Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report Shipment Document BLINV and packing list.jpg.exe

Overview

General Information

Sample Name:Shipment Document BLINV and packing list.jpg.exe
Analysis ID:483300
MD5:df2413a552334b77e540bb8c69bf9763
SHA1:453f88a44b3966a97fc4005a0b6edf894cdc8d41
SHA256:434e6827ed58ffd66a28619822626816559605a4e5d7c7cfe8770d3af043527d
Tags:exe
Infos:

Most interesting Screenshot:

Detection

GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Potential malicious icon found
Multi AV Scanner detection for submitted file
GuLoader behavior detected
Yara detected GuLoader
Hides threads from debuggers
Initial sample is a PE file and has a suspicious name
Tries to detect Any.run
Executable has a suspicious name (potential lure to open the executable)
C2 URLs / IPs found in malware configuration
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Found potential dummy code loops (likely to delay analysis)
Uses an obfuscated file name to hide its real file extension (double extension)
Machine Learning detection for sample
Uses 32bit PE files
Sample file is different than original file name gathered from version info
PE file contains strange resources
Contains functionality to read the PEB
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Checks if the current process is being debugged
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Creates processes with suspicious names
Program does not show much activity (idle)
Creates a process in suspended mode (likely to inject code)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Abnormal high CPU Usage

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "https://onedrive.live.com/download?cid=3B15BFABEF8C3B91&resid=3B15BFABEF8C3B91%21114&authkey=ACvtKGWGCmNAnGw"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

      Sigma Overview

      No Sigma rule has matched

      Jbx Signature Overview

      Click to jump to signature section

      Show All Signature Results

      AV Detection:

      barindex
      Found malware configurationShow sources
      Source: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmpMalware Configuration Extractor: GuLoader {"Payload URL": "https://onedrive.live.com/download?cid=3B15BFABEF8C3B91&resid=3B15BFABEF8C3B91%21114&authkey=ACvtKGWGCmNAnGw"}
      Multi AV Scanner detection for submitted fileShow sources
      Source: Shipment Document BLINV and packing list.jpg.exeReversingLabs: Detection: 42%
      Machine Learning detection for sampleShow sources
      Source: Shipment Document BLINV and packing list.jpg.exeJoe Sandbox ML: detected
      Source: Shipment Document BLINV and packing list.jpg.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

      Networking:

      barindex
      C2 URLs / IPs found in malware configurationShow sources
      Source: Malware configuration extractorURLs: https://onedrive.live.com/download?cid=3B15BFABEF8C3B91&resid=3B15BFABEF8C3B91%21114&authkey=ACvtKGWGCmNAnGw
      Source: Shipment Document BLINV and packing list.jpg.exeString found in binary or memory: http://creativecommons.org/licenses/by-nc-sa/3.0/
      Source: Shipment Document BLINV and packing list.jpg.exe, 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmpString found in binary or memory: https://onedrive.live.com/download?cid=3B15BFABEF8C3B91&resid=3B15BFABEF8C3B91%21114&authkey=ACvtKGW

      System Summary:

      barindex
      Potential malicious icon foundShow sources
      Source: initial sampleIcon embedded in PE file: bad icon match: 20047c7c70f0e004
      Initial sample is a PE file and has a suspicious nameShow sources
      Source: initial sampleStatic PE information: Filename: Shipment Document BLINV and packing list.jpg.exe
      Executable has a suspicious name (potential lure to open the executable)Show sources
      Source: Shipment Document BLINV and packing list.jpg.exeStatic file information: Suspicious name
      Source: Shipment Document BLINV and packing list.jpg.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
      Source: Shipment Document BLINV and packing list.jpg.exe, 00000000.00000002.423114119.000000000041E000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameRECIPIENTKVALITETSPLANLGNINGEN.exe vs Shipment Document BLINV and packing list.jpg.exe
      Source: Shipment Document BLINV and packing list.jpg.exe, 00000015.00000000.422167592.000000000041E000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameRECIPIENTKVALITETSPLANLGNINGEN.exe vs Shipment Document BLINV and packing list.jpg.exe
      Source: Shipment Document BLINV and packing list.jpg.exeBinary or memory string: OriginalFilenameRECIPIENTKVALITETSPLANLGNINGEN.exe vs Shipment Document BLINV and packing list.jpg.exe
      Source: Shipment Document BLINV and packing list.jpg.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_004015740_2_00401574
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A8F410_2_020A8F41
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A6FBE0_2_020A6FBE
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A08AC0_2_020A08AC
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020ABD030_2_020ABD03
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A11600_2_020A1160
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A5E010_2_020A5E01
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A3E040_2_020A3E04
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A361A0_2_020A361A
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A121B0_2_020A121B
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A16190_2_020A1619
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A0A140_2_020A0A14
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A56150_2_020A5615
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A32230_2_020A3223
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A1A260_2_020A1A26
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A0A250_2_020A0A25
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A3A330_2_020A3A33
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020ABE370_2_020ABE37
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A1E6C0_2_020A1E6C
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A62660_2_020A6266
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A3E640_2_020A3E64
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A5E790_2_020A5E79
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020AA6880_2_020AA688
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A0A8E0_2_020A0A8E
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A5A830_2_020A5A83
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A3E840_2_020A3E84
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020AA29B0_2_020AA29B
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020AA29D0_2_020AA29D
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A56AB0_2_020A56AB
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020AAEA00_2_020AAEA0
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020ABEB00_2_020ABEB0
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A62B60_2_020A62B6
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A36B50_2_020A36B5
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A16DA0_2_020A16DA
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A76DB0_2_020A76DB
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020AB2DF0_2_020AB2DF
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020AA2ED0_2_020AA2ED
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A5B070_2_020A5B07
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A3B050_2_020A3B05
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A3F190_2_020A3F19
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A5F2E0_2_020A5F2E
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A13210_2_020A1321
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A1F250_2_020A1F25
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020ABF310_2_020ABF31
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020AA3470_2_020AA347
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A17590_2_020A1759
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A57590_2_020A5759
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020AAF6D0_2_020AAF6D
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A63670_2_020A6367
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A1F990_2_020A1F99
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A3BA10_2_020A3BA1
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A27BA0_2_020A27BA
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A47BD0_2_020A47BD
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A27C00_2_020A27C0
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A5FC40_2_020A5FC4
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A13DB0_2_020A13DB
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A17DE0_2_020A17DE
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A6FDD0_2_020A6FDD
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020AAFE70_2_020AAFE7
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A47FA0_2_020A47FA
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020AABF80_2_020AABF8
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A57FF0_2_020A57FF
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A342E0_2_020A342E
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020AA42D0_2_020AA42D
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A14380_2_020A1438
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020AAC5A0_2_020AAC5A
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A5C500_2_020A5C50
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020AB06B0_2_020AB06B
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A706F0_2_020A706F
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A54730_2_020A5473
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A34770_2_020A3477
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A488F0_2_020A488F
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A3C990_2_020A3C99
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A34910_2_020A3491
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A58A90_2_020A58A9
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A6CA50_2_020A6CA5
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A50BB0_2_020A50BB
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A34BB0_2_020A34BB
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A1CB90_2_020A1CB9
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A1CB10_2_020A1CB1
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020AA4CE0_2_020AA4CE
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020AA8DC0_2_020AA8DC
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A6CD60_2_020A6CD6
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020AACE80_2_020AACE8
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A54EE0_2_020A54EE
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A50FF0_2_020A50FF
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A4CF20_2_020A4CF2
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A3CF00_2_020A3CF0
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A5D0E0_2_020A5D0E
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A3D2B0_2_020A3D2B
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020ABD2F0_2_020ABD2F
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A75390_2_020A7539
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A19430_2_020A1943
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020AAD5A0_2_020AAD5A
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A155B0_2_020A155B
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020ABD590_2_020ABD59
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A59510_2_020A5951
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A1D540_2_020A1D54
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A35650_2_020A3565
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020ABD7E0_2_020ABD7E
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A557C0_2_020A557C
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A758B0_2_020A758B
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A3D8F0_2_020A3D8F
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020AA5800_2_020AA580
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A51860_2_020A5186
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A61850_2_020A6185
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A11920_2_020A1192
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A5DAB0_2_020A5DAB
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A19A50_2_020A19A5
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020AADCB0_2_020AADCB
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A11CF0_2_020A11CF
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A1DE60_2_020A1DE6
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A39FD0_2_020A39FD
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020ABDF70_2_020ABDF7
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A59F40_2_020A59F4
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_005608AC21_2_005608AC
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056116021_2_00561160
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056BD0321_2_0056BD03
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00568F4121_2_00568F41
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00566FBE21_2_00566FBE
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00565C5021_2_00565C50
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056AC5A21_2_0056AC5A
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056347721_2_00563477
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056547321_2_00565473
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056706F21_2_0056706F
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056B06B21_2_0056B06B
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056143821_2_00561438
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056342E21_2_0056342E
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056A42D21_2_0056A42D
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00566CD621_2_00566CD6
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056A8DC21_2_0056A8DC
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056A4CE21_2_0056A4CE
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00564CF221_2_00564CF2
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00563CF021_2_00563CF0
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_005650FF21_2_005650FF
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_005654EE21_2_005654EE
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056ACE821_2_0056ACE8
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056349121_2_00563491
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00563C9921_2_00563C99
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056488F21_2_0056488F
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00561CB121_2_00561CB1
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_005650BB21_2_005650BB
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_005634BB21_2_005634BB
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00561CB921_2_00561CB9
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00566CA521_2_00566CA5
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_005658A921_2_005658A9
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00561D5421_2_00561D54
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056595121_2_00565951
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056AD5A21_2_0056AD5A
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056155B21_2_0056155B
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056BD5921_2_0056BD59
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056194321_2_00561943
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056BD7E21_2_0056BD7E
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056557C21_2_0056557C
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056356521_2_00563565
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00565D0E21_2_00565D0E
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056753921_2_00567539
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056BD2F21_2_0056BD2F
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00563D2B21_2_00563D2B
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_005611CF21_2_005611CF
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056ADCB21_2_0056ADCB
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056BDF721_2_0056BDF7
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_005659F421_2_005659F4
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_005639FD21_2_005639FD
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00561DE621_2_00561DE6
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056119221_2_00561192
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056518621_2_00565186
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056618521_2_00566185
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056A58021_2_0056A580
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00563D8F21_2_00563D8F
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056758B21_2_0056758B
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_005619A521_2_005619A5
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00565DAB21_2_00565DAB
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00565E7921_2_00565E79
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056626621_2_00566266
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00563E6421_2_00563E64
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00561E6C21_2_00561E6C
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00560A1421_2_00560A14
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056561521_2_00565615
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056361A21_2_0056361A
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056121B21_2_0056121B
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056161921_2_00561619
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00563E0421_2_00563E04
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00565E0121_2_00565E01
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056BE3721_2_0056BE37
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00563A3321_2_00563A33
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00561A2621_2_00561A26
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00560A2521_2_00560A25
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056322321_2_00563223
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056B2DF21_2_0056B2DF
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_005616DA21_2_005616DA
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_005676DB21_2_005676DB
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056A2ED21_2_0056A2ED
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056A29D21_2_0056A29D
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056A29B21_2_0056A29B
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00563E8421_2_00563E84
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00565A8321_2_00565A83
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00560A8E21_2_00560A8E
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056A68821_2_0056A688
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_005662B621_2_005662B6
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_005636B521_2_005636B5
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056BEB021_2_0056BEB0
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056AEA021_2_0056AEA0
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_005656AB21_2_005656AB
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056175921_2_00561759
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056575921_2_00565759
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056A34721_2_0056A347
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056636721_2_00566367
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056AF6D21_2_0056AF6D
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00563F1921_2_00563F19
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00565B0721_2_00565B07
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00563B0521_2_00563B05
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056BF3121_2_0056BF31
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00561F2521_2_00561F25
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056132121_2_00561321
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00565F2E21_2_00565F2E
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_005617DE21_2_005617DE
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00566FDD21_2_00566FDD
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_005613DB21_2_005613DB
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00565FC421_2_00565FC4
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_005627C021_2_005627C0
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_005657FF21_2_005657FF
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_005647FA21_2_005647FA
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056ABF821_2_0056ABF8
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056AFE721_2_0056AFE7
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00561F9921_2_00561F99
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_005647BD21_2_005647BD
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_005627BA21_2_005627BA
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00563BA121_2_00563BA1
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A8F41 NtWriteVirtualMemory,0_2_020A8F41
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020AB76A NtProtectVirtualMemory,0_2_020AB76A
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A6FBE NtWriteVirtualMemory,NtAllocateVirtualMemory,0_2_020A6FBE
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A1160 NtWriteVirtualMemory,TerminateProcess,0_2_020A1160
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A5E01 NtWriteVirtualMemory,0_2_020A5E01
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A5615 NtWriteVirtualMemory,0_2_020A5615
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A3223 NtWriteVirtualMemory,0_2_020A3223
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A6266 NtWriteVirtualMemory,0_2_020A6266
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A5E79 NtWriteVirtualMemory,0_2_020A5E79
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A5A83 NtWriteVirtualMemory,0_2_020A5A83
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020AA29B NtWriteVirtualMemory,0_2_020AA29B
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A56AB NtWriteVirtualMemory,0_2_020A56AB
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A62B6 NtWriteVirtualMemory,0_2_020A62B6
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A5B07 NtWriteVirtualMemory,0_2_020A5B07
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A5F2E NtWriteVirtualMemory,0_2_020A5F2E
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020AB731 NtProtectVirtualMemory,0_2_020AB731
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A5759 NtWriteVirtualMemory,0_2_020A5759
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A6367 NtWriteVirtualMemory,0_2_020A6367
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A5FC4 NtWriteVirtualMemory,0_2_020A5FC4
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A6FDD NtAllocateVirtualMemory,0_2_020A6FDD
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A57FF NtWriteVirtualMemory,0_2_020A57FF
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A6424 NtWriteVirtualMemory,0_2_020A6424
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A5C50 NtWriteVirtualMemory,0_2_020A5C50
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A706F NtAllocateVirtualMemory,0_2_020A706F
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A5473 NtWriteVirtualMemory,0_2_020A5473
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A648F NtWriteVirtualMemory,0_2_020A648F
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A58A9 NtWriteVirtualMemory,0_2_020A58A9
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A64DA NtWriteVirtualMemory,0_2_020A64DA
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020AA8DC NtWriteVirtualMemory,0_2_020AA8DC
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A54EE NtWriteVirtualMemory,0_2_020A54EE
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A5D0E NtWriteVirtualMemory,0_2_020A5D0E
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A652E NtWriteVirtualMemory,0_2_020A652E
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020ABD2F NtWriteVirtualMemory,K32GetDeviceDriverBaseNameA,0_2_020ABD2F
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A7120 NtAllocateVirtualMemory,0_2_020A7120
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A5951 NtWriteVirtualMemory,0_2_020A5951
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A557C NtWriteVirtualMemory,0_2_020A557C
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A6185 NtWriteVirtualMemory,0_2_020A6185
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A5DAB NtWriteVirtualMemory,0_2_020A5DAB
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A39FD NtWriteVirtualMemory,0_2_020A39FD
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A59F4 NtWriteVirtualMemory,0_2_020A59F4
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00561160 NtProtectVirtualMemory,21_2_00561160
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056B76A NtProtectVirtualMemory,21_2_0056B76A
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00566FBE NtAllocateVirtualMemory,21_2_00566FBE
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056706F NtAllocateVirtualMemory,21_2_0056706F
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00561CB1 NtProtectVirtualMemory,21_2_00561CB1
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00561CB9 NtProtectVirtualMemory,21_2_00561CB9
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00561D54 NtProtectVirtualMemory,21_2_00561D54
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00567120 NtAllocateVirtualMemory,21_2_00567120
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00561DE6 NtProtectVirtualMemory,21_2_00561DE6
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056B731 NtProtectVirtualMemory,21_2_0056B731
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00566FDD NtAllocateVirtualMemory,21_2_00566FDD
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeProcess Stats: CPU usage > 98%
      Source: Shipment Document BLINV and packing list.jpg.exeReversingLabs: Detection: 42%
      Source: Shipment Document BLINV and packing list.jpg.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exe 'C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exe'
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeProcess created: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exe 'C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exe'
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeProcess created: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exe 'C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exe' Jump to behavior
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
      Source: classification engineClassification label: mal100.rans.troj.evad.winEXE@3/0@0/0

      Data Obfuscation:

      barindex
      Yara detected GuLoaderShow sources
      Source: Yara matchFile source: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, type: MEMORY
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_00417B80 push dword ptr [edi+000000BCh]; ret 0_2_0041858C
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_00407075 push esi; retf 0_2_0040707C
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_0040680F push esi; retf 0_2_00406810
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_00404410 pushfd ; retf 0_2_00404412
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_00406CF7 push es; iretd 0_2_00406CF8
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_004060FB push ebp; ret 0_2_004060FC
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_00405143 pushfd ; retf 0_2_00405144
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_00406D6F push es; iretd 0_2_00406D70
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_0040390D push esi; ret 0_2_00403914
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_004069D8 push ss; iretd 0_2_004069F8
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_0040398E push ds; iretd 0_2_004039BF
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_00404675 push eax; ret 0_2_0040467C
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_004046CF push eax; ret 0_2_004046E4
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_004046E5 push esi; ret 0_2_0040472D
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_004046ED push esi; ret 0_2_0040472D
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_0040570C push esi; retf 0_2_00405714
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_00407712 push ebp; retf 0_2_00407724
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_004047D8 push ebp; retf 0_2_004047DC
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_004067DB push es; iretd 0_2_004067DC
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_00407397 push esp; retf 0_2_00407398
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A8909 push esi; retf 0_2_020A890A
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A11CF push ecx; retf D4E7h0_2_020A11DA
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00568909 push esi; retf 21_2_0056890A
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_005611CF push ecx; retf D4E7h21_2_005611DA
      Source: initial sampleStatic PE information: section name: .text entropy: 7.11463820938
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeFile created: \shipment document blinv and packing list.jpg.exe
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeFile created: \shipment document blinv and packing list.jpg.exeJump to behavior

      Hooking and other Techniques for Hiding and Protection:

      barindex
      Uses an obfuscated file name to hide its real file extension (double extension)Show sources
      Source: Possible double extension: jpg.exeStatic PE information: Shipment Document BLINV and packing list.jpg.exe
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion:

      barindex
      Tries to detect Any.runShow sources
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
      Source: Shipment Document BLINV and packing list.jpg.exe, 00000000.00000002.423370081.0000000002080000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERSHELL32ADVAPI32TEMP=WINDIR=\SYSWOW64\MSVBVM60.DLL
      Source: Shipment Document BLINV and packing list.jpg.exe, 00000000.00000002.423370081.0000000002080000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exe TID: 5268Thread sleep count: 43 > 30Jump to behavior
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exe TID: 5268Thread sleep time: -43000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeLast function: Thread delayed
      Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020AA089 rdtsc 0_2_020AA089
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeSystem information queried: ModuleInformationJump to behavior
      Source: Shipment Document BLINV and packing list.jpg.exe, 00000000.00000002.423370081.0000000002080000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublishershell32advapi32TEMP=windir=\syswow64\msvbvm60.dll
      Source: Shipment Document BLINV and packing list.jpg.exe, 00000000.00000002.423370081.0000000002080000.00000004.00000001.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe

      Anti Debugging:

      barindex
      Hides threads from debuggersShow sources
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeThread information set: HideFromDebuggerJump to behavior
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeThread information set: HideFromDebuggerJump to behavior
      Found potential dummy code loops (likely to delay analysis)Show sources
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeProcess Stats: CPU usage > 90% for more than 60s
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A92F7 mov eax, dword ptr fs:[00000030h]0_2_020A92F7
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A6B21 mov eax, dword ptr fs:[00000030h]0_2_020A6B21
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A9B4D mov eax, dword ptr fs:[00000030h]0_2_020A9B4D
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A47BD mov eax, dword ptr fs:[00000030h]0_2_020A47BD
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A47FA mov eax, dword ptr fs:[00000030h]0_2_020A47FA
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020AABF8 mov eax, dword ptr fs:[00000030h]0_2_020AABF8
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020AA8DC mov eax, dword ptr fs:[00000030h]0_2_020AA8DC
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A39FD mov eax, dword ptr fs:[00000030h]0_2_020A39FD
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056A8DC mov eax, dword ptr fs:[00000030h]21_2_0056A8DC
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_005639FD mov eax, dword ptr fs:[00000030h]21_2_005639FD
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_005692F7 mov eax, dword ptr fs:[00000030h]21_2_005692F7
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00569B4D mov eax, dword ptr fs:[00000030h]21_2_00569B4D
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_00566B21 mov eax, dword ptr fs:[00000030h]21_2_00566B21
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_005647FA mov eax, dword ptr fs:[00000030h]21_2_005647FA
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_0056ABF8 mov eax, dword ptr fs:[00000030h]21_2_0056ABF8
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 21_2_005647BD mov eax, dword ptr fs:[00000030h]21_2_005647BD
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeProcess queried: DebugPortJump to behavior
      Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020AA089 rdtsc 0_2_020AA089
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeCode function: 0_2_020A8049 LdrInitializeThunk,0_2_020A8049
      Source: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exeProcess created: C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exe 'C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exe' Jump to behavior
      Source: Shipment Document BLINV and packing list.jpg.exe, 00000015.00000002.733566511.0000000000FC0000.00000002.00020000.sdmpBinary or memory string: Program Manager
      Source: Shipment Document BLINV and packing list.jpg.exe, 00000015.00000002.733566511.0000000000FC0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
      Source: Shipment Document BLINV and packing list.jpg.exe, 00000015.00000002.733566511.0000000000FC0000.00000002.00020000.sdmpBinary or memory string: Progman
      Source: Shipment Document BLINV and packing list.jpg.exe, 00000015.00000002.733566511.0000000000FC0000.00000002.00020000.sdmpBinary or memory string: Progmanlock

      Stealing of Sensitive Information:

      barindex
      GuLoader behavior detectedShow sources
      Source: Initial fileSignature Results: GuLoader behavior

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection12Masquerading1OS Credential DumpingSecurity Software Discovery421Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsVirtualization/Sandbox Evasion321LSASS MemoryVirtualization/Sandbox Evasion321Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothApplication Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Software Packing1Security Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection12NTDSSystem Information Discovery2Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptObfuscated Files or Information12LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      Shipment Document BLINV and packing list.jpg.exe42%ReversingLabsWin32.Trojan.Fragtor
      Shipment Document BLINV and packing list.jpg.exe100%Joe Sandbox ML

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      No contacted domains info

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://onedrive.live.com/download?cid=3B15BFABEF8C3B91&resid=3B15BFABEF8C3B91%21114&authkey=ACvtKGWGCmNAnGwfalse
        		high

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://creativecommons.org/licenses/by-nc-sa/3.0/Shipment Document BLINV and packing list.jpg.exefalse
          		high
          https://onedrive.live.com/download?cid=3B15BFABEF8C3B91&resid=3B15BFABEF8C3B91%21114&authkey=ACvtKGWShipment Document BLINV and packing list.jpg.exe, 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmpfalse
            		high

            Contacted IPs

            No contacted IP infos

            General Information

            Joe Sandbox Version:33.0.0 White Diamond
            Analysis ID:483300
            Start date:14.09.2021
            Start time:19:33:06
            Joe Sandbox Product:CloudBasic
            Overall analysis duration:0h 7m 11s
            Hypervisor based Inspection enabled:false
            Report type:full
            Sample file name:Shipment Document BLINV and packing list.jpg.exe
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
            Number of analysed new started processes analysed:31
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • HDC enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Detection:MAL
            Classification:mal100.rans.troj.evad.winEXE@3/0@0/0
            EGA Information:Failed
            HDC Information:
            • Successful, ratio: 34.1% (good quality ratio 14.4%)
            • Quality average: 20.6%
            • Quality standard deviation: 28.3%
            HCA Information:
            • Successful, ratio: 79%
            • Number of executed functions: 138
            • Number of non-executed functions: 60
            Cookbook Comments:
            • Adjust boot time
            • Enable AMSI
            • Found application associated with file extension: .exe
            • Override analysis time to 240s for sample files taking high CPU consumption
            Warnings:
            Show All
            • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
            • Not all processes where analyzed, report is missing behavior information
            • VT rate limit hit for: /opt/package/joesandbox/database/analysis/483300/sample/Shipment Document BLINV and packing list.jpg.exe

            Simulations

            Behavior and APIs

            No simulations

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASN

            No context

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            No created / dropped files found

            Static File Info

            General

            File type:PE32 executable (GUI) Intel 80386, for MS Windows
            Entropy (8bit):6.8637057435556645
            TrID:
            • Win32 Executable (generic) a (10002005/4) 99.15%
            • Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81%
            • Generic Win/DOS Executable (2004/3) 0.02%
            • DOS Executable Generic (2002/1) 0.02%
            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
            File name:Shipment Document BLINV and packing list.jpg.exe
            File size:131072
            MD5:df2413a552334b77e540bb8c69bf9763
            SHA1:453f88a44b3966a97fc4005a0b6edf894cdc8d41
            SHA256:434e6827ed58ffd66a28619822626816559605a4e5d7c7cfe8770d3af043527d
            SHA512:de9fdb8b874bc68820be7cd0421d23265fc8127b4ed274461f48fcdb9efd3b374a4900b8b6ed6e741ca1e965d9093f6a8b05dbed3989a6ac26c985cded212f9d
            SSDEEP:3072:LpV80D682nPx+iPyPzpfGAz8XISpwDLdImz:LpV80G8AIaybpfb8X5wlIm
            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.......................D.......=.......Rich............PE..L....uPV.....................P......t.............@................

