Play interactive tour

Edit tour

Windows Analysis Report RICHIESTA DI OFFERTA.exe

Overview

General Information

Sample Name:	RICHIESTA DI OFFERTA.exe
Analysis ID:	450724
MD5:	73bb5c4b690b8d6df88d6bc18fb3a553
SHA1:	60adddd91b6038fc9d819cf6d647ce3be0b11d38
SHA256:	a3feb5265e6d02710f04ff618e966e9da9ba8fc8dc5692d6f7633fe0a3037b66
Infos:
Most interesting Screenshot:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Detected RDTSC dummy instruction sequence (likely for instruction hammering)

Tries to detect virtualization through RDTSC time measurements

Abnormal high CPU Usage

Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Detected potential crypto function

PE file contains strange resources

Program does not show much activity (idle)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w7x64

RICHIESTA DI OFFERTA.exe (PID: 2660 cmdline: 'C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe' MD5: 73BB5C4B690B8D6DF88D6BC18FB3A553)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: RICHIESTA DI OFFERTA.exe

Virustotal: Detection: 20%

Perma Link

Source: RICHIESTA DI OFFERTA.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe

Process Stats: CPU usage > 98%

Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Memory allocated: 76E20000 page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Memory allocated: 76D20000 page execute and read and write			Jump to behavior

Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_004092BC	0_2_004092BC
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_01DCC329	0_2_01DCC329
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_01DCC5DB	0_2_01DCC5DB
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_01DCC9C1	0_2_01DCC9C1
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_01DCC567	0_2_01DCC567
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_01DCC563	0_2_01DCC563
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_01DCC90C	0_2_01DCC90C
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_01DCDD07	0_2_01DCDD07
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_01DCDD3B	0_2_01DCDD3B
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_01DCC8CA	0_2_01DCC8CA
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_01DCDCC7	0_2_01DCDCC7
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_01DCC816	0_2_01DCC816
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_01DCE033	0_2_01DCE033
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_01DCDB8F	0_2_01DCDB8F
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_01DCCF87	0_2_01DCCF87
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_01DCDBBF	0_2_01DCDBBF
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_01DCC7B8	0_2_01DCC7B8
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_01DCDB55	0_2_01DCDB55
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_01DCCB72	0_2_01DCCB72
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_01DCCB63	0_2_01DCCB63
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_01DCDF14	0_2_01DCDF14
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_01DCCAD7	0_2_01DCCAD7
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_01DCCEE6	0_2_01DCCEE6
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_01DCC6B4	0_2_01DCC6B4
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_01DCCEAA	0_2_01DCCEAA
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_01DCC665	0_2_01DCC665
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_01DCDE3B	0_2_01DCDE3B

Source: RICHIESTA DI OFFERTA.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: RICHIESTA DI OFFERTA.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: RICHIESTA DI OFFERTA.exe, 00000000.00000002.2202591011.0000000000435000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameIndtr8.exe vs RICHIESTA DI OFFERTA.exe
Source: RICHIESTA DI OFFERTA.exe, 00000000.00000002.2202689070.00000000004C0000.00000008.00000001.sdmp	Binary or memory string: OriginalFilenameuser32j% vs RICHIESTA DI OFFERTA.exe
Source: RICHIESTA DI OFFERTA.exe	Binary or memory string: OriginalFilenameIndtr8.exe vs RICHIESTA DI OFFERTA.exe

Source: RICHIESTA DI OFFERTA.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: classification engine

Classification label: mal56.evad.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe

File created: C:\Users\user\AppData\Local\Temp\~DF92EF296CBEA58232.TMP

Jump to behavior

Source: RICHIESTA DI OFFERTA.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe

Section loaded: C:\Windows\SysWOW64\msvbvm60.dll

Jump to behavior

Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: RICHIESTA DI OFFERTA.exe

Virustotal: Detection: 20%

Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_0040C06E push 00000000h; retf	0_2_0040C0B0
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_00406625 push ebp; iretd	0_2_0040662F
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_01DCD1CB push FFFFFFB9h; retf	0_2_01DCD1CD
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_01DCD1F3 push FFFFFFB9h; retf	0_2_01DCD1F5
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_01DCE73F push edi; ret	0_2_01DCE741

Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Detected RDTSC dummy instruction sequence (likely for instruction hammering)

Show sources

Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe

RDTSC instruction interceptor: First address: 0000000001DCE352 second address: 0000000001DCE352 instructions:

Tries to detect virtualization through RDTSC time measurements

Show sources

Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe

RDTSC instruction interceptor: First address: 0000000001DCE352 second address: 0000000001DCE352 instructions:

Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe

Code function: 0_2_01DCC5DB rdtsc

0_2_01DCC5DB

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe

Code function: 0_2_01DCC5DB rdtsc

0_2_01DCC5DB

Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_01DCC5DB mov eax, dword ptr fs:[00000030h]	0_2_01DCC5DB
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_01DCC567 mov eax, dword ptr fs:[00000030h]	0_2_01DCC567
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe	Code function: 0_2_01DCC563 mov eax, dword ptr fs:[00000030h]	0_2_01DCC563

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe

Code function: 0_2_01DCCD39 cpuid

0_2_01DCCD39

Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Obfuscated Files or Information1	OS Credential Dumping	Security Software Discovery21	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	System Information Discovery212	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
RICHIESTA DI OFFERTA.exe	21%	Virustotal		Browse
RICHIESTA DI OFFERTA.exe	9%	ReversingLabs	Win32.Backdoor.Remcos

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	450724
Start date:	19.07.2021
Start time:	16:43:16
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 2s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	RICHIESTA DI OFFERTA.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Run name:	Suspected Instruction Hammering Hide Perf
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.evad.winEXE@1/0@0/0
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 60.9% (good quality ratio 25.5%) Quality average: 22.8% Quality standard deviation: 31.7%
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe Stop behavior analysis, all processes terminated
Warnings:	Show All Exclude process from analysis (whitelisted): dllhost.exe

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.2221702126738
TrID:	Win32 Executable (generic) a (10002005/4) 99.15% Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	RICHIESTA DI OFFERTA.exe
File size:	241664
MD5:	73bb5c4b690b8d6df88d6bc18fb3a553
SHA1:	60adddd91b6038fc9d819cf6d647ce3be0b11d38
SHA256:	a3feb5265e6d02710f04ff618e966e9da9ba8fc8dc5692d6f7633fe0a3037b66
SHA512:	9c023dc66d9bcfb2f5bc0274001d92948ac058fc8765d2178907dfd8fb9885ede57acc3836d583ad97516dce1a97c50f081800b41a1f42ea938efb8b23e87567
SSDEEP:	3072:+3BepJlZa/xao5JKwI7V4R4iUW/qcijw2HJlZapGBR:EiUIo5JKPgU99vHP
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#...B...B...B..L^...B...`...B...d...B..Rich.B..........PE..L...WS.N................. ...................0....@................

File Icon


Icon Hash:	f8fcd4ccf4e4e8d0

Static PE Info

General
Entrypoint:	0x4019b0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL Characteristics:
Time Stamp:	0x4EA15357 [Fri Oct 21 11:11:19 2011 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	e9f7dd0da1a2a1266893e1ae4ef42b67

Entrypoint Preview

Instruction
push 00408AA0h
call 00007F1154DAB7D5h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
cmp byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
outsd
mul byte ptr [ebx+3Fh]
dec esi
outsb
and al, 41h
mov bl, 08h
popad
pop ds
test al, CEh
xchg eax, esi
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax], eax
add byte ptr [eax], al
inc edx
add byte ptr [esi], al
push eax
add dword ptr [ecx], 56h
jne 00007F1154DAB854h
cmp dword ptr fs:[eax], eax
add al, byte ptr [eax]
add byte ptr [eax], al
add bh, bh
int3
xor dword ptr [eax], eax
xor esp, esp
push cs
xchg eax, edx
test eax, 48C3D75Ah
mov gs, bx
test al, CAh
xor esp, esp
xor al, 88h
jecxz 00007F1154DAB80Ah
scasb
and dword ptr [edi-40B94528h], 28h
cmp dword ptr [edx-38D0AA14h], edi
cmp cl, byte ptr [edi-53h]
xor ebx, dword ptr [ecx-48EE309Ah]
or al, 00h
stosb
add byte ptr [eax-2Dh], ah
xchg eax, ebx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
out 6Fh, eax
add byte ptr [eax], al
lea ebp, dword ptr [eax+00h]
add byte ptr [eax], al
add al, 00h
jnc 00007F1154DAB84Ah
add byte ptr [41000401h], cl
jc 00007F1154DAB849h
jne 00007F1154DAB7E2h
sbb dword ptr [ecx], eax
add byte ptr [edx+00h], al
and al, byte ptr [ecx]
and ecx, dword ptr [esi+68h]
add byte ptr [eax], al
insb

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x32234	0x28	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x35000	0x6d0a	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x228	0x20
IMAGE_DIRECTORY_ENTRY_IAT	0x1000	0x1a4	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x318a4	0x32000	False	0.39177734375	data	6.3764832494	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.data	0x33000	0x1290	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x35000	0x6d0a	0x7000	False	0.481689453125	data	5.46300019784	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0x3ae62	0xea8	data
RT_ICON	0x3a5ba	0x8a8	data
RT_ICON	0x39ef2	0x6c8	data
RT_ICON	0x3998a	0x568	GLS_BINARY_LSB_FIRST
RT_ICON	0x373e2	0x25a8	dBase III DBT, version number 0, next free block index 40
RT_ICON	0x3633a	0x10a8	data
RT_ICON	0x359b2	0x988	data
RT_ICON	0x3554a	0x468	GLS_BINARY_LSB_FIRST
RT_GROUP_ICON	0x354d4	0x76	data
RT_VERSION	0x35240	0x294	data	English	United States

Imports

DLL

Import

MSVBVM60.DLL

_CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaAryMove, __vbaLenBstr, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, __vbaLenBstrB, _adj_fdiv_m32, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, _adj_fdivr_m16i, __vbaCyStr, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaAryConstruct2, __vbaI2I4, DllFunctionCall, _adj_fpatan, __vbaLateIdCallLd, EVENT_SINK_Release, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaFpCmpCy, __vbaExceptHandler, __vbaStrToUnicode, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaInStrVar, __vbaDateVar, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaNew2, __vbaVar2Vec, __vbaInStr, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaI4Str, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaLateMemCall, __vbaVarDup, __vbaStrToAnsi, __vbaFpI4, _CIatan, __vbaStrMove, __vbaCastObj, _allmul, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj

Version Infos

Description	Data
Translation	0x0409 0x04b0
LegalCopyright	Socialbakers
InternalName	Indtr8
FileVersion	1.00
CompanyName	Socialbakers
LegalTrademarks	Socialbakers
ProductName	Vurd9
ProductVersion	1.00
OriginalFilename	Indtr8.exe

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

System Behavior

Analysis Process: RICHIESTA DI OFFERTA.exe PID: 2660 Parent PID: 2032

General

Start time:	16:43:32
Start date:	19/07/2021
Path:	C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe'
Imagebase:	0x400000
File size:	241664 bytes
MD5 hash:	73BB5C4B690B8D6DF88D6BC18FB3A553
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Visual Basic
Reputation:	low

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: RICHIESTA DI OFFERTA.exe PID: 2660 Parent PID: 2032 RICHIESTA DI OFFERTA.exeCOMMON

Execution Graph

Execution Coverage:	2.3%
Dynamic/Decrypted Code Coverage:	14%
Signature Coverage:	6.3%
Total number of Nodes:	271
Total number of Limit Nodes:	12

Executed Functions

Function 01DCC329, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63windowCOMMON

Download Yara Rule

APIs

MessageBoxA.USER32 ref: 01DCC43A
TerminateProcess.KERNELBASE(FEF26C0F), ref: 01DCC4CB

Strings

}l", xrefs: 01DCC393

Memory Dump Source

Source File: 00000000.00000002.2202753090.0000000001DCC000.00000040.00000001.sdmp, Offset: 01DCC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1dcc000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: MessageProcessTerminate
String ID: }l"
API String ID: 638435245-1801363258
Opcode ID: c0c1371e75c0c4eb2be54967499c36de73620895459e52f20f45b668775828e7
Instruction ID: faf66641aa85e1c6aed40eb13c93af7d374dab9e83723bbd905de675aa05c4b2
Opcode Fuzzy Hash: c0c1371e75c0c4eb2be54967499c36de73620895459e52f20f45b668775828e7
Instruction Fuzzy Hash: 802121306193868FDFA89F7499A57EB77B1EF02740F42442ECECA97112DB354686CB02

