Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report RICHIESTA DI OFFERTA.exe

Overview

General Information

Sample Name:RICHIESTA DI OFFERTA.exe
Analysis ID:450724
MD5:73bb5c4b690b8d6df88d6bc18fb3a553
SHA1:60adddd91b6038fc9d819cf6d647ce3be0b11d38
SHA256:a3feb5265e6d02710f04ff618e966e9da9ba8fc8dc5692d6f7633fe0a3037b66
Infos:

Most interesting Screenshot:

Detection

GuLoader
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Yara detected GuLoader
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found potential dummy code loops (likely to delay analysis)
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Detected potential crypto function
PE file contains strange resources
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w7x64
  • RICHIESTA DI OFFERTA.exe (PID: 2452 cmdline: 'C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe' MD5: 73BB5C4B690B8D6DF88D6BC18FB3A553)
  • cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "https://bamontarquitectura.com.mx/IRANSAT_kowbB4.bi}"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

    Sigma Overview

    No Sigma rule has matched

    Jbx Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Found malware configurationShow sources
    Source: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmpMalware Configuration Extractor: GuLoader {"Payload URL": "https://bamontarquitectura.com.mx/IRANSAT_kowbB4.bi}"}
    Source: RICHIESTA DI OFFERTA.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

    Networking:

    barindex
    C2 URLs / IPs found in malware configurationShow sources
    Source: Malware configuration extractorURLs: https://bamontarquitectura.com.mx/IRANSAT_kowbB4.bi}
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeProcess Stats: CPU usage > 98%
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_004092BC0_2_004092BC
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_0046684F0_2_0046684F
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_0046A4550_2_0046A455
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_0046681F0_2_0046681F
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_004670250_2_00467025
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_004670220_2_00467022
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_004618FB0_2_004618FB
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_00466C930_2_00466C93
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_0046709F0_2_0046709F
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_00467CAB0_2_00467CAB
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_004665540_2_00466554
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_004669550_2_00466955
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_0046156F0_2_0046156F
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_0046A9690_2_0046A969
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_004611750_2_00461175
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_004639710_2_00463971
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_0046AFD70_2_0046AFD7
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_00466D2C0_2_00466D2C
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_0046692D0_2_0046692D
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_004661380_2_00466138
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_004661DC0_2_004661DC
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_004669D80_2_004669D8
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_0046C5D90_2_0046C5D9
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_004655A60_2_004655A6
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_00461A430_2_00461A43
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_004616640_2_00461664
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_004612760_2_00461276
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_00466E000_2_00466E00
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_0046662B0_2_0046662B
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_004666C70_2_004666C7
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_00466EC70_2_00466EC7
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_004616E30_2_004616E3
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_004612E80_2_004612E8
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_004636FA0_2_004636FA
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_0046E2800_2_0046E280
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_004666920_2_00466692
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_004662A30_2_004662A3
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_00466AAB0_2_00466AAB
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_0046634E0_2_0046634E
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_0046DB550_2_0046DB55
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_00466B6B0_2_00466B6B
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_004667780_2_00466778
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_0046C3290_2_0046C329
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_0046AFD70_2_0046AFD7
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_00466BEB0_2_00466BEB
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_004663F70_2_004663F7
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_00465FF10_2_00465FF1
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_004617830_2_00461783
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_00466F9B0_2_00466F9B
    Source: RICHIESTA DI OFFERTA.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
    Source: RICHIESTA DI OFFERTA.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
    Source: RICHIESTA DI OFFERTA.exe, 00000000.00000002.2609026459.0000000000435000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameIndtr8.exe vs RICHIESTA DI OFFERTA.exe
    Source: RICHIESTA DI OFFERTA.exe, 00000000.00000002.2608868723.00000000003E0000.00000008.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs RICHIESTA DI OFFERTA.exe
    Source: RICHIESTA DI OFFERTA.exeBinary or memory string: OriginalFilenameIndtr8.exe vs RICHIESTA DI OFFERTA.exe
    Source: RICHIESTA DI OFFERTA.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
    Source: classification engineClassification label: mal76.troj.evad.winEXE@1/0@0/0
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeFile created: C:\Users\user\AppData\Local\Temp\~DF94EEF8D419BE56F0.TMPJump to behavior
    Source: RICHIESTA DI OFFERTA.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior

    Data Obfuscation:

    barindex
    Yara detected GuLoaderShow sources
    Source: Yara matchFile source: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, type: MEMORY
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_0040C06E push 00000000h; retf 0_2_0040C0B0
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_00406625 push ebp; iretd 0_2_0040662F
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_00463429 push 84000002h; retf 0_2_0046342F
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_00460095 pushad ; retf 0_2_00460097
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_0046010B pushad ; retf 0_2_0046010D
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion:

    barindex
    Contains functionality to detect hardware virtualization (CPUID execution measurement)Show sources
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_0046684F 0_2_0046684F
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_0046A455 0_2_0046A455
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_0046681F 0_2_0046681F
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_004618FB 0_2_004618FB
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_00466554 0_2_00466554
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_00466955 0_2_00466955
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_0046156F 0_2_0046156F
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_0046A969 0_2_0046A969
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_00461175 0_2_00461175
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_00463971 0_2_00463971
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_0046692D 0_2_0046692D
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_00466138 0_2_00466138
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_004661DC 0_2_004661DC
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_004669D8 0_2_004669D8
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_0046C5D9 0_2_0046C5D9
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_00461664 0_2_00461664
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_00461276 0_2_00461276
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_0046662B 0_2_0046662B
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_004666C7 0_2_004666C7
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_004616E3 0_2_004616E3
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_004612E8 0_2_004612E8
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_004636FA 0_2_004636FA
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_0046E280 0_2_0046E280
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_00466692 0_2_00466692
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_004662A3 0_2_004662A3
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_00466AAB 0_2_00466AAB
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_0046634E 0_2_0046634E
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_00466778 0_2_00466778
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_004663F7 0_2_004663F7
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_00465FF1 0_2_00465FF1
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_00461783 0_2_00461783
    Detected RDTSC dummy instruction sequence (likely for instruction hammering)Show sources
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeRDTSC instruction interceptor: First address: 000000000046E352 second address: 000000000046E352 instructions:
    Tries to detect virtualization through RDTSC time measurementsShow sources
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeRDTSC instruction interceptor: First address: 000000000046E352 second address: 000000000046E352 instructions:
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_0046684F rdtsc 0_2_0046684F
    Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected

    Anti Debugging:

    barindex
    Found potential dummy code loops (likely to delay analysis)Show sources
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeProcess Stats: CPU usage > 90% for more than 60s
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_0046684F rdtsc 0_2_0046684F
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_0046A900 mov eax, dword ptr fs:[00000030h]0_2_0046A900
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_0046C5D9 mov eax, dword ptr fs:[00000030h]0_2_0046C5D9
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_0046B1FE mov eax, dword ptr fs:[00000030h]0_2_0046B1FE
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_00467AB1 mov eax, dword ptr fs:[00000030h]0_2_00467AB1
    Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
    Source: RICHIESTA DI OFFERTA.exe, 00000000.00000002.2609521250.0000000000A00000.00000002.00000001.sdmpBinary or memory string: Program Manager
    Source: RICHIESTA DI OFFERTA.exe, 00000000.00000002.2609521250.0000000000A00000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
    Source: RICHIESTA DI OFFERTA.exe, 00000000.00000002.2609521250.0000000000A00000.00000002.00000001.sdmpBinary or memory string: !Progman
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeCode function: 0_2_004608C5 cpuid 0_2_004608C5
    Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection1Virtualization/Sandbox Evasion11OS Credential DumpingSecurity Software Discovery41Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection1LSASS MemoryVirtualization/Sandbox Evasion11Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothApplication Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information1Security Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Information Discovery312Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.

    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    RICHIESTA DI OFFERTA.exe9%ReversingLabsWin32.Backdoor.Remcos

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://bamontarquitectura.com.mx/IRANSAT_kowbB4.bi}0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    No contacted domains info

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    https://bamontarquitectura.com.mx/IRANSAT_kowbB4.bi}true
    • Avira URL Cloud: safe
    		unknown

    Contacted IPs

    No contacted IP infos

    General Information

    Joe Sandbox Version:33.0.0 White Diamond
    Analysis ID:450724
    Start date:19.07.2021
    Start time:16:25:18
    Joe Sandbox Product:CloudBasic
    Overall analysis duration:0h 8m 15s
    Hypervisor based Inspection enabled:false
    Report type:full
    Sample file name:RICHIESTA DI OFFERTA.exe
    Cookbook file name:default.jbs
    Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
    Number of analysed new started processes analysed:2
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • HDC enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Detection:MAL
    Classification:mal76.troj.evad.winEXE@1/0@0/0
    EGA Information:
    • Successful, ratio: 100%
    HDC Information:
    • Successful, ratio: 25.5% (good quality ratio 7.7%)
    • Quality average: 18.2%
    • Quality standard deviation: 29.9%
    HCA Information:Failed
    Cookbook Comments:
    • Adjust boot time
    • Enable AMSI
    • Found application associated with file extension: .exe
    • Override analysis time to 240s for sample files taking high CPU consumption
    Warnings:
    Show All
    • Exclude process from analysis (whitelisted): dllhost.exe
    • VT rate limit hit for: /opt/package/joesandbox/database/analysis/450724/sample/RICHIESTA DI OFFERTA.exe

    Simulations

    Behavior and APIs

    No simulations

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    No context

    ASN

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    No created / dropped files found

    Static File Info

    General

    File type:PE32 executable (GUI) Intel 80386, for MS Windows
    Entropy (8bit):6.2221702126738
    TrID:
    • Win32 Executable (generic) a (10002005/4) 99.15%
    • Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81%
    • Generic Win/DOS Executable (2004/3) 0.02%
    • DOS Executable Generic (2002/1) 0.02%
    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
    File name:RICHIESTA DI OFFERTA.exe
    File size:241664
    MD5:73bb5c4b690b8d6df88d6bc18fb3a553
    SHA1:60adddd91b6038fc9d819cf6d647ce3be0b11d38
    SHA256:a3feb5265e6d02710f04ff618e966e9da9ba8fc8dc5692d6f7633fe0a3037b66
    SHA512:9c023dc66d9bcfb2f5bc0274001d92948ac058fc8765d2178907dfd8fb9885ede57acc3836d583ad97516dce1a97c50f081800b41a1f42ea938efb8b23e87567
    SSDEEP:3072:+3BepJlZa/xao5JKwI7V4R4iUW/qcijw2HJlZapGBR:EiUIo5JKPgU99vHP
    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#...B...B...B..L^...B...`...B...d...B..Rich.B..........PE..L...WS.N................. ...................0....@................

    File Icon

    Icon Hash:f8fcd4ccf4e4e8d0

    Static PE Info

    General

    Entrypoint:0x4019b0
    Entrypoint Section:.text
    Digitally signed:false
    Imagebase:0x400000
    Subsystem:windows gui
    Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
    DLL Characteristics:
    Time Stamp:0x4EA15357 [Fri Oct 21 11:11:19 2011 UTC]
    TLS Callbacks:
    CLR (.Net) Version:
    OS Version Major:4
    OS Version Minor:0
    File Version Major:4
    File Version Minor:0
    Subsystem Version Major:4
    Subsystem Version Minor:0
    Import Hash:e9f7dd0da1a2a1266893e1ae4ef42b67

    Entrypoint Preview

    Instruction
    push 00408AA0h
    call 00007FC0210E5A65h
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    xor byte ptr [eax], al
    add byte ptr [eax], al
    cmp byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    outsd
    mul byte ptr [ebx+3Fh]
    dec esi
    outsb
    and al, 41h
    mov bl, 08h
    popad
    pop ds
    test al, CEh
    xchg eax, esi
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add dword ptr [eax], eax
    add byte ptr [eax], al
    inc edx
    add byte ptr [esi], al
    push eax
    add dword ptr [ecx], 56h
    jne 00007FC0210E5AE4h
    cmp dword ptr fs:[eax], eax
    add al, byte ptr [eax]
    add byte ptr [eax], al
    add bh, bh
    int3
    xor dword ptr [eax], eax
    xor esp, esp
    push cs
    xchg eax, edx
    test eax, 48C3D75Ah
    mov gs, bx
    test al, CAh
    xor esp, esp
    xor al, 88h
    jecxz 00007FC0210E5A9Ah
    scasb
    and dword ptr [edi-40B94528h], 28h
    cmp dword ptr [edx-38D0AA14h], edi
    cmp cl, byte ptr [edi-53h]
    xor ebx, dword ptr [ecx-48EE309Ah]
    or al, 00h
    stosb
    add byte ptr [eax-2Dh], ah
    xchg eax, ebx
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    out 6Fh, eax
    add byte ptr [eax], al
    lea ebp, dword ptr [eax+00h]
    add byte ptr [eax], al
    add al, 00h
    jnc 00007FC0210E5ADAh
    add byte ptr [41000401h], cl
    jc 00007FC0210E5AD9h
    jne 00007FC0210E5A72h
    sbb dword ptr [ecx], eax
    add byte ptr [edx+00h], al
    and al, byte ptr [ecx]
    and ecx, dword ptr [esi+68h]
    add byte ptr [eax], al
    insb

    Data Directories

    NameVirtual AddressVirtual Size Is in Section
    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IMPORT0x322340x28.text
    IMAGE_DIRECTORY_ENTRY_RESOURCE0x350000x6d0a.rsrc
    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x2280x20
    IMAGE_DIRECTORY_ENTRY_IAT0x10000x1a4.text
    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

    Sections

    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
    .text0x10000x318a40x32000False0.39177734375data6.3764832494IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
    .data0x330000x12900x1000False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
    .rsrc0x350000x6d0a0x7000False0.481689453125data5.46300019784IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

    Resources

    NameRVASizeTypeLanguageCountry
    RT_ICON0x3ae620xea8data
    RT_ICON0x3a5ba0x8a8data
    RT_ICON0x39ef20x6c8data
    RT_ICON0x3998a0x568GLS_BINARY_LSB_FIRST
    RT_ICON0x373e20x25a8dBase III DBT, version number 0, next free block index 40
    RT_ICON0x3633a0x10a8data
    RT_ICON0x359b20x988data
    RT_ICON0x3554a0x468GLS_BINARY_LSB_FIRST
    RT_GROUP_ICON0x354d40x76data
    RT_VERSION0x352400x294dataEnglishUnited States

    Imports

    DLLImport
    MSVBVM60.DLL_CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaAryMove, __vbaLenBstr, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, __vbaLenBstrB, _adj_fdiv_m32, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, _adj_fdivr_m16i, __vbaCyStr, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaAryConstruct2, __vbaI2I4, DllFunctionCall, _adj_fpatan, __vbaLateIdCallLd, EVENT_SINK_Release, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaFpCmpCy, __vbaExceptHandler, __vbaStrToUnicode, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaInStrVar, __vbaDateVar, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaNew2, __vbaVar2Vec, __vbaInStr, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaI4Str, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaLateMemCall, __vbaVarDup, __vbaStrToAnsi, __vbaFpI4, _CIatan, __vbaStrMove, __vbaCastObj, _allmul, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj

    Version Infos

    DescriptionData
    Translation0x0409 0x04b0
    LegalCopyrightSocialbakers
    InternalNameIndtr8
    FileVersion1.00
    CompanyNameSocialbakers
    LegalTrademarksSocialbakers
    ProductNameVurd9
    ProductVersion1.00
    OriginalFilenameIndtr8.exe

    Possible Origin

    Language of compilation systemCountry where language is spokenMap
    EnglishUnited States

    Network Behavior

    No network behavior found

    Code Manipulations

    Statistics

    CPU Usage

    Click to jump to process

    Memory Usage

    Click to jump to process

    System Behavior

    Analysis Process: RICHIESTA DI OFFERTA.exe PID: 2452 Parent PID: 2508

    General

    Start time:16:25:37
    Start date:19/07/2021
    Path:C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe
    Wow64 process (32bit):true
    Commandline:'C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe'
    Imagebase:0x400000
    File size:241664 bytes
    MD5 hash:73BB5C4B690B8D6DF88D6BC18FB3A553
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:Visual Basic
    Yara matches:
    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Author: Joe Security
    Reputation:low

    Chronological Activities

    Disassembly

    Code Analysis

    Reset < >

      Analysis Process: RICHIESTA DI OFFERTA.exe PID: 2452 Parent PID: 2508 RICHIESTA DI OFFERTA.exeCOMMON

      Execution Graph

      Execution Coverage:0.5%
      Dynamic/Decrypted Code Coverage:70.1%
      Signature Coverage:55.2%
      Total number of Nodes:779
      Total number of Limit Nodes:11

