Play interactive tour

Edit tour

Windows Analysis Report RICHIESTA DI OFFERTA.exe

Overview

General Information

Sample Name:	RICHIESTA DI OFFERTA.exe
Analysis ID:	450724
MD5:	73bb5c4b690b8d6df88d6bc18fb3a553
SHA1:	60adddd91b6038fc9d819cf6d647ce3be0b11d38
SHA256:	a3feb5265e6d02710f04ff618e966e9da9ba8fc8dc5692d6f7633fe0a3037b66
Infos:
Most interesting Screenshot:

Detection

GuLoader

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected GuLoader

C2 URLs / IPs found in malware configuration

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Detected RDTSC dummy instruction sequence (likely for instruction hammering)

Found potential dummy code loops (likely to delay analysis)

Tries to detect virtualization through RDTSC time measurements

Abnormal high CPU Usage

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Detected potential crypto function

Found large amount of non-executed APIs

PE file contains strange resources

Program does not show much activity (idle)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

RICHIESTA DI OFFERTA.exe (PID: 3448 cmdline: 'C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe' MD5: 73BB5C4B690B8D6DF88D6BC18FB3A553)

cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "https://bamontarquitectura.com.mx/IRANSAT_kowbB4.bi}"}

Yara Overview

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp

Malware Configuration Extractor: GuLoader {"Payload URL": "https://bamontarquitectura.com.mx/IRANSAT_kowbB4.bi}"}

Multi AV Scanner detection for submitted file

Show sources

Source: RICHIESTA DI OFFERTA.exe

Virustotal: Detection: 20%

Perma Link

Source: RICHIESTA DI OFFERTA.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Networking:

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor

URLs: https://bamontarquitectura.com.mx/IRANSAT_kowbB4.bi}

Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe

Process Stats: CPU usage > 98%

Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_004092BC	0_2_004092BC
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B6692	0_2_029B6692
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029BE280	0_2_029BE280
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B6AAB	0_2_029B6AAB
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B62A3	0_2_029B62A3
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B66C7	0_2_029B66C7
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B6EC7	0_2_029B6EC7
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B36FA	0_2_029B36FA
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B12E8	0_2_029B12E8
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B16E3	0_2_029B16E3
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B6E00	0_2_029B6E00
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B662B	0_2_029B662B
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B1A43	0_2_029B1A43
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B1276	0_2_029B1276
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B1664	0_2_029B1664
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B6F9B	0_2_029B6F9B
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B1783	0_2_029B1783
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029BAFD7	0_2_029BAFD7
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B5FF1	0_2_029B5FF1
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B63F7	0_2_029B63F7
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B6BEB	0_2_029B6BEB
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029BC329	0_2_029BC329
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029BDB55	0_2_029BDB55
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B634E	0_2_029B634E
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B6778	0_2_029B6778
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B6B6B	0_2_029B6B6B
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B709F	0_2_029B709F
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B6C93	0_2_029B6C93
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B7CAB	0_2_029B7CAB
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B18FB	0_2_029B18FB
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B681F	0_2_029B681F
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B7022	0_2_029B7022
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B7025	0_2_029B7025
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029BA455	0_2_029BA455
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B684F	0_2_029B684F
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B55A6	0_2_029B55A6
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029BC5D9	0_2_029BC5D9
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B69D8	0_2_029B69D8
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B61DC	0_2_029B61DC
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B6138	0_2_029B6138
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B692D	0_2_029B692D
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B6D2C	0_2_029B6D2C
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029BAFD7	0_2_029BAFD7
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B6955	0_2_029B6955
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B6554	0_2_029B6554
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B3971	0_2_029B3971
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B1175	0_2_029B1175
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029BA969	0_2_029BA969
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B156F	0_2_029B156F

Source: RICHIESTA DI OFFERTA.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: RICHIESTA DI OFFERTA.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: RICHIESTA DI OFFERTA.exe, 00000000.00000002.855399216.0000000002210000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameuser32j% vs RICHIESTA DI OFFERTA.exe
Source: RICHIESTA DI OFFERTA.exe, 00000000.00000002.854982624.0000000000435000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameIndtr8.exe vs RICHIESTA DI OFFERTA.exe
Source: RICHIESTA DI OFFERTA.exe	Binary or memory string: OriginalFilenameIndtr8.exe vs RICHIESTA DI OFFERTA.exe

Source: RICHIESTA DI OFFERTA.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: classification engine

Classification label: mal84.troj.evad.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe

File created: C:\Users\user\AppData\Local\Temp\~DF6D563A5036AAF145.TMP

Jump to behavior

Source: RICHIESTA DI OFFERTA.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe

Section loaded: C:\Windows\SysWOW64\msvbvm60.dll

Jump to behavior

Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: RICHIESTA DI OFFERTA.exe

Virustotal: Detection: 20%

Data Obfuscation:

Yara detected GuLoader

Show sources

Source: Yara match

File source: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_0040C06E push 00000000h; retf	0_2_0040C0B0
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_00406625 push ebp; iretd	0_2_0040662F
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B0095 pushad ; retf	0_2_029B0097
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B3429 push 84000002h; retf	0_2_029B342F
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B010B pushad ; retf	0_2_029B010D

Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Show sources

Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B6692	0_2_029B6692
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029BE280	0_2_029BE280
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B6AAB	0_2_029B6AAB
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B62A3	0_2_029B62A3
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B66C7	0_2_029B66C7
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B36FA	0_2_029B36FA
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B12E8	0_2_029B12E8
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B16E3	0_2_029B16E3
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B662B	0_2_029B662B
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B1276	0_2_029B1276
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B1664	0_2_029B1664
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B1783	0_2_029B1783
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B5FF1	0_2_029B5FF1
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B63F7	0_2_029B63F7
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B634E	0_2_029B634E
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B6778	0_2_029B6778
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B18FB	0_2_029B18FB
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B681F	0_2_029B681F
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029BA455	0_2_029BA455
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B684F	0_2_029B684F
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029BC5D9	0_2_029BC5D9
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B69D8	0_2_029B69D8
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B61DC	0_2_029B61DC
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B6138	0_2_029B6138
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B692D	0_2_029B692D
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B6955	0_2_029B6955
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B6554	0_2_029B6554
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B3971	0_2_029B3971
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B1175	0_2_029B1175
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029BA969	0_2_029BA969
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B156F	0_2_029B156F

Detected RDTSC dummy instruction sequence (likely for instruction hammering)

Show sources

Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe

RDTSC instruction interceptor: First address: 00000000029BE352 second address: 00000000029BE352 instructions:

Tries to detect virtualization through RDTSC time measurements

Show sources

Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe

RDTSC instruction interceptor: First address: 00000000029BE352 second address: 00000000029BE352 instructions:

Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe

Code function: 0_2_029B6692 rdtsc

0_2_029B6692

Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe

API coverage: 9.9 %

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Anti Debugging:

Found potential dummy code loops (likely to delay analysis)

Show sources

Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe

Process Stats: CPU usage > 90% for more than 60s

Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe

Code function: 0_2_029B6692 rdtsc

0_2_029B6692

Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029B7AB1 mov eax, dword ptr fs:[00000030h]	0_2_029B7AB1
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029BC5D9 mov eax, dword ptr fs:[00000030h]	0_2_029BC5D9
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029BB1FE mov eax, dword ptr fs:[00000030h]	0_2_029BB1FE
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_029BA900 mov eax, dword ptr fs:[00000030h]	0_2_029BA900

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: RICHIESTA DI OFFERTA.exe, 00000000.00000002.855242988.0000000000D80000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: RICHIESTA DI OFFERTA.exe, 00000000.00000002.855242988.0000000000D80000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: RICHIESTA DI OFFERTA.exe, 00000000.00000002.855242988.0000000000D80000.00000002.00000001.sdmp	Binary or memory string: &Program Manager
Source: RICHIESTA DI OFFERTA.exe, 00000000.00000002.855242988.0000000000D80000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe

Code function: 0_2_029B57A4 cpuid

0_2_029B57A4

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Virtualization/Sandbox Evasion11	OS Credential Dumping	Security Software Discovery41	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Virtualization/Sandbox Evasion11	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information1	Security Account Manager	Process Discovery1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Information Discovery311	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
RICHIESTA DI OFFERTA.exe	21%	Virustotal		Browse
RICHIESTA DI OFFERTA.exe	9%	ReversingLabs	Win32.Backdoor.Remcos

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://bamontarquitectura.com.mx/IRANSAT_kowbB4.bi}	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://bamontarquitectura.com.mx/IRANSAT_kowbB4.bi}	true	Avira URL Cloud: safe	unknown

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	450724
Start date:	19.07.2021
Start time:	16:34:49
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 7m 31s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	RICHIESTA DI OFFERTA.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run name:	Potential for more IOCs and behavior
Number of analysed new started processes analysed:	21
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal84.troj.evad.winEXE@1/0@0/0
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 42.2% (good quality ratio 15.2%) Quality average: 20.9% Quality standard deviation: 31.4%
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe Override analysis time to 240s for sample files taking high CPU consumption
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.2221702126738
TrID:	Win32 Executable (generic) a (10002005/4) 99.15% Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	RICHIESTA DI OFFERTA.exe
File size:	241664
MD5:	73bb5c4b690b8d6df88d6bc18fb3a553
SHA1:	60adddd91b6038fc9d819cf6d647ce3be0b11d38
SHA256:	a3feb5265e6d02710f04ff618e966e9da9ba8fc8dc5692d6f7633fe0a3037b66
SHA512:	9c023dc66d9bcfb2f5bc0274001d92948ac058fc8765d2178907dfd8fb9885ede57acc3836d583ad97516dce1a97c50f081800b41a1f42ea938efb8b23e87567
SSDEEP:	3072:+3BepJlZa/xao5JKwI7V4R4iUW/qcijw2HJlZapGBR:EiUIo5JKPgU99vHP
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#...B...B...B..L^...B...`...B...d...B..Rich.B..........PE..L...WS.N................. ...................0....@................

File Icon


Icon Hash:	f8fcd4ccf4e4e8d0

Static PE Info

General
Entrypoint:	0x4019b0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL Characteristics:
Time Stamp:	0x4EA15357 [Fri Oct 21 11:11:19 2011 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	e9f7dd0da1a2a1266893e1ae4ef42b67

Entrypoint Preview

Instruction
push 00408AA0h
call 00007FF58CACB2E5h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
cmp byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
outsd
mul byte ptr [ebx+3Fh]
dec esi
outsb
and al, 41h
mov bl, 08h
popad
pop ds
test al, CEh
xchg eax, esi
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax], eax
add byte ptr [eax], al
inc edx
add byte ptr [esi], al
push eax
add dword ptr [ecx], 56h
jne 00007FF58CACB364h
cmp dword ptr fs:[eax], eax
add al, byte ptr [eax]
add byte ptr [eax], al
add bh, bh
int3
xor dword ptr [eax], eax
xor esp, esp
push cs
xchg eax, edx
test eax, 48C3D75Ah
mov gs, bx
test al, CAh
xor esp, esp
xor al, 88h
jecxz 00007FF58CACB31Ah
scasb
and dword ptr [edi-40B94528h], 28h
cmp dword ptr [edx-38D0AA14h], edi
cmp cl, byte ptr [edi-53h]
xor ebx, dword ptr [ecx-48EE309Ah]
or al, 00h
stosb
add byte ptr [eax-2Dh], ah
xchg eax, ebx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
out 6Fh, eax
add byte ptr [eax], al
lea ebp, dword ptr [eax+00h]
add byte ptr [eax], al
add al, 00h
jnc 00007FF58CACB35Ah
add byte ptr [41000401h], cl
jc 00007FF58CACB359h
jne 00007FF58CACB2F2h
sbb dword ptr [ecx], eax
add byte ptr [edx+00h], al
and al, byte ptr [ecx]
and ecx, dword ptr [esi+68h]
add byte ptr [eax], al
insb

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x32234	0x28	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x35000	0x6d0a	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x228	0x20
IMAGE_DIRECTORY_ENTRY_IAT	0x1000	0x1a4	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x318a4	0x32000	False	0.39177734375	data	6.3764832494	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.data	0x33000	0x1290	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x35000	0x6d0a	0x7000	False	0.481689453125	data	5.46300019784	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0x3ae62	0xea8	data
RT_ICON	0x3a5ba	0x8a8	data
RT_ICON	0x39ef2	0x6c8	data
RT_ICON	0x3998a	0x568	GLS_BINARY_LSB_FIRST
RT_ICON	0x373e2	0x25a8	dBase III DBT, version number 0, next free block index 40
RT_ICON	0x3633a	0x10a8	data
RT_ICON	0x359b2	0x988	data
RT_ICON	0x3554a	0x468	GLS_BINARY_LSB_FIRST
RT_GROUP_ICON	0x354d4	0x76	data
RT_VERSION	0x35240	0x294	data	English	United States

Imports

DLL

Import

MSVBVM60.DLL

_CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaAryMove, __vbaLenBstr, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, __vbaLenBstrB, _adj_fdiv_m32, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, _adj_fdivr_m16i, __vbaCyStr, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaAryConstruct2, __vbaI2I4, DllFunctionCall, _adj_fpatan, __vbaLateIdCallLd, EVENT_SINK_Release, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaFpCmpCy, __vbaExceptHandler, __vbaStrToUnicode, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaInStrVar, __vbaDateVar, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaNew2, __vbaVar2Vec, __vbaInStr, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaI4Str, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaLateMemCall, __vbaVarDup, __vbaStrToAnsi, __vbaFpI4, _CIatan, __vbaStrMove, __vbaCastObj, _allmul, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj

Version Infos

Description	Data
Translation	0x0409 0x04b0
LegalCopyright	Socialbakers
InternalName	Indtr8
FileVersion	1.00
CompanyName	Socialbakers
LegalTrademarks	Socialbakers
ProductName	Vurd9
ProductVersion	1.00
OriginalFilename	Indtr8.exe

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

System Behavior

Analysis Process: RICHIESTA DI OFFERTA.exe PID: 3448 Parent PID: 5876

General

Start time:	16:35:41
Start date:	19/07/2021
Path:	C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe'
Imagebase:	0x400000
File size:	241664 bytes
MD5 hash:	73BB5C4B690B8D6DF88D6BC18FB3A553
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Visual Basic
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: RICHIESTA DI OFFERTA.exe PID: 3448 Parent PID: 5876 RICHIESTA DI OFFERTA.exeCOMMON