Uniqueness

Uniqueness Score: -1.00%

Function 00431EA0, Relevance: 68.5, APIs: 37, Strings: 2, Instructions: 263
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

#607.MSVBVM60(?,000000FF,?), ref: 00431F02
__vbaStrVarMove.MSVBVM60(?), ref: 00431F0C
__vbaStrMove.MSVBVM60 ref: 00431F1D
__vbaFreeVarList.MSVBVM60(00000002,00000002,?), ref: 00431F29
__vbaLenBstr.MSVBVM60(?), ref: 00431F36
__vbaStrToAnsi.MSVBVM60(?,?,00000000), ref: 00431F45
__vbaStrToAnsi.MSVBVM60(?,?,00000000), ref: 00431F56
__vbaSetSystemError.MSVBVM60(00000000,?,00000000), ref: 00431F62
__vbaStrToUnicode.MSVBVM60(?,?,?,00000000), ref: 00431F6D
__vbaStrToUnicode.MSVBVM60(?,?,?,00000000), ref: 00431F7B
__vbaFreeStrList.MSVBVM60(00000002,?,?,?,00000000), ref: 00431F8B
#537.MSVBVM60(00000000,?,00000001), ref: 00431F9B
__vbaStrMove.MSVBVM60 ref: 00431FA6
__vbaInStr.MSVBVM60(00000000,00000000), ref: 00431FAA
__vbaFreeStr.MSVBVM60 ref: 00431FBF
#537.MSVBVM60(00000000,?,00000001), ref: 00431FD2
__vbaStrMove.MSVBVM60 ref: 00431FDD
__vbaInStr.MSVBVM60(00000000,00000000), ref: 00431FE1
#616.MSVBVM60(?,-00000001), ref: 00431FF5
__vbaStrMove.MSVBVM60 ref: 00432000
__vbaFreeStr.MSVBVM60 ref: 00432005
__vbaStrCat.MSVBVM60(00409DE8), ref: 00432019
__vbaStrMove.MSVBVM60 ref: 00432020
__vbaStrCat.MSVBVM60(?,00000000), ref: 00432027
__vbaStrMove.MSVBVM60 ref: 0043202E
__vbaFreeStr.MSVBVM60 ref: 00432033
__vbaErrorOverflow.MSVBVM60 ref: 0043209B
__vbaNew2.MSVBVM60(004099E4,004333CC), ref: 00432111
__vbaHresultCheckObj.MSVBVM60(00000000,01E51794,004099D4,00000014), ref: 0043213C
__vbaHresultCheckObj.MSVBVM60(00000000,?,00409AAC,00000110), ref: 0043216A
__vbaStrMove.MSVBVM60 ref: 00432179
__vbaFreeObj.MSVBVM60 ref: 00432182
#598.MSVBVM60 ref: 00432188
__vbaStrCopy.MSVBVM60 ref: 00432196

Strings

USERNAME, xrefs: 0043218E
t C, xrefs: 004320D9, 004320E9, 004321A6, 004321BB

Memory Dump Source

Source File: 00000000.00000002.2202544578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2202537348.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2202580766.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2202591011.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$Move$Free$#537AnsiCheckErrorHresultListUnicode$#598#607#616BstrCopyNew2OverflowSystem
String ID: USERNAME$t C
API String ID: 840069314-3777059254
Opcode ID: a3b342e919a1a8fd3be96d1848f7520cde65d15482966a36ab44b11bbf525f84
Instruction ID: 0fd07a5d85aa539f9dcc35f6e74ce1594001623a02bd67e862191e9ac8a6b72a
Opcode Fuzzy Hash: a3b342e919a1a8fd3be96d1848f7520cde65d15482966a36ab44b11bbf525f84
Instruction Fuzzy Hash: 2091FF75900209AFDB04DFA5DD89DEFBBB8FF48700F10812AF606A72A1DB785945CB64

Uniqueness

Uniqueness Score: -1.00%

Function 0042D590, Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 127
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaCyStr.MSVBVM60(00409AC0,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 0042D5D8
__vbaFpCmpCy.MSVBVM60(00000000), ref: 0042D5E6
__vbaNew2.MSVBVM60(004099E4,004333CC), ref: 0042D606
__vbaHresultCheckObj.MSVBVM60(00000000,01E51794,004099D4,00000014), ref: 0042D631
__vbaHresultCheckObj.MSVBVM60(00000000,?,00409AAC,00000130), ref: 0042D65F
__vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 0042D670
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 0042D675
__vbaNew2.MSVBVM60(004099E4,004333CC), ref: 0042D68E
__vbaHresultCheckObj.MSVBVM60(00000000,01E51794,004099D4,00000014), ref: 0042D6B3
__vbaHresultCheckObj.MSVBVM60(00000000,?,00409AAC,000000D0), ref: 0042D6D9
__vbaStrMove.MSVBVM60 ref: 0042D6E8
__vbaFreeObj.MSVBVM60 ref: 0042D6ED
#531.MSVBVM60(kantatens), ref: 0042D6F8
__vbaFreeStr.MSVBVM60(0042D72A), ref: 0042D722
__vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 0042D727

Strings

kantatens, xrefs: 0042D6F3

Memory Dump Source

Source File: 00000000.00000002.2202544578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2202537348.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2202580766.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2202591011.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$CheckFreeHresult$MoveNew2$#531
String ID: kantatens
API String ID: 1829431787-1394988495
Opcode ID: 414f5a4bf40c4a587bffe813d154f81d700dcda894200565b30c0b3f8284b3cd
Instruction ID: 268b9603d49f8c2ef21a02505bbce2dda6b3253113ac13d7225f482d9f4950ea
Opcode Fuzzy Hash: 414f5a4bf40c4a587bffe813d154f81d700dcda894200565b30c0b3f8284b3cd
Instruction Fuzzy Hash: 1A414570A00219AFCB04DF95DD89EDEBBB8FF48704F10406AE505B72A1D7789905CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 0040BD48, Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 103
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaNew2.MSVBVM60(004099E4,004333CC), ref: 00432111
__vbaHresultCheckObj.MSVBVM60(00000000,01E51794,004099D4,00000014), ref: 0043213C
__vbaHresultCheckObj.MSVBVM60(00000000,?,00409AAC,00000110), ref: 0043216A
__vbaStrMove.MSVBVM60 ref: 00432179
__vbaFreeObj.MSVBVM60 ref: 00432182
#598.MSVBVM60 ref: 00432188
__vbaStrCopy.MSVBVM60 ref: 00432196
__vbaHresultCheckObj.MSVBVM60(00000000,00401730,00409170,0000074C), ref: 004321BD
__vbaFreeStrList.MSVBVM60(00000002,00000000,?), ref: 004321C9
__vbaFreeStr.MSVBVM60(00432207), ref: 00432200

Strings

USERNAME, xrefs: 0043218E
t C, xrefs: 004320D9, 004320E9, 004321A6, 004321BB

Memory Dump Source

Source File: 00000000.00000002.2202544578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2202537348.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2202580766.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2202591011.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$CheckFreeHresult$#598CopyListMoveNew2
String ID: USERNAME$t C
API String ID: 3664798572-3777059254
Opcode ID: 858f92683e44d0dc6cc16bfa29d9c46ee83fc77c8eccd6d67cfc9bcc3fa9043b
Instruction ID: 18268ceef7ea8d5db972a31579656051c38a42b16de85e26249653c6171c7fb3
Opcode Fuzzy Hash: 858f92683e44d0dc6cc16bfa29d9c46ee83fc77c8eccd6d67cfc9bcc3fa9043b
Instruction Fuzzy Hash: A8312171900205ABCB04DF95CE89EEEBBB8FF4C704F10802AF615B72A1D7789945CB69

Uniqueness

Uniqueness Score: -1.00%

Function 004019B0, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 189
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

#100.MSVBVM60(VB5!6&*), ref: 004019B5

Strings

VB5!6&*, xrefs: 004019B0

Memory Dump Source

Source File: 00000000.00000002.2202544578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2202537348.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2202580766.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2202591011.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: #100
String ID: VB5!6&*
API String ID: 1341478452-3593831657
Opcode ID: 2fb44b72d09ffa27c32171e0fc52d0d431592fcaf87a363624572772ce90319e
Instruction ID: ad801f70b52ee9f0e04a4ebe2be78aa6aa79ec8a422af9bdad6e4a896755102e
Opcode Fuzzy Hash: 2fb44b72d09ffa27c32171e0fc52d0d431592fcaf87a363624572772ce90319e
Instruction Fuzzy Hash: 945194A258E3C25FD7038BB488651827FB0AE1326430B85EBC4C0DF4B3E2694D5AD776

Uniqueness

Uniqueness Score: -1.00%

Function 01DCC3CF, Relevance: 3.1, APIs: 2, Instructions: 143windowCOMMON

Download Yara Rule

APIs

MessageBoxA.USER32 ref: 01DCC43A
TerminateProcess.KERNELBASE(FEF26C0F), ref: 01DCC4CB

Memory Dump Source

Source File: 00000000.00000002.2202753090.0000000001DCC000.00000040.00000001.sdmp, Offset: 01DCC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1dcc000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: MessageProcessTerminate
String ID:
API String ID: 638435245-0
Opcode ID: 1104f2b87edbe06212549aaf9335c0fc60a3c5c1f2504024de6504119d7a537c
Instruction ID: 4c972bced600519d24ae1a4b550528d2ce91b6eecdd7cfde6cd9f0d662419272
Opcode Fuzzy Hash: 1104f2b87edbe06212549aaf9335c0fc60a3c5c1f2504024de6504119d7a537c
Instruction Fuzzy Hash: 4E41293293C3834BCF159F2892562A9BBB1FF52E20F194C4EDB8E47062C2357645CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 01DCC468, Relevance: 1.5, APIs: 1, Instructions: 35
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

TerminateProcess.KERNELBASE(FEF26C0F), ref: 01DCC4CB

Memory Dump Source

Source File: 00000000.00000002.2202753090.0000000001DCC000.00000040.00000001.sdmp, Offset: 01DCC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1dcc000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 974e7ede5296b5660af7651036e87fd1e502acba16f0f76fc9f04f3ee8c6542f
Instruction ID: 0e70b2ddd338aa0e58d9b01f389b222b3aa3a5cae691f29f744508d976759430
Opcode Fuzzy Hash: 974e7ede5296b5660af7651036e87fd1e502acba16f0f76fc9f04f3ee8c6542f
Instruction Fuzzy Hash: 24F0B470D7834719CF215D644842BF8A3A5BB01E31F05CD4EEF0E5704692363250863A

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 01DCC567, Relevance: 1.7, Strings: 1, Instructions: 469COMMON

Download Yara Rule

Strings

VP\, xrefs: 01DCCA8B

Memory Dump Source

Source File: 00000000.00000002.2202753090.0000000001DCC000.00000040.00000001.sdmp, Offset: 01DCC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1dcc000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID:
String ID: VP\
API String ID: 0-1961738816
Opcode ID: 4d5c258f2dd478084ddb09f5bd9c44f55891ba5d8c6c77b04a3bfcbacd4fa83d
Instruction ID: 3d8092b709896f91f0c88eb7db10bf43860e76ce5e3ac84bb586d80cd9583778
Opcode Fuzzy Hash: 4d5c258f2dd478084ddb09f5bd9c44f55891ba5d8c6c77b04a3bfcbacd4fa83d
Instruction Fuzzy Hash: CA0265716183878EDF228E38C8A87DA3BA29F17660F89869ECDDD4F197D3358145C712

Uniqueness

Uniqueness Score: -1.00%

Function 01DCC5DB, Relevance: 1.7, Strings: 1, Instructions: 446COMMON

Download Yara Rule

Strings

VP\, xrefs: 01DCCA8B

Memory Dump Source

Source File: 00000000.00000002.2202753090.0000000001DCC000.00000040.00000001.sdmp, Offset: 01DCC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1dcc000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID:
String ID: VP\
API String ID: 0-1961738816
Opcode ID: ae550bfa664e127c511bc1040c9bb78f51758a26c7df27274ba55ff234bcf0da
Instruction ID: 140fe990c16d749e330820f4201b4cc28811f08af66a1f7efe2ac183c181120e
Opcode Fuzzy Hash: ae550bfa664e127c511bc1040c9bb78f51758a26c7df27274ba55ff234bcf0da
Instruction Fuzzy Hash: 4FF166716083868EDB22CE38C8A87DA7BA29F17660F89869ECCD94F197D3358545C712