      Graph

      execution_graph 13858 424840 #660 __vbaVarTstNe __vbaFreeVarList 13859 4248e8 13858->13859 13860 4248dd #532 13858->13860 13860->13859 14651 425240 14652 425277 #672 __vbaFpR8 14651->14652 14653 42535b __vbaFreeStr 14652->14653 14654 4252be 14652->14654 14655 4252d6 14654->14655 14656 4252c6 __vbaNew2 14654->14656 14658 4252fb 14655->14658 14659 4252ec __vbaHresultCheckObj 14655->14659 14656->14655 14660 425330 __vbaHresultCheckObj 14658->14660 14661 42533f __vbaStrMove __vbaFreeObj 14658->14661 14659->14658 14660->14661 14661->14653 14889 424ac0 14890 424af7 __vbaStrCopy __vbaStrCopy 14889->14890 14891 424b34 __vbaObjSet 14890->14891 14892 424b1f __vbaNew2 14890->14892 14894 424b73 14891->14894 14892->14891 14895 424b8b __vbaFreeObj 14894->14895 14896 424b79 __vbaHresultCheckObj 14894->14896 14897 424ba5 __vbaFreeStr __vbaFreeStr 14895->14897 14896->14895 14028 4608c5 14029 4608f7 14028->14029 14032 46a969 14029->14032 14031 460906 14033 46a9b8 14032->14033 14044 460ae5 14032->14044 14034 46b1fe GetPEB 14033->14034 14037 46aae8 14033->14037 14036 46aa31 14034->14036 14035 46c5d9 3 API calls 14035->14044 14036->14037 14039 46b1fe GetPEB 14036->14039 14037->14031 14038 460a80 14038->14031 14040 46aa73 14039->14040 14040->14037 14041 46b1fe GetPEB 14040->14041 14041->14037 14043 46db0d GetPEB GetPEB GetPEB 14043->14044 14044->14031 14044->14032 14044->14035 14044->14038 14044->14043 14045 46a969 GetPEB GetPEB GetPEB 14044->14045 14046 46758d 14044->14046 14049 46a900 GetPEB 14044->14049 14045->14044 14047 46db0d 3 API calls 14046->14047 14048 4675bf 14047->14048 14048->14031 14049->14044 14662 461a43 14664 461a4c 14662->14664 14663 46db0d 3 API calls 14665 461ac0 14663->14665 14664->14663 14664->14665 14666 465f5a 3 API calls 14665->14666 14667 461b9f 14665->14667 14666->14665 14254 40bd48 14255 4320b0 14254->14255 14256 432107 __vbaNew2 14255->14256 14257 432117 14255->14257 14256->14257 14258 432140 14257->14258 14259 43212d __vbaHresultCheckObj 14257->14259 14260 43215e __vbaHresultCheckObj 14258->14260 14261 43216c __vbaStrMove __vbaFreeObj #598 __vbaStrCopy 14258->14261 14259->14258 14260->14261 14262 4321ad 14261->14262 14263 4321b1 __vbaHresultCheckObj 14262->14263 14264 4321bf __vbaFreeStrList 14262->14264 14263->14264 14265 4321fd __vbaFreeStr 14264->14265 15085 46634e 15086 466354 15085->15086 15099 460ae5 15086->15099 15105 46a900 GetPEB 15086->15105 15088 46db0d GetPEB GetPEB GetPEB 15088->15099 15089 46c5d9 3 API calls 15089->15099 15090 46a9b8 15091 46b1fe GetPEB 15090->15091 15094 46aae8 15090->15094 15092 46aa31 15091->15092 15092->15094 15095 46b1fe GetPEB 15092->15095 15093 460a80 15097 46aa73 15095->15097 15097->15094 15098 46b1fe GetPEB 15097->15098 15098->15094 15099->15088 15099->15089 15099->15090 15099->15093 15100 46a969 GetPEB GetPEB GetPEB 15099->15100 15101 46758d 15099->15101 15104 46a900 GetPEB 15099->15104 15100->15099 15102 46db0d 3 API calls 15101->15102 15103 4675bf 15102->15103 15104->15099 15105->15099 13861 46684f 13874 460ae5 13861->13874 13863 46a9b8 13866 46aae8 13863->13866 13901 46b1fe GetPEB 13863->13901 13865 46aa31 13865->13866 13867 46b1fe GetPEB 13865->13867 13868 46aa73 13867->13868 13868->13866 13871 46b1fe GetPEB 13868->13871 13869 460a80 13871->13866 13872 46db0d GetPEB GetPEB GetPEB 13872->13874 13873 46a969 GetPEB GetPEB GetPEB 13873->13874 13874->13863 13874->13869 13874->13872 13874->13873 13875 46758d 13874->13875 13878 46c5d9 13874->13878 13897 46a900 GetPEB 13874->13897 13898 46db0d 13875->13898 13879 46c60f GetPEB 13878->13879 13892 460ae5 13879->13892 13881 46a9b8 13882 46b1fe GetPEB 13881->13882 13885 46aae8 13881->13885 13884 46aa31 13882->13884 13883 46c5d9 2 API calls 13883->13892 13884->13885 13887 46b1fe GetPEB 13884->13887 13885->13874 13886 460a80 13886->13874 13888 46aa73 13887->13888 13888->13885 13889 46b1fe GetPEB 13888->13889 13889->13885 13891 46a969 GetPEB GetPEB 13891->13892 13892->13874 13892->13881 13892->13883 13892->13886 13892->13891 13893 46db0d GetPEB GetPEB 13892->13893 13894 46758d 13892->13894 13903 46a900 GetPEB 13892->13903 13893->13892 13895 46db0d 2 API calls 13894->13895 13896 4675bf 13895->13896 13896->13874 13897->13874 13899 46db3b 13898->13899 13904 46db55 13899->13904 13902 46b225 13901->13902 13902->13865 13903->13892 13905 46db91 13904->13905 13910 460a80 13905->13910 13926 46e280 13905->13926 13907 46c5d9 3 API calls 13919 460ae5 13907->13919 13908 46df54 13911 46e280 3 API calls 13908->13911 13908->13919 13909 46a9b8 13912 46b1fe GetPEB 13909->13912 13914 46aae8 13909->13914 13910->13899 13911->13919 13913 46aa31 13912->13913 13913->13914 13915 46b1fe GetPEB 13913->13915 13914->13899 13916 46aa73 13915->13916 13916->13914 13917 46b1fe GetPEB 13916->13917 13917->13914 13919->13899 13919->13907 13919->13909 13919->13910 13920 46db0d GetPEB GetPEB GetPEB 13919->13920 13921 46a969 GetPEB GetPEB GetPEB 13919->13921 13922 46758d 13919->13922 13925 46a900 GetPEB 13919->13925 13920->13919 13921->13919 13923 46db0d 3 API calls 13922->13923 13924 4675bf 13923->13924 13924->13899 13925->13919 13939 460ae5 13926->13939 13927 46c5d9 3 API calls 13927->13939 13928 46a9b8 13930 46b1fe GetPEB 13928->13930 13932 46aae8 13928->13932 13929 460a80 13929->13908 13931 46aa31 13930->13931 13931->13932 13933 46b1fe GetPEB 13931->13933 13932->13908 13934 46aa73 13933->13934 13934->13932 13935 46b1fe GetPEB 13934->13935 13935->13932 13937 46a969 GetPEB GetPEB GetPEB 13937->13939 13938 46db0d GetPEB GetPEB GetPEB 13938->13939 13939->13908 13939->13926 13939->13927 13939->13928 13939->13929 13939->13937 13939->13938 13940 46758d 13939->13940 13943 46a900 GetPEB 13939->13943 13941 46db0d 3 API calls 13940->13941 13942 4675bf 13941->13942 13942->13908 13943->13939 14898 4016cc 14899 40173e __vbaExceptHandler 14898->14899 14900 40175f _adj_fdiv_m64 14898->14900 14899->14900 14550 4259d0 14551 425a07 __vbaVarDup #687 __vbaDateVar __vbaFreeVarList 14550->14551 14552 425a7d 14551->14552 15169 42d3d0 15170 42d413 __vbaNew2 15169->15170 15171 42d428 __vbaObjSet 15169->15171 15170->15171 15173 42d463 __vbaObjSet 15171->15173 15174 42d44e __vbaNew2 15171->15174 15176 42d482 15173->15176 15174->15173 15177 42d49a __vbaLateIdCallLd __vbaStrVarMove __vbaStrMove 15176->15177 15178 42d488 __vbaHresultCheckObj 15176->15178 15179 42d4e6 15177->15179 15178->15177 15180 42d4fe __vbaFreeStr __vbaFreeObjList __vbaFreeVar 15179->15180 15181 42d4ec __vbaHresultCheckObj 15179->15181 15182 42d567 15180->15182 15181->15180 14298 466955 14299 46db0d 3 API calls 14298->14299 14305 460ae5 14298->14305 14299->14305 14300 46db0d GetPEB GetPEB GetPEB 14300->14305 14301 460a80 14302 46c5d9 3 API calls 14302->14305 14303 46a9b8 14304 46aae8 14303->14304 14306 46b1fe GetPEB 14303->14306 14305->14300 14305->14301 14305->14302 14305->14303 14312 46a969 GetPEB GetPEB GetPEB 14305->14312 14313 46758d 14305->14313 14316 46a900 GetPEB 14305->14316 14307 46aa31 14306->14307 14307->14304 14308 46b1fe GetPEB 14307->14308 14309 46aa73 14308->14309 14309->14304 14311 46b1fe GetPEB 14309->14311 14311->14304 14312->14305 14314 46db0d 3 API calls 14313->14314 14315 4675bf 14314->14315 14316->14305 14317 46555e 14319 465564 14317->14319 14318 46558a 14319->14318 14333 460ae5 14319->14333 14338 4655a6 14319->14338 14321 46a9b8 14322 46b1fe GetPEB 14321->14322 14325 46aae8 14321->14325 14324 46aa31 14322->14324 14323 46c5d9 3 API calls 14323->14333 14324->14325 14326 46b1fe GetPEB 14324->14326 14327 46aa73 14326->14327 14327->14325 14328 46b1fe GetPEB 14327->14328 14328->14325 14329 460a80 14331 46db0d GetPEB GetPEB GetPEB 14331->14333 14332 46a969 GetPEB GetPEB GetPEB 14332->14333 14333->14321 14333->14323 14333->14329 14333->14331 14333->14332 14334 46758d 14333->14334 14337 46a900 GetPEB 14333->14337 14335 46db0d 3 API calls 14334->14335 14336 4675bf 14335->14336 14337->14333 14339 4655a1 14338->14339 14340 4655a6 3 API calls 14339->14340 14353 460ae5 14339->14353 14340->14353 14341 46a9b8 14342 46b1fe GetPEB 14341->14342 14345 46aae8 14341->14345 14344 46aa31 14342->14344 14343 46c5d9 3 API calls 14343->14353 14344->14345 14346 46b1fe GetPEB 14344->14346 14345->14333 14347 46aa73 14346->14347 14347->14345 14348 46b1fe GetPEB 14347->14348 14348->14345 14349 460a80 14349->14333 14351 46db0d GetPEB GetPEB GetPEB 14351->14353 14352 46a969 GetPEB GetPEB GetPEB 14352->14353 14353->14333 14353->14341 14353->14343 14353->14349 14353->14351 14353->14352 14354 46758d 14353->14354 14357 46a900 GetPEB 14353->14357 14355 46db0d 3 API calls 14354->14355 14356 4675bf 14355->14356 14356->14333 14357->14353 14668 461664 14678 461682 14668->14678 14669 46a969 3 API calls 14670 461906 14669->14670 14671 461928 14670->14671 14691 460ae5 14670->14691 14673 46a969 3 API calls 14671->14673 14672 46a9b8 14674 46b1fe GetPEB 14672->14674 14679 46aae8 14672->14679 14681 46193d 14673->14681 14677 46aa31 14674->14677 14675 46c5d9 3 API calls 14675->14691 14676 460a80 14677->14679 14680 46b1fe GetPEB 14677->14680 14678->14669 14678->14691 14682 46aa73 14680->14682 14681->14676 14683 46db0d 3 API calls 14681->14683 14682->14679 14685 46b1fe GetPEB 14682->14685 14688 461ac3 14683->14688 14684 46db0d GetPEB GetPEB GetPEB 14684->14691 14685->14679 14686 46a969 GetPEB GetPEB GetPEB 14686->14691 14689 465f5a 3 API calls 14688->14689 14690 461b9f 14688->14690 14689->14688 14691->14672 14691->14675 14691->14676 14691->14684 14691->14686 14692 46758d 14691->14692 14695 46a900 GetPEB 14691->14695 14693 46db0d 3 API calls 14692->14693 14694 4675bf 14693->14694 14695->14691 15183 424be0 15184 424c1a __vbaNew2 15183->15184 15185 424c2f __vbaObjSet 15183->15185 15184->15185 15187 424cb2 15185->15187 15188 424cca __vbaFreeObj 15187->15188 15189 424cb8 __vbaHresultCheckObj 15187->15189 15190 424cf3 __vbaObjSet 15188->15190 15191 424cde __vbaNew2 15188->15191 15189->15188 15193 424d16 15190->15193 15191->15190 15194 424d2e __vbaFreeObj 15193->15194 15195 424d1c __vbaHresultCheckObj 15193->15195 15196 424d4b 15194->15196 15195->15194 14358 46156f 14360 461573 14358->14360 14359 46db0d 3 API calls 14363 461651 14359->14363 14360->14359 14360->14363 14361 46a969 3 API calls 14362 461906 14361->14362 14364 461928 14362->14364 14382 460ae5 14362->14382 14363->14361 14363->14382 14366 46a969 3 API calls 14364->14366 14365 46a9b8 14367 46b1fe GetPEB 14365->14367 14371 46aae8 14365->14371 14373 46193d 14366->14373 14370 46aa31 14367->14370 14368 46c5d9 3 API calls 14368->14382 14369 460a80 14370->14371 14372 46b1fe GetPEB 14370->14372 14374 46aa73 14372->14374 14373->14369 14375 46db0d 3 API calls 14373->14375 14374->14371 14376 46b1fe GetPEB 14374->14376 14378 461ac3 14375->14378 14376->14371 14379 465f5a 3 API calls 14378->14379 14381 461b9f 14378->14381 14379->14378 14380 46a969 GetPEB GetPEB GetPEB 14380->14382 14382->14365 14382->14368 14382->14369 14382->14380 14383 46db0d GetPEB GetPEB GetPEB 14382->14383 14384 46758d 14382->14384 14387 46a900 GetPEB 14382->14387 14383->14382 14385 46db0d 3 API calls 14384->14385 14386 4675bf 14385->14386 14387->14382 14929 4612e8 14930 4612f0 14929->14930 14931 46db0d 3 API calls 14930->14931 14932 4613fb 14931->14932 14934 46a969 3 API calls 14932->14934 14956 461651 14932->14956 14933 46a969 3 API calls 14935 461906 14933->14935 14948 461480 14934->14948 14936 461928 14935->14936 14958 460ae5 14935->14958 14938 46a969 3 API calls 14936->14938 14937 46a9b8 14939 46b1fe GetPEB 14937->14939 14943 46aae8 14937->14943 14945 46193d 14938->14945 14941 46aa31 14939->14941 14940 46c5d9 3 API calls 14940->14958 14941->14943 14944 46b1fe GetPEB 14941->14944 14942 460a80 14946 46aa73 14944->14946 14945->14942 14947 46db0d 3 API calls 14945->14947 14946->14943 14949 46b1fe GetPEB 14946->14949 14953 461ac3 14947->14953 14948->14942 14950 46db0d 3 API calls 14948->14950 14949->14943 14950->14956 14952 465f5a 3 API calls 14952->14953 14953->14952 14955 461b9f 14953->14955 14954 46a969 GetPEB GetPEB GetPEB 14954->14958 14956->14933 14956->14958 14957 46db0d GetPEB GetPEB GetPEB 14957->14958 14958->14937 14958->14940 14958->14942 14958->14954 14958->14957 14959 46758d 14958->14959 14962 46a900 GetPEB 14958->14962 14960 46db0d 3 API calls 14959->14960 14961 4675bf 14960->14961 14962->14958 14696 461276 14698 46127c 14696->14698 14697 4612a0 14700 4612e1 14697->14700 14736 467ab1 GetPEB 14697->14736 14698->14697 14699 4612b4 14698->14699 14698->14700 14702 4612c1 14699->14702 14737 467ab1 GetPEB 14699->14737 14703 46db0d 3 API calls 14700->14703 14705 46a969 3 API calls 14702->14705 14706 4613fb 14703->14706 14705->14700 14708 46a969 3 API calls 14706->14708 14730 461651 14706->14730 14707 46a969 3 API calls 14709 461906 14707->14709 14722 461480 14708->14722 14710 461928 14709->14710 14731 460ae5 14709->14731 14712 46a969 3 API calls 14710->14712 14711 46a9b8 14714 46b1fe GetPEB 14711->14714 14717 46aae8 14711->14717 14719 46193d 14712->14719 14713 460a80 14716 46aa31 14714->14716 14715 46c5d9 3 API calls 14715->14731 14716->14717 14718 46b1fe GetPEB 14716->14718 14720 46aa73 14718->14720 14719->14713 14721 46db0d 3 API calls 14719->14721 14720->14717 14723 46b1fe GetPEB 14720->14723 14726 461ac3 14721->14726 14722->14713 14724 46db0d 3 API calls 14722->14724 14723->14717 14724->14730 14727 465f5a 3 API calls 14726->14727 14728 461b9f 14726->14728 14727->14726 14729 46a969 GetPEB GetPEB GetPEB 14729->14731 14730->14707 14730->14731 14731->14711 14731->14713 14731->14715 14731->14729 14732 46db0d GetPEB GetPEB GetPEB 14731->14732 14733 46758d 14731->14733 14738 46a900 GetPEB 14731->14738 14732->14731 14734 46db0d 3 API calls 14733->14734 14735 4675bf 14734->14735 14736->14702 14737->14702 14738->14731 14388 424d70 __vbaStrCopy #546 __vbaVarMove 14389 424de5 __vbaFreeVar __vbaFreeStr 14388->14389 14390 461175 14391 4611c7 14390->14391 14427 467ab1 GetPEB 14391->14427 14393 4612c1 14394 46a969 3 API calls 14393->14394 14395 4612e1 14394->14395 14396 46db0d 3 API calls 14395->14396 14397 4613fb 14396->14397 14399 46a969 3 API calls 14397->14399 14422 461651 14397->14422 14398 46a969 3 API calls 14400 461906 14398->14400 14413 461480 14399->14413 14401 461928 14400->14401 14423 460ae5 14400->14423 14403 46a969 3 API calls 14401->14403 14402 46a9b8 14404 46b1fe GetPEB 14402->14404 14408 46aae8 14402->14408 14410 46193d 14403->14410 14406 46aa31 14404->14406 14405 46c5d9 3 API calls 14405->14423 14406->14408 14409 46b1fe GetPEB 14406->14409 14407 460a80 14411 46aa73 14409->14411 14410->14407 14412 46db0d 3 API calls 14410->14412 14411->14408 14414 46b1fe GetPEB 14411->14414 14417 461ac3 14412->14417 14413->14407 14415 46db0d 3 API calls 14413->14415 14414->14408 14415->14422 14418 465f5a 3 API calls 14417->14418 14420 461b9f 14417->14420 14418->14417 14419 46a969 GetPEB GetPEB GetPEB 14419->14423 14421 46db0d GetPEB GetPEB GetPEB 14421->14423 14422->14398 14422->14423 14423->14402 