            File Icon

            Icon Hash:20047c7c70f0e004

            Static PE Info

            General

            Entrypoint:0x401574
            Entrypoint Section:.text
            Digitally signed:false
            Imagebase:0x400000
            Subsystem:windows gui
            Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
            DLL Characteristics:
            Time Stamp:0x565075A2 [Sat Nov 21 13:46:10 2015 UTC]
            TLS Callbacks:
            CLR (.Net) Version:
            OS Version Major:4
            OS Version Minor:0
            File Version Major:4
            File Version Minor:0
            Subsystem Version Major:4
            Subsystem Version Minor:0
            Import Hash:44cde914d1969d7de2a52adae7c22460

            Entrypoint Preview

            Instruction
            push 0040183Ch
            call 00007F7FD0A6D513h
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            xor byte ptr [eax], al
            add byte ptr [eax], al
            inc eax
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [ebx+3Bh], al
            xor al, byte ptr [ebx]
            or al, A5h
            mov dl, 4Eh
            lodsb
            sahf
            mov ebx, 9F26A0F8h
            cmp al, 00h
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [ecx], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax+eax], al
            add byte ptr [eax], al
            jne 00007F7FD0A6D584h
            insb
            imul esi, dword ptr [ebp+74h], 00590073h
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            dec esp
            xor dword ptr [eax], eax
            or al, 65h
            mov ds, word ptr [ebp-28064A48h]
            dec ecx
            scasb
            dec edx
            mov dword ptr [ebx+edi*8], ebx
            das
            sbb byte ptr [ebx+030B894Ah], dh
            xchg dword ptr [eax-7Ch], ebp
            dec ecx
            xchg dword ptr [edi-42h], ebp
            xchg eax, esp
            sti
            jns 00007F7FD0A6D516h
            dec ecx
            cmp cl, byte ptr [edi-53h]
            xor ebx, dword ptr [ecx-48EE309Ah]
            or al, 00h
            stosb
            add byte ptr [eax-2Dh], ah
            xchg eax, ebx
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            inc dword ptr [ecx]
            add byte ptr [eax], al
            inc edi
            add byte ptr [eax], al
            add byte ptr [eax], al
            add eax, 4A454F00h
            inc ebp
            push esp
            add byte ptr [6F000A01h], cl
            jc 00007F7FD0A6D583h
            outsb
            jne 00007F7FD0A6D597h
            popad
            outsb

            Data Directories

            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IMPORT0x1b8340x28.text
            IMAGE_DIRECTORY_ENTRY_RESOURCE0x1e0000x29d3.rsrc
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x2280x20
            IMAGE_DIRECTORY_ENTRY_IAT0x10000x130.text
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

            Sections

            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x10000x1ad540x1b000False0.593198423032data7.11463820938IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            .data0x1c0000x19100x1000False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
            .rsrc0x1e0000x29d30x3000False0.706298828125data6.64866986948IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

            Resources

            NameRVASizeTypeLanguageCountry
            10x1e9ec0x102dPNG image data, 48 x 48, 8-bit/color RGBA, non-interlacedEnglishUnited States
            10x1fa190xfbaPNG image data, 48 x 48, 8-bit/color RGBA, non-interlacedEnglishUnited States
            RT_ICON0x1e8bc0x130data
            RT_ICON0x1e5d40x2e8data
            RT_ICON0x1e4ac0x128GLS_BINARY_LSB_FIRST
            RT_GROUP_ICON0x1e47c0x30data
            RT_VERSION0x1e1d00x2acdataEnglishUnited States

            Imports

            DLLImport
            MSVBVM60.DLL_CIcos, _adj_fptan, __vbaHresultCheck, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, __vbaEnd, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, _adj_fdivr_m16i, __vbaVarTstLt, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaAryConstruct2, DllFunctionCall, _adj_fpatan, EVENT_SINK_Release, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaStrVarVal, _CIlog, __vbaErrorOverflow, __vbaNew2, __vbaInStr, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaVarAdd, __vbaVarDup, __vbaStrToAnsi, _CIatan, __vbaStrMove, __vbaCastObj, _allmul, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr

            Version Infos

            DescriptionData
            Translation0x0409 0x04b0
            InternalNameRECIPIENTKVALITETSPLANLGNINGEN
            FileVersion1.04
            CompanyNameCLubbing
            ProductNameCLubbing
            ProductVersion1.04
            FileDescriptionCLubbing
            OriginalFilenameRECIPIENTKVALITETSPLANLGNINGEN.exe

            Possible Origin

            Language of compilation systemCountry where language is spokenMap
            EnglishUnited States

            Network Behavior

            No network behavior found

            Code Manipulations

            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            Analysis Process: Shipment Document BLINV and packing list.jpg.exe PID: 3468 Parent PID: 1836

            General

            Start time:19:33:57
            Start date:14/09/2021
            Path:C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exe
            Wow64 process (32bit):true
            Commandline:'C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exe'
            Imagebase:0x400000
            File size:131072 bytes
            MD5 hash:DF2413A552334B77E540BB8C69BF9763
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:Visual Basic
            Yara matches:
            • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Author: Joe Security
            Reputation:low

            Chronological Activities

            Analysis Process: Shipment Document BLINV and packing list.jpg.exe PID: 3228 Parent PID: 3468

            General

            Start time:19:35:36
            Start date:14/09/2021
            Path:C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exe
            Wow64 process (32bit):true
            Commandline:'C:\Users\user\Desktop\Shipment Document BLINV and packing list.jpg.exe'
            Imagebase:0x400000
            File size:131072 bytes
            MD5 hash:DF2413A552334B77E540BB8C69BF9763
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Author: Joe Security
            Reputation:low

            Chronological Activities

            Disassembly

            Code Analysis

            Reset < >

              Analysis Process: Shipment Document BLINV and packing list.jpg.exe PID: 3468 Parent PID: 1836 Shipment Document BLINV and packing list.jpg.exeCOMMON

              Executed Functions

              Function 020A1160, Relevance: 19.4, APIs: 2, Strings: 8, Instructions: 1867COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: AllocateMemoryVirtual
              • String ID: "}Z$']2-$?/Sb$U[C$_D-$iO&j$}+#$\c
              • API String ID: 2167126740-2317655882
              • Opcode ID: 75612367e8eb3f5751eb3aa35969afa799fc96651097b16fcb0f08998948aa41
              • Instruction ID: 100ce96be4da63f29b504f6ffe493f16e96391e131f66a9cfa5efe0360d48445
              • Opcode Fuzzy Hash: 75612367e8eb3f5751eb3aa35969afa799fc96651097b16fcb0f08998948aa41
              • Instruction Fuzzy Hash: 73E26371A0434A9FDF349EB8CDA47EE77B2AF55350F95812EDC899B244D3308982DB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A1192, Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 538COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: "}Z$']2-$?/Sb$_D-$\c
              • API String ID: 0-3408278888
              • Opcode ID: 1d201ec749bf82551688f1f8ed1b9f03554344134994e1ffcf5b530ddd296892
              • Instruction ID: 2a5f0957d61f8af4d69c2f12c04df0b146acb98ba9a4cbb680b7034f27fdd1ed
              • Opcode Fuzzy Hash: 1d201ec749bf82551688f1f8ed1b9f03554344134994e1ffcf5b530ddd296892
              • Instruction Fuzzy Hash: 681266716043899FDF349EA8C8A47EF77F2AF95390F95412ECC899B245D7304982DB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A11CF, Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 534COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: "}Z$']2-$?/Sb$_D-$\c
              • API String ID: 0-3408278888
              • Opcode ID: 6b1775c76daea0836105cff88365ddfd59517714cc60e7682e1eaf5dc2dc2fc2
              • Instruction ID: 0269b5a998fd8c88c9a4326423cccd6642c1d02bfb90d516aa8343160f2eb699
              • Opcode Fuzzy Hash: 6b1775c76daea0836105cff88365ddfd59517714cc60e7682e1eaf5dc2dc2fc2
              • Instruction Fuzzy Hash: 0D1265716043899FDF349EA8C8A47EE77F2AF95390F95412ECC899B245D7308982DB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A121B, Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 521COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: "}Z$']2-$?/Sb$_D-$\c
              • API String ID: 0-3408278888
              • Opcode ID: c6abb7e836aabe29049fbaf34c2151264af75282ac9ae1716b36f1cea43200ee
              • Instruction ID: c5d7ace9681681eaf910be2f8a8dc102a8933fe3c2571171d33fad92bbe8013a
              • Opcode Fuzzy Hash: c6abb7e836aabe29049fbaf34c2151264af75282ac9ae1716b36f1cea43200ee
              • Instruction Fuzzy Hash: 9A1276716043899FDF349EA8C8A47EE77F2AF95390FD5412ECC899B244D7304982DB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A1321, Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 474COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: "}Z$']2-$?/Sb$_D-$\c
              • API String ID: 0-3408278888
              • Opcode ID: 6c527e137c85081c094d9346eb1125cec4b4f3daa0cd12099cfd0a88070aad4f
              • Instruction ID: a866f1d4a13d8f2e8c97faf214087b115010029db9135ccd993ff57cc7eda604
              • Opcode Fuzzy Hash: 6c527e137c85081c094d9346eb1125cec4b4f3daa0cd12099cfd0a88070aad4f
              • Instruction Fuzzy Hash: DD02777260438A9FDF389EA8C8A47EE77F2AF55350FD5411ECC8997645D7308982CB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A13DB, Relevance: 10.9, APIs: 1, Strings: 5, Instructions: 431COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: "}Z$']2-$?/Sb$_D-$\c
              • API String ID: 0-3408278888
              • Opcode ID: 58572ad36b62265ce3b56cd425114a85b277ff57f88a165d6ee2831919cc7b1d
              • Instruction ID: ce34118f6655541f060807a25bdcc03143149bd00e9132530e170b5e0d101df1
              • Opcode Fuzzy Hash: 58572ad36b62265ce3b56cd425114a85b277ff57f88a165d6ee2831919cc7b1d
              • Instruction Fuzzy Hash: 39F1437260838A9FDF349EA8C8A47EE77F2AF55350FD5411ECC8997645D7308982CB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A1438, Relevance: 10.9, APIs: 1, Strings: 5, Instructions: 418COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: "}Z$']2-$?/Sb$_D-$\c
              • API String ID: 0-3408278888
              • Opcode ID: 586448e0666fd04c8fe12190af6556e96a46c8d3fdfac428a5d0b525a2fe8c6d
              • Instruction ID: 680f1a35597b4230b1d811d09a7d7788ebc5b741590041da6c01686f07b9e3a2
              • Opcode Fuzzy Hash: 586448e0666fd04c8fe12190af6556e96a46c8d3fdfac428a5d0b525a2fe8c6d
              • Instruction Fuzzy Hash: BBF134726083899FDF349EB8C8A47EE77B2AF55350FD5411ECC899B645D7308982CB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A155B, Relevance: 10.9, APIs: 1, Strings: 5, Instructions: 363COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: "}Z$']2-$?/Sb$_D-$\c
              • API String ID: 0-3408278888
              • Opcode ID: 20bb1b62a728cd7df27c21c328f861cd908112ca1e4c0ff2005343d8cfea3df6
              • Instruction ID: 742187e3375dbff3bf6dac5f6a80965a99425ec26cf5c527f2863b524cf10518
              • Opcode Fuzzy Hash: 20bb1b62a728cd7df27c21c328f861cd908112ca1e4c0ff2005343d8cfea3df6
              • Instruction Fuzzy Hash: 67D15572A0838A9FDF349EB888A47EE77F2AF55350FD5412ECC899B645C7304981DB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A39FD, Relevance: 10.5, APIs: 1, Strings: 4, Instructions: 1722COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: iO&j$zr4B$zr4B$}+#
              • API String ID: 0-3209828550
              • Opcode ID: 785067a610915145ac4a1d9a3091f890cef3ee099146e4ecc644c1ccdf573914
              • Instruction ID: 6d3906eca497a932c875ddfc7362e18bb43fe53b1a93f7e7cf10fc847e371c43
              • Opcode Fuzzy Hash: 785067a610915145ac4a1d9a3091f890cef3ee099146e4ecc644c1ccdf573914
              • Instruction Fuzzy Hash: 11E22071A0434ADFDB349E68CDA47EA77B2FF99350F85822EDC899B240D3319981CB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A6FBE, Relevance: 9.8, APIs: 2, Strings: 3, Instructions: 1099memorynativeCOMMON
              Download Yara Rule
              APIs
              • NtAllocateVirtualMemory.NTDLL ref: 020A71D0
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: AllocateMemoryVirtual
              • String ID: iO&j$qz$}+#
              • API String ID: 2167126740-1724778551
              • Opcode ID: 3fbe939015e85b9b355da374f60cf433b368b27c7712da8c778e72435eb47618
              • Instruction ID: 96f9afcdb3f9a3c6cf64b8efd59ae1e061ee09dc08045d1b1e54e0ffd8faae4f
              • Opcode Fuzzy Hash: 3fbe939015e85b9b355da374f60cf433b368b27c7712da8c778e72435eb47618
              • Instruction Fuzzy Hash: EB924072A0434A9FDF349E78CDA57EA7BA2EF55350F85812EDC898B250D3318985CB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A1619, Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 339COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: ']2-$?/Sb$_D-$\c
              • API String ID: 0-3476297398
              • Opcode ID: 18b82433afe9b6f560ac3084ceec80b44cae913a63dac2e5c3471b4bdb2db100
              • Instruction ID: 60cdc2a35a8348c1ab9e89356117979b462ec69d4ffa4ee45b8254e04835a6c5
              • Opcode Fuzzy Hash: 18b82433afe9b6f560ac3084ceec80b44cae913a63dac2e5c3471b4bdb2db100
              • Instruction Fuzzy Hash: E8D1553260838A9FDF389EB8C8A47EEB7B2AF55350FD5411ECC8997545D7308981DB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A16DA, Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 294COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: ']2-$?/Sb$_D-$\c
              • API String ID: 0-3476297398
              • Opcode ID: 36deb250c62296e3e0a3d0799c270383a4c129639ebbfaaad2a60e508c13f1e0
              • Instruction ID: ad4478e72c0208d0870b2daef24faf19b5d79a814f3f8c2ab9fee8fcf570007d
              • Opcode Fuzzy Hash: 36deb250c62296e3e0a3d0799c270383a4c129639ebbfaaad2a60e508c13f1e0
              • Instruction Fuzzy Hash: E7B1453160838ADFDF399EB888A47EE77B2AF55350FD5412ECC8997545C7304682DB82
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A1759, Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 277COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: ']2-$?/Sb$_D-$\c
              • API String ID: 0-3476297398
              • Opcode ID: 5d48eb6993b3a815864555d8b883ba1144239e9e65511461f254db25b55499c1
              • Instruction ID: a2be6eea5201ecf766b98c2906a26027ef21d364ad3eb31742d399072f3a0073
              • Opcode Fuzzy Hash: 5d48eb6993b3a815864555d8b883ba1144239e9e65511461f254db25b55499c1
              • Instruction Fuzzy Hash: 6EB1463260838A9FDF399EB8C8A43EE77B2AF55350FD5411ECC8997545C7308582DB82
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A17DE, Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 252COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: ']2-$?/Sb$_D-$\c
              • API String ID: 0-3476297398
              • Opcode ID: 6c0ad4441e454c856cebf160b9ce36c0e1e93f8a2e95f89e3835e708caa2a827
              • Instruction ID: 4dc238c45f76ef64bc86cb36c4013d85beb31833ac469d4db5649563b88b7573
              • Opcode Fuzzy Hash: 6c0ad4441e454c856cebf160b9ce36c0e1e93f8a2e95f89e3835e708caa2a827
              • Instruction Fuzzy Hash: 9CA1573160438A9FDF399EB8C8A43EE77B2AF15350F95821ECC8987555C7318581D782
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020AA8DC, Relevance: 8.4, APIs: 1, Strings: 3, Instructions: 1393COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: 3qi$iO&j$}+#
              • API String ID: 0-2738410101
              • Opcode ID: 972ed2f059769cbc7f35868c58206c63d55f2fdce3bf3eb25fd7974783903519
              • Instruction ID: 0356e3e2c22a68453f4d5370f8383913adafcfb93d7412509a2e79644942d16b
              • Opcode Fuzzy Hash: 972ed2f059769cbc7f35868c58206c63d55f2fdce3bf3eb25fd7974783903519
              • Instruction Fuzzy Hash: F4C23471608385CFDB359F78CDA47DA7BE2AF56350F89822EDC898B255D3348985CB02
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020ABD2F, Relevance: 8.1, APIs: 2, Strings: 2, Instructions: 1094COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: iO&j$}+#
              • API String ID: 0-3844468268
              • Opcode ID: de9b4e8ce91583ec2a0457dc763f5396e7d1813d8b30ff67b5453c1fa6a9d6fb
              • Instruction ID: 5c8a5b950187cd9f56fd4238b83e82b7ac4aa672b602cff6069ea0c317024f89
              • Opcode Fuzzy Hash: de9b4e8ce91583ec2a0457dc763f5396e7d1813d8b30ff67b5453c1fa6a9d6fb
              • Instruction Fuzzy Hash: C9922271A0434ADFDF349EB8CDA47EA7BA2FF55350F85812ADC899B254D3308981CB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A3223, Relevance: 8.0, APIs: 1, Strings: 3, Instructions: 972COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: AllocateMemoryVirtual
              • String ID: iO&j$}+#$`"Z
              • API String ID: 2167126740-2483777450
              • Opcode ID: f58c98a5c731175d45c2e3d67d2c5f062aa8792f8977f326faee497e8f55ea6f
              • Instruction ID: b5a5f5cfe4e498b539488cc393b083b0238e18ee1860877a6114ed07308339c5
              • Opcode Fuzzy Hash: f58c98a5c731175d45c2e3d67d2c5f062aa8792f8977f326faee497e8f55ea6f
              • Instruction Fuzzy Hash: 9C823071A0434A9FDF349E78CDA47EA7BB2FF55350F85822ADC899B254D3318981CB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020ABD03, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 234COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: iO&j$n$}+#
              • API String ID: 0-205513396
              • Opcode ID: 48d7c28df728e90ace754da75386d3f964d660dc06788a4094b6227669551c2e
              • Instruction ID: b709140c7210cdb94e42c3f77450bd61aec3e10c3e157489a1f50a84d5d91587
              • Opcode Fuzzy Hash: 48d7c28df728e90ace754da75386d3f964d660dc06788a4094b6227669551c2e
              • Instruction Fuzzy Hash: 2B912375504349CFEF399EA8C9A83ED3BA2EF96314FD5812ACC0A9F244D7348685DB01
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A8F41, Relevance: 6.4, APIs: 1, Strings: 2, Instructions: 1155COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: iO&j$}+#
              • API String ID: 0-3844468268
              • Opcode ID: fb0820c19c789fedd204cb64b4f2d368a99c07568c337372a0b27b0c7ed5a81b
              • Instruction ID: 6cb39c4a638136718f08f2547bd277e0dc26d919a66e5591eb773c6d94a8546f
              • Opcode Fuzzy Hash: fb0820c19c789fedd204cb64b4f2d368a99c07568c337372a0b27b0c7ed5a81b
              • Instruction Fuzzy Hash: 1C922071A0434A9FDF349E78CDA57EA7BB2AF55350F85812EDC8A9B240D3318981CB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020AA29B, Relevance: 6.4, APIs: 1, Strings: 2, Instructions: 1144COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: iO&j$}+#
              • API String ID: 0-3844468268
              • Opcode ID: 708fe51ee1a6a89825be7933ce471378e2beb2e8c144f2e2fd4452bf046de9d3
              • Instruction ID: a2eb1a401ca6e2de3bcf4243a941dbc5c5587ed423764d3f2344a97577331949
              • Opcode Fuzzy Hash: 708fe51ee1a6a89825be7933ce471378e2beb2e8c144f2e2fd4452bf046de9d3
              • Instruction Fuzzy Hash: 32921071A0434A9FDF349E78CDA57EA77B2EF55350F95422EDC899B244D3308982CB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A54EE, Relevance: 6.1, APIs: 1, Strings: 2, Instructions: 881COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: iO&j$}+#
              • API String ID: 0-3844468268
              • Opcode ID: a57f4ca8e5d2d7dfd5f63c87cfdc9139628dfba798c8cdccdd19c6eaf13ca462
              • Instruction ID: 09189f5c8e60bd036b7adf23282c4a15c643095449a589c20d5ef4cdc8c6f216
              • Opcode Fuzzy Hash: a57f4ca8e5d2d7dfd5f63c87cfdc9139628dfba798c8cdccdd19c6eaf13ca462
              • Instruction Fuzzy Hash: 367265B2A0434A9FDF349E78CD647DA7BB2FF55350F85422ADC899B254D3308986CB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A5473, Relevance: 6.1, APIs: 1, Strings: 2, Instructions: 871COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: iO&j$}+#
              • API String ID: 0-3844468268
              • Opcode ID: a070946e7bc653d8c129ca5f6b1451c4218e3ed7dc5a382af78e7d27b4f4e7b5
              • Instruction ID: c8665bd34524a2825b5518bf33bf6817386e6ab3f924ade3ea07a6e1db0b2d05
              • Opcode Fuzzy Hash: a070946e7bc653d8c129ca5f6b1451c4218e3ed7dc5a382af78e7d27b4f4e7b5
              • Instruction Fuzzy Hash: 28723171A0434A9FDF349E78CD657EA7BB2FF55350F85822ADC899B250D3318981CB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A557C, Relevance: 6.1, APIs: 1, Strings: 2, Instructions: 835COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: iO&j$}+#
              • API String ID: 0-3844468268
              • Opcode ID: 292706c8d8ac888bbc3e8f3bd6d8b45c118e529c98f61b3662f5d1180613752a
              • Instruction ID: dbad83cb8be6bb6e9daa037fef7127b3f5e154bd0c78263e07eca1422136ffe4
              • Opcode Fuzzy Hash: 292706c8d8ac888bbc3e8f3bd6d8b45c118e529c98f61b3662f5d1180613752a
              • Instruction Fuzzy Hash: E76242B2A0434A9FDF349E78CD647DA7BB2FF55350F85822ADC899B250D3318985CB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A5615, Relevance: 6.1, APIs: 1, Strings: 2, Instructions: 814COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: iO&j$}+#
              • API String ID: 0-3844468268
              • Opcode ID: 8cfd69cce252bb8376dc4f29f3f30a3c56606e3d62ff96f40c8187afd833b6c9
              • Instruction ID: 1506478308004a13350e0605492773cb6a013b50ede06508a9dfc9254dc5d2e6
              • Opcode Fuzzy Hash: 8cfd69cce252bb8376dc4f29f3f30a3c56606e3d62ff96f40c8187afd833b6c9
              • Instruction Fuzzy Hash: AD6221B1A0434A9FDF349E78CDA57DA7BB2FF55350F85822ADC899B250D3318981CB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A56AB, Relevance: 6.0, APIs: 1, Strings: 2, Instructions: 792COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: iO&j$}+#
              • API String ID: 0-3844468268
              • Opcode ID: b67b7091c363dbfd8785e755f136ad6c89b3843bfaa8be6addc011ea53de0995
              • Instruction ID: 988d4c65d5eee52debf77dd246752ea1dfe78d8dabf82de4d85bf3309eb26256
              • Opcode Fuzzy Hash: b67b7091c363dbfd8785e755f136ad6c89b3843bfaa8be6addc011ea53de0995
              • Instruction Fuzzy Hash: C3621071A0434A9FDF349E78CDA57DA7BB2FF55350F89822ADC899B250D3318981CB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A5759, Relevance: 6.0, APIs: 1, Strings: 2, Instructions: 755COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: iO&j$}+#
              • API String ID: 0-3844468268
              • Opcode ID: 1cfa1db3db27150a955623761dd9e54c914bfcd14cd2f9895a98eb17298d9aa2
              • Instruction ID: 925dc60d31af2c8a4e9608c9c62e2c79f353e94a2f3e17937b1428df47c389a3
              • Opcode Fuzzy Hash: 1cfa1db3db27150a955623761dd9e54c914bfcd14cd2f9895a98eb17298d9aa2
              • Instruction Fuzzy Hash: AB5220B1A0434A9FDF349E78CDA47DA77B2FF55350F89822ADC899B254D3318981CB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A57FF, Relevance: 6.0, APIs: 1, Strings: 2, Instructions: 729COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: iO&j$}+#
              • API String ID: 0-3844468268
              • Opcode ID: 5217db5042b3d8f449a797cce3a470b9e051a8b4114940ca5183b8c4d3978150
              • Instruction ID: 075b5ccf0ba1b22da4f54c403ea12280cf666fa68e58595275890f0c4c043470
              • Opcode Fuzzy Hash: 5217db5042b3d8f449a797cce3a470b9e051a8b4114940ca5183b8c4d3978150
              • Instruction Fuzzy Hash: 255210B160434A9FDF349E78CD657DA77B2FF55350F89822ADC898B250D3318A81CB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A58A9, Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 694COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: iO&j$}+#
              • API String ID: 0-3844468268
              • Opcode ID: 32820a1394af2efe40b6e1a230a9d037fc3b117076c7f87675a91411174ca38c
              • Instruction ID: 5bbf0fda205cd33f9a610cf81f994eef6b73a262025f2e68019c4f46becc53a6
              • Opcode Fuzzy Hash: 32820a1394af2efe40b6e1a230a9d037fc3b117076c7f87675a91411174ca38c
              • Instruction Fuzzy Hash: 254211B160434A9FDF349E78CDA57DA77B2FF55350F89822ADC898B244D3318A81CB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A5951, Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 664COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: iO&j$}+#
              • API String ID: 0-3844468268
              • Opcode ID: b8377feaa258db5786c6f4df65fef15012cf4560a99dec330a33cdb39c387ecf
              • Instruction ID: be94559993bf989102376a418a9f9b870de1f2d554d5c16a1bfaa5c7a0c86b36
              • Opcode Fuzzy Hash: b8377feaa258db5786c6f4df65fef15012cf4560a99dec330a33cdb39c387ecf
              • Instruction Fuzzy Hash: E442FFB160434A9FDF349E78CDA57DA77A2FF55350F89822EDC898B240D3319A81CB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A59F4, Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 617COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: iO&j$}+#
              • API String ID: 0-3844468268
              • Opcode ID: d1bb08ee13e359027eee6d19ce0ced499db908ed53426d5a8037610717c439d6
              • Instruction ID: 6a76ed04867f7b9dc7425140775fbaac0a9feb49a8706f5b406fd3c2d9d1619a
              • Opcode Fuzzy Hash: d1bb08ee13e359027eee6d19ce0ced499db908ed53426d5a8037610717c439d6
              • Instruction Fuzzy Hash: 0D32FFB1A0434A9FDF349E78CD657DA77B2FF55350F89822ADC898B240D3319A81CB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A5A83, Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 595COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: iO&j$}+#
              • API String ID: 0-3844468268
              • Opcode ID: 55f00029412cd98c7d52ebdfef867e5d1c54890e25d05f224b2051a622f3a02a
              • Instruction ID: 71cfd19fb44a724e699663e051e506e4064e241a1daaf82161f629197d842534
              • Opcode Fuzzy Hash: 55f00029412cd98c7d52ebdfef867e5d1c54890e25d05f224b2051a622f3a02a
              • Instruction Fuzzy Hash: 42320FB1A0434A9FDF349E78CD657DA77A2FF55350F85812EDC898B250E3319A81CB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A5B07, Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 575COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: iO&j$}+#
              • API String ID: 0-3844468268
              • Opcode ID: 55535f82492bed97dd61f643660314b138ff8b8396bdade7a5a5a64f8202ffb1
              • Instruction ID: dec7e65290b5ab2220f7f5bcc7fbe82e6d18daa9f6a9cd161b0606aed585c889
              • Opcode Fuzzy Hash: 55535f82492bed97dd61f643660314b138ff8b8396bdade7a5a5a64f8202ffb1
              • Instruction Fuzzy Hash: 93221F72A0434A9FDF349E78CDA57DA37A6FF55350F89812EDC898B250E3319A81CB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A5C50, Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 521COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: iO&j$}+#
              • API String ID: 0-3844468268
              • Opcode ID: 7868e720a760bb644a611d98503b76614d195b92e537104108bae66a1c1b3de6
              • Instruction ID: 6cdd3df5ce3c35e06397f4c1f61513224a1020697053e027cb09a710293aaa2e
              • Opcode Fuzzy Hash: 7868e720a760bb644a611d98503b76614d195b92e537104108bae66a1c1b3de6
              • Instruction Fuzzy Hash: D1121072A04349DFDF349E78CDA57DA37A6EF55350F89812EDC898B250E7318A81DB02
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A5D0E, Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 480COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: iO&j$}+#
              • API String ID: 0-3844468268
              • Opcode ID: 0a30556cf81ac1c0d9c2521cb73a5b098fb0a7d5dc61867c028fbe50ea2b6d2d
              • Instruction ID: 85376c363ac0701d145839bba45333962d5d76186a0712fc32ab05b87d640a54
              • Opcode Fuzzy Hash: 0a30556cf81ac1c0d9c2521cb73a5b098fb0a7d5dc61867c028fbe50ea2b6d2d
              • Instruction Fuzzy Hash: 9A022072A04389DFDF349E78CDA47DA37B6AF55350F89412EDC898B250E7318A81DB02
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A5DAB, Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 448COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: iO&j$}+#
              • API String ID: 0-3844468268
              • Opcode ID: 62e9cad7cfb4682aa8dc149fab88cb0086e6030f9be0d1180c89e6c9ccdbcfeb
              • Instruction ID: d4db501dfa2d39c07a3341ee439857013889ea655733cb109924f072a33f3c58
              • Opcode Fuzzy Hash: 62e9cad7cfb4682aa8dc149fab88cb0086e6030f9be0d1180c89e6c9ccdbcfeb
              • Instruction Fuzzy Hash: B002FF72A0434ADFDF749E78CDA57DA37A6EF15350F89412EDC898B250E7318A81DB02
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A5E01, Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 434COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: iO&j$}+#
              • API String ID: 0-3844468268
              • Opcode ID: 27ca08eb4fdfc8ce2a0b1c4e2332c4273bfefd7b1afed86d701c2e534f54eb29
              • Instruction ID: a6dc57a2ad80f7478439dde4dcbaac53b2cee55a30024a36e091156274a77e68
              • Opcode Fuzzy Hash: 27ca08eb4fdfc8ce2a0b1c4e2332c4273bfefd7b1afed86d701c2e534f54eb29
              • Instruction Fuzzy Hash: 48F1007260438A9FDF749E78CDA57DA37B6EF15350F89412EDC898B250D7318A81DB02
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A5E79, Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 423COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: iO&j$}+#
              • API String ID: 0-3844468268
              • Opcode ID: c0e7d7c821f2cfafc8bf8bd37df1352d2208e342d5bb6c0ee9ed95cac2936a69
              • Instruction ID: ed7526ed82aa35ecc601e5f612ca0e3d884bbb2a12f1fc358a059fc8e206f6f4
              • Opcode Fuzzy Hash: c0e7d7c821f2cfafc8bf8bd37df1352d2208e342d5bb6c0ee9ed95cac2936a69
              • Instruction Fuzzy Hash: 64F1F072A0434ADFDF749E78CDA57DA37A6EF15350F89412EDC898B250E7318A81DB02
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A5F2E, Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 381COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: iO&j$}+#
              • API String ID: 0-3844468268
              • Opcode ID: 3890d30e421562014266cc1b7f51d18f2d183327e617cf93a1e1193cc68b1065
              • Instruction ID: 2cba7270a0ec2bde02496ba17ef0b2bf5987d06b4bfefcffcac87a67ee95719c
              • Opcode Fuzzy Hash: 3890d30e421562014266cc1b7f51d18f2d183327e617cf93a1e1193cc68b1065
              • Instruction Fuzzy Hash: 26E10172604389DFDF749E78CDA57DA37B6EF19350F89412ADC898B250E7318A81DB02
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A5FC4, Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 349COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: iO&j$}+#
              • API String ID: 0-3844468268
              • Opcode ID: b8bdef67aeb5af43f6edab1d6f853cc5260a5af95b0f6d926718b1d6592e3f90
              • Instruction ID: b24cedd33a233ff19ff5ecf749e55d3b8606a04891ee35cfcd4e9f431993d39c
              • Opcode Fuzzy Hash: b8bdef67aeb5af43f6edab1d6f853cc5260a5af95b0f6d926718b1d6592e3f90
              • Instruction Fuzzy Hash: 40D10072A04389DFDF749E78CDA47DA37B6BF19350F89412ADC898B250E7319A85CB01
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A6185, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 267COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: iO&j$}+#
              • API String ID: 0-3844468268
              • Opcode ID: deca108fb8710cf079f2f984c5e297b473f73bf7edd3f91d832eb83b5179014c
              • Instruction ID: 774431e57091347552afe3aef28e25009b5388c0bb971e3820088a393ec96c1a
              • Opcode Fuzzy Hash: deca108fb8710cf079f2f984c5e297b473f73bf7edd3f91d832eb83b5179014c
              • Instruction Fuzzy Hash: 8CA10F72604389DFDF749E78CDA47DA37B6AF59350F89412ADC8D8B240E7318A81DB01
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A6266, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 220nativeCOMMON
              Download Yara Rule
              APIs
              • NtWriteVirtualMemory.NTDLL(?,4D918A05,?,00000000,?,?,?,-17E0BF52), ref: 020A6556
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: MemoryVirtualWrite
              • String ID: iO&j$}+#
              • API String ID: 3527976591-3844468268
              • Opcode ID: cfa2bf51e45c1b88e79f150cd689c0bbfbd471093c0300992ac55936614e0d13
              • Instruction ID: fa8a02e409a362174203a60a9ebd4456f0dffbd90246cd596430f412fb2bc57e
              • Opcode Fuzzy Hash: cfa2bf51e45c1b88e79f150cd689c0bbfbd471093c0300992ac55936614e0d13
              • Instruction Fuzzy Hash: 1A81EFB26043899FDF349E78CDA07DA37B6BF69350F894129DD8D8B240D7718A86DB01
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A62B6, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 219nativeCOMMON
              Download Yara Rule
              APIs
              • NtWriteVirtualMemory.NTDLL(?,4D918A05,?,00000000,?,?,?,-17E0BF52), ref: 020A6556
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: MemoryVirtualWrite
              • String ID: iO&j$}+#
              • API String ID: 3527976591-3844468268
              • Opcode ID: 445f213d5fc59f927a8286d3100df1bc8d95125628e47bd2deffba43cafde612
              • Instruction ID: 30e74c7d3bac8f2041f8e7c8bc63914501f26ea353e43f44981399d2ea26540b
              • Opcode Fuzzy Hash: 445f213d5fc59f927a8286d3100df1bc8d95125628e47bd2deffba43cafde612
              • Instruction Fuzzy Hash: 4981F0B2605389DFDF348E78CEA47DA77B6BF69350F484129DD498B200E7318A85CB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00401574, Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 363COMMONCrypto
              Download Yara Rule
              C-Code - Quality: 74%
              			_entry_(signed int __eax, signed int* __ebx, signed char __ecx, signed int __edi) {
				signed char _t122;
				signed int _t124;
				signed int _t125;
				signed char _t126;
				signed int _t127;
				intOrPtr* _t128;
				signed char _t130;
				signed int _t131;
				intOrPtr* _t132;
				signed int _t133;
				signed char _t134;
				signed int _t135;
				signed char _t136;
				intOrPtr* _t137;
				intOrPtr* _t138;
				signed char _t139;
				intOrPtr* _t141;
				intOrPtr* _t142;
				intOrPtr* _t143;
				intOrPtr* _t144;
				intOrPtr* _t145;
				intOrPtr* _t146;
				intOrPtr* _t147;
				intOrPtr* _t149;
				intOrPtr* _t150;
				intOrPtr* _t151;
				intOrPtr* _t152;
				signed int _t153;
				signed char _t155;
				signed char _t157;
				signed char _t159;
				signed int _t161;
				intOrPtr* _t163;
				void* _t164;
				signed int _t167;
				signed char _t168;
				intOrPtr _t169;
				intOrPtr _t170;
				signed char _t173;
				signed char _t174;
				intOrPtr* _t175;
				signed int* _t177;
				void* _t178;
				intOrPtr _t180;
				intOrPtr* _t190;
				intOrPtr* _t191;
				void* _t193;
				signed int _t195;
				signed int _t198;
				signed int _t202;
				void* _t203;
				signed int _t208;
				void* _t211;
				signed int _t212;
				void* _t215;
				void* _t217;
				signed int _t218;
				void* _t220;
				intOrPtr* _t239;
				signed char _t249;