Execution Graph

Execution Coverage:	0.4%
Dynamic/Decrypted Code Coverage:	71.3%
Signature Coverage:	50.1%
Total number of Nodes:	812
Total number of Limit Nodes:	10

Executed Functions

Function 00431EA0, Relevance: 68.5, APIs: 37, Strings: 2, Instructions: 263
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

#607.MSVBVM60(?,000000FF,?), ref: 00431F02
__vbaStrVarMove.MSVBVM60(?), ref: 00431F0C
__vbaStrMove.MSVBVM60 ref: 00431F1D
__vbaFreeVarList.MSVBVM60(00000002,00000002,?), ref: 00431F29
__vbaLenBstr.MSVBVM60(?), ref: 00431F36
__vbaStrToAnsi.MSVBVM60(?,?,00000000), ref: 00431F45
__vbaStrToAnsi.MSVBVM60(?,?,00000000), ref: 00431F56
__vbaSetSystemError.MSVBVM60(00000000,?,00000000), ref: 00431F62
__vbaStrToUnicode.MSVBVM60(?,?,?,00000000), ref: 00431F6D
__vbaStrToUnicode.MSVBVM60(?,?,?,00000000), ref: 00431F7B
__vbaFreeStrList.MSVBVM60(00000002,?,?,?,00000000), ref: 00431F8B
#537.MSVBVM60(00000000,?,00000001), ref: 00431F9B
__vbaStrMove.MSVBVM60 ref: 00431FA6
__vbaInStr.MSVBVM60(00000000,00000000), ref: 00431FAA
__vbaFreeStr.MSVBVM60 ref: 00431FBF
#537.MSVBVM60(00000000,?,00000001), ref: 00431FD2
__vbaStrMove.MSVBVM60 ref: 00431FDD
__vbaInStr.MSVBVM60(00000000,00000000), ref: 00431FE1
#616.MSVBVM60(?,-00000001), ref: 00431FF5
__vbaStrMove.MSVBVM60 ref: 00432000
__vbaFreeStr.MSVBVM60 ref: 00432005
__vbaStrCat.MSVBVM60(00409DE8), ref: 00432019
__vbaStrMove.MSVBVM60 ref: 00432020
__vbaStrCat.MSVBVM60(?,00000000), ref: 00432027
__vbaStrMove.MSVBVM60 ref: 0043202E
__vbaFreeStr.MSVBVM60 ref: 00432033
__vbaErrorOverflow.MSVBVM60 ref: 0043209B
__vbaNew2.MSVBVM60(004099E4,004333CC), ref: 00432111
__vbaHresultCheckObj.MSVBVM60(00000000,021AE9C4,004099D4,00000014), ref: 0043213C
__vbaHresultCheckObj.MSVBVM60(00000000,?,00409AAC,00000110), ref: 0043216A
__vbaStrMove.MSVBVM60 ref: 00432179
__vbaFreeObj.MSVBVM60 ref: 00432182
#598.MSVBVM60 ref: 00432188
__vbaStrCopy.MSVBVM60 ref: 00432196

Strings

t C, xrefs: 004320D9, 004320E9, 004321A6, 004321BB
USERNAME, xrefs: 0043218E

Memory Dump Source

Source File: 00000000.00000002.854921112.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.854909506.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.854975497.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.854982624.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$Move$Free$#537AnsiCheckErrorHresultListUnicode$#598#607#616BstrCopyNew2OverflowSystem
String ID: USERNAME$t C
API String ID: 840069314-3777059254
Opcode ID: a3b342e919a1a8fd3be96d1848f7520cde65d15482966a36ab44b11bbf525f84
Instruction ID: 0fd07a5d85aa539f9dcc35f6e74ce1594001623a02bd67e862191e9ac8a6b72a
Opcode Fuzzy Hash: a3b342e919a1a8fd3be96d1848f7520cde65d15482966a36ab44b11bbf525f84
Instruction Fuzzy Hash: 2091FF75900209AFDB04DFA5DD89DEFBBB8FF48700F10812AF606A72A1DB785945CB64

Uniqueness

Uniqueness Score: -1.00%

Function 0040BD48, Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 103
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaNew2.MSVBVM60(004099E4,004333CC), ref: 00432111
__vbaHresultCheckObj.MSVBVM60(00000000,021AE9C4,004099D4,00000014), ref: 0043213C
__vbaHresultCheckObj.MSVBVM60(00000000,?,00409AAC,00000110), ref: 0043216A
__vbaStrMove.MSVBVM60 ref: 00432179
__vbaFreeObj.MSVBVM60 ref: 00432182
#598.MSVBVM60 ref: 00432188
__vbaStrCopy.MSVBVM60 ref: 00432196
__vbaHresultCheckObj.MSVBVM60(00000000,00401730,00409170,0000074C), ref: 004321BD
__vbaFreeStrList.MSVBVM60(00000002,00000000,?), ref: 004321C9
__vbaFreeStr.MSVBVM60(00432207), ref: 00432200

Strings

t C, xrefs: 004320D9, 004320E9, 004321A6, 004321BB
USERNAME, xrefs: 0043218E

Memory Dump Source

Source File: 00000000.00000002.854921112.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.854909506.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.854975497.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.854982624.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$CheckFreeHresult$#598CopyListMoveNew2
String ID: USERNAME$t C
API String ID: 3664798572-3777059254
Opcode ID: 858f92683e44d0dc6cc16bfa29d9c46ee83fc77c8eccd6d67cfc9bcc3fa9043b
Instruction ID: 18268ceef7ea8d5db972a31579656051c38a42b16de85e26249653c6171c7fb3
Opcode Fuzzy Hash: 858f92683e44d0dc6cc16bfa29d9c46ee83fc77c8eccd6d67cfc9bcc3fa9043b
Instruction Fuzzy Hash: A8312171900205ABCB04DF95CE89EEEBBB8FF4C704F10802AF615B72A1D7789945CB69

Uniqueness

Uniqueness Score: -1.00%

Function 004019B0, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 189
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

#100.MSVBVM60(VB5!6&*), ref: 004019B5

Strings

VB5!6&*, xrefs: 004019B0

Memory Dump Source

Source File: 00000000.00000002.854921112.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.854909506.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.854975497.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.854982624.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: #100
String ID: VB5!6&*
API String ID: 1341478452-3593831657
Opcode ID: 2fb44b72d09ffa27c32171e0fc52d0d431592fcaf87a363624572772ce90319e
Instruction ID: ad801f70b52ee9f0e04a4ebe2be78aa6aa79ec8a422af9bdad6e4a896755102e
Opcode Fuzzy Hash: 2fb44b72d09ffa27c32171e0fc52d0d431592fcaf87a363624572772ce90319e
Instruction Fuzzy Hash: 945194A258E3C25FD7038BB488651827FB0AE1326430B85EBC4C0DF4B3E2694D5AD776

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 029BC5D9, Relevance: 3.9, Strings: 2, Instructions: 1378COMMON

Download Yara Rule

Strings

Ne, xrefs: 029B75BA
(B, xrefs: 029B6644

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: (B$Ne
API String ID: 0-228057021
Opcode ID: e0de672362a19d7f5503ab6e0b78947c165cccb85d86460c24bb57534dbac1d1
Instruction ID: 3cb186d706c556302b7944c49c3776d36fb0b8230d88e1b86d7a78ca6c2c58bb
Opcode Fuzzy Hash: e0de672362a19d7f5503ab6e0b78947c165cccb85d86460c24bb57534dbac1d1
Instruction Fuzzy Hash: B7B2767160434ADFDF319E78CE947EA77A2BF56390F95462EDC8A9B250D3308985CB02

Uniqueness

Uniqueness Score: -1.00%

Function 029BE280, Relevance: 3.7, Strings: 2, Instructions: 1237COMMON

Download Yara Rule

Strings

Ne, xrefs: 029B75BA
(B, xrefs: 029B6644

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: (B$Ne
API String ID: 0-228057021
Opcode ID: a49317c65aeeb0a8b4524d47a20a91b947bfda74c3934b54b325a56edebda9f8
Instruction ID: 67edea7fc6ca11d9228a73f62aabfbe9f696666e9e81749aee034757929ed97e
Opcode Fuzzy Hash: a49317c65aeeb0a8b4524d47a20a91b947bfda74c3934b54b325a56edebda9f8
Instruction Fuzzy Hash: 44A2857160434ADFDF359E74CE947EA7BA2BF55350F95422EDC8A9B240D3308A85CB42

Uniqueness

Uniqueness Score: -1.00%

Function 029B36FA, Relevance: 3.6, Strings: 2, Instructions: 1090COMMON

Download Yara Rule

Strings

Ne, xrefs: 029B75BA
(B, xrefs: 029B6644

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: (B$Ne
API String ID: 0-228057021
Opcode ID: b27c0c7694497a618a10e3ff329e4852fef52dcf52642ceb0068104807df2f64
Instruction ID: 3134dbe332cd2063fe3f528750091bf8a6cb8c1db4ef70feb7000b12e7b649eb
Opcode Fuzzy Hash: b27c0c7694497a618a10e3ff329e4852fef52dcf52642ceb0068104807df2f64
Instruction Fuzzy Hash: A892737160434A9FDF359E78CE943EA7BA2FF85350F95462EDC8A9B250D3308985CB42

Uniqueness

Uniqueness Score: -1.00%

Function 029BA455, Relevance: 3.6, Strings: 2, Instructions: 1067COMMON

Download Yara Rule

Strings

Ne, xrefs: 029B75BA
(B, xrefs: 029B6644

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: (B$Ne
API String ID: 0-228057021
Opcode ID: 891528f9cf02c6dfa83151a5cca361f6fe25bda99f8cafcc4f4fb99bdbb487da
Instruction ID: 86f938550f3bb03dc2659d761d40773a3a8d9d9ec602233fd63131c4eb3e9be6
Opcode Fuzzy Hash: 891528f9cf02c6dfa83151a5cca361f6fe25bda99f8cafcc4f4fb99bdbb487da
Instruction Fuzzy Hash: 7782637160434A9FDF359E38CA957EA7BA2FF55350F95822EDC8A8B250D3308981CB42

Uniqueness

Uniqueness Score: -1.00%

Function 029BA969, Relevance: 3.6, Strings: 2, Instructions: 1059COMMON

Download Yara Rule

Strings

Ne, xrefs: 029B75BA
(B, xrefs: 029B6644

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: (B$Ne
API String ID: 0-228057021
Opcode ID: 80de261d89df52d2cecd2b30b8b450accee83e06c6042be196991cc7c79d6ad8
Instruction ID: d7195672af5142d7acce955d725a24c36e93a15685a8df757a4193e8dc40bfcc
Opcode Fuzzy Hash: 80de261d89df52d2cecd2b30b8b450accee83e06c6042be196991cc7c79d6ad8
Instruction Fuzzy Hash: 2B82747160434A9FDF359E38CE957EA7BB2BF45350F95422EDC8A9B250D3308A85CB42

Uniqueness

Uniqueness Score: -1.00%

Function 029B5FF1, Relevance: 3.5, Strings: 2, Instructions: 957COMMON

Download Yara Rule

Strings

Ne, xrefs: 029B75BA
(B, xrefs: 029B6644

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: (B$Ne
API String ID: 0-228057021
Opcode ID: 5c8e6841d2d309028c618326282f3a09822d6804ea7186d867a8d56d0e4f22e2
Instruction ID: c635a34c5d8b53150725efa780297c7c8a6573620365efd05d40264b4facb713
Opcode Fuzzy Hash: 5c8e6841d2d309028c618326282f3a09822d6804ea7186d867a8d56d0e4f22e2
Instruction Fuzzy Hash: F872757160434A9FDF359E38CA947EA7BB2FF95350F95462EDC8A9B250D3308981CB42

Uniqueness

Uniqueness Score: -1.00%

Function 029B61DC, Relevance: 3.4, Strings: 2, Instructions: 940COMMON

Download Yara Rule

Strings

Ne, xrefs: 029B75BA
(B, xrefs: 029B6644

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: (B$Ne
API String ID: 0-228057021
Opcode ID: bb5ca35f6ba4dbf4a154445314d8c205dabb5a175c22b546c97856498d54d14f
Instruction ID: 19935d9bf20f8f2003ce75692ec701ef9aec0e499328f22e7eaca3a505c2da22
Opcode Fuzzy Hash: bb5ca35f6ba4dbf4a154445314d8c205dabb5a175c22b546c97856498d54d14f
Instruction Fuzzy Hash: 5C72747260434A9FDF359E34CA917EA7BB6FF81350F95462EDC8A8B250D3309985CB42

Uniqueness

Uniqueness Score: -1.00%

Function 029B6138, Relevance: 3.4, Strings: 2, Instructions: 913COMMON

Download Yara Rule

Strings

Ne, xrefs: 029B75BA
(B, xrefs: 029B6644

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: (B$Ne
API String ID: 0-228057021
Opcode ID: 79e20fbd3aa2ee065ca9caaa2bf27fe42a22674dda74b0cc892414bb87823cbe
Instruction ID: 51232549476939bdb7367bb60852e1070958d379445aaf4ca2919d313f96963a
Opcode Fuzzy Hash: 79e20fbd3aa2ee065ca9caaa2bf27fe42a22674dda74b0cc892414bb87823cbe
Instruction Fuzzy Hash: 1772757160434A9FDF359E34CA957EA7BB2FF85350F95462EDC8A9B250D3308A81CB42

Uniqueness

Uniqueness Score: -1.00%

Function 029B62A3, Relevance: 3.3, Strings: 2, Instructions: 845COMMON

Download Yara Rule

Strings

Ne, xrefs: 029B75BA
(B, xrefs: 029B6644

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: (B$Ne
API String ID: 0-228057021
Opcode ID: 4dacd18990d5430c86e630a95cde4b7202a16a657dbd51463fe8f50d9d860cdf
Instruction ID: fb1940d57a81bc00a8408d43ccaf35a2a7352f1762a72de39b6bd2c0bc85db70
Opcode Fuzzy Hash: 4dacd18990d5430c86e630a95cde4b7202a16a657dbd51463fe8f50d9d860cdf
Instruction Fuzzy Hash: 9A62637160434A9FDF359E34CA957EA7BB2FF85350F95462EDC8A8B250D3309A81CB42