14423->14405 14423->14407 14423->14419 14423->14421 14424 46758d 14423->14424 14428 46a900 GetPEB 14423->14428 14425 46db0d 3 API calls 14424->14425 14426 4675bf 14425->14426 14427->14393 14428->14423 15271 465ff1 15273 460ae5 15271->15273 15272 46c5d9 3 API calls 15272->15273 15273->15272 15274 460a80 15273->15274 15276 46a9b8 15273->15276 15283 46db0d GetPEB GetPEB GetPEB 15273->15283 15284 46a969 GetPEB GetPEB GetPEB 15273->15284 15285 46758d 15273->15285 15288 46a900 GetPEB 15273->15288 15277 46b1fe GetPEB 15276->15277 15279 46aae8 15276->15279 15278 46aa31 15277->15278 15278->15279 15280 46b1fe GetPEB 15278->15280 15281 46aa73 15280->15281 15281->15279 15282 46b1fe GetPEB 15281->15282 15282->15279 15283->15273 15284->15273 15286 46db0d 3 API calls 15285->15286 15287 4675bf 15286->15287 15288->15273 14963 4636fa 14964 463737 14963->14964 14966 4638d8 14964->14966 14979 460ae5 14964->14979 14965 46c5d9 3 API calls 14965->14979 14967 463971 3 API calls 14966->14967 14968 46396a 14967->14968 14969 460a80 14971 46a9b8 14972 46b1fe GetPEB 14971->14972 14974 46aae8 14971->14974 14973 46aa31 14972->14973 14973->14974 14975 46b1fe GetPEB 14973->14975 14976 46aa73 14975->14976 14976->14974 14977 46b1fe GetPEB 14976->14977 14977->14974 14978 46db0d GetPEB GetPEB GetPEB 14978->14979 14979->14965 14979->14969 14979->14971 14979->14978 14980 46a969 GetPEB GetPEB GetPEB 14979->14980 14981 46758d 14979->14981 14984 46a900 GetPEB 14979->14984 14980->14979 14982 46db0d 3 API calls 14981->14982 14983 4675bf 14982->14983 14984->14979 14059 4618fb 14060 4618fe 14059->14060 14061 46a969 3 API calls 14060->14061 14062 461906 14061->14062 14063 461928 14062->14063 14082 460ae5 14062->14082 14065 46a969 3 API calls 14063->14065 14064 46a9b8 14066 46b1fe GetPEB 14064->14066 14069 46aae8 14064->14069 14071 46193d 14065->14071 14068 46aa31 14066->14068 14067 46c5d9 3 API calls 14067->14082 14068->14069 14070 46b1fe GetPEB 14068->14070 14072 46aa73 14070->14072 14073 46db0d 3 API calls 14071->14073 14075 460a80 14071->14075 14072->14069 14074 46b1fe GetPEB 14072->14074 14077 461ac3 14073->14077 14074->14069 14080 461b9f 14077->14080 14086 465f5a 14077->14086 14079 46db0d GetPEB GetPEB GetPEB 14079->14082 14081 46a969 GetPEB GetPEB GetPEB 14081->14082 14082->14064 14082->14067 14082->14075 14082->14079 14082->14081 14083 46758d 14082->14083 14103 46a900 GetPEB 14082->14103 14084 46db0d 3 API calls 14083->14084 14085 4675bf 14084->14085 14098 460ae5 14086->14098 14087 46c5d9 3 API calls 14087->14098 14088 460a80 14088->14077 14090 46a9b8 14091 46b1fe GetPEB 14090->14091 14093 46aae8 14090->14093 14092 46aa31 14091->14092 14092->14093 14094 46b1fe GetPEB 14092->14094 14093->14077 14095 46aa73 14094->14095 14095->14093 14096 46b1fe GetPEB 14095->14096 14096->14093 14097 46db0d GetPEB GetPEB GetPEB 14097->14098 14098->14077 14098->14086 14098->14087 14098->14088 14098->14090 14098->14097 14099 46a969 GetPEB GetPEB GetPEB 14098->14099 14100 46758d 14098->14100 14104 46a900 GetPEB 14098->14104 14099->14098 14101 46db0d 3 API calls 14100->14101 14102 4675bf 14101->14102 14102->14077 14103->14082 14104->14098 14105 42d880 14106 42d8b7 __vbaStrCopy __vbaStrCopy 14105->14106 14107 42d8e8 __vbaNew2 14106->14107 14108 42d8fd __vbaObjSet 14106->14108 14107->14108 14110 42d91e 14108->14110 14111 42d936 __vbaFreeObj 14110->14111 14112 42d924 __vbaHresultCheckObj 14110->14112 14113 42d948 __vbaNew2 14111->14113 14114 42d95d __vbaObjSet 14111->14114 14112->14111 14113->14114 14116 42d97c 14114->14116 14117 42d982 __vbaHresultCheckObj 14116->14117 14118 42d994 __vbaLateIdCallLd __vbaI4Var __vbaFreeObjList __vbaFreeVar 14116->14118 14117->14118 14119 42d9f1 __vbaFreeStr __vbaFreeStr 14118->14119 14120 425c80 #706 __vbaStrMove __vbaFreeStr 14429 425d00 14430 425d3a __vbaOnError 14429->14430 14431 425d53 __vbaNew2 14430->14431 14432 425d68 __vbaObjSet 14430->14432 14431->14432 14434 425d8b 14432->14434 14435 425da3 __vbaFreeObj 14434->14435 14436 425d91 __vbaHresultCheckObj 14434->14436 14437 425dc3 14435->14437 14436->14435 14121 46388f 14122 463894 14121->14122 14123 4638d8 14122->14123 14129 460ae5 14122->14129 14142 463971 14123->14142 14125 46c5d9 3 API calls 14125->14129 14126 46396a 14127 460a80 14129->14125 14129->14127 14130 46a969 GetPEB GetPEB GetPEB 14129->14130 14131 46db0d GetPEB GetPEB GetPEB 14129->14131 14132 46a9b8 14129->14132 14139 46758d 14129->14139 14167 46a900 GetPEB 14129->14167 14130->14129 14131->14129 14133 46b1fe GetPEB 14132->14133 14135 46aae8 14132->14135 14134 46aa31 14133->14134 14134->14135 14136 46b1fe GetPEB 14134->14136 14137 46aa73 14136->14137 14137->14135 14138 46b1fe GetPEB 14137->14138 14138->14135 14140 46db0d 3 API calls 14139->14140 14141 4675bf 14140->14141 14143 4639bd 14142->14143 14144 46db0d 3 API calls 14143->14144 14146 463b24 14144->14146 14145 46a9b8 14147 46b1fe GetPEB 14145->14147 14151 46aae8 14145->14151 14150 46db0d 3 API calls 14146->14150 14163 460ae5 14146->14163 14149 46aa31 14147->14149 14148 46c5d9 3 API calls 14148->14163 14149->14151 14152 46b1fe GetPEB 14149->14152 14155 463d54 14150->14155 14151->14126 14154 46aa73 14152->14154 14153 463efd 14153->14126 14154->14151 14157 46b1fe GetPEB 14154->14157 14155->14153 14156 463e83 14155->14156 14155->14163 14158 46db0d 3 API calls 14156->14158 14157->14151 14158->14153 14159 460a80 14159->14126 14161 46a969 GetPEB GetPEB GetPEB 14161->14163 14162 46db0d GetPEB GetPEB GetPEB 14162->14163 14163->14126 14163->14145 14163->14148 14163->14159 14163->14161 14163->14162 14164 46758d 14163->14164 14168 46a900 GetPEB 14163->14168 14165 46db0d 3 API calls 14164->14165 14166 4675bf 14165->14166 14166->14126 14167->14129 14168->14163 14985 46928b 14987 4692b7 14985->14987 14998 460a80 14985->14998 14986 46a9b8 14989 46b1fe GetPEB 14986->14989 14994 46aae8 14986->14994 14988 46a969 3 API calls 14987->14988 15000 460ae5 14987->15000 14991 46931e 14988->14991 14992 46aa31 14989->14992 14990 46c5d9 3 API calls 14990->15000 14993 46a969 3 API calls 14991->14993 14992->14994 14995 46b1fe GetPEB 14992->14995 14993->15000 14996 46aa73 14995->14996 14996->14994 14997 46b1fe GetPEB 14996->14997 14997->14994 15000->14986 15000->14990 15000->14998 15001 46db0d GetPEB GetPEB GetPEB 15000->15001 15002 46a969 GetPEB GetPEB GetPEB 15000->15002 15003 46758d 15000->15003 15006 46a900 GetPEB 15000->15006 15001->15000 15002->15000 15004 46db0d 3 API calls 15003->15004 15005 4675bf 15004->15005 15006->15000 13810 42d590 13811 42d5c7 __vbaCyStr __vbaFpCmpCy 13810->13811 13812 42d5f4 13811->13812 13813 42d6fe __vbaFreeStr __vbaFreeStr 13811->13813 13814 42d60c 13812->13814 13815 42d5fc __vbaNew2 13812->13815 13817 42d622 __vbaHresultCheckObj 13814->13817 13818 42d635 13814->13818 13815->13814 13817->13818 13819 42d653 __vbaHresultCheckObj 13818->13819 13820 42d661 __vbaStrMove __vbaFreeObj 13818->13820 13819->13820 13821 42d694 13820->13821 13822 42d684 __vbaNew2 13820->13822 13823 42d6b5 13821->13823 13824 42d6aa __vbaHresultCheckObj 13821->13824 13822->13821 13825 42d6db __vbaStrMove __vbaFreeObj #531 13823->13825 13826 42d6cd __vbaHresultCheckObj 13823->13826 13824->13823 13825->13813 13826->13825 14169 425490 14170 4254ca __vbaStrCopy #515 __vbaVarTstNe __vbaFreeVar 14169->14170 14171 425633 __vbaFreeObj __vbaFreeStr 14170->14171 14172 42554d 14170->14172 14173 425565 __vbaNew2 14172->14173 14174 42557a __vbaObjSet 14172->14174 14173->14174 14177 4255a0 14174->14177 14178 4255a6 __vbaHresultCheckObj 14177->14178 14179 4255b8 __vbaLateMemCall __vbaFreeObj 14177->14179 14178->14179 14179->14171 14438 42dd10 14439 42df0a __vbaFreeVar __vbaFreeStr 14438->14439 14440 42dd68 14438->14440 14441 42dd71 __vbaNew2 14440->14441 14442 42dd86 __vbaObjSet 14440->14442 14441->14442 14445 42dda9 14442->14445 14446 42ddc5 14445->14446 14447 42ddaf __vbaHresultCheckObj 14445->14447 14448 42ddcb __vbaStrToAnsi 14446->14448 14447->14448 14458 40958c 14448->14458 14459 409595 14458->14459 14459->14459 14589 425190 14590 4251c7 #669 __vbaStrMove __vbaStrCmp __vbaFreeStr 14589->14590 14591 425206 14590->14591 14592 4251fe #568 14590->14592 14592->14591 14593 465594 14594 46559c 14593->14594 14595 4655a6 3 API calls 14594->14595 14607 460ae5 14594->14607 14595->14607 14596 46a9b8 14597 46b1fe GetPEB 14596->14597 14600 46aae8 14596->14600 14599 46aa31 14597->14599 14598 46c5d9 3 API calls 14598->14607 14599->14600 14601 46b1fe GetPEB 14599->14601 14602 46aa73 14601->14602 14602->14600 14603 46b1fe GetPEB 14602->14603 14603->14600 14604 460a80 14606 46db0d GetPEB GetPEB GetPEB 14606->14607 14607->14596 14607->14598 14607->14604 14607->14606 14608 46a969 GetPEB GetPEB GetPEB 14607->14608 14609 46758d 14607->14609 14612 46a900 GetPEB 14607->14612 14608->14607 14610 46db0d 3 API calls 14609->14610 14611 4675bf 14610->14611 14612->14607 14613 46e592 14614 460a80 14613->14614 14625 460ae5 14613->14625 14615 46c5d9 3 API calls 14615->14625 14617 46db0d GetPEB GetPEB GetPEB 14617->14625 14618 46a9b8 14619 46b1fe GetPEB 14618->14619 14621 46aae8 14618->14621 14620 46aa31 14619->14620 14620->14621 14622 46b1fe GetPEB 14620->14622 14623 46aa73 14622->14623 14623->14621 14624 46b1fe GetPEB 14623->14624 14624->14621 14625->14614 14625->14615 14625->14617 14625->14618 14626 46a969 GetPEB GetPEB GetPEB 14625->14626 14627 46758d 14625->14627 14630 46a900 GetPEB 14625->14630 14626->14625 14628 46db0d 3 API calls 14627->14628 14629 4675bf 14628->14629 14630->14625 14795 424e20 14796 424e57 __vbaStrCopy 14795->14796 14797 424e72 __vbaNew2 14796->14797 14798 424e87 __vbaObjSet 14796->14798 14797->14798 14800 424ec6 14798->14800 14801 424ede __vbaFreeObj 14800->14801 14802 424ecc __vbaHresultCheckObj 14800->14802 14803 424ef8 __vbaFreeStr 14801->14803 14802->14801 15025 4256a0 15026 4256d7 __vbaStrCopy __vbaStrCopy 15025->15026 15027 425717 15026->15027 15028 425707 __vbaNew2 15026->15028 15029 425740 15027->15029 15030 42572d __vbaHresultCheckObj 15027->15030 15028->15027 15031 42575e __vbaHresultCheckObj 15029->15031 15032 42576c __vbaI2I4 __vbaFreeObj 15029->15032 15030->15029 15031->15032 15033 425787 __vbaNew2 15032->15033 15034 42579c __vbaObjSet 15032->15034 15033->15034 15036 4257bf 15034->15036 15037 4257d3 __vbaFreeObj 15036->15037 15038 4257c5 __vbaHresultCheckObj 15036->15038 15039 4257f3 __vbaFreeStr __vbaFreeStr 15037->15039 15038->15037 13827 431ea0 13828 431ed7 7 API calls 13827->13828 13847 409490 13828->13847 13830 431f62 8 API calls 13831 43200b __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaFreeStr 13830->13831 13832 431fcb #537 __vbaStrMove __vbaInStr 13830->13832 13835 432073 13831->13835 13833 431ff0 #616 __vbaStrMove __vbaFreeStr 13832->13833 13834 43209b __vbaErrorOverflow 13832->13834 13833->13831 13836 4320b0 13834->13836 13837 432117 13836->13837 13838 432107 __vbaNew2 13836->13838 13839 43212d __vbaHresultCheckObj 13837->13839 13840 432140 13837->13840 13838->13837 13839->13840 13841 43215e __vbaHresultCheckObj 13840->13841 13842 43216c __vbaStrMove __vbaFreeObj #598 __vbaStrCopy 13840->13842 13841->13842 13843 4321ad 13842->13843 13844 4321b1 __vbaHresultCheckObj 13843->13844 13845 4321bf __vbaFreeStrList 13843->13845 13844->13845 13846 4321fd __vbaFreeStr 13845->13846 13848 409499 13847->13848 14804 465623 14806 4655a1 14804->14806 14805 46a9b8 14808 46b1fe GetPEB 14805->14808 14811 46aae8 14805->14811 14807 4655a6 3 API calls 14806->14807 14815 460a80 14806->14815 14819 460ae5 14806->14819 14807->14819 14810 46aa31 14808->14810 14809 46c5d9 3 API calls 14809->14819 14810->14811 14812 46b1fe GetPEB 14810->14812 14813 46aa73 14812->14813 14813->14811 14814 46b1fe GetPEB 14813->14814 14814->14811 14817 46a969 GetPEB GetPEB GetPEB 14817->14819 14818 46db0d GetPEB GetPEB GetPEB 14818->14819 14819->14805 14819->14809 14819->14815 14819->14817 14819->14818 14820 46758d 14819->14820 14823 46a900 GetPEB 14819->14823 14821 46db0d 3 API calls 14820->14821 14822 4675bf 14821->14822 14823->14819 13808 4019b0 #100 13809 4019ef 13808->13809 14025 425830 __vbaStrCopy __vbaStrCopy __vbaStrCopy __vbaCyStr __vbaFpCmpCy 14026 4258a7 __vbaFreeStr __vbaFreeStr __vbaFreeStr 14025->14026 14027 42589f #569 14025->14027 14027->14026 14496 424930 14497 424967 __vbaStrCopy 14496->14497 14498 424988 __vbaNew2 14497->14498 14499 42499d __vbaObjSet 14497->14499 14498->14499 14501 4249c3 __vbaNew2 14499->14501 14502 4249d8 __vbaObjSet 14499->14502 14501->14502 14504 4249f7 14502->14504 14505 424a0f 14504->14505 14506 4249fd __vbaHresultCheckObj 14504->14506 14507 424a4f __vbaFreeStr __vbaFreeObjList 14505->14507 14508 424a3d __vbaHresultCheckObj 14505->14508 14506->14505 14509 424a8f __vbaFreeStr 14507->14509 14508->14507 14842 42da30 14843 42da6a __vbaStrCopy __vbaLenBstrB 14842->14843 14844 42dbd1 __vbaFreeStr 14843->14844 14845 42daa5 #680 __vbaFreeVarList 14843->14845 14846 42db17 14845->14846 14847 42db07 __vbaNew2 14845->14847 14849 42db2d __vbaHresultCheckObj 14846->14849 14850 42db3c 14846->14850 14847->14846 14849->14850 14851 42db57 __vbaHresultCheckObj 14850->14851 14852 42db69 __vbaFreeObj __vbaVarDup #595 __vbaFreeVarList 14850->14852 14851->14852 14852->14844 15151 424f30 15152 424f67 15151->15152 15153 424f76 __vbaNew2 15152->15153 15154 424f8b __vbaObjSet 15152->15154 15153->15154 15156 424fcf 15154->15156 15157 424fe7 __vbaFreeObj 15156->15157 15158 424fd5 __vbaHresultCheckObj 15156->15158 15159 425008 15157->15159 15158->15157 14216 40bcb9 14217 42d010 #527 __vbaStrMove __vbaStrCmp __vbaFreeStr 14216->14217 14218 42d368 __vbaFreeStr 14217->14218 14219 42d09d 14217->14219 14220 42d0b5 __vbaHresultCheckObj 14219->14220 14221 42d0a5 __vbaNew2 14219->14221 14224 42d0e4 14220->14224 14221->14220 14225 42d10a __vbaFreeObj 14224->14225 14226 42d0fc __vbaHresultCheckObj 14224->14226 14227 42d12b 14225->14227 14228 42d11b __vbaNew2 14225->14228 14226->14225 14229 42d141 __vbaHresultCheckObj 14227->14229 14230 42d14c 14227->14230 14228->14227 14229->14230 14231 42d172 __vbaStrMove __vbaFreeObj 14230->14231 14232 42d164 __vbaHresultCheckObj 14230->14232 14233 42d193 __vbaNew2 14231->14233 14234 42d1a8 __vbaObjSet 14231->14234 14232->14231 14233->14234 14236 42d1cd 14234->14236 14237 42d1d3 __vbaHresultCheckObj 14236->14237 14238 42d1e1 __vbaLateIdCallLd 14236->14238 14237->14238 14239 42d201 __vbaNew2 14238->14239 14240 42d216 __vbaObjSet 14238->14240 14239->14240 14242 42d235 14240->14242 14243 42d23b __vbaHresultCheckObj 14242->14243 14244 42d24d __vbaLateIdCallLd 14242->14244 14243->14244 14245 42d267 __vbaNew2 14244->14245 14246 42d27c __vbaObjSet 14244->14246 14245->14246 14248 42d29b 14246->14248 14249 42d2b3 __vbaFpI4 __vbaI4Var __vbaI4Var 14248->14249 14250 42d2a1 __vbaHresultCheckObj 14248->14250 14251 42d321 14249->14251 14250->14249 14252 42d327 __vbaHresultCheckObj 14251->14252 14253 42d339 __vbaFreeObjList __vbaFreeVarList 14251->14253 14252->14253 14253->14218