				_t195 = __edi;
				_t184 = __ecx;
				_push("VB5!6&*"); // executed
				L0040156C(); // executed
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax ^ __eax;
				 *__eax =  *__eax + __eax;
				_t122 = __eax + 1;
				 *_t122 =  *_t122 + _t122;
				 *_t122 =  *_t122 + _t122;
				 *_t122 =  *_t122 + _t122;
				__ebx[0xe] = __ebx[0xe] + _t122;
				_t124 = _t122 ^  *__ebx | 0x000000a5;
				_t194 = 0x4e;
				asm("lodsb");
				asm("sahf");
				_t172 = 0x9f26a0f8;
				 *_t124 =  *_t124 + _t124;
				 *_t124 =  *_t124 + _t124;
				 *__ecx =  *__ecx + _t124;
				 *_t124 =  *_t124 + _t124;
				 *_t124 =  *_t124 + _t124;
				 *((intOrPtr*)(_t124 + _t124)) =  *((intOrPtr*)(_t124 + _t124)) + _t124;
				 *_t124 =  *_t124 + _t124;
				if( *_t124 == 0) {
					asm("insb");
					 *_t124 =  *_t124 + _t124;
					 *_t124 =  *_t124 + _t124;
					 *_t124 =  *_t124 + _t124;
					 *_t124 =  *_t124 + _t124;
					_t218 = _t218 - 1;
					 *_t124 =  *_t124 ^ _t124;
					_t168 = _t124 | 0x00000065;
					ds =  *((intOrPtr*)(_t211 - 0x28064a48));
					_t193 = __ecx - 1;
					asm("scasb");
					_t194 = 0x4d;
					 *((intOrPtr*)(0x9f26a0f8 + __edi * 8)) = 0x9f26a0f8;
					asm("das");
					asm("sbb [ebx+0x30b894a], dh");
					goto L2;
					_t184 = _t193 - 1;
					_t170 = _t169;
					asm("stosb");
					 *((intOrPtr*)(_t170 - 0x2d)) =  *((intOrPtr*)(_t170 - 0x2d)) + _t170;
					_t124 = 0x9f26a0f8 ^  *(_t184 - 0x48ee309a);
					_t172 = _t170;
					 *_t124 =  *_t124 + _t124;
					 *_t124 =  *_t124 + _t124;
					 *_t124 =  *_t124 + _t124;
					 *_t124 =  *_t124 + _t124;
					 *_t124 =  *_t124 + _t124;
					 *_t124 =  *_t124 + _t124;
					 *_t124 =  *_t124 + _t124;
					 *_t124 =  *_t124 + _t124;
					 *_t124 =  *_t124 + _t124;
					 *_t124 =  *_t124 + _t124;
					 *_t124 =  *_t124 + _t124;
					 *_t124 =  *_t124 + _t124;
					 *_t124 =  *_t124 + _t124;
					 *_t124 =  *_t124 + _t124;
					goto L4;
					L2:
					_t169 = _t168 +  *((intOrPtr*)(__edi - 0x78b67b98));
					asm("outsd");
					_t202 = 0xf479fb94;
				}
				L4:
				 *_t124 =  *_t124 + _t124;
				 *_t124 =  *_t124 + _t124;
				 *_t124 =  *_t124 + _t124;
				 *_t124 =  *_t124 + _t124;
				_t173 = _t172 + _t172;
				 *_t124 =  *_t124 + _t124;
				 *_t195 =  *_t195 + _t124;
				 *_t124 =  *_t124 + _t124;
				 *0x4a454f00 =  *0x4a454f00 + _t124;
				_t212 = _t211 + 1;
				_push(_t218);
				 *0x6f000a01 =  *0x6f000a01 + _t184;
				if( *0x6f000a01 >= 0) {
					asm("outsb");
					asm("a16 jnz 0x77");
					asm("popad");
					asm("outsb");
					 *((intOrPtr*)(_t173 + _t195)) =  *((intOrPtr*)(_t173 + _t195)) + _t173;
					 *_t124 =  *_t124 + _t124;
					_t194 = _t194 + 1;
					 *_t194 =  *_t194 + _t124;
					 *((intOrPtr*)(_t194 + _t184)) =  *((intOrPtr*)(_t194 + _t184)) + _t218;
					 *((intOrPtr*)(_t195 + 0x72)) =  *((intOrPtr*)(_t195 + 0x72)) + _t184;
					asm("popad");
					asm("outsb");
					asm("a16 jnz 0x77");
					asm("popad");
					asm("outsb");
					 *_t195 =  *_t195 + _t194;
					asm("sbb [eax], al");
					_t184 = _t184 + _t173;
					asm("sbb eax, 0x15580000");
					 *_t124 =  *_t124 + _t124;
					ss = cs;
					asm("adc [eax], al");
					 *((intOrPtr*)(_t124 + _t124 + 0x46)) =  *((intOrPtr*)(_t124 + _t124 + 0x46)) + _t124;
					_t195 = _t195 + _t195;
					 *_t194 =  *_t194 + _t173;
					 *_t124 =  *_t124 + _t124;
					 *_t184 =  *_t184 + _t124;
					_t218 = _t218 + 1;
					_t202 =  *(_t194 + 0x31) * 0xf8041100;
					_pop(es);
					asm("enter 0xbf0a, 0x4");
					_t167 = _t124 |  *0x1b03ff00;
					 *_t167 =  *_t167 + _t167;
					 *_t194 =  *_t194 + _t167;
					_t124 = _t167 + 0x6c694600;
					 *[gs:eax] =  *[gs:eax] ^ _t124;
					asm("adc al, [eax+edi*8]");
					_pop(es);
					asm("enter 0xbf0a, 0x4");
				}
				_t174 = _t173 |  *(_t195 + 0xb01e004);
				_t125 = _t124;
				 *_t174 =  *_t174 + 1;
				asm("sbb al, [eax]");
				 *_t125 =  *_t125 + _t125;
				_t126 = _t125 +  *_t202;
				_t27 = _t184 + 0x6d + _t212 * 2;
				 *_t27 =  *((intOrPtr*)(_t184 + 0x6d + _t212 * 2)) + _t194;
				if( *_t27 < 0) {
					L10:
					asm("popad");
					asm("popad");
					asm("gs insb");
					_t175 = _t174 + _t174;
					_t218 =  *(_t195 + 0x65) * 0x2120073 +  *((intOrPtr*)(_t126 + _t126));
					 *_t126 =  *_t126 + _t126;
					_t127 = _t126 + 0x65540005;
					if(_t127 < 0) {
						goto L20;
					} else {
						_t159 = (_t127 ^  *_t127) +  *((intOrPtr*)((_t127 ^  *_t127) + _t195 * 8));
						goto L12;
					}
				} else {
					 *_t174 =  *_t174 + _t184;
					_pop(es);
					asm("clc");
					_pop(es);
					 *_t126 =  *_t126 + _t126;
					_t159 = _t126 | _t184 |  *(_t126 | _t184);
					_t175 = _t174 + _t174;
					_t202 = _t202 +  *_t159;
					 *_t159 =  *_t159 + _t159;
					_t33 = _t159 + 0x78655400;
					 *_t33 =  *((intOrPtr*)(_t159 + 0x78655400)) + _t159;
					if( *_t33 == 0) {
						L12:
						_pop(es);
						asm("enter 0xbf0a, 0x4");
						asm("out dx, eax");
						 *_t175 =  *_t175 + _t184;
						_t161 = _t159 + 0x737055f8;
						if (_t161 == 0) goto L13;
						asm("adc al, [esi]");
						_t212 = _t212 +  *_t202;
						 *_t161 =  *_t161 + _t161;
						 *_t202 =  *_t202 + _t161;
						 *_t161 =  *_t161 | _t161;
						_t177 = _t175 + _t175 + 1;
						asm("outsd");
						asm("insd");
						asm("insd");
						asm("popad");
						asm("outsb");
						 *[fs:eax] =  *[fs:eax] ^ _t161;
						_t128 = _t161 + 1;
						_t239 = _t128;
						if(_t239 != 0) {
							goto L23;
						} else {
							if(_t239 >= 0) {
								goto L24;
							} else {
								if(_t239 < 0) {
									goto L22;
								} else {
									asm("popad");
									asm("popad");
									asm("bound ebp, [ebp]");
									_t163 = _t128 + 0xf8;
									_pop(es);
									asm("enter 0xbf0a, 0x4");
									asm("out dx, eax");
									 *_t184 =  *_t184 + _t194;
									 *_t163 =  *_t163 + _t163;
									 *_t177 =  *_t177 + 1;
									_t164 = _t163 - 0x7000000;
									goto L17;
								}
							}
						}
					} else {
						 *_t194 =  *_t194 + _t159;
						_t164 = _t159 + 1;
						_t194 = _t194 + _t164;
						_t195 = _t195 +  *_t175 + _t212;
						 *_t175 =  *_t175 + _t184;
						asm("adc [eax], eax");
						if( *_t175 != 0) {
							L17:
							_pop(es);
							_t127 = _t164 + 0x78655400;
							if(_t127 == 0) {
								L21:
								_pop(es);
								asm("enter 0xbf0a, 0x4");
								asm("out dx, eax");
								_t195 = _t195 + _t127 + _t195 + _t127;
								_t218 = _t218 +  *_t177;
								 *_t127 =  *_t127 + _t127;
								 *_t184 =  *_t184 + _t184;
								_t128 = _t127 + 0x6e694c00;
								L22:
								_t212 =  *(_t202 + 0x65) * 0x3170031;
								L23:
								_pop(ss);
								_t195 = _t195 + _t128;
								_pop(es);
								L24:
								 *_t128 =  *_t128 + _t128;
								_t130 = _t128 + 0x000000c8 |  *(_t128 + 0xc8);
								 *0xca8 =  *0xca8 + _t130;
								_push(es);
								 *_t130 =  *_t130 + _t130;
								 *_t177 =  *_t177 + 1;
								asm("sbb [eax], eax");
								 *_t130 =  *_t130 + _t130;
								_t131 = _t130 |  *_t202;
								_t47 =  &(_t177[0x1a]);
								 *_t47 = _t177[0x1a] + _t194;
								asm("popad");
								if( *_t47 < 0) {
									goto L29;
								} else {
									 *_t131 =  *_t131 ^ _t131;
									_t153 = _t131 + 0xf8;
									es = ss;
									asm("enter 0xbf0a, 0x4");
									asm("out dx, eax");
									goto L26;
								}
							} else {
								 *_t194 =  *_t194 + _t127;
								_t153 = _t127 + 0xf8;
								_pop(es);
								asm("enter 0xbf0a, 0x4");
								asm("out dx, eax");
								 *_t177 =  *_t177 + _t184;
								_push(cs);
								_t40 = _t153 + 0x73;
								 *_t40 =  *((intOrPtr*)(_t153 + 0x73)) + _t194;
								if( *_t40 != 0) {
									L26:
									 *_t153 =  *_t153 + _t153;
									 *_t177 =  *_t177 + _t184;
									_push(es);
									 *((intOrPtr*)(_t184 + 0x62)) =  *((intOrPtr*)(_t184 + 0x62)) + _t184;
									asm("gs insb");
									 *_t153 =  *_t153 ^ _t153;
									 *_t184 =  *_t184 + _t153;
									 *_t153 =  *_t153 | _t153;
									_t177 = _t177 - 1;
									_t217 = _t212 +  *_t184 + 1;
									_t218 = _t218 + 1 - 1;
									_t202 = _t202 - 1;
									_t184 = _t184;
									_t212 = _t217 + 1;
									 *0xac807f8 =  *0xac807f8 + _t153;
									_t195 = 0x1201ef04;
									 *_t177 =  *_t177 + 1;
									_t155 = _t153 +  *_t153 -  *((intOrPtr*)(_t153 +  *_t153));
									 *_t155 =  *_t155 + _t155;
									 *((intOrPtr*)(_t184 + 0x62)) =  *((intOrPtr*)(_t184 + 0x62)) + _t184;
									asm("gs insb");
									_t157 = (_t155 | 0x00000006) ^  *(_t155 | 0x00000006);
									 *_t184 =  *_t184 + _t157;
									_t136 = _t157 |  *_t157;
									_t249 = _t136;
									_push(_t177);
									if(_t249 != 0) {
										asm("outsb");
										asm("bound ebp, [gs:edi+0x61]");
										if(_t249 != 0) {
											 *0xac807f8 =  *0xac807f8 + _t136;
											_t195 = 0x1201ef04;
											_pop(es);
											_t177 = _t177 + _t177;
											_t131 = _t136 +  *((intOrPtr*)(_t202 + _t136));
											L29:
											 *_t131 =  *_t131 + _t131;
											 *_t131 =  *_t131 + _t184;
											_t132 = _t131 + 1;
											 *_t195 =  *_t195 + _t132;
											 *_t132 =  *_t132 + _t132;
											 *((intOrPtr*)(_t184 + _t212 + 0x40)) =  *((intOrPtr*)(_t184 + _t212 + 0x40)) + _t132;
											 *_t195 =  *_t195 + _t132;
											 *_t132 =  *_t132 + _t132;
											_t133 = _t132 + _t184;
											 *_t133 =  *_t133 - _t133;
											_pop(es);
											 *_t133 =  *_t133 + _t133;
											 *((intOrPtr*)(_t133 + _t212 + 0x42560040)) =  *((intOrPtr*)(_t133 + _t212 + 0x42560040)) + _t184;
											_t134 = _t133 ^ 0x2a263621;
											 *_t134 =  *_t134 + _t134;
										}
										 *_t134 =  *_t134 + _t134;
										 *_t134 =  *_t134 + _t134;
										 *_t134 =  *_t134 + _t134;
										 *_t134 =  *_t134 + _t134;
										 *_t134 =  *_t134 + _t134;
										 *_t202 = _t177 +  *_t202;
										 *_t134 =  *_t134 + _t134;
										 *_t134 =  *_t134 + _t134;
										 *_t134 =  *_t134 + _t134;
										 *_t134 =  *_t134 + _t134;
										 *_t134 =  *_t134 + _t134;
										 *_t134 =  *_t134 + _t134;
										_t135 = _t134 |  *_t134;
										 *(_t135 + _t135) =  *(_t135 + _t135) | _t135;
										 *_t135 =  *_t135 + _t135;
										 *_t135 =  *_t135 + _t135;
										 *_t135 =  *_t135 + _t135;
										 *_t135 =  *_t135 + _t135;
										 *((intOrPtr*)(_t135 + 0x1c)) =  *((intOrPtr*)(_t135 + 0x1c)) + _t194;
										_t136 = _t135 + 1;
										 *_t202 =  *_t202 + _t194;
										asm("clc");
									}
								} else {
									asm("outsd");
									asm("a16 jb 0x71");
									asm("popad");
									asm("outsb");
									_t218 =  *_t177 * 0xff000012;
									L20:
									_t177 = _t175 + _t175 +  *_t184;
									 *_t127 =  *_t127 + _t127;
									 *_t127 =  *_t127 + _t184;
									_push(es);
									 *((intOrPtr*)(_t184 + 0x6d)) =  *((intOrPtr*)(_t184 + 0x6d)) + _t184;
									asm("popad");
									 *[gs:bx+si] =  *[gs:bx+si] ^ _t127;
									asm("sbb [ebx], al");
									goto L21;
								}
							}
						} else {
							_t202 =  *(_t175 + 0x66) * 0x7473726f;
							goto L10;
						}
					}
				}
				_t178 = _t177 + _t177;
				asm("invalid");
				 *_t136 =  *_t136 | _t136;
				 *_t136 =  *_t136 + _t136;
				 *_t136 =  *_t136 + _t136;
				 *_t136 =  *_t136 + _t136;
				_t137 = _t136 +  *_t136;
				 *_t137 =  *_t137 + _t137;
				goto 0xe8401889;
				asm("sbb [eax], al");
				asm("sbb al, 0x18");
				_t138 = _t137 + 1;
				 *((intOrPtr*)(_t138 + 0x78004015)) =  *((intOrPtr*)(_t138 + 0x78004015)) + _t138;
				 *_t138 =  *_t138 + _t138;
				 *((intOrPtr*)(_t195 - 0x5f000000)) =  *((intOrPtr*)(_t195 - 0x5f000000)) + _t194;
				 *_t138 =  *_t138 + _t138;
				 *_t194 =  *_t194 + _t138;
				 *_t138 =  *_t138 + _t138;
				 *_t138 =  *_t138 + _t138;
				 *_t138 =  *_t138 + _t138;
				 *_t138 =  *_t138 + _t138;
				 *_t138 =  *_t138 + _t138;
				 *_t138 =  *_t138 + _t138;
				 *_t138 =  *_t138 + _t138;
				 *((intOrPtr*)(_t194 + 0x45)) =  *((intOrPtr*)(_t194 + 0x45)) + _t194;
				_push(_t138);
				_t203 = _t202 - 1;
				_push(_t218);
				_t180 = _t178 + 1 - 1;
				_push(_t203);
				_t220 = _t218 - 1;
				_push(_t220);
				_push(_t220);
				_push(_t180);
				_push(_t138);
				_t190 = _t184 + 1 - 1 + 1 - 1;
				_t198 = _t195 + 2;
				_t215 = _t212 + 3;
				 *((intOrPtr*)(_t215 + 0x61 + (_t203 - 0xfffffffffffffffe) * 2)) =  *((intOrPtr*)(_t215 + 0x61 + (_t203 - 0xfffffffffffffffe) * 2)) + _t138;
				asm("insb");
				_t208 =  *(_t215 + 0x74) * 0x64000073;
				if(_t208 != 0) {
					L34:
					 *((char*)(_t208 - 0x6b)) = _t190;
					asm("scasb");
					asm("rcr dword [ebx+0xe8], cl");
					 *_t138 =  *_t138 + _t138;
					 *_t138 =  *_t138 + _t138;
					 *_t138 =  *_t138 + _t138;
					 *_t138 =  *_t138 + _t138;
					 *_t138 =  *_t138 + _t138;
					 *_t138 =  *_t138 + _t138;
					 *_t190 =  *_t190 + _t138;
					 *_t138 =  *_t138 + _t138;
					 *_t138 =  *_t138 + _t138;
					 *_t138 =  *_t138 + _t138;
					 *_t138 =  *_t138 + _t138;
					 *_t138 =  *_t138 + _t138;
					 *_t138 =  *_t138 + _t138;
					 *_t138 =  *_t138 + _t138;
					 *_t138 =  *_t138 + _t138;
					 *_t138 =  *_t138 + _t138;
					 *_t138 =  *_t138 + _t138;
					 *_t138 =  *_t138 + _t138;
					 *_t138 =  *_t138 + _t138;
					 *_t138 =  *_t138 + _t138;
					 *((intOrPtr*)(_t138 + 0x147)) =  *((intOrPtr*)(_t138 + 0x147)) + _t194;
					 *_t138 =  *_t138 + _t138;
					 *((intOrPtr*)(_t138 + _t208)) =  *((intOrPtr*)(_t138 + _t208)) + _t138;
					_t139 = _t138 + 1;
					 *((intOrPtr*)(_t139 + _t139 + 0x500000)) =  *((intOrPtr*)(_t139 + _t139 + 0x500000)) + _t180;
					 *_t139 =  *_t139 + _t139;
					asm("insd");
					asm("insb");
					asm("loop 0xffffffa3");
					asm("int 0x4e");
					_t141 = _t190;
					_t191 = _t139 | 0x000000df;
					 *0x8bfd3daf = _t141;
					_push(_t208);
					 *_t141 =  *_t141 + _t141;
					 *_t141 =  *_t141 + _t141;
					 *_t141 =  *_t141 + _t141;
					 *_t141 =  *_t141 + _t141;
					 *_t141 =  *_t141 + _t141;
					 *_t141 =  *_t141 + _t141;
					 *_t141 =  *_t141 + _t141;
				} else {
					asm("insb");
					 *_t138 =  *_t138 + _t138;
					ds =  *[gs:ebp-0x28064a48];
					_t191 = _t190 - 1;
					asm("scasb");
					_t194 = _t194 - 1;
					 *((intOrPtr*)(_t180 + _t198 * 8)) = _t180;
					asm("das");
					asm("sbb [ebx], dh");
					 *_t138 =  *_t138 + _t138;
					 *_t138 =  *_t138 + _t138;
					 *_t138 =  *_t138 + _t138;
					 *_t138 =  *_t138 + _t138;
					 *_t138 =  *_t138 + _t138;
					 *_t138 =  *_t138 + _t138;
					 *_t138 =  *_t138 + _t138;
					 *_t138 =  *_t138 + _t138;
					asm("adc [esi], al");
					 *_t138 =  *_t138 + _t138;
					 *_t138 =  *_t138 + _t138;
					 *_t138 =  *_t138 + _t138;
					 *_t138 =  *_t138 + _t138;
					 *_t138 =  *_t138 + _t138;
					 *_t138 =  *_t138 + _t138;
					 *_t138 =  *_t138 + _t138;
					 *_t138 =  *_t138 + _t138;
					 *_t138 =  *_t138 + _t138;
					 *_t138 =  *_t138 + _t138;
					 *_t138 =  *_t138 + _t138;
					_pop(_t150);
					_t151 = _t150 +  *_t150;
					 *_t151 =  *_t151 + _t151;
					 *_t151 =  *_t151 + _t151;
					_t152 = _t151 + _t151;
					asm("adc eax, 0x4c0040");
					 *_t152 =  *_t152 + _t152;
					_push(_t152);
					 *_t152 =  *_t152 + _t152;
					_t141 = _t152 + _t152;
					asm("scasb");
					_t208 = _t194;
					if(_t141 < 0) {
						goto L34;
					}
				}
				 *_t141 =  *_t141 + _t141;
				 *_t141 =  *_t141 + _t141;
				_t142 = _t141 +  *_t141;
				 *_t142 =  *_t142 + _t142;
				 *_t142 =  *_t142 + _t142;
				 *_t142 =  *_t142 + _t142;
				 *_t142 =  *_t142 + _t142;
				 *_t142 =  *_t142 + _t142;
				 *_t142 =  *_t142 + _t142;
				 *_t142 =  *_t142 + _t142;
				 *_t142 =  *_t142 + _t142;
				 *_t142 =  *_t142 + _t142;
				 *_t142 =  *_t142 + _t142;
				 *_t142 =  *_t142 + _t142;
				 *_t142 =  *_t142 + _t142;
				 *_t142 =  *_t142 + _t142;
				 *_t142 =  *_t142 + _t142;
				 *_t142 =  *_t142 + _t142;
				 *_t142 =  *_t142 + _t142;
				if( *_t142 >= 0) {
					_t149 = _t142 + 1 + _t191;
					 *_t149 =  *_t149 + _t149;
					 *_t191 =  *_t191 + _t149;
					 *_t194 =  *_t194 + _t149;
					 *((intOrPtr*)(_t149 + 0x4025)) =  *((intOrPtr*)(_t149 + 0x4025)) + _t194;
					 *_t149 =  *_t149 + _t149;
					 *((intOrPtr*)(_t191 + _t198 * 2 - 0xffbf)) =  *((intOrPtr*)(_t191 + _t198 * 2 - 0xffbf)) + _t149;
					asm("invalid");
					 *_t149 =  *_t149 + _t149;
					 *_t149 =  *_t149 + _t149;
					_t142 = _t149 + 1;
					 *_t142 =  *_t142 + _t194;
					asm("rol byte [ecx], 0x0");
					 *_t142 =  *_t142 + _t142;
					 *_t142 =  *_t142 + _t142;
					 *_t191 =  *_t191;
					 *_t142 =  *_t142 + _t142;
				}
				 *_t142 =  *_t142 + _t142;
				 *_t142 =  *_t142 + _t142;
				 *_t142 =  *_t142 + _t142;
				 *_t142 =  *_t142 + _t142;
				 *_t142 =  *_t142 + _t142;
				 *((intOrPtr*)(_t142 + 0x1a)) =  *((intOrPtr*)(_t142 + 0x1a)) + _t194;
				_t143 = _t142 + 1;
				 *_t191 =  *_t191 + _t143;
				 *_t143 =  *_t143 + _t143;
				 *((intOrPtr*)(_t143 + 0x2f)) =  *((intOrPtr*)(_t143 + 0x2f)) + _t143;
				_t144 = _t143 + 1;
				 *_t144 =  *_t144 + _t144;
				 *_t144 =  *_t144 + _t144;
				 *((intOrPtr*)(_t144 + 0x1a)) =  *((intOrPtr*)(_t144 + 0x1a)) + _t194;
				_t145 = _t144 + 1;
				 *_t191 =  *_t191 + _t145;
				 *_t145 =  *_t145 + _t145;
				 *((intOrPtr*)(_t145 + 0x1a)) =  *((intOrPtr*)(_t145 + 0x1a));
				_t146 = _t145 + 1;
				 *_t146 =  *_t146 + _t146;
				 *_t146 =  *_t146 + _t146;
				 *((intOrPtr*)(_t194 + 0x40)) =  *((intOrPtr*)(_t194 + 0x40)) + _t194;
				 *_t191 =  *_t191 + _t146;
				 *_t146 =  *_t146 + _t146;
				 *((intOrPtr*)(_t146 + 0x1a)) =  *((intOrPtr*)(_t146 + 0x1a));
				_t147 = _t146 + 1;
				 *_t147 =  *_t147 + _t147;
				 *((intOrPtr*)(_t198 + 0x6c006801)) =  *((intOrPtr*)(_t198 + 0x6c006801)) + _t194;
				 *((intOrPtr*)(_t147 - 0x13ffbfe6)) =  *((intOrPtr*)(_t147 - 0x13ffbfe6)) + _t147;
				return _t147;
			}































































