Edit tour

Windows Analysis Report
cuenta iban-ES65.exe

Overview

General Information

Sample name:	cuenta iban-ES65.exe
Analysis ID:	1400264
MD5:	5879a124cd6d7bfbf0133e005f1bdebd
SHA1:	3f96bd536b078f321322e52c0a2aa53b2139664e
SHA256:	f6580f6a21a712e87c8d55662adf7d87df24253976085675014f246cccf8fdaf
Tags:	exe
Infos:

Detection

GuLoader

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected GuLoader

Tries to detect virtualization through RDTSC time measurements

Contains functionality for read data from the clipboard

Contains functionality to dynamically determine API calls

Contains functionality to shutdown / reboot the system

Creates files inside the system directory

Detected potential crypto function

Drops PE files

Found dropped PE file which has not been started or loaded

PE / OLE file has an invalid certificate

Tries to load missing DLLs

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

cuenta iban-ES65.exe (PID: 432 cmdline: C:\Users\user\Desktop\cuenta iban-ES65.exe MD5: 5879A124CD6D7BFBF0133E005F1BDEBD)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
CloudEyE, GuLoader	CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.	No Attribution	http://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bluebottle-banks-targeted-africa https://0x00sec.org/t/analyzing-modern-malware-techniques-part-3/18943 https://any.run/cybersecurity-blog/deobfuscating-guloader/ https://asec.ahnlab.com/en/55978/ https://blog.checkpoint.com/security/march-2023s-most-wanted-malware-new-emotet-campaign-bypasses-microsoft-blocks-to-distribute-malicious-onenote-files/	https://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.3673494541.0000000007811000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: cuenta iban-ES65.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: cuenta iban-ES65.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 0_2_00406010 FindFirstFileA,FindClose,	0_2_00406010
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 0_2_004055AE GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_004055AE
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 0_2_00402688 FindFirstFileA,	0_2_00402688

Source: cuenta iban-ES65.exe	String found in binary or memory: http://crl.apple.com/root.crl0
Source: cuenta iban-ES65.exe	String found in binary or memory: http://crl.apple.com/timestamp.crl0
Source: cuenta iban-ES65.exe	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: cuenta iban-ES65.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: cuenta iban-ES65.exe	String found in binary or memory: http://www.apple.com/appleca0
Source: cuenta iban-ES65.exe	String found in binary or memory: https://www.apple.com/appleca/0

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

Code function: 0_2_00405063 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_00405063

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

Code function: 0_2_004030EC EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

0_2_004030EC

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	File created: C:\Windows\resources\0809			Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	File created: C:\Windows\hotdoggen.ini			Jump to behavior

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

Code function: 0_2_004048A2

0_2_004048A2

Source: cuenta iban-ES65.exe

Static PE information: invalid certificate

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: profapi.dll	Jump to behavior

Source: cuenta iban-ES65.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: mal52.troj.evad.winEXE@1/9@0/0

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

0_2_004030EC

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

Code function: 0_2_0040432F GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,

0_2_0040432F

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

Code function: 0_2_0040205E CoCreateInstance,MultiByteToWideChar,

0_2_0040205E

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Arsenalers.ini

Jump to behavior

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

File created: C:\Users\user~1\AppData\Local\Temp\nstEC25.tmp

Jump to behavior

Source: cuenta iban-ES65.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

File read: C:\Users\user\Desktop\cuenta iban-ES65.exe

Jump to behavior

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

File written: C:\Windows\hotdoggen.ini

Jump to behavior

Source: cuenta iban-ES65.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

Yara detected GuLoader

Source: Yara match

File source: 00000000.00000002.3673494541.0000000007811000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

Code function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,

0_2_10001A5D

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

Code function: 0_2_10002D20 push eax; ret

0_2_10002D4E

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	File created: C:\Users\user\AppData\Local\Temp\nsoECA3.tmp\System.dll			Jump to dropped file
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	File created: C:\Users\user\AppData\Local\Temp\nsoECA3.tmp\nsExec.dll			Jump to dropped file

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

RDTSC instruction interceptor: First address: 0000000007E808E8 second address: 0000000007E808E8 instructions: 0x00000000 rdtsc 0x00000002 cmp ebx, ecx 0x00000004 jc 00007F66F8DBC248h 0x00000006 inc ebp 0x00000007 inc ebx 0x00000008 test ah, ch 0x0000000a rdtsc

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsoECA3.tmp\System.dll			Jump to dropped file
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsoECA3.tmp\nsExec.dll			Jump to dropped file

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 0_2_00406010 FindFirstFileA,FindClose,	0_2_00406010
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 0_2_004055AE GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_004055AE
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 0_2_00402688 FindFirstFileA,	0_2_00402688

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	API call chain: ExitProcess graph end node			graph_0-4169
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	API call chain: ExitProcess graph end node			graph_0-4319

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

Code function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,

0_2_10001A5D

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

Code function: 0_2_00405D2E GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,

0_2_00405D2E

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	1 Access Token Manipulation	11 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Access Token Manipulation	LSASS Memory	3 File and Directory Discovery	Remote Desktop Protocol	1 Clipboard Data	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 DLL Side-Loading	Security Account Manager	13 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Obfuscated Files or Information	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
cuenta iban-ES65.exe	8%	ReversingLabs

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\nsoECA3.tmp\System.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsoECA3.tmp\nsExec.dll	0%	ReversingLabs

Name	Source	Malicious	Antivirus Detection	Reputation
http://nsis.sf.net/NSIS_Error	cuenta iban-ES65.exe	false		high
http://nsis.sf.net/NSIS_ErrorError	cuenta iban-ES65.exe	false		high

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1400264
Start date and time:	2024-02-28 15:33:09 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 53s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	17
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	cuenta iban-ES65.exe
Detection:	MAL
Classification:	mal52.troj.evad.winEXE@1/9@0/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 98% Number of executed functions: 42 Number of non-executed functions: 29
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: cuenta iban-ES65.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\nsoECA3.tmp\System.dll	cuenta iban-ES65.exe	Get hash	malicious	FormBook, GuLoader	Browse
	cuenta iban-ES65.exe	Get hash	malicious	GuLoader	Browse
	rResegregation.exe	Get hash	malicious	FormBook, GuLoader	Browse
	rResegregation.exe	Get hash	malicious	GuLoader	Browse
	W1nnerFree CS2.exe	Get hash	malicious	LoaderBot, Xmrig	Browse
	WP.exe	Get hash	malicious	Unknown	Browse
	HICAPSConnect_4.0.0.1.exe	Get hash	malicious	Unknown	Browse
	TIjRtMJfZA.exe	Get hash	malicious	Remcos, GuLoader	Browse
	TIjRtMJfZA.exe	Get hash	malicious	GuLoader	Browse
	Request_for_Pricelist_confirmation.xls	Get hash	malicious	GuLoader	Browse
C:\Users\user\AppData\Local\Temp\nsoECA3.tmp\nsExec.dll	cuenta iban-ES65.exe	Get hash	malicious	FormBook, GuLoader	Browse
	cuenta iban-ES65.exe	Get hash	malicious	GuLoader	Browse
	rResegregation.exe	Get hash	malicious	FormBook, GuLoader	Browse
	rResegregation.exe	Get hash	malicious	GuLoader	Browse
	INNORIX-Agent.exe	Get hash	malicious	Unknown	Browse
	INNORIX-Agent.exe	Get hash	malicious	Unknown	Browse
	HICAPSConnect_4.0.0.1.exe	Get hash	malicious	Unknown	Browse
	bPYR660y5o.exe	Get hash	malicious	Azorult, GuLoader	Browse
	uQP25xP5DH.exe	Get hash	malicious	GuLoader	Browse
	bPYR660y5o.exe	Get hash	malicious	GuLoader	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Disenthralls\Ethnogenist82\merrill.txt

Download File

Process:	C:\Users\user\Desktop\cuenta iban-ES65.exe
File Type:	ASCII text, with very long lines (342), with CRLF line terminators
Category:	dropped
Size (bytes):	409
Entropy (8bit):	4.316596138966152
Encrypted:	false
SSDEEP:	12:uILfzwCbnN4VsFdzvO/cWJV9Cu/LkozsjsGgCu6:jLEkLR4VmozqngCu6
MD5:	37FADD78CA1A16ACBA1C7C6E63B41790
SHA1:	86D7AC5B3B31FD34C742F97314774C3A8278C5C7
SHA-256:	4938F4211BF8BBA63BBA27B4A2490731AB3E56BC39C4B0997AE27148CB0B10EA
SHA-512:	064537F2C3C471B4439141CBBAB01F3D7423C51DBCCD51C848612857E4532156EC037E4F2AA76A5D5C16D62EBB51C2C63A5614DD323F4639A9084C1CE9BE8092
Malicious:	false
Reputation:	low
Preview:	vankelmodig egernsund topectomy.tamanaca middlemost phellogen vandskadens soelvskrin plumbaginaceous unpartiality,coddled ableeze gerodermia rvrdiges sukkerlager kvarter.abdullahs kahili producent glike statsfinanserne.selskabsdamers topprisers desegmented tumors dominations paakaldt majkattens brickset drberceller waterboard staaltraadsnet..milliares sydsol exoner surgicotherapy recodifying myggesvrmene..

C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Disenthralls\Ethnogenist82\mf.fys

Download File

Process:	C:\Users\user\Desktop\cuenta iban-ES65.exe
File Type:	data
Category:	dropped
Size (bytes):	197401
Entropy (8bit):	4.943394286855981
Encrypted:	false
SSDEEP:	3072:bkRORodlog6aK0ph0cXf2s/X8BT2vHWt8HSJrUBT0Bg5yLbbubc+OGjK3Eqm:b9oIg6qh02+suT2e5rxgs36HOGjKUqm
MD5:	92741A228B38BD3240CB74D7337AB2B2
SHA1:	56A25F8CB6DF0EBD46F8423B41132D6826EE67E7
SHA-256:	FF913C2B04E11520A2D153E25C305E72984A33CAD0649CF94FC9498862916B2C
SHA-512:	0AD99DAD1D5486B23C425687EFF0902A6F5D8447CC9FB6F03B01AA7AF3F931C4B8E5963D4ABBB9FEDDA5C5809C8E615CE3A93A4132427EAE85912CCDB7491267
Malicious:	false
Reputation:	low
Preview:	...c.I..md......i....]........1.,o.d;...L.....#...N...T...}..........a..h.......&.D..........M.]i.T..^p....G.......q.......................S.....}....."".;...-.......Y....Z....y..6.\|.'..4P...............Y?.(j..b.a....0T.....s....a+....#.......h........EN.U..8..........z.........R..Y)...h........xo...........~.....7....o............o.VuG..W.P\.........C.d.3..........jv..qq.?.!......................u.....6_....... .............m......../...af.......0......{.j.$.....^.g...........#............H...........0..'..p;..................7.......h...\.4n..........<.n...?........u......\|J.g.L....}g.......K.......p.........y..........AT....LF........+fc...'z....._............q.y...........]b...*...c...............}....&...$................r...................P..........>....<............q.)..........o............^..........x....?...&~.........................@..E..q......z......EC;J.5......a.p.i........@...........4!.......V.......j..<.I.......qX......e..A.C........V.....................

C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Disenthralls\Ethnogenist82\unpopularised.fas

Download File

Process:	C:\Users\user\Desktop\cuenta iban-ES65.exe
File Type:	data
Category:	dropped
Size (bytes):	177692
Entropy (8bit):	4.929126718267887
Encrypted:	false
SSDEEP:	3072:/skvPxa7Rsl3OWreA7lX6/pKJ4Vo/pgUkiCF2nO9I3I5csbyU3e:/skv07Rm35fJEoBLd9O9fcsbTO
MD5:	9A7DED13A5C6C7444E8C563C0621D5BC
SHA1:	8698D3FC40852CC4CDAB3FE885225671895A94FA
SHA-256:	D3EABF84D1FFA658F1ACF8E61875B210839C3242AC5478FECE8E910BC979BB64
SHA-512:	91511DDF50C2E523BCA064793338A47CC3AFBEDE69274CB5F34F5195E81D416C23CC22686FC5AE63A2159ED577B3F5CC127C5CB918E5CFB63D378B2BF9E38E56
Malicious:	false
Reputation:	low
Preview:	...R. ...................Y....xB....7..=...........L..k..?....h.......[......................^......5......................H......$.....4p.-_V.....}.Pt..H.Z.............}...g....2.....Mo_.......^.....EJ.B...1....................K..t2..6..X....................9..........-...........t...M..f.........!.........x.u...~...-.2..tr..........\............X... ..........W..Y.....w.......1......d............#.......?....;........:......+../.y....%...m.....H......{.........................<...............................3 ...@.....#...........\.....&..............n...J.N...4-... ........N.....y..g..........................-3.[...................!.........?y.V.q..k....B.........`(.4.........G6.....5...........:........*......................v.f....e.A..........y......m....7....T...&..&...z.=...(.......!....z...,.c....F......E................w..........u,....;.p.............zn.....(.....]...~..........M[..2..B.....I.a..8....]Y........P..<....x.,....../...........>....E...S...C.q..

C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Exceptionalally\Insecure\Thorkilds.Jus

Download File

Process:	C:\Users\user\Desktop\cuenta iban-ES65.exe
File Type:	Matlab v4 mat-file (little endian) , numeric, rows 0, columns 0, imaginary
Category:	dropped
Size (bytes):	276122
Entropy (8bit):	7.701795670262245
Encrypted:	false
SSDEEP:	3072:PyGUq/gsmNrXzbn5fqnwHUqp2w7exJonqkEsIPon9hDPdOM0nUD3aamYGjIRqMwE:qtqYpNzxqw0aePonbDLbL3ukl7zwV4Tz
MD5:	97388F1016F9B4275E30E8035A963940
SHA1:	E7276FC8B4F4F4298F4ABAE896B4C436E58F9B81
SHA-256:	7A60A1A9EF5E75C1B0718C4EBD522A1EACD1C8747A8CD73443B936AC7729BBCB
SHA-512:	5D565DDE6CCDE710CF289FEE4A0FA0BAC1E8F278DEF6B07B6A0C029BA116C347C690F094DE8BD3C43C9B35D2D8F97E87D13E6B37072D9EDE6C44DFE8F5CEF8BC
Malicious:	false
Reputation:	low
Preview:	...............U........HH.%..............>.................{.OO..........X.....i.;.../...................7.<.C.....................................................f....1...i\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\.......6.9h6VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV..%U........caw4.%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%......M...%jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj......._..^*???????????????????????????????????????????????????????????????????????????????????????????.....X.....}9..}.........................................................................................................................4......u%n.Ygggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggf.........x..E.......................................................................................................................0...f....s..@<.0"######

C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Exceptionalally\Insecure\heiling.rep

Download File

Process:	C:\Users\user\Desktop\cuenta iban-ES65.exe
File Type:	data
Category:	dropped
Size (bytes):	144434
Entropy (8bit):	4.930322413705722
Encrypted:	false
SSDEEP:	3072:7W6ttdRhkvhbiQ+6LxUwih5Nd9PAhUekxpRkDFm8:5h+hf+6G3Nje2pIm8
MD5:	6E6697CCC2A5B888E8D13D4BD3027FA6
SHA1:	6BF4017D1016825F65A2001982DA632CCEBE8595
SHA-256:	6DC937B66FF9E32AD262C966081BF7A1AA38A759491BE863E7AE2E28CC5DA611
SHA-512:	6540116A7E70F21FE601A7E69DF7EF491678C853B7163CC265E74D1D02791EA8091BE467B33892F157B33DFC136D6CE9D8D982BF040DB54452127E40A37505F5
Malicious:	false
Reputation:	low
Preview:	F.L.........k..B.=.........9........r...8..CF.........X....4I.......x.................U...........!......F...g....... ...$......n...r.....fz..\.l........Q......v.+.)..?..5...t../g.......U^9..&.Y......wS{.......V...;d.........{ -......_.J.......J.......,...w.....#.C.......>.Tn................'......Z...s....v........f......n..1...9uV...\+..W....N..~...@GI......].KU/.4RS...P...`......!.x.......9........Gh........%p......w.1. ..`.E\r..i................o..L..z'..........Y......rK..<.......crq$..........\...I............t.....g...6J.r.Q.{.K............U.)...~.. ........j..D$...>...........\|........a......w...q............2`......W....%hC.=z[...q......f.a.%....w...$.......;..O..............\|..a........ ....l......0......E\|...??......j.)S...............~..-.....h........$.L........v....................z........../.....................+..-...8#...................................IA...............[.................3..~....t.........H...u..... C.......V.....k......l.......tK.T^...

