?,?), ref: 0041220F

Memory Dump Source

Source File: 00000000.00000002.697011620.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.696417829.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.699391127.0000000000440000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.699405710.0000000000442000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 944846fa61c2285f84ed11ba04c5d7a0d31c29659fcd44a53176b6c40991b778
Instruction ID: 33c778dbec7308a34a17d95ad76bedc12ad312e0570bd3ff7c14f7381ca28dc1
Opcode Fuzzy Hash: 944846fa61c2285f84ed11ba04c5d7a0d31c29659fcd44a53176b6c40991b778
Instruction Fuzzy Hash: 6B31DDB3E293145AD7836931C95079236A1EF27281B328B17DD28B3170FB3A4E9709C8

Uniqueness

Uniqueness Score: -1.00%

Function 0043E480, Relevance: 59.7, APIs: 31, Strings: 3, Instructions: 198COMMON

Download Yara Rule

APIs

__vbaStrCat.MSVBVM60(00408170,9/9), ref: 0043E4DC
#557.MSVBVM60(00000008), ref: 0043E4F0
__vbaFreeVar.MSVBVM60 ref: 0043E507
__vbaOnError.MSVBVM60(00000000), ref: 0043E517
__vbaNew2.MSVBVM60(00404A34,00440DC0), ref: 0043E52F
__vbaHresultCheckObj.MSVBVM60(00000000,0229ED94,00404A24,00000014), ref: 0043E554
__vbaHresultCheckObj.MSVBVM60(00000000,?,00404A44,000000E0), ref: 0043E57E
__vbaStrMove.MSVBVM60 ref: 0043E593
__vbaFreeObj.MSVBVM60 ref: 0043E598
#539.MSVBVM60(00000008,00000001,00000001,00000001), ref: 0043E5A8
__vbaStrVarMove.MSVBVM60(00000008), ref: 0043E5B2
__vbaStrMove.MSVBVM60 ref: 0043E5BD
__vbaFreeVar.MSVBVM60 ref: 0043E5C2
__vbaNew2.MSVBVM60(00404A34,00440DC0), ref: 0043E5DA
__vbaHresultCheckObj.MSVBVM60(00000000,0229ED94,00404A24,00000014), ref: 0043E5FF
__vbaHresultCheckObj.MSVBVM60(00000000,?,00404A44,0000013C), ref: 0043E656
__vbaFreeObj.MSVBVM60 ref: 0043E65F
#539.MSVBVM60(00000008,00000001,00000001,00000001), ref: 0043E66F
__vbaStrVarMove.MSVBVM60(00000008), ref: 0043E679
__vbaStrMove.MSVBVM60 ref: 0043E684
__vbaFreeVar.MSVBVM60 ref: 0043E689
#535.MSVBVM60 ref: 0043E68F
#569.MSVBVM60(00000003), ref: 0043E699
__vbaVarDup.MSVBVM60 ref: 0043E6BB
#645.MSVBVM60(00000008,00000000), ref: 0043E6C6
__vbaStrMove.MSVBVM60 ref: 0043E6D1
__vbaFreeVar.MSVBVM60 ref: 0043E6D6
__vbaFreeStr.MSVBVM60(0043E71B), ref: 0043E709
__vbaFreeStr.MSVBVM60 ref: 0043E70E
__vbaFreeStr.MSVBVM60 ref: 0043E713
__vbaFreeStr.MSVBVM60 ref: 0043E718

Strings

9/9, xrefs: 0043E4D2
tmmen, xrefs: 0043E633
liniehybriden, xrefs: 0043E6A7

Memory Dump Source

Source File: 00000000.00000002.697011620.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.696417829.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.699391127.0000000000440000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.699405710.0000000000442000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: __vba$Free$Move$CheckHresult$#539New2$#535#557#569#645Error
String ID: 9/9$liniehybriden$tmmen
API String ID: 345979831-2612214716
Opcode ID: a726baae1d2880171cf41c8dc5143bf230d51d8ddd6f6e8fa42848813c8a484d
Instruction ID: 1bc3dcb30ec43c02d6bdc171336da5692568620a8602cac6d9a87ce902498fad
Opcode Fuzzy Hash: a726baae1d2880171cf41c8dc5143bf230d51d8ddd6f6e8fa42848813c8a484d
Instruction Fuzzy Hash: 467127B5901208AFCB14DFA4DD89ADDBBB4FF48305F10442AF546B72A0DB786989CF58

Uniqueness

Uniqueness Score: -1.00%

Function 0043E3C0, Relevance: 6.0, APIs: 4, Instructions: 36COMMON

Download Yara Rule

APIs

#702.MSVBVM60(?,000000FF,000000FE,000000FE,000000FE), ref: 0043E40A
__vbaStrMove.MSVBVM60 ref: 0043E415
__vbaFreeVar.MSVBVM60 ref: 0043E41E
__vbaFreeStr.MSVBVM60(0043E44E), ref: 0043E447

Memory Dump Source

Source File: 00000000.00000002.697011620.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.696417829.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.699391127.0000000000440000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.699405710.0000000000442000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: __vba$Free$#702Move
String ID:
API String ID: 1078434368-0
Opcode ID: 10b2bdf6b5bd487f2d7281ccaaa0a31953c29e640a96651ffbc2e72dc27e5a4b
Instruction ID: 87fc4bc570dc61fc6ac96ddebc4f45ac298f71be1438ea3b0dfdefc25505ed59
Opcode Fuzzy Hash: 10b2bdf6b5bd487f2d7281ccaaa0a31953c29e640a96651ffbc2e72dc27e5a4b
Instruction Fuzzy Hash: BA012170C04209ABCB00DF94DE09B9EBBB8AB58724F308325E421725E0D7781905CB95

Uniqueness

Uniqueness Score: -1.00%

Function 00402894, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

#100.MSVBVM60(VB5!6&*), ref: 00402899

Strings

VB5!6&*, xrefs: 00402894

Memory Dump Source

Source File: 00000000.00000002.697011620.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.696417829.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.699391127.0000000000440000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.699405710.0000000000442000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: #100
String ID: VB5!6&*
API String ID: 1341478452-3593831657
Opcode ID: df2c58f7b9aaa2c0c0370073d5875c7613f9a4f0c0cd11141d2a00dd86328ec2
Instruction ID: 005aa5879d2853a8d6dca37f9b6c90a9f98a440bf8eccd5aa6cc7f1fb6f4317f
Opcode Fuzzy Hash: df2c58f7b9aaa2c0c0370073d5875c7613f9a4f0c0cd11141d2a00dd86328ec2
Instruction Fuzzy Hash: 73116322A5E3E68FC30786748A655453FB09E1362432E02DBD490DF4F3C26D8D0ECBA2

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 02222981, Relevance: 5.1, Strings: 3, Instructions: 1350COMMON

Download Yara Rule

Strings

S''P, xrefs: 0222441C
S''P, xrefs: 02224417
JM/, xrefs: 02224048

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: JM/$S''P$S''P
API String ID: 0-3219440662
Opcode ID: 8dd2f6b2de79925be1ad512ae9719e10446b2e6212c706b5a4c62463e1cace4f
Instruction ID: ddbfff8338336b3e91d6c79f2833dc271145a96ecdffda8efbfb75bec22d359d
Opcode Fuzzy Hash: 8dd2f6b2de79925be1ad512ae9719e10446b2e6212c706b5a4c62463e1cace4f
Instruction Fuzzy Hash: CAB24F71624356EFDB249F68CD907EAB7B2FF48340F45422EDC898B204C7769989CB81

Uniqueness

Uniqueness Score: -1.00%

Function 0222949A, Relevance: 4.7, Strings: 3, Instructions: 910COMMON

Download Yara Rule

Strings

S''P, xrefs: 0222441C
S''P, xrefs: 02224417
JM/, xrefs: 02224048

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: JM/$S''P$S''P
API String ID: 0-3219440662
Opcode ID: 2e662200403dff937632037ca661d78cfa62abf88dda96644ddd00c4373a6f6c
Instruction ID: 7af72af2bb6de9ac99f1c1e5711ab66ecb3bf9be4d0a4e9a74868d3cfb032207
Opcode Fuzzy Hash: 2e662200403dff937632037ca661d78cfa62abf88dda96644ddd00c4373a6f6c
Instruction Fuzzy Hash: 09728771624316EFDB349FB4C9947EA77A2FF55340F94422EDC8A8B218C3764989CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02223899, Relevance: 4.5, Strings: 3, Instructions: 763COMMON

Download Yara Rule

Strings

S''P, xrefs: 0222441C
S''P, xrefs: 02224417
JM/, xrefs: 02224048

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: JM/$S''P$S''P
API String ID: 0-3219440662
Opcode ID: a3193473eea42dc573f4885ba8ebec2c2f5cdbbb52ceaba93f0b87f5278c8a76
Instruction ID: 30eb8082f67679f02186c930d9852838e691f2a4daaa92fa7e433b69073c10fc
Opcode Fuzzy Hash: a3193473eea42dc573f4885ba8ebec2c2f5cdbbb52ceaba93f0b87f5278c8a76
Instruction Fuzzy Hash: CC526271224316EFDB349FB8C9947EAB7A2FF54300F45422EDD8A9B218C3754989CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02223A6A, Relevance: 4.5, Strings: 3, Instructions: 711COMMON