Uniqueness

Uniqueness Score: -1.00%

Function 029B634E, Relevance: 3.3, Strings: 2, Instructions: 838COMMON

Download Yara Rule

Strings

Ne, xrefs: 029B75BA
(B, xrefs: 029B6644

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: (B$Ne
API String ID: 0-228057021
Opcode ID: 3c0149179d1a8ffd7ec1d11edb63213be24cc954d443b689c1f9e8c64043dae2
Instruction ID: 60395f6d1e3519ac363d7b7b7a8e8faf8a2435a3b3ee32fd4e641e2b718abbed
Opcode Fuzzy Hash: 3c0149179d1a8ffd7ec1d11edb63213be24cc954d443b689c1f9e8c64043dae2
Instruction Fuzzy Hash: 2662747160434A9FDF359E34CA957EA7BB2FF95350F95462EDC8A8B240D3309A81CB42

Uniqueness

Uniqueness Score: -1.00%

Function 029B63F7, Relevance: 3.3, Strings: 2, Instructions: 835COMMON

Download Yara Rule

Strings

Ne, xrefs: 029B75BA
(B, xrefs: 029B6644

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: (B$Ne
API String ID: 0-228057021
Opcode ID: fdb46e067e6a54e79e8639f9c0055b2686836b3eecfd6e862a15d0bb947d1094
Instruction ID: 2fc5ae1fa900cb3e1bb2df252ab4418c819fff32ac44c008c924a95148ea32e1
Opcode Fuzzy Hash: fdb46e067e6a54e79e8639f9c0055b2686836b3eecfd6e862a15d0bb947d1094
Instruction Fuzzy Hash: 8662857260434A9FDF319E34CA953EA7BB2BF91350F95462EDC8A8B254D3309985CB42

Uniqueness

Uniqueness Score: -1.00%

Function 029B6554, Relevance: 3.2, Strings: 2, Instructions: 721COMMON

Download Yara Rule

Strings

Ne, xrefs: 029B75BA
(B, xrefs: 029B6644

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: (B$Ne
API String ID: 0-228057021
Opcode ID: 170242063381e6734096f945e2ddc1980a40236ad168ece239723c5d465ec055
Instruction ID: b536b3f175f4afaee9bf2db32feb1c2c93451210504bcebf764ce2a7a85bf9bf
Opcode Fuzzy Hash: 170242063381e6734096f945e2ddc1980a40236ad168ece239723c5d465ec055
Instruction Fuzzy Hash: D742727260434A9FDF359E34CA957EA7BB2FF51350F91462EDC8A8B250D3709A81CB42

Uniqueness

Uniqueness Score: -1.00%

Function 029B662B, Relevance: 3.2, Strings: 2, Instructions: 665COMMON

Download Yara Rule

Strings

Ne, xrefs: 029B75BA
(B, xrefs: 029B6644

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: (B$Ne
API String ID: 0-228057021
Opcode ID: 95bad5d43318c7b63a586a2313f3697118682afcc6a66a974753b0987558d05a
Instruction ID: 61490f1623578f1f7f26c8ee9fec9d1abc575f45ad246dcdc3b910a424ccd3dd
Opcode Fuzzy Hash: 95bad5d43318c7b63a586a2313f3697118682afcc6a66a974753b0987558d05a
Instruction Fuzzy Hash: A4424F7260434A9FDF359E34CA957EA7BB2BF55350F95422EDC8A8B250D3708A81CB42

Uniqueness

Uniqueness Score: -1.00%

Function 029B66C7, Relevance: 1.9, Strings: 1, Instructions: 655COMMON

Download Yara Rule

Strings

Ne, xrefs: 029B75BA

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: Ne
API String ID: 0-3071501248
Opcode ID: 5e95c1e7d26bbf24c14f724fdd0eced9152ddce2b7ed517f7aba46873c36b064
Instruction ID: ce5eebb06247de70db9a0b55f17e2c5e1b0d52ed1e413029691694552336a8c7
Opcode Fuzzy Hash: 5e95c1e7d26bbf24c14f724fdd0eced9152ddce2b7ed517f7aba46873c36b064
Instruction Fuzzy Hash: 793260726043499FDF359E34CA957EA7BB2FF95350F85462EDC8A8B250D3309A81CB42

Uniqueness

Uniqueness Score: -1.00%

Function 029B6778, Relevance: 1.9, Strings: 1, Instructions: 647COMMON

Download Yara Rule

Strings

Ne, xrefs: 029B75BA

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: Ne
API String ID: 0-3071501248
Opcode ID: 4d10d3b66c3f02e74d86907f3de3b7b6de0dd2d2c0719aecaf9255bcd9bdb3ec
Instruction ID: 020ae2452e48f6f11f8f3028fe7de1477722dbbc0d62f7e0538aed0f6fc3ead5
Opcode Fuzzy Hash: 4d10d3b66c3f02e74d86907f3de3b7b6de0dd2d2c0719aecaf9255bcd9bdb3ec
Instruction Fuzzy Hash: 283263726043499FDF369E34CA957EA77B2FF95350F85452EDC8A8B140D3309A81CB42

Uniqueness

Uniqueness Score: -1.00%

Function 029B6692, Relevance: 1.9, Strings: 1, Instructions: 639COMMON

Download Yara Rule

Strings

Ne, xrefs: 029B75BA

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: Ne
API String ID: 0-3071501248
Opcode ID: d35224fab3201168bd212ac51cb752ad52c31f8bb6967393161b2d7ccba74462
Instruction ID: c238136703fce6f62030c10dde16cc391044b2d91bad5576c127dcacb209e79e
Opcode Fuzzy Hash: d35224fab3201168bd212ac51cb752ad52c31f8bb6967393161b2d7ccba74462
Instruction Fuzzy Hash: 33326E726043499FDF359E34CE957EA7BB2BF55350F95862EDC8A8B240D3708A81CB42

Uniqueness

Uniqueness Score: -1.00%

Function 029B684F, Relevance: 1.8, Strings: 1, Instructions: 593COMMON

Download Yara Rule

Strings

Ne, xrefs: 029B75BA

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: Ne
API String ID: 0-3071501248
Opcode ID: 55bbc755c4753b520ac9b6d4a68261c44c5602e9305d448aa9dbc9b451c300c5
Instruction ID: 13348b34cbfd2e221df23880eccd5cc82698a82853c6e946fbfc678b442347b8
Opcode Fuzzy Hash: 55bbc755c4753b520ac9b6d4a68261c44c5602e9305d448aa9dbc9b451c300c5
Instruction Fuzzy Hash: 742263726043499FDF359E74CE957EA37B2EF95350F85422EDC8A8B290D3708A81CB42

Uniqueness

Uniqueness Score: -1.00%

Function 029B681F, Relevance: 1.8, Strings: 1, Instructions: 581COMMON

Download Yara Rule

Strings

Ne, xrefs: 029B75BA

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: Ne
API String ID: 0-3071501248
Opcode ID: f7f438a114a1e0b7b60880947977abcbfbac7a2bea161204e18488c353c312a1
Instruction ID: fd99620b2cd7d4346d9afd99b9bcccc1c2f451af4a30029cdef793b21007e8d6
Opcode Fuzzy Hash: f7f438a114a1e0b7b60880947977abcbfbac7a2bea161204e18488c353c312a1
Instruction Fuzzy Hash: 7F224072604349DFDF359E74CE957EA7BB2AF95350F85422EDC8A8B240D3708A81CB42

Uniqueness

Uniqueness Score: -1.00%

Function 029B1175, Relevance: 1.8, Strings: 1, Instructions: 566COMMON

Download Yara Rule

Strings

rHGk, xrefs: 029B15A8

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: rHGk
API String ID: 0-4221766241
Opcode ID: 8f5dcdd2a68b82b82170d256bf187d49b554a4a7083f94f5c82d78760b8d09a5
Instruction ID: f2345ed58c75255f0a79f293a747f4a939862ef14a719c24b92af4e02300b7c6
Opcode Fuzzy Hash: 8f5dcdd2a68b82b82170d256bf187d49b554a4a7083f94f5c82d78760b8d09a5
Instruction Fuzzy Hash: 1D128A716043468FDF369E7C8EA93EF37A6AF96360F95462ECC8997544C3358981CB02

Uniqueness

Uniqueness Score: -1.00%

Function 029B1276, Relevance: 1.8, Strings: 1, Instructions: 564COMMON

Download Yara Rule

Strings

rHGk, xrefs: 029B15A8

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: rHGk
API String ID: 0-4221766241
Opcode ID: 92e81d11c4a1a8b6644aeded290574d6490a2f9e8813d7143c98a37ab15caec3
Instruction ID: 078c30aaebc2664241f79c7d6e191c77fa79031d22382cf7f0626b1b9ffefe3e
Opcode Fuzzy Hash: 92e81d11c4a1a8b6644aeded290574d6490a2f9e8813d7143c98a37ab15caec3
Instruction Fuzzy Hash: 2612AC71A043868FDF369E388EA57EE37A2AF96360F95462ECC8D97544D3358581CB02

Uniqueness

Uniqueness Score: -1.00%

Function 029B692D, Relevance: 1.8, Strings: 1, Instructions: 532COMMON

Download Yara Rule

Strings

Ne, xrefs: 029B75BA

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: Ne
API String ID: 0-3071501248
Opcode ID: c7b7d8c46d413ed082aef1a46a9080cc24efd0799bbb12f43eb1bbebd93f96c3
Instruction ID: 9a1791e7c8ab2232e3059f9ffa4c46c0c57ed4b83e031243e1c04eb570b576a8
Opcode Fuzzy Hash: c7b7d8c46d413ed082aef1a46a9080cc24efd0799bbb12f43eb1bbebd93f96c3
Instruction Fuzzy Hash: 31125232604348DFDF359E74CE957EA7BB2AF95350F95422EDC8A9B250D3708A81CB42

Uniqueness

Uniqueness Score: -1.00%

Function 029B6955, Relevance: 1.8, Strings: 1, Instructions: 529COMMON

Download Yara Rule

Strings

Ne, xrefs: 029B75BA

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: Ne
API String ID: 0-3071501248
Opcode ID: 665ee4f0c7bbeecf1fbc03b698a6364950912f05124e6672cc5960c38ba9b42d
Instruction ID: cd098f0d87336fa5d63b9dab3e72e121263ca60d689d1640c4deb519becaaacb
Opcode Fuzzy Hash: 665ee4f0c7bbeecf1fbc03b698a6364950912f05124e6672cc5960c38ba9b42d
Instruction Fuzzy Hash: DD125232604348DFDF359E74CE957EA77B2AF95350F95422EDC8A9B290D3708A81CB42

Uniqueness

Uniqueness Score: -1.00%

Function 029B69D8, Relevance: 1.8, Strings: 1, Instructions: 526COMMON

Download Yara Rule

Strings

Ne, xrefs: 029B75BA

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: Ne
API String ID: 0-3071501248
Opcode ID: 6476056fe3ef61e7b5474bdd8f9ff487e51d2866b66486b2f6fbc85e0585e3c0
Instruction ID: 2a7379d69016fa4dde2e2f9f6d4d661e9dca31c3c24abeef6f9a237bb434942d
Opcode Fuzzy Hash: 6476056fe3ef61e7b5474bdd8f9ff487e51d2866b66486b2f6fbc85e0585e3c0
Instruction Fuzzy Hash: 571262326043498FDF359E34CE957EA77B2BF95350F95462EDC8A9B290D3708A81CB42

Uniqueness

Uniqueness Score: -1.00%

Function 029B6BEB, Relevance: 1.8, Strings: 1, Instructions: 507COMMON

Download Yara Rule

Strings

Ne, xrefs: 029B75BA

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: Ne
API String ID: 0-3071501248
Opcode ID: 6702b45cbe6bc57745dcb2c151cb6d1845aab9b6d0e5249840c3a4c2ebc8d62a
Instruction ID: d233336b98547e68757aaf1060e69a45a8c3213029324fbeeddc3e404d1a0fd3
Opcode Fuzzy Hash: 6702b45cbe6bc57745dcb2c151cb6d1845aab9b6d0e5249840c3a4c2ebc8d62a
Instruction Fuzzy Hash: 891252726043499FDF369F34CA957DA7BB6FF85320F85052ADD8A8B190D3305A85CB42

Uniqueness

Uniqueness Score: -1.00%

Function 029B12E8, Relevance: 1.8, Strings: 1, Instructions: 505COMMON

Download Yara Rule

Strings

rHGk, xrefs: 029B15A8

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: rHGk
API String ID: 0-4221766241
Opcode ID: cf2427ad01ca7a1b8bb511525b4948c0adcba319838faa32993f76ae21d61b75
Instruction ID: 792987f5c4373c7b7c757e2519386a6bbd3cc4b4dcd7cc7a4ebb1b5ea9103613
Opcode Fuzzy Hash: cf2427ad01ca7a1b8bb511525b4948c0adcba319838faa32993f76ae21d61b75
Instruction Fuzzy Hash: 59029C716043868FDF369E788EA57EE37A2AF86360F95462ECC8DD7544D3358981CB02

Uniqueness

Uniqueness Score: -1.00%

Function 029B6B6B, Relevance: 1.7, Strings: 1, Instructions: 486COMMON

Download Yara Rule

Strings

Ne, xrefs: 029B75BA

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: Ne
API String ID: 0-3071501248
Opcode ID: e740c24697e0da3cbec17db0e3ba3ced8b0d68d5408840dd28be5f74401a0d10
Instruction ID: e32382c9ff51d5ad5497981b16ffa60bfdb1c9c217a83c7c95f2c9656b2d9565
Opcode Fuzzy Hash: e740c24697e0da3cbec17db0e3ba3ced8b0d68d5408840dd28be5f74401a0d10
Instruction Fuzzy Hash: B50273326043498FDF369E34CE957EA77B6FF95360F85452ADC8A8B290D3309A85CB41

Uniqueness

Uniqueness Score: -1.00%

Function 029B6AAB, Relevance: 1.7, Strings: 1, Instructions: 477COMMON

Download Yara Rule

Strings

Ne, xrefs: 029B75BA

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: Ne
API String ID: 0-3071501248
Opcode ID: 3da874ba65b221c9e9e783761d6cc5ba3f0c6a7380ebb487618923827953d8fa
Instruction ID: 107aa8c3a1843c04c4d49776bede4208c6141f9b308e609074074524bbb8d4b8
Opcode Fuzzy Hash: 3da874ba65b221c9e9e783761d6cc5ba3f0c6a7380ebb487618923827953d8fa
Instruction Fuzzy Hash: EC026372604348DFDF369E74CE947EA77B2BF95350F95412ADC8A9B290D3708A81CB42