C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Nonimporting.Roy

Download File

Process:	C:\Users\user\Desktop\cuenta iban-ES65.exe
File Type:	data
Category:	dropped
Size (bytes):	145754
Entropy (8bit):	4.601517571645783
Encrypted:	false
SSDEEP:	1536:WnORYVM9r+94u4zdqGmb1lQp8Nnk++nzQ7ZqPWh70V6Z38UE6iuDKx:WnO35Q4uUYxP+zQ7Zq+816iuC
MD5:	BAF512921F523FB8FDA6FF9DAB021BF9
SHA1:	DCBB0D1F22A1A5676E419BD168B849232AC8D317
SHA-256:	A8328295A9DB6A60923681B8B295A7FBA62369B8A8657B088CC5758CBFABA2AB
SHA-512:	6C544AD1ECF3692E8B3172BD57DE2B24924A7EABC7EB62CD44A68AE4C936378FAE165D4B4BA29E13295DC2F5980D14EA478F6DD7D0348446855DC95526C67F99
Malicious:	false
Reputation:	low
Preview:	...........AA......n...........KK...................c..""..=.................._.HH..%................+++..........w...:..................L.......................TTT.....i.\|..~....................................K.........................111.b..................zz.....>.44444......................R.........S......................... ...q............yyyyy..............&&.............}......................."...........w.4..55.......LL.".............................Y..............ZZ........LLLLLL..11.-...........L........!!.......................................B......000000.....gg.............MMMMMM.................................................................II......).....I........s..........:.v................f....rr....g.<<......NN......dddd.................E......SS.RRR...H.aa..............{......yy....QQ......444...................LL...........................e............................((...zz....III...C...9....11.............I............UU.............uuuuuuu..............u..

C:\Users\user\AppData\Local\Temp\nsoECA3.tmp\System.dll

Download File

Process:	C:\Users\user\Desktop\cuenta iban-ES65.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	5.770803561213006
Encrypted:	false
SSDEEP:	192:vPtkumJX7zB22kGwfy0mtVgkCPOsE1un:k702k5qpdsEQn
MD5:	2AE993A2FFEC0C137EB51C8832691BCB
SHA1:	98E0B37B7C14890F8A599F35678AF5E9435906E1
SHA-256:	681382F3134DE5C6272A49DD13651C8C201B89C247B471191496E7335702FA59
SHA-512:	2501371EB09C01746119305BA080F3B8C41E64535FF09CEE4F51322530366D0BD5322EA5290A466356598027E6CDA8AB360CAEF62DCAF560D630742E2DD9BCD9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: cuenta iban-ES65.exe, Detection: malicious, Browse Filename: cuenta iban-ES65.exe, Detection: malicious, Browse Filename: rResegregation.exe, Detection: malicious, Browse Filename: rResegregation.exe, Detection: malicious, Browse Filename: W1nnerFree CS2.exe, Detection: malicious, Browse Filename: WP.exe, Detection: malicious, Browse Filename: HICAPSConnect_4.0.0.1.exe, Detection: malicious, Browse Filename: TIjRtMJfZA.exe, Detection: malicious, Browse Filename: TIjRtMJfZA.exe, Detection: malicious, Browse Filename: Request_for_Pricelist_confirmation.xls, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j.9..i....l....l.Richm.........................PE..L...tc.W...........!.................'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text...O........................... ..`.rdata..S....0......."..............@..@.data...h....@.......&..............@....reloc..`....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsoECA3.tmp\nsExec.dll

Download File

Process:	C:\Users\user\Desktop\cuenta iban-ES65.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6656
Entropy (8bit):	4.994861218233575
Encrypted:	false
SSDEEP:	96:U7GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgNN3e:mXhHR0aTQN4gRHdMqJVgNE
MD5:	B648C78981C02C434D6A04D4422A6198
SHA1:	74D99EED1EAE76C7F43454C01CDB7030E5772FC2
SHA-256:	3E3D516D4F28948A474704D5DC9907DBE39E3B3F98E7299F536337278C59C5C9
SHA-512:	219C88C0EF9FD6E3BE34C56D8458443E695BADD27861D74C486143306A94B8318E6593BF4DA81421E88E4539B238557DD4FE1F5BEDF3ECEC59727917099E90D2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: cuenta iban-ES65.exe, Detection: malicious, Browse Filename: cuenta iban-ES65.exe, Detection: malicious, Browse Filename: rResegregation.exe, Detection: malicious, Browse Filename: rResegregation.exe, Detection: malicious, Browse Filename: INNORIX-Agent.exe, Detection: malicious, Browse Filename: INNORIX-Agent.exe, Detection: malicious, Browse Filename: HICAPSConnect_4.0.0.1.exe, Detection: malicious, Browse Filename: bPYR660y5o.exe, Detection: malicious, Browse Filename: uQP25xP5DH.exe, Detection: malicious, Browse Filename: bPYR660y5o.exe, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........d..7..7..7..7..7,..7..7..7..7..7..7Rich..7........PE..L...rc.W...........!......................... ...............................P.......................................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata..,.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\hotdoggen.ini

Download File

Process:	C:\Users\user\Desktop\cuenta iban-ES65.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	50
Entropy (8bit):	4.351272380112911
Encrypted:	false
SSDEEP:	3:Y0e4nxwKOAXXXUT23:ZxGQUTg
MD5:	70345464BA62A9453DB2F24C1BC10881
SHA1:	62FE4814D1B6082B46C196734B9EAF33B9B691BB
SHA-256:	CC7E912D757A17A09CED10401C69D122B7972D4F9F6E26705E18A8CFE3EBEF40
SHA-512:	B0ED1640898EBF66797489862BE3ACDFF589B161106C688E0536CABD91F673A75126A70B9363B078D8C88144D547DED4E8980E457C8E75E1477AADBB5414AE3A
Malicious:	false
Preview:	[flgevirkningerne]..Blokeringsfrit250=Svaleskabs..

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Entropy (8bit):	7.670262437037489
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	cuenta iban-ES65.exe
File size:	906'344 bytes
MD5:	5879a124cd6d7bfbf0133e005f1bdebd
SHA1:	3f96bd536b078f321322e52c0a2aa53b2139664e
SHA256:	f6580f6a21a712e87c8d55662adf7d87df24253976085675014f246cccf8fdaf
SHA512:	97c7debb000d21524ff9775177863fdd945ce1c90c654e671df0afa540b6bfe2c871109e897e0519c0b7094bd4cfaad29e1666b5da83bafa37adbc994dc5fe10
SSDEEP:	12288:jJTQrh2guL2ObOOSbH6ROfuhheB0E1QtlKnXUJW+QiAukU30+9Ir/CSQs:tTQrh2gu/9SbAOI4qiqyUk+T/G/Ca
TLSH:	F41512076E85DD13C69356748DE1E77BA33CCE800E2986476BC03E5ABD72B9E2A4509C
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........@............/...........s.../...............+.......Rich............................PE..L....c.W.................^....9....

File Icon


Icon Hash:	4dcdeced7d5d5823

Static PE Info

General

Entrypoint:	0x4030ec
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x5795637F [Mon Jul 25 00:55:27 2016 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	b78ecf47c0a3e24a6f4af114e2d1f5de

Authenticode Signature

Signature Valid:	false
Signature Issuer:	E=Mlketands@Bickerers.Pr, O=Medievalisms, OU="Perennialise Hankerer ", CN=Medievalisms, L=St Blazey, S=England, C=GB
Signature Validation Error:	A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
Error Number:	-2146762487
Not Before, Not After	13/12/2023 12:50:47 12/12/2026 12:50:47
Subject Chain	E=Mlketands@Bickerers.Pr, O=Medievalisms, OU="Perennialise Hankerer ", CN=Medievalisms, L=St Blazey, S=England, C=GB
Version:	3
Thumbprint MD5:	5C65AF1D30CFF1320466A59477CB4D26
Thumbprint SHA-1:	BA9B2813158E944DA6AA02C60E6C3E71A82B924D
Thumbprint SHA-256:	C3DF5060943BB19503DBCB700BE7C2C3A63981963A97449E269FD6CA70294960
Serial:	632E2A1F099E309B38AB75727BE93ABA5700976D

Entrypoint Preview

Instruction
sub esp, 00000184h
push ebx
push esi
push edi
xor ebx, ebx
push 00008001h
mov dword ptr [esp+18h], ebx
mov dword ptr [esp+10h], 00409198h
mov dword ptr [esp+20h], ebx
mov byte ptr [esp+14h], 00000020h
call dword ptr [004070A8h]
call dword ptr [004070A4h]
cmp ax, 00000006h
je 00007F66F87DA293h
push ebx
call 00007F66F87DD201h
cmp eax, ebx
je 00007F66F87DA289h
push 00000C00h
call eax
mov esi, 00407298h
push esi
call 00007F66F87DD17Dh
push esi
call dword ptr [004070A0h]
lea esi, dword ptr [esi+eax+01h]
cmp byte ptr [esi], bl
jne 00007F66F87DA26Dh
push ebp
push 00000009h
call 00007F66F87DD1D4h
push 00000007h
call 00007F66F87DD1CDh
mov dword ptr [007A1F44h], eax
call dword ptr [00407044h]
push ebx
call dword ptr [00407288h]
mov dword ptr [007A1FF8h], eax
push ebx
lea eax, dword ptr [esp+38h]
push 00000160h
push eax
push ebx
push 0079D500h
call dword ptr [00407174h]
push 00409188h
push 007A1740h
call 00007F66F87DCDF7h
call dword ptr [0040709Ch]
mov ebp, 007A8000h
push eax
push ebp
call 00007F66F87DCDE5h
push ebx
call dword ptr [00407154h]

Rich Headers

Programming Language:

[EXP] VC++ 6.0 SP5 build 8804

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x7428	0xa0	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x3c0000	0x2b038	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0xdb980	0x1ae8	.data
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x7000	0x298	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x5db6	0x5e00	f367801e476b699be2b532039e0b583c	False	0.6806848404255319	data	6.508470969322742	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x7000	0x1246	0x1400	43fab6a80651bd97af8f34ecf44cd8ac	False	0.42734375	data	5.005029341587408	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x9000	0x399038	0x400	29ebcbec0bd7bd0fecb3d2937195c560	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.ndata	0x3a3000	0x1d000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x3c0000	0x2b038	0x2b200	9778d093a419153a5e6a05c46a1f4faa	False	0.38580729166666666	data	4.808486494968782	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x3c0448	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 67584	English	United States	0.3347480184549864
RT_ICON	0x3d0c70	0x94a8	Device independent bitmap graphic, 96 x 192 x 32, image size 38016	English	United States	0.4008040782005466
RT_ICON	0x3da118	0x5488	Device independent bitmap graphic, 72 x 144 x 32, image size 21600	English	United States	0.41899260628465806
RT_ICON	0x3df5a0	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16896	English	United States	0.40257439773264053
RT_ICON	0x3e37c8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.45643153526970953
RT_ICON	0x3e5d70	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.4978893058161351
RT_ICON	0x3e6e18	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2688	English	United States	0.5407782515991472
RT_ICON	0x3e7cc0	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	English	United States	0.5545081967213115
RT_ICON	0x3e8648	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1152	English	United States	0.5424187725631769
RT_ICON	0x3e8ef0	0x748	Device independent bitmap graphic, 24 x 48 x 24, image size 1824	English	United States	0.5359442060085837
RT_ICON	0x3e9638	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 672	English	United States	0.4925115207373272
RT_ICON	0x3e9d00	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 320	English	United States	0.3627167630057804
RT_ICON	0x3ea268	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.598404255319149
RT_DIALOG	0x3ea6d0	0x100	data	English	United States	0.5234375
RT_DIALOG	0x3ea7d0	0x11c	data	English	United States	0.6056338028169014
RT_DIALOG	0x3ea8f0	0xc4	data	English	United States	0.5918367346938775
RT_DIALOG	0x3ea9b8	0x60	data	English	United States	0.7291666666666666
RT_GROUP_ICON	0x3eaa18	0xbc	data	English	United States	0.648936170212766
RT_VERSION	0x3eaad8	0x21c	data	English	United States	0.5203703703703704
RT_MANIFEST	0x3eacf8	0x33d	XML 1.0 document, ASCII text, with very long lines (829), with no line terminators	English	United States	0.5536791314837153

Imports

DLL	Import
KERNEL32.dll	SetEnvironmentVariableA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, GetFileAttributesA, SetFileAttributesA, GetWindowsDirectoryA, GetTempPathA, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, ExitProcess, GetFullPathNameA, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, CloseHandle, SetCurrentDirectoryA, MoveFileA, CompareFileTime, GetShortPathNameA, SearchPathA, lstrcmpiA, SetFileTime, lstrcmpA, ExpandEnvironmentStringsA, GlobalUnlock, GetDiskFreeSpaceA, GlobalFree, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, GetPrivateProfileStringA, FindClose, MultiByteToWideChar, FreeLibrary, MulDiv, WritePrivateProfileStringA, LoadLibraryExA, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, GlobalAlloc
USER32.dll	ScreenToClient, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, PostQuitMessage, GetWindowRect, EnableMenuItem, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, GetDC, CreateDialogParamA, SetTimer, GetDlgItem, SetWindowLongA, SetForegroundWindow, LoadImageA, IsWindow, SendMessageTimeoutA, FindWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, EndPaint, DestroyWindow, wsprintfA, ShowWindow, SetWindowTextA
GDI32.dll	SelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
SHELL32.dll	SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA
ADVAPI32.dll	RegDeleteKeyA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges, RegOpenKeyExA, RegEnumValueA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
COMCTL32.dll	ImageList_Create, ImageList_AddMasked, ImageList_Destroy
ole32.dll	OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Target ID:	0
Start time:	15:33:59
Start date:	28/02/2024
Path:	C:\Users\user\Desktop\cuenta iban-ES65.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\cuenta iban-ES65.exe
Imagebase:	0x400000
File size:	906'344 bytes
MD5 hash:	5879A124CD6D7BFBF0133E005F1BDEBD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.3673494541.0000000007811000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	20.8%
Dynamic/Decrypted Code Coverage:	13.9%
Signature Coverage:	21%
Total number of Nodes:	1452
Total number of Limit Nodes:	41

Executed Functions

Function 004030EC Relevance: 91.4, APIs: 33, Strings: 19, Instructions: 357
stringcomfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE ref: 00403111
GetVersion.KERNEL32 ref: 00403117
lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403140
#17.COMCTL32(00000007,00000009), ref: 00403162
OleInitialize.OLE32(00000000), ref: 00403169
SHGetFileInfoA.SHELL32(0079D500,00000000,?,00000160,00000000), ref: 00403185
GetCommandLineA.KERNEL32(Centrifugers Setup,NSIS Error), ref: 0040319A
GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\cuenta iban-ES65.exe",00000000), ref: 004031AD
CharNextA.USER32(00000000,"C:\Users\user\Desktop\cuenta iban-ES65.exe",00000020), ref: 004031D8
GetTempPathA.KERNELBASE(00000400,C:\Users\user~1\AppData\Local\Temp\,00000000,00000020), ref: 004032D5
GetWindowsDirectoryA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,000003FB), ref: 004032E6
lstrcatA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,\Temp), ref: 004032F2
GetTempPathA.KERNEL32(000003FC,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,\Temp), ref: 00403306
lstrcatA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,Low), ref: 0040330E
SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,Low), ref: 0040331F
SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user~1\AppData\Local\Temp\), ref: 00403327
DeleteFileA.KERNELBASE(1033), ref: 0040333B