Uniqueness

Uniqueness Score: -1.00%

Function 01DCC563, Relevance: 1.7, Strings: 1, Instructions: 433COMMON

Download Yara Rule

Strings

VP\, xrefs: 01DCCA8B

Memory Dump Source

Source File: 00000000.00000002.2202753090.0000000001DCC000.00000040.00000001.sdmp, Offset: 01DCC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1dcc000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID:
String ID: VP\
API String ID: 0-1961738816
Opcode ID: b3725a10b904f13755f30532e8b2017032da6e0018237e5705d17ab0bbd67c45
Instruction ID: e708e9c54b1b12ac5e35b54de69c4e9ae433f72d168768183ab87baa6d1ba8c1
Opcode Fuzzy Hash: b3725a10b904f13755f30532e8b2017032da6e0018237e5705d17ab0bbd67c45
Instruction Fuzzy Hash: F6F156656083868EDB32CF38C8A87DA7B929F17360F89869ECCD94F197D3358546C712

Uniqueness

Uniqueness Score: -1.00%

Function 01DCC665, Relevance: 1.7, Strings: 1, Instructions: 404COMMON

Download Yara Rule

Strings

VP\, xrefs: 01DCCA8B

Memory Dump Source

Source File: 00000000.00000002.2202753090.0000000001DCC000.00000040.00000001.sdmp, Offset: 01DCC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1dcc000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID:
String ID: VP\
API String ID: 0-1961738816
Opcode ID: a42ab56047daf9073013e796891c344e56b16e61a56b45463527d5c99e2eb9c9
Instruction ID: 6668626447c3374ecd175e2c903272eda6b32d5bc540787496869dce1a0600a4
Opcode Fuzzy Hash: a42ab56047daf9073013e796891c344e56b16e61a56b45463527d5c99e2eb9c9
Instruction Fuzzy Hash: D2E133656083C68EDB328F3CC8A87DA7B929F17260F8982AECCD94F197D3758545C712

Uniqueness

Uniqueness Score: -1.00%

Function 01DCC6B4, Relevance: 1.6, Strings: 1, Instructions: 398COMMON

Download Yara Rule

Strings

VP\, xrefs: 01DCCA8B

Memory Dump Source

Source File: 00000000.00000002.2202753090.0000000001DCC000.00000040.00000001.sdmp, Offset: 01DCC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1dcc000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID:
String ID: VP\
API String ID: 0-1961738816
Opcode ID: 380289ea8f84b054e152c759fc88f4b0a9b60657cfd90ad5bf0663a0ab31e752
Instruction ID: c0d26924c79219012cd0349e8089851ae7abc90884342a999e31b4772d6b65f4
Opcode Fuzzy Hash: 380289ea8f84b054e152c759fc88f4b0a9b60657cfd90ad5bf0663a0ab31e752
Instruction Fuzzy Hash: DEE144616083C68EDF328E3889A83DA7B929F13660F89869ECCD94F197D3358545C716

Uniqueness

Uniqueness Score: -1.00%

Function 01DCC7B8, Relevance: 1.6, Strings: 1, Instructions: 339COMMON

Download Yara Rule

Strings

VP\, xrefs: 01DCCA8B

Memory Dump Source

Source File: 00000000.00000002.2202753090.0000000001DCC000.00000040.00000001.sdmp, Offset: 01DCC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1dcc000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID:
String ID: VP\
API String ID: 0-1961738816
Opcode ID: b25a534f5b9214c2817e7620e6382805fae853fed1ab59ab2ba3402608c1874a
Instruction ID: 3a03949704b2c60ce764b80ce042ef3b3fbbce50c15f0a121e8320e3e026a266
Opcode Fuzzy Hash: b25a534f5b9214c2817e7620e6382805fae853fed1ab59ab2ba3402608c1874a
Instruction Fuzzy Hash: 22C1F1656083C68EDB328E3C88A83DA6F925F17260F8D82AECCD94F1D7D3658546C716

Uniqueness

Uniqueness Score: -1.00%

Function 01DCC816, Relevance: 1.6, Strings: 1, Instructions: 338COMMON

Download Yara Rule

Strings

VP\, xrefs: 01DCCA8B

Memory Dump Source

Source File: 00000000.00000002.2202753090.0000000001DCC000.00000040.00000001.sdmp, Offset: 01DCC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1dcc000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID:
String ID: VP\
API String ID: 0-1961738816
Opcode ID: 2da94bdcd89fbcae93bda9b060fc782d60619ea4fad40c09f4a60303b47df5a8
Instruction ID: 68e85d5716d0dd2183041e092d17093d88208bb8ed6ee9b0900c0fa0b8f7ec73
Opcode Fuzzy Hash: 2da94bdcd89fbcae93bda9b060fc782d60619ea4fad40c09f4a60303b47df5a8
Instruction Fuzzy Hash: 9DC125216083C68EDF328E3888A83DB7BA29F17660F8D869ECDDD4F197D3258545C716

Uniqueness

Uniqueness Score: -1.00%

Function 01DCC8CA, Relevance: 1.6, Strings: 1, Instructions: 325COMMON

Download Yara Rule

Strings

VP\, xrefs: 01DCCA8B

Memory Dump Source

Source File: 00000000.00000002.2202753090.0000000001DCC000.00000040.00000001.sdmp, Offset: 01DCC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1dcc000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID:
String ID: VP\
API String ID: 0-1961738816
Opcode ID: 5ec51e70e2b36b8aa4d0caca0e51567a3e2a3ab54cc2030c596ca127eda93005
Instruction ID: db597fcfb3795f5146bb9eb5a4647a8f9b84720ee2775634e18f4c04bbd117ba
Opcode Fuzzy Hash: 5ec51e70e2b36b8aa4d0caca0e51567a3e2a3ab54cc2030c596ca127eda93005
Instruction Fuzzy Hash: D7C139306183C68ADF22CE3889A93DA7BA29F17660F4886AECDCD4F197D3358545C716

Uniqueness

Uniqueness Score: -1.00%

Function 01DCDB55, Relevance: 1.6, Strings: 1, Instructions: 303COMMON

Download Yara Rule

Strings

%zON, xrefs: 01DCDDE4

Memory Dump Source

Source File: 00000000.00000002.2202753090.0000000001DCC000.00000040.00000001.sdmp, Offset: 01DCC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1dcc000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID:
String ID: %zON
API String ID: 0-155931339
Opcode ID: c577a2ef2c583530dbdff264c8412ded062f077bad9651234135bbd75d98bdaa
Instruction ID: 5fa161d8e5c9e30753cc76f46f287f376f194ab040538a582d0023b67531fc16
Opcode Fuzzy Hash: c577a2ef2c583530dbdff264c8412ded062f077bad9651234135bbd75d98bdaa
Instruction Fuzzy Hash: BEA19A71A447478FDF359D788DA43EA7793AF5A750F81462FCC8A9B248D330C986C681

Uniqueness

Uniqueness Score: -1.00%

Function 01DCC90C, Relevance: 1.5, Strings: 1, Instructions: 286COMMON

Download Yara Rule

Strings

VP\, xrefs: 01DCCA8B

Memory Dump Source

Source File: 00000000.00000002.2202753090.0000000001DCC000.00000040.00000001.sdmp, Offset: 01DCC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1dcc000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID:
String ID: VP\
API String ID: 0-1961738816
Opcode ID: 2c6a1d27dd513809076cd936d568b28e341f823f1c9d5525a9e882b3d926fcf8
Instruction ID: f6d4649b9cc7c648307b26594d7d385794f6ab5fafd053f2d4c811d95b122b11
Opcode Fuzzy Hash: 2c6a1d27dd513809076cd936d568b28e341f823f1c9d5525a9e882b3d926fcf8
Instruction Fuzzy Hash: 43A119746183C68ADF32CE3C89A83DA7B929F17660F8982AECCC94F197D3358545C716

Uniqueness

Uniqueness Score: -1.00%

Function 01DCDB8F, Relevance: 1.5, Strings: 1, Instructions: 275COMMON

Download Yara Rule

Strings

%zON, xrefs: 01DCDDE4

Memory Dump Source

Source File: 00000000.00000002.2202753090.0000000001DCC000.00000040.00000001.sdmp, Offset: 01DCC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1dcc000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID:
String ID: %zON
API String ID: 0-155931339
Opcode ID: dc228dc4d0276c36d89be8373c20e4bd16cc821adb96a77cae6338412e17be2f
Instruction ID: 1916129bcab87090b6a51a17112acea98883f6fbdcffc4dc4a070782d98647f8
Opcode Fuzzy Hash: dc228dc4d0276c36d89be8373c20e4bd16cc821adb96a77cae6338412e17be2f
Instruction Fuzzy Hash: 669188B1A44747CFDF359D7889A03EA3793AF5A750F85462FCC8A9B244D330C982CA81

Uniqueness

Uniqueness Score: -1.00%

Function 01DCDBBF, Relevance: 1.5, Strings: 1, Instructions: 272COMMON

Download Yara Rule

Strings

%zON, xrefs: 01DCDDE4

Memory Dump Source

Source File: 00000000.00000002.2202753090.0000000001DCC000.00000040.00000001.sdmp, Offset: 01DCC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1dcc000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID:
String ID: %zON
API String ID: 0-155931339
Opcode ID: 2463f4bfb8a384ecd21ffa25c46958cebeaae82997f994568e85fdd3a50c5fa3
Instruction ID: ba5fe883022a003a3dc60f0ef187110259412c682715c1e41ab0e2aff0dd13b0
Opcode Fuzzy Hash: 2463f4bfb8a384ecd21ffa25c46958cebeaae82997f994568e85fdd3a50c5fa3
Instruction Fuzzy Hash: 829178B1A44747CFDF359D6889A43DA3793AF5A750F85462FCC8A9B244D330C982CA41

Uniqueness

Uniqueness Score: -1.00%

Function 01DCDCC7, Relevance: 1.5, Strings: 1, Instructions: 251COMMON

Download Yara Rule

Strings

%zON, xrefs: 01DCDDE4

Memory Dump Source

Source File: 00000000.00000002.2202753090.0000000001DCC000.00000040.00000001.sdmp, Offset: 01DCC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1dcc000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID:
String ID: %zON
API String ID: 0-155931339
Opcode ID: 56aa99add52aa84526c28ec2b0e379e95999a39d4d48f43f1bb94b0e2960a343
Instruction ID: b7fa9d851f4ae3d2b4ee7793d1faf83d5a09463ed2a4f85afe2be8483f8bd67a
Opcode Fuzzy Hash: 56aa99add52aa84526c28ec2b0e379e95999a39d4d48f43f1bb94b0e2960a343
Instruction Fuzzy Hash: 2F81ABB1A44747CFDF359E7889A03DA3793AF5A750F85462FCC8A9B244D330C982CA41

Uniqueness

Uniqueness Score: -1.00%

Function 01DCDD07, Relevance: 1.5, Strings: 1, Instructions: 246COMMON

Download Yara Rule

Strings

%zON, xrefs: 01DCDDE4

Memory Dump Source

Source File: 00000000.00000002.2202753090.0000000001DCC000.00000040.00000001.sdmp, Offset: 01DCC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1dcc000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID:
String ID: %zON
API String ID: 0-155931339
Opcode ID: ea3cb688e5a8a9f64d500e4409b376189da565c60a4276f4ba690f3c4eba0cb4
Instruction ID: d2454197187934dd6967b4ce22910baab6cbbba7210f2fb81d51d9402587d031
Opcode Fuzzy Hash: ea3cb688e5a8a9f64d500e4409b376189da565c60a4276f4ba690f3c4eba0cb4
Instruction Fuzzy Hash: 968189B1A44747CFDF359E7889A43DA77A3AF5A750F95462FCC869B244C330C982CA41

Uniqueness

Uniqueness Score: -1.00%

Function 01DCDD3B, Relevance: 1.5, Strings: 1, Instructions: 245COMMON

Download Yara Rule

Strings

%zON, xrefs: 01DCDDE4

Memory Dump Source

Source File: 00000000.00000002.2202753090.0000000001DCC000.00000040.00000001.sdmp, Offset: 01DCC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1dcc000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID:
String ID: %zON
API String ID: 0-155931339
Opcode ID: ded65f571beeb144b28ea19604bb1f53ee8ea1e81cfd96d4f97a3ede8451d8ce
Instruction ID: c56bf61bc4c88a8b15f80e5153ef76e76b4babf1bc11f045a3ef4aff677977b3
Opcode Fuzzy Hash: ded65f571beeb144b28ea19604bb1f53ee8ea1e81cfd96d4f97a3ede8451d8ce
Instruction Fuzzy Hash: 8181A9B1A40747CFDF359E7889A43DA3793AF5A750F95462FCC869B244C330C982CA45