Download Yara Rule

Strings

S''P, xrefs: 0222441C
S''P, xrefs: 02224417
JM/, xrefs: 02224048

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: JM/$S''P$S''P
API String ID: 0-3219440662
Opcode ID: 04d6eb7c1a63934faea6fc02ccd47f202b7d5552d47bef4484d7e821a38e1121
Instruction ID: 7df864ac424cb9964c2d880fbbf65aab5c14ed982431be178fdfd686ca482804
Opcode Fuzzy Hash: 04d6eb7c1a63934faea6fc02ccd47f202b7d5552d47bef4484d7e821a38e1121
Instruction Fuzzy Hash: B1524171624356EFDB34AF78C9947EAB7A2FF54300F45422EDC8A9B218C3754989CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02223A9C, Relevance: 4.4, Strings: 3, Instructions: 700COMMON

Download Yara Rule

Strings

S''P, xrefs: 0222441C
S''P, xrefs: 02224417
JM/, xrefs: 02224048

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: JM/$S''P$S''P
API String ID: 0-3219440662
Opcode ID: a433fbca43f9ba201bbb2fb608e04a366fcad57548f192994597216cdb972dcb
Instruction ID: 28e7b0b423200f32a4b25028619840ddcb3b84fd661b70d5a30f3f80be913c48
Opcode Fuzzy Hash: a433fbca43f9ba201bbb2fb608e04a366fcad57548f192994597216cdb972dcb
Instruction Fuzzy Hash: 6252517162431AEFDB349F78C9947EAB7A2FF54300F45422EDC8A8B218C3754989CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02223AE8, Relevance: 4.4, Strings: 3, Instructions: 687COMMON

Download Yara Rule

Strings

S''P, xrefs: 0222441C
S''P, xrefs: 02224417
JM/, xrefs: 02224048

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: JM/$S''P$S''P
API String ID: 0-3219440662
Opcode ID: 7431214137149f106374e5f03d68241816d7c42dadb071f76b218789e919e816
Instruction ID: fca7f54f7312fcb5d24fa651a266fefc454fada605db84e60297e826af20e4a8
Opcode Fuzzy Hash: 7431214137149f106374e5f03d68241816d7c42dadb071f76b218789e919e816
Instruction Fuzzy Hash: 0642517162435AEFDB349F78C9947EAB7A2FF54300F45422EDC8A9B218C3754989CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02223B64, Relevance: 4.4, Strings: 3, Instructions: 676COMMON

Download Yara Rule

Strings

S''P, xrefs: 0222441C
S''P, xrefs: 02224417
JM/, xrefs: 02224048

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: JM/$S''P$S''P
API String ID: 0-3219440662
Opcode ID: 7984e0bd1d57470c66cb53a7b0a59f95160914339fa25b38559a5686d6b1610d
Instruction ID: 2a9cb5dbdf4cd441004606fb7bba495788522bc5fb719c2932edbc307fb1f1e3
Opcode Fuzzy Hash: 7984e0bd1d57470c66cb53a7b0a59f95160914339fa25b38559a5686d6b1610d
Instruction Fuzzy Hash: BB42527162435AEFDB34AF78C9947EAB7A2FF54300F45422EDC899B218C3754989CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02223B88, Relevance: 4.4, Strings: 3, Instructions: 674COMMON

Download Yara Rule

Strings

S''P, xrefs: 0222441C
S''P, xrefs: 02224417
JM/, xrefs: 02224048

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: JM/$S''P$S''P
API String ID: 0-3219440662
Opcode ID: e500fb7526d282e72e7d8c1bf85b11e210b887804630a3a8f92847338ffce380
Instruction ID: b77e477195c7512d18f7d99903e5797910a465c18c60bb971d96c46559fc920b
Opcode Fuzzy Hash: e500fb7526d282e72e7d8c1bf85b11e210b887804630a3a8f92847338ffce380
Instruction Fuzzy Hash: D642427162435AEFDB349F78C9947EAB7A2FF54300F45422EDC899B218C3754989CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02223BEC, Relevance: 4.4, Strings: 3, Instructions: 672COMMON

Download Yara Rule

Strings

S''P, xrefs: 0222441C
S''P, xrefs: 02224417
JM/, xrefs: 02224048

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: JM/$S''P$S''P
API String ID: 0-3219440662
Opcode ID: 3b96a2cdb6def45cc7fcaec1cc7aeedb4e73fa8d711650d0af34f46515debd14
Instruction ID: a12180424874ef196b49dd3f44a5134a69a2952229217b771a7fe2fe90735c15
Opcode Fuzzy Hash: 3b96a2cdb6def45cc7fcaec1cc7aeedb4e73fa8d711650d0af34f46515debd14
Instruction Fuzzy Hash: DE42517162435AEFDB349F78C9947EAB7A2FF54340F45422EDC8A8B218C3754989CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02223B44, Relevance: 4.4, Strings: 3, Instructions: 670COMMON

Download Yara Rule

Strings

S''P, xrefs: 0222441C
S''P, xrefs: 02224417
JM/, xrefs: 02224048

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: JM/$S''P$S''P
API String ID: 0-3219440662
Opcode ID: 7cf9c752e70e414d1dfd8d5a37f8e233bb3ac897ad93f58f268b9db29aa14987
Instruction ID: d8cb59adfa12eb493d73bbf22f95289d82886c428534b77a46be3a83bd20e280
Opcode Fuzzy Hash: 7cf9c752e70e414d1dfd8d5a37f8e233bb3ac897ad93f58f268b9db29aa14987
Instruction Fuzzy Hash: 2B42517162435AEFDB349F78C9947EAB7A2FF54300F45422EDC8A9B218C3754989CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02223C34, Relevance: 4.4, Strings: 3, Instructions: 635COMMON

Download Yara Rule

Strings

S''P, xrefs: 0222441C
S''P, xrefs: 02224417
JM/, xrefs: 02224048

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: JM/$S''P$S''P
API String ID: 0-3219440662
Opcode ID: b169f8e3a5cee2c27ce13b36c410fc081407a76286229b9394d97d235b34124e
Instruction ID: afdc3bf15bd35107e24fab964850f0dd776609805e985496e09505490d11c749
Opcode Fuzzy Hash: b169f8e3a5cee2c27ce13b36c410fc081407a76286229b9394d97d235b34124e
Instruction Fuzzy Hash: EC42407162435AEFDB349F78C9947EAB7A2FF55300F44422EDC8A9B218C3754989CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02223C81, Relevance: 4.4, Strings: 3, Instructions: 627COMMON

Download Yara Rule

Strings

S''P, xrefs: 0222441C
S''P, xrefs: 02224417
JM/, xrefs: 02224048

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: JM/$S''P$S''P
API String ID: 0-3219440662
Opcode ID: df9bce958eb03ab0619e4fe24e13371e6e8de11b0f574015e320ead79b8c7995
Instruction ID: cf27c6825ebc405901c4a0ec03cad7a4c58c4f67e9f5044b40e1ae60933b9e22
Opcode Fuzzy Hash: df9bce958eb03ab0619e4fe24e13371e6e8de11b0f574015e320ead79b8c7995
Instruction Fuzzy Hash: 8A324F7162435AEFDB349F78C9947EAB7A2FF55300F44422EDC899B218C3758989CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02223CDA, Relevance: 4.4, Strings: 3, Instructions: 611COMMON

Download Yara Rule

Strings

S''P, xrefs: 0222441C
S''P, xrefs: 02224417
JM/, xrefs: 02224048

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: JM/$S''P$S''P
API String ID: 0-3219440662
Opcode ID: 726cc1d225520b653000b63eca4807f93a763d1e6a0b4d0397446dd6ef3a1dd5
Instruction ID: b99efc6537c3cf6ad990002108a09c45f1cb203aa61d8fc9783191e3a5f51d3f
Opcode Fuzzy Hash: 726cc1d225520b653000b63eca4807f93a763d1e6a0b4d0397446dd6ef3a1dd5
Instruction Fuzzy Hash: 2D325031624359AFDB34AF78C9947EABBB2FF55300F45422EDC899B218C3714989CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02223D32, Relevance: 4.3, Strings: 3, Instructions: 596COMMON

Download Yara Rule

Strings

S''P, xrefs: 0222441C
S''P, xrefs: 02224417
JM/, xrefs: 02224048

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: JM/$S''P$S''P
API String ID: 0-3219440662
Opcode ID: 86e9942478d2ed7a7b56169596017107b36d2b976b2eb26a441a6de5939745bc
Instruction ID: 2fae1221d4f69eac3b7f7b8030f6ab6fd79f0ebf55aa5645b931acf5df3033c4
Opcode Fuzzy Hash: 86e9942478d2ed7a7b56169596017107b36d2b976b2eb26a441a6de5939745bc
Instruction Fuzzy Hash: C5324071624359EFDB34AF78C9947EAB7A2FF55300F45422EDC899B218C3714989CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02223D86, Relevance: 4.3, Strings: 3, Instructions: 573COMMON

Download Yara Rule

Strings

S''P, xrefs: 0222441C
S''P, xrefs: 02224417
JM/, xrefs: 02224048

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: JM/$S''P$S''P
API String ID: 0-3219440662
Opcode ID: 2f688b00fa230b756ea92e0023b98646a4dd7b191946ebb86280a09543762fba
Instruction ID: 4b2c2a575af55ed67f88059fbcd758984d24da27d4478707b92a4b119b75c573
Opcode Fuzzy Hash: 2f688b00fa230b756ea92e0023b98646a4dd7b191946ebb86280a09543762fba
Instruction Fuzzy Hash: BB324071624359EFDB34AF78C9947EAB7A2FF95300F45422DDC899B218C3714989CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02223DC6, Relevance: 4.3, Strings: 3, Instructions: 566COMMON