Uniqueness

Uniqueness Score: -1.00%

Function 029B156F, Relevance: 1.7, Strings: 1, Instructions: 432COMMON

Download Yara Rule

Strings

rHGk, xrefs: 029B15A8

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: rHGk
API String ID: 0-4221766241
Opcode ID: a3af0f323a257d6eea527e2c5fa6f760e9e7a2c6f6aee9960611b21763882342
Instruction ID: 9a6429effe560b1fcdcc33550d37267c5dbee32228aab6c7fe7fc3aca40252aa
Opcode Fuzzy Hash: a3af0f323a257d6eea527e2c5fa6f760e9e7a2c6f6aee9960611b21763882342
Instruction Fuzzy Hash: 17E19C3160838A8FDF369E788AB93EE77A2BF42360F85451ECCCA9B555D3358581C702

Uniqueness

Uniqueness Score: -1.00%

Function 029B6C93, Relevance: 1.7, Strings: 1, Instructions: 403COMMON

Download Yara Rule

Strings

Ne, xrefs: 029B75BA

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: Ne
API String ID: 0-3071501248
Opcode ID: d6c17aa13e8ccce6959b0e5e867c979c3ba7e11f8a782471a04df1ae8c1bc632
Instruction ID: c444e43084bd4e602586183151c75e86b9b50e08ae4b9773b59844cf65794db6
Opcode Fuzzy Hash: d6c17aa13e8ccce6959b0e5e867c979c3ba7e11f8a782471a04df1ae8c1bc632
Instruction Fuzzy Hash: 60E153326043499FDF369E74CE957EA77B6BF95350F84422ADC8A8B280D3709A81CB41

Uniqueness

Uniqueness Score: -1.00%

Function 029BDB55, Relevance: 1.6, Strings: 1, Instructions: 385COMMON

Download Yara Rule

Strings

%zON, xrefs: 029BDDE4

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: %zON
API String ID: 0-155931339
Opcode ID: af468ccef6fe5a89a8470d6fc4021183e8ae685bd3a3a3fd8b096450fcd41729
Instruction ID: 1f0f919e75e724d51b0ed1f2b90051baea97ae417f4e9215ece9a8b6fa7b577e
Opcode Fuzzy Hash: af468ccef6fe5a89a8470d6fc4021183e8ae685bd3a3a3fd8b096450fcd41729
Instruction Fuzzy Hash: 1DD17B71A4434ACFDF369E38CAA57DA37A3AF56350F91412BCC8ADB644D3308685CA51

Uniqueness

Uniqueness Score: -1.00%

Function 029B6D2C, Relevance: 1.6, Strings: 1, Instructions: 379COMMON

Download Yara Rule

Strings

Ne, xrefs: 029B75BA

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: Ne
API String ID: 0-3071501248
Opcode ID: 8a12010bd5166ae8b8f89351bcde9588aa43d3f7b0d6822d01fc32ce208f9921
Instruction ID: 6b5b67748366735425fe5902a02127878d97a1cedc049a41269c245bf9438732
Opcode Fuzzy Hash: 8a12010bd5166ae8b8f89351bcde9588aa43d3f7b0d6822d01fc32ce208f9921
Instruction Fuzzy Hash: A2E151326043499FDF369F74CE957EA7BB6BF95350F84462ADC8A8B190D3708A81CB41

Uniqueness

Uniqueness Score: -1.00%

Function 029B6E00, Relevance: 1.6, Strings: 1, Instructions: 340COMMON

Download Yara Rule

Strings

Ne, xrefs: 029B75BA

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: Ne
API String ID: 0-3071501248
Opcode ID: 1ba75c70dbc5a660e86e3775cdf950b25aa92323cf5db06528898d553879fa68
Instruction ID: 1a828ab0ef5f0efb3a1131c8837269e17ef963ffd412c3f51442b430959118a8
Opcode Fuzzy Hash: 1ba75c70dbc5a660e86e3775cdf950b25aa92323cf5db06528898d553879fa68
Instruction Fuzzy Hash: 14D130326043499FDF369F74CE957DA7BA2BF89350F84062ADC8D9B190D3709A85CB42

Uniqueness

Uniqueness Score: -1.00%

Function 029B55A6, Relevance: 1.6, Strings: 1, Instructions: 309COMMON

Download Yara Rule

Strings

Npl~, xrefs: 029BE69C

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: Npl~
API String ID: 0-1888215250
Opcode ID: 364a2d7ba856c4deb6f6b7c14159a1cc20f19d2ba781003c8fc1ddaebc7b1d5a
Instruction ID: b436ae88c78f4418e0ec634e336ff163827d8be9307be625ffce366b3e069e23
Opcode Fuzzy Hash: 364a2d7ba856c4deb6f6b7c14159a1cc20f19d2ba781003c8fc1ddaebc7b1d5a
Instruction Fuzzy Hash: E2B165B0600309DFDB369E38CAA87DA37A7BF553A0F95412DDC8A8B254D771C985CB11

Uniqueness

Uniqueness Score: -1.00%

Function 029B6EC7, Relevance: 1.6, Strings: 1, Instructions: 302COMMON

Download Yara Rule

Strings

Ne, xrefs: 029B75BA

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: Ne
API String ID: 0-3071501248
Opcode ID: 07994ce73cd14df2aa0322717dabe424738f254ef46185214d69cc2e21e83b34
Instruction ID: 3f6473f839172e9fd24977269b43d9366a1fcff0b3ce95f481794695f0b4d069
Opcode Fuzzy Hash: 07994ce73cd14df2aa0322717dabe424738f254ef46185214d69cc2e21e83b34
Instruction Fuzzy Hash: A3C121326043498FDF369F34CE95BDA7BA2BF85350F84062ADC8E8B190D3709A81CB41

Uniqueness

Uniqueness Score: -1.00%

Function 029B6F9B, Relevance: 1.5, Strings: 1, Instructions: 283COMMON

Download Yara Rule

Strings

Ne, xrefs: 029B75BA

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: Ne
API String ID: 0-3071501248
Opcode ID: b0d09ab89e1726fde1303c43d0806a2615042f7c3213d9afa109daa6fe72d1e2
Instruction ID: 7d3ebb7d8bcfd0acee04676da6933ba8ab1d45902525f7c8a536383e01cb5abb
Opcode Fuzzy Hash: b0d09ab89e1726fde1303c43d0806a2615042f7c3213d9afa109daa6fe72d1e2
Instruction Fuzzy Hash: 67B123726043499FDF369F74CE947DABBB2BF99310F84422ADD894B190D3709A85CB41

Uniqueness

Uniqueness Score: -1.00%

Function 029B7025, Relevance: 1.5, Strings: 1, Instructions: 231COMMON

Download Yara Rule

Strings

Ne, xrefs: 029B75BA

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: Ne
API String ID: 0-3071501248
Opcode ID: 2c2ebe50c9a1648470ab6acbd76aaa3dc6c97b8330945af896029941cf17c113
Instruction ID: e65244abb8c32c874abce128b1d8f526e5cd569a25a69482d231c88d854ae671
Opcode Fuzzy Hash: 2c2ebe50c9a1648470ab6acbd76aaa3dc6c97b8330945af896029941cf17c113
Instruction Fuzzy Hash: B191E471600249DFDF769F74CE987DA7BB2BF99350F84422ADD898B290D3708A85CB41

Uniqueness

Uniqueness Score: -1.00%

Function 029B7022, Relevance: 1.5, Strings: 1, Instructions: 226COMMON

Download Yara Rule

Strings

Ne, xrefs: 029B75BA

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: Ne
API String ID: 0-3071501248
Opcode ID: 3c218b26a3f2cabc67345031962fe04de5dd2e6d0421c1d9e3b83e8b5dd815f7
Instruction ID: ee27e71c8292410e06f5ac0d50fd8f76373e13e6aa836f889613d97bbd61ac42
Opcode Fuzzy Hash: 3c218b26a3f2cabc67345031962fe04de5dd2e6d0421c1d9e3b83e8b5dd815f7
Instruction Fuzzy Hash: 71910171604348DFDF769E74CE947DA7BB2BF99350F84462ADC898B250D3708A85CB42

Uniqueness

Uniqueness Score: -1.00%

Function 029B709F, Relevance: 1.5, Strings: 1, Instructions: 207COMMON

Download Yara Rule

Strings

Ne, xrefs: 029B75BA

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: Ne
API String ID: 0-3071501248
Opcode ID: 3a35facedac706550916afd13204ef39bb3c4176edb6977ac4cee9354872133c
Instruction ID: 11c411d554f9ab2cf26111be7c503d4a0dd9ea45c31ab549975efd15645f8350
Opcode Fuzzy Hash: 3a35facedac706550916afd13204ef39bb3c4176edb6977ac4cee9354872133c
Instruction Fuzzy Hash: 4B81E171600288DFDF769F74CE94BDA7BB2BF99350F844229DD898B250D7708A85CB41

Uniqueness

Uniqueness Score: -1.00%

Function 029BAFD7, Relevance: 1.3, Strings: 1, Instructions: 84COMMON

Download Yara Rule

Strings

Au, xrefs: 029BB08C

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: Au
API String ID: 0-2295654664
Opcode ID: 3a708b75aafa5b23e02fc66e30ce95064bbfdaf8c93049324ab50f567cecb7e0
Instruction ID: 32f4e55f8c590f2fb3118723ce3e073d6b4c9a9d63dadfbe9e642b906785a04d
Opcode Fuzzy Hash: 3a708b75aafa5b23e02fc66e30ce95064bbfdaf8c93049324ab50f567cecb7e0
Instruction Fuzzy Hash: 6C21AF3460130FCBDB719E7C86E13E76257BF62784FD64229CD8687148E334488AC305

Uniqueness

Uniqueness Score: -1.00%

Function 029BC329, Relevance: 1.3, Strings: 1, Instructions: 63COMMON

Download Yara Rule

Strings

}l", xrefs: 029BC393

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID: }l"
API String ID: 0-1801363258
Opcode ID: c0c1371e75c0c4eb2be54967499c36de73620895459e52f20f45b668775828e7
Instruction ID: 05406bc4e628608eb777b973c80cf7b59011b92f84ec3321525313c962a57dbc
Opcode Fuzzy Hash: c0c1371e75c0c4eb2be54967499c36de73620895459e52f20f45b668775828e7
Instruction Fuzzy Hash: 6021E1706093868FDFA89E749AA57EB37B2EF42350F42442FCDCAA7151DB354685CB02

Uniqueness

Uniqueness Score: -1.00%

Function 029B3971, Relevance: .4, Instructions: 375COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1566bc312810779d07a6c1c52c0ab0b813be1a20a60112f1ffbcbd4ec1e7fca
Instruction ID: 6eddf4d6ea5f2add0a53bfd24f4b4603d1002d82bc469771f80820872dc369f6
Opcode Fuzzy Hash: d1566bc312810779d07a6c1c52c0ab0b813be1a20a60112f1ffbcbd4ec1e7fca
Instruction Fuzzy Hash: C0D166716043499FDF359E28CEA47EF77A3AF42350F91442DEC8A97644D3318A85CB06

Uniqueness

Uniqueness Score: -1.00%

Function 029B16E3, Relevance: .4, Instructions: 351COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a97c448e346a40a6c3605b1e137fe482188c79f52dba1642c1a6e34aa2a4a53f
Instruction ID: 402b6d965e1109238037b176c29f8de0f65201b191dd1ddff393f3454c56dd80
Opcode Fuzzy Hash: a97c448e346a40a6c3605b1e137fe482188c79f52dba1642c1a6e34aa2a4a53f
Instruction Fuzzy Hash: 66C18D716043868FDF369A3C8AA93EE77A2AF42760F85452ECC89D7554D3358581C742

Uniqueness

Uniqueness Score: -1.00%

Function 029B1664, Relevance: .3, Instructions: 338COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c397f13a59b89ba883fe81ed23dfa693a69a03831823c9c1e9b1f2e7fa836c7
Instruction ID: da66cadbd87e44d562ee6cc4b4e7d762b1407e24cded0a6aa93b357da23de78b
Opcode Fuzzy Hash: 0c397f13a59b89ba883fe81ed23dfa693a69a03831823c9c1e9b1f2e7fa836c7
Instruction Fuzzy Hash: 0DC169706043868FEF369A7C8AA93EE77A2AF46360F85862ECCC9D7545D3358581C702

Uniqueness

Uniqueness Score: -1.00%

Function 029B1783, Relevance: .3, Instructions: 316COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9997645ff1a5e7f7d5c2349586b7f0237ae9ac26ea2654f895dde5be52bc1714
Instruction ID: 85de7262cd6ae00381b9f24b7218a7d7561a4828fca2101efe6a596d30ad3868
Opcode Fuzzy Hash: 9997645ff1a5e7f7d5c2349586b7f0237ae9ac26ea2654f895dde5be52bc1714
Instruction Fuzzy Hash: D6B19C706083869FDF369A388AB93EF77A2BF42760F854A1ECCC98B545C335C581C602

Uniqueness

Uniqueness Score: -1.00%

Function 029B18FB, Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef6fe78f21805b408a4639dd55c6f5150dc96ac983eebd2497c0267dcca75615
Instruction ID: bd4719a72e0268d715d2e8915d5e1736bce7fbae673647110f5c4fe3d69dcd54
Opcode Fuzzy Hash: ef6fe78f21805b408a4639dd55c6f5150dc96ac983eebd2497c0267dcca75615
Instruction Fuzzy Hash: D6712B702083869FDF36AA388D693EF7BA6AF56360FC5861ECCC997545C3358581CB02

Uniqueness

Uniqueness Score: -1.00%

Function 004092BC, Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.854921112.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.854909506.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.854975497.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.854982624.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 185096e82220389d440197759049318995404c5f3eb2576f04f255bb6df4cd8b
Instruction ID: 992d4d05e47c6351acade839198ce7097935a98e3cce3de93b14edbbf24b760f
Opcode Fuzzy Hash: 185096e82220389d440197759049318995404c5f3eb2576f04f255bb6df4cd8b
Instruction Fuzzy Hash: E5716D6404E3D15FE7039B7489A5196BFB0AE0724475E40EFC8C4CF0E3D2286D5AD76A