Part of subcall function 004060A5: GetModuleHandleA.KERNEL32(?,?,?,00403156,00000009), ref: 004060B7
Part of subcall function 004060A5: GetProcAddress.KERNEL32(00000000,?), ref: 004060D2

OleUninitialize.OLE32(?), ref: 004033E9
ExitProcess.KERNEL32 ref: 0040340A
GetCurrentProcess.KERNEL32(00000028,?), ref: 00403527
OpenProcessToken.ADVAPI32(00000000), ref: 0040352E
LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403546
AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 00403565
ExitWindowsEx.USER32(00000002,80040002), ref: 00403589
ExitProcess.KERNEL32 ref: 004035AC

Part of subcall function 00405502: MessageBoxIndirectA.USER32(00409218), ref: 0040555D

Strings

C:\Users\user\Desktop\cuenta iban-ES65.exe, xrefs: 004034C7
C:\Users\user~1\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Disenthralls\Ethnogenist82, xrefs: 004033C6
Low, xrefs: 00403308
\Temp, xrefs: 004032EC
.tmp, xrefs: 00403431
1033, xrefs: 00403336
~nsu, xrefs: 00403415
Error launching installer, xrefs: 004033A1
", xrefs: 004031FD
NSIS Error, xrefs: 0040318B
TMP, xrefs: 00403322
C:\Users\user~1\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet, xrefs: 004032BA, 004033BB, 00403465, 0040346E
C:\Users\user\Desktop, xrefs: 0040343C, 00403441, 0040346D
TEMP, xrefs: 0040331A
SeShutdownPrivilege, xrefs: 00403540
UXTHEME, xrefs: 00403134, 00403139, 0040313F
C:\Users\user~1\AppData\Local\Temp\, xrefs: 004032CA, 004032CF, 004032E5, 004032F1, 00403300, 0040330D, 00403319, 00403321, 0040341A, 0040342B, 00403436, 00403442, 0040344F, 0040345E, 0040350D
"C:\Users\user\Desktop\cuenta iban-ES65.exe", xrefs: 004031A0, 004031A6, 0040335F
Centrifugers Setup, xrefs: 00403190

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: Process$Exit$EnvironmentFileHandleModulePathTempTokenVariableWindowslstrcat$AddressAdjustCharCommandCurrentDeleteDirectoryErrorIndirectInfoInitializeLineLookupMessageModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrlen
String ID: "$"C:\Users\user\Desktop\cuenta iban-ES65.exe"$.tmp$1033$C:\Users\user~1\AppData\Local\Temp\$C:\Users\user~1\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet$C:\Users\user~1\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Disenthralls\Ethnogenist82$C:\Users\user\Desktop$C:\Users\user\Desktop\cuenta iban-ES65.exe$Centrifugers Setup$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
API String ID: 3329125770-1362132882
Opcode ID: 6abb48eee298fabc64d5b75a2fcda338828ab476ca8097a17d05218fc85f4c00
Instruction ID: 9f005f8ea334ebed05284af4b2fd35d6cfc3abe5f946e81cdcf7347df6e605c8
Opcode Fuzzy Hash: 6abb48eee298fabc64d5b75a2fcda338828ab476ca8097a17d05218fc85f4c00
Instruction Fuzzy Hash: 02C1D7705082816AE7116F75AD4DA2F7EACAF8634AF04457FF541B61E2CB7C4A048B2E

Uniqueness

Uniqueness Score: -1.00%

Function 00405063 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282
windowclipboardmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetDlgItem.USER32(?,00000403), ref: 004050C2
GetDlgItem.USER32(?,000003EE), ref: 004050D1
GetClientRect.USER32(?,?), ref: 0040510E
GetSystemMetrics.USER32(00000002), ref: 00405115
SendMessageA.USER32(?,0000101B,00000000,?), ref: 00405136
SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405147
SendMessageA.USER32(?,00001001,00000000,?), ref: 0040515A
SendMessageA.USER32(?,00001026,00000000,?), ref: 00405168
SendMessageA.USER32(?,00001024,00000000,?), ref: 0040517B
ShowWindow.USER32(00000000,?,0000001B,?), ref: 0040519D
ShowWindow.USER32(?,00000008), ref: 004051B1
GetDlgItem.USER32(?,000003EC), ref: 004051D2
SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004051E2
SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004051FB
SendMessageA.USER32(00000000,00002001,00000000,?), ref: 00405207
GetDlgItem.USER32(?,000003F8), ref: 004050E0

Part of subcall function 00403F26: SendMessageA.USER32(00000028,?,00000001,00403D57), ref: 00403F34

GetDlgItem.USER32(?,000003EC), ref: 00405223
CreateThread.KERNELBASE(00000000,00000000,Function_00004FF7,00000000), ref: 00405231
FindCloseChangeNotification.KERNELBASE(00000000), ref: 00405238
ShowWindow.USER32(00000000), ref: 0040525B
ShowWindow.USER32(?,00000008), ref: 00405262
ShowWindow.USER32(00000008), ref: 004052A8
SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004052DC
CreatePopupMenu.USER32 ref: 004052ED
AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 00405302
GetWindowRect.USER32(?,000000FF), ref: 00405322
TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040533B
SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405377
OpenClipboard.USER32(00000000), ref: 00405387
EmptyClipboard.USER32 ref: 0040538D
GlobalAlloc.KERNEL32(00000042,?), ref: 00405396
GlobalLock.KERNEL32(00000000), ref: 004053A0
SendMessageA.USER32(?,0000102D,00000000,?), ref: 004053B4
GlobalUnlock.KERNEL32(00000000), ref: 004053CD
SetClipboardData.USER32(00000001,00000000), ref: 004053D8
CloseClipboard.USER32 ref: 004053DE

Strings

@y, xrefs: 00405353

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlock
String ID: @y
API String ID: 4154960007-2793234042
Opcode ID: a25ffd471f9c9911946ace575152b1356f6dbca2492df985bd5bd73bc0166ab8
Instruction ID: 0ac8b7377d144d48f6dc293dc42051cc71820a332a9e268c47e7b227606d372d
Opcode Fuzzy Hash: a25ffd471f9c9911946ace575152b1356f6dbca2492df985bd5bd73bc0166ab8
Instruction Fuzzy Hash: 2CA15B70900248BFEB119FA0DD89EAE7F79FB08355F10406AFA05B61A0C7795E41DF69

Uniqueness

Uniqueness Score: -1.00%

Function 00405D2E Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 199
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersion.KERNEL32(00000006,Skipped: C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp\System.dll,00000000,00404F5D,Skipped: C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp\System.dll,00000000), ref: 00405DDF
GetSystemDirectoryA.KERNEL32(Call,00000400), ref: 00405E5A
GetWindowsDirectoryA.KERNEL32(Call,00000400), ref: 00405E6D
SHGetSpecialFolderLocation.SHELL32(?,0078FCF8), ref: 00405EA9
SHGetPathFromIDListA.SHELL32(0078FCF8,Call), ref: 00405EB7
CoTaskMemFree.OLE32(0078FCF8), ref: 00405EC2
lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00405EE4
lstrlenA.KERNEL32(Call,00000006,Skipped: C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp\System.dll,00000000,00404F5D,Skipped: C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp\System.dll,00000000), ref: 00405F36

Strings

\Microsoft\Internet Explorer\Quick Launch, xrefs: 00405EDE
Skipped: C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp\System.dll, xrefs: 00405D5D
Software\Microsoft\Windows\CurrentVersion, xrefs: 00405E29
Call, xrefs: 00405D55, 00405E27, 00405E44, 00405E59, 00405E6C, 00405E88, 00405EB3, 00405EE3, 00405EE9, 00405F01, 00405F14, 00405F2F, 00405F35, 00405F40, 00405F6A

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
String ID: Call$Skipped: C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
API String ID: 900638850-2978216646
Opcode ID: 8e4aff95ddad0addc738e551539eceb0a07d965f5232f19123b82c8b3c8fb634
Instruction ID: 9bfabfc36fba32fb106481ebf294e43342570200e8730ead7ab322b99494356e
Opcode Fuzzy Hash: 8e4aff95ddad0addc738e551539eceb0a07d965f5232f19123b82c8b3c8fb634
Instruction Fuzzy Hash: F7611231904A05ABEF115B24CC84BBF7BA8DB56314F10813BE555BA2D1D33D4A82DF9E

Uniqueness

Uniqueness Score: -1.00%

Function 004055AE Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 159
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DeleteFileA.KERNELBASE(?,?,771B3410,C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 004055D7
lstrcatA.KERNEL32(Mundstykket.min,\*.*,Mundstykket.min,?,?,771B3410,C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 0040561F
lstrcatA.KERNEL32(?,00409014,?,Mundstykket.min,?,?,771B3410,C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 00405640
lstrlenA.KERNEL32(?,?,00409014,?,Mundstykket.min,?,?,771B3410,C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 00405646
FindFirstFileA.KERNELBASE(Mundstykket.min,?,?,?,00409014,?,Mundstykket.min,?,?,771B3410,C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 00405657
FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 00405704
FindClose.KERNEL32(00000000), ref: 00405715

Strings

Mundstykket.min, xrefs: 00405607, 0040560D, 0040561E, 00405654
\*.*, xrefs: 00405619
C:\Users\user~1\AppData\Local\Temp\, xrefs: 004055BB
"C:\Users\user\Desktop\cuenta iban-ES65.exe", xrefs: 004055AE

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
String ID: "C:\Users\user\Desktop\cuenta iban-ES65.exe"$C:\Users\user~1\AppData\Local\Temp\$Mundstykket.min$\*.*
API String ID: 2035342205-635579221
Opcode ID: a8a4b792d9683b8994eb6cd94214ef05887bb3d9b353618b8ffd8ce1ac1b6fd8
Instruction ID: 15aabf9ae26d8a027305d4c4078bc37ad96aa8a5c182164a2950041f9cf2f42d
Opcode Fuzzy Hash: a8a4b792d9683b8994eb6cd94214ef05887bb3d9b353618b8ffd8ce1ac1b6fd8
Instruction Fuzzy Hash: C651DF30800A04BADB21AB618C45BBF7A78DF42355F54857BF449B61D2D73C4981EE6E

Uniqueness

Uniqueness Score: -1.00%

Function 00406010 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNELBASE(771B3410,0079FD90,Mundstykket.min,004058AF,Mundstykket.min,Mundstykket.min,00000000,Mundstykket.min,Mundstykket.min,771B3410,?,C:\Users\user~1\AppData\Local\Temp\,004055CE,?,771B3410,C:\Users\user~1\AppData\Local\Temp\), ref: 0040601B
FindClose.KERNELBASE(00000000), ref: 00406027

Strings

Mundstykket.min, xrefs: 00406010

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID: Mundstykket.min
API String ID: 2295610775-3661976162
Opcode ID: d30bbc16997dfcf9f9a572ec6341a2188e66bfdc939d37fad3f946c8dc482195
Instruction ID: 592bcfe3733b0aa744bdfcff45d7cd7e76fdd068ce72c1f71716353b7d55c377
Opcode Fuzzy Hash: d30bbc16997dfcf9f9a572ec6341a2188e66bfdc939d37fad3f946c8dc482195
Instruction Fuzzy Hash: 02D012319491305BC714977C7D4C84F7A6C9B193717114A32F46AF12E0C6749CA286E9

Uniqueness

Uniqueness Score: -1.00%

Function 00403A1E Relevance: 59.8, APIs: 32, Strings: 2, Instructions: 345
windowstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403A5A
ShowWindow.USER32(?), ref: 00403A77
DestroyWindow.USER32 ref: 00403A8B
SetWindowLongA.USER32(?,00000000,00000000), ref: 00403AA7
GetDlgItem.USER32(?,?), ref: 00403AC8
SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403ADC
IsWindowEnabled.USER32(00000000), ref: 00403AE3
GetDlgItem.USER32(?,00000001), ref: 00403B91
GetDlgItem.USER32(?,00000002), ref: 00403B9B
SetClassLongA.USER32(?,000000F2,?), ref: 00403BB5
SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403C06
GetDlgItem.USER32(?,00000003), ref: 00403CAC
ShowWindow.USER32(00000000,?), ref: 00403CCD
KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403CDF
EnableWindow.USER32(?,?), ref: 00403CFA
GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403D10
EnableMenuItem.USER32(00000000), ref: 00403D17
SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403D2F
SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403D42
lstrlenA.KERNEL32(0079E540,?,0079E540,Centrifugers Setup), ref: 00403D6B
SetWindowTextA.USER32(?,0079E540), ref: 00403D7A
ShowWindow.USER32(?,0000000A), ref: 00403EAE

Strings

Centrifugers Setup, xrefs: 00403D5C
@y, xrefs: 00403D57

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
String ID: @y$Centrifugers Setup
API String ID: 3282139019-1221847780
Opcode ID: cc9d0d33d140f6c7f3dfcc1daafeed48d3c30ff6fb1dcf2fe60019aa41219e48
Instruction ID: 604a4885fc931abc1044a41a4cf0f2958d917e977c7d56f4e50accb35e18e33b
Opcode Fuzzy Hash: cc9d0d33d140f6c7f3dfcc1daafeed48d3c30ff6fb1dcf2fe60019aa41219e48
Instruction Fuzzy Hash: F1C1AE31904205ABEB216F61ED85E2B3EACEB4574AF00453EF501B11F1C739A942DB5E

Uniqueness

Uniqueness Score: -1.00%

Function 0040368C Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215
stringregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004060A5: GetModuleHandleA.KERNEL32(?,?,?,00403156,00000009), ref: 004060B7
Part of subcall function 004060A5: GetProcAddress.KERNEL32(00000000,?), ref: 004060D2

lstrcatA.KERNEL32(1033,0079E540,80000001,Control Panel\Desktop\ResourceLocale,00000000,0079E540,00000000,00000002,771B3410,C:\Users\user~1\AppData\Local\Temp\,"C:\Users\user\Desktop\cuenta iban-ES65.exe",00000000), ref: 00403707
lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user~1\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet,1033,0079E540,80000001,Control Panel\Desktop\ResourceLocale,00000000,0079E540,00000000,00000002,771B3410), ref: 0040377C
lstrcmpiA.KERNEL32(?,.exe), ref: 0040378F
GetFileAttributesA.KERNEL32(Call), ref: 0040379A
LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user~1\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet), ref: 004037E3

Part of subcall function 00405C6A: wsprintfA.USER32 ref: 00405C77

RegisterClassA.USER32(007A16E0), ref: 00403820
SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00403838
CreateWindowExA.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 0040386D
ShowWindow.USER32(00000005,00000000), ref: 004038A3
GetClassInfoA.USER32(00000000,RichEdit20A,007A16E0), ref: 004038CF
GetClassInfoA.USER32(00000000,RichEdit,007A16E0), ref: 004038DC
RegisterClassA.USER32(007A16E0), ref: 004038E5
DialogBoxParamA.USER32(?,00000000,00403A1E,00000000), ref: 00403904