              0x00401574
              0x00401574
              0x00401574
              0x00401579
              0x0040157e
              0x00401580
              0x00401582
              0x00401584
              0x00401586
              0x00401588
              0x00401589
              0x0040158b
              0x0040158d
              0x0040158f
              0x00401594
              0x00401596
              0x00401598
              0x00401599
              0x0040159a
              0x004015a1
              0x004015a3
              0x004015a5
              0x004015a7
              0x004015a9
              0x004015ab
              0x004015ae
              0x004015b0
              0x004015b3
              0x004015bc
              0x004015be
              0x004015c0
              0x004015c2
              0x004015c4
              0x004015c6
              0x004015c8
              0x004015ca
              0x004015d0
              0x004015d1
              0x004015d2
              0x004015d3
              0x004015d6
              0x004015d7
              0x004015d7
              0x004015e8
              0x004015f2
              0x004015f4
              0x004015f5
              0x004015f8
              0x004015f8
              0x004015f9
              0x004015fb
              0x004015fd
              0x004015ff
              0x00401601
              0x00401603
              0x00401605
              0x00401607
              0x00401609
              0x0040160b
              0x0040160d
              0x0040160f
              0x00401611
              0x00401613
              0x00000000
              0x004015dc
              0x004015dc
              0x004015e2
              0x004015e3
              0x004015e3
              0x00401614
              0x00401614
              0x00401616
              0x00401618
              0x0040161a
              0x0040161c
              0x0040161e
              0x00401620
              0x00401623
              0x00401625
              0x0040162b
              0x0040162c
              0x0040162d
              0x00401633
              0x00401635
              0x00401636
              0x00401639
              0x0040163a
              0x0040163b
              0x0040163e
              0x00401640
              0x00401641
              0x00401643
              0x00401646
              0x00401649
              0x0040164a
              0x0040164b
              0x0040164e
              0x0040164f
              0x00401650
              0x00401654
              0x00401656
              0x00401658
              0x0040165d
              0x0040165f
              0x00401660
              0x00401662
              0x00401666
              0x00401668
              0x0040166a
              0x0040166c
              0x00401670
              0x00401671
              0x00401678
              0x00401679
              0x0040167f
              0x00401685
              0x00401687
              0x00401689
              0x0040168e
              0x00401691
              0x00401694
              0x00401695
              0x00401695
              0x00401696
              0x0040169c
              0x0040169e
              0x004016a0
              0x004016a2
              0x004016a4
              0x004016a6
              0x004016a6
              0x004016aa
              0x004016de
              0x004016de
              0x004016df
              0x004016e0
              0x004016e9
              0x004016eb
              0x004016ee
              0x004016f0
              0x004016f5
              0x00000000
              0x004016f7
              0x004016f9
              0x00000000
              0x004016f9
              0x004016ad
              0x004016ad
              0x004016af
              0x004016b0
              0x004016b1
              0x004016b2
              0x004016b6
              0x004016b8
              0x004016ba
              0x004016bc
              0x004016be
              0x004016be
              0x004016c5
              0x004016fa
              0x004016fc
              0x004016fd
              0x00401701
              0x00401702
              0x00401704
              0x00401709
              0x0040170c
              0x00401710
              0x00401712
              0x00401714
              0x00401716
              0x00401718
              0x00401719
              0x0040171a
              0x0040171b
              0x0040171c
              0x0040171d
              0x0040171e
              0x00401723
              0x00401723
              0x00401725
              0x00000000
              0x00401727
              0x00401727
              0x00000000
              0x00401729
              0x00401729
              0x00000000
              0x0040172b
              0x0040172b
              0x0040172c
              0x0040172e
              0x00401732
              0x00401734
              0x00401735
              0x00401739
              0x0040173a
              0x0040173c
              0x0040173e
              0x00401740
              0x00000000
              0x00401740
              0x00401729
              0x00401727
              0x004016c7
              0x004016c7
              0x004016c9
              0x004016cb
              0x004016cf
              0x004016d1
              0x004016d3
              0x004016d5
              0x00401744
              0x00401744
              0x00401745
              0x0040174a
              0x0040177d
              0x0040177f
              0x00401780
              0x00401784
              0x00401785
              0x00401787
              0x00401789
              0x0040178b
              0x0040178d
              0x00401790
              0x00401790
              0x00401795
              0x00401795
              0x00401796
              0x00401798
              0x00401799
              0x00401799
              0x0040179d
              0x0040179f
              0x004017a5
              0x004017a8
              0x004017aa
              0x004017ac
              0x004017ae
              0x004017b0
              0x004017b2
              0x004017b2
              0x004017b5
              0x004017b6
              0x00000000
              0x004017b8
              0x004017b8
              0x004017bb
              0x004017bd
              0x004017be
              0x004017c2
              0x00000000
              0x004017c2
              0x0040174c
              0x0040174c
              0x0040174e
              0x00401750
              0x00401751
              0x00401755
              0x00401756
              0x00401758
              0x00401759
              0x00401759
              0x0040175c
              0x004017c3
              0x004017c7
              0x004017c9
              0x004017cb
              0x004017cc
              0x004017d0
              0x004017d2
              0x004017d4
              0x004017d6
              0x004017d8
              0x004017db
              0x004017dc
              0x004017de
              0x004017df
              0x004017e0
              0x004017e1
              0x004017e7
              0x004017ee
              0x004017f0
              0x004017f2
              0x004017f6
              0x004017fa
              0x004017fc
              0x004017fe
              0x00401800
              0x00401800
              0x00401802
              0x00401803
              0x00401805
              0x00401806
              0x0040180a
              0x0040180c
              0x00401812
              0x00401817
              0x00401818
              0x0040181a
              0x0040181d
              0x0040181d
              0x0040181f
              0x00401821
              0x00401823
              0x00401825
              0x00401827
              0x0040182b
              0x0040182d
              0x0040182f
              0x00401831
              0x00401834
              0x00401835
              0x00401837
              0x0040183e
              0x00401843
              0x00401843
              0x00401845
              0x00401847
              0x00401849
              0x0040184b
              0x0040184d
              0x0040184f
              0x00401852
              0x00401854
              0x00401856
              0x00401858
              0x0040185a
              0x0040185c
              0x0040185e
              0x00401860
              0x00401863
              0x00401865
              0x00401867
              0x00401869
              0x0040186b
              0x0040186e
              0x0040186f
              0x00401871
              0x00401872
              0x0040175f
              0x0040175f
              0x00401760
              0x00401764
              0x00401765
              0x00401766
              0x0040176b
              0x0040176d
              0x0040176f
              0x00401771
              0x00401773
              0x00401774
              0x00401777
              0x00401778
              0x0040177c
              0x00000000
              0x0040177c
              0x0040175c
              0x004016d7
              0x004016d7
              0x00000000
              0x004016d7
              0x004016d5
              0x004016c5
              0x00401874
              0x00401876
              0x00401878
              0x0040187a
              0x0040187c
              0x0040187e
              0x00401880
              0x00401882
              0x00401884
              0x00401889
              0x0040188c
              0x0040188e
              0x0040188f
              0x00401895
              0x00401897
              0x0040189d
              0x0040189f
              0x004018a5
              0x004018a7
              0x004018a9
              0x004018ab
              0x004018ad
              0x004018af
              0x004018b1
              0x004018b3
              0x004018b8
              0x004018bb
              0x004018bc
              0x004018bd
              0x004018be
              0x004018c0
              0x004018c2
              0x004018c4
              0x004018c5
              0x004018c6
              0x004018cd
              0x004018cf
              0x004018d0
              0x004018d2
              0x004018d6
              0x004018d7
              0x004018df
              0x00401942
              0x00401942
              0x00401948
              0x00401949
              0x0040194f
              0x00401951
              0x00401953
              0x00401955
              0x00401957
              0x00401959
              0x0040195b
              0x0040195d
              0x0040195f
              0x00401961
              0x00401963
              0x00401965
              0x00401967
              0x00401969
              0x0040196b
              0x0040196d
              0x0040196f
              0x00401971
              0x00401973
              0x00401975
              0x00401977
              0x0040197d
              0x0040197f
              0x00401982
              0x00401983
              0x0040198a
              0x0040198c
              0x0040198d
              0x00401990
              0x00401992
              0x00401994
              0x00401994
              0x00401995
              0x0040199a
              0x0040199b
              0x0040199d
              0x0040199f
              0x004019a1
              0x004019a3
              0x004019a5
              0x004019a7
              0x004018e1
              0x004018e1
              0x004018ea
              0x004018ec
              0x004018f3
              0x004018f4
              0x004018f5
              0x004018f6
              0x004018f9
              0x004018fa
              0x00401900
              0x00401902
              0x00401904
              0x00401906
              0x00401908
              0x0040190a
              0x0040190c
              0x0040190e
              0x00401910
              0x00401912
              0x00401914
              0x00401916
              0x00401918
              0x0040191a
              0x0040191c
              0x0040191e
              0x00401920
              0x00401922
              0x00401924
              0x00401926
              0x00401928
              0x00401929
              0x0040192b
              0x0040192d
              0x0040192f
              0x00401931
              0x00401936
              0x00401938
              0x00401939
              0x0040193b
              0x0040193d
              0x0040193e
              0x00401940
              0x00000000
              0x00000000
              0x00401940
              0x004019a8
              0x004019aa
              0x004019ac
              0x004019ae
              0x004019b0
              0x004019b2
              0x004019b4
              0x004019b6
              0x004019b8
              0x004019ba
              0x004019bc
              0x004019be
              0x004019c0
              0x004019c2
              0x004019c4
              0x004019c6
              0x004019ca
              0x004019cc
              0x004019ce
              0x004019d0
              0x004019d3
              0x004019d5
              0x004019d7
              0x004019d9
              0x004019db
              0x004019e1
              0x004019e3
              0x004019ea
              0x004019ec
              0x004019ee
              0x004019f1
              0x004019f3
              0x004019f5
              0x004019f9
              0x004019fb
              0x004019fd
              0x00401a00
              0x00401a00
              0x00401a01
              0x00401a03
              0x00401a05
              0x00401a07
              0x00401a09
              0x00401a0b
              0x00401a0e
              0x00401a0f
              0x00401a11
              0x00401a13
              0x00401a16
              0x00401a17
              0x00401a19
              0x00401a1b
              0x00401a1e
              0x00401a1f
              0x00401a21
              0x00401a23
              0x00401a26
              0x00401a27
              0x00401a29
              0x00401a2b
              0x00401a2f
              0x00401a31
              0x00401a33
              0x00401a36
              0x00401a37
              0x00401a39
              0x00401a3f
              0x00401a45