Uniqueness

Uniqueness Score: -1.00%

Function 01DCC9C1, Relevance: 1.5, Strings: 1, Instructions: 240COMMON

Download Yara Rule

Strings

VP\, xrefs: 01DCCA8B

Memory Dump Source

Source File: 00000000.00000002.2202753090.0000000001DCC000.00000040.00000001.sdmp, Offset: 01DCC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1dcc000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID:
String ID: VP\
API String ID: 0-1961738816
Opcode ID: 346f72f716024ae4e3204f67710f03b574956fa03ff1e76c30fa81441fecd629
Instruction ID: 1572f22c676ecf8069d4c7747ad36188c85d8e304f29353681e477e8fb357a62
Opcode Fuzzy Hash: 346f72f716024ae4e3204f67710f03b574956fa03ff1e76c30fa81441fecd629
Instruction Fuzzy Hash: A9912B746143C68ACF32CE3889A83DA7BA29F57350F88866ECCDD4F186D3358545C712

Uniqueness

Uniqueness Score: -1.00%

Function 004092BC, Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2202544578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2202537348.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2202580766.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2202591011.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 185096e82220389d440197759049318995404c5f3eb2576f04f255bb6df4cd8b
Instruction ID: 992d4d05e47c6351acade839198ce7097935a98e3cce3de93b14edbbf24b760f
Opcode Fuzzy Hash: 185096e82220389d440197759049318995404c5f3eb2576f04f255bb6df4cd8b
Instruction Fuzzy Hash: E5716D6404E3D15FE7039B7489A5196BFB0AE0724475E40EFC8C4CF0E3D2286D5AD76A

Uniqueness

Uniqueness Score: -1.00%

Function 01DCDE3B, Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2202753090.0000000001DCC000.00000040.00000001.sdmp, Offset: 01DCC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1dcc000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a7098fb7f5412e11688d64c6d654ae6a51271bdadcfea09ffed7bec019c023c
Instruction ID: fa72b4ea8b230749b7e777757d111e72540deb7e3387593ce8e8e1a2cdfa4bfa
Opcode Fuzzy Hash: 2a7098fb7f5412e11688d64c6d654ae6a51271bdadcfea09ffed7bec019c023c
Instruction Fuzzy Hash: CC618AB1A447078FDF359E7889A03DA7793AF5A750FD5462FCC85AB244C330C986CA46

Uniqueness

Uniqueness Score: -1.00%

Function 01DCCAD7, Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2202753090.0000000001DCC000.00000040.00000001.sdmp, Offset: 01DCC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1dcc000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba324c6cc56897e63da32e43aad982e7fea6845164c174aac7891ad6e49c0c91
Instruction ID: ddbacfb10fc10f71c467b2f8c2f8a7c273da4671f6c292e6c9c047c6372c2ffa
Opcode Fuzzy Hash: ba324c6cc56897e63da32e43aad982e7fea6845164c174aac7891ad6e49c0c91
Instruction Fuzzy Hash: DB611B74A143D78ADF32DE3889A83DB7B929F16360F88866DCCCA4F18AD3314541C712

Uniqueness

Uniqueness Score: -1.00%

Function 01DCCEAA, Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2202753090.0000000001DCC000.00000040.00000001.sdmp, Offset: 01DCC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1dcc000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd7bfb45d90703d887922e1799159278ace097ec3ed8e09e09e8dbc9abb4ff92
Instruction ID: 5c0f3b7581ad70d603129b53bd21cccaedf649923420805535f9a45ff54ad671
Opcode Fuzzy Hash: bd7bfb45d90703d887922e1799159278ace097ec3ed8e09e09e8dbc9abb4ff92
Instruction Fuzzy Hash: 69514C355483879FDF319E688DA43DA7BA3EF56710F88896EC9CA0B14AC3304586CB57

Uniqueness

Uniqueness Score: -1.00%

Function 01DCCB72, Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2202753090.0000000001DCC000.00000040.00000001.sdmp, Offset: 01DCC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1dcc000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8ec10d83222d57c6161704f9dda4a454bc37d590b78802ca0f717e306b7e1a5
Instruction ID: 38122879c294da6d14968ed2b1167ad79a0097aca3858162a1f62a4e1c43baed
Opcode Fuzzy Hash: d8ec10d83222d57c6161704f9dda4a454bc37d590b78802ca0f717e306b7e1a5
Instruction Fuzzy Hash: FE513874A0439B8ADF31DE3C89A43EA7BA29F56750FC9856ECCCA4F249D3314585CB12

Uniqueness

Uniqueness Score: -1.00%

Function 01DCCB63, Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2202753090.0000000001DCC000.00000040.00000001.sdmp, Offset: 01DCC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1dcc000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9682196b1a9a67b4e2f32787c594c5b0373292ed9a2b153ee093c0e59ceaa2bc
Instruction ID: fce57ac4c299971513e3f9b2f0b1959fb21cecb400463424218b4b06b84d00bd
Opcode Fuzzy Hash: 9682196b1a9a67b4e2f32787c594c5b0373292ed9a2b153ee093c0e59ceaa2bc
Instruction Fuzzy Hash: C7513675A1439B8ACF35DE3889B43EA7BA29F56750F88856ECCCE4F14AD3304546CB12

Uniqueness

Uniqueness Score: -1.00%

Function 01DCDF14, Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2202753090.0000000001DCC000.00000040.00000001.sdmp, Offset: 01DCC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1dcc000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6570d4340dae8b7278590176ce7b71bb3589fafd31e7a355d479c9be10ccca46
Instruction ID: 980b52b4a92185916a94674e05f5a12f9ca043648182d23bc42abd0d36d368f2
Opcode Fuzzy Hash: 6570d4340dae8b7278590176ce7b71bb3589fafd31e7a355d479c9be10ccca46
Instruction Fuzzy Hash: 8A5179B1A44306CFDF35DE68C9A43D977939F5A710FD6862BCC85AB248C7308982C645

Uniqueness

Uniqueness Score: -1.00%

Function 01DCCEE6, Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2202753090.0000000001DCC000.00000040.00000001.sdmp, Offset: 01DCC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1dcc000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b18f4e48aa8d9dca0b448ee2ca05da661aecc8bc0f36a9f2bbd0223fa0c90e7b
Instruction ID: a44cd48068e8ffc3b4b29641b8f8222d40cdcf19b4348497bb3338641974a1e1
Opcode Fuzzy Hash: b18f4e48aa8d9dca0b448ee2ca05da661aecc8bc0f36a9f2bbd0223fa0c90e7b
Instruction Fuzzy Hash: D74117351082879FDF359EA88DA83EA7B93DF56750FC4853EC8CA4B249D3308586CB56

Uniqueness

Uniqueness Score: -1.00%

Function 01DCCF87, Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2202753090.0000000001DCC000.00000040.00000001.sdmp, Offset: 01DCC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1dcc000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e13132ad9eb2b2fd064b282c9b74c8968ae2e54ace0d4313421733df9e5ddff1
Instruction ID: 7aaf29656d160498d3eedbd12904c03a459cdd09b4e2fe008a81f4b1673b98bd
Opcode Fuzzy Hash: e13132ad9eb2b2fd064b282c9b74c8968ae2e54ace0d4313421733df9e5ddff1
Instruction Fuzzy Hash: 993146251082879BDF34AAB89CA83EBBB53DF56760FC5853EC8C74B549D3304186CB52

Uniqueness

Uniqueness Score: -1.00%

Function 01DCE033, Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2202753090.0000000001DCC000.00000040.00000001.sdmp, Offset: 01DCC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1dcc000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16492d7607dcf67557cbb3845277381e400d91ba56cb2b878af44ad1a401b499
Instruction ID: fb02df4775257b759e714dc055ae595f95884ca485c08a9b897f79a4b2abb002
Opcode Fuzzy Hash: 16492d7607dcf67557cbb3845277381e400d91ba56cb2b878af44ad1a401b499
Instruction Fuzzy Hash: 443199B1A88306CFDF35AE6485F43D97753AF1A320FD2852FCC4A6B205C7308A85C645

Uniqueness

Uniqueness Score: -1.00%

Function 01DCCD39, Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2202753090.0000000001DCC000.00000040.00000001.sdmp, Offset: 01DCC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1dcc000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fffc01bc4ab247598dc2b81ab3b6a9029fc819213efb50d575d47ce9e27c4a31
Instruction ID: b6bc66af86e119d34a53d29f2808775c32ce053c3c96076123375c0060734ec9
Opcode Fuzzy Hash: fffc01bc4ab247598dc2b81ab3b6a9029fc819213efb50d575d47ce9e27c4a31
Instruction Fuzzy Hash: F1319771E143078EDF32DD3C89807DA3BB1AFA5A10F4C8C6DCD8E1B00AE23096458B52

Uniqueness

Uniqueness Score: -1.00%

Function 0040BCB9, Relevance: 56.3, APIs: 31, Strings: 1, Instructions: 287
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

#527.MSVBVM60(00409D58), ref: 0042D064
__vbaStrMove.MSVBVM60 ref: 0042D06F
__vbaStrCmp.MSVBVM60(00409D60,00000000), ref: 0042D07B
__vbaFreeStr.MSVBVM60 ref: 0042D08E
__vbaNew2.MSVBVM60(004099E4,004333CC), ref: 0042D0AF
__vbaHresultCheckObj.MSVBVM60(00000000,01E51794,004099D4,00000014), ref: 0042D0DA
__vbaHresultCheckObj.MSVBVM60(00000000,?,00409AAC,000000B8), ref: 0042D108
__vbaFreeObj.MSVBVM60 ref: 0042D10D
__vbaNew2.MSVBVM60(004099E4,004333CC), ref: 0042D125
__vbaHresultCheckObj.MSVBVM60(00000000,01E51794,004099D4,00000014), ref: 0042D14A
__vbaHresultCheckObj.MSVBVM60(00000000,?,00409AAC,00000110), ref: 0042D170
__vbaStrMove.MSVBVM60 ref: 0042D17B
__vbaFreeObj.MSVBVM60 ref: 0042D184
__vbaNew2.MSVBVM60(0040A14C,(RT), ref: 0042D19D
__vbaObjSet.MSVBVM60(?,00000000), ref: 0042D1BC
__vbaFreeStr.MSVBVM60(0042D3B3), ref: 0042D3AC

Strings

(RT, xrefs: 0042D18A, 0042D193, 0042D1A3, 0042D1F5, 0042D201, 0042D211, 0042D25B, 0042D267, 0042D277

Memory Dump Source

Source File: 00000000.00000002.2202544578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2202537348.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2202580766.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2202591011.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$CheckFreeHresult$New2$Move$#527
String ID: (RT
API String ID: 487870899-764699761
Opcode ID: ed5b95a907725d5e5d85eed6ae036352f52c7a607ee42a1811b1e5d38ade5951
Instruction ID: 92f7f0afaf7bc07c64b2733a2fa2e68ed615c7a18529395273badbd0e8724bfd
Opcode Fuzzy Hash: ed5b95a907725d5e5d85eed6ae036352f52c7a607ee42a1811b1e5d38ade5951
Instruction Fuzzy Hash: 65A18E75A00218ABCB14DFA5DD49FEEBBB8FF48701F10406AF541B72A1DB789905CB68

Uniqueness

Uniqueness Score: -1.00%

Function 0042DD10, Relevance: 42.2, APIs: 21, Strings: 3, Instructions: 163
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaNew2.MSVBVM60(0040A14C,(RT), ref: 0042DD7B
__vbaObjSet.MSVBVM60(?,00000000), ref: 0042DD94
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409954,00000150), ref: 0042DDC1
__vbaStrToAnsi.MSVBVM60(?,?,008039A4), ref: 0042DDD8
__vbaSetSystemError.MSVBVM60(003989DE,00000000), ref: 0042DDEC
__vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0042DE0E
__vbaFreeObj.MSVBVM60 ref: 0042DE1A
#702.MSVBVM60(?,000000FF,000000FE,000000FE,000000FE), ref: 0042DE43
__vbaStrMove.MSVBVM60 ref: 0042DE4E
__vbaFreeVar.MSVBVM60 ref: 0042DE5D
__vbaNew2.MSVBVM60(004099E4,004333CC), ref: 0042DE72
__vbaHresultCheckObj.MSVBVM60(00000000,01E51794,004099D4,00000014), ref: 0042DE97
__vbaHresultCheckObj.MSVBVM60(00000000,?,00409AAC,00000118), ref: 0042DEBD
__vbaI2I4.MSVBVM60 ref: 0042DEC2
__vbaFreeObj.MSVBVM60 ref: 0042DECB
__vbaVarDup.MSVBVM60 ref: 0042DEE5
#666.MSVBVM60(?,00000002), ref: 0042DEF3
__vbaVarMove.MSVBVM60 ref: 0042DEFF
__vbaFreeVar.MSVBVM60 ref: 0042DF08
__vbaFreeVar.MSVBVM60(0042DF5B), ref: 0042DF4B
__vbaFreeStr.MSVBVM60 ref: 0042DF54