Strings

@y, xrefs: 004036B8
RichEd20, xrefs: 004038A9
.exe, xrefs: 00403789
Call, xrefs: 0040374A, 00403752, 0040375F, 004037A9, 004037AF
RichEdit20A, xrefs: 004038C7, 004038CD
1033, xrefs: 004036AC, 00403702
RichEdit, xrefs: 004038D6
C:\Users\user~1\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet, xrefs: 00403716, 0040371E, 004037B6, 004037BC, 004037CC
.DEFAULT\Control Panel\International, xrefs: 004036F2
C:\Users\user~1\AppData\Local\Temp\, xrefs: 00403691
"C:\Users\user\Desktop\cuenta iban-ES65.exe", xrefs: 00403690
RichEd32, xrefs: 004038B7
_Nb, xrefs: 004037FF, 00403867
Control Panel\Desktop\ResourceLocale, xrefs: 004036C0

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
String ID: "C:\Users\user\Desktop\cuenta iban-ES65.exe"$.DEFAULT\Control Panel\International$.exe$1033$@y$C:\Users\user~1\AppData\Local\Temp\$C:\Users\user~1\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
API String ID: 1975747703-2202342948
Opcode ID: 5ab0478d8d29fcc30d6f86d58a97276ab6e1e5173614108ac56cb6ac56f41f24
Instruction ID: b6748c6733e3bb55aa357910a2c4fdec813f4d760fd6ac6bc3454eeade69f907
Opcode Fuzzy Hash: 5ab0478d8d29fcc30d6f86d58a97276ab6e1e5173614108ac56cb6ac56f41f24
Instruction Fuzzy Hash: D06106B4504244AEE710AF659C45F3B3AACEB85789F00857FF900B22E1D77CAD019B2D

Uniqueness

Uniqueness Score: -1.00%

Function 00402C66 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 00402C77
GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\cuenta iban-ES65.exe,00000400), ref: 00402C93

Part of subcall function 0040597F: GetFileAttributesA.KERNELBASE(00000003,00402CA6,C:\Users\user\Desktop\cuenta iban-ES65.exe,80000000,00000003), ref: 00405983
Part of subcall function 0040597F: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004059A5

GetFileSize.KERNEL32(00000000,00000000,007AA000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\cuenta iban-ES65.exe,C:\Users\user\Desktop\cuenta iban-ES65.exe,80000000,00000003), ref: 00402CDF

Strings

Error launching installer, xrefs: 00402CB6
C:\Users\user\Desktop\cuenta iban-ES65.exe, xrefs: 00402C7D, 00402C8C, 00402CA0, 00402CC0
Inst, xrefs: 00402D4B
Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402E3E
soft, xrefs: 00402D54
C:\Users\user\Desktop, xrefs: 00402CC1, 00402CC6, 00402CCC
C:\Users\user~1\AppData\Local\Temp\, xrefs: 00402C6D
Null, xrefs: 00402D5D
"C:\Users\user\Desktop\cuenta iban-ES65.exe", xrefs: 00402C66

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: File$AttributesCountCreateModuleNameSizeTick
String ID: "C:\Users\user\Desktop\cuenta iban-ES65.exe"$C:\Users\user~1\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\cuenta iban-ES65.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
API String ID: 4283519449-4108940799
Opcode ID: ade385f577374e8dc66d5b5cc495e95f7f1f773012bbca210bc499bf2ace4bcf
Instruction ID: fe9ef23653e85685a193ad9c5457c4b2e55d644b791d7b95544962d8ab1ad500
Opcode Fuzzy Hash: ade385f577374e8dc66d5b5cc495e95f7f1f773012bbca210bc499bf2ace4bcf
Instruction Fuzzy Hash: CC51F471941214AFEB119F65DE89B9E7BA8EF04364F14803BF904B62D1D7BC8D408BAD

Uniqueness

Uniqueness Score: -1.00%

Function 00401751 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user~1\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Disenthralls\Ethnogenist82,00000000,00000000,00000031), ref: 00401790
CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user~1\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Disenthralls\Ethnogenist82,00000000,00000000,00000031), ref: 004017BA

Part of subcall function 00405D0C: lstrcpynA.KERNEL32(?,?,00000400,0040319A,Centrifugers Setup,NSIS Error), ref: 00405D19

Part of subcall function 00404F25: lstrlenA.KERNEL32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp\System.dll,00000000,0078FCF8,771B23A0,?,?,?,?,?,?,?,?,?,00402FD7,00000000,?), ref: 00404F5E
Part of subcall function 00404F25: lstrlenA.KERNEL32(00402FD7,Skipped: C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp\System.dll,00000000,0078FCF8,771B23A0,?,?,?,?,?,?,?,?,?,00402FD7,00000000), ref: 00404F6E
Part of subcall function 00404F25: lstrcatA.KERNEL32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp\System.dll,00402FD7,00402FD7,Skipped: C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp\System.dll,00000000,0078FCF8,771B23A0), ref: 00404F81
Part of subcall function 00404F25: SetWindowTextA.USER32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp\System.dll,Skipped: C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp\System.dll), ref: 00404F93
Part of subcall function 00404F25: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404FB9
Part of subcall function 00404F25: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FD3
Part of subcall function 00404F25: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FE1

Strings

C:\Users\user~1\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Disenthralls\Ethnogenist82, xrefs: 0040177E
C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp\System.dll, xrefs: 0040181E, 0040183A
Call, xrefs: 0040176D, 00401776, 00401783, 00401795, 004017A6, 004017DC, 004017F2, 00401810, 00401850, 004018D1, 004018DA, 004018E4, 004018EF
C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp, xrefs: 0040179B, 0040180A, 00401828

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
String ID: C:\Users\user~1\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Disenthralls\Ethnogenist82$C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp$C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp\System.dll$Call
API String ID: 1941528284-2660681123
Opcode ID: 5e03d36904a7eeb5841e00992d69492e27180b3810e897763e3b08a6b730bf5c
Instruction ID: e334bcbcf7859558867c6a38b10ffbeddee8f855bc543c6a7f27992f07fd6e89
Opcode Fuzzy Hash: 5e03d36904a7eeb5841e00992d69492e27180b3810e897763e3b08a6b730bf5c
Instruction Fuzzy Hash: 4B41C672900519BADB107BA5CC45DAF7AB9DF46329B20C33BF021B20E1C67C4A419A5D

Uniqueness

Uniqueness Score: -1.00%

Function 00404F25 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73
stringwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenA.KERNEL32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp\System.dll,00000000,0078FCF8,771B23A0,?,?,?,?,?,?,?,?,?,00402FD7,00000000,?), ref: 00404F5E
lstrlenA.KERNEL32(00402FD7,Skipped: C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp\System.dll,00000000,0078FCF8,771B23A0,?,?,?,?,?,?,?,?,?,00402FD7,00000000), ref: 00404F6E
lstrcatA.KERNEL32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp\System.dll,00402FD7,00402FD7,Skipped: C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp\System.dll,00000000,0078FCF8,771B23A0), ref: 00404F81
SetWindowTextA.USER32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp\System.dll,Skipped: C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp\System.dll), ref: 00404F93
SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404FB9
SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FD3
SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FE1

Strings

Skipped: C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp\System.dll, xrefs: 00404F45, 00404F57, 00404F5D, 00404F80, 00404F8C

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: MessageSend$lstrlen$TextWindowlstrcat
String ID: Skipped: C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp\System.dll
API String ID: 2531174081-3500335528
Opcode ID: ffeeb4340939991043f1e35409b025ff27b4b0c44884115af8641db84ff7770b
Instruction ID: b1dc6bec94ba42b715134808c0c3c35089c42976f802e7ea77bea70e7b84fba8
Opcode Fuzzy Hash: ffeeb4340939991043f1e35409b025ff27b4b0c44884115af8641db84ff7770b
Instruction Fuzzy Hash: 1F21817190011DBFDF119FA5DD449DEBFA9EF45354F04807AFA04A6291C7388E409BA8

Uniqueness

Uniqueness Score: -1.00%

Function 004053EB Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 39
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateDirectoryA.KERNELBASE(?,?,C:\Users\user~1\AppData\Local\Temp\), ref: 0040542E
GetLastError.KERNEL32 ref: 00405442
SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 00405457
GetLastError.KERNEL32 ref: 00405461

Strings

ds@, xrefs: 00405420
C:\Users\user\Desktop, xrefs: 004053EB
C:\Users\user~1\AppData\Local\Temp\, xrefs: 00405411
ts@, xrefs: 004053F1

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: ErrorLast$CreateDirectoryFileSecurity
String ID: C:\Users\user~1\AppData\Local\Temp\$C:\Users\user\Desktop$ds@$ts@
API String ID: 3449924974-228423945
Opcode ID: f69d3160a82a2859f106a017fa20b71bd819ec85ae22b078452fa26fbc967781
Instruction ID: 8acfd36fb30660db29d177a8be8d7647adb8d58efdd4f3c758bfd1505ce0b010
Opcode Fuzzy Hash: f69d3160a82a2859f106a017fa20b71bd819ec85ae22b078452fa26fbc967781
Instruction Fuzzy Hash: CF010871D14259EADF119FA4D9447EFBFB8EF04315F004176E904B6290D378A644CFAA

Uniqueness

Uniqueness Score: -1.00%

Function 00406037 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0040604E
wsprintfA.USER32 ref: 00406087
LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040609B

Strings

\, xrefs: 0040605F
UXTHEME, xrefs: 00406040
%s%s.dll, xrefs: 00406081

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: DirectoryLibraryLoadSystemwsprintf
String ID: %s%s.dll$UXTHEME$\
API String ID: 2200240437-4240819195
Opcode ID: 38f932dad6d10820f3564912fa7e39c047c8ada2afd73a6a353afcde48b08f1a
Instruction ID: 17439860729f5247506b6fa79cc71e4dc0dc9fec6db89644704a68070b9bc3a3
Opcode Fuzzy Hash: 38f932dad6d10820f3564912fa7e39c047c8ada2afd73a6a353afcde48b08f1a
Instruction Fuzzy Hash: BAF0F630A40209ABEB14EB78DC0DFEB365CAB08305F14017AB547F11D2EA78E8258B69

Uniqueness

Uniqueness Score: -1.00%

Function 00402E9F Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 161
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 00402F06
GetTickCount.KERNEL32 ref: 00402F8A
MulDiv.KERNEL32(7FFFFFFF,00000064,00000020), ref: 00402FB3
wsprintfA.USER32 ref: 00402FC3

Strings

... %d%%, xrefs: 00402FBD

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: CountTick$wsprintf
String ID: ... %d%%
API String ID: 551687249-2449383134
Opcode ID: 64d2ce798d2dc69bad610a2ea0e87ea1e6662520605f5bed10a59724df5d2c56
Instruction ID: 2f6adf6c827ed57ff932280c4bcb171559557b12de80228d6f8143075edc11b6
Opcode Fuzzy Hash: 64d2ce798d2dc69bad610a2ea0e87ea1e6662520605f5bed10a59724df5d2c56
Instruction Fuzzy Hash: 5D519E7280221AABDB10DF65DA44A9F7BB8AF00755F14417BFD10B32C4C7788E51DBAA

Uniqueness

Uniqueness Score: -1.00%

Function 00402364 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71
registrystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegCreateKeyExA.KERNELBASE(00000000,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004023A2
lstrlenA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004023C2
RegSetValueExA.KERNELBASE(?,?,?,?,C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004023FB
RegCloseKey.KERNELBASE(?,?,?,C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004024D8

Strings

C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp, xrefs: 004023B3, 004023D5, 004023E5, 004023F0

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: CloseCreateValuelstrlen
String ID: C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp
API String ID: 1356686001-2335473735
Opcode ID: 95f3ce197d66b28f2349b4934464a2b23ce3a0c7672594602c95ba6d29eb32a7
Instruction ID: 90de9cbbb944b5ce7c16acb051fe3e73370ea29dc9d439d86f68b9f38bc34e97
Opcode Fuzzy Hash: 95f3ce197d66b28f2349b4934464a2b23ce3a0c7672594602c95ba6d29eb32a7
Instruction Fuzzy Hash: 04117572E00108BFEB10AFA4EE89EAF767DEB54358F10403AF505B61D1D6B85D419B28

Uniqueness

Uniqueness Score: -1.00%

Function 004059AE Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 004059C2
GetTempFileNameA.KERNELBASE(?,?,00000000,?), ref: 004059DC

Strings

nsa, xrefs: 004059B9
C:\Users\user~1\AppData\Local\Temp\, xrefs: 004059B1
"C:\Users\user\Desktop\cuenta iban-ES65.exe", xrefs: 004059AE

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: CountFileNameTempTick
String ID: "C:\Users\user\Desktop\cuenta iban-ES65.exe"$C:\Users\user~1\AppData\Local\Temp\$nsa
API String ID: 1716503409-2349758354
Opcode ID: a71f6d19a672690ae76045f6a92713abfaab32ef542e638d1cc3651a1fbf987a
Instruction ID: 14833181556f01f8699e9ecebe408800633a5ab51cc0013a882439dab00eebba
Opcode Fuzzy Hash: a71f6d19a672690ae76045f6a92713abfaab32ef542e638d1cc3651a1fbf987a
Instruction Fuzzy Hash: 2AF0E232708204ABEB109F15EC04B9B7B9CDF91720F00C03BFA049A181D2B598448B58

Uniqueness

Uniqueness Score: -1.00%

Function 00402A7A Relevance: 7.6, APIs: 5, Instructions: 67
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.KERNELBASE(?,?,00000000,00000000,?), ref: 00402A9B
RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AD7
RegCloseKey.ADVAPI32(?), ref: 00402AE0
RegCloseKey.ADVAPI32(?), ref: 00402B05
RegDeleteKeyA.ADVAPI32(?,?), ref: 00402B23

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: Close$DeleteEnumOpen
String ID:
API String ID: 1912718029-0
Opcode ID: b56f379d4c7718a716cd2f0f4935c5eaa8b38fc1cc2d991abe85072f08e57da9
Instruction ID: 557db050c0314b8bb5c0b22d2db4fc3530b60cfc711b7b252a141f8c1691c263
Opcode Fuzzy Hash: b56f379d4c7718a716cd2f0f4935c5eaa8b38fc1cc2d991abe85072f08e57da9
Instruction Fuzzy Hash: 82114272900109FFEF229F50DE89DAE3B7DEB54344B104436F901B10A0D7B59E51DB69

Uniqueness

Uniqueness Score: -1.00%

Function 100016BD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON

Download Yara Rule

APIs

Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CC4
Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CC9
Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CCE

GlobalFree.KERNEL32(00000000), ref: 10001768
FreeLibrary.KERNEL32(?), ref: 100017DF
GlobalFree.KERNEL32(00000000), ref: 10001804

Part of subcall function 100021B0: GlobalAlloc.KERNEL32(00000040,7D8BEC45), ref: 100021E2

Part of subcall function 10002589: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,10001739,00000000), ref: 100025FB

Part of subcall function 10001559: lstrcpyA.KERNEL32(00000000,10004010,00000000,10001695,00000000), ref: 10001572

Strings

, xrefs: 100017E5

Memory Dump Source

Source File: 00000000.00000002.3683133563.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3683116166.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.3683150170.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.3683168302.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_cuenta iban-ES65.jbxd

Similarity

API ID: Global$Free$Alloc$Librarylstrcpy
String ID:
API String ID: 1791698881-3916222277
Opcode ID: 676a92eb632660267f66b66a0e8313324764f953d5bc12d8e45a65eb3bf091b8
Instruction ID: 7bd52774c71d274dd6e07030a7ef65efb9a892d3f5f2eddd47f658e3267813e4
Opcode Fuzzy Hash: 676a92eb632660267f66b66a0e8313324764f953d5bc12d8e45a65eb3bf091b8
Instruction Fuzzy Hash: B5319C79408205DAFB41DF649CC5BCA37ECFF042D5F018465FA0A9A09EDF78A8858B60