Download Yara Rule

Strings

S''P, xrefs: 0222441C
S''P, xrefs: 02224417
JM/, xrefs: 02224048

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: JM/$S''P$S''P
API String ID: 0-3219440662
Opcode ID: f07eaf67dff952f72918f9d4c54bb245a5b177739ae8cefd598a6f306640a8af
Instruction ID: 255e346e9accbfa7b78b2db026009cfa4898c937e371d97de086a10fa5606199
Opcode Fuzzy Hash: f07eaf67dff952f72918f9d4c54bb245a5b177739ae8cefd598a6f306640a8af
Instruction Fuzzy Hash: 90224171624359EFDB34AFB8C9947EAB7A2FF55300F45422EDC899B218C3714989CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02223E1C, Relevance: 4.3, Strings: 3, Instructions: 552COMMON

Download Yara Rule

Strings

S''P, xrefs: 0222441C
S''P, xrefs: 02224417
JM/, xrefs: 02224048

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: JM/$S''P$S''P
API String ID: 0-3219440662
Opcode ID: 6aae2d30e92410e6a002591dae00e938e4b9d4e3c1088b71caf3872a8718b12a
Instruction ID: bcc4433f12424e0c74b055ad2c67ca491c6770807d387154993572ebfe1a1303
Opcode Fuzzy Hash: 6aae2d30e92410e6a002591dae00e938e4b9d4e3c1088b71caf3872a8718b12a
Instruction Fuzzy Hash: 36224171624356EFDB34AF78C9947EAB7A2FF55300F45422DDC899B218C3714989CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02223E64, Relevance: 4.3, Strings: 3, Instructions: 538COMMON

Download Yara Rule

Strings

S''P, xrefs: 0222441C
S''P, xrefs: 02224417
JM/, xrefs: 02224048

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: JM/$S''P$S''P
API String ID: 0-3219440662
Opcode ID: dba18170135f3c6770e38db0c5c5e512f71d82dca95ef8acfe35721a83f4ea92
Instruction ID: 64c47f2796035f37c2e22938cc43ad23a59e3286b34bffdb2e3bf027a3a93d09
Opcode Fuzzy Hash: dba18170135f3c6770e38db0c5c5e512f71d82dca95ef8acfe35721a83f4ea92
Instruction Fuzzy Hash: 4822507162435AEFDB34AF78C9547EAB7A2FF55300F45822DDC899B218C3718989CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02223EC0, Relevance: 4.3, Strings: 3, Instructions: 513COMMON

Download Yara Rule

Strings

S''P, xrefs: 0222441C
S''P, xrefs: 02224417
JM/, xrefs: 02224048

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: JM/$S''P$S''P
API String ID: 0-3219440662
Opcode ID: 021c61c3514fb926d1c1d18acbd1e9fcb476e1a3a4c5b744be950d60e6490f9d
Instruction ID: f14f3e41aea1ceca83cac70473236c3eedf1040d48cce5930bfe7bc20683840b
Opcode Fuzzy Hash: 021c61c3514fb926d1c1d18acbd1e9fcb476e1a3a4c5b744be950d60e6490f9d
Instruction Fuzzy Hash: CD126071624316EFDB34AF78C9447EAB7A2FF55300F45822DDC899B218C3728989CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02223F0A, Relevance: 4.2, Strings: 3, Instructions: 500COMMON

Download Yara Rule

Strings

S''P, xrefs: 0222441C
S''P, xrefs: 02224417
JM/, xrefs: 02224048

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: JM/$S''P$S''P
API String ID: 0-3219440662
Opcode ID: 567c43878320ca9814ec7015b8fad38fa8ea2e723b0996afc55818614897dc54
Instruction ID: 30ffc1cf796ca4216f031af927d2de887a391cfac072f2a418a5512628bbc2f6
Opcode Fuzzy Hash: 567c43878320ca9814ec7015b8fad38fa8ea2e723b0996afc55818614897dc54
Instruction Fuzzy Hash: E4125071624316EFDB34AF78C9547EAB7A2FF54300F45822EDC899B218C3714A89CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02223F50, Relevance: 4.2, Strings: 3, Instructions: 484COMMON

Download Yara Rule

Strings

S''P, xrefs: 0222441C
S''P, xrefs: 02224417
JM/, xrefs: 02224048

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: JM/$S''P$S''P
API String ID: 0-3219440662
Opcode ID: 44ae3d655065726abeaa7a8a0c32dad74cd3dc373fb4056ae30a1a83febb390f
Instruction ID: f8b75411876800eb8b8f4c74c4e13d50b1024971ede004c237a0d06e74c1f0ad
Opcode Fuzzy Hash: 44ae3d655065726abeaa7a8a0c32dad74cd3dc373fb4056ae30a1a83febb390f
Instruction Fuzzy Hash: 5F126171624316EFDB24AF78C9547EAB7B2FF55300F45822ECC899B128C3714A89CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02223F98, Relevance: 4.2, Strings: 3, Instructions: 471COMMON

Download Yara Rule

Strings

S''P, xrefs: 0222441C
S''P, xrefs: 02224417
JM/, xrefs: 02224048

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: JM/$S''P$S''P
API String ID: 0-3219440662
Opcode ID: 5f402aaf94639febdce458f829ec0515a2d33b27c778eb31212a41ec48520109
Instruction ID: fda33942badc31ab0cea99f3f1d17d8cd989ddb1e7b3bbc8ff271ac336ddac0e
Opcode Fuzzy Hash: 5f402aaf94639febdce458f829ec0515a2d33b27c778eb31212a41ec48520109
Instruction Fuzzy Hash: CC026171624316EFEB34AF78C9447EAB7A2FF55300F45822EDC899B118C3714A89CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02223FE1, Relevance: 4.2, Strings: 3, Instructions: 457COMMON

Download Yara Rule

Strings

S''P, xrefs: 0222441C
S''P, xrefs: 02224417
JM/, xrefs: 02224048

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: JM/$S''P$S''P
API String ID: 0-3219440662
Opcode ID: 233a3918c45a3a2898a8d3ae41e4c3cd5ee3762ab346c9e8b40ba483f5434ad4
Instruction ID: b468e3d2aee31647ddd96a2f16898a4799a8f18695a76e3d6e4d06b226ef1680
Opcode Fuzzy Hash: 233a3918c45a3a2898a8d3ae41e4c3cd5ee3762ab346c9e8b40ba483f5434ad4
Instruction Fuzzy Hash: FE025271624356EFEB74AF74C9447EAB7A2FF55300F45822EDC899B118C3718989CB42

Uniqueness

Uniqueness Score: -1.00%

Function 0222402C, Relevance: 4.2, Strings: 3, Instructions: 441COMMON

Download Yara Rule

Strings

S''P, xrefs: 0222441C
S''P, xrefs: 02224417
JM/, xrefs: 02224048

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: JM/$S''P$S''P
API String ID: 0-3219440662
Opcode ID: b9370d3481ccf58858907e2a455622bda1c0211a58931a56ab9552fb16613e4f
Instruction ID: f703dc0667c975120a703c1ac221956646138cda880e76dd883f2d3bca645151
Opcode Fuzzy Hash: b9370d3481ccf58858907e2a455622bda1c0211a58931a56ab9552fb16613e4f
Instruction Fuzzy Hash: B9025331524355EFDB74AF74C9447EAB7A2FF55340F45822EDC899B118C3724989CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02224102, Relevance: 2.9, Strings: 2, Instructions: 401COMMON

Download Yara Rule

Strings

S''P, xrefs: 0222441C
S''P, xrefs: 02224417

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: S''P$S''P
API String ID: 0-967088075
Opcode ID: 660eefbdfd49124b3650f44f8c5a634b136514aea70f9f9e38a2051d10f53e3f
Instruction ID: 6559d970b8de873325014e0bb24b1de73702ad157ec97d6c9a1756a6d5df1b3b
Opcode Fuzzy Hash: 660eefbdfd49124b3650f44f8c5a634b136514aea70f9f9e38a2051d10f53e3f
Instruction Fuzzy Hash: 2EF13131614359EFEB74AF68CD447EAB7A2FF95340F45412EDC899B118C3724A89CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02224140, Relevance: 2.9, Strings: 2, Instructions: 400COMMON

Download Yara Rule

Strings

S''P, xrefs: 0222441C
S''P, xrefs: 02224417

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: S''P$S''P
API String ID: 0-967088075
Opcode ID: ee4683e347945a9896c8d2973e047d7148929fcc7c1072e687c8c672d3722256
Instruction ID: f0cceef11b0636eec9c31f884c62e257ace37e98cb79e7ed5dd2644c8b4a6865
Opcode Fuzzy Hash: ee4683e347945a9896c8d2973e047d7148929fcc7c1072e687c8c672d3722256
Instruction Fuzzy Hash: F2F13131628359EFEB34AF68CD547EAB7A2FF95340F45412EDC899B128C3714989CB42

Uniqueness

Uniqueness Score: -1.00%

Function 022241AC, Relevance: 2.9, Strings: 2, Instructions: 374COMMON

Download Yara Rule

Strings

S''P, xrefs: 0222441C
S''P, xrefs: 02224417

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: S''P$S''P
API String ID: 0-967088075
Opcode ID: ffadd08b6b6707aaeb48dec27ef990ad3c54a84f918e9a63046e6e80affab5a2
Instruction ID: f550465b19a8f4ba362b68592344133843fe42878352b5b7de49465c6c4a0266
Opcode Fuzzy Hash: ffadd08b6b6707aaeb48dec27ef990ad3c54a84f918e9a63046e6e80affab5a2
Instruction Fuzzy Hash: E6E12131628359EFEB74AEA4CD507EAB7A2FF55340F45412EDC899B128C3724989CB42