Uniqueness

Uniqueness Score: -1.00%

Function 029B1A43, Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 597fa7291f7be4ba6204663066e8681cbe0f414b50b5db112764f9572ff81ac0
Instruction ID: ba8025e5278fadc13fe0ae0c225bae87b80023e431349a0ea8772f04bd38a3bc
Opcode Fuzzy Hash: 597fa7291f7be4ba6204663066e8681cbe0f414b50b5db112764f9572ff81ac0
Instruction Fuzzy Hash: 1B617C311087C69FDB229E388E653EEBBA2BF53320F85469ECCD94B495C3355285CB52

Uniqueness

Uniqueness Score: -1.00%

Function 029B7CAB, Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9efd0254604b1a41c8047e55e4140cbfe758d005e9f6f018415f8df0354d061e
Instruction ID: 2b5d6634f79128e845d22ee1cc285d77983b77b8d5c744803466580ebc41448f
Opcode Fuzzy Hash: 9efd0254604b1a41c8047e55e4140cbfe758d005e9f6f018415f8df0354d061e
Instruction Fuzzy Hash: F33176339043548FDB218E248ED17DBBBA2AF537A0F97016DECC967201D7760A88CB42

Uniqueness

Uniqueness Score: -1.00%

Function 029B57A4, Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0fdfd482556695e9de27958abe71f3d9039bf84faf73b5de585c3db42b28c27
Instruction ID: 82505210bf722b7bb0b46a5deaecf63b233ec302f6cd3c586e1442440b615c18
Opcode Fuzzy Hash: f0fdfd482556695e9de27958abe71f3d9039bf84faf73b5de585c3db42b28c27
Instruction Fuzzy Hash: 21219A72600306DEDB269E34878A7CD77B3BFA1724FC58988EC160B498D3799544CA86

Uniqueness

Uniqueness Score: -1.00%

Function 029BB1FE, Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f6bb017e0690756ae00abca25f8b3465c9e8236de97cfbeb24ab277d4ea1e47
Instruction ID: da7ebfb3c8ebaea1c1125db9dbc35c887619d14c644ababfc255a8edfc7fd9f7
Opcode Fuzzy Hash: 8f6bb017e0690756ae00abca25f8b3465c9e8236de97cfbeb24ab277d4ea1e47
Instruction Fuzzy Hash: 5A113D35614386DFD721DE99CAE4BDA33A1AF29394F45853ADD49CB250D7309E40CB14

Uniqueness

Uniqueness Score: -1.00%

Function 029B7AB1, Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cfa1b81e5e6b8521a695c5cbe7955c913c12d579af09626da4d4acb450cc619
Instruction ID: 488bba241ecf19b7151fcdb51e34d71170deab17b067d1bc7bdc15f395225192
Opcode Fuzzy Hash: 5cfa1b81e5e6b8521a695c5cbe7955c913c12d579af09626da4d4acb450cc619
Instruction Fuzzy Hash: 6FC092BB2026808FFB92CF08C4C2B8073A0FF12A88B880490E802DB712C328E904CA40

Uniqueness

Uniqueness Score: -1.00%

Function 029BA900, Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29b0000_RICHIESTA DI OFFERTA.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab663452f0a2796c9079eca4e1be35edd25b93dc44dc8bfe7ee36f5e29c49297
Instruction ID: a5b43a31bea2b0e3e3bea9ac211744203edd9aa7b5d9faf59a5332fa483cdd54
Opcode Fuzzy Hash: ab663452f0a2796c9079eca4e1be35edd25b93dc44dc8bfe7ee36f5e29c49297
Instruction Fuzzy Hash: 40B092316106808FCA51CE0EC2C0E48B3B4BB44A00B8204A4E8119BB11C764EC00CA00

Uniqueness

Uniqueness Score: -1.00%

Function 0040BCB9, Relevance: 46.8, APIs: 31, Instructions: 287
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

#527.MSVBVM60(00409D58), ref: 0042D064
__vbaStrMove.MSVBVM60 ref: 0042D06F
__vbaStrCmp.MSVBVM60(00409D60,00000000), ref: 0042D07B
__vbaFreeStr.MSVBVM60 ref: 0042D08E
__vbaNew2.MSVBVM60(004099E4,004333CC), ref: 0042D0AF
__vbaHresultCheckObj.MSVBVM60(00000000,021AE9C4,004099D4,00000014), ref: 0042D0DA
__vbaHresultCheckObj.MSVBVM60(00000000,?,00409AAC,000000B8), ref: 0042D108
__vbaFreeObj.MSVBVM60 ref: 0042D10D
__vbaNew2.MSVBVM60(004099E4,004333CC), ref: 0042D125
__vbaHresultCheckObj.MSVBVM60(00000000,021AE9C4,004099D4,00000014), ref: 0042D14A
__vbaHresultCheckObj.MSVBVM60(00000000,?,00409AAC,00000110), ref: 0042D170
__vbaStrMove.MSVBVM60 ref: 0042D17B
__vbaFreeObj.MSVBVM60 ref: 0042D184
__vbaNew2.MSVBVM60(0040A14C,00433010), ref: 0042D19D
__vbaObjSet.MSVBVM60(?,00000000), ref: 0042D1BC
__vbaFreeStr.MSVBVM60(0042D3B3), ref: 0042D3AC

Memory Dump Source

Source File: 00000000.00000002.854921112.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.854909506.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.854975497.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.854982624.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$CheckFreeHresult$New2$Move$#527
String ID:
API String ID: 487870899-0
Opcode ID: ed5b95a907725d5e5d85eed6ae036352f52c7a607ee42a1811b1e5d38ade5951
Instruction ID: 92f7f0afaf7bc07c64b2733a2fa2e68ed615c7a18529395273badbd0e8724bfd
Opcode Fuzzy Hash: ed5b95a907725d5e5d85eed6ae036352f52c7a607ee42a1811b1e5d38ade5951
Instruction Fuzzy Hash: 65A18E75A00218ABCB14DFA5DD49FEEBBB8FF48701F10406AF541B72A1DB789905CB68

Uniqueness

Uniqueness Score: -1.00%

Function 0042DD10, Relevance: 40.4, APIs: 21, Strings: 2, Instructions: 163
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaNew2.MSVBVM60(0040A14C,00433010), ref: 0042DD7B
__vbaObjSet.MSVBVM60(?,00000000), ref: 0042DD94
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409954,00000150), ref: 0042DDC1
__vbaStrToAnsi.MSVBVM60(?,?,008039A4), ref: 0042DDD8
__vbaSetSystemError.MSVBVM60(003989DE,00000000), ref: 0042DDEC
__vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0042DE0E
__vbaFreeObj.MSVBVM60 ref: 0042DE1A
#702.MSVBVM60(?,000000FF,000000FE,000000FE,000000FE), ref: 0042DE43
__vbaStrMove.MSVBVM60 ref: 0042DE4E
__vbaFreeVar.MSVBVM60 ref: 0042DE5D
__vbaNew2.MSVBVM60(004099E4,004333CC), ref: 0042DE72
__vbaHresultCheckObj.MSVBVM60(00000000,021AE9C4,004099D4,00000014), ref: 0042DE97
__vbaHresultCheckObj.MSVBVM60(00000000,?,00409AAC,00000118), ref: 0042DEBD
__vbaI2I4.MSVBVM60 ref: 0042DEC2
__vbaFreeObj.MSVBVM60 ref: 0042DECB
__vbaVarDup.MSVBVM60 ref: 0042DEE5
#666.MSVBVM60(?,00000002), ref: 0042DEF3
__vbaVarMove.MSVBVM60 ref: 0042DEFF
__vbaFreeVar.MSVBVM60 ref: 0042DF08
__vbaFreeVar.MSVBVM60(0042DF5B), ref: 0042DF4B
__vbaFreeStr.MSVBVM60 ref: 0042DF54

Strings

HENRIVENDE, xrefs: 0042DED7
zS, xrefs: 0042DF0A

Memory Dump Source

Source File: 00000000.00000002.854921112.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.854909506.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.854975497.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.854982624.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$Free$CheckHresult$MoveNew2$#666#702AnsiErrorListSystem
String ID: HENRIVENDE$zS
API String ID: 309366762-2729703279
Opcode ID: 216e54dbeaf471ba5b17d8cac72228c7cd8614cad387034a75f263e2b6876084
Instruction ID: 3e14bf423051b26a42ba2d0effce5ddad7d42201ab6809a6a67660b805aab55e
Opcode Fuzzy Hash: 216e54dbeaf471ba5b17d8cac72228c7cd8614cad387034a75f263e2b6876084
Instruction Fuzzy Hash: 275149B1900219ABCB04DFA5DD88EDEBBB8FF48705F10412AF516BB2A0DB745945CB68

Uniqueness

Uniqueness Score: -1.00%

Function 0042D590, Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 127
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaCyStr.MSVBVM60(00409AC0,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 0042D5D8
__vbaFpCmpCy.MSVBVM60(00000000), ref: 0042D5E6
__vbaNew2.MSVBVM60(004099E4,004333CC), ref: 0042D606
__vbaHresultCheckObj.MSVBVM60(00000000,021AE9C4,004099D4,00000014), ref: 0042D631
__vbaHresultCheckObj.MSVBVM60(00000000,?,00409AAC,00000130), ref: 0042D65F
__vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 0042D670
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 0042D675
__vbaNew2.MSVBVM60(004099E4,004333CC), ref: 0042D68E
__vbaHresultCheckObj.MSVBVM60(00000000,021AE9C4,004099D4,00000014), ref: 0042D6B3
__vbaHresultCheckObj.MSVBVM60(00000000,?,00409AAC,000000D0), ref: 0042D6D9
__vbaStrMove.MSVBVM60 ref: 0042D6E8
__vbaFreeObj.MSVBVM60 ref: 0042D6ED
#531.MSVBVM60(kantatens), ref: 0042D6F8
__vbaFreeStr.MSVBVM60(0042D72A), ref: 0042D722
__vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 0042D727

Strings

kantatens, xrefs: 0042D6F3

Memory Dump Source

Source File: 00000000.00000002.854921112.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.854909506.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.854975497.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.854982624.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$CheckFreeHresult$MoveNew2$#531
String ID: kantatens
API String ID: 1829431787-1394988495
Opcode ID: 414f5a4bf40c4a587bffe813d154f81d700dcda894200565b30c0b3f8284b3cd
Instruction ID: 268b9603d49f8c2ef21a02505bbce2dda6b3253113ac13d7225f482d9f4950ea
Opcode Fuzzy Hash: 414f5a4bf40c4a587bffe813d154f81d700dcda894200565b30c0b3f8284b3cd
Instruction Fuzzy Hash: 1A414570A00219AFCB04DF95DD89EDEBBB8FF48704F10406AE505B72A1D7789905CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 00425490, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 130
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaStrCopy.MSVBVM60 ref: 004254F9
#515.MSVBVM60(?,?,00000002), ref: 00425516
__vbaVarTstNe.MSVBVM60(?,?), ref: 00425532
__vbaFreeVar.MSVBVM60 ref: 0042553E
__vbaNew2.MSVBVM60(0040A14C,00433010), ref: 0042556F
__vbaObjSet.MSVBVM60(?,00000000), ref: 00425588
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409A48,000000C0), ref: 004255B2
__vbaLateMemCall.MSVBVM60(?,bJwKrGImpGgg9mRQCArwzZIt8,00000003), ref: 00425621
__vbaFreeObj.MSVBVM60 ref: 0042562D
__vbaFreeObj.MSVBVM60(00425671), ref: 00425661
__vbaFreeStr.MSVBVM60 ref: 0042566A

Strings

bJwKrGImpGgg9mRQCArwzZIt8, xrefs: 00425618
var, xrefs: 004254CA
Kricketbold2, xrefs: 0042555E

Memory Dump Source

Source File: 00000000.00000002.854921112.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.854909506.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.854975497.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.854982624.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$Free$#515CallCheckCopyHresultLateNew2
String ID: Kricketbold2$bJwKrGImpGgg9mRQCArwzZIt8$var
API String ID: 3144308283-2350849782
Opcode ID: c6dedcd5aced9654c1b7c320c669f933d9882481dd532e55ad32b74f70e2c0c5
Instruction ID: 5bf5bcfe2e29984776ee71421b15d1d75e55c59fa0ceca583787bb4a02caaa91
Opcode Fuzzy Hash: c6dedcd5aced9654c1b7c320c669f933d9882481dd532e55ad32b74f70e2c0c5
Instruction Fuzzy Hash: 195148B4E10218DFCB14DF98DA48A9DFBB8FF48B00F10816AE509BB294D7785A45CF84

Uniqueness

Uniqueness Score: -1.00%

Function 0042DA30, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 140
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaStrCopy.MSVBVM60 ref: 0042DA8B
__vbaLenBstrB.MSVBVM60(00409D90), ref: 0042DA96
#680.MSVBVM60(00000000,3FF00000,00000000,3FF00000,00000000,40490000,?,?,?), ref: 0042DADF
__vbaFreeVarList.MSVBVM60(00000003,?,?,?), ref: 0042DAF5
__vbaNew2.MSVBVM60(004099E4,004333CC), ref: 0042DB11
__vbaHresultCheckObj.MSVBVM60(00000000,021AE9C4,004099D4,00000014), ref: 0042DB36
__vbaHresultCheckObj.MSVBVM60(00000000,?,00409AAC,000000C8), ref: 0042DB63
__vbaFreeObj.MSVBVM60 ref: 0042DB6C
__vbaVarDup.MSVBVM60 ref: 0042DB98
#595.MSVBVM60(?,00000000,?,?,?), ref: 0042DBB0
__vbaFreeVarList.MSVBVM60(00000004,?,?,?,?), ref: 0042DBC8
__vbaFreeStr.MSVBVM60(0042DC08), ref: 0042DC01