      Executed Functions

      Function 00431EA0, Relevance: 68.5, APIs: 37, Strings: 2, Instructions: 263COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      • #607.MSVBVM60(?,000000FF,?), ref: 00431F02
      • __vbaStrVarMove.MSVBVM60(?), ref: 00431F0C
      • __vbaStrMove.MSVBVM60 ref: 00431F1D
      • __vbaFreeVarList.MSVBVM60(00000002,00000002,?), ref: 00431F29
      • __vbaLenBstr.MSVBVM60(?), ref: 00431F36
      • __vbaStrToAnsi.MSVBVM60(?,?,00000000), ref: 00431F45
      • __vbaStrToAnsi.MSVBVM60(?,?,00000000), ref: 00431F56
      • __vbaSetSystemError.MSVBVM60(00000000,?,00000000), ref: 00431F62
      • __vbaStrToUnicode.MSVBVM60(?,?,?,00000000), ref: 00431F6D
      • __vbaStrToUnicode.MSVBVM60(?,?,?,00000000), ref: 00431F7B
      • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,00000000), ref: 00431F8B
      • #537.MSVBVM60(00000000,?,00000001), ref: 00431F9B
      • __vbaStrMove.MSVBVM60 ref: 00431FA6
      • __vbaInStr.MSVBVM60(00000000,00000000), ref: 00431FAA
      • __vbaFreeStr.MSVBVM60 ref: 00431FBF
      • #537.MSVBVM60(00000000,?,00000001), ref: 00431FD2
      • __vbaStrMove.MSVBVM60 ref: 00431FDD
      • __vbaInStr.MSVBVM60(00000000,00000000), ref: 00431FE1
      • #616.MSVBVM60(?,-00000001), ref: 00431FF5
      • __vbaStrMove.MSVBVM60 ref: 00432000
      • __vbaFreeStr.MSVBVM60 ref: 00432005
      • __vbaStrCat.MSVBVM60(00409DE8), ref: 00432019
      • __vbaStrMove.MSVBVM60 ref: 00432020
      • __vbaStrCat.MSVBVM60(?,00000000), ref: 00432027
      • __vbaStrMove.MSVBVM60 ref: 0043202E
      • __vbaFreeStr.MSVBVM60 ref: 00432033
      • __vbaErrorOverflow.MSVBVM60 ref: 0043209B
      • __vbaNew2.MSVBVM60(004099E4,004333CC), ref: 00432111
      • __vbaHresultCheckObj.MSVBVM60(00000000,025C1794,004099D4,00000014), ref: 0043213C
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00409AAC,00000110), ref: 0043216A
      • __vbaStrMove.MSVBVM60 ref: 00432179
      • __vbaFreeObj.MSVBVM60 ref: 00432182
      • #598.MSVBVM60 ref: 00432188
      • __vbaStrCopy.MSVBVM60 ref: 00432196
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2608911270.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.2608900270.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609011231.0000000000433000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609026459.0000000000435000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd
      Similarity
      • API ID: __vba$Move$Free$#537AnsiCheckErrorHresultListUnicode$#598#607#616BstrCopyNew2OverflowSystem
      • String ID: USERNAME$t C
      • API String ID: 840069314-3777059254
      • Opcode ID: a3b342e919a1a8fd3be96d1848f7520cde65d15482966a36ab44b11bbf525f84
      • Instruction ID: 0fd07a5d85aa539f9dcc35f6e74ce1594001623a02bd67e862191e9ac8a6b72a
      • Opcode Fuzzy Hash: a3b342e919a1a8fd3be96d1848f7520cde65d15482966a36ab44b11bbf525f84
      • Instruction Fuzzy Hash: 2091FF75900209AFDB04DFA5DD89DEFBBB8FF48700F10812AF606A72A1DB785945CB64
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0042D590, Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 127COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      • __vbaCyStr.MSVBVM60(00409AC0,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 0042D5D8
      • __vbaFpCmpCy.MSVBVM60(00000000), ref: 0042D5E6
      • __vbaNew2.MSVBVM60(004099E4,004333CC), ref: 0042D606
      • __vbaHresultCheckObj.MSVBVM60(00000000,025C1794,004099D4,00000014), ref: 0042D631
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00409AAC,00000130), ref: 0042D65F
      • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 0042D670
      • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 0042D675
      • __vbaNew2.MSVBVM60(004099E4,004333CC), ref: 0042D68E
      • __vbaHresultCheckObj.MSVBVM60(00000000,025C1794,004099D4,00000014), ref: 0042D6B3
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00409AAC,000000D0), ref: 0042D6D9
      • __vbaStrMove.MSVBVM60 ref: 0042D6E8
      • __vbaFreeObj.MSVBVM60 ref: 0042D6ED
      • #531.MSVBVM60(kantatens), ref: 0042D6F8
      • __vbaFreeStr.MSVBVM60(0042D72A), ref: 0042D722
      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 0042D727
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2608911270.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.2608900270.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609011231.0000000000433000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609026459.0000000000435000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd
      Similarity
      • API ID: __vba$CheckFreeHresult$MoveNew2$#531
      • String ID: kantatens
      • API String ID: 1829431787-1394988495
      • Opcode ID: 414f5a4bf40c4a587bffe813d154f81d700dcda894200565b30c0b3f8284b3cd
      • Instruction ID: 268b9603d49f8c2ef21a02505bbce2dda6b3253113ac13d7225f482d9f4950ea
      • Opcode Fuzzy Hash: 414f5a4bf40c4a587bffe813d154f81d700dcda894200565b30c0b3f8284b3cd
      • Instruction Fuzzy Hash: 1A414570A00219AFCB04DF95DD89EDEBBB8FF48704F10406AE505B72A1D7789905CFA8
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0040BD48, Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 103COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      • __vbaNew2.MSVBVM60(004099E4,004333CC), ref: 00432111
      • __vbaHresultCheckObj.MSVBVM60(00000000,025C1794,004099D4,00000014), ref: 0043213C
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00409AAC,00000110), ref: 0043216A
      • __vbaStrMove.MSVBVM60 ref: 00432179
      • __vbaFreeObj.MSVBVM60 ref: 00432182
      • #598.MSVBVM60 ref: 00432188
      • __vbaStrCopy.MSVBVM60 ref: 00432196
      • __vbaHresultCheckObj.MSVBVM60(00000000,00401730,00409170,0000074C), ref: 004321BD
      • __vbaFreeStrList.MSVBVM60(00000002,00000000,?), ref: 004321C9
      • __vbaFreeStr.MSVBVM60(00432207), ref: 00432200
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2608911270.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.2608900270.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609011231.0000000000433000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609026459.0000000000435000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd
      Similarity
      • API ID: __vba$CheckFreeHresult$#598CopyListMoveNew2
      • String ID: USERNAME$t C
      • API String ID: 3664798572-3777059254
      • Opcode ID: 858f92683e44d0dc6cc16bfa29d9c46ee83fc77c8eccd6d67cfc9bcc3fa9043b
      • Instruction ID: 18268ceef7ea8d5db972a31579656051c38a42b16de85e26249653c6171c7fb3
      • Opcode Fuzzy Hash: 858f92683e44d0dc6cc16bfa29d9c46ee83fc77c8eccd6d67cfc9bcc3fa9043b
      • Instruction Fuzzy Hash: A8312171900205ABCB04DF95CE89EEEBBB8FF4C704F10802AF615B72A1D7789945CB69
      Uniqueness

      Uniqueness Score: -1.00%

      Function 004019B0, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 189COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 66 4019b0-4019ed #100 67 401a61-401a66 66->67 68 4019ef-401a5c 66->68 70 401a68-401ac4 67->70 71 401acf-401b57 67->71 72 401ac6-401ace 68->72 73 401a5e 68->73 70->72 72->71 73->67
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2608911270.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.2608900270.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609011231.0000000000433000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609026459.0000000000435000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd
      Similarity
      • API ID: #100
      • String ID: VB5!6&*
      • API String ID: 1341478452-3593831657
      • Opcode ID: 2fb44b72d09ffa27c32171e0fc52d0d431592fcaf87a363624572772ce90319e
      • Instruction ID: ad801f70b52ee9f0e04a4ebe2be78aa6aa79ec8a422af9bdad6e4a896755102e
      • Opcode Fuzzy Hash: 2fb44b72d09ffa27c32171e0fc52d0d431592fcaf87a363624572772ce90319e
      • Instruction Fuzzy Hash: 945194A258E3C25FD7038BB488651827FB0AE1326430B85EBC4C0DF4B3E2694D5AD776
      Uniqueness

      Uniqueness Score: -1.00%

      Non-executed Functions

      Function 0046C5D9, Relevance: 3.9, Strings: 2, Instructions: 1378COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: (B$Ne
      • API String ID: 0-228057021
      • Opcode ID: e0de672362a19d7f5503ab6e0b78947c165cccb85d86460c24bb57534dbac1d1
      • Instruction ID: ce8b36d670f37fda5cc341fa9d35b8e8f27b2ac6e26d013b02f2d4af0b650e86
      • Opcode Fuzzy Hash: e0de672362a19d7f5503ab6e0b78947c165cccb85d86460c24bb57534dbac1d1
      • Instruction Fuzzy Hash: A5B2867160434ADFDF309E38C9957EA77A2BF55390F95412EDC8A9B250E3388986CB07
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0046E280, Relevance: 3.7, Strings: 2, Instructions: 1237COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: (B$Ne
      • API String ID: 0-228057021
      • Opcode ID: a49317c65aeeb0a8b4524d47a20a91b947bfda74c3934b54b325a56edebda9f8
      • Instruction ID: 0b37479df48e684bcbc6c4024eb785552deabb516b131a6030a95efacc12fdc9
      • Opcode Fuzzy Hash: a49317c65aeeb0a8b4524d47a20a91b947bfda74c3934b54b325a56edebda9f8
      • Instruction Fuzzy Hash: EDA2957160434ADFDF309E34CD957EA7BA2BF55350F95412EDC8A9B244E3388A86CB06
      Uniqueness

      Uniqueness Score: -1.00%

      Function 004636FA, Relevance: 3.6, Strings: 2, Instructions: 1090COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: (B$Ne
      • API String ID: 0-228057021
      • Opcode ID: b27c0c7694497a618a10e3ff329e4852fef52dcf52642ceb0068104807df2f64
      • Instruction ID: 4eb1dff77158cd40b24ebf764a6fe1783e6fafa2c0920ceeadd45ad753d09073
      • Opcode Fuzzy Hash: b27c0c7694497a618a10e3ff329e4852fef52dcf52642ceb0068104807df2f64
      • Instruction Fuzzy Hash: D192847160434A9FDF349E38CD913EA7BA2FF55350F95422EDC8A9B250E33489868B47
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0046A455, Relevance: 3.6, Strings: 2, Instructions: 1067COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: (B$Ne
      • API String ID: 0-228057021
      • Opcode ID: 891528f9cf02c6dfa83151a5cca361f6fe25bda99f8cafcc4f4fb99bdbb487da
      • Instruction ID: 688a13fe8ff96dd873e22a763f59c669e1e472bcf43d3e3cf80e08c7d4310234
      • Opcode Fuzzy Hash: 891528f9cf02c6dfa83151a5cca361f6fe25bda99f8cafcc4f4fb99bdbb487da
      • Instruction Fuzzy Hash: 7682757160430A9FDF349E38CD957EA7BA2FF55350F95812EDC8A9B250E33489828B47
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0046A969, Relevance: 3.6, Strings: 2, Instructions: 1059COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: (B$Ne
      • API String ID: 0-228057021
      • Opcode ID: 80de261d89df52d2cecd2b30b8b450accee83e06c6042be196991cc7c79d6ad8
      • Instruction ID: 47e3f108872dbfb5b5a0b575708e027b2c97ba3994509ce59c7ce827e3d1b204
      • Opcode Fuzzy Hash: 80de261d89df52d2cecd2b30b8b450accee83e06c6042be196991cc7c79d6ad8
      • Instruction Fuzzy Hash: E382747160434A9FDF349E38CD957DA7BB2BF55350F91412EDC8A9B240E3388A86CB06
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00465FF1, Relevance: 3.5, Strings: 2, Instructions: 957COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: (B$Ne
      • API String ID: 0-228057021
      • Opcode ID: 5c8e6841d2d309028c618326282f3a09822d6804ea7186d867a8d56d0e4f22e2
      • Instruction ID: 0d46b3be3c8b7a5293a3e5e4d6deddaf0bccd7a4889a3012b0531e9ee98aa2ef
      • Opcode Fuzzy Hash: 5c8e6841d2d309028c618326282f3a09822d6804ea7186d867a8d56d0e4f22e2
      • Instruction Fuzzy Hash: 2272767160434A9FDF349E34CD913DA7BB2FF55350F95422EDC8A9B250E33489828B46
      Uniqueness

      Uniqueness Score: -1.00%

      Function 004661DC, Relevance: 3.4, Strings: 2, Instructions: 940COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: (B$Ne
      • API String ID: 0-228057021
      • Opcode ID: bb5ca35f6ba4dbf4a154445314d8c205dabb5a175c22b546c97856498d54d14f
      • Instruction ID: 739d4c431f6a6e83fee7a8b3bda32dbc7550e40d7bf1102a0b60d0c37b24cc6a
      • Opcode Fuzzy Hash: bb5ca35f6ba4dbf4a154445314d8c205dabb5a175c22b546c97856498d54d14f
      • Instruction Fuzzy Hash: AD7254716043499FDF349E34C9A17EA7BB2BF51350F96412EDC8A9B250E3388986CB47
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00466138, Relevance: 3.4, Strings: 2, Instructions: 913COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: (B$Ne
      • API String ID: 0-228057021
      • Opcode ID: 79e20fbd3aa2ee065ca9caaa2bf27fe42a22674dda74b0cc892414bb87823cbe
      • Instruction ID: 8b2dd8d421643f07ea2c9a2066bf11bdfb2865fe34cc60aa7fd69a877db60ed4
      • Opcode Fuzzy Hash: 79e20fbd3aa2ee065ca9caaa2bf27fe42a22674dda74b0cc892414bb87823cbe
      • Instruction Fuzzy Hash: 4472747160434A9FDF349E34C9917EA7BB2FF51350F95412EDC8A9B250E3388A82CB46
      Uniqueness

      Uniqueness Score: -1.00%

      Function 004662A3, Relevance: 3.3, Strings: 2, Instructions: 845COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: (B$Ne
      • API String ID: 0-228057021
      • Opcode ID: 4dacd18990d5430c86e630a95cde4b7202a16a657dbd51463fe8f50d9d860cdf
      • Instruction ID: 91793596597e2e4f0fd9c188b318a3a64a3e7fa5bd3e950ea6575b3a3d40e456
      • Opcode Fuzzy Hash: 4dacd18990d5430c86e630a95cde4b7202a16a657dbd51463fe8f50d9d860cdf
      • Instruction Fuzzy Hash: EC6262716043499FDF349E34C9913EA7BB2FF55350F96412EDC8A9B250E33889868B46
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0046634E, Relevance: 3.3, Strings: 2, Instructions: 838COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: (B$Ne
      • API String ID: 0-228057021
      • Opcode ID: 3c0149179d1a8ffd7ec1d11edb63213be24cc954d443b689c1f9e8c64043dae2
      • Instruction ID: 8f72d1b50553b92df1c51fa18910a91a38276fd0edc98b391d5460075dde009b
      • Opcode Fuzzy Hash: 3c0149179d1a8ffd7ec1d11edb63213be24cc954d443b689c1f9e8c64043dae2
      • Instruction Fuzzy Hash: D26262716043499FDF349E34C9957EA7BB2BF52350F95412EDC8A8B250E3388A82CB47
      Uniqueness

      Uniqueness Score: -1.00%

      Function 004663F7, Relevance: 3.3, Strings: 2, Instructions: 835COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: (B$Ne
      • API String ID: 0-228057021
      • Opcode ID: fdb46e067e6a54e79e8639f9c0055b2686836b3eecfd6e862a15d0bb947d1094
      • Instruction ID: f1128a94b9be2bc0229041c9aceb32bb07ef556e285bbd63eb8b86ef6317f947
      • Opcode Fuzzy Hash: fdb46e067e6a54e79e8639f9c0055b2686836b3eecfd6e862a15d0bb947d1094
      • Instruction Fuzzy Hash: 886264716043459FDF349E34C9957EA7BB2BF52350F96412EDC8A8B250E3388986CB4B
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00466554, Relevance: 3.2, Strings: 2, Instructions: 721COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: (B$Ne
      • API String ID: 0-228057021
      • Opcode ID: 170242063381e6734096f945e2ddc1980a40236ad168ece239723c5d465ec055
      • Instruction ID: 28e615e509c8ad0a081467570e49e2bbd6637bbca280ea8df396008e62629e70
      • Opcode Fuzzy Hash: 170242063381e6734096f945e2ddc1980a40236ad168ece239723c5d465ec055
      • Instruction Fuzzy Hash: 3F4264716043499FDF349E34C9917EA7BB2FF51350F96412EDC8A9B250E3388A86CB46
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0046662B, Relevance: 3.2, Strings: 2, Instructions: 665COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: (B$Ne
      • API String ID: 0-228057021
      • Opcode ID: 95bad5d43318c7b63a586a2313f3697118682afcc6a66a974753b0987558d05a
      • Instruction ID: 24814a2442202f6759dff6e9c487ac44f12d3cf14abc4b8587c5a9f1b693b7ff
      • Opcode Fuzzy Hash: 95bad5d43318c7b63a586a2313f3697118682afcc6a66a974753b0987558d05a
      • Instruction Fuzzy Hash: D342517160434A9FDF349E34CD957EA7BB2FF55350F95412EDC8A8B250E3388A828B46
      Uniqueness