Uniqueness

Uniqueness Score: -1.00%

Function 022241D8, Relevance: 2.9, Strings: 2, Instructions: 371COMMON

Download Yara Rule

Strings

S''P, xrefs: 0222441C
S''P, xrefs: 02224417

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: S''P$S''P
API String ID: 0-967088075
Opcode ID: a9f493d93014c10ddd93fb69fbe68c4733772975b21251885b4a292d0eee2af1
Instruction ID: 55a7ba3c732c4959f9075c562282b97ac087f496a80098933706ddfd25d16fbd
Opcode Fuzzy Hash: a9f493d93014c10ddd93fb69fbe68c4733772975b21251885b4a292d0eee2af1
Instruction Fuzzy Hash: 9EE12131528359AFEB74AFB4CD507EAB7A2FF55340F45412EDC899B128C3724989CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02224248, Relevance: 2.8, Strings: 2, Instructions: 346COMMON

Download Yara Rule

Strings

S''P, xrefs: 0222441C
S''P, xrefs: 02224417

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: S''P$S''P
API String ID: 0-967088075
Opcode ID: 8dce9e72dcbd74f2cc0ece808adf9af7ee1c1c92140fa45ac09fdce868d760fd
Instruction ID: 0ded30f815447dbf637ec0b6c6a53b2588951a1a28da1277886a469c3314f813
Opcode Fuzzy Hash: 8dce9e72dcbd74f2cc0ece808adf9af7ee1c1c92140fa45ac09fdce868d760fd
Instruction Fuzzy Hash: 15D13231628359EFEB78AEB4C9507EAB7A2FF55340F45412EDC899B128C3714989CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02224284, Relevance: 2.8, Strings: 2, Instructions: 335COMMON

Download Yara Rule

Strings

S''P, xrefs: 0222441C
S''P, xrefs: 02224417

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: S''P$S''P
API String ID: 0-967088075
Opcode ID: da48ec6fe3afd5347cff9f9f23332da3ea7152abbc5ee04c0ae6da360d1165f7
Instruction ID: ffc7c93dee72b7831988ce16bffa699814c9c48c4d16b7eb1b3d5906c67f52c5
Opcode Fuzzy Hash: da48ec6fe3afd5347cff9f9f23332da3ea7152abbc5ee04c0ae6da360d1165f7
Instruction Fuzzy Hash: 3ED14131624359AFEF78AEB4CD507EAB762FF55340F45412EDC899B228C3724989CB42

Uniqueness

Uniqueness Score: -1.00%

Function 022242D0, Relevance: 2.8, Strings: 2, Instructions: 330COMMON

Download Yara Rule

Strings

S''P, xrefs: 0222441C
S''P, xrefs: 02224417

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: S''P$S''P
API String ID: 0-967088075
Opcode ID: 18d1d83123023b86fc3090beef2dde27ead6fd9205488ecc0e916e21596e6f32
Instruction ID: fb69473aa9e43832ae25c2a8202a331d5ac39cd9bdceaf5433b8bf1191cba4f6
Opcode Fuzzy Hash: 18d1d83123023b86fc3090beef2dde27ead6fd9205488ecc0e916e21596e6f32
Instruction Fuzzy Hash: D9C13231628359AFEF78AEB4CD507EA7762FF55340F45412EDC8A9B218C3724989CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02224338, Relevance: 2.8, Strings: 2, Instructions: 313COMMON

Download Yara Rule

Strings

S''P, xrefs: 0222441C
S''P, xrefs: 02224417

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: S''P$S''P
API String ID: 0-967088075
Opcode ID: cfb533e3c0321db89613750725c86c272eaa59ee9f818109fcc6fbf6b72a8886
Instruction ID: 75ccc3329f53058f6dbb0a26a28d7f81a898e4aaa5afef54216dbcb951f8ef04
Opcode Fuzzy Hash: cfb533e3c0321db89613750725c86c272eaa59ee9f818109fcc6fbf6b72a8886
Instruction Fuzzy Hash: D2C12F31624359AFEF78AEB4CC507EA7762FF55340F45412EDC899B228C7724989CB42

Uniqueness

Uniqueness Score: -1.00%

Function 022243A4, Relevance: 2.8, Strings: 2, Instructions: 286COMMON

Download Yara Rule

Strings

S''P, xrefs: 0222441C
S''P, xrefs: 02224417

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: S''P$S''P
API String ID: 0-967088075
Opcode ID: 45a47522f5c905e48f2ec5f07d88826e3e1fe3303a0eeb6a49bbe79348fcb180
Instruction ID: 776aafda50148ab42f27c4f10b248d638669944107d3964f463d1bceaa7dffa9
Opcode Fuzzy Hash: 45a47522f5c905e48f2ec5f07d88826e3e1fe3303a0eeb6a49bbe79348fcb180
Instruction Fuzzy Hash: EBB13030624359AFEF38AEB4CD507EAB762FF55340F45412EDD8A9B218C7724989CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02220F50, Relevance: 1.6, Strings: 1, Instructions: 334COMMON

Download Yara Rule

Strings

3d, xrefs: 02221420

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: 3d
API String ID: 0-1518687469
Opcode ID: 0f39ad9f960b8f8b57cfbc54a0429e3185c3737603b3f16666cae79f1d66e11a
Instruction ID: e44a508c5f7bb1aabd9a88fa7e62e61e2b92ac8f84b908d09d3cb9d0e97f7c24
Opcode Fuzzy Hash: 0f39ad9f960b8f8b57cfbc54a0429e3185c3737603b3f16666cae79f1d66e11a
Instruction Fuzzy Hash: 37B18075624366DFDF349DA889E47EA33B3AF55380F59402ACCC99B149C772494ACB02

Uniqueness

Uniqueness Score: -1.00%

Function 02220ED8, Relevance: 1.6, Strings: 1, Instructions: 333COMMON

Download Yara Rule

Strings

3d, xrefs: 02221420

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: 3d
API String ID: 0-1518687469
Opcode ID: f77f40db57e82bf60ddc110a00cb9d2279d3c4c406d01f522a607621585cfac0
Instruction ID: b0e7700b727f3e1c1d0af4f6bd8900270c2f9057452bf22065de389845ae6103
Opcode Fuzzy Hash: f77f40db57e82bf60ddc110a00cb9d2279d3c4c406d01f522a607621585cfac0
Instruction Fuzzy Hash: 38B16075624366DFDB349DA889E47EE33B3AF55380F59402DCCC98B149C772494ACB02

Uniqueness

Uniqueness Score: -1.00%

Function 02220F32, Relevance: 1.6, Strings: 1, Instructions: 317COMMON

Download Yara Rule

Strings

3d, xrefs: 02221420

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: 3d
API String ID: 0-1518687469
Opcode ID: 1db43a0c2f9f3b781bdb87d3abb17237ab46d23e53077fb908362d99cd9ee16e
Instruction ID: 5284018950c4f940d4fcc0c1a6ee13e9799a7d69353c4a1aed4fadc67da9c508
Opcode Fuzzy Hash: 1db43a0c2f9f3b781bdb87d3abb17237ab46d23e53077fb908362d99cd9ee16e
Instruction Fuzzy Hash: A9A18F75624366EFDF349DA889E47EE3373AF55380F594029CCC98B109C772494ACB02

Uniqueness

Uniqueness Score: -1.00%

Function 02220FC4, Relevance: 1.5, Strings: 1, Instructions: 287COMMON

Download Yara Rule

Strings

3d, xrefs: 02221420

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: 3d
API String ID: 0-1518687469
Opcode ID: 5c0c33ac9506052d2d0d80629951f27a2483bbe29d95e3011aca536d707c63d6
Instruction ID: ba4aedac1db6a2659044366aea52b866254a1910da8e87d71f79246a37c867c8
Opcode Fuzzy Hash: 5c0c33ac9506052d2d0d80629951f27a2483bbe29d95e3011aca536d707c63d6
Instruction Fuzzy Hash: A0A17E71624366DFDF349DA889E47EA33B3AF55380F59402ECCC98B249D772494ACB12

Uniqueness

Uniqueness Score: -1.00%

Function 02221014, Relevance: 1.5, Strings: 1, Instructions: 269COMMON

Download Yara Rule

Strings

3d, xrefs: 02221420

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: 3d
API String ID: 0-1518687469
Opcode ID: e32911d5a2ad149ab65f1a819e66e5a73f78d4a5eab6f31315afa2065d372520
Instruction ID: a51d10d7e46d910ba2b67af7d7a43cc29c7576bccd528483b5b141d73e7ae1c3
Opcode Fuzzy Hash: e32911d5a2ad149ab65f1a819e66e5a73f78d4a5eab6f31315afa2065d372520
Instruction Fuzzy Hash: 0F916D74624366EFDF389DA889E47EA3373AF55380F59402ECCC98B249D7724949CB12

Uniqueness

Uniqueness Score: -1.00%

Function 02221068, Relevance: 1.5, Strings: 1, Instructions: 249COMMON

Download Yara Rule

Strings

3d, xrefs: 02221420

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: 3d
API String ID: 0-1518687469
Opcode ID: bd50459e0f3b57e82d16f3cb4e2c9a4f08e2bb89fe5e1f68a78e855e007eeca2
Instruction ID: 066351849ff5a060517d69c0c315bd641da444e3979d1ffc05ef143ba909bdc5
Opcode Fuzzy Hash: bd50459e0f3b57e82d16f3cb4e2c9a4f08e2bb89fe5e1f68a78e855e007eeca2
Instruction Fuzzy Hash: 30817E70628366EFDB349DA899E47EA32A3AF15380F59402ECCC98B109D772494DCB12