Uniqueness

Uniqueness Score: -1.00%

Function 00401F90 Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401FBB

Part of subcall function 00404F25: lstrlenA.KERNEL32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp\System.dll,00000000,0078FCF8,771B23A0,?,?,?,?,?,?,?,?,?,00402FD7,00000000,?), ref: 00404F5E
Part of subcall function 00404F25: lstrlenA.KERNEL32(00402FD7,Skipped: C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp\System.dll,00000000,0078FCF8,771B23A0,?,?,?,?,?,?,?,?,?,00402FD7,00000000), ref: 00404F6E
Part of subcall function 00404F25: lstrcatA.KERNEL32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp\System.dll,00402FD7,00402FD7,Skipped: C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp\System.dll,00000000,0078FCF8,771B23A0), ref: 00404F81
Part of subcall function 00404F25: SetWindowTextA.USER32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp\System.dll,Skipped: C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp\System.dll), ref: 00404F93
Part of subcall function 00404F25: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404FB9
Part of subcall function 00404F25: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FD3
Part of subcall function 00404F25: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FE1

LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401FCB
GetProcAddress.KERNEL32(00000000,?), ref: 00401FDB
FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402045

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
String ID:
API String ID: 2987980305-0
Opcode ID: 476832df612887f4a98732b8013ee5cf87a549cf8b61ddf4280dfada18b4ac95
Instruction ID: a6d6138a22214a2ec3127db012fcbe8ccdb9873b287714200ab65a7954d0c462
Opcode Fuzzy Hash: 476832df612887f4a98732b8013ee5cf87a549cf8b61ddf4280dfada18b4ac95
Instruction Fuzzy Hash: 93212B72904211EBDF217F648E4DAAE76B1AB45318F30423BF311B62D1C7BC4941DA6E

Uniqueness

Uniqueness Score: -1.00%

Function 004015B3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

Part of subcall function 00405817: CharNextA.USER32(?,?,Mundstykket.min,?,00405883,Mundstykket.min,Mundstykket.min,771B3410,?,C:\Users\user~1\AppData\Local\Temp\,004055CE,?,771B3410,C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 00405825
Part of subcall function 00405817: CharNextA.USER32(00000000), ref: 0040582A
Part of subcall function 00405817: CharNextA.USER32(00000000), ref: 0040583E

GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 00401605

Part of subcall function 004053EB: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user~1\AppData\Local\Temp\), ref: 0040542E

SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user~1\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Disenthralls\Ethnogenist82,00000000,00000000,000000F0), ref: 00401634

Strings

C:\Users\user~1\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Disenthralls\Ethnogenist82, xrefs: 00401629

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: CharNext$Directory$AttributesCreateCurrentFile
String ID: C:\Users\user~1\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Disenthralls\Ethnogenist82
API String ID: 1892508949-1831257187
Opcode ID: a14e864d23f98375699232fb754d4bc44ca53d05217b3c1b1847c17307bb81b5
Instruction ID: 6ea9d176647784ede47dca84986b1d8040ea6f7a989068fde2debc666839409d
Opcode Fuzzy Hash: a14e864d23f98375699232fb754d4bc44ca53d05217b3c1b1847c17307bb81b5
Instruction Fuzzy Hash: A2112B35404141ABDF217B650C405BF27F0EA92315738463FF591B22E2C63C0942A63F

Uniqueness

Uniqueness Score: -1.00%

Function 0040549D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0079FD48,Error launching installer), ref: 004054C6
CloseHandle.KERNEL32(?), ref: 004054D3

Strings

Error launching installer, xrefs: 004054B0

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: CloseCreateHandleProcess
String ID: Error launching installer
API String ID: 3712363035-66219284
Opcode ID: 9f0b0f85f0295080a22e5d155a7c66e390f8f607a8e504552004f12f3aafe87f
Instruction ID: 542db3fa263e6c3fd8363e81c561fcb1d1edc85eb607383f0aa2fc0e1be44d1e
Opcode Fuzzy Hash: 9f0b0f85f0295080a22e5d155a7c66e390f8f607a8e504552004f12f3aafe87f
Instruction Fuzzy Hash: 95E0BFF4A002097FEB10AB64ED45F7B7BACEB00645F108561FD10F6190D674A9549A79

Uniqueness

Uniqueness Score: -1.00%

Function 00401E44 Relevance: 4.5, APIs: 3, Instructions: 48synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 00404F25: lstrlenA.KERNEL32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp\System.dll,00000000,0078FCF8,771B23A0,?,?,?,?,?,?,?,?,?,00402FD7,00000000,?), ref: 00404F5E
Part of subcall function 00404F25: lstrlenA.KERNEL32(00402FD7,Skipped: C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp\System.dll,00000000,0078FCF8,771B23A0,?,?,?,?,?,?,?,?,?,00402FD7,00000000), ref: 00404F6E
Part of subcall function 00404F25: lstrcatA.KERNEL32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp\System.dll,00402FD7,00402FD7,Skipped: C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp\System.dll,00000000,0078FCF8,771B23A0), ref: 00404F81
Part of subcall function 00404F25: SetWindowTextA.USER32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp\System.dll,Skipped: C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp\System.dll), ref: 00404F93
Part of subcall function 00404F25: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404FB9
Part of subcall function 00404F25: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FD3
Part of subcall function 00404F25: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FE1

Part of subcall function 0040549D: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0079FD48,Error launching installer), ref: 004054C6
Part of subcall function 0040549D: CloseHandle.KERNEL32(?), ref: 004054D3

WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00401E7E
GetExitCodeProcess.KERNEL32(?,?), ref: 00401E8E
CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EB3

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcat
String ID:
API String ID: 3521207402-0
Opcode ID: 14e9a68a48877c278421f24f680dbac82aa09eee17fd4f329e702c87491356df
Instruction ID: f3d89628ed1a2f536a51da31c0d1f3bff78da2cc26dd4d815c67a837da1bf94c
Opcode Fuzzy Hash: 14e9a68a48877c278421f24f680dbac82aa09eee17fd4f329e702c87491356df
Instruction Fuzzy Hash: 53016D31904114EBDF11AFA1CD89A9E7B72EF00344F10817BF601B52E1C7789A819B9A

Uniqueness

Uniqueness Score: -1.00%

Function 00402482 Relevance: 4.5, APIs: 3, Instructions: 44registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00402B44: RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B6C

RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 004024B0
RegEnumValueA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,00000003), ref: 004024C3
RegCloseKey.KERNELBASE(?,?,?,C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004024D8

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: Enum$CloseOpenValue
String ID:
API String ID: 167947723-0
Opcode ID: cab775b8895c8a4c4f35b0b4981659a72946dee781d42c39cc8dfcfc307467ae
Instruction ID: 6b9a29d885729d806435ba0af982d5db400a82278970f5f8cd94cba27a839736
Opcode Fuzzy Hash: cab775b8895c8a4c4f35b0b4981659a72946dee781d42c39cc8dfcfc307467ae
Instruction Fuzzy Hash: EDF0AD72904200AFEB11AF659E88EBB7A6DEB80344B10443AF505A61C0D6B849449A7A

Uniqueness

Uniqueness Score: -1.00%

Function 100027E8 Relevance: 3.2, APIs: 2, Instructions: 156COMMON

Download Yara Rule

APIs

EnumWindows.USER32(00000000), ref: 100028A7
GetLastError.KERNEL32 ref: 100029AE

Memory Dump Source

Source File: 00000000.00000002.3683133563.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3683116166.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.3683150170.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.3683168302.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_cuenta iban-ES65.jbxd

Similarity

API ID: EnumErrorLastWindows
String ID:
API String ID: 14984897-0
Opcode ID: 7af5c486cb8ea8547353861cfd678fbd8d20862330e18d67419e74999799b2ae
Instruction ID: 700bf99a33fcd989ee77f819fa46e2371db99389a88ce2eb288524e3b596c0af
Opcode Fuzzy Hash: 7af5c486cb8ea8547353861cfd678fbd8d20862330e18d67419e74999799b2ae
Instruction Fuzzy Hash: 9751A2BA908214DFFB10DF64DCC674937A4EB443D4F21842AEA08E726DCF34A9808B95

Uniqueness

Uniqueness Score: -1.00%

Function 00402410 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00402B44: RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B6C

RegQueryValueExA.KERNELBASE(00000000,00000000,?,?,?,?), ref: 00402440
RegCloseKey.KERNELBASE(?,?,?,C:\Users\user~1\AppData\Local\Temp\nsoECA3.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004024D8

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID:
API String ID: 3677997916-0
Opcode ID: aa3db77b9cc560274a76cb45f56f3204273d71fdcdd2e47ef4425566c18310c6
Instruction ID: 3b61e3a0dd356b8eb8c6217664be55b6a4c5c12d426b24930886ed9b9a2887e1
Opcode Fuzzy Hash: aa3db77b9cc560274a76cb45f56f3204273d71fdcdd2e47ef4425566c18310c6
Instruction Fuzzy Hash: 5911A771905205EFDF14DF64CA889AEBBB4EF11348F20443FE141B62C0D2B84A45DB5A

Uniqueness

Uniqueness Score: -1.00%

Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON

Download Yara Rule

APIs

MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
SendMessageA.USER32(?,00000402,00000000), ref: 004013F4

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: b63ad44f694a207690e677ec35bda8f999f5426b301403e6904e10af90410016
Instruction ID: 00097469377630013da62b9f7c31fbdee85021c234e60ac5accdaffcc3ed26dc
Opcode Fuzzy Hash: b63ad44f694a207690e677ec35bda8f999f5426b301403e6904e10af90410016
Instruction Fuzzy Hash: BE01F4316242209BF7194B389C04B6A3698E751354F10813BF811F62F1D678DC028B4D

Uniqueness

Uniqueness Score: -1.00%

Function 00402308 Relevance: 3.0, APIs: 2, Instructions: 40registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00402B44: RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B6C

RegDeleteValueA.ADVAPI32(00000000,00000000,00000033), ref: 00402327
RegCloseKey.ADVAPI32(00000000), ref: 00402330

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: CloseDeleteOpenValue
String ID:
API String ID: 849931509-0
Opcode ID: 94d3f755d296f67dc578ae8b81c31c9511cf1a3f1cd7194df74889da09d5be06
Instruction ID: 97ae11083f28a0faafd94fb7fe42009bced1e39793468f635283aee611ee1e77
Opcode Fuzzy Hash: 94d3f755d296f67dc578ae8b81c31c9511cf1a3f1cd7194df74889da09d5be06
Instruction Fuzzy Hash: A2F04433A00110AFEB10BBA48A4EAAE7269AB50344F14443BF201B61C1DABD4D12966D

Uniqueness

Uniqueness Score: -1.00%

Function 0040155B Relevance: 3.0, APIs: 2, Instructions: 28COMMON

Download Yara Rule

APIs

ShowWindow.USER32(00010410), ref: 00401579
ShowWindow.USER32(0001040A), ref: 0040158E

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: 819798dc53cfa1cdbbfc5d7e08787ba6897a8f53220b076d06f42c99be0ae6da
Instruction ID: 8b304e13c4ff4e58b2746d459b27b343ece49c0a97bab20a5a043a2c5b6af2c1
Opcode Fuzzy Hash: 819798dc53cfa1cdbbfc5d7e08787ba6897a8f53220b076d06f42c99be0ae6da
Instruction Fuzzy Hash: DEF0E577A082905FEB15CB64EDC086D7BF2EB8631075445BBD101A3691C2785C08C728

Uniqueness

Uniqueness Score: -1.00%

Function 004060A5 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(?,?,?,00403156,00000009), ref: 004060B7
GetProcAddress.KERNEL32(00000000,?), ref: 004060D2

Part of subcall function 00406037: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0040604E
Part of subcall function 00406037: wsprintfA.USER32 ref: 00406087
Part of subcall function 00406037: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040609B

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
String ID:
API String ID: 2547128583-0
Opcode ID: ad31075058678b318fb1acd60a85244af91915838e2bda58b2d8d9f4dd3fd24d
Instruction ID: 3e97459997e7f7d7039c0cd31b40a13ca7cd82e20333033f2d5c91e802436a08
Opcode Fuzzy Hash: ad31075058678b318fb1acd60a85244af91915838e2bda58b2d8d9f4dd3fd24d
Instruction Fuzzy Hash: 9DE08632644121AAD32097749E0493B72ACAA84751302093EF506F2180D7389C21A669

Uniqueness

Uniqueness Score: -1.00%

Function 0040597F Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000003,00402CA6,C:\Users\user\Desktop\cuenta iban-ES65.exe,80000000,00000003), ref: 00405983
CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004059A5

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: File$AttributesCreate
String ID:
API String ID: 415043291-0
Opcode ID: 8635a13517db9147ca88e6c1994c1e63e85e115acab2f3846d9047911b568965
Instruction ID: 2848333a8a5b20597e43067d17cc290ce391feab13c7f73248cb22e1b8f9cacf
Opcode Fuzzy Hash: 8635a13517db9147ca88e6c1994c1e63e85e115acab2f3846d9047911b568965
Instruction Fuzzy Hash: 5CD09E31658301AFEF098F20DD16F2EBAA2EB84B01F10962CBA82950E0D6755C159B26

Uniqueness

Uniqueness Score: -1.00%

Function 00405468 Relevance: 3.0, APIs: 2, Instructions: 9COMMON

Download Yara Rule

APIs

CreateDirectoryA.KERNELBASE(?,00000000,004030DF,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,004032DC), ref: 0040546E
GetLastError.KERNEL32 ref: 0040547C

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID:
API String ID: 1375471231-0
Opcode ID: 5a69f4d8b5a7b583b3b8a13bd9b089cb74a3312a80339e25d7f83e3ab18a8421
Instruction ID: c55d8aa437131a95a01de78b0052dcd3d9cc3f447ee629d771dafcce0f52932c
Opcode Fuzzy Hash: 5a69f4d8b5a7b583b3b8a13bd9b089cb74a3312a80339e25d7f83e3ab18a8421
Instruction Fuzzy Hash: F5C04C30719601EAD6205B609E08B5B7D54AB54742F1045756546E10F0D6749451D92E

Uniqueness

Uniqueness Score: -1.00%

Function 0040255C Relevance: 1.6, APIs: 1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: wsprintf
String ID:
API String ID: 2111968516-0
Opcode ID: 2b3f0152387d06df6eaf096f135fad1e6c25d68e51a67a505a4e16ce5121cf03
Instruction ID: 2ad6ade0dd87bb00519d913a8aa863536615c58d60cd2f1651ee4e1b5922b607
Opcode Fuzzy Hash: 2b3f0152387d06df6eaf096f135fad1e6c25d68e51a67a505a4e16ce5121cf03
Instruction Fuzzy Hash: D321DB70C04295BEDF318B584A985AF7B749B11314F1484BBE891B62D1C1BD8A85EB1D

Uniqueness

Uniqueness Score: -1.00%

Function 00402616 Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(00000000,?,00000000,00000002,?,?), ref: 00402630

Part of subcall function 00405C6A: wsprintfA.USER32 ref: 00405C77

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: FilePointerwsprintf
String ID:
API String ID: 327478801-0
Opcode ID: 605c8d6a649ef785eb1d6a94470a00a99215b591ffdd9e56fcea621c1e02c6b1
Instruction ID: 8aac78d75a064c4630454a8a93e19dff4664e4603579630d9101515f905a40da
Opcode Fuzzy Hash: 605c8d6a649ef785eb1d6a94470a00a99215b591ffdd9e56fcea621c1e02c6b1
Instruction Fuzzy Hash: 56E01A76A05640AAE701B7A5AE89CBE636ADB50318B20853BF601B00C1C6BD89059A3E