      Uniqueness Score: -1.00%

      Function 004666C7, Relevance: 1.9, Strings: 1, Instructions: 655COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: Ne
      • API String ID: 0-3071501248
      • Opcode ID: 5e95c1e7d26bbf24c14f724fdd0eced9152ddce2b7ed517f7aba46873c36b064
      • Instruction ID: 82c272ed57c6def9fc747c2d7a6d10a8d56737467990e1e97ae6957db561d154
      • Opcode Fuzzy Hash: 5e95c1e7d26bbf24c14f724fdd0eced9152ddce2b7ed517f7aba46873c36b064
      • Instruction Fuzzy Hash: A73251716043499FDF349E34C9957EA7BB2BF55350F96412EDC8A8B250E3388A82CB47
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00466778, Relevance: 1.9, Strings: 1, Instructions: 647COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: Ne
      • API String ID: 0-3071501248
      • Opcode ID: 4d10d3b66c3f02e74d86907f3de3b7b6de0dd2d2c0719aecaf9255bcd9bdb3ec
      • Instruction ID: f844207131e3d6313040b9f9d9402ff37b749128c7c7a262564abd153af616a0
      • Opcode Fuzzy Hash: 4d10d3b66c3f02e74d86907f3de3b7b6de0dd2d2c0719aecaf9255bcd9bdb3ec
      • Instruction Fuzzy Hash: 1C3242716043499FDF349E34C9957EA3BB2BF55354F96412FDC8A8B250E3388A828B47
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00466692, Relevance: 1.9, Strings: 1, Instructions: 639COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: Ne
      • API String ID: 0-3071501248
      • Opcode ID: d35224fab3201168bd212ac51cb752ad52c31f8bb6967393161b2d7ccba74462
      • Instruction ID: a89896870170d7dfb009b91f24ea9915872dc4edcd1ba35bcebbdea233ae1c99
      • Opcode Fuzzy Hash: d35224fab3201168bd212ac51cb752ad52c31f8bb6967393161b2d7ccba74462
      • Instruction Fuzzy Hash: 6A323071604349DFDF349E34C9957EA7BB2BF55350F96412EDC8A8B250E3388A82CB46
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0046684F, Relevance: 1.8, Strings: 1, Instructions: 593COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: Ne
      • API String ID: 0-3071501248
      • Opcode ID: 55bbc755c4753b520ac9b6d4a68261c44c5602e9305d448aa9dbc9b451c300c5
      • Instruction ID: a202f222a12e91e6a80c8e9fcdabb8a3d844125acef2c529488ab951793ca912
      • Opcode Fuzzy Hash: 55bbc755c4753b520ac9b6d4a68261c44c5602e9305d448aa9dbc9b451c300c5
      • Instruction Fuzzy Hash: 9E2253716043499FDF349E34CD957EA3BB2EF55350F96412EDC8A9B250E3388A828B46
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0046681F, Relevance: 1.8, Strings: 1, Instructions: 581COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: Ne
      • API String ID: 0-3071501248
      • Opcode ID: f7f438a114a1e0b7b60880947977abcbfbac7a2bea161204e18488c353c312a1
      • Instruction ID: a5f1edc467390ca6fa60e620714418aa043c6677948a6fba53f0a79adb547a3b
      • Opcode Fuzzy Hash: f7f438a114a1e0b7b60880947977abcbfbac7a2bea161204e18488c353c312a1
      • Instruction Fuzzy Hash: 1C224371608349DFDF349E34CD957EA3BB2EF55350F96412EDC8A9B250E3348A828B46
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00461175, Relevance: 1.8, Strings: 1, Instructions: 566COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: rHGk
      • API String ID: 0-4221766241
      • Opcode ID: 8f5dcdd2a68b82b82170d256bf187d49b554a4a7083f94f5c82d78760b8d09a5
      • Instruction ID: 44d968243e86ed934b630d39f700879502b23f50076a0bc0b1ce84a1271db86a
      • Opcode Fuzzy Hash: 8f5dcdd2a68b82b82170d256bf187d49b554a4a7083f94f5c82d78760b8d09a5
      • Instruction Fuzzy Hash: FB127871B043468FDF349E7888A53EB37A2AF52360F99412FCC8997654E3398982C707
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00461276, Relevance: 1.8, Strings: 1, Instructions: 564COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: rHGk
      • API String ID: 0-4221766241
      • Opcode ID: 92e81d11c4a1a8b6644aeded290574d6490a2f9e8813d7143c98a37ab15caec3
      • Instruction ID: 7f9f45ed641830d6686729dfe3f9c0ad91653e16645af9fe59415635c20a1c11
      • Opcode Fuzzy Hash: 92e81d11c4a1a8b6644aeded290574d6490a2f9e8813d7143c98a37ab15caec3
      • Instruction Fuzzy Hash: FE12CD716043858FDF349E388DA57EE37A2AF52360F99461FCC8A97654E3398981C70B
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0046692D, Relevance: 1.8, Strings: 1, Instructions: 532COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: Ne
      • API String ID: 0-3071501248
      • Opcode ID: c7b7d8c46d413ed082aef1a46a9080cc24efd0799bbb12f43eb1bbebd93f96c3
      • Instruction ID: 7fdc4938c45db68cc2ac6716a5a3c34b27a5e771ca2d749a4547b3dc4ab12987
      • Opcode Fuzzy Hash: c7b7d8c46d413ed082aef1a46a9080cc24efd0799bbb12f43eb1bbebd93f96c3
      • Instruction Fuzzy Hash: DE126271604349DFDF349E34CD917EA3BB2EF55350F96412EDC8A9B250E3384A828B46
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00466955, Relevance: 1.8, Strings: 1, Instructions: 529COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: Ne
      • API String ID: 0-3071501248
      • Opcode ID: 665ee4f0c7bbeecf1fbc03b698a6364950912f05124e6672cc5960c38ba9b42d
      • Instruction ID: d3bb4952ba81c6916e5571b663b75c5a90efa1b721b75ffbef293fb50c39c673
      • Opcode Fuzzy Hash: 665ee4f0c7bbeecf1fbc03b698a6364950912f05124e6672cc5960c38ba9b42d
      • Instruction Fuzzy Hash: C8125271608348DFDF349E34CD957EA3BB2AF55350F96412EDC8A9B250E3344A828B06
      Uniqueness

      Uniqueness Score: -1.00%

      Function 004669D8, Relevance: 1.8, Strings: 1, Instructions: 526COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: Ne
      • API String ID: 0-3071501248
      • Opcode ID: 6476056fe3ef61e7b5474bdd8f9ff487e51d2866b66486b2f6fbc85e0585e3c0
      • Instruction ID: 9e3233baf79fef71075aeaadaa757aafed607fac9c374bec89e0256ba5b584e2
      • Opcode Fuzzy Hash: 6476056fe3ef61e7b5474bdd8f9ff487e51d2866b66486b2f6fbc85e0585e3c0
      • Instruction Fuzzy Hash: D01242716043499FDF349E34CD917EA37B2AF65350F96412FDC8A9B290E3384A868B47
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00466BEB, Relevance: 1.8, Strings: 1, Instructions: 507COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: Ne
      • API String ID: 0-3071501248
      • Opcode ID: 6702b45cbe6bc57745dcb2c151cb6d1845aab9b6d0e5249840c3a4c2ebc8d62a
      • Instruction ID: f7dbad94e8e0c8584197e9fa1db6a9ddd5892e7fda719af72c88996caf6febdc
      • Opcode Fuzzy Hash: 6702b45cbe6bc57745dcb2c151cb6d1845aab9b6d0e5249840c3a4c2ebc8d62a
      • Instruction Fuzzy Hash: 601243716083489FDF359F34C9957DA3BB2BF56310F96011BDC8A8B290E3384A858B4B
      Uniqueness

      Uniqueness Score: -1.00%

      Function 004612E8, Relevance: 1.8, Strings: 1, Instructions: 505COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: rHGk
      • API String ID: 0-4221766241
      • Opcode ID: cf2427ad01ca7a1b8bb511525b4948c0adcba319838faa32993f76ae21d61b75
      • Instruction ID: 61527c5581409996268632f68875c06528e47b06f6aac6e6da42f24ee5a7f792
      • Opcode Fuzzy Hash: cf2427ad01ca7a1b8bb511525b4948c0adcba319838faa32993f76ae21d61b75
      • Instruction Fuzzy Hash: 62028A716043858FDF349E388DA53EE37A26F52360F99422FCC8A97654E3398982C707
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00466B6B, Relevance: 1.7, Strings: 1, Instructions: 486COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: Ne
      • API String ID: 0-3071501248
      • Opcode ID: e740c24697e0da3cbec17db0e3ba3ced8b0d68d5408840dd28be5f74401a0d10
      • Instruction ID: 30dd9d53affbf6edd292998945fd489dc205cc867ded693e956a31cbdcc68103
      • Opcode Fuzzy Hash: e740c24697e0da3cbec17db0e3ba3ced8b0d68d5408840dd28be5f74401a0d10
      • Instruction Fuzzy Hash: 44024471604348DFDF349E34C9957EA3BB2FF56350F96412BDC8A8B250E3385A868B46
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00466AAB, Relevance: 1.7, Strings: 1, Instructions: 477COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: Ne
      • API String ID: 0-3071501248
      • Opcode ID: 3da874ba65b221c9e9e783761d6cc5ba3f0c6a7380ebb487618923827953d8fa
      • Instruction ID: 73f53dd6f9ff6d30395bfff095e4596a4e238c41e1ea8c3da73a2f8a279fc41c
      • Opcode Fuzzy Hash: 3da874ba65b221c9e9e783761d6cc5ba3f0c6a7380ebb487618923827953d8fa
      • Instruction Fuzzy Hash: E00253716043489FDF349E34CDA57EA3BB2AF55350F95412FDC8A9B290E3384A868B46
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0046156F, Relevance: 1.7, Strings: 1, Instructions: 432COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: rHGk
      • API String ID: 0-4221766241
      • Opcode ID: a3af0f323a257d6eea527e2c5fa6f760e9e7a2c6f6aee9960611b21763882342
      • Instruction ID: bb21637af97ef75e1fdf67cb5e08d2062803b82439754df31365f1d061d61d22
      • Opcode Fuzzy Hash: a3af0f323a257d6eea527e2c5fa6f760e9e7a2c6f6aee9960611b21763882342
      • Instruction Fuzzy Hash: 46E1AC756043868FDF349E3889A53EE77A2AF52360F89455FCCC697165E3388582C70B
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00466C93, Relevance: 1.7, Strings: 1, Instructions: 403COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: Ne
      • API String ID: 0-3071501248
      • Opcode ID: d6c17aa13e8ccce6959b0e5e867c979c3ba7e11f8a782471a04df1ae8c1bc632
      • Instruction ID: baa5985d467d918739f52f711add6494f8f5e6679b6d60b3ac30fdd10f83e7de
      • Opcode Fuzzy Hash: d6c17aa13e8ccce6959b0e5e867c979c3ba7e11f8a782471a04df1ae8c1bc632
      • Instruction Fuzzy Hash: DAE142716043499FDF349E34CDA57EA37B2BF65350F95412BDC8A8B280E3784A86CB46
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0046DB55, Relevance: 1.6, Strings: 1, Instructions: 385COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: %zON
      • API String ID: 0-155931339
      • Opcode ID: af468ccef6fe5a89a8470d6fc4021183e8ae685bd3a3a3fd8b096450fcd41729
      • Instruction ID: 5cab0a3ba99e0764a1da2c49bb1892fa1a296afe9db27819fdf4f0df65fb2fad
      • Opcode Fuzzy Hash: af468ccef6fe5a89a8470d6fc4021183e8ae685bd3a3a3fd8b096450fcd41729
      • Instruction Fuzzy Hash: 1BD18C71B04746CFDF349D3989A57DA3393AF55350F91412BCC4ADB248E3388A86CA4B
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00466D2C, Relevance: 1.6, Strings: 1, Instructions: 379COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: Ne
      • API String ID: 0-3071501248
      • Opcode ID: 8a12010bd5166ae8b8f89351bcde9588aa43d3f7b0d6822d01fc32ce208f9921
      • Instruction ID: a3738eeeaa7dcfb5ae2f033287f5c148596f504134c477449056efb1c9d381d9
      • Opcode Fuzzy Hash: 8a12010bd5166ae8b8f89351bcde9588aa43d3f7b0d6822d01fc32ce208f9921
      • Instruction Fuzzy Hash: 26E141716083499FDF349F34CD957EA3BB2BF55350F95411BDC8A8B290E3388A868B46
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00466E00, Relevance: 1.6, Strings: 1, Instructions: 340COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: Ne
      • API String ID: 0-3071501248
      • Opcode ID: 1ba75c70dbc5a660e86e3775cdf950b25aa92323cf5db06528898d553879fa68
      • Instruction ID: 587605590e708edc8807ad6c2fb005afa7af14bf4d6494d2fdb27ec97566e1d4
      • Opcode Fuzzy Hash: 1ba75c70dbc5a660e86e3775cdf950b25aa92323cf5db06528898d553879fa68
      • Instruction Fuzzy Hash: 47D152716043489FDF349F34CD957DA3BA2BF19354F95011BDC8A8B290E3798A82CB4A
      Uniqueness

      Uniqueness Score: -1.00%

      Function 004655A6, Relevance: 1.6, Strings: 1, Instructions: 309COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: Npl~
      • API String ID: 0-1888215250
      • Opcode ID: 364a2d7ba856c4deb6f6b7c14159a1cc20f19d2ba781003c8fc1ddaebc7b1d5a
      • Instruction ID: 46d4cae6ce2e1f2a106c87e9f709feff2e64fada0fa3aea8887558e8b5ebfdd3
      • Opcode Fuzzy Hash: 364a2d7ba856c4deb6f6b7c14159a1cc20f19d2ba781003c8fc1ddaebc7b1d5a
      • Instruction Fuzzy Hash: 7CB195B46003059FDB349E39C9997DA37E2FF613A0F94412EDC8A8B244E739C985CB16
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00466EC7, Relevance: 1.6, Strings: 1, Instructions: 302COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: Ne
      • API String ID: 0-3071501248
      • Opcode ID: 07994ce73cd14df2aa0322717dabe424738f254ef46185214d69cc2e21e83b34
      • Instruction ID: 1d856fb99468b5715660a508df2895fd8e6c73643c7c800099c58ed3d3820881
      • Opcode Fuzzy Hash: 07994ce73cd14df2aa0322717dabe424738f254ef46185214d69cc2e21e83b34
      • Instruction Fuzzy Hash: 75C133706083499FDF359F34CD957DA7BA2BF55354F94011BDC8A8B280E3758A82CB4A
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00466F9B, Relevance: 1.5, Strings: 1, Instructions: 283COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: Ne
      • API String ID: 0-3071501248
      • Opcode ID: b0d09ab89e1726fde1303c43d0806a2615042f7c3213d9afa109daa6fe72d1e2
      • Instruction ID: bc7f742753b921a7987960805ab7c890a3532e87ec2a8a7be96161d825d53c11
      • Opcode Fuzzy Hash: b0d09ab89e1726fde1303c43d0806a2615042f7c3213d9afa109daa6fe72d1e2
      • Instruction Fuzzy Hash: A1B13271604349DFDF349F34CD957DA7BB2BF59314F84412ADD898B280E3788A868B46
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00467025, Relevance: 1.5, Strings: 1, Instructions: 231COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: Ne
      • API String ID: 0-3071501248
      • Opcode ID: 2c2ebe50c9a1648470ab6acbd76aaa3dc6c97b8330945af896029941cf17c113
      • Instruction ID: e1de560f4edcd8e797183ce71fbdb28c4af3a41b1606a598d6157902d550a4db
      • Opcode Fuzzy Hash: 2c2ebe50c9a1648470ab6acbd76aaa3dc6c97b8330945af896029941cf17c113
      • Instruction Fuzzy Hash: E1910071604248DFDF359F34CC98BDA7BB2BF59354F94412ADD898B280E3748A86CB46
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00467022, Relevance: 1.5, Strings: 1, Instructions: 226COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: Ne
      • API String ID: 0-3071501248
      • Opcode ID: 3c218b26a3f2cabc67345031962fe04de5dd2e6d0421c1d9e3b83e8b5dd815f7
      • Instruction ID: e0954a04cd932c04399bd305fc0e06c1d44f6737c5b950454c564fdb1f0762aa
      • Opcode Fuzzy Hash: 3c218b26a3f2cabc67345031962fe04de5dd2e6d0421c1d9e3b83e8b5dd815f7
      • Instruction Fuzzy Hash: 19911E70604348DFDF359F34CC997DA3BA2BF59354F94412ADC8A8B240E3748A86DB46
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0046709F, Relevance: 1.5, Strings: 1, Instructions: 207COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: Ne
      • API String ID: 0-3071501248
      • Opcode ID: 3a35facedac706550916afd13204ef39bb3c4176edb6977ac4cee9354872133c
      • Instruction ID: cd73390b34a2d45eb0f6a6c9cc7ac5d7a1865d648afd35799ba1b60ba3b10a6e
      • Opcode Fuzzy Hash: 3a35facedac706550916afd13204ef39bb3c4176edb6977ac4cee9354872133c
      • Instruction Fuzzy Hash: E0811071604288DFDF359F34CC98BDA3BB2BF59304F94412ADD898B240E7748A86CB46
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0046AFD7, Relevance: 1.3, Strings: 1, Instructions: 84COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: Au
      • API String ID: 0-2295654664
      • Opcode ID: 3a708b75aafa5b23e02fc66e30ce95064bbfdaf8c93049324ab50f567cecb7e0
      • Instruction ID: 3dbb605e91a9f60d3359863e71366cabdbbe2a3ff9d5807c00fc343913cab897
      • Opcode Fuzzy Hash: 3a708b75aafa5b23e02fc66e30ce95064bbfdaf8c93049324ab50f567cecb7e0
      • Instruction Fuzzy Hash: A5212D3960134A8ADB609E7C85E53D76693EF62790FA6421BDD4687108F73848C7C35A
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0046C329, Relevance: 1.3, Strings: 1, Instructions: 63COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID: }l"
      • API String ID: 0-1801363258
      • Opcode ID: c0c1371e75c0c4eb2be54967499c36de73620895459e52f20f45b668775828e7
      • Instruction ID: 7c846237374e3ac47869343f4d96482b4b1f1a622ff445aa06a3a9fe55f7a60c
      • Opcode Fuzzy Hash: c0c1371e75c0c4eb2be54967499c36de73620895459e52f20f45b668775828e7
      • Instruction Fuzzy Hash: 7721F0306193868FDB68DE7499E57FB37B1AF02340F52401F8DCA96111DB350686CA03
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00463971, Relevance: .4, Instructions: 375COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: d1566bc312810779d07a6c1c52c0ab0b813be1a20a60112f1ffbcbd4ec1e7fca
      • Instruction ID: c9407c12841323f5498c85980a2dfbab5bce9fa1390389bbc49abf4464320403
      • Opcode Fuzzy Hash: d1566bc312810779d07a6c1c52c0ab0b813be1a20a60112f1ffbcbd4ec1e7fca
      • Instruction Fuzzy Hash: 6AD156716043499FDF349E28CDA57DF37A2AF51350F91402EEC8AA7644E3358A8ACB07
      Uniqueness

      Uniqueness Score: -1.00%

      Function 004616E3, Relevance: .4, Instructions: 351COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: a97c448e346a40a6c3605b1e137fe482188c79f52dba1642c1a6e34aa2a4a53f
      • Instruction ID: 5b815f6fe0cdeb1f8941a0ab1d02f6dacd35a8181f52569afe43338ed82ff827
      • Opcode Fuzzy Hash: a97c448e346a40a6c3605b1e137fe482188c79f52dba1642c1a6e34aa2a4a53f
      • Instruction Fuzzy Hash: A2C1AB706043868FDF34AA7889A93EF77A2AF52360F99451FCCC5D7155E3398981870B
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00461664, Relevance: .3, Instructions: 338COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 0c397f13a59b89ba883fe81ed23dfa693a69a03831823c9c1e9b1f2e7fa836c7
      • Instruction ID: 2c53f98a3aba427f812fa47630d0b53bdd43aa2ffe2758f4503cde2da07829f7
      • Opcode Fuzzy Hash: 0c397f13a59b89ba883fe81ed23dfa693a69a03831823c9c1e9b1f2e7fa836c7
      • Instruction Fuzzy Hash: A5C169706043868FDF349A7888A93EF77A2AF52360F99451FCCC5D7555E33989828707
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00461783, Relevance: .3, Instructions: 316COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 9997645ff1a5e7f7d5c2349586b7f0237ae9ac26ea2654f895dde5be52bc1714
      • Instruction ID: 08e435264ed06f7e01733a373eabe7ca382c12c739a2b063d29c442ffc76d781
      • Opcode Fuzzy Hash: 9997645ff1a5e7f7d5c2349586b7f0237ae9ac26ea2654f895dde5be52bc1714
      • Instruction Fuzzy Hash: B1B17C706083869FDF35AA3889AA3EF37A1AF52360F89461FCCD5C7155E33D8581864B
      Uniqueness