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423091854.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.423086699.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000000.00000002.423109272.000000000041C000.00000004.00020000.sdmp Download File
              • Associated: 00000000.00000002.423114119.000000000041E000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: #100
              • String ID: VB5!6&*
              • API String ID: 1341478452-3593831657
              • Opcode ID: bb4c595b8caa8a0a5eb4e8d61da4c28c2aa7fc5729cde773d6b873ab44e4385f
              • Instruction ID: 0c728bc957338ad2302c65688e3ae3603d622e976626e000fb6de1b0e3c03cb0
              • Opcode Fuzzy Hash: bb4c595b8caa8a0a5eb4e8d61da4c28c2aa7fc5729cde773d6b873ab44e4385f
              • Instruction Fuzzy Hash: B4C1426244E3C18FD7138BB49DA52913FB0AE1322471E05EBC4C1CF1B3E62D695ADB66
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A1943, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 192COMMON
              Download Yara Rule
              APIs
              • TerminateProcess.KERNELBASE(FDC5723E), ref: 020A6B16
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: ProcessTerminate
              • String ID: ?/Sb
              • API String ID: 560597551-2285320405
              • Opcode ID: bcbe062132a8e1d5e79c269ff367f2d344c42c9e9d851962f082b7efaa355e07
              • Instruction ID: af5e3d4ea1b9a4f20d869b95cdea1f800be5803256f4760f6c6a0af72588084e
              • Opcode Fuzzy Hash: bcbe062132a8e1d5e79c269ff367f2d344c42c9e9d851962f082b7efaa355e07
              • Instruction Fuzzy Hash: 3F719A7160838A9FDB30AE78C8657EFBBB2AF51350FC5821ECC898B585D3319581C742
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A6367, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 187nativeCOMMON
              Download Yara Rule
              APIs
              • NtWriteVirtualMemory.NTDLL(?,4D918A05,?,00000000,?,?,?,-17E0BF52), ref: 020A6556
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: MemoryVirtualWrite
              • String ID: iO&j
              • API String ID: 3527976591-1914021386
              • Opcode ID: 78b3bbf4cb01561aecfaecc5751425f3ff23a14bf927cc953d1b506633b453ac
              • Instruction ID: 70f7f2fa41b742fd4d4757e92b55a6a80f1357d7eda4242af824c387ce2187cd
              • Opcode Fuzzy Hash: 78b3bbf4cb01561aecfaecc5751425f3ff23a14bf927cc953d1b506633b453ac
              • Instruction Fuzzy Hash: 287121B26053499FEF349E78CEA47CA77B6BF59350F884129DD4D8B210E7318A81DB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A6FDD, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 187memorynativeCOMMON
              Download Yara Rule
              APIs
              • NtAllocateVirtualMemory.NTDLL ref: 020A71D0
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: AllocateMemoryVirtual
              • String ID: qz
              • API String ID: 2167126740-863917569
              • Opcode ID: 117f9115f7195162d49fe66646e5e8a97d08a78e79dc2bc46f2a55bc45486e01
              • Instruction ID: abbe850b785bfa7d56bb63b69a482f1d9029ec99eb711f9559b072a1ea662894
              • Opcode Fuzzy Hash: 117f9115f7195162d49fe66646e5e8a97d08a78e79dc2bc46f2a55bc45486e01
              • Instruction Fuzzy Hash: D8615772A09385CFEB34EE74D8A57DEBBA5AF11350F88845DCC8687221E731D680CB51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020AABF8, Relevance: 3.2, Strings: 2, Instructions: 710COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: MemoryProtectVirtual
              • String ID: 3qi$8!}S
              • API String ID: 2706961497-388430396
              • Opcode ID: 64f8fa4d01c4d351f802ddef18f8633b00e3517638f44914a144968327cd72f3
              • Instruction ID: 8b6f3c7c3440708b5d8c4872b663c35fe1b474efce0da3a6f697cde8561ddf2b
              • Opcode Fuzzy Hash: 64f8fa4d01c4d351f802ddef18f8633b00e3517638f44914a144968327cd72f3
              • Instruction Fuzzy Hash: 1F5247316083858FDF31DF78C8A87DA7BE2AF52354F89825ACC994F296D3348546DB12
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020ABD7E, Relevance: 1.7, APIs: 1, Instructions: 225COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cb7043a3a0bc57c8aca92895af5a324ad4bfa2013213787e82a1a7e7d9463824
              • Instruction ID: 998aa878491a98abd9094fb459a8610e2ada31bb71e615e11dd8e749156092b7
              • Opcode Fuzzy Hash: cb7043a3a0bc57c8aca92895af5a324ad4bfa2013213787e82a1a7e7d9463824
              • Instruction Fuzzy Hash: E0811575504349CFEF39DEA4C8B87EA7BA2EF95310FD5812ACC0A9B254D7348681DB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020ABD59, Relevance: 1.7, APIs: 1, Instructions: 224COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b96e5d0d265068eb053de9a36f62328995722cf5f67a535d27616d08fdd8e077
              • Instruction ID: 3e1901000ec61629c36165f9ba4ac4c70ab054cc629cf214218edd3b14ab120a
              • Opcode Fuzzy Hash: b96e5d0d265068eb053de9a36f62328995722cf5f67a535d27616d08fdd8e077
              • Instruction Fuzzy Hash: 04812275504349CFEF39DEA8C8B87EA3BA2AF95310FD5812ACC0A9B254D7308681DB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A08AC, Relevance: 1.7, APIs: 1, Instructions: 222COMMON
              Download Yara Rule
              APIs
              • EnumWindows.USER32(020A09EF,?,00000000,?), ref: 020A08F4
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: EnumWindows
              • String ID:
              • API String ID: 1129996299-0
              • Opcode ID: 0542036706996c11c5d23bc91196f195bf551a52dc87ec61582fc117fbc05455
              • Instruction ID: 7983cfc2aa58c08b46c28e16cb11ac335b7860fa09fab0df0227d35c716da65d
              • Opcode Fuzzy Hash: 0542036706996c11c5d23bc91196f195bf551a52dc87ec61582fc117fbc05455
              • Instruction Fuzzy Hash: 5E812271A443499FDB28AEB488617EF37F7AF95350F95802ECC8A9B250D7348D85CB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020ABDF7, Relevance: 1.7, APIs: 1, Instructions: 221COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7a73ffb0a5cfbd95ec506d98c4a49d44ba8308e5b8467834cff50cac5879c240
              • Instruction ID: a93805f55792ab8e4ec89b94ded5e54c8899a01d10647180e3f1a72f505bcd39
              • Opcode Fuzzy Hash: 7a73ffb0a5cfbd95ec506d98c4a49d44ba8308e5b8467834cff50cac5879c240
              • Instruction Fuzzy Hash: FD812376504349CFEF39DEA8C8A87DA77A2AF95310FD5812BCC0A9B254D7308681CB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020ABE37, Relevance: 1.7, APIs: 1, Instructions: 207COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a5575eec66a28e82a8abe471628ac0f5e8ccb7375ae3541da354998913483517
              • Instruction ID: b513f40b0288638ebbf341dc0dce611d01b6b9e883720b12a27c73fbc779f795
              • Opcode Fuzzy Hash: a5575eec66a28e82a8abe471628ac0f5e8ccb7375ae3541da354998913483517
              • Instruction Fuzzy Hash: FC810475504349CFEF39DEA8C8A87DA7BA2EF95310FD5812BCC0A9B254D7349681CB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020ABEB0, Relevance: 1.7, APIs: 1, Instructions: 189COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: be78c23c53d360a3f2bc624be675c705b3fd40aea2ae7fa3fcae5291a04e5ec8
              • Instruction ID: c487a77841cbd6289adf90785f25f09839ca97d627278cf466eab8d654560a42
              • Opcode Fuzzy Hash: be78c23c53d360a3f2bc624be675c705b3fd40aea2ae7fa3fcae5291a04e5ec8
              • Instruction Fuzzy Hash: 90712575500349CFEF3ADEA8C8A47DA7BA2AF55310FD6812ACC0A9B255D734D681CB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A19A5, Relevance: 1.7, APIs: 1, Instructions: 173COMMON
              Download Yara Rule
              APIs
              • TerminateProcess.KERNELBASE(FDC5723E), ref: 020A6B16
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: ProcessTerminate
              • String ID:
              • API String ID: 560597551-0
              • Opcode ID: f82c2bf34a052b2ceaf564ee9b9236f16e8cd22dd3a0251a9b4c63aa57652ad0
              • Instruction ID: 6b69509674749f61c5f49acd3707709585f4bab439edb6520808260e19e725ca
              • Opcode Fuzzy Hash: f82c2bf34a052b2ceaf564ee9b9236f16e8cd22dd3a0251a9b4c63aa57652ad0
              • Instruction Fuzzy Hash: B961567150878AAFDB319E78C8653EEBBA2AF52350FD5821DCCC987589D3315681CB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020ABF31, Relevance: 1.7, APIs: 1, Instructions: 167COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 21ad19d1920c2f9a4e2980ef9059b5a955b4722dc5b5e2929a9637d992a38e82
              • Instruction ID: 8d6e30cf76c3dd657d3bea2ced7a6346ced93a0f3ea6cd1d901ce89131094a7c
              • Opcode Fuzzy Hash: 21ad19d1920c2f9a4e2980ef9059b5a955b4722dc5b5e2929a9637d992a38e82
              • Instruction Fuzzy Hash: 2E514575500349CFFF3ACEA8C8A47DA37A2AF55310FD6812ACC0A9B255D734DA81CB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A706F, Relevance: 1.7, APIs: 1, Instructions: 159memorynativeCOMMON
              Download Yara Rule
              APIs
              • NtAllocateVirtualMemory.NTDLL ref: 020A71D0
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: AllocateMemoryVirtual
              • String ID:
              • API String ID: 2167126740-0
              • Opcode ID: 56f81846b42e63882aab1e6e06241ef1dc722f01c9d62795d350992fce8ff083
              • Instruction ID: 7deb96d2882c037c9410cd60ab5233bc4925c0d86ea88849a563c292154af59a
              • Opcode Fuzzy Hash: 56f81846b42e63882aab1e6e06241ef1dc722f01c9d62795d350992fce8ff083
              • Instruction Fuzzy Hash: 87512872509285CFEB38EE74D8A57EEBBA5AF11310F88855DCC8A87261E731D680CB51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A1A26, Relevance: 1.7, APIs: 1, Instructions: 154COMMON
              Download Yara Rule
              APIs
              • TerminateProcess.KERNELBASE(FDC5723E), ref: 020A6B16
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: ProcessTerminate
              • String ID:
              • API String ID: 560597551-0
              • Opcode ID: 4f1979b4a7aeba2c0057295cfb7f9aa91e59e34ccb13e1e50044d5bc1c910adf
              • Instruction ID: ccae84aa1218fdb39ab909ef6fe75143adf2b9267a394f0a8c4b3f56b572a570
              • Opcode Fuzzy Hash: 4f1979b4a7aeba2c0057295cfb7f9aa91e59e34ccb13e1e50044d5bc1c910adf
              • Instruction Fuzzy Hash: 8A51683250878AEFDB31DE78C8647EFBBA26F12350F95825DCC8987585D7319681C742
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A6424, Relevance: 1.7, APIs: 1, Instructions: 152nativeCOMMON
              Download Yara Rule
              APIs
              • NtWriteVirtualMemory.NTDLL(?,4D918A05,?,00000000,?,?,?,-17E0BF52), ref: 020A6556
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: MemoryVirtualWrite
              • String ID:
              • API String ID: 3527976591-0
              • Opcode ID: 6a4e1866233f1691621e735c6628d2e125ed72036b8d786198adc84cdf90994d
              • Instruction ID: 6074bf8fa58aeedc9fb8bd689a7b0eb34c163a57c56aadbe7586ab177f72792c
              • Opcode Fuzzy Hash: 6a4e1866233f1691621e735c6628d2e125ed72036b8d786198adc84cdf90994d
              • Instruction Fuzzy Hash: 925132726043899FDF359EB8CDA47DA3BB6BF59350F884129DD4D8B200E7328A85DB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A7120, Relevance: 1.6, APIs: 1, Instructions: 129memorynativeCOMMON
              Download Yara Rule
              APIs
              • NtAllocateVirtualMemory.NTDLL ref: 020A71D0
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: AllocateMemoryVirtual
              • String ID:
              • API String ID: 2167126740-0
              • Opcode ID: 81d50fbaa16c59cb4f67dd500b65c60615266ed6540a755db72ae68fe5a7c9b1
              • Instruction ID: 3338a7acf79dd0f260660b8f41c105e2070bfb9a86df2863b783aa90644d9a41
              • Opcode Fuzzy Hash: 81d50fbaa16c59cb4f67dd500b65c60615266ed6540a755db72ae68fe5a7c9b1
              • Instruction Fuzzy Hash: 19416C3250A285DFEB38DE74D8B5BDEBBA5EF12314F88845DC84A87221E731D640CB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A648F, Relevance: 1.6, APIs: 1, Instructions: 125nativeCOMMON
              Download Yara Rule
              APIs
              • NtWriteVirtualMemory.NTDLL(?,4D918A05,?,00000000,?,?,?,-17E0BF52), ref: 020A6556
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: MemoryVirtualWrite
              • String ID:
              • API String ID: 3527976591-0
              • Opcode ID: f69c5e6acd94850331d15bb1d60abeecc2a5c62dd8279b8b2409ad04a8d92985
              • Instruction ID: 361f4bdf7d992cbcd7f80a83ea049b60900357bc76d9cbaa2719ab356c152dd0
              • Opcode Fuzzy Hash: f69c5e6acd94850331d15bb1d60abeecc2a5c62dd8279b8b2409ad04a8d92985
              • Instruction Fuzzy Hash: B54132B16043499FDF359E78C9647CA37B6FF59350F888229ED4D8B240E7328A82DB01
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A64DA, Relevance: 1.6, APIs: 1, Instructions: 114nativeCOMMON
              Download Yara Rule
              APIs
              • NtWriteVirtualMemory.NTDLL(?,4D918A05,?,00000000,?,?,?,-17E0BF52), ref: 020A6556
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: MemoryVirtualWrite
              • String ID:
              • API String ID: 3527976591-0
              • Opcode ID: 1268c8a386b54e92d1ca90dffd420bf14654ebbe7128a76396324b0abf82a613
              • Instruction ID: a5565b2e0c5901ea31b46c073418e30ada1d5349c20fea52eb9e277c729f222a
              • Opcode Fuzzy Hash: 1268c8a386b54e92d1ca90dffd420bf14654ebbe7128a76396324b0abf82a613
              • Instruction Fuzzy Hash: 804102B26043499FDF769E78D9647CE37B2BF59340F488129DD9D8B250E7328A82DB01
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A652E, Relevance: 1.6, APIs: 1, Instructions: 107nativeCOMMON
              Download Yara Rule
              APIs
              • NtWriteVirtualMemory.NTDLL(?,4D918A05,?,00000000,?,?,?,-17E0BF52), ref: 020A6556
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: MemoryVirtualWrite
              • String ID:
              • API String ID: 3527976591-0
              • Opcode ID: a2077a6e82077068975be31f48eb81cbc83867283dcb93c31650bbad6359e68e
              • Instruction ID: 7bd57ab11127ba0b7979e2303170031ca25fd6e9c489affa6d7464da9358426b
              • Opcode Fuzzy Hash: a2077a6e82077068975be31f48eb81cbc83867283dcb93c31650bbad6359e68e
              • Instruction Fuzzy Hash: 62411571604349DFDF759E78CAA47CA37B2BF19340F488229DD5D8B250E7328A86DB01
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020AB731, Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
              Download Yara Rule
              APIs
              • NtProtectVirtualMemory.NTDLL ref: 020AB7F8
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: MemoryProtectVirtual
              • String ID:
              • API String ID: 2706961497-0
              • Opcode ID: f582b671dd47b2bb312276bbdd805b62df2568cea3e069d1ccec21bdd4c0f2cd
              • Instruction ID: e9a102e76412fb91555a5573cdffaf13ab19cda9cc29c3de308536e3effee0d6
              • Opcode Fuzzy Hash: f582b671dd47b2bb312276bbdd805b62df2568cea3e069d1ccec21bdd4c0f2cd
              • Instruction Fuzzy Hash: 8B11BE717083059FEB68DE288A947EAB6E2ABE4250F54822EA84A97344DB309941D615
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A6CA5, Relevance: 1.6, APIs: 1, Instructions: 58fileCOMMON
              Download Yara Rule
              APIs
              • CreateFileA.KERNELBASE(?,32E55319), ref: 020A6E10
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: CreateFile
              • String ID:
              • API String ID: 823142352-0
              • Opcode ID: 3af8b17ea188baa42fc7fb5ed0ca42036b4530971769bb0bb1e14dc485d4737f
              • Instruction ID: 9de64e5d8e2da0294272637af9e6885b88910d6d595fcc48b14920b5b9935f41
              • Opcode Fuzzy Hash: 3af8b17ea188baa42fc7fb5ed0ca42036b4530971769bb0bb1e14dc485d4737f
              • Instruction Fuzzy Hash: 12212732618304DFDB686E7488522EFBBB5EF42300F82091DE8C697595C3365691CF07
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A6CD6, Relevance: 1.6, APIs: 1, Instructions: 57fileCOMMON
              Download Yara Rule
              APIs
              • CreateFileA.KERNELBASE(?,32E55319), ref: 020A6E10
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: CreateFile
              • String ID:
              • API String ID: 823142352-0
              • Opcode ID: e5a3503a2bf4bf7fad46edd41b9ea31f1bcd93219fc52544350048c2e501343d
              • Instruction ID: 09d0a5437f0c7008c91dd06de767e40eaef7918c56fc3918934fec5e6b4e727a
              • Opcode Fuzzy Hash: e5a3503a2bf4bf7fad46edd41b9ea31f1bcd93219fc52544350048c2e501343d
              • Instruction Fuzzy Hash: 7D212432A18344CFD7986E7488522EFBBB6AF42310F82192DE8C6A7595C3364691CF03
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020AB76A, Relevance: 1.5, APIs: 1, Instructions: 47nativeCOMMON
              Download Yara Rule
              APIs
              • NtProtectVirtualMemory.NTDLL ref: 020AB7F8
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: MemoryProtectVirtual
              • String ID:
              • API String ID: 2706961497-0
              • Opcode ID: a812f0ef3a25fa69fa435baf3309342c9f6f5119a477fd6bdfc1293173dae247
              • Instruction ID: c01a072ceb8c18b2f17c3176f74854d5661eb745fff6d1d7c13d7fdbbe9f85af
              • Opcode Fuzzy Hash: a812f0ef3a25fa69fa435baf3309342c9f6f5119a477fd6bdfc1293173dae247
              • Instruction Fuzzy Hash: E001DB73A0A2069FEB2CDE34D599BEB77DA9F61710F58C05DD44A87314EA20C680C654
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A8049, Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
              Download Yara Rule
              APIs
              • LdrInitializeThunk.NTDLL(5149CA25,020A8038,?,?), ref: 020A8072
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: 80ad4583237af20a401f9dba337a2a53f90edcc563ae0da2b47c51577dcb883a
              • Instruction ID: bc5d1bd7a35202008c769a4e1c63ddc71380058c30d22ed8c09c7055be1f3bca
              • Opcode Fuzzy Hash: 80ad4583237af20a401f9dba337a2a53f90edcc563ae0da2b47c51577dcb883a
              • Instruction Fuzzy Hash: 3CD0127798300E9FF314F978D4A9B8A679D5F62705BC8C44DC0128B61AEE11C299E7E0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A50BB, Relevance: .3, Instructions: 313COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 86121757ef06653b8b4cbbdf938c99b1b3768d51d3b413071e46c298eced6ce1
              • Instruction ID: 3cb0ec637dae138a8c4a76db7ca98af4831683699d6519638dab5459a0e71467
              • Opcode Fuzzy Hash: 86121757ef06653b8b4cbbdf938c99b1b3768d51d3b413071e46c298eced6ce1
              • Instruction Fuzzy Hash: 91C12071A443099FDB74DEA5C9E17EF3BE2AF58344FC1412ACC8A9B204D3319985DB02
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A0A14, Relevance: .1, Instructions: 146COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aad7528412e018c5d06eca14de47741815d6509b6147bd78c549b07ef1e31f27
              • Instruction ID: d90b20e5c5d63be15195cec6cf3853f241d76b8e34a78857a27ca5765251d93f
              • Opcode Fuzzy Hash: aad7528412e018c5d06eca14de47741815d6509b6147bd78c549b07ef1e31f27
              • Instruction Fuzzy Hash: BD5116716443498FDB24AEB4C9617EF37B3AF80384F95802ECC8A97214D3348886DA46
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A0A25, Relevance: .1, Instructions: 141COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fd060dcfd0b681ab02a8bcc4b3ab82573157c088feb56e57ec843fe2c58831a3
              • Instruction ID: 92e3d5a4b071acd7569884952bfda3b3b45fc62d0834a026f6878ce35803b570
              • Opcode Fuzzy Hash: fd060dcfd0b681ab02a8bcc4b3ab82573157c088feb56e57ec843fe2c58831a3
              • Instruction Fuzzy Hash: C151243294434ADFEB24AEB4C9A17EF77A6AF50744F95802DCC8A97214E3318985DB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A0A8E, Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a6f77bd911ed204f64eb6b6aff8b1961a968d0f60c11c698f159670605c703c4
              • Instruction ID: a1008ce584b2525fbf872d29af410575bb9976cff9f1ef9ca3afef1a69832d59
              • Opcode Fuzzy Hash: a6f77bd911ed204f64eb6b6aff8b1961a968d0f60c11c698f159670605c703c4
              • Instruction Fuzzy Hash: 93414872A44349CFEB24AEB4C9A17EF77F6AF50744F95802DCC8A97214E335C981CA42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00417B80, Relevance: 249.2, APIs: 130, Strings: 12, Instructions: 728COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423091854.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.423086699.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000000.00000002.423109272.000000000041C000.00000004.00020000.sdmp Download File
              • Associated: 00000000.00000002.423114119.000000000041E000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: __vba$CheckHresult$Free$New2$Construct2Copy$#564#690ListMove
              • String ID: 9E,$Carboxylate9$ELIMINERINGERNES$KOMMANDOSEKVENS$KVINDESAGERS$Ths$Toatoa$UNABSOLVABLE$`Eg9E,$c($epiplasmic$troen
              • API String ID: 3808567424-1709419087
              • Opcode ID: 025fcd8067b6f24876cea90071e0e673adcc3c79b09328bcad3a30dc7bf06a91
              • Instruction ID: f6a73160def349c60e347d873323275d5bb74df1da5c73dcdd782edf5385e3d4
              • Opcode Fuzzy Hash: 025fcd8067b6f24876cea90071e0e673adcc3c79b09328bcad3a30dc7bf06a91
              • Instruction Fuzzy Hash: 43629230E013989FDB04DBA4C850BADFFBAAF99300F14809FD5596B382CA759945CFA5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A7419, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 102libraryCOMMON
              Download Yara Rule
              APIs
                • Part of subcall function 020A6FBE: NtAllocateVirtualMemory.NTDLL ref: 020A71D0
              • LdrInitializeThunk.NTDLL(5149CA25,020A8038,?,?), ref: 020A8072
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: AllocateInitializeMemoryThunkVirtual
              • String ID: 7_=
              • API String ID: 3902809231-1541650955
              • Opcode ID: 0927dd0dc2e0ee27b4f0475fe7c56267cddc0c49aa04bc25beaf759f1efd1079
              • Instruction ID: 6021d2c93da834cada7fc32abd15b833f90bd6b210e9e6b5f984afd98234eb68
              • Opcode Fuzzy Hash: 0927dd0dc2e0ee27b4f0475fe7c56267cddc0c49aa04bc25beaf759f1efd1079
              • Instruction Fuzzy Hash: 863148726103494FCB60AFB888A0BDF3BA2AF86384FD0811ACC499F354DB35C946DB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A7442, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 85libraryCOMMON
              Download Yara Rule
              APIs
                • Part of subcall function 020A6FBE: NtAllocateVirtualMemory.NTDLL ref: 020A71D0
              • LdrInitializeThunk.NTDLL(5149CA25,020A8038,?,?), ref: 020A8072
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: AllocateInitializeMemoryThunkVirtual
              • String ID: 7_=
              • API String ID: 3902809231-1541650955
              • Opcode ID: e3311af9bd2333592ad33d9f646f4e3303dd4a6a2d7cc496b8cd83b280e18199
              • Instruction ID: 6c27a94d8c78e3cf0f6d8d7078ad7e0970aaeb2ffdd7521a604597e8bf20368a
              • Opcode Fuzzy Hash: e3311af9bd2333592ad33d9f646f4e3303dd4a6a2d7cc496b8cd83b280e18199
              • Instruction Fuzzy Hash: BB31E0726503898FDB20EFA4C8A0BDE3BA66F86354FE4800AD8599F355DB30D542DB51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020ABFB7, Relevance: 1.6, APIs: 1, Instructions: 149COMMON
              Download Yara Rule
              APIs
              • K32GetDeviceDriverBaseNameA.KERNEL32 ref: 020AC26A
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: BaseDeviceDriverName
              • String ID:
              • API String ID: 2335996259-0
              • Opcode ID: 6960ad1c63a70e820c04e07bcb5e42f70c91e5ef787076703e4ab1b549822dae
              • Instruction ID: d75895cd2c84926f419064ad7a01ccc282ca60eed32580ea6cd5c4c28f48c37d
              • Opcode Fuzzy Hash: 6960ad1c63a70e820c04e07bcb5e42f70c91e5ef787076703e4ab1b549822dae
              • Instruction Fuzzy Hash: 06515435901249CFFF39DEA8C8A87DA3BA2AF95710FD6812BCC099B215D734C681CB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A9310, Relevance: 1.6, APIs: 1, Instructions: 136libraryCOMMON
              Download Yara Rule
              APIs
              • LoadLibraryA.KERNELBASE(?,?), ref: 020A9512
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: LibraryLoad
              • String ID:
              • API String ID: 1029625771-0
              • Opcode ID: 68ae1c08ea795fab98b7affb26036c4de317739cdef36578db3804f2586a0d67
              • Instruction ID: 75c8367d5e01366f5e45e3dfec99d542d752313851afb0f8a9d7ab7aec14edaf
              • Opcode Fuzzy Hash: 68ae1c08ea795fab98b7affb26036c4de317739cdef36578db3804f2586a0d67
              • Instruction Fuzzy Hash: A841283660538ACFDF31DEE4C9B47DA77A2AF51714F94806ADC498B602D7308600DB12
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020AC052, Relevance: 1.6, APIs: 1, Instructions: 130COMMON
              Download Yara Rule
              APIs
              • K32GetDeviceDriverBaseNameA.KERNEL32 ref: 020AC26A
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: BaseDeviceDriverName
              • String ID:
              • API String ID: 2335996259-0
              • Opcode ID: 3dc5d373639d16ed6cdfe5e0310350c1419945305fa06a1d01ed954332305aab
              • Instruction ID: 770e409e0fb69491a4cc07ed25c739fadb76cb0f2ae8538ac9f178d6b4f95ae9
              • Opcode Fuzzy Hash: 3dc5d373639d16ed6cdfe5e0310350c1419945305fa06a1d01ed954332305aab
              • Instruction Fuzzy Hash: B2412335901348CFEF39DEE4C8A87DA37A2AF95710F96812BC84A9F255D738C685CB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020AC099, Relevance: 1.6, APIs: 1, Instructions: 111COMMON
              Download Yara Rule
              APIs
              • K32GetDeviceDriverBaseNameA.KERNEL32 ref: 020AC26A
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: BaseDeviceDriverName
              • String ID:
              • API String ID: 2335996259-0
              • Opcode ID: ceca0adeb3611b6c5558f8d2f027374e894beba6252de024b9423b63e7121847
              • Instruction ID: df78e6ccf7e13c2fa001df960248e10ad9beec1f61c329ce50fd6c2a0791bd8d
              • Opcode Fuzzy Hash: ceca0adeb3611b6c5558f8d2f027374e894beba6252de024b9423b63e7121847
              • Instruction Fuzzy Hash: DD41D035901249CFFF39DEA4D8A87DA37A2AF95710F96802ACC0A9B255D738C681CB45
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A933E, Relevance: 1.6, APIs: 1, Instructions: 95libraryCOMMON
              Download Yara Rule
              APIs
              • LoadLibraryA.KERNELBASE(?,?), ref: 020A9512
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: LibraryLoad
              • String ID:
              • API String ID: 1029625771-0
              • Opcode ID: 8343e6e724c29b1e0734c9e69032486d5322d493e03660f6bf45615833d0123e
              • Instruction ID: 609703f215cfc6ac75273a55dec4b9a886c40d9f41463717e278f3e7a1bef97a
              • Opcode Fuzzy Hash: 8343e6e724c29b1e0734c9e69032486d5322d493e03660f6bf45615833d0123e
              • Instruction Fuzzy Hash: D831D27660038DDFDB30DEE4CAA87DE77A2AF55754F95402ADC498B501D7308600EB12
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A936B, Relevance: 1.6, APIs: 1, Instructions: 91COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4142fd47fb3a9a747942f3e21dba48406c170049f221665447087e7c0a81b5b4
              • Instruction ID: 9cc8735b011161574094f1539ffde1840be51e1d658ef0793c84390c06600f94
              • Opcode Fuzzy Hash: 4142fd47fb3a9a747942f3e21dba48406c170049f221665447087e7c0a81b5b4
              • Instruction Fuzzy Hash: 6531017160034DDFDF31DEE8CAA87DEB3A2AF55354F95402AEC498B502D7308600AB06
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A1BA5, Relevance: 1.6, APIs: 1, Instructions: 89COMMON
              Download Yara Rule
              APIs
              • TerminateProcess.KERNELBASE(FDC5723E), ref: 020A6B16
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: ProcessTerminate
              • String ID:
              • API String ID: 560597551-0
              • Opcode ID: 3cbfc4c8b54641212384ba72f7479a65ee8608e6a3cfd26a0545b0d0d8749f2a
              • Instruction ID: 5a6dedcfbdbf803ca7216b09991d584af84a8b4948517562604cf044c97241d8
              • Opcode Fuzzy Hash: 3cbfc4c8b54641212384ba72f7479a65ee8608e6a3cfd26a0545b0d0d8749f2a
              • Instruction Fuzzy Hash: D7316B325097C7AEEB329A7CC8647DBBFA66F53360F85838EC88447586D3325151C352
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A93A1, Relevance: 1.6, APIs: 1, Instructions: 78libraryCOMMON
              Download Yara Rule
              APIs
              • LoadLibraryA.KERNELBASE(?,?), ref: 020A9512
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: LibraryLoad
              • String ID:
              • API String ID: 1029625771-0
              • Opcode ID: 5aa05489b0f128130c5e4e6079ebab0983c8cee3361e5dfc4937efdb008eaa5e
              • Instruction ID: 698bdac2fd4da7afbf6b2199ab75ba94fe4727d6b767fd87704458d1aef587bd
              • Opcode Fuzzy Hash: 5aa05489b0f128130c5e4e6079ebab0983c8cee3361e5dfc4937efdb008eaa5e
              • Instruction Fuzzy Hash: D631EE7160038ECFDF319EE48AA47DEB7A2AF11754FD1802AEC498B502D7348600EB12
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020AC181, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
              Download Yara Rule
              APIs
              • K32GetDeviceDriverBaseNameA.KERNEL32 ref: 020AC26A
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: BaseDeviceDriverName
              • String ID:
              • API String ID: 2335996259-0
              • Opcode ID: bc97f14d1a5aa86dd2da60b4ca23d386f2dbefa7c771bd6b519c7719ae6687f1
              • Instruction ID: 245b1759e15a0648cf7489b3a9ac1f023cd3bceefa63db4f15193a0990e6ae0d
              • Opcode Fuzzy Hash: bc97f14d1a5aa86dd2da60b4ca23d386f2dbefa7c771bd6b519c7719ae6687f1
              • Instruction Fuzzy Hash: 3621F63150534ACFFB3ADEE4C8E47DA77A2AF91700F95802AC8094F246D338D644CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A74E2, Relevance: 1.6, APIs: 1, Instructions: 57libraryCOMMON
              Download Yara Rule
              APIs
              • LdrInitializeThunk.NTDLL(5149CA25,020A8038,?,?), ref: 020A8072
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: 91541f36d33cd5b43ac05d2a8a24e2bdcefec361126908b24f15464f7fe3cf59
              • Instruction ID: 1d50549d71bf3a581d52f913e8916dc57374ab892120dc9f3965b661e397f1ce
              • Opcode Fuzzy Hash: 91541f36d33cd5b43ac05d2a8a24e2bdcefec361126908b24f15464f7fe3cf59
              • Instruction Fuzzy Hash: C21199735653485BC720EEB0C8B4BDE7B92AF55368FE4C10AD0490F366D675E182DB81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A941E, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
              Download Yara Rule
              APIs
              • LoadLibraryA.KERNELBASE(?,?), ref: 020A9512
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: LibraryLoad
              • String ID:
              • API String ID: 1029625771-0
              • Opcode ID: 448e92c632135c4332d50f3e3b30e96a894c27d8953de5410f4468cd329c00ea
              • Instruction ID: cf76313216e9d07e0fd443dc9df680617b6b555c8d8e0a09eaf9dcc927ecdfe0
              • Opcode Fuzzy Hash: 448e92c632135c4332d50f3e3b30e96a894c27d8953de5410f4468cd329c00ea
              • Instruction Fuzzy Hash: 1C118E7220034ADFDF30DEE4DAA87DDB7A2AF64714F94802ADC154A912DB349240EE16
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A1C3C, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
              Download Yara Rule
              APIs
              • TerminateProcess.KERNELBASE(FDC5723E), ref: 020A6B16
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: ProcessTerminate
              • String ID:
              • API String ID: 560597551-0
              • Opcode ID: ea51f7964b25ba778d08723549c7350da02670f2b340b11a7b89f1de11264e59
              • Instruction ID: 82fa74deb98b59b78fb142dea66e108689e539a0856fbed5ce12393fa93646f1
              • Opcode Fuzzy Hash: ea51f7964b25ba778d08723549c7350da02670f2b340b11a7b89f1de11264e59
              • Instruction Fuzzy Hash: 231106225047C75EEB315A3C88217DBBBB26F62360F8A824EC88453595D7325595C742
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A6D3E, Relevance: 1.5, APIs: 1, Instructions: 40fileCOMMON
              Download Yara Rule
              APIs
              • CreateFileA.KERNELBASE(?,32E55319), ref: 020A6E10
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: CreateFile
              • String ID:
              • API String ID: 823142352-0
              • Opcode ID: ee1ec2ab2da325ec4a75bde8ad3bfec006efad5df3a381a720b7d14f000beed9
              • Instruction ID: 143216af2db536eecbe61700ddd76d7e5715a4e559e547f8702037c756e62278
              • Opcode Fuzzy Hash: ee1ec2ab2da325ec4a75bde8ad3bfec006efad5df3a381a720b7d14f000beed9
              • Instruction Fuzzy Hash: 6F01D233928340CFE7A49E74C8867EABBB0AF51310F46481CE8D297566C3319691CF02
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020AC21E, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
              Download Yara Rule
              APIs
              • K32GetDeviceDriverBaseNameA.KERNEL32 ref: 020AC26A
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: BaseDeviceDriverName
              • String ID:
              • API String ID: 2335996259-0
              • Opcode ID: bc3d39546b7a1073f633dca38060c13c3cb20207d7c1830ff59c9e6417d2169a
              • Instruction ID: b1d9c00a125af267c7f6e9456392d356809825481111ea398ee574cc4bd6afd5
              • Opcode Fuzzy Hash: bc3d39546b7a1073f633dca38060c13c3cb20207d7c1830ff59c9e6417d2169a
              • Instruction Fuzzy Hash: 6201443280924ACFE729EEB4D8E4BD933B1AF92314F9A405EC4468B115EB31D586CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A7FB1, Relevance: 1.5, APIs: 1, Instructions: 35libraryCOMMON
              Download Yara Rule
              APIs
              • LdrInitializeThunk.NTDLL(5149CA25,020A8038,?,?), ref: 020A8072
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: ad7b962962278228c5ec1288e617043285970a7b85620b99f6801f57ca77a282
              • Instruction ID: d7f3d10fb8eb8d2d7db65045ae672a24b463d9c31f97599da143a169c5b25480
              • Opcode Fuzzy Hash: ad7b962962278228c5ec1288e617043285970a7b85620b99f6801f57ca77a282
              • Instruction Fuzzy Hash: 0CF0EB6316470516C6407EB48C74BEA2F074F822A87E4C609D0600F2EBC661904B9782
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A7FDE, Relevance: 1.5, APIs: 1, Instructions: 35libraryCOMMON
              Download Yara Rule
              APIs
              • LdrInitializeThunk.NTDLL(5149CA25,020A8038,?,?), ref: 020A8072
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: d190c770f0c6101a79a2d9437ca9e2b0bbef924b582b09c938573d16d5b51d40
              • Instruction ID: 381eadf3d4028afa689fb55664538b71ef6605fc73f79fe3b22ff392699395b1
              • Opcode Fuzzy Hash: d190c770f0c6101a79a2d9437ca9e2b0bbef924b582b09c938573d16d5b51d40
              • Instruction Fuzzy Hash: 77F0EB632647451AC6417EB48C74BEA2F124F822B87E4C609D0A01F2EBD6A190879B92
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A94D3, Relevance: 1.5, APIs: 1, Instructions: 25libraryCOMMON
              Download Yara Rule
              APIs
              • LoadLibraryA.KERNELBASE(?,?), ref: 020A9512
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: LibraryLoad
              • String ID:
              • API String ID: 1029625771-0
              • Opcode ID: 5a7333f931d99bebe45307ed1222ada3ad6808d0c21cd7348232056d26f255c8
              • Instruction ID: 1c05f9bb13e946ad96ba57497896893dc19ca9f719247d5c998bdc1cf3133c62
              • Opcode Fuzzy Hash: 5a7333f931d99bebe45307ed1222ada3ad6808d0c21cd7348232056d26f255c8
              • Instruction Fuzzy Hash: 03E09236502209DFA314EFF4E6B8BDEA7999E51B15388C04AEC1547215DF30C200CE61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A6DBD, Relevance: 1.5, APIs: 1, Instructions: 24fileCOMMON
              Download Yara Rule
              APIs
              • CreateFileA.KERNELBASE(?,32E55319), ref: 020A6E10
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: CreateFile
              • String ID:
              • API String ID: 823142352-0
              • Opcode ID: 7a5274f3078f5cfa2657856b37ed602ac19826db744945d49d446b96702df261
              • Instruction ID: 6861cf10d98d6289e6e628f2cbe35a779e1bc66a99f03e2537822f62e1166f77
              • Opcode Fuzzy Hash: 7a5274f3078f5cfa2657856b37ed602ac19826db744945d49d446b96702df261
              • Instruction Fuzzy Hash: 1CF0A07285A245CFE364DE74D89ABDABBA8AF21700F44845C905687621E731C240CA60
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A6AE7, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
              Download Yara Rule
              APIs
              • TerminateProcess.KERNELBASE(FDC5723E), ref: 020A6B16
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: ProcessTerminate
              • String ID:
              • API String ID: 560597551-0
              • Opcode ID: 85e0920a86da7d4cd289e4f04161be4f807163b07a01d0899b77bf9d6ae43aef
              • Instruction ID: 91a0aad19c45942a47d8fb6719c73ba9e9db7adc09f65ab1fe0b767e57547ebd
              • Opcode Fuzzy Hash: 85e0920a86da7d4cd289e4f04161be4f807163b07a01d0899b77bf9d6ae43aef
              • Instruction Fuzzy Hash: BBE0EC36417446DFF328DE70E5A9B96B79C5F21B09F48C48DC00A47222EA10D240C6A0
              Uniqueness