Strings

zS, xrefs: 0042DF0A
HENRIVENDE, xrefs: 0042DED7
(RT, xrefs: 0042DD68, 0042DD71, 0042DD81

Memory Dump Source

Source File: 00000000.00000002.2202544578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2202537348.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2202580766.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2202591011.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$Free$CheckHresult$MoveNew2$#666#702AnsiErrorListSystem
String ID: (RT$HENRIVENDE$zS
API String ID: 309366762-860858017
Opcode ID: 216e54dbeaf471ba5b17d8cac72228c7cd8614cad387034a75f263e2b6876084
Instruction ID: 3e14bf423051b26a42ba2d0effce5ddad7d42201ab6809a6a67660b805aab55e
Opcode Fuzzy Hash: 216e54dbeaf471ba5b17d8cac72228c7cd8614cad387034a75f263e2b6876084
Instruction Fuzzy Hash: 275149B1900219ABCB04DFA5DD88EDEBBB8FF48705F10412AF516BB2A0DB745945CB68

Uniqueness

Uniqueness Score: -1.00%

Function 0042D880, Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 117
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 0042D8D5
__vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 0042D8DD
__vbaNew2.MSVBVM60(0040A14C,(RT), ref: 0042D8F2
__vbaObjSet.MSVBVM60(?,00000000), ref: 0042D911
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409B10,000001C8), ref: 0042D930
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 0042D939
__vbaNew2.MSVBVM60(0040A14C,(RT), ref: 0042D952
__vbaObjSet.MSVBVM60(?,00000000), ref: 0042D96B
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409D7C,00000100), ref: 0042D98E
__vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0042D99E
__vbaI4Var.MSVBVM60(00000000), ref: 0042D9A8
__vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0042D9BB
__vbaFreeVar.MSVBVM60 ref: 0042D9C7
__vbaFreeStr.MSVBVM60(0042DA02), ref: 0042D9FA
__vbaFreeStr.MSVBVM60 ref: 0042D9FF

Strings

(RT, xrefs: 0042D8DF, 0042D8E8, 0042D8F8, 0042D93F, 0042D948, 0042D958

Memory Dump Source

Source File: 00000000.00000002.2202544578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2202537348.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2202580766.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2202591011.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$Free$CheckCopyHresultNew2$CallLateList
String ID: (RT
API String ID: 244069345-764699761
Opcode ID: 5c39a2e577768568b9bfa8c430774f7e118b74792861e76bd2736f80affe6c9b
Instruction ID: 3037e0fc402dac870a1d28fe1070c936b1b5d65c79530787229ec8e5e835481f
Opcode Fuzzy Hash: 5c39a2e577768568b9bfa8c430774f7e118b74792861e76bd2736f80affe6c9b
Instruction Fuzzy Hash: 5A413CB5D00218ABCB04DF94DD89EDEBBB8FB08304F10442AF555B72A4D678A945CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 00425490, Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 130
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaStrCopy.MSVBVM60 ref: 004254F9
#515.MSVBVM60(?,?,00000002), ref: 00425516
__vbaVarTstNe.MSVBVM60(?,?), ref: 00425532
__vbaFreeVar.MSVBVM60 ref: 0042553E
__vbaNew2.MSVBVM60(0040A14C,(RT), ref: 0042556F
__vbaObjSet.MSVBVM60(?,00000000), ref: 00425588
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409A48,000000C0), ref: 004255B2
__vbaLateMemCall.MSVBVM60(?,bJwKrGImpGgg9mRQCArwzZIt8,00000003), ref: 00425621
__vbaFreeObj.MSVBVM60 ref: 0042562D
__vbaFreeObj.MSVBVM60(00425671), ref: 00425661
__vbaFreeStr.MSVBVM60 ref: 0042566A

Strings

(RT, xrefs: 0042554D, 00425565, 00425575
Kricketbold2, xrefs: 0042555E
var, xrefs: 004254CA
bJwKrGImpGgg9mRQCArwzZIt8, xrefs: 00425618

Memory Dump Source

Source File: 00000000.00000002.2202544578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2202537348.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2202580766.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2202591011.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$Free$#515CallCheckCopyHresultLateNew2
String ID: (RT$Kricketbold2$bJwKrGImpGgg9mRQCArwzZIt8$var
API String ID: 3144308283-1034268063
Opcode ID: c6dedcd5aced9654c1b7c320c669f933d9882481dd532e55ad32b74f70e2c0c5
Instruction ID: 5bf5bcfe2e29984776ee71421b15d1d75e55c59fa0ceca583787bb4a02caaa91
Opcode Fuzzy Hash: c6dedcd5aced9654c1b7c320c669f933d9882481dd532e55ad32b74f70e2c0c5
Instruction Fuzzy Hash: 195148B4E10218DFCB14DF98DA48A9DFBB8FF48B00F10816AE509BB294D7785A45CF84

Uniqueness

Uniqueness Score: -1.00%

Function 004256A0, Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 113
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 004256F5
__vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 004256FD
__vbaNew2.MSVBVM60(004099E4,004333CC), ref: 00425711
__vbaHresultCheckObj.MSVBVM60(00000000,01E51794,004099D4,00000014), ref: 0042573C
__vbaHresultCheckObj.MSVBVM60(00000000,?,00409AAC,00000118), ref: 0042576A
__vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 0042576F
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00425778
__vbaNew2.MSVBVM60(0040A14C,(RT), ref: 00425791
__vbaObjSet.MSVBVM60(?,00000000), ref: 004257AA
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409A48,000000C8), ref: 004257D1
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 004257DC
__vbaFreeStr.MSVBVM60(00425804), ref: 004257FC
__vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00425801

Strings

(RT, xrefs: 0042577E, 00425787, 00425797

Memory Dump Source

Source File: 00000000.00000002.2202544578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2202537348.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2202580766.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2202591011.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$Free$CheckHresult$CopyNew2
String ID: (RT
API String ID: 336985134-764699761
Opcode ID: 262861fa027554f53a9023cd1df400ece65399482f6a254a919458dfeeb17009
Instruction ID: 00a320610a2f3e0550b02398e2007c94e90aa8d7e9ada67d49e3611233cf5d10
Opcode Fuzzy Hash: 262861fa027554f53a9023cd1df400ece65399482f6a254a919458dfeeb17009
Instruction Fuzzy Hash: 24415D74A40218EBCB04DF95DD84EEEBBB8FF98700F14802AE505B72A0C6785901CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 0042DA30, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 140
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaStrCopy.MSVBVM60 ref: 0042DA8B
__vbaLenBstrB.MSVBVM60(00409D90), ref: 0042DA96
#680.MSVBVM60(00000000,3FF00000,00000000,3FF00000,00000000,40490000,?,?,?), ref: 0042DADF
__vbaFreeVarList.MSVBVM60(00000003,?,?,?), ref: 0042DAF5
__vbaNew2.MSVBVM60(004099E4,004333CC), ref: 0042DB11
__vbaHresultCheckObj.MSVBVM60(00000000,01E51794,004099D4,00000014), ref: 0042DB36
__vbaHresultCheckObj.MSVBVM60(00000000,?,00409AAC,000000C8), ref: 0042DB63
__vbaFreeObj.MSVBVM60 ref: 0042DB6C
__vbaVarDup.MSVBVM60 ref: 0042DB98
#595.MSVBVM60(?,00000000,?,?,?), ref: 0042DBB0
__vbaFreeVarList.MSVBVM60(00000004,?,?,?,?), ref: 0042DBC8
__vbaFreeStr.MSVBVM60(0042DC08), ref: 0042DC01

Strings

hjrekant, xrefs: 0042DB8A

Memory Dump Source

Source File: 00000000.00000002.2202544578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2202537348.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2202580766.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2202591011.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$Free$CheckHresultList$#595#680BstrCopyNew2
String ID: hjrekant
API String ID: 4058102471-1475739938
Opcode ID: 95959a06098993a4faac7d9b790f2a6ac580e100fe50f20baf233002aa7f2173
Instruction ID: fc690ee695db8f231962780ffe65343825b843d53d00f0c3d3a69cc7e01f37d1
Opcode Fuzzy Hash: 95959a06098993a4faac7d9b790f2a6ac580e100fe50f20baf233002aa7f2173
Instruction Fuzzy Hash: 0251E2B1D00219ABDB10DF94D889EDEBFB8BF48700F10412AF505B72A5D7B46585CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 0042D3D0, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 117
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaNew2.MSVBVM60(0040A14C,(RT), ref: 0042D41D
__vbaObjSet.MSVBVM60(?,00000000), ref: 0042D43C
__vbaNew2.MSVBVM60(0040A14C,(RT), ref: 0042D458
__vbaObjSet.MSVBVM60(?,00000000), ref: 0042D471
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409A04,00000130), ref: 0042D494
__vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0042D4C3
__vbaStrVarMove.MSVBVM60(00000000), ref: 0042D4CD
__vbaStrMove.MSVBVM60 ref: 0042D4D8
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409964,000001EC), ref: 0042D4F8
__vbaFreeStr.MSVBVM60 ref: 0042D501
__vbaFreeObjList.MSVBVM60(00000003,?,?,?), ref: 0042D515
__vbaFreeVar.MSVBVM60 ref: 0042D521

Strings

(RT, xrefs: 0042D3F9, 0042D413, 0042D423, 0042D440, 0042D44E, 0042D45E

Memory Dump Source

Source File: 00000000.00000002.2202544578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2202537348.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2202580766.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2202591011.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$Free$CheckHresultMoveNew2$CallLateList
String ID: (RT
API String ID: 3081447974-764699761
Opcode ID: d41607fada56a4b3720f887fbf58355d561b35123c612f0d49bfdf02f3c889a5
Instruction ID: 1e67fcaa09465789bc4eb783a7e738a20273f9ac9e7247e845b252cccaf01c55
Opcode Fuzzy Hash: d41607fada56a4b3720f887fbf58355d561b35123c612f0d49bfdf02f3c889a5
Instruction Fuzzy Hash: 56414DB4A00204AFDB04DFA4DD49F9EBBB8FB48701F14442AF545F7261D638A945CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00424930, Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 107
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaStrCopy.MSVBVM60 ref: 00424979
__vbaNew2.MSVBVM60(0040A14C,(RT), ref: 00424992
__vbaObjSet.MSVBVM60(?,00000000), ref: 004249B1
__vbaNew2.MSVBVM60(0040A14C,(RT), ref: 004249CD
__vbaObjSet.MSVBVM60(?,00000000), ref: 004249E6
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409954,000000F0), ref: 00424A09
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409964,000001EC), ref: 00424A49
__vbaFreeStr.MSVBVM60 ref: 00424A52
__vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 00424A62
__vbaFreeStr.MSVBVM60(00424A99), ref: 00424A92

Strings

(RT, xrefs: 0042497F, 00424988, 00424998, 004249B5, 004249C3, 004249D3

Memory Dump Source

Source File: 00000000.00000002.2202544578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2202537348.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2202580766.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2202591011.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$Free$CheckHresultNew2$CopyList
String ID: (RT
API String ID: 4130517723-764699761
Opcode ID: 8f5ba0aae027e5ade5a35dc241098c9ecd1dea7dc7e6ebd4f45459564aea2035
Instruction ID: 8ab0ce02fd4ad78d60563386b133b7b716cd360f17da3511743dd23085d2e806
Opcode Fuzzy Hash: 8f5ba0aae027e5ade5a35dc241098c9ecd1dea7dc7e6ebd4f45459564aea2035
Instruction Fuzzy Hash: 314181B4A40215AFCB04DFA8DD49FAEBBB8FB48701F10406AF505F7251D7789905CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00424BE0, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 114
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaNew2.MSVBVM60(0040A14C,(RT), ref: 00424C24
__vbaObjSet.MSVBVM60(?,00000000), ref: 00424C3D
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409974,000001CC), ref: 00424CC4
__vbaFreeObj.MSVBVM60 ref: 00424CD3
__vbaNew2.MSVBVM60(0040A14C,(RT), ref: 00424CE8
__vbaObjSet.MSVBVM60(?,00000000), ref: 00424D01
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409954,000001C8), ref: 00424D28
__vbaFreeObj.MSVBVM60 ref: 00424D37