Uniqueness

Uniqueness Score: -1.00%

Function 00402283 Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

WritePrivateProfileStringA.KERNEL32(00000000,00000000,?,00000000), ref: 004022BC

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: PrivateProfileStringWrite
String ID:
API String ID: 390214022-0
Opcode ID: 4656573f168c310efd594f08e96abc660716981113b3fc3e41d9438b56e455a3
Instruction ID: ed5e863b5af70a22674a87f6432e4eb84017b1e79b4e81bbc09640d5f5368664
Opcode Fuzzy Hash: 4656573f168c310efd594f08e96abc660716981113b3fc3e41d9438b56e455a3
Instruction Fuzzy Hash: 8AE04F31B001746FDB217AF14E8EE7F11989B84348B64417EF601B62C3DDBC4D434AA9

Uniqueness

Uniqueness Score: -1.00%

Function 00402B44 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B6C

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 2def34932d008b1c6cdd5ca58b5769b0c908390d8f7109fb18f9f363c944e71c
Instruction ID: f02d1f32d416435064830634415e16150983832f9e15cf27d1a8645227483e3a
Opcode Fuzzy Hash: 2def34932d008b1c6cdd5ca58b5769b0c908390d8f7109fb18f9f363c944e71c
Instruction Fuzzy Hash: 6EE0E676250108BFD700DFA9DD47FD577ECE758745F008421B609D7095C774E5508B69

Uniqueness

Uniqueness Score: -1.00%

Function 00405A26 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403057,00000000,007890F8,000000FF,007890F8,000000FF,000000FF,00000004,00000000), ref: 00405A3A

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: d04482319dc3028e4ce08f739f1cf32aeeec85f3b87b0f01a1fec36d148a5575
Instruction ID: 202e9d0092b88ed1e300126467a6d0629c49e9ab1c26cc5f9aac99f6baf52130
Opcode Fuzzy Hash: d04482319dc3028e4ce08f739f1cf32aeeec85f3b87b0f01a1fec36d148a5575
Instruction Fuzzy Hash: FFE0EC3261425AAFDF10AEA59C44EEB7B6CFB05360F008533F915E2550D231E921DFA9

Uniqueness

Uniqueness Score: -1.00%

Function 004059F7 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004030A1,00000000,00000000,00402EEE,000000FF,00000004,00000000,00000000,00000000), ref: 00405A0B

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 9e9b74a17ccb5deaff559da35202fcfca8c983c6050daaa8761ff941af9ce947
Instruction ID: ec62d6923e01247a1983afaeae7cc56c043784b3a51a97a909eefe23b1c45cc9
Opcode Fuzzy Hash: 9e9b74a17ccb5deaff559da35202fcfca8c983c6050daaa8761ff941af9ce947
Instruction Fuzzy Hash: CFE04F32210259AFCF10AE549C40EAB375CEB04250F004432F915E2040D230E8119FA8

Uniqueness

Uniqueness Score: -1.00%

Function 1000270B Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(1000404C,00000004,00000040,1000403C), ref: 10002729

Memory Dump Source

Source File: 00000000.00000002.3683133563.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3683116166.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.3683150170.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.3683168302.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_cuenta iban-ES65.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
Instruction ID: 4f82052a8ee677216feeb46ba648c84afb962adc58c95b92ee0d34447feb5494
Opcode Fuzzy Hash: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
Instruction Fuzzy Hash: B5F09BF19092A0DEF360DF688CC4B063FE4E3983D5B03892AE358F6269EB7441448B19

Uniqueness

Uniqueness Score: -1.00%

Function 004022C7 Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

GetPrivateProfileStringA.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 004022FA

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: PrivateProfileString
String ID:
API String ID: 1096422788-0
Opcode ID: e1bf17ceeca7babf037772fd815ac17da169c1b5a8a1c598223fa677f22f5cbc
Instruction ID: 39f1f9859769fa242ff58571ca275c021542d1dfaf63d46caa25723865460d27
Opcode Fuzzy Hash: e1bf17ceeca7babf037772fd815ac17da169c1b5a8a1c598223fa677f22f5cbc
Instruction Fuzzy Hash: 66E08630A04214BFDB20EFA08D09BAE3669BF11714F10403AF9917B0D2EAB849419B1D

Uniqueness

Uniqueness Score: -1.00%

Function 00403F3D Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(00010404,00000000,00000000,00000000), ref: 00403F4F

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: fe9c5fbe97cae241cde84ce22785a5e9dbc0b02d0b9d793388d9d8a90b417260
Instruction ID: 9b9c13dac3056517ae90cab9ba0900707a7cdbddb9b58ac83e38e750941f619c
Opcode Fuzzy Hash: fe9c5fbe97cae241cde84ce22785a5e9dbc0b02d0b9d793388d9d8a90b417260
Instruction Fuzzy Hash: 39C04C71A442016AEB219B649D49F067BA8A751701F1594257315A50E0D674E410D66D

Uniqueness

Uniqueness Score: -1.00%

Function 00403F26 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(00000028,?,00000001,00403D57), ref: 00403F34

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: c60a5741adf6fd17905679b15365177ec5dfd851c523a537735145c0d793b3ca
Instruction ID: bce073d95cda9f80ae5a70f3258e8641f0ad27ed80faf677ac8523eeabb20274
Opcode Fuzzy Hash: c60a5741adf6fd17905679b15365177ec5dfd851c523a537735145c0d793b3ca
Instruction Fuzzy Hash: F7B09235585200AAEA224B40DD09F457A62A7A4701F008064B210240F0CAB200A0DB19

Uniqueness

Uniqueness Score: -1.00%

Function 004030A4 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E2D,00032BE4), ref: 004030B2

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
Instruction ID: 49fdcfdf8b1973cd13611e97ba0bfafd8618b6cb304eeeee9131019f9f046fb0
Opcode Fuzzy Hash: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
Instruction Fuzzy Hash: 03B01271644200BFDA214F00DF05F057B21A790700F10C030B748380F082712420EB4D

Uniqueness

Uniqueness Score: -1.00%

Function 00403F13 Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,00403CF0), ref: 00403F1D

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 0fd0461592f2d81c1c03ce05c628ae056ab63dad8406c1f23e4af249cfc5fe4d
Instruction ID: 7c635d8461ea366e4ce50998120561f43c0f0a4d26a99d582f7a8baadb7aa675
Opcode Fuzzy Hash: 0fd0461592f2d81c1c03ce05c628ae056ab63dad8406c1f23e4af249cfc5fe4d
Instruction Fuzzy Hash: 98A00176808101EBCB029B50FE08D4ABF62ABA4709B12D426E25594174D6365871FF2A

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 004048A2 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003F9), ref: 004048BA
GetDlgItem.USER32(?,00000408), ref: 004048C5
GlobalAlloc.KERNEL32(00000040,00000003), ref: 0040490F
LoadBitmapA.USER32(0000006E), ref: 00404922
SetWindowLongA.USER32(?,000000FC,00404E99), ref: 0040493B
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 0040494F
ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404961
SendMessageA.USER32(?,00001109,00000002), ref: 00404977
SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404983
SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404995
DeleteObject.GDI32(00000000), ref: 00404998
SendMessageA.USER32(?,00000143,00000000,00000000), ref: 004049C3
SendMessageA.USER32(?,00000151,00000000,00000000), ref: 004049CF
SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A64
SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404A8F
SendMessageA.USER32(?,00001100,00000000,?), ref: 00404AA3
GetWindowLongA.USER32(?,000000F0), ref: 00404AD2
SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404AE0
ShowWindow.USER32(?,00000005), ref: 00404AF1
SendMessageA.USER32(?,00000419,00000000,?), ref: 00404BEE
SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404C53
SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404C68
SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404C8C
SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404CAC
ImageList_Destroy.COMCTL32(?), ref: 00404CC1
GlobalFree.KERNEL32(?), ref: 00404CD1
SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404D4A
SendMessageA.USER32(?,00001102,?,?), ref: 00404DF3
SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404E02
InvalidateRect.USER32(?,00000000,00000001), ref: 00404E22
ShowWindow.USER32(?,00000000), ref: 00404E70
GetDlgItem.USER32(?,000003FE), ref: 00404E7B
ShowWindow.USER32(00000000), ref: 00404E82

Strings

, xrefs: 00404E5A
N, xrefs: 00404B2C
M, xrefs: 00404A4B

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
String ID: $M$N
API String ID: 1638840714-813528018
Opcode ID: 31295a410d923530a0e7d24a6dc76920e49d66eb2d4da84cea3bce172b710fe2
Instruction ID: 76d2e208bb82396193868b8099a6daa05122b73eb358a4a137ee08f8801950ae
Opcode Fuzzy Hash: 31295a410d923530a0e7d24a6dc76920e49d66eb2d4da84cea3bce172b710fe2
Instruction Fuzzy Hash: F1026CB0900209AFEB14DF94DD85AAE7BB9FB84314F10813AF610BA2E1D7789D51CF58

Uniqueness

Uniqueness Score: -1.00%

Function 0040432F Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 274stringCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003FB), ref: 0040437E
SetWindowTextA.USER32(00000000,?), ref: 004043A8
SHBrowseForFolderA.SHELL32(?,0079D918,?), ref: 00404459
CoTaskMemFree.OLE32(00000000), ref: 00404464
lstrcmpiA.KERNEL32(Call,0079E540), ref: 00404496
lstrcatA.KERNEL32(?,Call), ref: 004044A2
SetDlgItemTextA.USER32(?,000003FB,?), ref: 004044B4

Part of subcall function 004054E6: GetDlgItemTextA.USER32(?,?,00000400,004044EB), ref: 004054F9

Part of subcall function 00405F77: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\cuenta iban-ES65.exe",771B3410,C:\Users\user~1\AppData\Local\Temp\,00000000,004030C7,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,004032DC), ref: 00405FCF
Part of subcall function 00405F77: CharNextA.USER32(?,?,?,00000000), ref: 00405FDC
Part of subcall function 00405F77: CharNextA.USER32(?,"C:\Users\user\Desktop\cuenta iban-ES65.exe",771B3410,C:\Users\user~1\AppData\Local\Temp\,00000000,004030C7,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,004032DC), ref: 00405FE1
Part of subcall function 00405F77: CharPrevA.USER32(?,?,771B3410,C:\Users\user~1\AppData\Local\Temp\,00000000,004030C7,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,004032DC), ref: 00405FF1

GetDiskFreeSpaceA.KERNEL32(0079D510,?,?,0000040F,?,0079D510,0079D510,?,00000001,0079D510,?,?,000003FB,?), ref: 00404572
MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040458D

Part of subcall function 004046E6: lstrlenA.KERNEL32(0079E540,0079E540,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404601,000000DF,00000000,00000400,?), ref: 00404784
Part of subcall function 004046E6: wsprintfA.USER32 ref: 0040478C
Part of subcall function 004046E6: SetDlgItemTextA.USER32(?,0079E540), ref: 0040479F

Strings

C:\Users\user~1\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet, xrefs: 0040447F
A, xrefs: 00404452
Call, xrefs: 00404490, 00404495, 004044A0
@y, xrefs: 0040442C

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
String ID: @y$A$C:\Users\user~1\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet$Call
API String ID: 2624150263-260253780
Opcode ID: 4367221acb27fbafda39f30d3b729b6150a881a92f1b2ab0f00bcccaea6e9431
Instruction ID: dc70ebfb722856edf20ca9fe518129045a13840cef36c67e0ec65d3b8ea71268
Opcode Fuzzy Hash: 4367221acb27fbafda39f30d3b729b6150a881a92f1b2ab0f00bcccaea6e9431
Instruction Fuzzy Hash: 69A182B1900208ABDB11EFA5DC45BAF77B8EF85314F10843BF601B62D1D77C9A418B69

Uniqueness

Uniqueness Score: -1.00%

Function 10001A5D Relevance: 20.0, APIs: 13, Instructions: 540stringmemoryCOMMON

Download Yara Rule

APIs

Part of subcall function 10001215: GlobalAlloc.KERNEL32(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D

GlobalAlloc.KERNEL32(00000040,000014A4), ref: 10001B67
lstrcpyA.KERNEL32(00000008,?), ref: 10001BAF
lstrcpyA.KERNEL32(00000408,?), ref: 10001BB9
GlobalFree.KERNEL32(00000000), ref: 10001BCC
GlobalFree.KERNEL32(?), ref: 10001CC4
GlobalFree.KERNEL32(?), ref: 10001CC9
GlobalFree.KERNEL32(?), ref: 10001CCE
GlobalFree.KERNEL32(00000000), ref: 10001E76
lstrcpyA.KERNEL32(?,?), ref: 10001FCA

Memory Dump Source

Source File: 00000000.00000002.3683133563.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3683116166.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.3683150170.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.3683168302.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_cuenta iban-ES65.jbxd

Similarity

API ID: Global$Free$lstrcpy$Alloc
String ID:
API String ID: 4227406936-0
Opcode ID: 108015169a1f9511be137f3b76d088d284be53ebd3be1ec406ce9b744c5ee79e
Instruction ID: 780798ea066e4ece118e8e5fed0bf18c828ec290136deaf2e43fc5d0554b8685
Opcode Fuzzy Hash: 108015169a1f9511be137f3b76d088d284be53ebd3be1ec406ce9b744c5ee79e
Instruction Fuzzy Hash: 17129971D0424ADFFB20CFA4C8847EEBBF4FB043C4F61852AD5A1A2199DB749A81CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0040205E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(00407408,?,00000001,004073F8,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020DD
MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,004073F8,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402189

Strings

C:\Users\user~1\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Disenthralls\Ethnogenist82, xrefs: 0040211D

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: ByteCharCreateInstanceMultiWide
String ID: C:\Users\user~1\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Disenthralls\Ethnogenist82
API String ID: 123533781-1831257187
Opcode ID: deb9d6c2f337776606d846e718dbe3e457bf970721b5b7be34c02ab6291727b9
Instruction ID: 14d4926e91d078e82bebccc5f6ab74bc99395aff19d04a9878b07c190defc42e
Opcode Fuzzy Hash: deb9d6c2f337776606d846e718dbe3e457bf970721b5b7be34c02ab6291727b9
Instruction Fuzzy Hash: 9D513871A00208BFDB10DFA4C988A9DBBB5FF48318F20856AF515EB2D1DB799941CB54

Uniqueness

Uniqueness Score: -1.00%

Function 00402688 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402697

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: 371109619417dc1b2c46142636c1111f4ba496118aea425350aa3bc3b8946967
Instruction ID: 693c9160ce4d260d62fecbf2f45a0834f3a8ccba4a644e55fc62545b2e120305
Opcode Fuzzy Hash: 371109619417dc1b2c46142636c1111f4ba496118aea425350aa3bc3b8946967
Instruction Fuzzy Hash: F9F0A0335081509FE701E7B49949AEEB778EF61324F60457BF241B21C1D7B84A84AA3A

Uniqueness

Uniqueness Score: -1.00%

Function 0040403A Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 205windowstringCOMMON

Download Yara Rule

APIs

CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 004040C5
GetDlgItem.USER32(00000000,000003E8), ref: 004040D9
SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 004040F7
GetSysColor.USER32(?), ref: 00404108
SendMessageA.USER32(00000000,00000443,00000000,?), ref: 00404117
SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00404126
lstrlenA.KERNEL32(?), ref: 00404129
SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404138
SendMessageA.USER32(00000000,00000449,?,00000110), ref: 0040414D
GetDlgItem.USER32(?,0000040A), ref: 004041AF
SendMessageA.USER32(00000000), ref: 004041B2
GetDlgItem.USER32(?,000003E8), ref: 004041DD
SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 0040421D
LoadCursorA.USER32(00000000,00007F02), ref: 0040422C
SetCursor.USER32(00000000), ref: 00404235
ShellExecuteA.SHELL32(0000070B,open,007A0EE0,00000000,00000000,00000001), ref: 00404248
LoadCursorA.USER32(00000000,00007F00), ref: 00404255
SetCursor.USER32(00000000), ref: 00404258
SendMessageA.USER32(00000111,00000001,00000000), ref: 00404284
SendMessageA.USER32(00000010,00000000,00000000), ref: 00404298