              Uniqueness Score: -1.00%

              Non-executed Functions

              Function 020A3A33, Relevance: 3.0, Strings: 2, Instructions: 458COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: zr4B$zr4B
              • API String ID: 0-922961767
              • Opcode ID: 79b1859dcd6b635a4a3075f648a11d51a05243552320f351b41101ab0e8201da
              • Instruction ID: 8b0ee9896d78ac8cbef75187e1b6e61b565aafe7525a2d6a189ea8b5a8035224
              • Opcode Fuzzy Hash: 79b1859dcd6b635a4a3075f648a11d51a05243552320f351b41101ab0e8201da
              • Instruction Fuzzy Hash: 4102FF75A0474ADFDB24CF68C9A4BDAB7E2BF49350F85822EDC8987240D731A941CB81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A3B05, Relevance: 2.9, Strings: 2, Instructions: 432COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: zr4B$zr4B
              • API String ID: 0-922961767
              • Opcode ID: 3fcc8f5e2b59e81cb83f4ae176bbb7a91e19eccac56b474c7ef90124211e8efb
              • Instruction ID: 1e1ec73393c1ab426eae335d8de32ea4735a86309956b4b20d0cde0b9b91cb18
              • Opcode Fuzzy Hash: 3fcc8f5e2b59e81cb83f4ae176bbb7a91e19eccac56b474c7ef90124211e8efb
              • Instruction Fuzzy Hash: C3F1FF75B0474A9FDB24CF68C9A4BDAB7E2BF49350F95822EDC9D87240C731A941CB81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A3BA1, Relevance: 2.9, Strings: 2, Instructions: 400COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: zr4B$zr4B
              • API String ID: 0-922961767
              • Opcode ID: 88446fee7603e7553f9806bbedadf22c172363beb0a56194dd2452c603752e01
              • Instruction ID: ac82128851acc47a22b90fb98772444036d39261354dd7a680ad7772fe596999
              • Opcode Fuzzy Hash: 88446fee7603e7553f9806bbedadf22c172363beb0a56194dd2452c603752e01
              • Instruction Fuzzy Hash: 16F1FF75B0474ADFDB24CF68C9A4BDAB7E2BF49310F85822EDC9987240D731A941CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A342E, Relevance: 2.8, Strings: 2, Instructions: 280COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: 7GB$ l\
              • API String ID: 0-2446396332
              • Opcode ID: e630f9f9ba03dbb28968d650c9875fe66dd29e9b069dac8ac12b26945c084d38
              • Instruction ID: aaa68f5a3faaae00cc5c254e8b53d271ffbcdc5794f1e72e51a0a3336a06b250
              • Opcode Fuzzy Hash: e630f9f9ba03dbb28968d650c9875fe66dd29e9b069dac8ac12b26945c084d38
              • Instruction Fuzzy Hash: D8A10F72608349DFCB789EB88D657EB77E6AF65390F81441EDC8ADB240D7309A41CB06
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A47BD, Relevance: 2.8, Strings: 2, Instructions: 277COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: nRs$r}O;
              • API String ID: 0-2638029223
              • Opcode ID: 670fec818c10333867de21bad2be7db807b0af95fdf99ec5f12dd586c69f200a
              • Instruction ID: 107b075a0741be98cd4d43fc95d6c6bff3548bde8158556f24a6d1a72f843f24
              • Opcode Fuzzy Hash: 670fec818c10333867de21bad2be7db807b0af95fdf99ec5f12dd586c69f200a
              • Instruction Fuzzy Hash: 07A16A75644345CFEB289E78C9A57EE77E2BF513A0F86812ECC868B151D3308985DF06
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A7539, Relevance: 2.8, Strings: 2, Instructions: 270COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: AllocateMemoryVirtual
              • String ID: H98,$}"x
              • API String ID: 2167126740-1160636475
              • Opcode ID: 184739896825aec3c8bdbe99b9dd6596a393893cd2ae2d01b9da415814102869
              • Instruction ID: fbd94174287d8a31b7ee6ce10b529c81017d45efc1283d9747f91ac5f1b674f1
              • Opcode Fuzzy Hash: 184739896825aec3c8bdbe99b9dd6596a393893cd2ae2d01b9da415814102869
              • Instruction Fuzzy Hash: 67B113756043469FDB349E64CDA0BEEB7B6BF65380F85852DCC89DB120E7318A41DB11
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A758B, Relevance: 2.7, Strings: 2, Instructions: 225COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: H98,$}"x
              • API String ID: 0-1160636475
              • Opcode ID: fd8f5b932ce3f1152cf3a9122f45546cc03291ac09b601e4e613e3f844b71a77
              • Instruction ID: 1d112e370c38846b2b78533a46dca235787a5566f88355cf9cd7297df061a89a
              • Opcode Fuzzy Hash: fd8f5b932ce3f1152cf3a9122f45546cc03291ac09b601e4e613e3f844b71a77
              • Instruction Fuzzy Hash: F791137564434A9FEB359E68CDA0BEEB7E5BF55340F84852DCC89DB220E7308A41DB11
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A47FA, Relevance: 2.7, Strings: 2, Instructions: 204COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: nRs$r}O;
              • API String ID: 0-2638029223
              • Opcode ID: fd8f45b4ba84bb2f92a3dd5800dafa0a731fafba6f9e03c441b25ed84aef56c0
              • Instruction ID: 98edb907e380d6c18b33b17ee290d556e973aa0f0a28b70f38085f4456a38666
              • Opcode Fuzzy Hash: fd8f45b4ba84bb2f92a3dd5800dafa0a731fafba6f9e03c441b25ed84aef56c0
              • Instruction Fuzzy Hash: 3B7102756443458FEB78DE68C9A5BEA77E6BF51350F96842ECC8A8B111D3308981DB02
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020AAC5A, Relevance: 1.6, Strings: 1, Instructions: 319COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID: MemoryProtectVirtual
              • String ID: 3qi
              • API String ID: 2706961497-3531996309
              • Opcode ID: a623837c2cc2e897a281501bc347b2aaa5d3dbb799c55f2a9fd9abbd926bd075
              • Instruction ID: 386c68e2ff333afbc3dce885be4497385a4c215843281bb5468b979ca95e5879
              • Opcode Fuzzy Hash: a623837c2cc2e897a281501bc347b2aaa5d3dbb799c55f2a9fd9abbd926bd075
              • Instruction Fuzzy Hash: 06D1F6215083C58EDB328F78C8A97DA7BE29F12364F89C29ACCD94F1A7D3748546C712
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020AACE8, Relevance: 1.5, Strings: 1, Instructions: 293COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: 3qi
              • API String ID: 0-3531996309
              • Opcode ID: 9f5a5e596c9e07ebe728f4fa783fd6688ddb2f358b5c76aab10d7063cd07351e
              • Instruction ID: ed19fb6f0e58872a0cf5b704fb8d24418f001607c3357f7a12109cee5d338871
              • Opcode Fuzzy Hash: 9f5a5e596c9e07ebe728f4fa783fd6688ddb2f358b5c76aab10d7063cd07351e
              • Instruction Fuzzy Hash: B4C1D4215083C58EDB328F78C8A87DA7BE25F12364F99C29ACCD94F1A7D3758546C712
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A1CB9, Relevance: 1.5, Strings: 1, Instructions: 254COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: U[C
              • API String ID: 0-1558376097
              • Opcode ID: ca5fe01eff25a67313b230587f1ceef9ce9796f6f3eb0e59042d3cb9f8309002
              • Instruction ID: d8e2036ec6aebfe61d80950457e1705ef11f195e6ed59e64fd9eaf355fc0ac39
              • Opcode Fuzzy Hash: ca5fe01eff25a67313b230587f1ceef9ce9796f6f3eb0e59042d3cb9f8309002
              • Instruction Fuzzy Hash: 2BA132716043899FEB34CF78CDA47DA36A2AF58350F95813EDC599B255DB308A42DB01
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A1CB1, Relevance: 1.5, Strings: 1, Instructions: 250COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: U[C
              • API String ID: 0-1558376097
              • Opcode ID: 8e9aa48a256aa4bdd1450c0df0ba30778bf2663c739c841a1f853fc069cc3ba4
              • Instruction ID: 2d4aa0380cc146e7515eaa178758c86b2fa907069989860640b979a8313b5fc5
              • Opcode Fuzzy Hash: 8e9aa48a256aa4bdd1450c0df0ba30778bf2663c739c841a1f853fc069cc3ba4
              • Instruction Fuzzy Hash: 44A153716043899FEF348FB8CDA47DA36E2AF58350F96813EDC499B254DB308A42DB01
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A3491, Relevance: 1.5, Strings: 1, Instructions: 238COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: l\
              • API String ID: 0-3095887586
              • Opcode ID: c04e163921c8ee9d91773e5d6127654f8ebe776fa6cedfa213377ae45c5e7cad
              • Instruction ID: cd2bb1156705ea7b8bf955a04de3bc4cf6e6cd1887253543f85dc7a84737894a
              • Opcode Fuzzy Hash: c04e163921c8ee9d91773e5d6127654f8ebe776fa6cedfa213377ae45c5e7cad
              • Instruction Fuzzy Hash: D491F272608349EFCF349FB89C697EB37A6AF55390F95441EDC899B240D7304A81CB06
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A1DE6, Relevance: 1.5, Strings: 1, Instructions: 228COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: U[C
              • API String ID: 0-1558376097
              • Opcode ID: ae2ae5402e6feda5555b04526ff10b308ed99b7524abfaa1844a3ee1c423d372
              • Instruction ID: d6ea0af80f6116a47ba0001e2c1037e861895b899d39509167b27286e72d2b83
              • Opcode Fuzzy Hash: ae2ae5402e6feda5555b04526ff10b308ed99b7524abfaa1844a3ee1c423d372
              • Instruction Fuzzy Hash: B2815531644389DFDB30DEB8C9A47DA36E2AF55310F99812EDC599B295E7308A42DB02
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A34BB, Relevance: 1.5, Strings: 1, Instructions: 226COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: l\
              • API String ID: 0-3095887586
              • Opcode ID: 7af265183ab442fc5aead351096219a978edcb770ec495557013b27820098e89
              • Instruction ID: ff8547a31613837e54bc989ac8f6d8268829e61ec9dc8e805f03d0670522d460
              • Opcode Fuzzy Hash: 7af265183ab442fc5aead351096219a978edcb770ec495557013b27820098e89
              • Instruction Fuzzy Hash: 5D81E176608349DFCF349FB8DC697EA77A6AF55390F85441EDC899B240D7308A81CB06
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A1D54, Relevance: 1.5, Strings: 1, Instructions: 220COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: U[C
              • API String ID: 0-1558376097
              • Opcode ID: 3643f7df80b0d57fd71a2516a1287ba2683007d04c2586fb0afc6c3616845584
              • Instruction ID: 32070b12f6b7b3ebb471d7e89a20fbeabb82bb2cbf05db73e8ddadecc1f64f89
              • Opcode Fuzzy Hash: 3643f7df80b0d57fd71a2516a1287ba2683007d04c2586fb0afc6c3616845584
              • Instruction Fuzzy Hash: 9E8187716443899FEF348F78CDA47DA36A2AF58310F95813EDC5997294DB308A42DB01
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A3477, Relevance: 1.5, Strings: 1, Instructions: 216COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: l\
              • API String ID: 0-3095887586
              • Opcode ID: 7a31888f15ad90636d39ce15b7f0dbfff5c2d67349dffe171aba600d11b634c3
              • Instruction ID: a9b2b1c024a2e3b8f740c154d6dad59e80a86a7f5cde650713e62966a5fb1dfe
              • Opcode Fuzzy Hash: 7a31888f15ad90636d39ce15b7f0dbfff5c2d67349dffe171aba600d11b634c3
              • Instruction Fuzzy Hash: 5381DE76608349AFCF349FB89C697EA37A6AF55390F95441EDC8A9B240D7304A81CB06
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A3565, Relevance: 1.5, Strings: 1, Instructions: 201COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: l\
              • API String ID: 0-3095887586
              • Opcode ID: 38f95fcaf222001f5c5c8ac7ab5525275da2ca1b332b2aeb5c7c6113777020b4
              • Instruction ID: ea4783792a47c98ccb26015ae303f06e765cfce8ac0ea445c4b0d3818a45fddb
              • Opcode Fuzzy Hash: 38f95fcaf222001f5c5c8ac7ab5525275da2ca1b332b2aeb5c7c6113777020b4
              • Instruction Fuzzy Hash: EB71BF72608349EFDB349EB8DC69BEB37A6AF55750F84401EDC4A9B240D7318A40CB51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A4CF2, Relevance: 1.4, Strings: 1, Instructions: 184COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: .IX
              • API String ID: 0-2906791597
              • Opcode ID: e5345933d858d10629056a2c79ae6683460cc9f9fa9cd9580cdb80938db1fd84
              • Instruction ID: 1e1db419fd959448aa0d1a16ea3330ed6409c8145ae93eb8b8a0023e791c5c45
              • Opcode Fuzzy Hash: e5345933d858d10629056a2c79ae6683460cc9f9fa9cd9580cdb80938db1fd84
              • Instruction Fuzzy Hash: 9D616771200305DFEB20DF78C999BEA7BA6EF55354F92415ADC868B261D330C981DF41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A488F, Relevance: 1.4, Strings: 1, Instructions: 178COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: nRs
              • API String ID: 0-429280018
              • Opcode ID: 75dc93a9c52f63c9463963015a8e60c065d3ec434739f3950451356124ab8743
              • Instruction ID: 16b9c29f4b8f72c8b2f3d43a7ca9215e1e591eda75d1b20f05acc25beba09bf8
              • Opcode Fuzzy Hash: 75dc93a9c52f63c9463963015a8e60c065d3ec434739f3950451356124ab8743
              • Instruction Fuzzy Hash: 7B5124796443458FEB389EB8C9A5BEE77A6BF51350F96842ECC8A8B111D330C581DB02
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A76DB, Relevance: 1.4, Strings: 1, Instructions: 172COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: H98,
              • API String ID: 0-1897505225
              • Opcode ID: 2a0add9269ae1d0abeda9c814d0019356ce4894f8869641d4242689068ac1171
              • Instruction ID: 00bf26e93a7fba870fa561d1dc6d1835b1217ebb93ff4473e9b1ce15ac5747b3
              • Opcode Fuzzy Hash: 2a0add9269ae1d0abeda9c814d0019356ce4894f8869641d4242689068ac1171
              • Instruction Fuzzy Hash: 7D61F47554438A9FEB34CE64CDA4BEEB7B9BF55340F84852ECC499B620E7308A41DA11
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A361A, Relevance: 1.4, Strings: 1, Instructions: 170COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: l\
              • API String ID: 0-3095887586
              • Opcode ID: 0f02ee1e0bad66be24516194c5c4090f5521f079ab95b914e067a1a8975610cd
              • Instruction ID: d11001ab1733372ae36b1c3ecdd17f7cb887ee9695b0d98bbb1f46c6323b6434
              • Opcode Fuzzy Hash: 0f02ee1e0bad66be24516194c5c4090f5521f079ab95b914e067a1a8975610cd
              • Instruction Fuzzy Hash: 7A51B071608349EFCB349FB8DCA9BEA77A6AF54750F84401EDC4A9B240D7319A40CB11
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A36B5, Relevance: 1.4, Strings: 1, Instructions: 145COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: l\
              • API String ID: 0-3095887586
              • Opcode ID: bb70cb77df22a540afdacd559b29edb64d07cb38c08dbcc61474357dfbf77687
              • Instruction ID: 87290bb0c7d6ea13e4ba0c8733e202ff4eaeeca1d4e42112aaca5b5b0c7d1ec2
              • Opcode Fuzzy Hash: bb70cb77df22a540afdacd559b29edb64d07cb38c08dbcc61474357dfbf77687
              • Instruction Fuzzy Hash: C551E272608389DFDB349FB8DDA97EA7BE5AF25740F84444ECC4A8B251D7318641CB12
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020AB2DF, Relevance: 1.4, Strings: 1, Instructions: 142COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: 8!}S
              • API String ID: 0-1168581744
              • Opcode ID: bc512d562eeea7bc47fed5b3737abb8fdbc31a5889285749d06dccbe3169bdbb
              • Instruction ID: fbd01127cc02d10627265331b6ed0a3497caad7eb7bd7749024b4ffd7178c730
              • Opcode Fuzzy Hash: bc512d562eeea7bc47fed5b3737abb8fdbc31a5889285749d06dccbe3169bdbb
              • Instruction Fuzzy Hash: 6B5145325043898BEF36DE79C9B87DE7BA7AF61744F84C11ACC4A4B219D3318642DB21
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A3C99, Relevance: .3, Instructions: 345COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 40b1b2305cb1ca17caaf2ca2ecf4b6fea5c447bcd85d4709b0d16abc0b1012a4
              • Instruction ID: 847e08f88c67dab9ee664f118361e62d9d3064eeb9d7efce3d5b067d579d10cb
              • Opcode Fuzzy Hash: 40b1b2305cb1ca17caaf2ca2ecf4b6fea5c447bcd85d4709b0d16abc0b1012a4
              • Instruction Fuzzy Hash: 7FD11075A0034ADFDB34CF68CDA4BDA77E2BF49310F95822ADC898B241D3319945CB81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A3CF0, Relevance: .3, Instructions: 341COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 89d61084e1278175b11ceff412680ea3bfcbce06d4c3216e076b9ff52d2fe6a5
              • Instruction ID: 83891332ef596b4beaefc706beb6281291f741d63feb43f6ec552e54abd9a05c
              • Opcode Fuzzy Hash: 89d61084e1278175b11ceff412680ea3bfcbce06d4c3216e076b9ff52d2fe6a5
              • Instruction Fuzzy Hash: 1CD10076B0034A9FDB34CF68C9A5BDA77E2BF49310F95822ADC898B241D3719941CB81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A3D2B, Relevance: .3, Instructions: 329COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f24cb149ff2ab671ec57b37ac557da1e8c54a3e308de325dcf88e7206201e3dd
              • Instruction ID: 4d4eb35938c70f86cea2c0c1a11a925a41e94cead60c87fd8c8b3a24a945274a
              • Opcode Fuzzy Hash: f24cb149ff2ab671ec57b37ac557da1e8c54a3e308de325dcf88e7206201e3dd
              • Instruction Fuzzy Hash: FAC11075A0034ADFDB34CF68CDA5BEA77E2BF49310F95822ADC898B241D7319941CB81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A3D8F, Relevance: .3, Instructions: 302COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3a3202cdfccd698636d4cc1fc2bd8b5b2741a60bac7d6373ef901f4f263c175d
              • Instruction ID: 3ca737b68fe683499726cc87445d1b145a9c4d26a5a27f83e0fa3eca8028cb70
              • Opcode Fuzzy Hash: 3a3202cdfccd698636d4cc1fc2bd8b5b2741a60bac7d6373ef901f4f263c175d
              • Instruction Fuzzy Hash: 04C1107160034ADFDB34CF68CDA5BEA77E2BF49310F85822ADC898B240D7719945CB81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A3E04, Relevance: .3, Instructions: 277COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c46849d97c522d8218b39968ba0f1f60fa04b877d24bb027526a0235351d536f
              • Instruction ID: bbd58cfa39468a57ce1d4e79b6e9a980333f037dd47faf14d140d9319ea93cb1
              • Opcode Fuzzy Hash: c46849d97c522d8218b39968ba0f1f60fa04b877d24bb027526a0235351d536f
              • Instruction Fuzzy Hash: 27B1107660034ADFDB34CF68C8A5BDA77E2BF4A310F85822EDC9997241C7719945CB81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020AAD5A, Relevance: .3, Instructions: 273COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5763df51edeb4acfae4f66904fbf1eef937cf4b6573718b9cd00213277fdc5fe
              • Instruction ID: 08082d323893636d04f81493fa95d70172233c9d71babf411c00c1499c72bcaa
              • Opcode Fuzzy Hash: 5763df51edeb4acfae4f66904fbf1eef937cf4b6573718b9cd00213277fdc5fe
              • Instruction Fuzzy Hash: 6AB1E8215083C58EDB32CF78C8A87DA7BE25F12364F99C29ACC994F197D3748646C712
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A3E64, Relevance: .3, Instructions: 260COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e12d992506941957c9e2cccbe0ddc32647bdf13cbd1c703564104dece6bab32c
              • Instruction ID: 7a92cf658ea54f4e22774f7aee9926a5c88b8e896eb3db9272cc6f83dd16ecff
              • Opcode Fuzzy Hash: e12d992506941957c9e2cccbe0ddc32647bdf13cbd1c703564104dece6bab32c
              • Instruction Fuzzy Hash: 75A1317660034ADFDB34CF68CDA5BDAB7E2BF49310F85822ADC9987241D371A945CB81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A3E84, Relevance: .2, Instructions: 250COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 964e8230c5288f712820b91c646e4dc593bbfb7fcc917a5b5b647c28769c0f89
              • Instruction ID: 7d936c87b7cea31861c7c311596d01027c4def72d5f7423636866ff8226e8392
              • Opcode Fuzzy Hash: 964e8230c5288f712820b91c646e4dc593bbfb7fcc917a5b5b647c28769c0f89
              • Instruction Fuzzy Hash: C1A1327260034ADFDB34CF68CDA1BDAB7E2BF49310F95822ADC9987241C371A945CB81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020AADCB, Relevance: .2, Instructions: 246COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b615fc72875b51ab4ce32994e4884df9dd218a84891a6a6b97a81db7d9767e3d
              • Instruction ID: fe8e88fc8f91e00e73975accb961be35fab0703fafcfb69604aadd5f8f923fb0
              • Opcode Fuzzy Hash: b615fc72875b51ab4ce32994e4884df9dd218a84891a6a6b97a81db7d9767e3d
              • Instruction Fuzzy Hash: B9A10D315083C58EDB32DF78C8A87DA7BE2AF16364F99C299CC994F19AD3708146D712
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A3F19, Relevance: .2, Instructions: 225COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 457dda128cfa9fc968b983a3b4e4fa732bb243fa5f86040810f730a30c59fb73
              • Instruction ID: 95031949809da1055e8ba1a8ef2955eb328639aca0298d326a54bce9acd7f036
              • Opcode Fuzzy Hash: 457dda128cfa9fc968b983a3b4e4fa732bb243fa5f86040810f730a30c59fb73
              • Instruction Fuzzy Hash: 199141B264034A9FDB34CF68C8A4BDAB7E2BF49310F95822EDC9997201D3709905CB90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020AAEA0, Relevance: .2, Instructions: 211COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 878a2dfd2ca87d4fa6b28cf14337357150bfe08d9bcb14e5b8d4456bbec22bff
              • Instruction ID: 26590d2faf49f8952c5a7d96a47e84281c4c259066a7dafae606d262656cd4f4
              • Opcode Fuzzy Hash: 878a2dfd2ca87d4fa6b28cf14337357150bfe08d9bcb14e5b8d4456bbec22bff
              • Instruction Fuzzy Hash: FD81D571548385CFDF36DE78C8A47DA7BE2AF52364F948169CC998F25AD3308642C712
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020AA29D, Relevance: .2, Instructions: 190COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b2d0adb38a5ba5e4a0da34b4800b031a6ce113f85c5f38bb04e3dfcdfcbaae9b
              • Instruction ID: b3161ae92d37ad9a6816ea2e44ceaa974daff9f7ae755360b6ff3011fb2db356
              • Opcode Fuzzy Hash: b2d0adb38a5ba5e4a0da34b4800b031a6ce113f85c5f38bb04e3dfcdfcbaae9b
              • Instruction Fuzzy Hash: 1C7146316043469FDB30DE64C9A97DF37B2BF58390F95052ACC4A9B284D334AA82DF42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A1E6C, Relevance: .2, Instructions: 183COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3ff22966866353373b77683d3362d229554dc83a7695176692c2e82d9af7efab
              • Instruction ID: 4bd56c4c37c1e4df3321394ee2f1dd7ba0d40df0e9f568fa0d6c5d824ffc17d4
              • Opcode Fuzzy Hash: 3ff22966866353373b77683d3362d229554dc83a7695176692c2e82d9af7efab
              • Instruction Fuzzy Hash: C7615431644389DFEF34DE78CDA57DA36E2AF95310F95812ECC598B295DB308642DB02
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020AA2ED, Relevance: .2, Instructions: 175COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3f5ef49c74575a0c20b160bc33a113f5d179372a2779d87825a1a1201ad8b25b
              • Instruction ID: e5f5bab797e0074b54c7b980264b3ca9c57ebaf187f3e148643b1b1519ca63c2
              • Opcode Fuzzy Hash: 3f5ef49c74575a0c20b160bc33a113f5d179372a2779d87825a1a1201ad8b25b
              • Instruction Fuzzy Hash: 06612531A0434ADFEB70DE68D9A97DE37B2AF14350F85412ACC4A9B290D7309A81DB52
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020AA347, Relevance: .2, Instructions: 169COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6da4e4e7b971814029d20db387d2ed16707d0c09a89c41a4aa6ebbe6f99d6b35
              • Instruction ID: ea62d9984aac2b9eec745989d0a40fc72479fc4baec19ebb4f26feacd308ab46
              • Opcode Fuzzy Hash: 6da4e4e7b971814029d20db387d2ed16707d0c09a89c41a4aa6ebbe6f99d6b35
              • Instruction Fuzzy Hash: C9612431A043459FEB70DE64C9A97DE77B2BF54390F95052ECC4A9B280D334AA81DF52
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020AAF6D, Relevance: .2, Instructions: 168COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 02dcc4c46a4e23144b2af8df1c5d1387f60c8da562b61189087d0c0904354561
              • Instruction ID: e53fe7aa81498d11d78ea303f03282b69b17837a7e067abf35dc3fd799fbc6fe
              • Opcode Fuzzy Hash: 02dcc4c46a4e23144b2af8df1c5d1387f60c8da562b61189087d0c0904354561
              • Instruction Fuzzy Hash: AD61F730508385CFDF368E7888A57DA7BE1AF16364F9481ADCC9A8F29AD3314542C712
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A27C0, Relevance: .2, Instructions: 163COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dc72925737be8d0d5ba18b7113d5ddd7c515f6f2be589cd06ef83eab637ddaed
              • Instruction ID: 8725727a59c42fc78ed9320f29b90298213709feb42c6c0d62e53053f7fc5c03
              • Opcode Fuzzy Hash: dc72925737be8d0d5ba18b7113d5ddd7c515f6f2be589cd06ef83eab637ddaed
              • Instruction Fuzzy Hash: 8451B0766043899FEB349E29C8A1BEF7BB2AF94350F95402EDC8D87214D7319A81DB01
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A27BA, Relevance: .2, Instructions: 155COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d7f09e897dddccfd2687cf5f450bada1e7b9fed3befbfd32f915310ab6006747
              • Instruction ID: d63a2a51b6c06658cc62c115fdeea55944aee22498372500eae9040b61c0092b
              • Opcode Fuzzy Hash: d7f09e897dddccfd2687cf5f450bada1e7b9fed3befbfd32f915310ab6006747
              • Instruction Fuzzy Hash: E051BD766043889FDB749E29C8A1BEF77B2AF98350F95402EDC8DC7214D7319A81DB01
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020AA4CE, Relevance: .2, Instructions: 153COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 65983c46603de2bcf272404684f9f0bc9321774bea4fbc2771a7a33a7ca6f655
              • Instruction ID: 30be1c154c68d527cc3afd6232243e1aca6126c0b801dff2d10aa8fa1224a9e7
              • Opcode Fuzzy Hash: 65983c46603de2bcf272404684f9f0bc9321774bea4fbc2771a7a33a7ca6f655
              • Instruction Fuzzy Hash: 24512631604389DFEB70DE68D9A97DE77B2BF14340F85452ECC4A9B290D7309A81DB52
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020AA42D, Relevance: .2, Instructions: 151COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4b1a5f39bb477e7d898b1832449a735cdf1a4f0bfacdc71c03dde760235cf929
              • Instruction ID: 24cf68aa7a7cfb591a49a2edfd2ae553f8de4e4e14f060ff907b7d47892aa334
              • Opcode Fuzzy Hash: 4b1a5f39bb477e7d898b1832449a735cdf1a4f0bfacdc71c03dde760235cf929
              • Instruction Fuzzy Hash: 9D513731604386DFEB70DE68DDA97DE77B2BF14340F95452ACC4A9B290C3309A81DB52
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020AAFE7, Relevance: .2, Instructions: 150COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e2749a8f5f23203215e031e40719cb93f577dcc9284d4e47350ebd39acd51035
              • Instruction ID: b28d2185d7d96a29ca40a95b31814bb10ca7ec51ce087cbc0439256ccfb43d82
              • Opcode Fuzzy Hash: e2749a8f5f23203215e031e40719cb93f577dcc9284d4e47350ebd39acd51035
              • Instruction Fuzzy Hash: 4951F771548385CFDB36CE78C8A57DA7BE1AF16354F9481ADCC9A4F25AD3318241C712
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020AA688, Relevance: .1, Instructions: 149COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 347534b91ab218c345b672ab8bbbb16600a88c06ad1c0c96fa8228589bb0d726
              • Instruction ID: 816b4e0d40486c28bec5da710ad3cc328bfc678abf2642a7e6b424668766112d
              • Opcode Fuzzy Hash: 347534b91ab218c345b672ab8bbbb16600a88c06ad1c0c96fa8228589bb0d726
              • Instruction Fuzzy Hash: DD512631604385DFEB70DE68D9A97DE77B2BF14340F85452ECC4A9B290D3309A81DB51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A1F25, Relevance: .1, Instructions: 143COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7fe1769fee21b2ba3a00691bce7bc4a0f0b9ff11a0abc90c0007fddf739efb4e
              • Instruction ID: 30f20e8fc1fcb892c6fd4a02dbd91dfd9f677b2a055415bf37b08e8fd0d0f5be
              • Opcode Fuzzy Hash: 7fe1769fee21b2ba3a00691bce7bc4a0f0b9ff11a0abc90c0007fddf739efb4e
              • Instruction Fuzzy Hash: 185146316043899FEF308F79CEA17DA37A7AF98750F95812A9C4997254DB348A42DB01
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020AA580, Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6f4dbde34d25bdff78e818b4cbe5e4a22501759b997bb39d05aa91bb000b7aa1
              • Instruction ID: 043683a4a86f8396e1bc516a02acdca8d5e1b2dfde60373b7f52889c0e71dfcf
              • Opcode Fuzzy Hash: 6f4dbde34d25bdff78e818b4cbe5e4a22501759b997bb39d05aa91bb000b7aa1
              • Instruction Fuzzy Hash: 2F5104317043899FDB70DE68DDA97DE77B2BF54380F95412ACC899B290C330AA81DB56
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020AB06B, Relevance: .1, Instructions: 134COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a51c4c028dee9ed711b82acf668a045e8b8d289c8871c1a7f0bd3fccd25861ed
              • Instruction ID: 7a32b2f92755737b60f365df0f5d37f39706bf58c68b07724a882340c55ff4bf
              • Opcode Fuzzy Hash: a51c4c028dee9ed711b82acf668a045e8b8d289c8871c1a7f0bd3fccd25861ed
              • Instruction Fuzzy Hash: 4851D431908385CFDB36DE74C8A57EA7BE2AF25354F94816DC88A8F25AE3308641C721
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A50FF, Relevance: .1, Instructions: 129COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 86724b077536349763137b3a13ec415ff243a4ee5c4462408cd77b93d5067bb8
              • Instruction ID: 8502a318b5fd63695a232b10e5ca081c162f06cc9408855be26cb3fec4f1c1ea
              • Opcode Fuzzy Hash: 86724b077536349763137b3a13ec415ff243a4ee5c4462408cd77b93d5067bb8
              • Instruction Fuzzy Hash: FE511272A013489FEBB4CE65C9E07DA77E2BF59704FC4412ACD4E5B204D371A640CB10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A1F99, Relevance: .1, Instructions: 127COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3ef633d295dff41302cdbadad893b3aa0dab653312000b02f08e51e3b98dfb9c
              • Instruction ID: c3f8646dde4c0e861c9fc4d9891cb1fa2fd97e3b24cde0ce7bfeeca4cf64c54b
              • Opcode Fuzzy Hash: 3ef633d295dff41302cdbadad893b3aa0dab653312000b02f08e51e3b98dfb9c
              • Instruction Fuzzy Hash: 6A4187326053499FEB24CE78CDA1BDA37A7AFA5710F99812DCC495B294D7308A42CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A5186, Relevance: .1, Instructions: 104COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7417792a571f4e13451cbf02e1747df0a4b0d963d10fc0c001875be447794647
              • Instruction ID: fe34251d0ceef173645b2445bc92faad043ba6240bcefbdbfc07f39a8f0901b7
              • Opcode Fuzzy Hash: 7417792a571f4e13451cbf02e1747df0a4b0d963d10fc0c001875be447794647
              • Instruction Fuzzy Hash: 0741D0729053489FEBB4CE65C9E47DAB7E2BF49704FC0462ACD4E6B200D771AA40CB05
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A9B4D, Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7af3156d6bb8e67fda3f4efca983392dc8320ff6c197cde722021fd5248a6045
              • Instruction ID: 70fda0c84a87cc1d8a31f15d8e65eae3c29213ed548e58a3c0a0e72abee2d709
              • Opcode Fuzzy Hash: 7af3156d6bb8e67fda3f4efca983392dc8320ff6c197cde722021fd5248a6045
              • Instruction Fuzzy Hash: 9C113C79356388DFCB34CF54C9A4BDE73F2AF99740F918529DC094B220C731AA41DA11
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020AA089, Relevance: .0, Instructions: 29COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4de5a2df722ebd9f0a83b16359b9f64378466ddf3fc3804c4fbbdbe47cf9c4b2
              • Instruction ID: c597d36d92d8d2807e1773c1b8ae2bab1c7fcef07200ccec299d0b0ef811e44b
              • Opcode Fuzzy Hash: 4de5a2df722ebd9f0a83b16359b9f64378466ddf3fc3804c4fbbdbe47cf9c4b2
              • Instruction Fuzzy Hash: 45E0DFB7C1B0469FB3B9DDB4F6B9BD7AB5C5F22B60349C988C01687616F900CB45D4A0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A6B21, Relevance: .0, Instructions: 6COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e0ec8044d55284a10f5932728e6c4a76dbf9d83842d798d8e448099b51cb11e3
              • Instruction ID: a026a310f9d08bb1d858143eb29fddbf5fc3d9bc52f9beb0b7c2352c6f2dcf67
              • Opcode Fuzzy Hash: e0ec8044d55284a10f5932728e6c4a76dbf9d83842d798d8e448099b51cb11e3
              • Instruction Fuzzy Hash: CDB002B66515819FEF56DB08D591B4073A4FB55648B0904D0E412DB712D224E910CA04
              Uniqueness