Uniqueness

Uniqueness Score: -1.00%

Function 02227E5E, Relevance: 1.5, Strings: 1, Instructions: 247COMMON

Download Yara Rule

Strings

r, xrefs: 02220891

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: r
API String ID: 0-3291565091
Opcode ID: 54b2041fee4047aeb6658bbb472b6c279fb54a5c1f60bfb4fca30c3d182c5be6
Instruction ID: 35d1edf1c252022c67570e9bd30bb0676a9f27259e40534fe279ccb15947ff59
Opcode Fuzzy Hash: 54b2041fee4047aeb6658bbb472b6c279fb54a5c1f60bfb4fca30c3d182c5be6
Instruction Fuzzy Hash: 7B817E71A24369EFEB24AEB4C8903FA37A2EF15354F94802DCCC15B11DD7758989CB42

Uniqueness

Uniqueness Score: -1.00%

Function 022210AC, Relevance: 1.5, Strings: 1, Instructions: 234COMMON

Download Yara Rule

Strings

3d, xrefs: 02221420

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: 3d
API String ID: 0-1518687469
Opcode ID: 1978843de476d4a4f985bde4d8c3a23c2ad0b5ac8f6b9a3e5ac7ad7b26a94f6c
Instruction ID: 993d22965e03bc7a0aadfe78b39b7c5d7ab562b6c109319aede86a3d8bdf044d
Opcode Fuzzy Hash: 1978843de476d4a4f985bde4d8c3a23c2ad0b5ac8f6b9a3e5ac7ad7b26a94f6c
Instruction Fuzzy Hash: 67716E75628366EFDB385DF889E47EA32A3AF15390F59402DCCC98B149D772484DCB12

Uniqueness

Uniqueness Score: -1.00%

Function 022210F0, Relevance: 1.5, Strings: 1, Instructions: 222COMMON

Download Yara Rule

Strings

3d, xrefs: 02221420

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: 3d
API String ID: 0-1518687469
Opcode ID: e606d10c10e6d314ca02778bc6e79474f18fa34e1c4906edfc2f68050ecaf0f0
Instruction ID: 0fb5b3cec56a44d3d6f09c9dbf1344860f4ceac2571ed1b0f6446e898cf293d5
Opcode Fuzzy Hash: e606d10c10e6d314ca02778bc6e79474f18fa34e1c4906edfc2f68050ecaf0f0
Instruction Fuzzy Hash: 39717E74624366EFDF345DE889E47EA32A3AF15390F59402ECC898B14DD772884ECB12

Uniqueness

Uniqueness Score: -1.00%

Function 02221180, Relevance: 1.4, Strings: 1, Instructions: 192COMMON

Download Yara Rule

Strings

3d, xrefs: 02221420

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: 3d
API String ID: 0-1518687469
Opcode ID: 54561666d579133716e124a6a32b6e7fb0a4db431d1946f779fe9ef5bba92f2a
Instruction ID: 0e14d421ebcf0470dd92f194679f7ec4bb8b4ffd5c0b0d073f6084ff09dcc2e4
Opcode Fuzzy Hash: 54561666d579133716e124a6a32b6e7fb0a4db431d1946f779fe9ef5bba92f2a
Instruction Fuzzy Hash: 01518034624327EFDF345DE889E47EA32A3AF55390F59402ACC898B14DD772884ECB12

Uniqueness

Uniqueness Score: -1.00%

Function 022211CC, Relevance: 1.4, Strings: 1, Instructions: 173COMMON

Download Yara Rule

Strings

3d, xrefs: 02221420

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: 3d
API String ID: 0-1518687469
Opcode ID: df8daeefd143af589e47fa2cd008338dd2bdfbed918d3834c9f980eeff747d04
Instruction ID: 6f64cd9ed84655b5379d1881f7c01cffaec414dda75fde8c22bdb250e1afed7c
Opcode Fuzzy Hash: df8daeefd143af589e47fa2cd008338dd2bdfbed918d3834c9f980eeff747d04
Instruction Fuzzy Hash: B3518E34628326EFDF345DE889E47EB3263AF55390F59412ACD858B10DD772884ECB12

Uniqueness

Uniqueness Score: -1.00%

Function 02221216, Relevance: 1.4, Strings: 1, Instructions: 153COMMON

Download Yara Rule

Strings

3d, xrefs: 02221420

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: 3d
API String ID: 0-1518687469
Opcode ID: 59bbcb2616126649c0c8ee9785b546cd3690746841e3393de360f1f0ad0bfc2f
Instruction ID: e58c8a54e235987a8930f62ef42f1adc14ee655207786791446139965ca6205d
Opcode Fuzzy Hash: 59bbcb2616126649c0c8ee9785b546cd3690746841e3393de360f1f0ad0bfc2f
Instruction Fuzzy Hash: 34514D74628326EFEF345DE889E47EA32A3AF55380F98401ACD858A14DD772854ECB12

Uniqueness

Uniqueness Score: -1.00%

Function 0222127C, Relevance: 1.4, Strings: 1, Instructions: 139COMMON

Download Yara Rule

Strings

3d, xrefs: 02221420

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: 3d
API String ID: 0-1518687469
Opcode ID: 362633958da6ec23abc113a5cbe96db95f6a67d5234d36654605c79bd1a8701a
Instruction ID: 436859f2ece996e0350602772a76f55dfd3bf5cadc8eaf4350ef2942d1146511
Opcode Fuzzy Hash: 362633958da6ec23abc113a5cbe96db95f6a67d5234d36654605c79bd1a8701a
Instruction Fuzzy Hash: 63415170624326EFEB345EA88DE57EB33A3AF55380F94801DCD894B14DD776494ACB01

Uniqueness

Uniqueness Score: -1.00%

Function 022212C2, Relevance: 1.4, Strings: 1, Instructions: 122COMMON

Download Yara Rule

Strings

3d, xrefs: 02221420

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: 3d
API String ID: 0-1518687469
Opcode ID: 575fcaf5216ae5e37e05bbd5b3dfec7cee5c65e3bec3ac4f331642f58adfe5ea
Instruction ID: 046f2b864330a03e1f17796f29db17e6af1280e83a37d9d1e3e0734d32eba444
Opcode Fuzzy Hash: 575fcaf5216ae5e37e05bbd5b3dfec7cee5c65e3bec3ac4f331642f58adfe5ea
Instruction Fuzzy Hash: 54414170628355DFEB345EA89DD57EB33A3AF55380F98802ECD894B149C776494ACB02

Uniqueness

Uniqueness Score: -1.00%

Function 02221308, Relevance: 1.4, Strings: 1, Instructions: 107COMMON

Download Yara Rule

Strings

3d, xrefs: 02221420

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID: 3d
API String ID: 0-1518687469
Opcode ID: 2f95ef9628092c8f1dfbf82c95aefc39b2b833d25e826c2c41649a272e8824ba
Instruction ID: 4c8b094ea43edb824654f9e4d60e4a7129ffdcd322ce159cad58f02e9360a664
Opcode Fuzzy Hash: 2f95ef9628092c8f1dfbf82c95aefc39b2b833d25e826c2c41649a272e8824ba
Instruction Fuzzy Hash: 8A313074628356DFEB349EA88DE57E633A3AF55780F94802ECD894B14DC772094ECB11

Uniqueness

Uniqueness Score: -1.00%

Function 02222984, Relevance: .4, Instructions: 399COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20b8494209f4ffc312d46e7fcbf6aafe0837bc2273b64a32073d4191c013713b
Instruction ID: d79a160e74fb7d44ebcf40cfeac4af50bd489edda319a0d2a638959ee311117c
Opcode Fuzzy Hash: 20b8494209f4ffc312d46e7fcbf6aafe0837bc2273b64a32073d4191c013713b
Instruction Fuzzy Hash: CAE1EE70B14756EFDB24CF68CD90BDAB7A6FF48310F45422ADC899B204C776A958CB90

Uniqueness

Uniqueness Score: -1.00%

Function 022229C2, Relevance: .4, Instructions: 385COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f13eb164d767ec8baad6e1633a017a9ee1c8986df65fdc3783f6491df24a4bf4
Instruction ID: 60a1cbed090c137af2fdd1e217d0353ce08b804fd61adda559f1d4256bc4526c
Opcode Fuzzy Hash: f13eb164d767ec8baad6e1633a017a9ee1c8986df65fdc3783f6491df24a4bf4
Instruction Fuzzy Hash: 9DE1DD70714756EFDB28CF68CC90BEAB7A5FF48310F45422ADC898B204C776A958CB90

Uniqueness

Uniqueness Score: -1.00%

Function 02222A24, Relevance: .4, Instructions: 362COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bbc995d63218b098bb0a05f5a1629405f1076271f660b1a1594dbea0684f66f
Instruction ID: f02857c3f3681245c441c51584890fba8de9593c1a0d82d959ddee963a61fb3e
Opcode Fuzzy Hash: 0bbc995d63218b098bb0a05f5a1629405f1076271f660b1a1594dbea0684f66f
Instruction Fuzzy Hash: F2E1CD70714756EFDB28CF68CC90BEAB7A6FF48310F45422ADC9987214C772A958CB90

Uniqueness

Uniqueness Score: -1.00%

Function 02222A68, Relevance: .3, Instructions: 343COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9a8d7cdfbd477a39576a7ae4c41f5426bf439f74ad3218c26d6fe943feed57f
Instruction ID: 41ef59d0190035a2f566fac4bb69338491f349d9c8024ca111cd91c7874be4f4
Opcode Fuzzy Hash: f9a8d7cdfbd477a39576a7ae4c41f5426bf439f74ad3218c26d6fe943feed57f
Instruction Fuzzy Hash: 62D1DD70714756EFDB28CF68CC90BEAB7A5FF08310F45422ADC998B214C772A958CB90