Strings

open, xrefs: 00404240
N, xrefs: 004041CB
Call, xrefs: 00404208

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
String ID: Call$N$open
API String ID: 3615053054-2563687911
Opcode ID: ffa70ba6b414771cfedee8d2664e4b0672246e5e1ae3d005f3366e5b10bf2318
Instruction ID: 325d301b2710361d9817967eb08788495a0e15e312a989604f50e6602a626d4c
Opcode Fuzzy Hash: ffa70ba6b414771cfedee8d2664e4b0672246e5e1ae3d005f3366e5b10bf2318
Instruction Fuzzy Hash: 9161C671A40209BFEB109F60DC45F6A7B69FB84744F10816AFB05BA2D1C7BCA951CF98

Uniqueness

Uniqueness Score: -1.00%

Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON

Download Yara Rule

APIs

DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
BeginPaint.USER32(?,?), ref: 00401047
GetClientRect.USER32(?,?), ref: 0040105B
CreateBrushIndirect.GDI32(00000000), ref: 004010CF
FillRect.USER32(00000000,?,00000000), ref: 004010E4
DeleteObject.GDI32(?), ref: 004010ED
CreateFontIndirectA.GDI32(?), ref: 00401105
SetBkMode.GDI32(00000000,00000001), ref: 00401126
SetTextColor.GDI32(00000000,?), ref: 00401130
SelectObject.GDI32(00000000,?), ref: 00401140
DrawTextA.USER32(00000000,Centrifugers Setup,000000FF,00000010,00000820), ref: 00401156
SelectObject.GDI32(00000000,00000000), ref: 00401160
DeleteObject.GDI32(?), ref: 00401165
EndPaint.USER32(?,?), ref: 0040116E

Strings

F, xrefs: 0040100C
Centrifugers Setup, xrefs: 00401150

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
String ID: Centrifugers Setup$F
API String ID: 941294808-153812067
Opcode ID: 0a68615732e4b88a98f313291f6562efd0598cab8c65ff7e1a40b4ddd25604da
Instruction ID: 5377a76c68583d826c01589a66ce84b6d9bb3dc06a218cd9f98f6b2c798b1645
Opcode Fuzzy Hash: 0a68615732e4b88a98f313291f6562efd0598cab8c65ff7e1a40b4ddd25604da
Instruction Fuzzy Hash: 74419C71804249AFCB058FA5CD459BFBFB9FF45310F00812AF961AA1A0C738EA50DFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00405A55 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON

Download Yara Rule

APIs

lstrcpyA.KERNEL32(007A02D0,NUL,?,00000000,?,00000000,00405BE8,?,?), ref: 00405A64
CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,00405BE8,?,?), ref: 00405A88
GetShortPathNameA.KERNEL32(?,007A02D0,00000400), ref: 00405A91

Part of subcall function 004058E4: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405B41,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004058F4
Part of subcall function 004058E4: lstrlenA.KERNEL32(00000000,?,00000000,00405B41,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405926

GetShortPathNameA.KERNEL32(007A06D0,007A06D0,00000400), ref: 00405AAE
wsprintfA.USER32 ref: 00405ACC
GetFileSize.KERNEL32(00000000,00000000,007A06D0,C0000000,00000004,007A06D0,?,?,?,?,?), ref: 00405B07
GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405B16
lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B4E
SetFilePointer.KERNEL32(004093B0,00000000,00000000,00000000,00000000,0079FED0,00000000,-0000000A,004093B0,00000000,[Rename],00000000,00000000,00000000), ref: 00405BA4
GlobalFree.KERNEL32(00000000), ref: 00405BB5
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405BBC

Part of subcall function 0040597F: GetFileAttributesA.KERNELBASE(00000003,00402CA6,C:\Users\user\Desktop\cuenta iban-ES65.exe,80000000,00000003), ref: 00405983
Part of subcall function 0040597F: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004059A5

Strings

[Rename], xrefs: 00405B36, 00405B48
%s=%s, xrefs: 00405AC2
NUL, xrefs: 00405A5E

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizewsprintf
String ID: %s=%s$NUL$[Rename]
API String ID: 222337774-4148678300
Opcode ID: a98d0c62792372129b5cc65dd148cc0d3d8b8a17ed91fd97a1a79d4ea906e530
Instruction ID: 28628270b370f13d709f2e98436788b9d19fd6dde28ce54c0a079e884eb7da61
Opcode Fuzzy Hash: a98d0c62792372129b5cc65dd148cc0d3d8b8a17ed91fd97a1a79d4ea906e530
Instruction Fuzzy Hash: 5A311371605B18ABD6206B215C89F6B3A6CDF45764F14013BFE01F22D2DA7CBC008EAD

Uniqueness

Uniqueness Score: -1.00%

Function 100021FA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 139memoryCOMMON

Download Yara Rule

APIs

GlobalFree.KERNEL32(00000000), ref: 1000234A

Part of subcall function 10001224: lstrcpynA.KERNEL32(00000000,?,100012CF,-1000404B,100011AB,-000000A0), ref: 10001234

GlobalAlloc.KERNEL32(00000040,?), ref: 100022C3
MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 100022D8
GlobalAlloc.KERNEL32(00000040,00000010), ref: 100022E7
CLSIDFromString.OLE32(00000000,00000000), ref: 100022F4
GlobalFree.KERNEL32(00000000), ref: 100022FB

Strings

@H3w, xrefs: 100022F4

Memory Dump Source

Source File: 00000000.00000002.3683133563.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3683116166.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.3683150170.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.3683168302.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_cuenta iban-ES65.jbxd

Similarity

API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpyn
String ID: @H3w
API String ID: 3730416702-4275297014
Opcode ID: 8ca201b8c9dcbb45ad50e4cb45e4e1ae2e8a5d70f393ea2d6c63899163ff979d
Instruction ID: bfa8c22ebd78897ea4dc14f883c746723b208fa17a75ef0c69fbb79ff87ab60c
Opcode Fuzzy Hash: 8ca201b8c9dcbb45ad50e4cb45e4e1ae2e8a5d70f393ea2d6c63899163ff979d
Instruction Fuzzy Hash: B541ABB1108311EFF320DFA48884B5BB7F8FF443D1F218529F946D61A9DB34AA448B61

Uniqueness

Uniqueness Score: -1.00%

Function 00405F77 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON

Download Yara Rule

APIs

CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\cuenta iban-ES65.exe",771B3410,C:\Users\user~1\AppData\Local\Temp\,00000000,004030C7,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,004032DC), ref: 00405FCF
CharNextA.USER32(?,?,?,00000000), ref: 00405FDC
CharNextA.USER32(?,"C:\Users\user\Desktop\cuenta iban-ES65.exe",771B3410,C:\Users\user~1\AppData\Local\Temp\,00000000,004030C7,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,004032DC), ref: 00405FE1
CharPrevA.USER32(?,?,771B3410,C:\Users\user~1\AppData\Local\Temp\,00000000,004030C7,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,004032DC), ref: 00405FF1

Strings

*?|<>/":, xrefs: 00405FBF
C:\Users\user~1\AppData\Local\Temp\, xrefs: 00405F78
"C:\Users\user\Desktop\cuenta iban-ES65.exe", xrefs: 00405FB3

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: Char$Next$Prev
String ID: "C:\Users\user\Desktop\cuenta iban-ES65.exe"$*?|<>/":$C:\Users\user~1\AppData\Local\Temp\
API String ID: 589700163-3171534342
Opcode ID: ce3d7990729f771fdc32bb0ed1b54e2c2469674ae1568702cd8079844570f2a1
Instruction ID: e323e08bdfda0f150b574f83967a69ba6361760ee6a09b3ffc5edc4c10c5e242
Opcode Fuzzy Hash: ce3d7990729f771fdc32bb0ed1b54e2c2469674ae1568702cd8079844570f2a1
Instruction Fuzzy Hash: 01118F91808B926EFB3216244C44B7BAF898B577A4F18007BE5C5722C2DA7C5C429B6E

Uniqueness

Uniqueness Score: -1.00%

Function 00403F58 Relevance: 12.1, APIs: 8, Instructions: 61COMMON

Download Yara Rule

APIs

GetWindowLongA.USER32(?,000000EB), ref: 00403F75
GetSysColor.USER32(00000000), ref: 00403F91
SetTextColor.GDI32(?,00000000), ref: 00403F9D
SetBkMode.GDI32(?,?), ref: 00403FA9
GetSysColor.USER32(?), ref: 00403FBC
SetBkColor.GDI32(?,?), ref: 00403FCC
DeleteObject.GDI32(?), ref: 00403FE6
CreateBrushIndirect.GDI32(?), ref: 00403FF0

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
String ID:
API String ID: 2320649405-0
Opcode ID: e8c91e704ef8b2f1a11ad189bfd14f771d09f9d58710722270f9777396a44b4e
Instruction ID: 03c35b03fdde5f33accd48f8e357bf0732577442a8f103693b6bf1e6191b16fb
Opcode Fuzzy Hash: e8c91e704ef8b2f1a11ad189bfd14f771d09f9d58710722270f9777396a44b4e
Instruction Fuzzy Hash: 71216271904705ABCB219F68ED48B4BBFF8AF01715B04892AF996A22E0D734EA04CB55

Uniqueness

Uniqueness Score: -1.00%

Function 100023DA Relevance: 10.6, APIs: 7, Instructions: 111COMMON

Download Yara Rule

APIs

Part of subcall function 10001215: GlobalAlloc.KERNEL32(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D

GlobalFree.KERNEL32(?), ref: 100024B5
GlobalFree.KERNEL32(00000000), ref: 100024EF

Memory Dump Source

Source File: 00000000.00000002.3683133563.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3683116166.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.3683150170.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.3683168302.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_cuenta iban-ES65.jbxd

Similarity

API ID: Global$Free$Alloc
String ID:
API String ID: 1780285237-0
Opcode ID: 8ed12168559ed504bf2d16f5614b25cf9b7800a5843296302d7a865f42518c80
Instruction ID: 4e6b36a645f71e2aed4a85f2c36ff1861f2741140ba068ae73f9b0a79c1593cf
Opcode Fuzzy Hash: 8ed12168559ed504bf2d16f5614b25cf9b7800a5843296302d7a865f42518c80
Instruction Fuzzy Hash: EA319CB1504250EFF322CF64CCC4C6B7BBDEB852D4B124529FA4193168CB31AC94DB62

Uniqueness

Uniqueness Score: -1.00%

Function 004047F0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 0040480B
GetMessagePos.USER32 ref: 00404813
ScreenToClient.USER32(?,?), ref: 0040482D
SendMessageA.USER32(?,00001111,00000000,?), ref: 0040483F
SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404865

Strings

f, xrefs: 00404841

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: Message$Send$ClientScreen
String ID: f
API String ID: 41195575-1993550816
Opcode ID: 13dcb630cae817d26763a7c5c34c1a537cec2b83c976c16d0abeb4614e4307e4
Instruction ID: d51aeaa30401db709ca0a87e6a09b4ddb89123452d3ebce91a639796f0b83af5
Opcode Fuzzy Hash: 13dcb630cae817d26763a7c5c34c1a537cec2b83c976c16d0abeb4614e4307e4
Instruction Fuzzy Hash: 54019275D00218BADB00DBA4CC41BFEBBBCAF85711F10412BBB10B71C0C7B465018BA5

Uniqueness

Uniqueness Score: -1.00%

Function 00402B7F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B9A
MulDiv.KERNEL32(000DB779,00000064,000DD468), ref: 00402BC5
wsprintfA.USER32 ref: 00402BD5
SetWindowTextA.USER32(?,?), ref: 00402BE5
SetDlgItemTextA.USER32(?,00000406,?), ref: 00402BF7

Strings

verifying installer: %d%%, xrefs: 00402BCF

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: Text$ItemTimerWindowwsprintf
String ID: verifying installer: %d%%
API String ID: 1451636040-82062127
Opcode ID: 3ae07b054ad9b81f5b6108b272be1fee9de0c5ac9c6f7af5c303f160919c41b2
Instruction ID: 06d6233bfb864841df38fb05631849b064d35824abf3621066cb5e46443ac4cc
Opcode Fuzzy Hash: 3ae07b054ad9b81f5b6108b272be1fee9de0c5ac9c6f7af5c303f160919c41b2
Instruction Fuzzy Hash: EE014F70540209FBEF209F60DD4AEAE3B69AB04304F00803AFA16B92D0D7B8A951DB59

Uniqueness

Uniqueness Score: -1.00%

Function 004026C6 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000040,00032C00,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040271A
GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 00402736
GlobalFree.KERNEL32(?), ref: 0040276F
GlobalFree.KERNEL32(00000000), ref: 00402782
CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 0040279A
DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004027AE

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: Global$AllocFree$CloseDeleteFileHandle
String ID:
API String ID: 2667972263-0
Opcode ID: 53f45f53f51452aa79d0257fb49c268d8b651be83d95da47170726aca2f6d3aa
Instruction ID: f67dc9fade15bd1aaf4953b10d7ffc98cf8df4ed40540c93fb8cebdcb82cf2c3
Opcode Fuzzy Hash: 53f45f53f51452aa79d0257fb49c268d8b651be83d95da47170726aca2f6d3aa
Instruction Fuzzy Hash: 71217A71800128BBCF216FA5DE49EAEBB79EF09324F10022AF914762E1C7795D018B99

Uniqueness

Uniqueness Score: -1.00%

Function 004046E6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(0079E540,0079E540,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404601,000000DF,00000000,00000400,?), ref: 00404784
wsprintfA.USER32 ref: 0040478C
SetDlgItemTextA.USER32(?,0079E540), ref: 0040479F

Strings

@y, xrefs: 00404776
%u.%u%s%s, xrefs: 0040476E

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: ItemTextlstrlenwsprintf
String ID: %u.%u%s%s$@y
API String ID: 3540041739-3020698753
Opcode ID: cedd47ab848f1e488b90f6cdfa530e5e3c90b5a13cd6639f012025bff0f45968
Instruction ID: 4638cabbc4a31f91baf710fec8468dae319bf79d1b1f68d9e24bb075fcb279e4
Opcode Fuzzy Hash: cedd47ab848f1e488b90f6cdfa530e5e3c90b5a13cd6639f012025bff0f45968
Instruction Fuzzy Hash: D911E7736041283BEB00656D9D45EEF328CDB86374F254237FA25F31D1EA78CC1146A8

Uniqueness

Uniqueness Score: -1.00%

Function 1000180D Relevance: 7.7, APIs: 5, Instructions: 189COMMON

Download Yara Rule

APIs

GlobalFree.KERNEL32(?), ref: 10001869
GlobalFree.KERNEL32(?), ref: 100019EF
GlobalFree.KERNEL32(?), ref: 100019F4

Memory Dump Source

Source File: 00000000.00000002.3683133563.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3683116166.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.3683150170.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.3683168302.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_cuenta iban-ES65.jbxd

Similarity

API ID: FreeGlobal
String ID:
API String ID: 2979337801-0
Opcode ID: 83a27a6a764e204457f331ddef67b06d43c1ca0f526d792f63dc3af4834dec0e
Instruction ID: adaf369aa6dab84e94bee76403d526b7d43184adb12fe210256c1aedb67fe499
Opcode Fuzzy Hash: 83a27a6a764e204457f331ddef67b06d43c1ca0f526d792f63dc3af4834dec0e
Instruction Fuzzy Hash: 43512536D04159AEFB55DFB488A4AEEBBF6EF453C0F124169E841B315DCA306E4087D2