              Uniqueness Score: -1.00%

              Function 020A92F7, Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.423383815.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ab2d7faec90206d04624137dcf391b9a6c0b9a6dad95826754e4c5e29fff86cb
              • Instruction ID: bebcbd0f18a999ce64e2d619b59837d29f74db5f3d96bd371bc818b82041d4c7
              • Opcode Fuzzy Hash: ab2d7faec90206d04624137dcf391b9a6c0b9a6dad95826754e4c5e29fff86cb
              • Instruction Fuzzy Hash: F9B00179662A80CFCE96CF09C290E40B3B4FB48B50F4258D0E8118BB22C268E900CA10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0041AFE0, Relevance: 142.1, APIs: 80, Strings: 1, Instructions: 351COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423091854.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.423086699.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000000.00000002.423109272.000000000041C000.00000004.00020000.sdmp Download File
              • Associated: 00000000.00000002.423114119.000000000041E000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: __vba$Free$#558Construct2CopyDestructError
              • String ID: enakteres
              • API String ID: 3426752192-4231501920
              • Opcode ID: 6750fd4d601a656dc04c108d90444d20f6eb077092136dae993a94f69bc5cc4e
              • Instruction ID: 04fdc8c8515c3e435e24c10b90d6d774d08b37ec35bdcc9d47ae54f2c668c1b9
              • Opcode Fuzzy Hash: 6750fd4d601a656dc04c108d90444d20f6eb077092136dae993a94f69bc5cc4e
              • Instruction Fuzzy Hash: 27E12835A051988FD709DBE8C5506ECBFF6AFAD200F24419FC54167383CA669E46CFA2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0041B4A0, Relevance: 35.1, APIs: 17, Strings: 3, Instructions: 144COMMON
              Download Yara Rule
              APIs
              • __vbaStrCopy.MSVBVM60 ref: 0041B4F7
              • #618.MSVBVM60(?,00000001), ref: 0041B503
              • __vbaStrMove.MSVBVM60 ref: 0041B50E
              • __vbaStrCmp.MSVBVM60(00402CA8,00000000), ref: 0041B51A
              • __vbaFreeStr.MSVBVM60 ref: 0041B52D
              • __vbaNew2.MSVBVM60(004029EC,0041C3C8), ref: 0041B54E
              • __vbaHresultCheckObj.MSVBVM60(00000000,020DEA7C,004029DC,00000014), ref: 0041B579
              • __vbaHresultCheckObj.MSVBVM60(00000000,?,004029FC,00000138), ref: 0041B5AA
              • __vbaFreeObj.MSVBVM60 ref: 0041B5AF
              • __vbaNew2.MSVBVM60(004029EC,0041C3C8), ref: 0041B5C7
              • __vbaHresultCheckObj.MSVBVM60(00000000,020DEA7C,004029DC,00000014), ref: 0041B5EC
              • __vbaHresultCheckObj.MSVBVM60(00000000,?,004029FC,00000068), ref: 0041B60C
              • __vbaFreeObj.MSVBVM60 ref: 0041B611
              • __vbaVarDup.MSVBVM60 ref: 0041B62B
              • #600.MSVBVM60(?,00000002), ref: 0041B637
              • __vbaFreeVar.MSVBVM60 ref: 0041B642
              • __vbaFreeStr.MSVBVM60(0041B684), ref: 0041B67D
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423091854.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.423086699.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000000.00000002.423109272.000000000041C000.00000004.00020000.sdmp Download File
              • Associated: 00000000.00000002.423114119.000000000041E000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: __vba$Free$CheckHresult$New2$#600#618CopyMove
              • String ID: Hyperhilariously$Kalkgravs$var
              • API String ID: 1542644099-1014535997
              • Opcode ID: c9d15b58a785fcecd1f88c551560e86c28e13d956a713f0d2546990e2bbad329
              • Instruction ID: 722dd5b3ff00dd84fc93b10dceccccc8ae3cc51d57212f0d9a7f3ed77eccf242
              • Opcode Fuzzy Hash: c9d15b58a785fcecd1f88c551560e86c28e13d956a713f0d2546990e2bbad329
              • Instruction Fuzzy Hash: 805160B1941208ABCB00DF95DE89EDEBBB5FB08704F20412AF541B72A0D7745A45CBA9
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00418D70, Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 101COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.423091854.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.423086699.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000000.00000002.423109272.000000000041C000.00000004.00020000.sdmp Download File
              • Associated: 00000000.00000002.423114119.000000000041E000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: __vba$Free$#536Move$#532#648#714CopyList
              • String ID: AWKWARDNESS
              • API String ID: 1150874924-1149946547
              • Opcode ID: 843632adcd435016282c337810a1dfc1b0360b4ea0698c02bec151eef81ddd32
              • Instruction ID: edc0ef84dc6baa69c03cf1698553fd77abb11f2abd6b6a04e36651a0d4dda5db
              • Opcode Fuzzy Hash: 843632adcd435016282c337810a1dfc1b0360b4ea0698c02bec151eef81ddd32
              • Instruction Fuzzy Hash: 6841B4B1C10259EBCB04DFA4E9889DEBFB8FF58705F10412AE906B3260DB741989CF94
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0041B6C0, Relevance: 16.6, APIs: 11, Instructions: 97COMMON
              Download Yara Rule
              APIs
              • #632.MSVBVM60(?,?,00000000,?), ref: 0041B732
              • __vbaStrVarVal.MSVBVM60(?,?), ref: 0041B740
              • #516.MSVBVM60(00000000), ref: 0041B747
              • __vbaFreeStr.MSVBVM60 ref: 0041B75D
              • __vbaFreeVarList.MSVBVM60(00000002,00000002,?), ref: 0041B76D
              • #617.MSVBVM60(00000002,?,000000FF), ref: 0041B78E
              • #617.MSVBVM60(00000002,?,00000000), ref: 0041B7AC
              • __vbaStrVarMove.MSVBVM60(00000002), ref: 0041B7B6
              • __vbaStrMove.MSVBVM60 ref: 0041B7C1
              • __vbaFreeVar.MSVBVM60 ref: 0041B7CA
              • __vbaFreeStr.MSVBVM60(0041B7FE), ref: 0041B7F7
              Memory Dump Source
              • Source File: 00000000.00000002.423091854.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.423086699.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000000.00000002.423109272.000000000041C000.00000004.00020000.sdmp Download File
              • Associated: 00000000.00000002.423114119.000000000041E000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: __vba$Free$#617Move$#516#632List
              • String ID:
              • API String ID: 3155365896-0
              • Opcode ID: 144166f714063a1e4db18114f985ca7c095115c51c9dbc2765ab986431e35c2d
              • Instruction ID: b148989f1fe63c7b454f1ac9905f54e27e55ec4f2df9d0ef6aa4cdd24fbe27f0
              • Opcode Fuzzy Hash: 144166f714063a1e4db18114f985ca7c095115c51c9dbc2765ab986431e35c2d
              • Instruction Fuzzy Hash: 4B410BB1C01249ABCB04DFE5DA849DEFBB8FF98704F20811AE512B7164D7785A09CF94
              Uniqueness

              Uniqueness Score: -1.00%

              Analysis Process: Shipment Document BLINV and packing list.jpg.exe PID: 3228 Parent PID: 3468 Shipment Document BLINV and packing list.jpg.exeCOMMON

              Executed Functions

              Function 00561160, Relevance: 17.6, APIs: 1, Strings: 8, Instructions: 1867COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: AllocateMemoryVirtual
              • String ID: "}Z$']2-$?/Sb$U[C$_D-$iO&j$}+#$\c
              • API String ID: 2167126740-2317655882
              • Opcode ID: af40ebe2a668dd0fef11b7bb191f576122a3ed08bbd81fd50a0cbedb0ad99cbb
              • Instruction ID: 5fb73e31f76b70ec08b99a3c0f00d6aaa2f292f9a0cfbec14be7adfba2e1f2e1
              • Opcode Fuzzy Hash: af40ebe2a668dd0fef11b7bb191f576122a3ed08bbd81fd50a0cbedb0ad99cbb
              • Instruction Fuzzy Hash: BAE2757160434ADFDF349E38CD957EA7BA2BF95350F95812EDC8A9B244D7308982CB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00566FBE, Relevance: 8.1, APIs: 1, Strings: 3, Instructions: 1099memorynativeCOMMON
              Download Yara Rule
              APIs
              • NtAllocateVirtualMemory.NTDLL ref: 005671D0
              Strings
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: AllocateMemoryVirtual
              • String ID: iO&j$qz$}+#
              • API String ID: 2167126740-1724778551
              • Opcode ID: 1fe88c68e9636b63285728f749153ae9f85391102b66a1605cc121ee8a7546aa
              • Instruction ID: e91bb99717ac1de0dfbfcce0d0326f84d4c09860cc7ef43ad7d27f7de332b58b
              • Opcode Fuzzy Hash: 1fe88c68e9636b63285728f749153ae9f85391102b66a1605cc121ee8a7546aa
              • Instruction Fuzzy Hash: 9F92507160434A9FDF349E38CD657EA7BA2FF55350F85822EDC899B250E3308A85CB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0056BD03, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 234COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: iO&j$n$}+#
              • API String ID: 0-205513396
              • Opcode ID: 48d7c28df728e90ace754da75386d3f964d660dc06788a4094b6227669551c2e
              • Instruction ID: 01f6aec6804450fe2866080354f3f2187fe4da6433090142060b5d329a22ad1c
              • Opcode Fuzzy Hash: 48d7c28df728e90ace754da75386d3f964d660dc06788a4094b6227669551c2e
              • Instruction Fuzzy Hash: 98911575504349CFEF399E65C9A83E93F62BF96310FA1812ACD4A9F255D7308A85CB01
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0056BD2F, Relevance: 6.3, APIs: 1, Strings: 2, Instructions: 1094COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID: iO&j$}+#
              • API String ID: 0-3844468268
              • Opcode ID: 981ee7b6d5d93e87f793ed1ba3c7b9b0f5f950d29f029e9459773b05eebfdcb2
              • Instruction ID: 86a86286caa1623eb1e63fa4e45a21ffd8cb3063d4a0dc093e1486ca13edaa3d
              • Opcode Fuzzy Hash: 981ee7b6d5d93e87f793ed1ba3c7b9b0f5f950d29f029e9459773b05eebfdcb2
              • Instruction Fuzzy Hash: A992227160434ADFDF349E38CDA57EA7BA2FF55350F95822ADC899B254D3308A81CB42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00567539, Relevance: 4.8, APIs: 1, Strings: 2, Instructions: 270sleepCOMMON
              Download Yara Rule
              APIs
                • Part of subcall function 00566FBE: NtAllocateVirtualMemory.NTDLL ref: 005671D0
              • Sleep.KERNELBASE ref: 00567B4E
              Strings
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: AllocateMemorySleepVirtual
              • String ID: H98,$}"x
              • API String ID: 828099265-1160636475
              • Opcode ID: 184739896825aec3c8bdbe99b9dd6596a393893cd2ae2d01b9da415814102869
              • Instruction ID: 81a550af21e1233b8c6c3f2f009041d27c7c9c2e0577b12398a327716a99d7b8
              • Opcode Fuzzy Hash: 184739896825aec3c8bdbe99b9dd6596a393893cd2ae2d01b9da415814102869
              • Instruction Fuzzy Hash: 5EB1137560834B9FEB349E24CD91BEE7BB6BF59380F544929DC89DB210E7318A81CB11
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00561CB9, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 254nativeCOMMON
              Download Yara Rule
              APIs
              • NtProtectVirtualMemory.NTDLL(ED061FFD,?,?,43EC5B55), ref: 00561E31
              Strings
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: MemoryProtectVirtual
              • String ID: U[C
              • API String ID: 2706961497-1558376097
              • Opcode ID: ca5fe01eff25a67313b230587f1ceef9ce9796f6f3eb0e59042d3cb9f8309002
              • Instruction ID: 42464ef6151214f487722c4e2d3524a072e37adabf03de6503c522439b9512fd
              • Opcode Fuzzy Hash: ca5fe01eff25a67313b230587f1ceef9ce9796f6f3eb0e59042d3cb9f8309002
              • Instruction Fuzzy Hash: E7A168716047499FEF34CF38CD997EA3AA2BF58310F59812EDC499B255DB308A42CB05
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00561CB1, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 250nativeCOMMON
              Download Yara Rule
              APIs
              • NtProtectVirtualMemory.NTDLL(ED061FFD,?,?,43EC5B55), ref: 00561E31
              Strings
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: MemoryProtectVirtual
              • String ID: U[C
              • API String ID: 2706961497-1558376097
              • Opcode ID: 8e9aa48a256aa4bdd1450c0df0ba30778bf2663c739c841a1f853fc069cc3ba4
              • Instruction ID: 7af8dbae1d41abb2141303370cde23d278d9004b1dbebd073370389587f4b0f7
              • Opcode Fuzzy Hash: 8e9aa48a256aa4bdd1450c0df0ba30778bf2663c739c841a1f853fc069cc3ba4
              • Instruction Fuzzy Hash: DCA188716043899FEF348F38CD997EA3AA2BF58350F59813EDC499B255DB308A428B05
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00561DE6, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 228nativeCOMMON
              Download Yara Rule
              APIs
              • NtProtectVirtualMemory.NTDLL(ED061FFD,?,?,43EC5B55), ref: 00561E31
              Strings
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: MemoryProtectVirtual
              • String ID: U[C
              • API String ID: 2706961497-1558376097
              • Opcode ID: ae2ae5402e6feda5555b04526ff10b308ed99b7524abfaa1844a3ee1c423d372
              • Instruction ID: ed84f0871c1bc64a9461d3be6c707861aeaec2a65717d57229eef8cc5956d6a9
              • Opcode Fuzzy Hash: ae2ae5402e6feda5555b04526ff10b308ed99b7524abfaa1844a3ee1c423d372
              • Instruction Fuzzy Hash: 8881773164438ADFDF30DE38C9997EA3BA6BF55310F59812EDC599B255DB308A42CB02
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00561D54, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 220nativeCOMMON
              Download Yara Rule
              APIs
              • NtProtectVirtualMemory.NTDLL(ED061FFD,?,?,43EC5B55), ref: 00561E31
              Strings
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: MemoryProtectVirtual
              • String ID: U[C
              • API String ID: 2706961497-1558376097
              • Opcode ID: 3643f7df80b0d57fd71a2516a1287ba2683007d04c2586fb0afc6c3616845584
              • Instruction ID: d612de7a6c4251b61b2d2e5158a964216eb62c224e1efce1a2147c7826ef38d2
              • Opcode Fuzzy Hash: 3643f7df80b0d57fd71a2516a1287ba2683007d04c2586fb0afc6c3616845584
              • Instruction Fuzzy Hash: 4C81AB71644389DFDF348F38CD957EA3AA2BF69310F59812EDC499B255DB308A42CB06
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00566FDD, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 187memorynativeCOMMON
              Download Yara Rule
              APIs
              • NtAllocateVirtualMemory.NTDLL ref: 005671D0
              Strings
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: AllocateMemoryVirtual
              • String ID: qz
              • API String ID: 2167126740-863917569
              • Opcode ID: 117f9115f7195162d49fe66646e5e8a97d08a78e79dc2bc46f2a55bc45486e01
              • Instruction ID: 5204b8427cf38b6d16a7b55f0161fa62d4af3193358e4ff88de5b4d1c823f3f5
              • Opcode Fuzzy Hash: 117f9115f7195162d49fe66646e5e8a97d08a78e79dc2bc46f2a55bc45486e01
              • Instruction Fuzzy Hash: C9619C72609285CFEB34EE34D8A97DE7BE5AF15310F48894DCC8687221E730D680CB51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0056BD7E, Relevance: 1.7, APIs: 1, Instructions: 225COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cb7043a3a0bc57c8aca92895af5a324ad4bfa2013213787e82a1a7e7d9463824
              • Instruction ID: cfafe23ad2defbb7f42e06835df4a4cfe5b25351cf409bd6bdb499029b1bd55e
              • Opcode Fuzzy Hash: cb7043a3a0bc57c8aca92895af5a324ad4bfa2013213787e82a1a7e7d9463824
              • Instruction Fuzzy Hash: 0A812679504249CFEF39DF64C8A87E93F66FF96310F95812ACC8A9B255D7308A81CB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0056BD59, Relevance: 1.7, APIs: 1, Instructions: 224COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b96e5d0d265068eb053de9a36f62328995722cf5f67a535d27616d08fdd8e077
              • Instruction ID: 3aef9dc60b7b0edf9a5f5865979d4f80d9a0e791e0d866b146379b06b67c28b9
              • Opcode Fuzzy Hash: b96e5d0d265068eb053de9a36f62328995722cf5f67a535d27616d08fdd8e077
              • Instruction Fuzzy Hash: C681367550424ACFEF399F64C8E87E93F62FF96310F95812ACC4A9B255D7308A81CB01
              Uniqueness