Uniqueness

Uniqueness Score: -1.00%

Function 02222AC0, Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c05a69ec0b9ff603e6891c4b56d0e4eded0ae8ead406d0b262e4e60218272a8
Instruction ID: a61747c4d82a205bf9f77a8230597bb311d1bccd99767a1c4eb152ec68839940
Opcode Fuzzy Hash: 2c05a69ec0b9ff603e6891c4b56d0e4eded0ae8ead406d0b262e4e60218272a8
Instruction Fuzzy Hash: E5D1DE70714756EFDB28DF68CC90BEAB7E1BF08310F45822ADC9987214D772A958CB90

Uniqueness

Uniqueness Score: -1.00%

Function 02222B1A, Relevance: .3, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 165e205c002b839a4a3c0b73f353a657ab9c7b8030ddb6947f359ea35976f3c8
Instruction ID: 39c52624b2234119c0cb1dd129d237ac72b41c4bdc9bf2ad4ae8f49d977ca9ba
Opcode Fuzzy Hash: 165e205c002b839a4a3c0b73f353a657ab9c7b8030ddb6947f359ea35976f3c8
Instruction Fuzzy Hash: 05C1F370714756EFDB28DF68CC91BEAB7E2BF09310F458229DC9987214D772A958CB80

Uniqueness

Uniqueness Score: -1.00%

Function 02222B9A, Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d40e96bfcdece0750494d8713ecb82dc1e19f7102eb085061e2783b98b686c9
Instruction ID: 69c954e57b9f07483376cd11f82b742ca663f6c4cb0ef1d7f4cc74900e46d1ae
Opcode Fuzzy Hash: 1d40e96bfcdece0750494d8713ecb82dc1e19f7102eb085061e2783b98b686c9
Instruction Fuzzy Hash: F9B11270714356EFDB24DF68CC90BEAB7E2BF09310F55422ADC898B214C7729988CB91

Uniqueness

Uniqueness Score: -1.00%

Function 02222BBA, Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f04f1e53029bf3d0130d82702b9d8f2ee19109c9752cc6c237e09a30ece9ec2c
Instruction ID: c0df0e20a06c6f32905835c672e3983c5eaf36937b58cadb1eea5bd12ed4bce7
Opcode Fuzzy Hash: f04f1e53029bf3d0130d82702b9d8f2ee19109c9752cc6c237e09a30ece9ec2c
Instruction Fuzzy Hash: 0DB12270714356EFDB24DF68CC90BEAB7E2BF09310F55422ADC898B214C7729988CB81

Uniqueness

Uniqueness Score: -1.00%

Function 02222C35, Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2bb218605350864087407c14f6a6c99a19d64a98860bba543ac8a3eff90c76d
Instruction ID: 5975593bb33c37ef25beec4b576d2865feec063b183d23a9ee6f23879c9a0df8
Opcode Fuzzy Hash: a2bb218605350864087407c14f6a6c99a19d64a98860bba543ac8a3eff90c76d
Instruction Fuzzy Hash: 77A10370724356EFDB24DF68CC90BEAB3E2BF05310F554229DC898B254C7769999CB81

Uniqueness

Uniqueness Score: -1.00%

Function 02224454, Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 684995f1cacd270e4d5b62297db841905a1095d265dfa482ef15bfbafaa3854b
Instruction ID: e0121aa33addfc0b5f01c90d55033f33dab530806045f5ffdf1a3c75a537b7c0
Opcode Fuzzy Hash: 684995f1cacd270e4d5b62297db841905a1095d265dfa482ef15bfbafaa3854b
Instruction Fuzzy Hash: 8AA14F70624369AFEF38AFA4CC907EA7762FF15340F45412DDD899B218C7724988CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02222C4E, Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fa6f9e80d630f4d6d9c5c2f2f02fb204ede752a862744769c17f6dfb8fd8e28
Instruction ID: 16fd9908a2fbe797b03431312dcdadbc3fcc203c877e746f4004512e1c97c988
Opcode Fuzzy Hash: 0fa6f9e80d630f4d6d9c5c2f2f02fb204ede752a862744769c17f6dfb8fd8e28
Instruction Fuzzy Hash: B0912470714356EFDB24DF68CC90BEAB7E2BF05310F554229DC898B218C7769999CB81

Uniqueness

Uniqueness Score: -1.00%

Function 0222253B, Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 298cc774e5ca408ea8f9778642d339c8c29199f6fdb0dfea9b74b6ecf2f02851
Instruction ID: fad1647cd37d12e71cd6de63174f510d6a3222bce79819d73107d20aee045aa1
Opcode Fuzzy Hash: 298cc774e5ca408ea8f9778642d339c8c29199f6fdb0dfea9b74b6ecf2f02851
Instruction Fuzzy Hash: 87813631618314EFEB348EB8CD593EA37E5AF96390F95061EDC8997158D3728E84CB42

Uniqueness

Uniqueness Score: -1.00%

Function 022244B0, Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4459c8936834282f5b13901031ac19100c8d3df1021751308ef1bab6a0daca2
Instruction ID: 311a2d903d5d4f7cb581c95d24e30912eb757873cf9774bddafaf3f2e973f600
Opcode Fuzzy Hash: a4459c8936834282f5b13901031ac19100c8d3df1021751308ef1bab6a0daca2
Instruction Fuzzy Hash: 76912070624369AFEF38AFA4CD907EA7762FF25340F45422DDD899B118C7724989CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02222C92, Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b05bbe28a11609e724d70d3c8bb9e6b1236fea5c289337e53b8506eddcd067f5
Instruction ID: 87909bb819c84e54a144e1b85fc89ce95cc87ae3214abe75bd29233e964c2164
Opcode Fuzzy Hash: b05bbe28a11609e724d70d3c8bb9e6b1236fea5c289337e53b8506eddcd067f5
Instruction Fuzzy Hash: 6C913330724356EFDB24DF68CC90BEAB7E2BF05310F454229EC898B254C7729999CB81

Uniqueness

Uniqueness Score: -1.00%

Function 02222544, Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fc81ac813aa4f3d9828e692a02561aec477fdc9c18309244fa39577533e69cb
Instruction ID: 6706cfb5a4b8cb760a7a77f60f4ae7849a516f4d5d5b6ef70125dd4029d7e74d
Opcode Fuzzy Hash: 0fc81ac813aa4f3d9828e692a02561aec477fdc9c18309244fa39577533e69cb
Instruction Fuzzy Hash: 9B815631618314EFE7348EB4CD593EA37E2AF963A0F59021DDC898B158D3728E85CB42

Uniqueness

Uniqueness Score: -1.00%

Function 022244EA, Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf7876163fef470c17929d57035f22fadc47576ddd39aee576511fa89236eb10
Instruction ID: 8da89a7db27c69d0b06d67df6de449a1d6ed1d2e0effe3c7aa5c4a57cdb00f2d
Opcode Fuzzy Hash: cf7876163fef470c17929d57035f22fadc47576ddd39aee576511fa89236eb10
Instruction Fuzzy Hash: 4B912170620369AFEF35AFB8CD943EA7762FF55340F444229DD899B118C7724989CB41

Uniqueness

Uniqueness Score: -1.00%

Function 02222CDA, Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0958630efbce568e51ab6d12592c40b7a4f68d817fe43ab0f18d1ab0fd1283eb
Instruction ID: e24dfb5eec5ef58c5d0297ceafde08a718883af940993536f26beb3062b59c72
Opcode Fuzzy Hash: 0958630efbce568e51ab6d12592c40b7a4f68d817fe43ab0f18d1ab0fd1283eb
Instruction Fuzzy Hash: 92812530624356EFDB24DF68CC90BEAB7A2FF05310F45422DEC999B254C7729998CB81

Uniqueness

Uniqueness Score: -1.00%

Function 022225A9, Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84a37dc2b4bca5e210ddb5b20994921eff67980c28ce26e6ce3569f1fef9484a
Instruction ID: 1199ae356d08b5d66d492fc9a8b5e9b11a6f6245d0416e46dd0d8846b1570030
Opcode Fuzzy Hash: 84a37dc2b4bca5e210ddb5b20994921eff67980c28ce26e6ce3569f1fef9484a
Instruction Fuzzy Hash: 9C716931618314EFE7349EB4CD193EA37E1AF9A3A0F59021DDC8997148D3724E41CB02

Uniqueness

Uniqueness Score: -1.00%

Function 02224546, Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a323d292957efdbb7653d26cfd8252d6df1ccde7ee209fd98c7fd1a283c9f8b3
Instruction ID: 88fbca1089cac079fe91605caa0ba6ef7f9471f7cb259c4bf7ff991c18ff5efa
Opcode Fuzzy Hash: a323d292957efdbb7653d26cfd8252d6df1ccde7ee209fd98c7fd1a283c9f8b3
Instruction Fuzzy Hash: 1B81657062036AAFEF34AFA4CD947EA7762FF65340F44422DDD899B118C7724988CB41

Uniqueness

Uniqueness Score: -1.00%

Function 022225F0, Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e88dc38526c4f45c1ffb37241eda6e7cfdb201f54f0f6be5af06f51c2febf538
Instruction ID: 2b321934f6ba540c387e5f878a2c7fce132b833d2452a121538a94cea5eba230
Opcode Fuzzy Hash: e88dc38526c4f45c1ffb37241eda6e7cfdb201f54f0f6be5af06f51c2febf538
Instruction Fuzzy Hash: 61617B31618354DFE7348EB4CD183EA37E6AF9A3A0F98421EDC9987258D3724E40CB02

Uniqueness

Uniqueness Score: -1.00%

Function 02222D2D, Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f4e8f2dc9633789f30070723b6d279620caefb898e81a09faf53ed93a7d7df9
Instruction ID: 419f8399c18796f0fc6a27baa7b7c2dc47bb05b2ae1c094b367cb748e52ca74d
Opcode Fuzzy Hash: 7f4e8f2dc9633789f30070723b6d279620caefb898e81a09faf53ed93a7d7df9
Instruction Fuzzy Hash: 9E715730624356EFDB24CF68CC90BEAB7E2BF05310F454229DC998B254C772A998CB81