Uniqueness

Uniqueness Score: -1.00%

Function 00401CDE Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?), ref: 00401CE2
GetClientRect.USER32(00000000,?), ref: 00401CEF
LoadImageA.USER32(?,00000000,?,?,?,?), ref: 00401D10
SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D1E
DeleteObject.GDI32(00000000), ref: 00401D2D

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: ClientDeleteImageItemLoadMessageObjectRectSend
String ID:
API String ID: 1849352358-0
Opcode ID: bc0fd6a774c062bd39c6966cd5942d814fc1b7389eb583ff8ded370bda6b3090
Instruction ID: 92ae7547fb934e5b20a31b6555936ed9a04085bedc3b988c85494c1bea2cd4ea
Opcode Fuzzy Hash: bc0fd6a774c062bd39c6966cd5942d814fc1b7389eb583ff8ded370bda6b3090
Instruction Fuzzy Hash: CCF0E7B2A04114AFEB01ABE4DE88DAFB7BDFB54305B10446AF602F6191C7789D018B79

Uniqueness

Uniqueness Score: -1.00%

Function 00401D38 Relevance: 7.5, APIs: 5, Instructions: 38COMMON

Download Yara Rule

APIs

GetDC.USER32(?), ref: 00401D3B
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D48
MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D57
ReleaseDC.USER32(?,00000000), ref: 00401D68
CreateFontIndirectA.GDI32(0040A7F0), ref: 00401DB3

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: CapsCreateDeviceFontIndirectRelease
String ID:
API String ID: 3808545654-0
Opcode ID: bf0e8217d613a89089dc93bce4a4cc97ba2f5610907d087a876188692ec465c3
Instruction ID: cf9238c777b6589bee1a324002302adcb4b1f2371c80511fc572ea77625e262b
Opcode Fuzzy Hash: bf0e8217d613a89089dc93bce4a4cc97ba2f5610907d087a876188692ec465c3
Instruction Fuzzy Hash: 96016232948740AFE7416B70AE1AFAA3FB4A755305F108479F201B72E2C67811569B3F

Uniqueness

Uniqueness Score: -1.00%

Function 00403951 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON

Download Yara Rule

APIs

SetWindowTextA.USER32(00000000,Centrifugers Setup), ref: 004039E9

Strings

"C:\Users\user\Desktop\cuenta iban-ES65.exe", xrefs: 00403952
Centrifugers Setup, xrefs: 004039D8
1033, xrefs: 00403955, 0040395F, 004039D0

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: TextWindow
String ID: "C:\Users\user\Desktop\cuenta iban-ES65.exe"$1033$Centrifugers Setup
API String ID: 530164218-3856851061
Opcode ID: 3510cc6ce00ab04885f005c1ae9853ed867939ffbe97b1e5fcc982a599d3e754
Instruction ID: a7121fc51e20562cbfa027eee4ba04e2135699cbca2cdd3690fce58e300c9c30
Opcode Fuzzy Hash: 3510cc6ce00ab04885f005c1ae9853ed867939ffbe97b1e5fcc982a599d3e754
Instruction Fuzzy Hash: 8311D1B5B056108BE720DF15DC80A73776CEBC6755B28813FE841A73E1D73D9D028A98

Uniqueness

Uniqueness Score: -1.00%

Function 0040586C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00405D0C: lstrcpynA.KERNEL32(?,?,00000400,0040319A,Centrifugers Setup,NSIS Error), ref: 00405D19

Part of subcall function 00405817: CharNextA.USER32(?,?,Mundstykket.min,?,00405883,Mundstykket.min,Mundstykket.min,771B3410,?,C:\Users\user~1\AppData\Local\Temp\,004055CE,?,771B3410,C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 00405825
Part of subcall function 00405817: CharNextA.USER32(00000000), ref: 0040582A
Part of subcall function 00405817: CharNextA.USER32(00000000), ref: 0040583E

lstrlenA.KERNEL32(Mundstykket.min,00000000,Mundstykket.min,Mundstykket.min,771B3410,?,C:\Users\user~1\AppData\Local\Temp\,004055CE,?,771B3410,C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 004058BF
GetFileAttributesA.KERNEL32(Mundstykket.min,Mundstykket.min,Mundstykket.min,Mundstykket.min,Mundstykket.min,Mundstykket.min,00000000,Mundstykket.min,Mundstykket.min,771B3410,?,C:\Users\user~1\AppData\Local\Temp\,004055CE,?,771B3410,C:\Users\user~1\AppData\Local\Temp\), ref: 004058CF

Strings

C:\Users\user~1\AppData\Local\Temp\, xrefs: 0040586C
Mundstykket.min, xrefs: 00405872, 00405877, 0040587D, 004058B8, 004058BE, 004058C6, 004058CE

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: CharNext$AttributesFilelstrcpynlstrlen
String ID: C:\Users\user~1\AppData\Local\Temp\$Mundstykket.min
API String ID: 3248276644-3501785593
Opcode ID: 2b232cbcfe35a2a259e0e65083c3ab1013c8774cdbeba63489dc7f6696da3121
Instruction ID: 819bf3b96d2f33be72422b420245a44e5a303c51be7f34a106cb995fc7f4ae7e
Opcode Fuzzy Hash: 2b232cbcfe35a2a259e0e65083c3ab1013c8774cdbeba63489dc7f6696da3121
Instruction Fuzzy Hash: B7F0CD27115D5119E61632361C05ABF1A58CE82364718C53FFC51F22D1EA3C8862DD7E

Uniqueness

Uniqueness Score: -1.00%

Function 0040577E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(?,C:\Users\user~1\AppData\Local\Temp\,004030D9,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,004032DC), ref: 00405784
CharPrevA.USER32(?,00000000,?,C:\Users\user~1\AppData\Local\Temp\,004030D9,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,004032DC), ref: 0040578D
lstrcatA.KERNEL32(?,00409014), ref: 0040579E

Strings

C:\Users\user~1\AppData\Local\Temp\, xrefs: 0040577E

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: CharPrevlstrcatlstrlen
String ID: C:\Users\user~1\AppData\Local\Temp\
API String ID: 2659869361-2382934351
Opcode ID: 39623dee3265ed167cf4eb0d952b1efefe5673d98ca6e2622bb109ae9f6b3ea7
Instruction ID: 68e0f27090206f37803ec84d28e37c7f09ebc5753c251fe5cd2e9e8878fbe2c1
Opcode Fuzzy Hash: 39623dee3265ed167cf4eb0d952b1efefe5673d98ca6e2622bb109ae9f6b3ea7
Instruction Fuzzy Hash: 44D0A972606A307AE2022A15AC09E8F2A08CF62301B044433F200B22A2C63C4E418BFE

Uniqueness

Uniqueness Score: -1.00%

Function 00405817 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

CharNextA.USER32(?,?,Mundstykket.min,?,00405883,Mundstykket.min,Mundstykket.min,771B3410,?,C:\Users\user~1\AppData\Local\Temp\,004055CE,?,771B3410,C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 00405825
CharNextA.USER32(00000000), ref: 0040582A
CharNextA.USER32(00000000), ref: 0040583E

Strings

Mundstykket.min, xrefs: 00405818

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: CharNext
String ID: Mundstykket.min
API String ID: 3213498283-3661976162
Opcode ID: b52e97735ebcacdda31b679af32a6ceda5c9d10ed76b2852ac30fc4ce6ba53e1
Instruction ID: db1d673f1cc138dbc44dca3842ff1338afb0bbfba97f9f865265ae6769849a0e
Opcode Fuzzy Hash: b52e97735ebcacdda31b679af32a6ceda5c9d10ed76b2852ac30fc4ce6ba53e1
Instruction Fuzzy Hash: 8AF06253908F916AFB3272350C84B6B5B89CB55351F1C847BEE41AA2D2827C58608F9A

Uniqueness

Uniqueness Score: -1.00%

Function 00402C02 Relevance: 6.0, APIs: 4, Instructions: 33COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,00000000,00402DE2,00000001), ref: 00402C15
GetTickCount.KERNEL32 ref: 00402C33
CreateDialogParamA.USER32(0000006F,00000000,00402B7F,00000000), ref: 00402C50
ShowWindow.USER32(00000000,00000005), ref: 00402C5E

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: Window$CountCreateDestroyDialogParamShowTick
String ID:
API String ID: 2102729457-0
Opcode ID: fd7178c7721e2cb8ae00692e9a41079980ecee2ccae2d9a286676897a8e6dfc8
Instruction ID: 945901cf9e20f70a46e78403882e62b60873afe576e8e7cbc1612cb0b63c5969
Opcode Fuzzy Hash: fd7178c7721e2cb8ae00692e9a41079980ecee2ccae2d9a286676897a8e6dfc8
Instruction Fuzzy Hash: 14F03A30809631ABD622AB34BF8EDDE7A64AB41B01B1184B7F014B21E4D77C58C6CBDD

Uniqueness

Uniqueness Score: -1.00%

Function 00404E99 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 00404EC8
CallWindowProcA.USER32(?,?,?,?), ref: 00404F19

Part of subcall function 00403F3D: SendMessageA.USER32(00010404,00000000,00000000,00000000), ref: 00403F4F

Strings

, xrefs: 00404EA9

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: Window$CallMessageProcSendVisible
String ID:
API String ID: 3748168415-3916222277
Opcode ID: ba6800c79a5e421cc747068b2104ef880767bd6b1526ac3d2082a385ebb11f2d
Instruction ID: 1c3aa9a2031039442b6cd3bdc360fce63fd7b644e996c38402bdeea248e73ffc
Opcode Fuzzy Hash: ba6800c79a5e421cc747068b2104ef880767bd6b1526ac3d2082a385ebb11f2d
Instruction Fuzzy Hash: 2D0171B1104249AFDF219F51DC80A5B3A25E7C4755F104037FB00762D1D33AAD619B6E

Uniqueness

Uniqueness Score: -1.00%

Function 004035F7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,771B3410,00000000,C:\Users\user~1\AppData\Local\Temp\,004035CF,004033E9,?), ref: 00403611
GlobalFree.KERNEL32(00855DA0), ref: 00403618

Strings

C:\Users\user~1\AppData\Local\Temp\, xrefs: 004035F7

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: Free$GlobalLibrary
String ID: C:\Users\user~1\AppData\Local\Temp\
API String ID: 1100898210-2382934351
Opcode ID: f64556832675c450ee94ce825956f3fa5fe3b9abfe3e42bbbd50814105250277
Instruction ID: f0c2977cb20e6558c2e773556eb83bc0584892ec035bd6653f77e23ad75a478d
Opcode Fuzzy Hash: f64556832675c450ee94ce825956f3fa5fe3b9abfe3e42bbbd50814105250277
Instruction Fuzzy Hash: 1DE0C233905120ABC6315F44FE0472A7B7CAF48B22F020067EC447B3A087786C528BCC

Uniqueness

Uniqueness Score: -1.00%

Function 004057C5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CD2,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\cuenta iban-ES65.exe,C:\Users\user\Desktop\cuenta iban-ES65.exe,80000000,00000003), ref: 004057CB
CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CD2,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\cuenta iban-ES65.exe,C:\Users\user\Desktop\cuenta iban-ES65.exe,80000000,00000003), ref: 004057D9

Strings

C:\Users\user\Desktop, xrefs: 004057C5

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: CharPrevlstrlen
String ID: C:\Users\user\Desktop
API String ID: 2709904686-3976562730
Opcode ID: cad1fee570528055bb4f840757e41c2b2d093a40416f1971c342fc3ba500c074
Instruction ID: d39d8f188df628cf061828239c0557f0f3bbaa41193ad9941d070ee56f497fe5
Opcode Fuzzy Hash: cad1fee570528055bb4f840757e41c2b2d093a40416f1971c342fc3ba500c074
Instruction Fuzzy Hash: E5D0A772408D706EF30352109C04B8F6A48CF26300F090463F040A3191C27C5D424BBE

Uniqueness

Uniqueness Score: -1.00%

Function 100010E0 Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000040,?), ref: 1000115B
GlobalFree.KERNEL32(00000000), ref: 100011B4
GlobalFree.KERNEL32(?), ref: 100011C7
GlobalFree.KERNEL32(?), ref: 100011F5

Memory Dump Source

Source File: 00000000.00000002.3683133563.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3683116166.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.3683150170.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.3683168302.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_cuenta iban-ES65.jbxd

Similarity

API ID: Global$Free$Alloc
String ID:
API String ID: 1780285237-0
Opcode ID: 6ef9e3687ab983c99c874163fdcc0ee6cc2800f994ca68b8431a209e6fec97f5
Instruction ID: 5d3a3765e571093bf703368c32e31ec5bfeafbef09712c331e02e9e13643e521
Opcode Fuzzy Hash: 6ef9e3687ab983c99c874163fdcc0ee6cc2800f994ca68b8431a209e6fec97f5
Instruction Fuzzy Hash: 6531ABB1808255AFF715CFA8DC89AEA7FE8EB052C1B164115FA45D726CDB34D910CB24

Uniqueness

Uniqueness Score: -1.00%

Function 004058E4 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405B41,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004058F4
lstrcmpiA.KERNEL32(00000000,00000000), ref: 0040590C
CharNextA.USER32(00000000,?,00000000,00405B41,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 0040591D
lstrlenA.KERNEL32(00000000,?,00000000,00405B41,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405926

Memory Dump Source

Source File: 00000000.00000002.3664501286.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3664428465.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3664584576.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3665204188.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3668627404.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: lstrlen$CharNextlstrcmpi
String ID:
API String ID: 190613189-0
Opcode ID: d250403eeccc32afa1460bd507a63d74f6ad2c43926490d4129708a4008c1f50
Instruction ID: 7adaab352aa717b916c044831a99f4991ef712c09a2c9b56ba9fed1a583d178e
Opcode Fuzzy Hash: d250403eeccc32afa1460bd507a63d74f6ad2c43926490d4129708a4008c1f50
Instruction Fuzzy Hash: 43F09636505518FFC7129FA5DC0099EBBB8EF16360B2540B9F801F7360D674EE019BA9

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report cuenta iban-ES65.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Disenthralls\Ethnogenist82\merrill.txt

C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Disenthralls\Ethnogenist82\mf.fys

C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Disenthralls\Ethnogenist82\unpopularised.fas

C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Exceptionalally\Insecure\Thorkilds.Jus

C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Exceptionalally\Insecure\heiling.rep

C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Nonimporting.Roy

C:\Users\user\AppData\Local\Temp\nsoECA3.tmp\System.dll

C:\Users\user\AppData\Local\Temp\nsoECA3.tmp\nsExec.dll

C:\Windows\hotdoggen.ini

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Windows Analysis Report
cuenta iban-ES65.exe

Function 004030EC Relevance: 91.4, APIs: 33, Strings: 19, Instructions: 357
stringcomfileCOMMON

Function 00405063 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282
windowclipboardmemoryCOMMON

Function 00405D2E Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 199
stringCOMMON

Function 004055AE Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 159
filestringCOMMON

Function 00403A1E Relevance: 59.8, APIs: 32, Strings: 2, Instructions: 345
windowstringCOMMON

Function 0040368C Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215
stringregistryCOMMON

Function 00402C66 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182
COMMON

Function 00401751 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147
stringtimeCOMMON

Function 00404F25 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73
stringwindowCOMMON

Function 004053EB Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 39
COMMON

Function 00406037 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36
libraryCOMMON

Function 00402E9F Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 161
COMMON

Function 00402364 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71
registrystringCOMMON

Function 004059AE Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33
COMMON

Function 00402A7A Relevance: 7.6, APIs: 5, Instructions: 67
registryCOMMON