      Uniqueness Score: -1.00%

      Function 004618FB, Relevance: .2, Instructions: 219COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: ef6fe78f21805b408a4639dd55c6f5150dc96ac983eebd2497c0267dcca75615
      • Instruction ID: c9e0725e5cd6b1e89c3e1a42650c306ab6d89937d565ce64c175fcf4b70fa8ee
      • Opcode Fuzzy Hash: ef6fe78f21805b408a4639dd55c6f5150dc96ac983eebd2497c0267dcca75615
      • Instruction Fuzzy Hash: D07157702087869FDB31AA388C693EF7BA2AF12360F85861ECCC597545D3398582CB07
      Uniqueness

      Uniqueness Score: -1.00%

      Function 004092BC, Relevance: .2, Instructions: 209COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2608911270.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.2608900270.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609011231.0000000000433000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609026459.0000000000435000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 185096e82220389d440197759049318995404c5f3eb2576f04f255bb6df4cd8b
      • Instruction ID: 992d4d05e47c6351acade839198ce7097935a98e3cce3de93b14edbbf24b760f
      • Opcode Fuzzy Hash: 185096e82220389d440197759049318995404c5f3eb2576f04f255bb6df4cd8b
      • Instruction Fuzzy Hash: E5716D6404E3D15FE7039B7489A5196BFB0AE0724475E40EFC8C4CF0E3D2286D5AD76A
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00461A43, Relevance: .2, Instructions: 171COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 597fa7291f7be4ba6204663066e8681cbe0f414b50b5db112764f9572ff81ac0
      • Instruction ID: 3a37860cc3b16add962a69c3e8dd3f6d16e06ca2fa812329603543e91a01cc55
      • Opcode Fuzzy Hash: 597fa7291f7be4ba6204663066e8681cbe0f414b50b5db112764f9572ff81ac0
      • Instruction Fuzzy Hash: CB6169312087C69FDB219E3889653EE7BA1AF13320F89469FCCD58B5A5E3394285C747
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00467CAB, Relevance: .1, Instructions: 92COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 9efd0254604b1a41c8047e55e4140cbfe758d005e9f6f018415f8df0354d061e
      • Instruction ID: 31d43bc3575d325742b941e4cca74809fafcc5c0e2b26367ae3605affb700372
      • Opcode Fuzzy Hash: 9efd0254604b1a41c8047e55e4140cbfe758d005e9f6f018415f8df0354d061e
      • Instruction Fuzzy Hash: B43178329083548FDB604E248ED17DBBBA2AF537A0F57006EDCC967201D7760A899B47
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0046B1FE, Relevance: .1, Instructions: 57COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 8f6bb017e0690756ae00abca25f8b3465c9e8236de97cfbeb24ab277d4ea1e47
      • Instruction ID: ece325dc93196415bed1c97d759d98c87e5914046b9988f793db76414d9a84ce
      • Opcode Fuzzy Hash: 8f6bb017e0690756ae00abca25f8b3465c9e8236de97cfbeb24ab277d4ea1e47
      • Instruction Fuzzy Hash: 86116D35204386CFD720DE59CAE8BDA33E1EF19390F45816AED49CB250D7349E81CB16
      Uniqueness

      Uniqueness Score: -1.00%

      Function 004608C5, Relevance: .0, Instructions: 36COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: e363972fb3f49ab7e864f91a8b7d1d3fa31f83b972c2bffdd94a1b679a8c4e01
      • Instruction ID: d2fe32cf21b8801b93f60a2dacced3da238f9c6b6188f4e75b78ef105efecd2a
      • Opcode Fuzzy Hash: e363972fb3f49ab7e864f91a8b7d1d3fa31f83b972c2bffdd94a1b679a8c4e01
      • Instruction Fuzzy Hash: EDF059BA204301CFC7417B70826A3E67AA29FA6398F61451EECC396665F71588C8CB07
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00467AB1, Relevance: .0, Instructions: 8COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 5cfa1b81e5e6b8521a695c5cbe7955c913c12d579af09626da4d4acb450cc619
      • Instruction ID: 488bba241ecf19b7151fcdb51e34d71170deab17b067d1bc7bdc15f395225192
      • Opcode Fuzzy Hash: 5cfa1b81e5e6b8521a695c5cbe7955c913c12d579af09626da4d4acb450cc619
      • Instruction Fuzzy Hash: 6FC092BB2026808FFB92CF08C4C2B8073A0FF12A88B880490E802DB712C328E904CA40
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0046A900, Relevance: .0, Instructions: 6COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2609057616.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_460000_RICHIESTA DI OFFERTA.jbxd
      Yara matches
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: ab663452f0a2796c9079eca4e1be35edd25b93dc44dc8bfe7ee36f5e29c49297
      • Instruction ID: a5b43a31bea2b0e3e3bea9ac211744203edd9aa7b5d9faf59a5332fa483cdd54
      • Opcode Fuzzy Hash: ab663452f0a2796c9079eca4e1be35edd25b93dc44dc8bfe7ee36f5e29c49297
      • Instruction Fuzzy Hash: 40B092316106808FCA51CE0EC2C0E48B3B4BB44A00B8204A4E8119BB11C764EC00CA00
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0040BCB9, Relevance: 56.3, APIs: 31, Strings: 1, Instructions: 287COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      • #527.MSVBVM60(00409D58), ref: 0042D064
      • __vbaStrMove.MSVBVM60 ref: 0042D06F
      • __vbaStrCmp.MSVBVM60(00409D60,00000000), ref: 0042D07B
      • __vbaFreeStr.MSVBVM60 ref: 0042D08E
      • __vbaNew2.MSVBVM60(004099E4,004333CC), ref: 0042D0AF
      • __vbaHresultCheckObj.MSVBVM60(00000000,025C1794,004099D4,00000014), ref: 0042D0DA
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00409AAC,000000B8), ref: 0042D108
      • __vbaFreeObj.MSVBVM60 ref: 0042D10D
      • __vbaNew2.MSVBVM60(004099E4,004333CC), ref: 0042D125
      • __vbaHresultCheckObj.MSVBVM60(00000000,025C1794,004099D4,00000014), ref: 0042D14A
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00409AAC,00000110), ref: 0042D170
      • __vbaStrMove.MSVBVM60 ref: 0042D17B
      • __vbaFreeObj.MSVBVM60 ref: 0042D184
      • __vbaNew2.MSVBVM60(0040A14C,(Ra), ref: 0042D19D
      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0042D1BC
      • __vbaFreeStr.MSVBVM60(0042D3B3), ref: 0042D3AC
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2608911270.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.2608900270.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609011231.0000000000433000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609026459.0000000000435000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd
      Similarity
      • API ID: __vba$CheckFreeHresult$New2$Move$#527
      • String ID: (Ra
      • API String ID: 487870899-2066194514
      • Opcode ID: ed5b95a907725d5e5d85eed6ae036352f52c7a607ee42a1811b1e5d38ade5951
      • Instruction ID: 92f7f0afaf7bc07c64b2733a2fa2e68ed615c7a18529395273badbd0e8724bfd
      • Opcode Fuzzy Hash: ed5b95a907725d5e5d85eed6ae036352f52c7a607ee42a1811b1e5d38ade5951
      • Instruction Fuzzy Hash: 65A18E75A00218ABCB14DFA5DD49FEEBBB8FF48701F10406AF541B72A1DB789905CB68
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0042DD10, Relevance: 42.2, APIs: 21, Strings: 3, Instructions: 163COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      • __vbaNew2.MSVBVM60(0040A14C,(Ra), ref: 0042DD7B
      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0042DD94
      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409954,00000150), ref: 0042DDC1
      • __vbaStrToAnsi.MSVBVM60(?,?,008039A4), ref: 0042DDD8
      • __vbaSetSystemError.MSVBVM60(003989DE,00000000), ref: 0042DDEC
      • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0042DE0E
      • __vbaFreeObj.MSVBVM60 ref: 0042DE1A
      • #702.MSVBVM60(?,000000FF,000000FE,000000FE,000000FE), ref: 0042DE43
      • __vbaStrMove.MSVBVM60 ref: 0042DE4E
      • __vbaFreeVar.MSVBVM60 ref: 0042DE5D
      • __vbaNew2.MSVBVM60(004099E4,004333CC), ref: 0042DE72
      • __vbaHresultCheckObj.MSVBVM60(00000000,025C1794,004099D4,00000014), ref: 0042DE97
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00409AAC,00000118), ref: 0042DEBD
      • __vbaI2I4.MSVBVM60 ref: 0042DEC2
      • __vbaFreeObj.MSVBVM60 ref: 0042DECB
      • __vbaVarDup.MSVBVM60 ref: 0042DEE5
      • #666.MSVBVM60(?,00000002), ref: 0042DEF3
      • __vbaVarMove.MSVBVM60 ref: 0042DEFF
      • __vbaFreeVar.MSVBVM60 ref: 0042DF08
      • __vbaFreeVar.MSVBVM60(0042DF5B), ref: 0042DF4B
      • __vbaFreeStr.MSVBVM60 ref: 0042DF54
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2608911270.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.2608900270.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609011231.0000000000433000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609026459.0000000000435000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd
      Similarity
      • API ID: __vba$Free$CheckHresult$MoveNew2$#666#702AnsiErrorListSystem
      • String ID: (Ra$HENRIVENDE$zS
      • API String ID: 309366762-3429874171
      • Opcode ID: 216e54dbeaf471ba5b17d8cac72228c7cd8614cad387034a75f263e2b6876084
      • Instruction ID: 3e14bf423051b26a42ba2d0effce5ddad7d42201ab6809a6a67660b805aab55e
      • Opcode Fuzzy Hash: 216e54dbeaf471ba5b17d8cac72228c7cd8614cad387034a75f263e2b6876084
      • Instruction Fuzzy Hash: 275149B1900219ABCB04DFA5DD88EDEBBB8FF48705F10412AF516BB2A0DB745945CB68
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0042D880, Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 117COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 0042D8D5
      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 0042D8DD
      • __vbaNew2.MSVBVM60(0040A14C,(Ra), ref: 0042D8F2
      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0042D911
      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409B10,000001C8), ref: 0042D930
      • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 0042D939
      • __vbaNew2.MSVBVM60(0040A14C,(Ra), ref: 0042D952
      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0042D96B
      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409D7C,00000100), ref: 0042D98E
      • __vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0042D99E
      • __vbaI4Var.MSVBVM60(00000000), ref: 0042D9A8
      • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0042D9BB
      • __vbaFreeVar.MSVBVM60 ref: 0042D9C7
      • __vbaFreeStr.MSVBVM60(0042DA02), ref: 0042D9FA
      • __vbaFreeStr.MSVBVM60 ref: 0042D9FF
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2608911270.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.2608900270.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609011231.0000000000433000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609026459.0000000000435000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd
      Similarity
      • API ID: __vba$Free$CheckCopyHresultNew2$CallLateList
      • String ID: (Ra
      • API String ID: 244069345-2066194514
      • Opcode ID: 5c39a2e577768568b9bfa8c430774f7e118b74792861e76bd2736f80affe6c9b
      • Instruction ID: 3037e0fc402dac870a1d28fe1070c936b1b5d65c79530787229ec8e5e835481f
      • Opcode Fuzzy Hash: 5c39a2e577768568b9bfa8c430774f7e118b74792861e76bd2736f80affe6c9b
      • Instruction Fuzzy Hash: 5A413CB5D00218ABCB04DF94DD89EDEBBB8FB08304F10442AF555B72A4D678A945CFA8
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00425490, Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 130COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      • __vbaStrCopy.MSVBVM60 ref: 004254F9
      • #515.MSVBVM60(?,?,00000002), ref: 00425516
      • __vbaVarTstNe.MSVBVM60(?,?), ref: 00425532
      • __vbaFreeVar.MSVBVM60 ref: 0042553E
      • __vbaNew2.MSVBVM60(0040A14C,(Ra), ref: 0042556F
      • __vbaObjSet.MSVBVM60(?,00000000), ref: 00425588
      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409A48,000000C0), ref: 004255B2
      • __vbaLateMemCall.MSVBVM60(?,bJwKrGImpGgg9mRQCArwzZIt8,00000003), ref: 00425621
      • __vbaFreeObj.MSVBVM60 ref: 0042562D
      • __vbaFreeObj.MSVBVM60(00425671), ref: 00425661
      • __vbaFreeStr.MSVBVM60 ref: 0042566A
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2608911270.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.2608900270.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609011231.0000000000433000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609026459.0000000000435000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd
      Similarity
      • API ID: __vba$Free$#515CallCheckCopyHresultLateNew2
      • String ID: (Ra$Kricketbold2$bJwKrGImpGgg9mRQCArwzZIt8$var
      • API String ID: 3144308283-896395025
      • Opcode ID: c6dedcd5aced9654c1b7c320c669f933d9882481dd532e55ad32b74f70e2c0c5
      • Instruction ID: 5bf5bcfe2e29984776ee71421b15d1d75e55c59fa0ceca583787bb4a02caaa91
      • Opcode Fuzzy Hash: c6dedcd5aced9654c1b7c320c669f933d9882481dd532e55ad32b74f70e2c0c5
      • Instruction Fuzzy Hash: 195148B4E10218DFCB14DF98DA48A9DFBB8FF48B00F10816AE509BB294D7785A45CF84
      Uniqueness