Strings

(RT, xrefs: 00424C09, 00424C1A, 00424C2A, 00424CD5, 00424CDE, 00424CEE

Memory Dump Source

Source File: 00000000.00000002.2202544578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2202537348.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2202580766.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2202591011.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$CheckFreeHresultNew2
String ID: (RT
API String ID: 1645334062-764699761
Opcode ID: 82f292988a600778a974090e1fa1679200118610c53313007266a650490cac74
Instruction ID: d1ecdfbbf56c062021e6928b3cd5bc998c80f1fdfa5d5ae707005e099290dd8c
Opcode Fuzzy Hash: 82f292988a600778a974090e1fa1679200118610c53313007266a650490cac74
Instruction Fuzzy Hash: CF4160B4A012049FCB08DFA9D989A9ABBF4FF4C701F10846AE505EB365D7389901CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 00431D50, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 92COMMON

Download Yara Rule

APIs

__vbaNew2.MSVBVM60(0040A14C,(RT,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00431D94
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00431DB3
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409974,000001C8), ref: 00431DF2
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00431E01
__vbaNew2.MSVBVM60(0040A14C,(RT,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00431E16
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00431E2F
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409A04,00000088), ref: 00431E52
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00431E61

Strings

(RT, xrefs: 00431D79, 00431D8A, 00431D9A, 00431E03, 00431E0C, 00431E1C

Memory Dump Source

Source File: 00000000.00000002.2202544578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2202537348.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2202580766.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2202591011.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$CheckFreeHresultNew2
String ID: (RT
API String ID: 1645334062-764699761
Opcode ID: 2f3f9f7953b95640d5d1df3913257cee278f01467711dc498cf2c8fcb9e06386
Instruction ID: 116ad077078038e6493d67b0fe859829927b69f7f06258b5196f1853de7dd26e
Opcode Fuzzy Hash: 2f3f9f7953b95640d5d1df3913257cee278f01467711dc498cf2c8fcb9e06386
Instruction Fuzzy Hash: AE316274A40304ABCB14DFA9C989F9ABBB8FF4C701F108529F545E73A5D7389901CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00424AC0, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 75COMMON

Download Yara Rule

APIs

__vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424B0C
__vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424B14
__vbaNew2.MSVBVM60(0040A14C,(RT,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424B29
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424B42
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409954,00000220), ref: 00424B85
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424B8E
__vbaFreeStr.MSVBVM60(00424BB6,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424BAE
__vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424BB3

Strings

(RT, xrefs: 00424B16, 00424B1F, 00424B2F

Memory Dump Source

Source File: 00000000.00000002.2202544578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2202537348.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2202580766.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2202591011.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$Free$Copy$CheckHresultNew2
String ID: (RT
API String ID: 1874231197-764699761
Opcode ID: b3de2741a884ba66c6e0dc536366742fc49d0bd61385298be0de65dd2914f2d8
Instruction ID: 5322bd1987205389bf6d946a79716689a0e8260190b249c2e899f9ee9d0b38b0
Opcode Fuzzy Hash: b3de2741a884ba66c6e0dc536366742fc49d0bd61385298be0de65dd2914f2d8
Instruction Fuzzy Hash: 6F215175E00219DFCB04DFA9D989A9EBFB8FF4C300F10816AE515A72A5C778A941CF94

Uniqueness

Uniqueness Score: -1.00%

Function 00425830, Relevance: 13.5, APIs: 9, Instructions: 47COMMON

Download Yara Rule

APIs

__vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,00401746), ref: 00425870
__vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,00401746), ref: 00425878
__vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,00401746), ref: 00425880
__vbaCyStr.MSVBVM60(00409AC0,?,?,?,?,?,?,?,00401746), ref: 00425887
__vbaFpCmpCy.MSVBVM60(00000000,?,?,?,?,?,?,?,?,00401746), ref: 00425895
#569.MSVBVM60(0000002F,?,?,?,?,?,?,?,?,00401746), ref: 004258A1
__vbaFreeStr.MSVBVM60(004258C3,?,?,?,?,?,?,?,?,00401746), ref: 004258B6
__vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,00401746), ref: 004258BB
__vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,00401746), ref: 004258C0

Memory Dump Source

Source File: 00000000.00000002.2202544578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2202537348.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2202580766.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2202591011.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$CopyFree$#569
String ID:
API String ID: 3911904416-0
Opcode ID: 5edaf88591391681e2145a8739ccb91f35755f997f98929e0ecf3979915413c6
Instruction ID: d6ef5a4df48c5f6f6e330365a7503caf813aa0cdbaaf88e781f996121f92ec88
Opcode Fuzzy Hash: 5edaf88591391681e2145a8739ccb91f35755f997f98929e0ecf3979915413c6
Instruction Fuzzy Hash: 86111B70D0025EDBCB00EFA4EE45AEEBBB8EF48700F10416AA505B31A4DB746A45CFE5

Uniqueness

Uniqueness Score: -1.00%

Function 00425040, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 91COMMON

Download Yara Rule

APIs

__vbaStrCopy.MSVBVM60 ref: 00425083
__vbaNew2.MSVBVM60(0040A14C,(RT), ref: 0042509C
__vbaObjSet.MSVBVM60(?,00000000), ref: 004250B5
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409974,000001CC), ref: 0042513C
__vbaFreeObj.MSVBVM60 ref: 00425145
__vbaFreeStr.MSVBVM60(00425167), ref: 00425160

Strings

(RT, xrefs: 00425089, 00425092, 004250A2

Memory Dump Source

Source File: 00000000.00000002.2202544578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2202537348.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2202580766.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2202591011.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$Free$CheckCopyHresultNew2
String ID: (RT
API String ID: 4138333463-764699761
Opcode ID: 36e19c643a749de4c9f98f0f26e3ef9345445dc7676fee39b65dcd88194fdefe
Instruction ID: a776cf2307da792f29ced093327e8248e37be5dbc0af261043c53f96bb4853c4
Opcode Fuzzy Hash: 36e19c643a749de4c9f98f0f26e3ef9345445dc7676fee39b65dcd88194fdefe
Instruction Fuzzy Hash: 7E3108B4E002149FCB04DFA9D989A9ABBF4FF49700F10C06AE509AB365D7389902CF95

Uniqueness

Uniqueness Score: -1.00%

Function 00424E20, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

__vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424E63
__vbaNew2.MSVBVM60(0040A14C,(RT,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424E7C
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424E95
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409974,000001C8), ref: 00424ED8
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424EE1
__vbaFreeStr.MSVBVM60(00424F02,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424EFB

Strings

(RT, xrefs: 00424E69, 00424E72, 00424E82

Memory Dump Source

Source File: 00000000.00000002.2202544578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2202537348.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2202580766.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2202591011.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$Free$CheckCopyHresultNew2
String ID: (RT
API String ID: 4138333463-764699761
Opcode ID: 14df62b4e661472db2697c04a30383ec9d51b0f6c21ff4f63978a15009101c4f
Instruction ID: e93f92d18b185c2069a199da7afe3e2a4c956638d36d99257852b577961b8e79
Opcode Fuzzy Hash: 14df62b4e661472db2697c04a30383ec9d51b0f6c21ff4f63978a15009101c4f
Instruction Fuzzy Hash: 87217174A40204DFCB04DFA9D989EAABBB8FF49301F10806AF515E72A5C7389941CF94

Uniqueness

Uniqueness Score: -1.00%

Function 00424F30, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 64
COMMON

Download Yara Rule

C-Code - Quality: 20%

			E00424F30(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v28;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v44;
				intOrPtr* _t19;
				intOrPtr* _t21;
				intOrPtr* _t23;
				void* _t26;
				intOrPtr* _t28;
				intOrPtr* _t38;
				void* _t39;
				void* _t41;
				intOrPtr _t42;
				intOrPtr _t43;

				_t42 = _t41 - 0xc;
				 *[fs:0x0] = _t42;
				_t43 = _t42 - 0x28;
				_v16 = _t43;
				_v12 = 0x401208;
				_v8 = 0;
				_t19 = _a4;
				 *((intOrPtr*)( *_t19 + 4))(_t19, __edi, __esi, __ebx,  *[fs:0x0], 0x401746, _t39);
				_t21 =  *0x433010; // 0x545228
				_v28 = 0;
				_v32 = 0;
				if(_t21 == 0) {
					__imp____vbaNew2(0x40a14c, "(RT");
					_t21 =  *0x433010; // 0x545228
				}
				_t23 =  &_v32;
				__imp____vbaObjSet(_t23,  *((intOrPtr*)( *_t21 + 0x354))(_t21));
				_t28 = _t43 - 0x10;
				 *_t28 = 0xa;
				_t38 = _t23;
				 *((intOrPtr*)(_t28 + 4)) = _v44;
				 *((intOrPtr*)(_t28 + 8)) = 0x80020004;
				 *((intOrPtr*)(_t28 + 0xc)) = _v36;
				_t26 =  *((intOrPtr*)( *_t38 + 0x1ec))(_t38, L"PHACOCELE");
				asm("fclex");
				if(_t26 < 0) {
					__imp____vbaHresultCheckObj(_t26, _t38, 0x409964, 0x1ec);
				}
				__imp____vbaFreeObj();
				_v28 = 0x2be5;
				_push(0x425009);
				return _t26;
			}

0x00424f33
0x00424f42
0x00424f49
0x00424f4f
0x00424f52
0x00424f5b
0x00424f5e
0x00424f64
0x00424f67
0x00424f6e
0x00424f71
0x00424f74
0x00424f80
0x00424f86
0x00424f86
0x00424f95
0x00424f99
0x00424fa2
0x00424fa9
0x00424fae
0x00424fb2
0x00424fba
0x00424fc6
0x00424fc9
0x00424fcf
0x00424fd3
0x00424fe1
0x00424fe1
0x00424fea
0x00424ff0
0x00424ff7
0x00000000

APIs

__vbaNew2.MSVBVM60(0040A14C,(RT,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424F80
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424F99
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409964,000001EC), ref: 00424FE1
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424FEA

Strings

PHACOCELE, xrefs: 00424FC0
(RT, xrefs: 00424F67, 00424F76, 00424F86
+, xrefs: 00424FF0

Memory Dump Source

Source File: 00000000.00000002.2202544578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2202537348.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2202580766.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2202591011.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$CheckFreeHresultNew2
String ID: (RT$PHACOCELE$+
API String ID: 1645334062-897189005
Opcode ID: 12b9ce720c898f97ba00850c8f5fb71147afbdd739971cbbb8621d5f4e07d0e8
Instruction ID: d59e37c62d2e5d766b26790879dabc63d50207eaaf69630922185673f52cbc59
Opcode Fuzzy Hash: 12b9ce720c898f97ba00850c8f5fb71147afbdd739971cbbb8621d5f4e07d0e8
Instruction Fuzzy Hash: 972180B4A00304ABCB04DF99DD89B9ABBB8FB49701F10856AF505E7291C3789901CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00425B90, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

__vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,00401746), ref: 00425BD3
__vbaNew2.MSVBVM60(0040A14C,(RT,?,?,?,?,?,?,?,?,00401746), ref: 00425BEC
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,00401746), ref: 00425C05
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409A04,000001AC,?,?,?,?,?,?,?,?,00401746), ref: 00425C28
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,00401746), ref: 00425C31
__vbaFreeStr.MSVBVM60(00425C52,?,?,?,?,?,?,?,?,00401746), ref: 00425C4B

Strings

(RT, xrefs: 00425BD9, 00425BE2, 00425BF2

Memory Dump Source

Source File: 00000000.00000002.2202544578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2202537348.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2202580766.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2202591011.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$Free$CheckCopyHresultNew2
String ID: (RT
API String ID: 4138333463-764699761
Opcode ID: 756f6b035e32b18ac07c3f37c8a7dece15b309214154d09f0be6497812d20786
Instruction ID: 5e3db1a9c3429f9f3288b209a0862c076ad3080f2d8b6768de989c50c96a5040
Opcode Fuzzy Hash: 756f6b035e32b18ac07c3f37c8a7dece15b309214154d09f0be6497812d20786
Instruction Fuzzy Hash: BA118E74A00204EFCB04DFA5DA49EAEBBB8FF49701F104466F555E72A0D7385902CF98