Strings

hjrekant, xrefs: 0042DB8A

Memory Dump Source

Source File: 00000000.00000002.854921112.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.854909506.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.854975497.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.854982624.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$Free$CheckHresultList$#595#680BstrCopyNew2
String ID: hjrekant
API String ID: 4058102471-1475739938
Opcode ID: 95959a06098993a4faac7d9b790f2a6ac580e100fe50f20baf233002aa7f2173
Instruction ID: fc690ee695db8f231962780ffe65343825b843d53d00f0c3d3a69cc7e01f37d1
Opcode Fuzzy Hash: 95959a06098993a4faac7d9b790f2a6ac580e100fe50f20baf233002aa7f2173
Instruction Fuzzy Hash: 0251E2B1D00219ABDB10DF94D889EDEBFB8BF48700F10412AF505B72A5D7B46585CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 0042D880, Relevance: 22.6, APIs: 15, Instructions: 117
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 0042D8D5
__vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 0042D8DD
__vbaNew2.MSVBVM60(0040A14C,00433010), ref: 0042D8F2
__vbaObjSet.MSVBVM60(?,00000000), ref: 0042D911
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409B10,000001C8), ref: 0042D930
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 0042D939
__vbaNew2.MSVBVM60(0040A14C,00433010), ref: 0042D952
__vbaObjSet.MSVBVM60(?,00000000), ref: 0042D96B
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409D7C,00000100), ref: 0042D98E
__vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0042D99E
__vbaI4Var.MSVBVM60(00000000), ref: 0042D9A8
__vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0042D9BB
__vbaFreeVar.MSVBVM60 ref: 0042D9C7
__vbaFreeStr.MSVBVM60(0042DA02), ref: 0042D9FA
__vbaFreeStr.MSVBVM60 ref: 0042D9FF

Memory Dump Source

Source File: 00000000.00000002.854921112.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.854909506.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.854975497.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.854982624.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$Free$CheckCopyHresultNew2$CallLateList
String ID:
API String ID: 244069345-0
Opcode ID: 5c39a2e577768568b9bfa8c430774f7e118b74792861e76bd2736f80affe6c9b
Instruction ID: 3037e0fc402dac870a1d28fe1070c936b1b5d65c79530787229ec8e5e835481f
Opcode Fuzzy Hash: 5c39a2e577768568b9bfa8c430774f7e118b74792861e76bd2736f80affe6c9b
Instruction Fuzzy Hash: 5A413CB5D00218ABCB04DF94DD89EDEBBB8FB08304F10442AF555B72A4D678A945CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 004256A0, Relevance: 19.6, APIs: 13, Instructions: 113
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 004256F5
__vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 004256FD
__vbaNew2.MSVBVM60(004099E4,004333CC), ref: 00425711
__vbaHresultCheckObj.MSVBVM60(00000000,021AE9C4,004099D4,00000014), ref: 0042573C
__vbaHresultCheckObj.MSVBVM60(00000000,?,00409AAC,00000118), ref: 0042576A
__vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 0042576F
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00425778
__vbaNew2.MSVBVM60(0040A14C,00433010), ref: 00425791
__vbaObjSet.MSVBVM60(?,00000000), ref: 004257AA
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409A48,000000C8), ref: 004257D1
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 004257DC
__vbaFreeStr.MSVBVM60(00425804), ref: 004257FC
__vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00425801

Memory Dump Source

Source File: 00000000.00000002.854921112.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.854909506.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.854975497.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.854982624.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$Free$CheckHresult$CopyNew2
String ID:
API String ID: 336985134-0
Opcode ID: 262861fa027554f53a9023cd1df400ece65399482f6a254a919458dfeeb17009
Instruction ID: 00a320610a2f3e0550b02398e2007c94e90aa8d7e9ada67d49e3611233cf5d10
Opcode Fuzzy Hash: 262861fa027554f53a9023cd1df400ece65399482f6a254a919458dfeeb17009
Instruction Fuzzy Hash: 24415D74A40218EBCB04DF95DD84EEEBBB8FF98700F14802AE505B72A0C6785901CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 0042D3D0, Relevance: 18.1, APIs: 12, Instructions: 117
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaNew2.MSVBVM60(0040A14C,00433010), ref: 0042D41D
__vbaObjSet.MSVBVM60(?,00000000), ref: 0042D43C
__vbaNew2.MSVBVM60(0040A14C,00433010), ref: 0042D458
__vbaObjSet.MSVBVM60(?,00000000), ref: 0042D471
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409A04,00000130), ref: 0042D494
__vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0042D4C3
__vbaStrVarMove.MSVBVM60(00000000), ref: 0042D4CD
__vbaStrMove.MSVBVM60 ref: 0042D4D8
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409964,000001EC), ref: 0042D4F8
__vbaFreeStr.MSVBVM60 ref: 0042D501
__vbaFreeObjList.MSVBVM60(00000003,?,?,?), ref: 0042D515
__vbaFreeVar.MSVBVM60 ref: 0042D521

Memory Dump Source

Source File: 00000000.00000002.854921112.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.854909506.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.854975497.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.854982624.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$Free$CheckHresultMoveNew2$CallLateList
String ID:
API String ID: 3081447974-0
Opcode ID: d41607fada56a4b3720f887fbf58355d561b35123c612f0d49bfdf02f3c889a5
Instruction ID: 1e67fcaa09465789bc4eb783a7e738a20273f9ac9e7247e845b252cccaf01c55
Opcode Fuzzy Hash: d41607fada56a4b3720f887fbf58355d561b35123c612f0d49bfdf02f3c889a5
Instruction Fuzzy Hash: 56414DB4A00204AFDB04DFA4DD49F9EBBB8FB48701F14442AF545F7261D638A945CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00424930, Relevance: 15.1, APIs: 10, Instructions: 107
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaStrCopy.MSVBVM60 ref: 00424979
__vbaNew2.MSVBVM60(0040A14C,00433010), ref: 00424992
__vbaObjSet.MSVBVM60(?,00000000), ref: 004249B1
__vbaNew2.MSVBVM60(0040A14C,00433010), ref: 004249CD
__vbaObjSet.MSVBVM60(?,00000000), ref: 004249E6
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409954,000000F0), ref: 00424A09
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409964,000001EC), ref: 00424A49
__vbaFreeStr.MSVBVM60 ref: 00424A52
__vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 00424A62
__vbaFreeStr.MSVBVM60(00424A99), ref: 00424A92

Memory Dump Source

Source File: 00000000.00000002.854921112.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.854909506.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.854975497.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.854982624.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$Free$CheckHresultNew2$CopyList
String ID:
API String ID: 4130517723-0
Opcode ID: 8f5ba0aae027e5ade5a35dc241098c9ecd1dea7dc7e6ebd4f45459564aea2035
Instruction ID: 8ab0ce02fd4ad78d60563386b133b7b716cd360f17da3511743dd23085d2e806
Opcode Fuzzy Hash: 8f5ba0aae027e5ade5a35dc241098c9ecd1dea7dc7e6ebd4f45459564aea2035
Instruction Fuzzy Hash: 314181B4A40215AFCB04DFA8DD49FAEBBB8FB48701F10406AF505F7251D7789905CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00425830, Relevance: 13.5, APIs: 9, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,00401746), ref: 00425870
__vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,00401746), ref: 00425878
__vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,00401746), ref: 00425880
__vbaCyStr.MSVBVM60(00409AC0,?,?,?,?,?,?,?,00401746), ref: 00425887
__vbaFpCmpCy.MSVBVM60(00000000,?,?,?,?,?,?,?,?,00401746), ref: 00425895
#569.MSVBVM60(0000002F,?,?,?,?,?,?,?,?,00401746), ref: 004258A1
__vbaFreeStr.MSVBVM60(004258C3,?,?,?,?,?,?,?,?,00401746), ref: 004258B6
__vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,00401746), ref: 004258BB
__vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,00401746), ref: 004258C0

Memory Dump Source

Source File: 00000000.00000002.854921112.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.854909506.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.854975497.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.854982624.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$CopyFree$#569
String ID:
API String ID: 3911904416-0
Opcode ID: 5edaf88591391681e2145a8739ccb91f35755f997f98929e0ecf3979915413c6
Instruction ID: d6ef5a4df48c5f6f6e330365a7503caf813aa0cdbaaf88e781f996121f92ec88
Opcode Fuzzy Hash: 5edaf88591391681e2145a8739ccb91f35755f997f98929e0ecf3979915413c6
Instruction Fuzzy Hash: 86111B70D0025EDBCB00EFA4EE45AEEBBB8EF48700F10416AA505B31A4DB746A45CFE5

Uniqueness

Uniqueness Score: -1.00%

Function 00424BE0, Relevance: 12.1, APIs: 8, Instructions: 114COMMON

Download Yara Rule

APIs

__vbaNew2.MSVBVM60(0040A14C,00433010), ref: 00424C24
__vbaObjSet.MSVBVM60(?,00000000), ref: 00424C3D
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409974,000001CC), ref: 00424CC4
__vbaFreeObj.MSVBVM60 ref: 00424CD3
__vbaNew2.MSVBVM60(0040A14C,00433010), ref: 00424CE8
__vbaObjSet.MSVBVM60(?,00000000), ref: 00424D01
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409954,000001C8), ref: 00424D28
__vbaFreeObj.MSVBVM60 ref: 00424D37

Memory Dump Source

Source File: 00000000.00000002.854921112.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.854909506.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.854975497.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.854982624.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$CheckFreeHresultNew2
String ID:
API String ID: 1645334062-0
Opcode ID: 82f292988a600778a974090e1fa1679200118610c53313007266a650490cac74
Instruction ID: d1ecdfbbf56c062021e6928b3cd5bc998c80f1fdfa5d5ae707005e099290dd8c
Opcode Fuzzy Hash: 82f292988a600778a974090e1fa1679200118610c53313007266a650490cac74
Instruction Fuzzy Hash: CF4160B4A012049FCB08DFA9D989A9ABBF4FF4C701F10846AE505EB365D7389901CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 00425240, Relevance: 12.1, APIs: 8, Instructions: 97COMMON

Download Yara Rule

APIs

#672.MSVBVM60(00000000,40080000,00000000,3FF00000,00000000,3FF00000,00000000,3FF00000), ref: 004252A1
__vbaFpR8.MSVBVM60 ref: 004252A7
__vbaNew2.MSVBVM60(004099E4,004333CC), ref: 004252D0
__vbaHresultCheckObj.MSVBVM60(00000000,021AE9C4,004099D4,0000001C), ref: 004252F5
__vbaHresultCheckObj.MSVBVM60(00000000,?,004099F4,0000005C), ref: 00425339
__vbaStrMove.MSVBVM60 ref: 0042534C
__vbaFreeObj.MSVBVM60 ref: 00425355
__vbaFreeStr.MSVBVM60(0042538E), ref: 00425387

Memory Dump Source

Source File: 00000000.00000002.854921112.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.854909506.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.854975497.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.854982624.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$CheckFreeHresult$#672MoveNew2
String ID:
API String ID: 2213023555-0
Opcode ID: d03bc499453449d9573a4e8ef43a5397d45b3028cbeedebbf62b4f665515c7fc
Instruction ID: a290a1b5633ba569a80f4364f7eb58ab6e41390aae3439afe5c06b49b155ed99
Opcode Fuzzy Hash: d03bc499453449d9573a4e8ef43a5397d45b3028cbeedebbf62b4f665515c7fc
Instruction Fuzzy Hash: 24314EB0900609ABCB10DF95DD88B9EBBB8FF48740F20805AE905B72A4C7785941CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 00431D50, Relevance: 12.1, APIs: 8, Instructions: 92COMMON

Download Yara Rule

APIs

__vbaNew2.MSVBVM60(0040A14C,00433010,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00431D94
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00431DB3
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409974,000001C8), ref: 00431DF2
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00431E01
__vbaNew2.MSVBVM60(0040A14C,00433010,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00431E16
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00431E2F
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409A04,00000088), ref: 00431E52
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00431E61

Memory Dump Source

Source File: 00000000.00000002.854921112.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.854909506.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.854975497.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.854982624.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$CheckFreeHresultNew2
String ID:
API String ID: 1645334062-0
Opcode ID: 2f3f9f7953b95640d5d1df3913257cee278f01467711dc498cf2c8fcb9e06386
Instruction ID: 116ad077078038e6493d67b0fe859829927b69f7f06258b5196f1853de7dd26e
Opcode Fuzzy Hash: 2f3f9f7953b95640d5d1df3913257cee278f01467711dc498cf2c8fcb9e06386
Instruction Fuzzy Hash: AE316274A40304ABCB14DFA9C989F9ABBB8FF4C701F108529F545E73A5D7389901CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00424AC0, Relevance: 12.1, APIs: 8, Instructions: 75COMMON

Download Yara Rule

APIs

__vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424B0C
__vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424B14
__vbaNew2.MSVBVM60(0040A14C,00433010,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424B29
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424B42
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409954,00000220), ref: 00424B85
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424B8E
__vbaFreeStr.MSVBVM60(00424BB6,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424BAE
__vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424BB3

Memory Dump Source

Source File: 00000000.00000002.854921112.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.854909506.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.854975497.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.854982624.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$Free$Copy$CheckHresultNew2
String ID:
API String ID: 1874231197-0
Opcode ID: b3de2741a884ba66c6e0dc536366742fc49d0bd61385298be0de65dd2914f2d8
Instruction ID: 5322bd1987205389bf6d946a79716689a0e8260190b249c2e899f9ee9d0b38b0
Opcode Fuzzy Hash: b3de2741a884ba66c6e0dc536366742fc49d0bd61385298be0de65dd2914f2d8
Instruction Fuzzy Hash: 6F215175E00219DFCB04DFA9D989A9EBFB8FF4C300F10816AE515A72A5C778A941CF94

Uniqueness

Uniqueness Score: -1.00%

Function 00424F30, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 64
COMMON

Download Yara Rule

C-Code - Quality: 20%

			E00424F30(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v28;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v44;
				intOrPtr* _t19;
				intOrPtr* _t21;
				intOrPtr* _t23;
				void* _t26;
				intOrPtr* _t28;
				intOrPtr* _t38;
				void* _t39;
				void* _t41;
				intOrPtr _t42;
				intOrPtr _t43;