      Uniqueness Score: -1.00%

      Function 004256A0, Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 113COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 004256F5
      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 004256FD
      • __vbaNew2.MSVBVM60(004099E4,004333CC), ref: 00425711
      • __vbaHresultCheckObj.MSVBVM60(00000000,025C1794,004099D4,00000014), ref: 0042573C
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00409AAC,00000118), ref: 0042576A
      • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 0042576F
      • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00425778
      • __vbaNew2.MSVBVM60(0040A14C,(Ra), ref: 00425791
      • __vbaObjSet.MSVBVM60(?,00000000), ref: 004257AA
      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409A48,000000C8), ref: 004257D1
      • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 004257DC
      • __vbaFreeStr.MSVBVM60(00425804), ref: 004257FC
      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00425801
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2608911270.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.2608900270.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609011231.0000000000433000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609026459.0000000000435000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd
      Similarity
      • API ID: __vba$Free$CheckHresult$CopyNew2
      • String ID: (Ra
      • API String ID: 336985134-2066194514
      • Opcode ID: 262861fa027554f53a9023cd1df400ece65399482f6a254a919458dfeeb17009
      • Instruction ID: 00a320610a2f3e0550b02398e2007c94e90aa8d7e9ada67d49e3611233cf5d10
      • Opcode Fuzzy Hash: 262861fa027554f53a9023cd1df400ece65399482f6a254a919458dfeeb17009
      • Instruction Fuzzy Hash: 24415D74A40218EBCB04DF95DD84EEEBBB8FF98700F14802AE505B72A0C6785901CFA8
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0042DA30, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 140COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      • __vbaStrCopy.MSVBVM60 ref: 0042DA8B
      • __vbaLenBstrB.MSVBVM60(00409D90), ref: 0042DA96
      • #680.MSVBVM60(00000000,3FF00000,00000000,3FF00000,00000000,40490000,?,?,?), ref: 0042DADF
      • __vbaFreeVarList.MSVBVM60(00000003,?,?,?), ref: 0042DAF5
      • __vbaNew2.MSVBVM60(004099E4,004333CC), ref: 0042DB11
      • __vbaHresultCheckObj.MSVBVM60(00000000,025C1794,004099D4,00000014), ref: 0042DB36
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00409AAC,000000C8), ref: 0042DB63
      • __vbaFreeObj.MSVBVM60 ref: 0042DB6C
      • __vbaVarDup.MSVBVM60 ref: 0042DB98
      • #595.MSVBVM60(?,00000000,?,?,?), ref: 0042DBB0
      • __vbaFreeVarList.MSVBVM60(00000004,?,?,?,?), ref: 0042DBC8
      • __vbaFreeStr.MSVBVM60(0042DC08), ref: 0042DC01
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2608911270.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.2608900270.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609011231.0000000000433000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609026459.0000000000435000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd
      Similarity
      • API ID: __vba$Free$CheckHresultList$#595#680BstrCopyNew2
      • String ID: hjrekant
      • API String ID: 4058102471-1475739938
      • Opcode ID: 95959a06098993a4faac7d9b790f2a6ac580e100fe50f20baf233002aa7f2173
      • Instruction ID: fc690ee695db8f231962780ffe65343825b843d53d00f0c3d3a69cc7e01f37d1
      • Opcode Fuzzy Hash: 95959a06098993a4faac7d9b790f2a6ac580e100fe50f20baf233002aa7f2173
      • Instruction Fuzzy Hash: 0251E2B1D00219ABDB10DF94D889EDEBFB8BF48700F10412AF505B72A5D7B46585CBA8
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0042D3D0, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 117COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      • __vbaNew2.MSVBVM60(0040A14C,(Ra), ref: 0042D41D
      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0042D43C
      • __vbaNew2.MSVBVM60(0040A14C,(Ra), ref: 0042D458
      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0042D471
      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409A04,00000130), ref: 0042D494
      • __vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0042D4C3
      • __vbaStrVarMove.MSVBVM60(00000000), ref: 0042D4CD
      • __vbaStrMove.MSVBVM60 ref: 0042D4D8
      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409964,000001EC), ref: 0042D4F8
      • __vbaFreeStr.MSVBVM60 ref: 0042D501
      • __vbaFreeObjList.MSVBVM60(00000003,?,?,?), ref: 0042D515
      • __vbaFreeVar.MSVBVM60 ref: 0042D521
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2608911270.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.2608900270.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609011231.0000000000433000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609026459.0000000000435000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd
      Similarity
      • API ID: __vba$Free$CheckHresultMoveNew2$CallLateList
      • String ID: (Ra
      • API String ID: 3081447974-2066194514
      • Opcode ID: d41607fada56a4b3720f887fbf58355d561b35123c612f0d49bfdf02f3c889a5
      • Instruction ID: 1e67fcaa09465789bc4eb783a7e738a20273f9ac9e7247e845b252cccaf01c55
      • Opcode Fuzzy Hash: d41607fada56a4b3720f887fbf58355d561b35123c612f0d49bfdf02f3c889a5
      • Instruction Fuzzy Hash: 56414DB4A00204AFDB04DFA4DD49F9EBBB8FB48701F14442AF545F7261D638A945CBA8
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00424930, Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 107COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      • __vbaStrCopy.MSVBVM60 ref: 00424979
      • __vbaNew2.MSVBVM60(0040A14C,(Ra), ref: 00424992
      • __vbaObjSet.MSVBVM60(?,00000000), ref: 004249B1
      • __vbaNew2.MSVBVM60(0040A14C,(Ra), ref: 004249CD
      • __vbaObjSet.MSVBVM60(?,00000000), ref: 004249E6
      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409954,000000F0), ref: 00424A09
      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409964,000001EC), ref: 00424A49
      • __vbaFreeStr.MSVBVM60 ref: 00424A52
      • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 00424A62
      • __vbaFreeStr.MSVBVM60(00424A99), ref: 00424A92
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2608911270.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.2608900270.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609011231.0000000000433000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609026459.0000000000435000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd
      Similarity
      • API ID: __vba$Free$CheckHresultNew2$CopyList
      • String ID: (Ra
      • API String ID: 4130517723-2066194514
      • Opcode ID: 8f5ba0aae027e5ade5a35dc241098c9ecd1dea7dc7e6ebd4f45459564aea2035
      • Instruction ID: 8ab0ce02fd4ad78d60563386b133b7b716cd360f17da3511743dd23085d2e806
      • Opcode Fuzzy Hash: 8f5ba0aae027e5ade5a35dc241098c9ecd1dea7dc7e6ebd4f45459564aea2035
      • Instruction Fuzzy Hash: 314181B4A40215AFCB04DFA8DD49FAEBBB8FB48701F10406AF505F7251D7789905CBA8
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00424BE0, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 114COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 231 424be0-424c18 232 424c1a-424c2a __vbaNew2 231->232 233 424c2f-424cb6 __vbaObjSet 231->233 232->233 236 424cca-424cdc __vbaFreeObj 233->236 237 424cb8-424cc4 __vbaHresultCheckObj 233->237 238 424cf3-424d1a __vbaObjSet 236->238 239 424cde-424cee __vbaNew2 236->239 237->236 242 424d2e-424d4b __vbaFreeObj 238->242 243 424d1c-424d28 __vbaHresultCheckObj 238->243 239->238 243->242
      APIs
      • __vbaNew2.MSVBVM60(0040A14C,(Ra), ref: 00424C24
      • __vbaObjSet.MSVBVM60(?,00000000), ref: 00424C3D
      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409974,000001CC), ref: 00424CC4
      • __vbaFreeObj.MSVBVM60 ref: 00424CD3
      • __vbaNew2.MSVBVM60(0040A14C,(Ra), ref: 00424CE8
      • __vbaObjSet.MSVBVM60(?,00000000), ref: 00424D01
      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409954,000001C8), ref: 00424D28
      • __vbaFreeObj.MSVBVM60 ref: 00424D37
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2608911270.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.2608900270.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609011231.0000000000433000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609026459.0000000000435000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd
      Similarity
      • API ID: __vba$CheckFreeHresultNew2
      • String ID: (Ra
      • API String ID: 1645334062-2066194514
      • Opcode ID: 82f292988a600778a974090e1fa1679200118610c53313007266a650490cac74
      • Instruction ID: d1ecdfbbf56c062021e6928b3cd5bc998c80f1fdfa5d5ae707005e099290dd8c
      • Opcode Fuzzy Hash: 82f292988a600778a974090e1fa1679200118610c53313007266a650490cac74
      • Instruction Fuzzy Hash: CF4160B4A012049FCB08DFA9D989A9ABBF4FF4C701F10846AE505EB365D7389901CFA4
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00431D50, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 92COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 245 431d50-431d88 246 431d8a-431d9a __vbaNew2 245->246 247 431d9f-431de4 __vbaObjSet 245->247 246->247 250 431de6-431df2 __vbaHresultCheckObj 247->250 251 431df8-431e0a __vbaFreeObj 247->251 250->251 252 431e21-431e44 __vbaObjSet 251->252 253 431e0c-431e1c __vbaNew2 251->253 256 431e46-431e52 __vbaHresultCheckObj 252->256 257 431e58-431e75 __vbaFreeObj 252->257 253->252 256->257
      APIs
      • __vbaNew2.MSVBVM60(0040A14C,(Ra,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00431D94
      • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00431DB3
      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409974,000001C8), ref: 00431DF2
      • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00431E01
      • __vbaNew2.MSVBVM60(0040A14C,(Ra,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00431E16
      • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00431E2F
      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409A04,00000088), ref: 00431E52
      • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00431E61
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2608911270.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.2608900270.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609011231.0000000000433000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609026459.0000000000435000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd
      Similarity
      • API ID: __vba$CheckFreeHresultNew2
      • String ID: (Ra
      • API String ID: 1645334062-2066194514
      • Opcode ID: 2f3f9f7953b95640d5d1df3913257cee278f01467711dc498cf2c8fcb9e06386
      • Instruction ID: 116ad077078038e6493d67b0fe859829927b69f7f06258b5196f1853de7dd26e
      • Opcode Fuzzy Hash: 2f3f9f7953b95640d5d1df3913257cee278f01467711dc498cf2c8fcb9e06386
      • Instruction Fuzzy Hash: AE316274A40304ABCB14DFA9C989F9ABBB8FF4C701F108529F545E73A5D7389901CBA9
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00424AC0, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 75COMMON
      Download Yara Rule
      APIs
      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424B0C
      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424B14
      • __vbaNew2.MSVBVM60(0040A14C,(Ra,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424B29
      • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424B42
      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409954,00000220), ref: 00424B85
      • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424B8E
      • __vbaFreeStr.MSVBVM60(00424BB6,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424BAE
      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424BB3
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2608911270.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.2608900270.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609011231.0000000000433000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609026459.0000000000435000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd
      Similarity
      • API ID: __vba$Free$Copy$CheckHresultNew2
      • String ID: (Ra
      • API String ID: 1874231197-2066194514
      • Opcode ID: b3de2741a884ba66c6e0dc536366742fc49d0bd61385298be0de65dd2914f2d8
      • Instruction ID: 5322bd1987205389bf6d946a79716689a0e8260190b249c2e899f9ee9d0b38b0
      • Opcode Fuzzy Hash: b3de2741a884ba66c6e0dc536366742fc49d0bd61385298be0de65dd2914f2d8
      • Instruction Fuzzy Hash: 6F215175E00219DFCB04DFA9D989A9EBFB8FF4C300F10816AE515A72A5C778A941CF94
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00425830, Relevance: 13.5, APIs: 9, Instructions: 47COMMON
      Download Yara Rule
      APIs
      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,00401746), ref: 00425870
      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,00401746), ref: 00425878
      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,00401746), ref: 00425880
      • __vbaCyStr.MSVBVM60(00409AC0,?,?,?,?,?,?,?,00401746), ref: 00425887
      • __vbaFpCmpCy.MSVBVM60(00000000,?,?,?,?,?,?,?,?,00401746), ref: 00425895
      • #569.MSVBVM60(0000002F,?,?,?,?,?,?,?,?,00401746), ref: 004258A1
      • __vbaFreeStr.MSVBVM60(004258C3,?,?,?,?,?,?,?,?,00401746), ref: 004258B6
      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,00401746), ref: 004258BB
      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,00401746), ref: 004258C0
      Memory Dump Source
      • Source File: 00000000.00000002.2608911270.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.2608900270.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609011231.0000000000433000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609026459.0000000000435000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd
      Similarity
      • API ID: __vba$CopyFree$#569
      • String ID:
      • API String ID: 3911904416-0
      • Opcode ID: 5edaf88591391681e2145a8739ccb91f35755f997f98929e0ecf3979915413c6
      • Instruction ID: d6ef5a4df48c5f6f6e330365a7503caf813aa0cdbaaf88e781f996121f92ec88
      • Opcode Fuzzy Hash: 5edaf88591391681e2145a8739ccb91f35755f997f98929e0ecf3979915413c6
      • Instruction Fuzzy Hash: 86111B70D0025EDBCB00EFA4EE45AEEBBB8EF48700F10416AA505B31A4DB746A45CFE5
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00425040, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 91COMMON
      Download Yara Rule
      APIs
      • __vbaStrCopy.MSVBVM60 ref: 00425083
      • __vbaNew2.MSVBVM60(0040A14C,(Ra), ref: 0042509C
      • __vbaObjSet.MSVBVM60(?,00000000), ref: 004250B5
      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409974,000001CC), ref: 0042513C
      • __vbaFreeObj.MSVBVM60 ref: 00425145
      • __vbaFreeStr.MSVBVM60(00425167), ref: 00425160
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2608911270.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.2608900270.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609011231.0000000000433000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609026459.0000000000435000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd
      Similarity
      • API ID: __vba$Free$CheckCopyHresultNew2
      • String ID: (Ra
      • API String ID: 4138333463-2066194514
      • Opcode ID: 36e19c643a749de4c9f98f0f26e3ef9345445dc7676fee39b65dcd88194fdefe
      • Instruction ID: a776cf2307da792f29ced093327e8248e37be5dbc0af261043c53f96bb4853c4
      • Opcode Fuzzy Hash: 36e19c643a749de4c9f98f0f26e3ef9345445dc7676fee39b65dcd88194fdefe
      • Instruction Fuzzy Hash: 7E3108B4E002149FCB04DFA9D989A9ABBF4FF49700F10C06AE509AB365D7389902CF95
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00424E20, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 67COMMON
      Download Yara Rule
      APIs
      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424E63
      • __vbaNew2.MSVBVM60(0040A14C,(Ra,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424E7C
      • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424E95
      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409974,000001C8), ref: 00424ED8
      • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424EE1
      • __vbaFreeStr.MSVBVM60(00424F02,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424EFB
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2608911270.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.2608900270.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609011231.0000000000433000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609026459.0000000000435000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd
      Similarity
      • API ID: __vba$Free$CheckCopyHresultNew2
      • String ID: (Ra
      • API String ID: 4138333463-2066194514
      • Opcode ID: 14df62b4e661472db2697c04a30383ec9d51b0f6c21ff4f63978a15009101c4f
      • Instruction ID: e93f92d18b185c2069a199da7afe3e2a4c956638d36d99257852b577961b8e79
      • Opcode Fuzzy Hash: 14df62b4e661472db2697c04a30383ec9d51b0f6c21ff4f63978a15009101c4f
      • Instruction Fuzzy Hash: 87217174A40204DFCB04DFA9D989EAABBB8FF49301F10806AF515E72A5C7389941CF94
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00424F30, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 64COMMON
      Download Yara Rule
      C-Code - Quality: 20%
      			E00424F30(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v28;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v44;
				intOrPtr* _t19;
				intOrPtr* _t21;
				intOrPtr* _t23;
				void* _t26;
				intOrPtr* _t28;
				intOrPtr* _t38;
				void* _t39;
				void* _t41;
				intOrPtr _t42;
				intOrPtr _t43;

				_t42 = _t41 - 0xc;
				 *[fs:0x0] = _t42;
				_t43 = _t42 - 0x28;
				_v16 = _t43;
				_v12 = 0x401208;
				_v8 = 0;
				_t19 = _a4;
				 *((intOrPtr*)( *_t19 + 4))(_t19, __edi, __esi, __ebx,  *[fs:0x0], 0x401746, _t39);
				_t21 =  *0x433010; // 0x615228
				_v28 = 0;
				_v32 = 0;
				if(_t21 == 0) {
					__imp____vbaNew2(0x40a14c, "(Ra");
					_t21 =  *0x433010; // 0x615228
				}
				_t23 =  &_v32;
				__imp____vbaObjSet(_t23,  *((intOrPtr*)( *_t21 + 0x354))(_t21));
				_t28 = _t43 - 0x10;
				 *_t28 = 0xa;
				_t38 = _t23;
				 *((intOrPtr*)(_t28 + 4)) = _v44;
				 *((intOrPtr*)(_t28 + 8)) = 0x80020004;
				 *((intOrPtr*)(_t28 + 0xc)) = _v36;
				_t26 =  *((intOrPtr*)( *_t38 + 0x1ec))(_t38, L"PHACOCELE");
				asm("fclex");
				if(_t26 < 0) {
					__imp____vbaHresultCheckObj(_t26, _t38, 0x409964, 0x1ec);
				}
				__imp____vbaFreeObj();
				_v28 = 0x2be5;
				_push(0x425009);
				return _t26;
			}




















      0x00424f33
      0x00424f42
      0x00424f49
      0x00424f4f
      0x00424f52
      0x00424f5b
      0x00424f5e
      0x00424f64
      0x00424f67
      0x00424f6e
      0x00424f71
      0x00424f74
      0x00424f80
      0x00424f86
      0x00424f86
      0x00424f95
      0x00424f99
      0x00424fa2
      0x00424fa9
      0x00424fae
      0x00424fb2
      0x00424fba
      0x00424fc6
      0x00424fc9
      0x00424fcf
      0x00424fd3
      0x00424fe1
      0x00424fe1
      0x00424fea
      0x00424ff0
      0x00424ff7
      0x00000000

      APIs
      • __vbaNew2.MSVBVM60(0040A14C,(Ra,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424F80
      • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424F99
      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409964,000001EC), ref: 00424FE1
      • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424FEA
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2608911270.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.2608900270.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609011231.0000000000433000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609026459.0000000000435000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd
      Similarity
      • API ID: __vba$CheckFreeHresultNew2
      • String ID: (Ra$PHACOCELE$+
      • API String ID: 1645334062-3191577720
      • Opcode ID: 12b9ce720c898f97ba00850c8f5fb71147afbdd739971cbbb8621d5f4e07d0e8
      • Instruction ID: d59e37c62d2e5d766b26790879dabc63d50207eaaf69630922185673f52cbc59
      • Opcode Fuzzy Hash: 12b9ce720c898f97ba00850c8f5fb71147afbdd739971cbbb8621d5f4e07d0e8
      • Instruction Fuzzy Hash: 972180B4A00304ABCB04DF99DD89B9ABBB8FB49701F10856AF505E7291C3789901CB94
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00425B90, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 57COMMON
      Download Yara Rule
      APIs
      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,00401746), ref: 00425BD3
      • __vbaNew2.MSVBVM60(0040A14C,(Ra,?,?,?,?,?,?,?,?,00401746), ref: 00425BEC
      • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,00401746), ref: 00425C05
      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409A04,000001AC,?,?,?,?,?,?,?,?,00401746), ref: 00425C28
      • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,00401746), ref: 00425C31
      • __vbaFreeStr.MSVBVM60(00425C52,?,?,?,?,?,?,?,?,00401746), ref: 00425C4B
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2608911270.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.2608900270.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609011231.0000000000433000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609026459.0000000000435000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd
      Similarity
      • API ID: __vba$Free$CheckCopyHresultNew2
      • String ID: (Ra
      • API String ID: 4138333463-2066194514
      • Opcode ID: 756f6b035e32b18ac07c3f37c8a7dece15b309214154d09f0be6497812d20786
      • Instruction ID: 5e3db1a9c3429f9f3288b209a0862c076ad3080f2d8b6768de989c50c96a5040
      • Opcode Fuzzy Hash: 756f6b035e32b18ac07c3f37c8a7dece15b309214154d09f0be6497812d20786
      • Instruction Fuzzy Hash: BA118E74A00204EFCB04DFA5DA49EAEBBB8FF49701F104466F555E72A0D7385902CF98
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00425240, Relevance: 12.1, APIs: 8, Instructions: 97COMMON
      Download Yara Rule
      APIs
      • #672.MSVBVM60(00000000,40080000,00000000,3FF00000,00000000,3FF00000,00000000,3FF00000), ref: 004252A1
      • __vbaFpR8.MSVBVM60 ref: 004252A7
      • __vbaNew2.MSVBVM60(004099E4,004333CC), ref: 004252D0
      • __vbaHresultCheckObj.MSVBVM60(00000000,025C1794,004099D4,0000001C), ref: 004252F5
      • __vbaHresultCheckObj.MSVBVM60(00000000,?,004099F4,0000005C), ref: 00425339
      • __vbaStrMove.MSVBVM60 ref: 0042534C
      • __vbaFreeObj.MSVBVM60 ref: 00425355
      • __vbaFreeStr.MSVBVM60(0042538E), ref: 00425387
      Memory Dump Source
      • Source File: 00000000.00000002.2608911270.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.2608900270.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609011231.0000000000433000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609026459.0000000000435000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd
      Similarity
      • API ID: __vba$CheckFreeHresult$#672MoveNew2
      • String ID:
      • API String ID: 2213023555-0
      • Opcode ID: d03bc499453449d9573a4e8ef43a5397d45b3028cbeedebbf62b4f665515c7fc
      • Instruction ID: a290a1b5633ba569a80f4364f7eb58ab6e41390aae3439afe5c06b49b155ed99
      • Opcode Fuzzy Hash: d03bc499453449d9573a4e8ef43a5397d45b3028cbeedebbf62b4f665515c7fc
      • Instruction Fuzzy Hash: 24314EB0900609ABCB10DF95DD88B9EBBB8FF48740F20805AE905B72A4C7785941CFA9
      Uniqueness

      Uniqueness Score: -1.00%

      Function 004258E0, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 62COMMON
      Download Yara Rule
      C-Code - Quality: 19%
      			E004258E0(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v28;
				intOrPtr _v32;
				intOrPtr _v40;
				intOrPtr* _t17;
				intOrPtr* _t19;
				intOrPtr* _t21;
				void* _t24;
				intOrPtr* _t26;
				intOrPtr* _t36;
				void* _t37;
				void* _t39;
				intOrPtr _t40;
				intOrPtr _t41;

				_t40 = _t39 - 0xc;
				 *[fs:0x0] = _t40;
				_t41 = _t40 - 0x24;
				_v16 = _t41;
				_v12 = 0x401290;
				_v8 = 0;
				_t17 = _a4;
				 *((intOrPtr*)( *_t17 + 4))(_t17, __edi, __esi, __ebx,  *[fs:0x0], 0x401746, _t37);
				_t19 =  *0x433010; // 0x615228
				_v28 = 0;
				if(_t19 == 0) {
					__imp____vbaNew2(0x40a14c, "(Ra");
					_t19 =  *0x433010; // 0x615228
				}
				_t21 =  &_v28;
				__imp____vbaObjSet(_t21,  *((intOrPtr*)( *_t19 + 0x358))(_t19));
				_t26 = _t41 - 0x10;
				 *_t26 = 0xa;
				_t36 = _t21;
				 *((intOrPtr*)(_t26 + 4)) = _v40;
				 *((intOrPtr*)(_t26 + 8)) = 0x80020004;
				 *((intOrPtr*)(_t26 + 0xc)) = _v32;
				_t24 =  *((intOrPtr*)( *_t36 + 0x1ec))(_t36, L"Rubedity");
				asm("fclex");
				if(_t24 < 0) {
					__imp____vbaHresultCheckObj(_t24, _t36, 0x409adc, 0x1ec);
				}
				__imp____vbaFreeObj();
				_push(0x4259af);
				return _t24;
			}



















      0x004258e3
      0x004258f2
      0x004258f9
      0x004258ff
      0x00425902
      0x0042590b
      0x0042590e
      0x00425914
      0x00425917
      0x0042591e
      0x00425921
      0x0042592d
      0x00425933
      0x00425933
      0x00425942
      0x00425946
      0x0042594f
      0x00425956
      0x0042595b
      0x0042595f
      0x00425967
      0x00425973
      0x00425976
      0x0042597c
      0x00425980
      0x0042598e
      0x0042598e
      0x00425997
      0x0042599d
      0x00000000