Uniqueness

Uniqueness Score: -1.00%

Function 00425240, Relevance: 12.1, APIs: 8, Instructions: 97COMMON

Download Yara Rule

APIs

#672.MSVBVM60(00000000,40080000,00000000,3FF00000,00000000,3FF00000,00000000,3FF00000), ref: 004252A1
__vbaFpR8.MSVBVM60 ref: 004252A7
__vbaNew2.MSVBVM60(004099E4,004333CC), ref: 004252D0
__vbaHresultCheckObj.MSVBVM60(00000000,01E51794,004099D4,0000001C), ref: 004252F5
__vbaHresultCheckObj.MSVBVM60(00000000,?,004099F4,0000005C), ref: 00425339
__vbaStrMove.MSVBVM60 ref: 0042534C
__vbaFreeObj.MSVBVM60 ref: 00425355
__vbaFreeStr.MSVBVM60(0042538E), ref: 00425387

Memory Dump Source

Source File: 00000000.00000002.2202544578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2202537348.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2202580766.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2202591011.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$CheckFreeHresult$#672MoveNew2
String ID:
API String ID: 2213023555-0
Opcode ID: d03bc499453449d9573a4e8ef43a5397d45b3028cbeedebbf62b4f665515c7fc
Instruction ID: a290a1b5633ba569a80f4364f7eb58ab6e41390aae3439afe5c06b49b155ed99
Opcode Fuzzy Hash: d03bc499453449d9573a4e8ef43a5397d45b3028cbeedebbf62b4f665515c7fc
Instruction Fuzzy Hash: 24314EB0900609ABCB10DF95DD88B9EBBB8FF48740F20805AE905B72A4C7785941CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 004258E0, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 62
COMMON

Download Yara Rule

C-Code - Quality: 19%

			E004258E0(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v28;
				intOrPtr _v32;
				intOrPtr _v40;
				intOrPtr* _t17;
				intOrPtr* _t19;
				intOrPtr* _t21;
				void* _t24;
				intOrPtr* _t26;
				intOrPtr* _t36;
				void* _t37;
				void* _t39;
				intOrPtr _t40;
				intOrPtr _t41;

				_t40 = _t39 - 0xc;
				 *[fs:0x0] = _t40;
				_t41 = _t40 - 0x24;
				_v16 = _t41;
				_v12 = 0x401290;
				_v8 = 0;
				_t17 = _a4;
				 *((intOrPtr*)( *_t17 + 4))(_t17, __edi, __esi, __ebx,  *[fs:0x0], 0x401746, _t37);
				_t19 =  *0x433010; // 0x545228
				_v28 = 0;
				if(_t19 == 0) {
					__imp____vbaNew2(0x40a14c, "(RT");
					_t19 =  *0x433010; // 0x545228
				}
				_t21 =  &_v28;
				__imp____vbaObjSet(_t21,  *((intOrPtr*)( *_t19 + 0x358))(_t19));
				_t26 = _t41 - 0x10;
				 *_t26 = 0xa;
				_t36 = _t21;
				 *((intOrPtr*)(_t26 + 4)) = _v40;
				 *((intOrPtr*)(_t26 + 8)) = 0x80020004;
				 *((intOrPtr*)(_t26 + 0xc)) = _v32;
				_t24 =  *((intOrPtr*)( *_t36 + 0x1ec))(_t36, L"Rubedity");
				asm("fclex");
				if(_t24 < 0) {
					__imp____vbaHresultCheckObj(_t24, _t36, 0x409adc, 0x1ec);
				}
				__imp____vbaFreeObj();
				_push(0x4259af);
				return _t24;
			}

0x004258e3
0x004258f2
0x004258f9
0x004258ff
0x00425902
0x0042590b
0x0042590e
0x00425914
0x00425917
0x0042591e
0x00425921
0x0042592d
0x00425933
0x00425933
0x00425942
0x00425946
0x0042594f
0x00425956
0x0042595b
0x0042595f
0x00425967
0x00425973
0x00425976
0x0042597c
0x00425980
0x0042598e
0x0042598e
0x00425997
0x0042599d
0x00000000

APIs

__vbaNew2.MSVBVM60(0040A14C,(RT,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 0042592D
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00425946
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409ADC,000001EC), ref: 0042598E
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00425997

Strings

Rubedity, xrefs: 0042596D
(RT, xrefs: 00425917, 00425923, 00425933

Memory Dump Source

Source File: 00000000.00000002.2202544578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2202537348.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2202580766.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2202591011.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$CheckFreeHresultNew2
String ID: (RT$Rubedity
API String ID: 1645334062-112018139
Opcode ID: 989ac7d9801ea6c6c6b649e1053860ae0993d9f268a224562a69b06ed4e314cf
Instruction ID: 8edafd98880e749bae474b2feedee2ec17763cbba996a59d16f38de0083cf79d
Opcode Fuzzy Hash: 989ac7d9801ea6c6c6b649e1053860ae0993d9f268a224562a69b06ed4e314cf
Instruction Fuzzy Hash: 6A2193B4A40204EFCB04DF99D989B9ABFF8FB49701F108066F545E7291C6789941CB99

Uniqueness

Uniqueness Score: -1.00%

Function 00425D00, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60COMMON

Download Yara Rule

APIs

__vbaOnError.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00425D44
__vbaNew2.MSVBVM60(0040A14C,(RT,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00425D5D
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00425D76
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409A04,00000140,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00425D9D
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00401746), ref: 00425DAC

Strings

(RT, xrefs: 00425D4A, 00425D53, 00425D63

Memory Dump Source

Source File: 00000000.00000002.2202544578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2202537348.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2202580766.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2202591011.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$CheckErrorFreeHresultNew2
String ID: (RT
API String ID: 3750743295-764699761
Opcode ID: b14b221676cf48712972c40fd7c865dc5584e7cbc0213bc3e250b950899d8b99
Instruction ID: aebd9c64966058db610805d6956d2aca9fa7e8320958a7938f1e966658d03e7a
Opcode Fuzzy Hash: b14b221676cf48712972c40fd7c865dc5584e7cbc0213bc3e250b950899d8b99
Instruction Fuzzy Hash: 75215C74A40214ABCB10DF96CA49E9EBBF8FF89701F10446AF551F72A0C77859018FA8

Uniqueness

Uniqueness Score: -1.00%

Function 004259D0, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 49COMMON

Download Yara Rule

APIs

__vbaVarDup.MSVBVM60 ref: 00425A27
#687.MSVBVM60(?,?), ref: 00425A35
__vbaDateVar.MSVBVM60(?), ref: 00425A3F
__vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 00425A51

Strings

7-7-7, xrefs: 00425A19
Lu, xrefs: 00425A5A

Memory Dump Source

Source File: 00000000.00000002.2202544578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2202537348.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2202580766.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2202591011.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$#687DateFreeList
String ID: 7-7-7$Lu
API String ID: 3303533072-1249225327
Opcode ID: facbad71416659fbb2e9bc7a4ffa1e8d0139a3acc9ad01944beeb1cc8f9dcaa8
Instruction ID: 8ca2dbe8ab4f1f5649ded12f3ea8614846f4dd31889bb755d75bc59398dcdd18
Opcode Fuzzy Hash: facbad71416659fbb2e9bc7a4ffa1e8d0139a3acc9ad01944beeb1cc8f9dcaa8
Instruction Fuzzy Hash: 22110AB1C10228EBCB00DFD4DD89ADEBBB8FB48B04F04415AF501A7650D7B85505CF94

Uniqueness

Uniqueness Score: -1.00%

Function 00425190, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

#669.MSVBVM60(?,?,?,?,?,?,?,00401746), ref: 004251CA
__vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,00401746), ref: 004251D5
__vbaStrCmp.MSVBVM60(Distriktsbladet6,00000000,?,?,?,?,?,?,?,00401746), ref: 004251E1
__vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,00401746), ref: 004251F3
#568.MSVBVM60(0000003C,?,?,?,?,?,?,?,00401746), ref: 00425200

Strings

Distriktsbladet6, xrefs: 004251DC

Memory Dump Source

Source File: 00000000.00000002.2202544578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2202537348.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2202580766.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2202591011.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$#568#669FreeMove
String ID: Distriktsbladet6
API String ID: 2447501155-846783287
Opcode ID: 966450b06de21ed9c13c1a808149436ab6664e89ca7304e9e6358e800033aaaf
Instruction ID: 61cd527bcf450c51f942b67c3faaedb5405b7962db3e9bdf1a35c1bc71e14c92
Opcode Fuzzy Hash: 966450b06de21ed9c13c1a808149436ab6664e89ca7304e9e6358e800033aaaf
Instruction Fuzzy Hash: 3201A275D00614EBC700AFA4DD49AAFBBB8EB45B00F908166F942F36A0C7385945CF95

Uniqueness

Uniqueness Score: -1.00%

Function 0042D750, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85
COMMON

Download Yara Rule

C-Code - Quality: 19%

			E0042D750(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v56;
				intOrPtr _v64;
				intOrPtr _v72;
				intOrPtr* _t31;
				intOrPtr* _t33;
				intOrPtr* _t35;
				intOrPtr* _t40;
				void* _t41;
				intOrPtr* _t43;
				intOrPtr* _t47;
				intOrPtr* _t60;
				void* _t61;
				void* _t63;
				intOrPtr _t64;
				intOrPtr _t65;
				intOrPtr* _t66;
				intOrPtr* _t67;

				_t64 = _t63 - 0xc;
				 *[fs:0x0] = _t64;
				_t65 = _t64 - 0x44;
				_v16 = _t65;
				_v12 = 0x4016a8;
				_v8 = 0;
				_t31 = _a4;
				 *((intOrPtr*)( *_t31 + 4))(_t31, __edi, __esi, __ebx,  *[fs:0x0], 0x401746, _t61);
				_t33 =  *0x433010; // 0x545228
				_v28 = 0;
				if(_t33 == 0) {
					__imp____vbaNew2(0x40a14c, "(RT");
					_t33 =  *0x433010; // 0x545228
				}
				_t35 =  &_v28;
				__imp____vbaObjSet(_t35,  *((intOrPtr*)( *_t33 + 0x3b4))(_t33));
				_t66 = _t65 - 0x10;
				_t60 = _t35;
				_t43 = _t66;
				 *_t43 = 0xa;
				_v44 = 0xa;
				 *((intOrPtr*)(_t43 + 4)) = _v72;
				 *((intOrPtr*)(_t43 + 8)) = 0x80020004;
				 *((intOrPtr*)(_t43 + 0xc)) = _v64;
				_t67 = _t66 - 0x10;
				_t47 = _t67;
				 *_t47 = 0xa;
				 *((intOrPtr*)(_t47 + 4)) = _v56;
				 *((intOrPtr*)(_t47 + 8)) = 0x80020004;
				_v36 = 0x80020004;
				 *((intOrPtr*)(_t47 + 0xc)) = _v48;
				_t40 = _t67 - 0x10;
				 *_t40 = _v44;
				 *((intOrPtr*)(_t40 + 4)) = _v40;
				 *((intOrPtr*)(_t40 + 8)) = _v36;
				 *((intOrPtr*)(_t40 + 0xc)) = _v32;
				_t41 =  *((intOrPtr*)( *_t60 + 0x1d0))(_t60, 0x46e36000);
				asm("fclex");
				if(_t41 < 0) {
					__imp____vbaHresultCheckObj(_t41, _t60, 0x409b10, 0x1d0);
				}
				__imp____vbaFreeObj();
				asm("wait");
				_push(0x42d85f);
				return _t41;
			}

0x0042d753
0x0042d762
0x0042d769
0x0042d76f
0x0042d772
0x0042d77b
0x0042d77e
0x0042d784
0x0042d787
0x0042d78e
0x0042d791
0x0042d79d
0x0042d7a3
0x0042d7a3
0x0042d7b2
0x0042d7b6
0x0042d7bc
0x0042d7bf
0x0042d7c1
0x0042d7ca
0x0042d7cc
0x0042d7d2
0x0042d7dc
0x0042d7e2
0x0042d7e5
0x0042d7e8
0x0042d7ef
0x0042d7f4
0x0042d7f7
0x0042d7fa
0x0042d800
0x0042d80c
0x0042d80e
0x0042d813
0x0042d81e
0x0042d822
0x0042d825
0x0042d82b
0x0042d82f
0x0042d83d
0x0042d83d
0x0042d846
0x0042d84c
0x0042d84d
0x00000000

APIs

__vbaNew2.MSVBVM60(0040A14C,(RT), ref: 0042D79D
__vbaObjSet.MSVBVM60(?,00000000), ref: 0042D7B6
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409B10,000001D0), ref: 0042D83D
__vbaFreeObj.MSVBVM60 ref: 0042D846