Uniqueness

Uniqueness Score: -1.00%

Function 0222263A, Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4eded21f5cdcc4968d1773e2cdbe3f03590ef3e3189b19b42a8394a2c3f6ecfe
Instruction ID: ccdddda5382d19f73aa10c697d50bd9a958d2f93d9d50f92a07b4fe3e5f41ce8
Opcode Fuzzy Hash: 4eded21f5cdcc4968d1773e2cdbe3f03590ef3e3189b19b42a8394a2c3f6ecfe
Instruction Fuzzy Hash: 54514A31618354DFE734CEB4CD583EA37E6AF9A3A0F68021D9C599B248D3728E45CB41

Uniqueness

Uniqueness Score: -1.00%

Function 022294B1, Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ae295d368873eea81204a2793f7650527f74d27216d73359697d738e34a72e2
Instruction ID: 45fdf6d808492c2b61fcda86c3b478cddcd891bb40c6ca73d59d07f6b54d8b07
Opcode Fuzzy Hash: 8ae295d368873eea81204a2793f7650527f74d27216d73359697d738e34a72e2
Instruction Fuzzy Hash: 51513B70634316AFEB294EF4C5743B536A69F46260FA8415ACD038719CE7BB85CCC612

Uniqueness

Uniqueness Score: -1.00%

Function 022294C6, Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01b108c7f049de4b1c0cf82edb79b66949403eed925119641c9c71c4367513da
Instruction ID: 5e8355bcbfcec2e1ededca0afc7c15188f980af97ac03268ced8cdd5c7223eac
Opcode Fuzzy Hash: 01b108c7f049de4b1c0cf82edb79b66949403eed925119641c9c71c4367513da
Instruction Fuzzy Hash: 16513C70634316AFEB294EF4C1643B536A69F46260FE8415ACD438B19CD7B785CCC613

Uniqueness

Uniqueness Score: -1.00%

Function 022245F4, Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a640dab2071aa9d3cd3f25db933cc0f8770c22f1fa63cb23724364200d1c5fd5
Instruction ID: 55c2249f5aaa8be9bf42512ca3c7fb442fa3d82b7c8a4915cb1ddb719e3f9427
Opcode Fuzzy Hash: a640dab2071aa9d3cd3f25db933cc0f8770c22f1fa63cb23724364200d1c5fd5
Instruction Fuzzy Hash: 856133716203A9AFDF34AFA4CD947EA3B22FF65340F444229DD899B108C7724989CB41

Uniqueness

Uniqueness Score: -1.00%

Function 022294E4, Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4eea6786ad790d9a48f1afb0ac23791330d5a53b48a448f43d83887e3448151
Instruction ID: 19afba5b90844ac6ee7ab3b8eaadc6d0ee3a60590e5a9c059babe8d26d5ce030
Opcode Fuzzy Hash: e4eea6786ad790d9a48f1afb0ac23791330d5a53b48a448f43d83887e3448151
Instruction Fuzzy Hash: EF513C70634316AFEB294EF4C5643B536A79F46260FA8415ACD438B19CD7B785CCC612

Uniqueness

Uniqueness Score: -1.00%

Function 022294FE, Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9ba9b656caee623687b082b3223f9e2197a97215dfc24aaf72ae189a80b6860
Instruction ID: d58a3022afa018df5170b42a777e7b735c147e15ce30337886536f29ed699f73
Opcode Fuzzy Hash: f9ba9b656caee623687b082b3223f9e2197a97215dfc24aaf72ae189a80b6860
Instruction Fuzzy Hash: 45514C7063432AAFDB294EF4C5743B536A69F46260FA8415ACD438B19CD7B785CCC612

Uniqueness

Uniqueness Score: -1.00%

Function 02222688, Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3cab269afba2396bba9a4d45b209c9393ab776abd9bd094c0864c5cfa10b416
Instruction ID: c2cf0363c5f7d8701b41f5188371eaa57106417cf9c4713c85c4ed66040fd0ee
Opcode Fuzzy Hash: d3cab269afba2396bba9a4d45b209c9393ab776abd9bd094c0864c5cfa10b416
Instruction Fuzzy Hash: DD514C31B14354DFE7308EB8DD683EA37E5AF9A3A0F58021D9C999B244D3B14E40CB51

Uniqueness

Uniqueness Score: -1.00%

Function 02223170, Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5d07507d48794aef6db12e700d4e630754a79e2d875fb51051888d4c4cd85fc
Instruction ID: 07bef6192c06dccec8501d51907f84df9449483b726a2060a246972085f52585
Opcode Fuzzy Hash: a5d07507d48794aef6db12e700d4e630754a79e2d875fb51051888d4c4cd85fc
Instruction Fuzzy Hash: D151EE71614365AFCB39CE6CCC947E937A2BF49320F59412AEC49DB201D7759E48CB41

Uniqueness

Uniqueness Score: -1.00%

Function 02229532, Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63ff1a4a424c39ad7134a874f47072e0a98484d67e82db91cece2ac1759895ab
Instruction ID: de800484127a81a76086c3c1e9da0d38a92642c694e610cbfefed68b480cde29
Opcode Fuzzy Hash: 63ff1a4a424c39ad7134a874f47072e0a98484d67e82db91cece2ac1759895ab
Instruction Fuzzy Hash: BA514D7063431AAFEB295EF4C1743B536A6AF46360FA8415ACD438B19CD77785C8C612

Uniqueness

Uniqueness Score: -1.00%

Function 0222951C, Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 130590cc631e444fe9a3b97e9cf04785ed4af9c86c77a6ce11605355f9902a53
Instruction ID: 9d2c38af30e3e91897502ed072c3e53eb313a1cc3b1d4099a4db30856e341ecd
Opcode Fuzzy Hash: 130590cc631e444fe9a3b97e9cf04785ed4af9c86c77a6ce11605355f9902a53
Instruction Fuzzy Hash: F8514C7063431AAFEB295EF4C1643B536A7AF46360FA8415ACD438B19CE7B785CCC612

Uniqueness

Uniqueness Score: -1.00%

Function 022267A1, Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab98946a8e81f44e291c50f69a06e4af9fda6b0e600eab8307c77d14421bad89
Instruction ID: df3c3026f1af741af434b135b47344e6e9fbc7eb0ac53d83df8534bc5a06ef58
Opcode Fuzzy Hash: ab98946a8e81f44e291c50f69a06e4af9fda6b0e600eab8307c77d14421bad89
Instruction Fuzzy Hash: D641D2335387F5AFEB11DEF4C8906A57B99EF06320B588159C891CF10ADA36884EC791

Uniqueness

Uniqueness Score: -1.00%

Function 02223467, Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59d9c3cbde7aa8bb2c634ae6cfa7a0cb473c3c1deef03543aa9df8c228639d36
Instruction ID: 3fb480de3c2cd909f593f41d77c7ab81ca092fcdb05c17184ce6195e3931aabb
Opcode Fuzzy Hash: 59d9c3cbde7aa8bb2c634ae6cfa7a0cb473c3c1deef03543aa9df8c228639d36
Instruction Fuzzy Hash: 99516270618356CFEB20DEB8C998BEBB7F5AF15340F45426ECC499B268D7758880CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02229560, Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65992be77a60065712c0aea630e9b9832fbec26f980746fa3050bcd6231b7829
Instruction ID: cc61d50bd5e343125e54a40120a4da38d457ca330d918bdb10b37be2e45b92ac
Opcode Fuzzy Hash: 65992be77a60065712c0aea630e9b9832fbec26f980746fa3050bcd6231b7829
Instruction Fuzzy Hash: 29513A7063431AAFEB298EF4C1643B536A6AF56360FE8415ACD438B19CD7B785C8C612

Uniqueness

Uniqueness Score: -1.00%

Function 02223470, Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22eec3fd07de57dcfd1d5c9527413345462b311b18c6a3a54f48c2a1a9828330
Instruction ID: 849bb673473c2c04dda57626c16083c6e5361039ebe11b020afb557d337400eb
Opcode Fuzzy Hash: 22eec3fd07de57dcfd1d5c9527413345462b311b18c6a3a54f48c2a1a9828330
Instruction Fuzzy Hash: F4516571618356CFEB209EB8C998BEBB7F5EF15340F06426ECC499B264D3758880CB42

Uniqueness

Uniqueness Score: -1.00%

Function 022219BB, Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64cae5a8cc98dee485b738fa0c9592eb55e4f915f02e56350db8ecb85ab80f68
Instruction ID: 941d70037708f735967bafc212333774ceb562c08e54d158b0152bf831a4f844
Opcode Fuzzy Hash: 64cae5a8cc98dee485b738fa0c9592eb55e4f915f02e56350db8ecb85ab80f68
Instruction Fuzzy Hash: 63510171618399AFDB349E288D54BEA77F3AF98390F91412EDC8D8B254D3324985CB01

Uniqueness

Uniqueness Score: -1.00%

Function 02229578, Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b9124abeebd075de39bdef826da6777ff1f47a44669744312c8b7a43fe7bf05
Instruction ID: 06789df41626ca0ece94de727c7784ad2abe83990101d3f6400aa8c2825783b5
Opcode Fuzzy Hash: 8b9124abeebd075de39bdef826da6777ff1f47a44669744312c8b7a43fe7bf05
Instruction Fuzzy Hash: 3341297063431AAFEB294EF4C5643B536A6AF46260FE8415ACD438B19CD7B785C8C613