      APIs
      • __vbaNew2.MSVBVM60(0040A14C,(Ra,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 0042592D
      • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00425946
      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409ADC,000001EC), ref: 0042598E
      • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00425997
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2608911270.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.2608900270.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609011231.0000000000433000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609026459.0000000000435000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd
      Similarity
      • API ID: __vba$CheckFreeHresultNew2
      • String ID: (Ra$Rubedity
      • API String ID: 1645334062-2289503143
      • Opcode ID: 989ac7d9801ea6c6c6b649e1053860ae0993d9f268a224562a69b06ed4e314cf
      • Instruction ID: 8edafd98880e749bae474b2feedee2ec17763cbba996a59d16f38de0083cf79d
      • Opcode Fuzzy Hash: 989ac7d9801ea6c6c6b649e1053860ae0993d9f268a224562a69b06ed4e314cf
      • Instruction Fuzzy Hash: 6A2193B4A40204EFCB04DF99D989B9ABFF8FB49701F108066F545E7291C6789941CB99
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00425D00, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60COMMON
      Download Yara Rule
      APIs
      • __vbaOnError.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00425D44
      • __vbaNew2.MSVBVM60(0040A14C,(Ra,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00425D5D
      • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00425D76
      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409A04,00000140,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00425D9D
      • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00401746), ref: 00425DAC
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2608911270.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.2608900270.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609011231.0000000000433000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609026459.0000000000435000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd
      Similarity
      • API ID: __vba$CheckErrorFreeHresultNew2
      • String ID: (Ra
      • API String ID: 3750743295-2066194514
      • Opcode ID: b14b221676cf48712972c40fd7c865dc5584e7cbc0213bc3e250b950899d8b99
      • Instruction ID: aebd9c64966058db610805d6956d2aca9fa7e8320958a7938f1e966658d03e7a
      • Opcode Fuzzy Hash: b14b221676cf48712972c40fd7c865dc5584e7cbc0213bc3e250b950899d8b99
      • Instruction Fuzzy Hash: 75215C74A40214ABCB10DF96CA49E9EBBF8FF89701F10446AF551F72A0C77859018FA8
      Uniqueness

      Uniqueness Score: -1.00%

      Function 004259D0, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 49COMMON
      Download Yara Rule
      APIs
      • __vbaVarDup.MSVBVM60 ref: 00425A27
      • #687.MSVBVM60(?,?), ref: 00425A35
      • __vbaDateVar.MSVBVM60(?), ref: 00425A3F
      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 00425A51
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2608911270.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.2608900270.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609011231.0000000000433000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609026459.0000000000435000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd
      Similarity
      • API ID: __vba$#687DateFreeList
      • String ID: 7-7-7$Lu
      • API String ID: 3303533072-1249225327
      • Opcode ID: facbad71416659fbb2e9bc7a4ffa1e8d0139a3acc9ad01944beeb1cc8f9dcaa8
      • Instruction ID: 8ca2dbe8ab4f1f5649ded12f3ea8614846f4dd31889bb755d75bc59398dcdd18
      • Opcode Fuzzy Hash: facbad71416659fbb2e9bc7a4ffa1e8d0139a3acc9ad01944beeb1cc8f9dcaa8
      • Instruction Fuzzy Hash: 22110AB1C10228EBCB00DFD4DD89ADEBBB8FB48B04F04415AF501A7650D7B85505CF94
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00425190, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 41COMMON
      Download Yara Rule
      APIs
      • #669.MSVBVM60(?,?,?,?,?,?,?,00401746), ref: 004251CA
      • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,00401746), ref: 004251D5
      • __vbaStrCmp.MSVBVM60(Distriktsbladet6,00000000,?,?,?,?,?,?,?,00401746), ref: 004251E1
      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,00401746), ref: 004251F3
      • #568.MSVBVM60(0000003C,?,?,?,?,?,?,?,00401746), ref: 00425200
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2608911270.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.2608900270.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609011231.0000000000433000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609026459.0000000000435000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd
      Similarity
      • API ID: __vba$#568#669FreeMove
      • String ID: Distriktsbladet6
      • API String ID: 2447501155-846783287
      • Opcode ID: 966450b06de21ed9c13c1a808149436ab6664e89ca7304e9e6358e800033aaaf
      • Instruction ID: 61cd527bcf450c51f942b67c3faaedb5405b7962db3e9bdf1a35c1bc71e14c92
      • Opcode Fuzzy Hash: 966450b06de21ed9c13c1a808149436ab6664e89ca7304e9e6358e800033aaaf
      • Instruction Fuzzy Hash: 3201A275D00614EBC700AFA4DD49AAFBBB8EB45B00F908166F942F36A0C7385945CF95
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0042D750, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85COMMON
      Download Yara Rule
      C-Code - Quality: 19%
      			E0042D750(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v56;
				intOrPtr _v64;
				intOrPtr _v72;
				intOrPtr* _t31;
				intOrPtr* _t33;
				intOrPtr* _t35;
				intOrPtr* _t40;
				void* _t41;
				intOrPtr* _t43;
				intOrPtr* _t47;
				intOrPtr* _t60;
				void* _t61;
				void* _t63;
				intOrPtr _t64;
				intOrPtr _t65;
				intOrPtr* _t66;
				intOrPtr* _t67;

				_t64 = _t63 - 0xc;
				 *[fs:0x0] = _t64;
				_t65 = _t64 - 0x44;
				_v16 = _t65;
				_v12 = 0x4016a8;
				_v8 = 0;
				_t31 = _a4;
				 *((intOrPtr*)( *_t31 + 4))(_t31, __edi, __esi, __ebx,  *[fs:0x0], 0x401746, _t61);
				_t33 =  *0x433010; // 0x615228
				_v28 = 0;
				if(_t33 == 0) {
					__imp____vbaNew2(0x40a14c, "(Ra");
					_t33 =  *0x433010; // 0x615228
				}
				_t35 =  &_v28;
				__imp____vbaObjSet(_t35,  *((intOrPtr*)( *_t33 + 0x3b4))(_t33));
				_t66 = _t65 - 0x10;
				_t60 = _t35;
				_t43 = _t66;
				 *_t43 = 0xa;
				_v44 = 0xa;
				 *((intOrPtr*)(_t43 + 4)) = _v72;
				 *((intOrPtr*)(_t43 + 8)) = 0x80020004;
				 *((intOrPtr*)(_t43 + 0xc)) = _v64;
				_t67 = _t66 - 0x10;
				_t47 = _t67;
				 *_t47 = 0xa;
				 *((intOrPtr*)(_t47 + 4)) = _v56;
				 *((intOrPtr*)(_t47 + 8)) = 0x80020004;
				_v36 = 0x80020004;
				 *((intOrPtr*)(_t47 + 0xc)) = _v48;
				_t40 = _t67 - 0x10;
				 *_t40 = _v44;
				 *((intOrPtr*)(_t40 + 4)) = _v40;
				 *((intOrPtr*)(_t40 + 8)) = _v36;
				 *((intOrPtr*)(_t40 + 0xc)) = _v32;
				_t41 =  *((intOrPtr*)( *_t60 + 0x1d0))(_t60, 0x46e36000);
				asm("fclex");
				if(_t41 < 0) {
					__imp____vbaHresultCheckObj(_t41, _t60, 0x409b10, 0x1d0);
				}
				__imp____vbaFreeObj();
				asm("wait");
				_push(0x42d85f);
				return _t41;
			}





























      0x0042d753
      0x0042d762
      0x0042d769
      0x0042d76f
      0x0042d772
      0x0042d77b
      0x0042d77e
      0x0042d784
      0x0042d787
      0x0042d78e
      0x0042d791
      0x0042d79d
      0x0042d7a3
      0x0042d7a3
      0x0042d7b2
      0x0042d7b6
      0x0042d7bc
      0x0042d7bf
      0x0042d7c1
      0x0042d7ca
      0x0042d7cc
      0x0042d7d2
      0x0042d7dc
      0x0042d7e2
      0x0042d7e5
      0x0042d7e8
      0x0042d7ef
      0x0042d7f4
      0x0042d7f7
      0x0042d7fa
      0x0042d800
      0x0042d80c
      0x0042d80e
      0x0042d813
      0x0042d81e
      0x0042d822
      0x0042d825
      0x0042d82b
      0x0042d82f
      0x0042d83d
      0x0042d83d
      0x0042d846
      0x0042d84c
      0x0042d84d
      0x00000000

      APIs
      • __vbaNew2.MSVBVM60(0040A14C,(Ra), ref: 0042D79D
      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0042D7B6
      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409B10,000001D0), ref: 0042D83D
      • __vbaFreeObj.MSVBVM60 ref: 0042D846
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2608911270.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.2608900270.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609011231.0000000000433000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609026459.0000000000435000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd
      Similarity
      • API ID: __vba$CheckFreeHresultNew2
      • String ID: (Ra
      • API String ID: 1645334062-2066194514
      • Opcode ID: 7318501d0b8fdda0203af5e902a68bcf169e8258f1a52df0951113e99549986f
      • Instruction ID: 70f56478985c9cd3eb8c434365a541da73a9ac384ad3b08b42247f68221efb92
      • Opcode Fuzzy Hash: 7318501d0b8fdda0203af5e902a68bcf169e8258f1a52df0951113e99549986f
      • Instruction Fuzzy Hash: 14311AB4E002049FCB04DFA8D985A9ABBF8FF48700F20C46AE409AB355D7399801CF94
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00424840, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
      Download Yara Rule
      APIs
      • #660.MSVBVM60(?,?,?,00000001,00000001), ref: 004248A1
      • __vbaVarTstNe.MSVBVM60(?,?), ref: 004248B9
      • __vbaFreeVarList.MSVBVM60(00000003,00000002,0000000A,?), ref: 004248CF
      • #532.MSVBVM60(RESTARTED), ref: 004248E2
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2608911270.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.2608900270.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609011231.0000000000433000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609026459.0000000000435000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd
      Similarity
      • API ID: __vba$#532#660FreeList
      • String ID: RESTARTED
      • API String ID: 675845651-3446605417
      • Opcode ID: 6b6f602c2639db14cfcaccee84e22537d62f5a5f5ad6ee7c47f007c81d70a7a4
      • Instruction ID: d30b72e28953de9f2be757b277d73411f24bdd109367d15f8962842fe040ad4f
      • Opcode Fuzzy Hash: 6b6f602c2639db14cfcaccee84e22537d62f5a5f5ad6ee7c47f007c81d70a7a4
      • Instruction Fuzzy Hash: 1C1129B5D40228EBDB00DF94DD89FDEBBB8FB48B00F50421AF505B2290D7B81548CB65
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0042DC30, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON
      Download Yara Rule
      APIs
      • __vbaNew2.MSVBVM60(0040A14C,(Ra,?,?,?,?,?,?,?,?,00401746), ref: 0042DC80
      • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,00401746), ref: 0042DC99
      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409A04,000001A8,?,?,?,?,?,?,?,?,00401746), ref: 0042DCBC
      • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,00401746), ref: 0042DCC5
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2608911270.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.2608900270.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609011231.0000000000433000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609026459.0000000000435000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd
      Similarity
      • API ID: __vba$CheckFreeHresultNew2
      • String ID: (Ra
      • API String ID: 1645334062-2066194514
      • Opcode ID: 3d57fab9576f8edc24bb3d88d15002d814a24de4e89215d3f0bad1a7daa73ffa
      • Instruction ID: 64216d29a521869ad124ed06d40b43ff42c95b0837524ed37390eafe3a59424f
      • Opcode Fuzzy Hash: 3d57fab9576f8edc24bb3d88d15002d814a24de4e89215d3f0bad1a7daa73ffa
      • Instruction Fuzzy Hash: 11114FB4E40204ABC700DF96DD49B9ABBBCFF59701F604426F551E72A0C7785941CA99
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00425AB0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53COMMON
      Download Yara Rule
      C-Code - Quality: 18%
      			E00425AB0(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v28;
				char _v32;
				intOrPtr* _t14;
				intOrPtr* _t16;
				intOrPtr* _t18;
				void* _t19;
				intOrPtr* _t28;
				void* _t29;
				void* _t31;
				intOrPtr _t32;

				_t32 = _t31 - 0xc;
				 *[fs:0x0] = _t32;
				_v16 = _t32 - 0x18;
				_v12 = 0x4012b0;
				_v8 = 0;
				_t14 = _a4;
				 *((intOrPtr*)( *_t14 + 4))(_t14, __edi, __esi, __ebx,  *[fs:0x0], 0x401746, _t29);
				_t16 =  *0x433010; // 0x615228
				_v28 = 0;
				_v32 = 0;
				if(_t16 == 0) {
					__imp____vbaNew2(0x40a14c, "(Ra");
					_t16 =  *0x433010; // 0x615228
				}
				_t18 =  &_v32;
				__imp____vbaObjSet(_t18,  *((intOrPtr*)( *_t16 + 0x378))(_t16));
				_t28 = _t18;
				_t19 =  *((intOrPtr*)( *_t28 + 0x21c))(_t28);
				asm("fclex");
				if(_t19 < 0) {
					__imp____vbaHresultCheckObj(_t19, _t28, 0x409954, 0x21c);
				}
				__imp____vbaFreeObj();
				_v28 = 0x4c22e;
				_push(0x425b64);
				return _t19;
			}
















      0x00425ab3
      0x00425ac2
      0x00425acf
      0x00425ad2
      0x00425adb
      0x00425ade
      0x00425ae4
      0x00425ae7
      0x00425aee
      0x00425af1
      0x00425af4
      0x00425b00
      0x00425b06
      0x00425b06
      0x00425b15
      0x00425b19
      0x00425b1f
      0x00425b24
      0x00425b2a
      0x00425b2e
      0x00425b3c
      0x00425b3c
      0x00425b45
      0x00425b4b
      0x00425b52
      0x00000000

      APIs
      • __vbaNew2.MSVBVM60(0040A14C,(Ra,?,?,?,?,?,?,?,?,00401746), ref: 00425B00
      • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,00401746), ref: 00425B19
      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409954,0000021C,?,?,?,?,?,?,?,?,00401746), ref: 00425B3C
      • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,00401746), ref: 00425B45
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2608911270.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.2608900270.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609011231.0000000000433000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609026459.0000000000435000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd
      Similarity
      • API ID: __vba$CheckFreeHresultNew2
      • String ID: (Ra
      • API String ID: 1645334062-2066194514
      • Opcode ID: c0adb74df300532787617fb9f7d3334b1765759aff83d8e8979fb064e4e6de2c
      • Instruction ID: 42bfde65fcf0389ef10ed57bcc65d986bcef6efdfb101c90a025bbd7737f0359
      • Opcode Fuzzy Hash: c0adb74df300532787617fb9f7d3334b1765759aff83d8e8979fb064e4e6de2c
      • Instruction Fuzzy Hash: C0119EB8E40604ABC710DFA5DA89F9AFFB8FF58701F204466F551E72A1C77859018B98
      Uniqueness

      Uniqueness Score: -1.00%

      Function 004253C0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51COMMON
      Download Yara Rule
      C-Code - Quality: 17%
      			E004253C0(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v28;
				intOrPtr* _t12;
				intOrPtr* _t14;
				intOrPtr* _t16;
				void* _t17;
				intOrPtr* _t26;
				void* _t27;
				void* _t29;
				intOrPtr _t30;

				_t30 = _t29 - 0xc;
				 *[fs:0x0] = _t30;
				_v16 = _t30 - 0x14;
				_v12 = 0x401250;
				_v8 = 0;
				_t12 = _a4;
				 *((intOrPtr*)( *_t12 + 4))(_t12, __edi, __esi, __ebx,  *[fs:0x0], 0x401746, _t27);
				_t14 =  *0x433010; // 0x615228
				_v28 = 0;
				if(_t14 == 0) {
					__imp____vbaNew2(0x40a14c, "(Ra");
					_t14 =  *0x433010; // 0x615228
				}
				_t16 =  &_v28;
				__imp____vbaObjSet(_t16,  *((intOrPtr*)( *_t14 + 0x338))(_t14));
				_t26 = _t16;
				_t17 =  *((intOrPtr*)( *_t26 + 0x1ac))(_t26);
				asm("fclex");
				if(_t17 < 0) {
					__imp____vbaHresultCheckObj(_t17, _t26, 0x409a04, 0x1ac);
				}
				__imp____vbaFreeObj();
				_push(0x42546a);
				return _t17;
			}















      0x004253c3
      0x004253d2
      0x004253df
      0x004253e2
      0x004253eb
      0x004253ee
      0x004253f4
      0x004253f7
      0x004253fe
      0x00425401
      0x0042540d
      0x00425413
      0x00425413
      0x00425422
      0x00425426
      0x0042542c
      0x00425431
      0x00425437
      0x0042543b
      0x00425449
      0x00425449
      0x00425452
      0x00425458
      0x00000000

      APIs
      • __vbaNew2.MSVBVM60(0040A14C,(Ra,?,?,?,?,?,?,?,00401746), ref: 0042540D
      • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,00401746), ref: 00425426
      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409A04,000001AC,?,?,?,?,?,?,?,00401746), ref: 00425449
      • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,00401746), ref: 00425452
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2608911270.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.2608900270.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609011231.0000000000433000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609026459.0000000000435000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd
      Similarity
      • API ID: __vba$CheckFreeHresultNew2
      • String ID: (Ra
      • API String ID: 1645334062-2066194514
      • Opcode ID: 15066cf2bc776ccd6f280a9b0d227e33fa94bddf631f485540b6e2bf07da5dc4
      • Instruction ID: 76f6a4e4ac2d6c6b8d4e0d48d8693851c14c2989a070a5c6ca1b50774761b537
      • Opcode Fuzzy Hash: 15066cf2bc776ccd6f280a9b0d227e33fa94bddf631f485540b6e2bf07da5dc4
      • Instruction Fuzzy Hash: 2A117C74A40604ABC700EFA5DD89B9ABBB8FB49701F104466F542E72A1C77899418AA9
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00424D70, Relevance: 7.5, APIs: 5, Instructions: 35COMMON
      Download Yara Rule
      APIs
      • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424DAA
      • #546.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424DB4
      • __vbaVarMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424DC0
      • __vbaFreeVar.MSVBVM60(00424DF8), ref: 00424DE8
      • __vbaFreeStr.MSVBVM60 ref: 00424DF1
      Memory Dump Source
      • Source File: 00000000.00000002.2608911270.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
      • Associated: 00000000.00000002.2608900270.0000000000400000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609011231.0000000000433000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.2609026459.0000000000435000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd
      Similarity
      • API ID: __vba$Free$#546CopyMove
      • String ID:
      • API String ID: 2278598164-0
      • Opcode ID: 7a11eb6d7ed8b28ed0475e178c5beb416b3c73dd893bc135aea1a441c7e50e83
      • Instruction ID: 48cc0dd06087de835e62770d10066453df31cd834c61ba1c00de49ae01419032
      • Opcode Fuzzy Hash: 7a11eb6d7ed8b28ed0475e178c5beb416b3c73dd893bc135aea1a441c7e50e83
      • Instruction Fuzzy Hash: 14010870D00209ABCF04DFA4DA88ADEBBB8FB08701F108426E511B6164EB386505CF68
      Uniqueness

      Uniqueness Score: -1.00%