				_t42 = _t41 - 0xc;
				 *[fs:0x0] = _t42;
				_t43 = _t42 - 0x28;
				_v16 = _t43;
				_v12 = 0x401208;
				_v8 = 0;
				_t19 = _a4;
				 *((intOrPtr*)( *_t19 + 4))(_t19, __edi, __esi, __ebx,  *[fs:0x0], 0x401746, _t39);
				_t21 =  *0x433010; // 0x45ff38
				_v28 = 0;
				_v32 = 0;
				if(_t21 == 0) {
					__imp____vbaNew2(0x40a14c, 0x433010);
					_t21 =  *0x433010; // 0x45ff38
				}
				_t23 =  &_v32;
				__imp____vbaObjSet(_t23,  *((intOrPtr*)( *_t21 + 0x354))(_t21));
				_t28 = _t43 - 0x10;
				 *_t28 = 0xa;
				_t38 = _t23;
				 *((intOrPtr*)(_t28 + 4)) = _v44;
				 *((intOrPtr*)(_t28 + 8)) = 0x80020004;
				 *((intOrPtr*)(_t28 + 0xc)) = _v36;
				_t26 =  *((intOrPtr*)( *_t38 + 0x1ec))(_t38, L"PHACOCELE");
				asm("fclex");
				if(_t26 < 0) {
					__imp____vbaHresultCheckObj(_t26, _t38, 0x409964, 0x1ec);
				}
				__imp____vbaFreeObj();
				_v28 = 0x2be5;
				_push(0x425009);
				return _t26;
			}

0x00424f33
0x00424f42
0x00424f49
0x00424f4f
0x00424f52
0x00424f5b
0x00424f5e
0x00424f64
0x00424f67
0x00424f6e
0x00424f71
0x00424f74
0x00424f80
0x00424f86
0x00424f86
0x00424f95
0x00424f99
0x00424fa2
0x00424fa9
0x00424fae
0x00424fb2
0x00424fba
0x00424fc6
0x00424fc9
0x00424fcf
0x00424fd3
0x00424fe1
0x00424fe1
0x00424fea
0x00424ff0
0x00424ff7
0x00000000

APIs

__vbaNew2.MSVBVM60(0040A14C,00433010,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424F80
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424F99
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409964,000001EC), ref: 00424FE1
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424FEA

Strings

PHACOCELE, xrefs: 00424FC0
+, xrefs: 00424FF0

Memory Dump Source

Source File: 00000000.00000002.854921112.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.854909506.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.854975497.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.854982624.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$CheckFreeHresultNew2
String ID: PHACOCELE$+
API String ID: 1645334062-1228347243
Opcode ID: 12b9ce720c898f97ba00850c8f5fb71147afbdd739971cbbb8621d5f4e07d0e8
Instruction ID: d59e37c62d2e5d766b26790879dabc63d50207eaaf69630922185673f52cbc59
Opcode Fuzzy Hash: 12b9ce720c898f97ba00850c8f5fb71147afbdd739971cbbb8621d5f4e07d0e8
Instruction Fuzzy Hash: 972180B4A00304ABCB04DF99DD89B9ABBB8FB49701F10856AF505E7291C3789901CB94

Uniqueness

Uniqueness Score: -1.00%

Function 004259D0, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 49COMMON

Download Yara Rule

APIs

__vbaVarDup.MSVBVM60 ref: 00425A27
#687.MSVBVM60(?,?), ref: 00425A35
__vbaDateVar.MSVBVM60(?), ref: 00425A3F
__vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 00425A51

Strings

7-7-7, xrefs: 00425A19
Lu, xrefs: 00425A5A

Memory Dump Source

Source File: 00000000.00000002.854921112.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.854909506.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.854975497.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.854982624.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$#687DateFreeList
String ID: 7-7-7$Lu
API String ID: 3303533072-1249225327
Opcode ID: facbad71416659fbb2e9bc7a4ffa1e8d0139a3acc9ad01944beeb1cc8f9dcaa8
Instruction ID: 8ca2dbe8ab4f1f5649ded12f3ea8614846f4dd31889bb755d75bc59398dcdd18
Opcode Fuzzy Hash: facbad71416659fbb2e9bc7a4ffa1e8d0139a3acc9ad01944beeb1cc8f9dcaa8
Instruction Fuzzy Hash: 22110AB1C10228EBCB00DFD4DD89ADEBBB8FB48B04F04415AF501A7650D7B85505CF94

Uniqueness

Uniqueness Score: -1.00%

Function 00425190, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

#669.MSVBVM60(?,?,?,?,?,?,?,00401746), ref: 004251CA
__vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,00401746), ref: 004251D5
__vbaStrCmp.MSVBVM60(Distriktsbladet6,00000000,?,?,?,?,?,?,?,00401746), ref: 004251E1
__vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,00401746), ref: 004251F3
#568.MSVBVM60(0000003C,?,?,?,?,?,?,?,00401746), ref: 00425200

Strings

Distriktsbladet6, xrefs: 004251DC

Memory Dump Source

Source File: 00000000.00000002.854921112.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.854909506.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.854975497.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.854982624.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$#568#669FreeMove
String ID: Distriktsbladet6
API String ID: 2447501155-846783287
Opcode ID: 966450b06de21ed9c13c1a808149436ab6664e89ca7304e9e6358e800033aaaf
Instruction ID: 61cd527bcf450c51f942b67c3faaedb5405b7962db3e9bdf1a35c1bc71e14c92
Opcode Fuzzy Hash: 966450b06de21ed9c13c1a808149436ab6664e89ca7304e9e6358e800033aaaf
Instruction Fuzzy Hash: 3201A275D00614EBC700AFA4DD49AAFBBB8EB45B00F908166F942F36A0C7385945CF95

Uniqueness

Uniqueness Score: -1.00%

Function 00425040, Relevance: 9.1, APIs: 6, Instructions: 91COMMON

Download Yara Rule

APIs

__vbaStrCopy.MSVBVM60 ref: 00425083
__vbaNew2.MSVBVM60(0040A14C,00433010), ref: 0042509C
__vbaObjSet.MSVBVM60(?,00000000), ref: 004250B5
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409974,000001CC), ref: 0042513C
__vbaFreeObj.MSVBVM60 ref: 00425145
__vbaFreeStr.MSVBVM60(00425167), ref: 00425160

Memory Dump Source

Source File: 00000000.00000002.854921112.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.854909506.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.854975497.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.854982624.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$Free$CheckCopyHresultNew2
String ID:
API String ID: 4138333463-0
Opcode ID: 36e19c643a749de4c9f98f0f26e3ef9345445dc7676fee39b65dcd88194fdefe
Instruction ID: a776cf2307da792f29ced093327e8248e37be5dbc0af261043c53f96bb4853c4
Opcode Fuzzy Hash: 36e19c643a749de4c9f98f0f26e3ef9345445dc7676fee39b65dcd88194fdefe
Instruction Fuzzy Hash: 7E3108B4E002149FCB04DFA9D989A9ABBF4FF49700F10C06AE509AB365D7389902CF95

Uniqueness

Uniqueness Score: -1.00%

Function 00424E20, Relevance: 9.1, APIs: 6, Instructions: 67COMMON

Download Yara Rule

APIs

__vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424E63
__vbaNew2.MSVBVM60(0040A14C,00433010,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424E7C
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424E95
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409974,000001C8), ref: 00424ED8
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424EE1
__vbaFreeStr.MSVBVM60(00424F02,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424EFB

Memory Dump Source

Source File: 00000000.00000002.854921112.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.854909506.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.854975497.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.854982624.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$Free$CheckCopyHresultNew2
String ID:
API String ID: 4138333463-0
Opcode ID: 14df62b4e661472db2697c04a30383ec9d51b0f6c21ff4f63978a15009101c4f
Instruction ID: e93f92d18b185c2069a199da7afe3e2a4c956638d36d99257852b577961b8e79
Opcode Fuzzy Hash: 14df62b4e661472db2697c04a30383ec9d51b0f6c21ff4f63978a15009101c4f
Instruction Fuzzy Hash: 87217174A40204DFCB04DFA9D989EAABBB8FF49301F10806AF515E72A5C7389941CF94

Uniqueness

Uniqueness Score: -1.00%

Function 00425B90, Relevance: 9.1, APIs: 6, Instructions: 57COMMON

Download Yara Rule

APIs

__vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,00401746), ref: 00425BD3
__vbaNew2.MSVBVM60(0040A14C,00433010,?,?,?,?,?,?,?,?,00401746), ref: 00425BEC
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,00401746), ref: 00425C05
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409A04,000001AC,?,?,?,?,?,?,?,?,00401746), ref: 00425C28
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,00401746), ref: 00425C31
__vbaFreeStr.MSVBVM60(00425C52,?,?,?,?,?,?,?,?,00401746), ref: 00425C4B

Memory Dump Source

Source File: 00000000.00000002.854921112.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.854909506.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.854975497.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.854982624.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$Free$CheckCopyHresultNew2
String ID:
API String ID: 4138333463-0
Opcode ID: 756f6b035e32b18ac07c3f37c8a7dece15b309214154d09f0be6497812d20786
Instruction ID: 5e3db1a9c3429f9f3288b209a0862c076ad3080f2d8b6768de989c50c96a5040
Opcode Fuzzy Hash: 756f6b035e32b18ac07c3f37c8a7dece15b309214154d09f0be6497812d20786
Instruction Fuzzy Hash: BA118E74A00204EFCB04DFA5DA49EAEBBB8FF49701F104466F555E72A0D7385902CF98

Uniqueness

Uniqueness Score: -1.00%

Function 004258E0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62
COMMON

Download Yara Rule

C-Code - Quality: 19%

			E004258E0(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v28;
				intOrPtr _v32;
				intOrPtr _v40;
				intOrPtr* _t17;
				intOrPtr* _t19;
				intOrPtr* _t21;
				void* _t24;
				intOrPtr* _t26;
				intOrPtr* _t36;
				void* _t37;
				void* _t39;
				intOrPtr _t40;
				intOrPtr _t41;

				_t40 = _t39 - 0xc;
				 *[fs:0x0] = _t40;
				_t41 = _t40 - 0x24;
				_v16 = _t41;
				_v12 = 0x401290;
				_v8 = 0;
				_t17 = _a4;
				 *((intOrPtr*)( *_t17 + 4))(_t17, __edi, __esi, __ebx,  *[fs:0x0], 0x401746, _t37);
				_t19 =  *0x433010; // 0x45ff38
				_v28 = 0;
				if(_t19 == 0) {
					__imp____vbaNew2(0x40a14c, 0x433010);
					_t19 =  *0x433010; // 0x45ff38
				}
				_t21 =  &_v28;
				__imp____vbaObjSet(_t21,  *((intOrPtr*)( *_t19 + 0x358))(_t19));
				_t26 = _t41 - 0x10;
				 *_t26 = 0xa;
				_t36 = _t21;
				 *((intOrPtr*)(_t26 + 4)) = _v40;
				 *((intOrPtr*)(_t26 + 8)) = 0x80020004;
				 *((intOrPtr*)(_t26 + 0xc)) = _v32;
				_t24 =  *((intOrPtr*)( *_t36 + 0x1ec))(_t36, L"Rubedity");
				asm("fclex");
				if(_t24 < 0) {
					__imp____vbaHresultCheckObj(_t24, _t36, 0x409adc, 0x1ec);
				}
				__imp____vbaFreeObj();
				_push(0x4259af);
				return _t24;
			}

0x004258e3
0x004258f2
0x004258f9
0x004258ff
0x00425902
0x0042590b
0x0042590e
0x00425914
0x00425917
0x0042591e
0x00425921
0x0042592d
0x00425933
0x00425933
0x00425942
0x00425946
0x0042594f
0x00425956
0x0042595b
0x0042595f
0x00425967
0x00425973
0x00425976
0x0042597c
0x00425980
0x0042598e
0x0042598e
0x00425997
0x0042599d
0x00000000

APIs

__vbaNew2.MSVBVM60(0040A14C,00433010,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 0042592D
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00425946
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409ADC,000001EC), ref: 0042598E
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00425997

Strings

Rubedity, xrefs: 0042596D

Memory Dump Source

Source File: 00000000.00000002.854921112.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.854909506.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.854975497.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.854982624.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$CheckFreeHresultNew2
String ID: Rubedity
API String ID: 1645334062-1230464931
Opcode ID: 989ac7d9801ea6c6c6b649e1053860ae0993d9f268a224562a69b06ed4e314cf
Instruction ID: 8edafd98880e749bae474b2feedee2ec17763cbba996a59d16f38de0083cf79d
Opcode Fuzzy Hash: 989ac7d9801ea6c6c6b649e1053860ae0993d9f268a224562a69b06ed4e314cf
Instruction Fuzzy Hash: 6A2193B4A40204EFCB04DF99D989B9ABFF8FB49701F108066F545E7291C6789941CB99

Uniqueness

Uniqueness Score: -1.00%

Function 00424840, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

#660.MSVBVM60(?,?,?,00000001,00000001), ref: 004248A1
__vbaVarTstNe.MSVBVM60(?,?), ref: 004248B9
__vbaFreeVarList.MSVBVM60(00000003,00000002,0000000A,?), ref: 004248CF
#532.MSVBVM60(RESTARTED), ref: 004248E2

Strings

RESTARTED, xrefs: 004248DD

Memory Dump Source

Source File: 00000000.00000002.854921112.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.854909506.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.854975497.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.854982624.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$#532#660FreeList
String ID: RESTARTED
API String ID: 675845651-3446605417
Opcode ID: 6b6f602c2639db14cfcaccee84e22537d62f5a5f5ad6ee7c47f007c81d70a7a4
Instruction ID: d30b72e28953de9f2be757b277d73411f24bdd109367d15f8962842fe040ad4f
Opcode Fuzzy Hash: 6b6f602c2639db14cfcaccee84e22537d62f5a5f5ad6ee7c47f007c81d70a7a4
Instruction Fuzzy Hash: 1C1129B5D40228EBDB00DF94DD89FDEBBB8FB48B00F50421AF505B2290D7B81548CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00425D00, Relevance: 7.6, APIs: 5, Instructions: 60COMMON

Download Yara Rule

APIs

__vbaOnError.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00425D44
__vbaNew2.MSVBVM60(0040A14C,00433010,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00425D5D
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00425D76
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409A04,00000140,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00425D9D
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00401746), ref: 00425DAC

Memory Dump Source

Source File: 00000000.00000002.854921112.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.854909506.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.854975497.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.854982624.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$CheckErrorFreeHresultNew2
String ID:
API String ID: 3750743295-0
Opcode ID: b14b221676cf48712972c40fd7c865dc5584e7cbc0213bc3e250b950899d8b99
Instruction ID: aebd9c64966058db610805d6956d2aca9fa7e8320958a7938f1e966658d03e7a
Opcode Fuzzy Hash: b14b221676cf48712972c40fd7c865dc5584e7cbc0213bc3e250b950899d8b99
Instruction Fuzzy Hash: 75215C74A40214ABCB10DF96CA49E9EBBF8FF89701F10446AF551F72A0C77859018FA8