Uniqueness

Uniqueness Score: -1.00%

Function 02229590, Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3a63b4251301783fffd2ad42114238191b2631bbcd8294e0f4a14a7680eabb2
Instruction ID: b5a20ef3c7c04c421ff8399bd54ebcc05f65765c3e788f75d141635019b53b4a
Opcode Fuzzy Hash: b3a63b4251301783fffd2ad42114238191b2631bbcd8294e0f4a14a7680eabb2
Instruction Fuzzy Hash: 9541497063431A9FEB2A4EF4C1643B536A6AF46360FE8415ACD438B19CD7B684C8C613

Uniqueness

Uniqueness Score: -1.00%

Function 0222207E, Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b0285cc24c57a4992efb4e621e6c9e025718f370383e6718fea30425ea4bb48
Instruction ID: 0c50a35b410aff809c7105633864e11950eb2e4a4ca1442aaab34ebcdb5f3435
Opcode Fuzzy Hash: 1b0285cc24c57a4992efb4e621e6c9e025718f370383e6718fea30425ea4bb48
Instruction Fuzzy Hash: 33516D36A74365EBDF305EB48C04BEA3BB2BF51360F954219EC99AB258C7724684CB41

Uniqueness

Uniqueness Score: -1.00%

Function 022234B4, Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d211dd5d6743dd89b751e6c7793012d3542a9f4f26d49950c7a4b58e4ffe22a
Instruction ID: 48ca9b4044cc359f2bc6778569e2963f637c012a6fb008e553624dcedc8ce75c
Opcode Fuzzy Hash: 5d211dd5d6743dd89b751e6c7793012d3542a9f4f26d49950c7a4b58e4ffe22a
Instruction Fuzzy Hash: C8515371618356CFDB609EB4CD98BEBB7F5AF15390F06426ECC489B258D3758980CB42

Uniqueness

Uniqueness Score: -1.00%

Function 0222350A, Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b6f6e2227d9575082106864880824fbe940d114dc5b51af4a01673bfdfe6b48
Instruction ID: 71db1e9b96da062df3ee747d5aa615a4692c7d6f327177f0ea9f1491e9ee77ce
Opcode Fuzzy Hash: 1b6f6e2227d9575082106864880824fbe940d114dc5b51af4a01673bfdfe6b48
Instruction Fuzzy Hash: 10417A71618366CFEB309EB8CD987EB76F9AF11390F05422ECD44AB658D7754980CB42

Uniqueness

Uniqueness Score: -1.00%

Function 022256C8, Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 604ec15266d94adc73a2e52b16fbeeb2a8c0b9f814d5187b6baf4b6300c75fc7
Instruction ID: 049314a10a444b415f19da56d5cda3c3ca27ba91191c3137ec139e398538210a
Opcode Fuzzy Hash: 604ec15266d94adc73a2e52b16fbeeb2a8c0b9f814d5187b6baf4b6300c75fc7
Instruction Fuzzy Hash: F0315430A18315DFDB285E7489993FAB7A2EF41350FC2812ECCCA92884C3B509C9CA17

Uniqueness

Uniqueness Score: -1.00%

Function 02223A93, Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 669faf38e747bfd9b665fe36bb951ae475e5020eb8c9836a69b102e3bfad2285
Instruction ID: 00cf00d157e85d663c01515f944fc46b6c56157a75f960ceed42748a1ea69e30
Opcode Fuzzy Hash: 669faf38e747bfd9b665fe36bb951ae475e5020eb8c9836a69b102e3bfad2285
Instruction Fuzzy Hash: 35219B32415326EBDF28EF784A527EF3BB39F54780F42811EDD8A4760CD77A09068A42

Uniqueness

Uniqueness Score: -1.00%

Function 02220691, Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e270565081e1a360e5d627ff9e5e49d0bbbbfadd885f4a7facea2a8f45598aa1
Instruction ID: e0c688257e2077162c2cc9615a4af2024fdc0ae3b57f82cff47f5f789e78b281
Opcode Fuzzy Hash: e270565081e1a360e5d627ff9e5e49d0bbbbfadd885f4a7facea2a8f45598aa1
Instruction Fuzzy Hash: 16F0C235924372AF9741EEB8C004247B775EF563A1F148458DC9ADB119EB628D09CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 02227EEA, Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9779050df2133787988a47935f8b98c98788560f340f51def25105310d39ec8a
Instruction ID: cb1edb60643cdd497daf671274d9a26c8e6ec24c060157e0f6f1946735d9da93
Opcode Fuzzy Hash: 9779050df2133787988a47935f8b98c98788560f340f51def25105310d39ec8a
Instruction Fuzzy Hash: 20F01C7223D221AFC724CF48C9C4A5AF3A5AB59310F554466E909CBB28CB72EC44CA69

Uniqueness

Uniqueness Score: -1.00%

Function 02225204, Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f006a1d1e69afae2a8336718773b530283db7ee072b3e3daa8d8d78d9640a00b
Instruction ID: 0b4b6fb049baf3bad0075f3308ec5cfef0c256e5c19efab5a7fc829122d15457
Opcode Fuzzy Hash: f006a1d1e69afae2a8336718773b530283db7ee072b3e3daa8d8d78d9640a00b
Instruction Fuzzy Hash: B8C04C7A725580CFEB95CA04D591B4073F0FB52944BC90590E402CB655C258E954C600

Uniqueness

Uniqueness Score: -1.00%

Function 02227B6C, Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.700409713.0000000002220000.00000040.00000001.sdmp, Offset: 02220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df42f20d228ab6c55d0e7ba1e1510625362ed2914a4b16e5e3a6da4fe8837c5e
Instruction ID: 9b98c906e98559c2bc7d657ee2cf0c6312ae9dbc43178bc1cd545a7d4e9c37ae
Opcode Fuzzy Hash: df42f20d228ab6c55d0e7ba1e1510625362ed2914a4b16e5e3a6da4fe8837c5e
Instruction Fuzzy Hash: 47B092306109408FCA41CA08C180E4073A0BB14B00B810490E001C7A11C224E800CA10

Uniqueness

Uniqueness Score: -1.00%

Function 0043E740, Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 89COMMON

Download Yara Rule

APIs

#648.MSVBVM60(?), ref: 0043E798
__vbaFreeVar.MSVBVM60 ref: 0043E7A3
__vbaStrCmp.MSVBVM60(00407E08,00000000), ref: 0043E7B4
#645.MSVBVM60(?,00000000), ref: 0043E7D5
__vbaStrMove.MSVBVM60 ref: 0043E7E0
__vbaStrCmp.MSVBVM60(00407E08,00000000), ref: 0043E7EC
__vbaFreeStr.MSVBVM60 ref: 0043E7FE
__vbaFreeStr.MSVBVM60(0043E86D), ref: 0043E866

Strings

%@, xrefs: 0043E76E, 0043E773

Memory Dump Source

Source File: 00000000.00000002.697011620.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.696417829.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.699391127.0000000000440000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.699405710.0000000000442000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: __vba$Free$#645#648Move
String ID: %@
API String ID: 2957232524-2048787947
Opcode ID: 8607b4f6ea0cf87e22d6f30123e8b2a9ff363e94a54bd1ae0919a9b16b223512
Instruction ID: d667741318204c84332885818ec668ad863fc7eb9632d5e57a0ed1ed5bd8b2b6
Opcode Fuzzy Hash: 8607b4f6ea0cf87e22d6f30123e8b2a9ff363e94a54bd1ae0919a9b16b223512
Instruction Fuzzy Hash: 683150B5D01209EFCB14DFA5DA489AEBBB8FF88700F20411AF911B72A0D7785945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0043E8A0, Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 88COMMON

Download Yara Rule

APIs

__vbaNew2.MSVBVM60(00404A34,00440DC0), ref: 0043E8ED
__vbaHresultCheckObj.MSVBVM60(00000000,0229ED94,00404A24,00000014), ref: 0043E912
__vbaHresultCheckObj.MSVBVM60(00000000,?,00404A44,00000058), ref: 0043E936
__vbaVarLateMemCallLd.MSVBVM60(?,?,Value,00000000), ref: 0043E94A
__vbaStrVarVal.MSVBVM60(?,00000000), ref: 0043E958
#690.MSVBVM60(?,Options,Show Tips at Startup,00000000), ref: 0043E96D
__vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0043E97D
__vbaFreeObj.MSVBVM60 ref: 0043E989
__vbaFreeVar.MSVBVM60 ref: 0043E992
__vbaFreeVar.MSVBVM60(0043E9CF), ref: 0043E9C8

Strings

Value, xrefs: 0043E93D
Options, xrefs: 0043E967
Show Tips at Startup, xrefs: 0043E962

Memory Dump Source

Source File: 00000000.00000002.697011620.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.696417829.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.699391127.0000000000440000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.699405710.0000000000442000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: __vba$Free$CheckHresult$#690CallLateListNew2
String ID: Options$Show Tips at Startup$Value
API String ID: 2162649039-3815377432
Opcode ID: e67ad0b23bc1f74a2437c551b382d7bb1383e017f2a624289145b7efc0f8893f
Instruction ID: 25a319177c4a8f2c1b99c5468c992c13c11dcfbc250e3d49d69350e98b42e75f
Opcode Fuzzy Hash: e67ad0b23bc1f74a2437c551b382d7bb1383e017f2a624289145b7efc0f8893f
Instruction Fuzzy Hash: 40314DB1940208ABCB04DB95DE49EDEBBB8FF5C701F14452AF141B31A0DB78A944CB68

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report Cailbers22LongRiflorderlist.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: GuLoader

Yara Overview

Initial Sample

Memory Dumps

Unpacked PEs

Sigma Overview

Signature Overview

AV Detection:

Compliance:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Network Behavior

Code Manipulations

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

System Behavior

Analysis Process: Cailbers22LongRiflorderlist.exe PID: 6364 Parent PID: 5880

General

Chronological Activities