Strings

(RT, xrefs: 0042D787, 0042D793, 0042D7A3

Memory Dump Source

Source File: 00000000.00000002.2202544578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2202537348.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2202580766.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2202591011.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$CheckFreeHresultNew2
String ID: (RT
API String ID: 1645334062-764699761
Opcode ID: 7318501d0b8fdda0203af5e902a68bcf169e8258f1a52df0951113e99549986f
Instruction ID: 70f56478985c9cd3eb8c434365a541da73a9ac384ad3b08b42247f68221efb92
Opcode Fuzzy Hash: 7318501d0b8fdda0203af5e902a68bcf169e8258f1a52df0951113e99549986f
Instruction Fuzzy Hash: 14311AB4E002049FCB04DFA8D985A9ABBF8FF48700F20C46AE409AB355D7399801CF94

Uniqueness

Uniqueness Score: -1.00%

Function 00424840, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

#660.MSVBVM60(?,?,?,00000001,00000001), ref: 004248A1
__vbaVarTstNe.MSVBVM60(?,?), ref: 004248B9
__vbaFreeVarList.MSVBVM60(00000003,00000002,0000000A,?), ref: 004248CF
#532.MSVBVM60(RESTARTED), ref: 004248E2

Strings

RESTARTED, xrefs: 004248DD

Memory Dump Source

Source File: 00000000.00000002.2202544578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2202537348.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2202580766.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2202591011.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$#532#660FreeList
String ID: RESTARTED
API String ID: 675845651-3446605417
Opcode ID: 6b6f602c2639db14cfcaccee84e22537d62f5a5f5ad6ee7c47f007c81d70a7a4
Instruction ID: d30b72e28953de9f2be757b277d73411f24bdd109367d15f8962842fe040ad4f
Opcode Fuzzy Hash: 6b6f602c2639db14cfcaccee84e22537d62f5a5f5ad6ee7c47f007c81d70a7a4
Instruction Fuzzy Hash: 1C1129B5D40228EBDB00DF94DD89FDEBBB8FB48B00F50421AF505B2290D7B81548CB65

Uniqueness

Uniqueness Score: -1.00%

Function 0042DC30, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__vbaNew2.MSVBVM60(0040A14C,(RT,?,?,?,?,?,?,?,?,00401746), ref: 0042DC80
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,00401746), ref: 0042DC99
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409A04,000001A8,?,?,?,?,?,?,?,?,00401746), ref: 0042DCBC
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,00401746), ref: 0042DCC5

Strings

(RT, xrefs: 0042DC67, 0042DC76, 0042DC86

Memory Dump Source

Source File: 00000000.00000002.2202544578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2202537348.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2202580766.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2202591011.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$CheckFreeHresultNew2
String ID: (RT
API String ID: 1645334062-764699761
Opcode ID: 3d57fab9576f8edc24bb3d88d15002d814a24de4e89215d3f0bad1a7daa73ffa
Instruction ID: 64216d29a521869ad124ed06d40b43ff42c95b0837524ed37390eafe3a59424f
Opcode Fuzzy Hash: 3d57fab9576f8edc24bb3d88d15002d814a24de4e89215d3f0bad1a7daa73ffa
Instruction Fuzzy Hash: 11114FB4E40204ABC700DF96DD49B9ABBBCFF59701F604426F551E72A0C7785941CA99

Uniqueness

Uniqueness Score: -1.00%

Function 00425AB0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53
COMMON

Download Yara Rule

C-Code - Quality: 18%

			E00425AB0(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v28;
				char _v32;
				intOrPtr* _t14;
				intOrPtr* _t16;
				intOrPtr* _t18;
				void* _t19;
				intOrPtr* _t28;
				void* _t29;
				void* _t31;
				intOrPtr _t32;

				_t32 = _t31 - 0xc;
				 *[fs:0x0] = _t32;
				_v16 = _t32 - 0x18;
				_v12 = 0x4012b0;
				_v8 = 0;
				_t14 = _a4;
				 *((intOrPtr*)( *_t14 + 4))(_t14, __edi, __esi, __ebx,  *[fs:0x0], 0x401746, _t29);
				_t16 =  *0x433010; // 0x545228
				_v28 = 0;
				_v32 = 0;
				if(_t16 == 0) {
					__imp____vbaNew2(0x40a14c, "(RT");
					_t16 =  *0x433010; // 0x545228
				}
				_t18 =  &_v32;
				__imp____vbaObjSet(_t18,  *((intOrPtr*)( *_t16 + 0x378))(_t16));
				_t28 = _t18;
				_t19 =  *((intOrPtr*)( *_t28 + 0x21c))(_t28);
				asm("fclex");
				if(_t19 < 0) {
					__imp____vbaHresultCheckObj(_t19, _t28, 0x409954, 0x21c);
				}
				__imp____vbaFreeObj();
				_v28 = 0x4c22e;
				_push(0x425b64);
				return _t19;
			}

0x00425ab3
0x00425ac2
0x00425acf
0x00425ad2
0x00425adb
0x00425ade
0x00425ae4
0x00425ae7
0x00425aee
0x00425af1
0x00425af4
0x00425b00
0x00425b06
0x00425b06
0x00425b15
0x00425b19
0x00425b1f
0x00425b24
0x00425b2a
0x00425b2e
0x00425b3c
0x00425b3c
0x00425b45
0x00425b4b
0x00425b52
0x00000000

APIs

__vbaNew2.MSVBVM60(0040A14C,(RT,?,?,?,?,?,?,?,?,00401746), ref: 00425B00
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,00401746), ref: 00425B19
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409954,0000021C,?,?,?,?,?,?,?,?,00401746), ref: 00425B3C
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,00401746), ref: 00425B45

Strings

(RT, xrefs: 00425AE7, 00425AF6, 00425B06

Memory Dump Source

Source File: 00000000.00000002.2202544578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2202537348.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2202580766.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2202591011.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$CheckFreeHresultNew2
String ID: (RT
API String ID: 1645334062-764699761
Opcode ID: c0adb74df300532787617fb9f7d3334b1765759aff83d8e8979fb064e4e6de2c
Instruction ID: 42bfde65fcf0389ef10ed57bcc65d986bcef6efdfb101c90a025bbd7737f0359
Opcode Fuzzy Hash: c0adb74df300532787617fb9f7d3334b1765759aff83d8e8979fb064e4e6de2c
Instruction Fuzzy Hash: C0119EB8E40604ABC710DFA5DA89F9AFFB8FF58701F204466F551E72A1C77859018B98

Uniqueness

Uniqueness Score: -1.00%

Function 004253C0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 17%

			E004253C0(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v28;
				intOrPtr* _t12;
				intOrPtr* _t14;
				intOrPtr* _t16;
				void* _t17;
				intOrPtr* _t26;
				void* _t27;
				void* _t29;
				intOrPtr _t30;

				_t30 = _t29 - 0xc;
				 *[fs:0x0] = _t30;
				_v16 = _t30 - 0x14;
				_v12 = 0x401250;
				_v8 = 0;
				_t12 = _a4;
				 *((intOrPtr*)( *_t12 + 4))(_t12, __edi, __esi, __ebx,  *[fs:0x0], 0x401746, _t27);
				_t14 =  *0x433010; // 0x545228
				_v28 = 0;
				if(_t14 == 0) {
					__imp____vbaNew2(0x40a14c, "(RT");
					_t14 =  *0x433010; // 0x545228
				}
				_t16 =  &_v28;
				__imp____vbaObjSet(_t16,  *((intOrPtr*)( *_t14 + 0x338))(_t14));
				_t26 = _t16;
				_t17 =  *((intOrPtr*)( *_t26 + 0x1ac))(_t26);
				asm("fclex");
				if(_t17 < 0) {
					__imp____vbaHresultCheckObj(_t17, _t26, 0x409a04, 0x1ac);
				}
				__imp____vbaFreeObj();
				_push(0x42546a);
				return _t17;
			}

0x004253c3
0x004253d2
0x004253df
0x004253e2
0x004253eb
0x004253ee
0x004253f4
0x004253f7
0x004253fe
0x00425401
0x0042540d
0x00425413
0x00425413
0x00425422
0x00425426
0x0042542c
0x00425431
0x00425437
0x0042543b
0x00425449
0x00425449
0x00425452
0x00425458
0x00000000

APIs

__vbaNew2.MSVBVM60(0040A14C,(RT,?,?,?,?,?,?,?,00401746), ref: 0042540D
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,00401746), ref: 00425426
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00409A04,000001AC,?,?,?,?,?,?,?,00401746), ref: 00425449
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,00401746), ref: 00425452

Strings

(RT, xrefs: 004253F7, 00425403, 00425413

Memory Dump Source

Source File: 00000000.00000002.2202544578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2202537348.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2202580766.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2202591011.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$CheckFreeHresultNew2
String ID: (RT
API String ID: 1645334062-764699761
Opcode ID: 15066cf2bc776ccd6f280a9b0d227e33fa94bddf631f485540b6e2bf07da5dc4
Instruction ID: 76f6a4e4ac2d6c6b8d4e0d48d8693851c14c2989a070a5c6ca1b50774761b537
Opcode Fuzzy Hash: 15066cf2bc776ccd6f280a9b0d227e33fa94bddf631f485540b6e2bf07da5dc4
Instruction Fuzzy Hash: 2A117C74A40604ABC700EFA5DD89B9ABBB8FB49701F104466F542E72A1C77899418AA9

Uniqueness

Uniqueness Score: -1.00%

Function 00424D70, Relevance: 7.5, APIs: 5, Instructions: 35COMMON

Download Yara Rule

APIs

__vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424DAA
#546.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424DB4
__vbaVarMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401746), ref: 00424DC0
__vbaFreeVar.MSVBVM60(00424DF8), ref: 00424DE8
__vbaFreeStr.MSVBVM60 ref: 00424DF1

Memory Dump Source

Source File: 00000000.00000002.2202544578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2202537348.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.2202580766.0000000000433000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.2202591011.0000000000435000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_RICHIESTA DI OFFERTA.jbxd

Similarity

API ID: __vba$Free$#546CopyMove
String ID:
API String ID: 2278598164-0
Opcode ID: 7a11eb6d7ed8b28ed0475e178c5beb416b3c73dd893bc135aea1a441c7e50e83
Instruction ID: 48cc0dd06087de835e62770d10066453df31cd834c61ba1c00de49ae01419032
Opcode Fuzzy Hash: 7a11eb6d7ed8b28ed0475e178c5beb416b3c73dd893bc135aea1a441c7e50e83
Instruction Fuzzy Hash: 14010870D00209ABCF04DFA4DA88ADEBBB8FB08701F108426E511B6164EB386505CF68

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report RICHIESTA DI OFFERTA.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Sigma Overview

Jbx Signature Overview

AV Detection:

Compliance:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

Language, Device and Operating System Detection:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Network Behavior

Code Manipulations

Statistics

CPU Usage

Memory Usage

System Behavior

Analysis Process: RICHIESTA DI OFFERTA.exe PID: 2660 Parent PID: 2032

General

Chronological Activities

Disassembly

Code Analysis

Analysis Process: RICHIESTA DI OFFERTA.exe PID: 2660 Parent PID: 2032 RICHIESTA DI OFFERTA.exeCOMMON

Execution Graph

Graph

Executed Functions

Function 01DCC329, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63windowCOMMON

Function 00431EA0, Relevance: 68.5, APIs: 37, Strings: 2, Instructions: 263COMMON

Control-flow Graph

Function 0042D590, Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 127COMMON

Function 00431EA0, Relevance: 68.5, APIs: 37, Strings: 2, Instructions: 263
COMMON

Function 0042D590, Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 127
COMMON

Function 0040BD48, Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 103
COMMON

Function 004019B0, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 189
COMMON

Function 01DCC468, Relevance: 1.5, APIs: 1, Instructions: 35
COMMON

Function 0040BCB9, Relevance: 56.3, APIs: 31, Strings: 1, Instructions: 287
COMMON

Function 0042DD10, Relevance: 42.2, APIs: 21, Strings: 3, Instructions: 163
COMMON

Function 0042D880, Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 117
COMMON

Function 00425490, Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 130
COMMON

Function 004256A0, Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 113
COMMON

Function 0042DA30, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 140
COMMON

Function 0042D3D0, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 117
COMMON

Function 00424930, Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 107
COMMON

Function 00424BE0, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 114
COMMON

Function 00424F30, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 64
COMMON

Function 004258E0, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 62
COMMON

Function 0042D750, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85
COMMON

Function 00425AB0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53
COMMON