Uniqueness

Uniqueness Score: -1.00%

Function 00424D70, Relevance: 7.5, APIs: 5, Instructions: 35COMMON

Download Yara Rule

APIs

__vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424DAA
#546.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424DB4
__vbaVarMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424DC0
__vbaFreeVar.MSVBVM60(00424DF8), ref: 00424DE8
__vbaFreeStr.MSVBVM60 ref: 00424DF1

Memory Dump Source

Source File: 00000000.00000002.854921112.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.854909506.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.854975497.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.854982624.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$Free$#546CopyMove
String ID:
API String ID: 2278598164-0
Opcode ID: 7a11eb6d7ed8b28ed0475e178c5beb416b3c73dd893bc135aea1a441c7e50e83
Instruction ID: 48cc0dd06087de835e62770d10066453df31cd834c61ba1c00de49ae01419032
Opcode Fuzzy Hash: 7a11eb6d7ed8b28ed0475e178c5beb416b3c73dd893bc135aea1a441c7e50e83
Instruction Fuzzy Hash: 14010870D00209ABCF04DFA4DA88ADEBBB8FB08701F108426E511B6164EB386505CF68

Uniqueness

Uniqueness Score: -1.00%

Function 0042D750, Relevance: 6.1, APIs: 4, Instructions: 85
COMMON

Download Yara Rule

C-Code - Quality: 19%

			E0042D750(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v56;
				intOrPtr _v64;
				intOrPtr _v72;
				intOrPtr* _t31;
				intOrPtr* _t33;
				intOrPtr* _t35;
				intOrPtr* _t40;
				void* _t41;
				intOrPtr* _t43;
				intOrPtr* _t47;
				intOrPtr* _t60;
				void* _t61;
				void* _t63;
				intOrPtr _t64;
				intOrPtr _t65;
				intOrPtr* _t66;
				intOrPtr* _t67;

				_t64 = _t63 - 0xc;
				 *[fs:0x0] = _t64;
				_t65 = _t64 - 0x44;
				_v16 = _t65;
				_v12 = 0x4016a8;
				_v8 = 0;
				_t31 = _a4;
				 *((intOrPtr*)( *_t31 + 4))(_t31, __edi, __esi, __ebx,  *[fs:0x0], 0x401746, _t61);
				_t33 =  *0x433010; // 0x45ff38
				_v28 = 0;
				if(_t33 == 0) {
					__imp____vbaNew2(0x40a14c, 0x433010);
					_t33 =  *0x433010; // 0x45ff38
				}
				_t35 =  &_v28;
				__imp____vbaObjSet(_t35,  *((intOrPtr*)( *_t33 + 0x3b4))(_t33));
				_t66 = _t65 - 0x10;
				_t60 = _t35;
				_t43 = _t66;
				 *_t43 = 0xa;
				_v44 = 0xa;
				 *((intOrPtr*)(_t43 + 4)) = _v72;
				 *((intOrPtr*)(_t43 + 8)) = 0x80020004;
				 *((intOrPtr*)(_t43 + 0xc)) = _v64;
				_t67 = _t66 - 0x10;
				_t47 = _t67;
				 *_t47 = 0xa;
				 *((intOrPtr*)(_t47 + 4)) = _v56;
				 *((intOrPtr*)(_t47 + 8)) = 0x80020004;
				_v36 = 0x80020004;
				 *((intOrPtr*)(_t47 + 0xc)) = _v48;
				_t40 = _t67 - 0x10;
				 *_t40 = _v44;
				 *((intOrPtr*)(_t40 + 4)) = _v40;
				 *((intOrPtr*)(_t40 + 8)) = _v36;
				 *((intOrPtr*)(_t40 + 0xc)) = _v32;
				_t41 =  *((intOrPtr*)( *_t60 + 0x1d0))(_t60, 0x46e36000);
				asm("fclex");
				if(_t41 < 0) {
					__imp____vbaHresultCheckObj(_t41, _t60, 0x409b10, 0x1d0);
				}
				__imp____vbaFreeObj();
				asm("wait");
				_push(0x42d85f);
				return _t41;
			}

0x0042d753
0x0042d762
0x0042d769
0x0042d76f
0x0042d772
0x0042d77b
0x0042d77e
0x0042d784
0x0042d787
0x0042d78e
0x0042d791
0x0042d79d
0x0042d7a3
0x0042d7a3
0x0042d7b2
0x0042d7b6
0x0042d7bc
0x0042d7bf
0x0042d7c1
0x0042d7ca
0x0042d7cc
0x0042d7d2
0x0042d7dc
0x0042d7e2
0x0042d7e5
0x0042d7e8
0x0042d7ef
0x0042d7f4
0x0042d7f7
0x0042d7fa
0x0042d800
0x0042d80c
0x0042d80e
0x0042d813
0x0042d81e
0x0042d822
0x0042d825
0x0042d82b
0x0042d82f
0x0042d83d
0x0042d83d
0x0042d846
0x0042d84c
0x0042d84d
0x00000000

APIs

__vbaNew2.MSVBVM60(0040A14C,00433010), ref: 0042D79D
__vbaObjSet.MSVBVM60(?,00000000), ref: 0042D7B6
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409B10,000001D0), ref: 0042D83D
__vbaFreeObj.MSVBVM60 ref: 0042D846

Memory Dump Source

Source File: 00000000.00000002.854921112.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.854909506.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.854975497.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.854982624.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$CheckFreeHresultNew2
String ID:
API String ID: 1645334062-0
Opcode ID: 7318501d0b8fdda0203af5e902a68bcf169e8258f1a52df0951113e99549986f
Instruction ID: 70f56478985c9cd3eb8c434365a541da73a9ac384ad3b08b42247f68221efb92
Opcode Fuzzy Hash: 7318501d0b8fdda0203af5e902a68bcf169e8258f1a52df0951113e99549986f
Instruction Fuzzy Hash: 14311AB4E002049FCB04DFA8D985A9ABBF8FF48700F20C46AE409AB355D7399801CF94

Uniqueness

Uniqueness Score: -1.00%

Function 0042DC30, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

__vbaNew2.MSVBVM60(0040A14C,00433010,?,?,?,?,?,?,?,?,00401746), ref: 0042DC80
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,00401746), ref: 0042DC99
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409A04,000001A8,?,?,?,?,?,?,?,?,00401746), ref: 0042DCBC
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,00401746), ref: 0042DCC5

Memory Dump Source

Source File: 00000000.00000002.854921112.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.854909506.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.854975497.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.854982624.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$CheckFreeHresultNew2
String ID:
API String ID: 1645334062-0
Opcode ID: 3d57fab9576f8edc24bb3d88d15002d814a24de4e89215d3f0bad1a7daa73ffa
Instruction ID: 64216d29a521869ad124ed06d40b43ff42c95b0837524ed37390eafe3a59424f
Opcode Fuzzy Hash: 3d57fab9576f8edc24bb3d88d15002d814a24de4e89215d3f0bad1a7daa73ffa
Instruction Fuzzy Hash: 11114FB4E40204ABC700DF96DD49B9ABBBCFF59701F604426F551E72A0C7785941CA99

Uniqueness

Uniqueness Score: -1.00%

Function 00425AB0, Relevance: 6.1, APIs: 4, Instructions: 53
COMMON

Download Yara Rule

C-Code - Quality: 18%

			E00425AB0(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v28;
				char _v32;
				intOrPtr* _t14;
				intOrPtr* _t16;
				intOrPtr* _t18;
				void* _t19;
				intOrPtr* _t28;
				void* _t29;
				void* _t31;
				intOrPtr _t32;

				_t32 = _t31 - 0xc;
				 *[fs:0x0] = _t32;
				_v16 = _t32 - 0x18;
				_v12 = 0x4012b0;
				_v8 = 0;
				_t14 = _a4;
				 *((intOrPtr*)( *_t14 + 4))(_t14, __edi, __esi, __ebx,  *[fs:0x0], 0x401746, _t29);
				_t16 =  *0x433010; // 0x45ff38
				_v28 = 0;
				_v32 = 0;
				if(_t16 == 0) {
					__imp____vbaNew2(0x40a14c, 0x433010);
					_t16 =  *0x433010; // 0x45ff38
				}
				_t18 =  &_v32;
				__imp____vbaObjSet(_t18,  *((intOrPtr*)( *_t16 + 0x378))(_t16));
				_t28 = _t18;
				_t19 =  *((intOrPtr*)( *_t28 + 0x21c))(_t28);
				asm("fclex");
				if(_t19 < 0) {
					__imp____vbaHresultCheckObj(_t19, _t28, 0x409954, 0x21c);
				}
				__imp____vbaFreeObj();
				_v28 = 0x4c22e;
				_push(0x425b64);
				return _t19;
			}

0x00425ab3
0x00425ac2
0x00425acf
0x00425ad2
0x00425adb
0x00425ade
0x00425ae4
0x00425ae7
0x00425aee
0x00425af1
0x00425af4
0x00425b00
0x00425b06
0x00425b06
0x00425b15
0x00425b19
0x00425b1f
0x00425b24
0x00425b2a
0x00425b2e
0x00425b3c
0x00425b3c
0x00425b45
0x00425b4b
0x00425b52
0x00000000

APIs

__vbaNew2.MSVBVM60(0040A14C,00433010,?,?,?,?,?,?,?,?,00401746), ref: 00425B00
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,00401746), ref: 00425B19
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409954,0000021C,?,?,?,?,?,?,?,?,00401746), ref: 00425B3C
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,00401746), ref: 00425B45

Memory Dump Source

Source File: 00000000.00000002.854921112.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.854909506.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.854975497.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.854982624.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$CheckFreeHresultNew2
String ID:
API String ID: 1645334062-0
Opcode ID: c0adb74df300532787617fb9f7d3334b1765759aff83d8e8979fb064e4e6de2c
Instruction ID: 42bfde65fcf0389ef10ed57bcc65d986bcef6efdfb101c90a025bbd7737f0359
Opcode Fuzzy Hash: c0adb74df300532787617fb9f7d3334b1765759aff83d8e8979fb064e4e6de2c
Instruction Fuzzy Hash: C0119EB8E40604ABC710DFA5DA89F9AFFB8FF58701F204466F551E72A1C77859018B98

Uniqueness

Uniqueness Score: -1.00%

Function 004253C0, Relevance: 6.1, APIs: 4, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 17%

			E004253C0(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v28;
				intOrPtr* _t12;
				intOrPtr* _t14;
				intOrPtr* _t16;
				void* _t17;
				intOrPtr* _t26;
				void* _t27;
				void* _t29;
				intOrPtr _t30;

				_t30 = _t29 - 0xc;
				 *[fs:0x0] = _t30;
				_v16 = _t30 - 0x14;
				_v12 = 0x401250;
				_v8 = 0;
				_t12 = _a4;
				 *((intOrPtr*)( *_t12 + 4))(_t12, __edi, __esi, __ebx,  *[fs:0x0], 0x401746, _t27);
				_t14 =  *0x433010; // 0x45ff38
				_v28 = 0;
				if(_t14 == 0) {
					__imp____vbaNew2(0x40a14c, 0x433010);
					_t14 =  *0x433010; // 0x45ff38
				}
				_t16 =  &_v28;
				__imp____vbaObjSet(_t16,  *((intOrPtr*)( *_t14 + 0x338))(_t14));
				_t26 = _t16;
				_t17 =  *((intOrPtr*)( *_t26 + 0x1ac))(_t26);
				asm("fclex");
				if(_t17 < 0) {
					__imp____vbaHresultCheckObj(_t17, _t26, 0x409a04, 0x1ac);
				}
				__imp____vbaFreeObj();
				_push(0x42546a);
				return _t17;
			}

0x004253c3
0x004253d2
0x004253df
0x004253e2
0x004253eb
0x004253ee
0x004253f4
0x004253f7
0x004253fe
0x00425401
0x0042540d
0x00425413
0x00425413
0x00425422
0x00425426
0x0042542c
0x00425431
0x00425437
0x0042543b
0x00425449
0x00425449
0x00425452
0x00425458
0x00000000

APIs

__vbaNew2.MSVBVM60(0040A14C,00433010,?,?,?,?,?,?,?,00401746), ref: 0042540D
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,00401746), ref: 00425426
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409A04,000001AC,?,?,?,?,?,?,?,00401746), ref: 00425449
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,00401746), ref: 00425452

Memory Dump Source

Source File: 00000000.00000002.854921112.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.854909506.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.854975497.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.854982624.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$CheckFreeHresultNew2
String ID:
API String ID: 1645334062-0
Opcode ID: 15066cf2bc776ccd6f280a9b0d227e33fa94bddf631f485540b6e2bf07da5dc4
Instruction ID: 76f6a4e4ac2d6c6b8d4e0d48d8693851c14c2989a070a5c6ca1b50774761b537
Opcode Fuzzy Hash: 15066cf2bc776ccd6f280a9b0d227e33fa94bddf631f485540b6e2bf07da5dc4
Instruction Fuzzy Hash: 2A117C74A40604ABC700EFA5DD89B9ABBB8FB49701F104466F542E72A1C77899418AA9

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report RICHIESTA DI OFFERTA.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: GuLoader

Yara Overview

Memory Dumps

Sigma Overview

Jbx Signature Overview

AV Detection:

Compliance:

Networking:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Network Behavior

Code Manipulations

Statistics

CPU Usage

Memory Usage

System Behavior

Analysis Process: RICHIESTA DI OFFERTA.exe PID: 3448 Parent PID: 5876

General

Chronological Activities

Disassembly

Code Analysis

Analysis Process: RICHIESTA DI OFFERTA.exe PID: 3448 Parent PID: 5876 RICHIESTA DI OFFERTA.exeCOMMON

Execution Graph

Graph

Function 00431EA0, Relevance: 68.5, APIs: 37, Strings: 2, Instructions: 263
COMMON

Function 0040BD48, Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 103
COMMON

Function 004019B0, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 189
COMMON

Function 0040BCB9, Relevance: 46.8, APIs: 31, Instructions: 287
COMMON

Function 0042DD10, Relevance: 40.4, APIs: 21, Strings: 2, Instructions: 163
COMMON

Function 0042D590, Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 127
COMMON

Function 00425490, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 130
COMMON

Function 0042DA30, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 140
COMMON