              Uniqueness Score: -1.00%

              Function 005608AC, Relevance: 1.7, APIs: 1, Instructions: 222COMMON
              Download Yara Rule
              APIs
              • EnumWindows.USER32(005609EF,?,00000000,?), ref: 005608F4
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: EnumWindows
              • String ID:
              • API String ID: 1129996299-0
              • Opcode ID: f9564becf0476c79c771b7fbfcc343691aaa3c023c8626d0c537086e5d3e59dd
              • Instruction ID: ed50f2543a97fdc410d9b36c296b1e64ba16fb54e6be00b55d30c1a8c02293fb
              • Opcode Fuzzy Hash: f9564becf0476c79c771b7fbfcc343691aaa3c023c8626d0c537086e5d3e59dd
              • Instruction Fuzzy Hash: B98155716443498FDB28AE7488617EF3BF6AF91340F91852EDC8A97291D7308D858B42
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0056BDF7, Relevance: 1.7, APIs: 1, Instructions: 221COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7a73ffb0a5cfbd95ec506d98c4a49d44ba8308e5b8467834cff50cac5879c240
              • Instruction ID: e96dce9f646232b0258799c80246670678ee671730c722e203605412816db96f
              • Opcode Fuzzy Hash: 7a73ffb0a5cfbd95ec506d98c4a49d44ba8308e5b8467834cff50cac5879c240
              • Instruction Fuzzy Hash: 2781377550424ACFEF39DF64C8A87E93BA6FF96310F95812ACC4A9B255D730CA81CB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0056BE37, Relevance: 1.7, APIs: 1, Instructions: 207COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a5575eec66a28e82a8abe471628ac0f5e8ccb7375ae3541da354998913483517
              • Instruction ID: ba8b70151b9e06142fd535bafdc31dc7079cbf715b5965ca65af377699068607
              • Opcode Fuzzy Hash: a5575eec66a28e82a8abe471628ac0f5e8ccb7375ae3541da354998913483517
              • Instruction Fuzzy Hash: B1811675504249CFEF39DF64C8A87E93BA2FF96310F95812ACC8A9B255D7309A81CB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0056BEB0, Relevance: 1.7, APIs: 1, Instructions: 189COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: be78c23c53d360a3f2bc624be675c705b3fd40aea2ae7fa3fcae5291a04e5ec8
              • Instruction ID: 2dd6094a25d62f34c27c5bffd773d4312c38b88b22d59f19567a0b15e8609cd5
              • Opcode Fuzzy Hash: be78c23c53d360a3f2bc624be675c705b3fd40aea2ae7fa3fcae5291a04e5ec8
              • Instruction Fuzzy Hash: 80713879500249CFEF39DFA4C8A87E97FA2BF96310F95812ACC499B215D730DA81CB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0056BF31, Relevance: 1.7, APIs: 1, Instructions: 167COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 21ad19d1920c2f9a4e2980ef9059b5a955b4722dc5b5e2929a9637d992a38e82
              • Instruction ID: 0ea69709de7635eff4e123ff83ed8ec7d55071efd9c46b192b2ccb1179856567
              • Opcode Fuzzy Hash: 21ad19d1920c2f9a4e2980ef9059b5a955b4722dc5b5e2929a9637d992a38e82
              • Instruction Fuzzy Hash: 42514A75500249CFEF39CFA8C8A87EA7F62BF56310F95811ACC898B255D730DA81CB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0056706F, Relevance: 1.7, APIs: 1, Instructions: 159memorynativeCOMMON
              Download Yara Rule
              APIs
              • NtAllocateVirtualMemory.NTDLL ref: 005671D0
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: AllocateMemoryVirtual
              • String ID:
              • API String ID: 2167126740-0
              • Opcode ID: 56f81846b42e63882aab1e6e06241ef1dc722f01c9d62795d350992fce8ff083
              • Instruction ID: 636a45bf3a038d37a807de7d88d8c98a5a64c1f26f713babca8df04f07b2d4ce
              • Opcode Fuzzy Hash: 56f81846b42e63882aab1e6e06241ef1dc722f01c9d62795d350992fce8ff083
              • Instruction Fuzzy Hash: 70516B35609285CFEB38EE34D8A97EE7BA5EF16314F48855DCC8A87261E731C680CB51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00567120, Relevance: 1.6, APIs: 1, Instructions: 129memorynativeCOMMON
              Download Yara Rule
              APIs
              • NtAllocateVirtualMemory.NTDLL ref: 005671D0
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: AllocateMemoryVirtual
              • String ID:
              • API String ID: 2167126740-0
              • Opcode ID: 81d50fbaa16c59cb4f67dd500b65c60615266ed6540a755db72ae68fe5a7c9b1
              • Instruction ID: 62b909ad33a1b5dc89ef0c0a9e316b8f1b2069656be4384490cb7f986a7730dd
              • Opcode Fuzzy Hash: 81d50fbaa16c59cb4f67dd500b65c60615266ed6540a755db72ae68fe5a7c9b1
              • Instruction Fuzzy Hash: 86416C36509186DFEB38DE34D8A9BDE7BA5EF16314F58845DC84A87221E731D280C750
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0056B731, Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
              Download Yara Rule
              APIs
              • NtProtectVirtualMemory.NTDLL ref: 0056B7F8
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: MemoryProtectVirtual
              • String ID:
              • API String ID: 2706961497-0
              • Opcode ID: f582b671dd47b2bb312276bbdd805b62df2568cea3e069d1ccec21bdd4c0f2cd
              • Instruction ID: 7a710c70e83f043efc558a10f868205a684c8373c505c6f2e0c32ccd7f282c56
              • Opcode Fuzzy Hash: f582b671dd47b2bb312276bbdd805b62df2568cea3e069d1ccec21bdd4c0f2cd
              • Instruction Fuzzy Hash: EF11BE717083459FDF28DE288A947FABBA2ABE4350F64862DA84ADB344DB3099418615
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00566CA5, Relevance: 1.6, APIs: 1, Instructions: 58fileCOMMON
              Download Yara Rule
              APIs
              • CreateFileA.KERNELBASE(?,32E55319), ref: 00566E10
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: CreateFile
              • String ID:
              • API String ID: 823142352-0
              • Opcode ID: 3af8b17ea188baa42fc7fb5ed0ca42036b4530971769bb0bb1e14dc485d4737f
              • Instruction ID: f63b65d5e213b46c8e968d85cdf332e608909910a8fe73fc9d190d712782a70b
              • Opcode Fuzzy Hash: 3af8b17ea188baa42fc7fb5ed0ca42036b4530971769bb0bb1e14dc485d4737f
              • Instruction Fuzzy Hash: AF210232618304DFD7A86E7488522EFBBB2FF42300F52091EA8C697594C3355A91CB07
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00566CD6, Relevance: 1.6, APIs: 1, Instructions: 57fileCOMMON
              Download Yara Rule
              APIs
              • CreateFileA.KERNELBASE(?,32E55319), ref: 00566E10
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: CreateFile
              • String ID:
              • API String ID: 823142352-0
              • Opcode ID: e5a3503a2bf4bf7fad46edd41b9ea31f1bcd93219fc52544350048c2e501343d
              • Instruction ID: 6f011bf5afbad7e1c0bcb8dc2c015ab2a14885a9c163305e67ffd8352a415488
              • Opcode Fuzzy Hash: e5a3503a2bf4bf7fad46edd41b9ea31f1bcd93219fc52544350048c2e501343d
              • Instruction Fuzzy Hash: 36212432618344CFD7986E7488522EFBBB2BF42310F52192DE8C6A7595C3354691CF03
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0056B76A, Relevance: 1.5, APIs: 1, Instructions: 47nativeCOMMON
              Download Yara Rule
              APIs
              • NtProtectVirtualMemory.NTDLL ref: 0056B7F8
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: MemoryProtectVirtual
              • String ID:
              • API String ID: 2706961497-0
              • Opcode ID: a812f0ef3a25fa69fa435baf3309342c9f6f5119a477fd6bdfc1293173dae247
              • Instruction ID: 51d4834cd2bacc8f427968a6a1097b2315e6ec9a704009f77220c3751b850205
              • Opcode Fuzzy Hash: a812f0ef3a25fa69fa435baf3309342c9f6f5119a477fd6bdfc1293173dae247
              • Instruction Fuzzy Hash: A001DB73A0A2469FEB2CDE34D599BEB77DA9F71710F58C05DD44A87314EE20C680C654
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00566F04, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 160libraryCOMMON
              Download Yara Rule
              APIs
                • Part of subcall function 00566FBE: NtAllocateVirtualMemory.NTDLL ref: 005671D0
              • LdrInitializeThunk.NTDLL(5149CA25,00568038,?,?), ref: 00568072
              Strings
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: AllocateInitializeMemoryThunkVirtual
              • String ID: 3B15$3B15
              • API String ID: 3902809231-4118892901
              • Opcode ID: c28d13359fc9ff3cb57c501ce53428b81e0a564de868dd82e7d838eaf5de8c51
              • Instruction ID: b78f2615ac952105c4a5cf0b004186343857f7e011a1422921516a9a39748a79
              • Opcode Fuzzy Hash: c28d13359fc9ff3cb57c501ce53428b81e0a564de868dd82e7d838eaf5de8c51
              • Instruction Fuzzy Hash: 4741DD324196849BEB24EE30C554776BF99FF57728F24850ED4D20B253D620C887C791
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00567EF4, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 115libraryCOMMON
              Download Yara Rule
              APIs
              • LdrInitializeThunk.NTDLL(5149CA25,00568038,?,?), ref: 00568072
              Strings
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: InitializeThunk
              • String ID: 3B15$3B15
              • API String ID: 2994545307-4118892901
              • Opcode ID: b9e74d668847302713dad47cd257d20932196bfa46703df8f0330ce8f717e1ac
              • Instruction ID: 2fdf0615a7e60768823505a759ea126fe5faa650efbd84f981cab6901c0197ca
              • Opcode Fuzzy Hash: b9e74d668847302713dad47cd257d20932196bfa46703df8f0330ce8f717e1ac
              • Instruction Fuzzy Hash: 9E31EA32468A850AD724EE30CA55B72BF19FB5373C764968EC0D34F213D921C983C791
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00566F5F, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 110libraryCOMMON
              Download Yara Rule
              APIs
              • LdrInitializeThunk.NTDLL(5149CA25,00568038,?,?), ref: 00568072
              Strings
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: InitializeThunk
              • String ID: 3B15$3B15
              • API String ID: 2994545307-4118892901
              • Opcode ID: c3d04a548e76e778b6ca1e808450a407e3139b5e36dd5bc8355137451b18865c
              • Instruction ID: 58b137aba338ffc0cdacb83c424892406d2b3ef081c9ca77d84d723f9a80f65f
              • Opcode Fuzzy Hash: c3d04a548e76e778b6ca1e808450a407e3139b5e36dd5bc8355137451b18865c
              • Instruction Fuzzy Hash: 8731DC32469A855A9724FE30C695B72BF59FB5373C364968EC0D30F217D610C987C791
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00567EF2, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105libraryCOMMON
              Download Yara Rule
              APIs
              • LdrInitializeThunk.NTDLL(5149CA25,00568038,?,?), ref: 00568072
              Strings
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: InitializeThunk
              • String ID: 3B15$3B15
              • API String ID: 2994545307-4118892901
              • Opcode ID: ce4fa1b8eb9d1dbe188c4341f5e0d2601f535516bab34d3e84a6048d9dbbcccc
              • Instruction ID: 2e5d416b787dd1e2e2998aac27af2f9a56ddd123537a50dae2dac7cc68ad4a20
              • Opcode Fuzzy Hash: ce4fa1b8eb9d1dbe188c4341f5e0d2601f535516bab34d3e84a6048d9dbbcccc
              • Instruction Fuzzy Hash: 5C211062468B84198A21BE308A51A71BF1AFB5773C770A64BD0D34F247C5218D87D792
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00567419, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 102libraryCOMMON
              Download Yara Rule
              APIs
                • Part of subcall function 00566FBE: NtAllocateVirtualMemory.NTDLL ref: 005671D0
              • LdrInitializeThunk.NTDLL(5149CA25,00568038,?,?), ref: 00568072
              Strings
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: AllocateInitializeMemoryThunkVirtual
              • String ID: 7_=
              • API String ID: 3902809231-1541650955
              • Opcode ID: 0927dd0dc2e0ee27b4f0475fe7c56267cddc0c49aa04bc25beaf759f1efd1079
              • Instruction ID: 1e12d4721010cd488b606f5135d7b7278fe312d554f088a005d9853afe23c4e9
              • Opcode Fuzzy Hash: 0927dd0dc2e0ee27b4f0475fe7c56267cddc0c49aa04bc25beaf759f1efd1079
              • Instruction Fuzzy Hash: 7531687261038A5FCB20AF3888547DA3F92BFCA394F60451AEC499F346DF35D8468741
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00567442, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 85libraryCOMMON
              Download Yara Rule
              APIs
                • Part of subcall function 00566FBE: NtAllocateVirtualMemory.NTDLL ref: 005671D0
              • LdrInitializeThunk.NTDLL(5149CA25,00568038,?,?), ref: 00568072
              Strings
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: AllocateInitializeMemoryThunkVirtual
              • String ID: 7_=
              • API String ID: 3902809231-1541650955
              • Opcode ID: e3311af9bd2333592ad33d9f646f4e3303dd4a6a2d7cc496b8cd83b280e18199
              • Instruction ID: 1ae521151e36fec72f326d7035f6d4aace75c49803cfe0f6c0d1697b2a52e60f
              • Opcode Fuzzy Hash: e3311af9bd2333592ad33d9f646f4e3303dd4a6a2d7cc496b8cd83b280e18199
              • Instruction Fuzzy Hash: BD31267265438A4FDB20EF28C854BDA3F957F8A358FA0840AE8599F346DB30D546C751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0056BFB7, Relevance: 1.6, APIs: 1, Instructions: 149networkCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: InternetOpen
              • String ID:
              • API String ID: 2038078732-0
              • Opcode ID: 6960ad1c63a70e820c04e07bcb5e42f70c91e5ef787076703e4ab1b549822dae
              • Instruction ID: cf017f06fcf983afa202abc7e31732c91517a221b61dad1f509571d770c7f2a9
              • Opcode Fuzzy Hash: 6960ad1c63a70e820c04e07bcb5e42f70c91e5ef787076703e4ab1b549822dae
              • Instruction Fuzzy Hash: 0A516B79905249CFEF38DFA4D8A87E93F62BF96310F94811ACC894B215D731D681CB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00569310, Relevance: 1.6, APIs: 1, Instructions: 136libraryCOMMON
              Download Yara Rule
              APIs
              • LoadLibraryA.KERNELBASE(?,?), ref: 00569512
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: LibraryLoad
              • String ID:
              • API String ID: 1029625771-0
              • Opcode ID: 68ae1c08ea795fab98b7affb26036c4de317739cdef36578db3804f2586a0d67
              • Instruction ID: 695355872e9b17ffc07c9a6ee73949f688f5262477517d4b0ec1e365f20b789e
              • Opcode Fuzzy Hash: 68ae1c08ea795fab98b7affb26036c4de317739cdef36578db3804f2586a0d67
              • Instruction Fuzzy Hash: 7C415B7660438ACFDF30DE64D9A87DABB65BF61715F54806EDC898B202DB308601DB12
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0056C052, Relevance: 1.6, APIs: 1, Instructions: 130networkCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: InternetOpen
              • String ID:
              • API String ID: 2038078732-0
              • Opcode ID: 3dc5d373639d16ed6cdfe5e0310350c1419945305fa06a1d01ed954332305aab
              • Instruction ID: b3d8445f28dae0b98826e7be40c87c9e61c16243a99afa72f00f8b8995c13bd3
              • Opcode Fuzzy Hash: 3dc5d373639d16ed6cdfe5e0310350c1419945305fa06a1d01ed954332305aab
              • Instruction Fuzzy Hash: 5B414939501248CFEF39DFA4C8A87E93BA2BF66310F95812ACC899F255D734C685CB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0056C099, Relevance: 1.6, APIs: 1, Instructions: 111networkCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: InternetOpen
              • String ID:
              • API String ID: 2038078732-0
              • Opcode ID: ceca0adeb3611b6c5558f8d2f027374e894beba6252de024b9423b63e7121847
              • Instruction ID: 4973e82dbbf9a2780576226c9352168fa9d54ecb776580aa9b2f58c1d9e6e512
              • Opcode Fuzzy Hash: ceca0adeb3611b6c5558f8d2f027374e894beba6252de024b9423b63e7121847
              • Instruction Fuzzy Hash: D6412839900249CFEF39DFA4D8A87E93B62BF96310F95801ACC898F255D734C681CB45
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0056933E, Relevance: 1.6, APIs: 1, Instructions: 95libraryCOMMON
              Download Yara Rule
              APIs
              • LoadLibraryA.KERNELBASE(?,?), ref: 00569512
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: LibraryLoad
              • String ID:
              • API String ID: 1029625771-0
              • Opcode ID: 8343e6e724c29b1e0734c9e69032486d5322d493e03660f6bf45615833d0123e
              • Instruction ID: a03484f8f64f27adf9eb4a5cc9f83ee9718b811ed5763dbf4b336563aebcf506
              • Opcode Fuzzy Hash: 8343e6e724c29b1e0734c9e69032486d5322d493e03660f6bf45615833d0123e
              • Instruction Fuzzy Hash: 7C31297550038ADFDF30DEA4DA987DDBB66BF65754F55402AEC498B602D7308700DB12
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0056936B, Relevance: 1.6, APIs: 1, Instructions: 91COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4142fd47fb3a9a747942f3e21dba48406c170049f221665447087e7c0a81b5b4
              • Instruction ID: f835f08b8ae376555a187d60803698da1bf1a6d63b09874cbcd43f8da8afa243
              • Opcode Fuzzy Hash: 4142fd47fb3a9a747942f3e21dba48406c170049f221665447087e7c0a81b5b4
              • Instruction Fuzzy Hash: F931577150034ACFCF30CEA4C9583DEBB66BF65354FA0402AEC498F602DB3087019B02
              Uniqueness

              Uniqueness Score: -1.00%

              Function 005693A1, Relevance: 1.6, APIs: 1, Instructions: 78libraryCOMMON
              Download Yara Rule
              APIs
              • LoadLibraryA.KERNELBASE(?,?), ref: 00569512
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: LibraryLoad
              • String ID:
              • API String ID: 1029625771-0
              • Opcode ID: 5aa05489b0f128130c5e4e6079ebab0983c8cee3361e5dfc4937efdb008eaa5e
              • Instruction ID: 1bc358db6ea0c6cd6f656475a8d4e67aef25035a63405dac08ffc560aea19701
              • Opcode Fuzzy Hash: 5aa05489b0f128130c5e4e6079ebab0983c8cee3361e5dfc4937efdb008eaa5e
              • Instruction Fuzzy Hash: 2231487150038ACFCF319EA4DA983DDBB66BF61755F914026EC498F606DB308701DB12
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0056C181, Relevance: 1.6, APIs: 1, Instructions: 66networkCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: InternetOpen
              • String ID:
              • API String ID: 2038078732-0
              • Opcode ID: bc97f14d1a5aa86dd2da60b4ca23d386f2dbefa7c771bd6b519c7719ae6687f1
              • Instruction ID: e10f7fbf7cb2e128a118f28c8ce980b65beb99b5e4a3a895497c17ccec9ba039
              • Opcode Fuzzy Hash: bc97f14d1a5aa86dd2da60b4ca23d386f2dbefa7c771bd6b519c7719ae6687f1
              • Instruction Fuzzy Hash: 5621D73554524ACFEB39DEA0C8A47EA7BA2BFA6300F548029CC894B246D734D684CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 005674E2, Relevance: 1.6, APIs: 1, Instructions: 57libraryCOMMON
              Download Yara Rule
              APIs
              • LdrInitializeThunk.NTDLL(5149CA25,00568038,?,?), ref: 00568072
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: 91541f36d33cd5b43ac05d2a8a24e2bdcefec361126908b24f15464f7fe3cf59
              • Instruction ID: d035b42b4cf2f69adb46b3de46dfeba0a32a7a6ffef73b28b07e901e006db124
              • Opcode Fuzzy Hash: 91541f36d33cd5b43ac05d2a8a24e2bdcefec361126908b24f15464f7fe3cf59
              • Instruction Fuzzy Hash: 25119C735593495BCB20EE34C858BEA3F95BF95368F748509E0490F357DA35E142C781
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0056941E, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
              Download Yara Rule
              APIs
              • LoadLibraryA.KERNELBASE(?,?), ref: 00569512
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: LibraryLoad
              • String ID:
              • API String ID: 1029625771-0
              • Opcode ID: 448e92c632135c4332d50f3e3b30e96a894c27d8953de5410f4468cd329c00ea
              • Instruction ID: c23dbdb9282e0c710f9dc60626e88f4e749a15729d55cbbcd79f7d2d06da82b9
              • Opcode Fuzzy Hash: 448e92c632135c4332d50f3e3b30e96a894c27d8953de5410f4468cd329c00ea
              • Instruction Fuzzy Hash: 2A11E27200034ACFDF30DEA0EA9D7DDBB69BFA4715F50802AEC164B916CB34D600DA12
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00566D3E, Relevance: 1.5, APIs: 1, Instructions: 40fileCOMMON
              Download Yara Rule
              APIs
              • CreateFileA.KERNELBASE(?,32E55319), ref: 00566E10
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: CreateFile
              • String ID:
              • API String ID: 823142352-0
              • Opcode ID: ee1ec2ab2da325ec4a75bde8ad3bfec006efad5df3a381a720b7d14f000beed9
              • Instruction ID: dc184b76446123a2d5d33244655d3a010bfcd55977ac6d8d56236989c1e417d6
              • Opcode Fuzzy Hash: ee1ec2ab2da325ec4a75bde8ad3bfec006efad5df3a381a720b7d14f000beed9
              • Instruction Fuzzy Hash: 6001D233A28340CFE7A49F74C8867EABBB0AF51310F06481CE8D297566C3319691CF02
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0056C21E, Relevance: 1.5, APIs: 1, Instructions: 39networkCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: InternetOpen
              • String ID:
              • API String ID: 2038078732-0
              • Opcode ID: bc3d39546b7a1073f633dca38060c13c3cb20207d7c1830ff59c9e6417d2169a
              • Instruction ID: 0220ec242b2ac031c1caa25f28c53dcc1a5445ea4267451a1855a3aa9f714ba1
              • Opcode Fuzzy Hash: bc3d39546b7a1073f633dca38060c13c3cb20207d7c1830ff59c9e6417d2169a
              • Instruction Fuzzy Hash: 05014936445146CFD729EEB4D8E9BE53B71BF92314F64405DC8C54B215DB31D586CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 005694D3, Relevance: 1.5, APIs: 1, Instructions: 25libraryCOMMON
              Download Yara Rule
              APIs
              • LoadLibraryA.KERNELBASE(?,?), ref: 00569512
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: LibraryLoad
              • String ID:
              • API String ID: 1029625771-0
              • Opcode ID: 5a7333f931d99bebe45307ed1222ada3ad6808d0c21cd7348232056d26f255c8
              • Instruction ID: b4b0862c983e04de63a26a0525aeca1e49ffaca2d847e6f6571fd9dd7ac389ec
              • Opcode Fuzzy Hash: 5a7333f931d99bebe45307ed1222ada3ad6808d0c21cd7348232056d26f255c8
              • Instruction Fuzzy Hash: 9BE09236402106DFA314EEF4F5A9B5EEB98AE91B15388C14AFC164722ADF30C200CA61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00566DBD, Relevance: 1.5, APIs: 1, Instructions: 24fileCOMMON
              Download Yara Rule
              APIs
              • CreateFileA.KERNELBASE(?,32E55319), ref: 00566E10
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: CreateFile
              • String ID:
              • API String ID: 823142352-0
              • Opcode ID: 7a5274f3078f5cfa2657856b37ed602ac19826db744945d49d446b96702df261
              • Instruction ID: 6861cf10d98d6289e6e628f2cbe35a779e1bc66a99f03e2537822f62e1166f77
              • Opcode Fuzzy Hash: 7a5274f3078f5cfa2657856b37ed602ac19826db744945d49d446b96702df261
              • Instruction Fuzzy Hash: 1CF0A07285A245CFE364DE74D89ABDABBA8AF21700F44845C905687621E731C240CA60
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00568049, Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
              Download Yara Rule
              APIs
              • LdrInitializeThunk.NTDLL(5149CA25,00568038,?,?), ref: 00568072
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: 80ad4583237af20a401f9dba337a2a53f90edcc563ae0da2b47c51577dcb883a
              • Instruction ID: 209b748e2de62767576413e2176084023f0b19e09ef2e8ee3bec4e8c696cf27c
              • Opcode Fuzzy Hash: 80ad4583237af20a401f9dba337a2a53f90edcc563ae0da2b47c51577dcb883a
              • Instruction Fuzzy Hash: 80D012B798300A9FF314F978D4ADB4A6B9C5F62B15B88C44DD0128B61AEE11C259D7E0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00567B0C, Relevance: 1.3, APIs: 1, Instructions: 30sleepCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000015.00000002.733145322.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
              Yara matches
              Similarity
              • API ID: Sleep
              • String ID:
              • API String ID: 3472027048-0
              • Opcode ID: e4cbf2f484100bc6a92d4a2cb3ea5ae78e6847bbe858c40cb863ac164ff8fb5f
              • Instruction ID: 7542d004003f4796dc9fa30774864c9e0538c4fff5e71ebf8c010c6c9d3706c4
              • Opcode Fuzzy Hash: e4cbf2f484100bc6a92d4a2cb3ea5ae78e6847bbe858c40cb863ac164ff8fb5f
              • Instruction Fuzzy Hash: 39F0A771504301EFDB54993885837AB7AB3BF79760F110C69ECCAC7666E6368845C742
              Uniqueness

              Uniqueness Score: -1.00%

              Non-executed Functions