Edit tour

Windows Analysis Report
SWIFT.exe

Overview

General Information

Sample name:	SWIFT.exe
Analysis ID:	1519450
MD5:	465973fa54e5fd54a551b13a73f2c6cd
SHA1:	76595877d28c884913df6b8f20285f41df0f7476
SHA256:	239c18582da00658ece4b6d51f5a1f923bc63ede887fdf5b820c82a3723f394a
Tags:	exeuser-TeamDreier
Infos:

Detection

FormBook

Score:	80
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected FormBook

AI detected suspicious sample

Machine Learning detection for sample

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to read the PEB

Detected potential crypto function

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

PE file does not import any functions

Program does not show much activity (idle)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

SWIFT.exe (PID: 1012 cmdline: "C:\Users\user\Desktop\SWIFT.exe" MD5: 465973FA54E5FD54A551B13A73F2C6CD)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Formbook, Formbo	FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.	SWEED Cobalt	http://blog.inquest.net/blog/2018/06/22/a-look-at-formbook-stealer/ http://cambuz.blogspot.de/2016/06/form-grabber-2016-cromeffoperathunderbi.html http://www.vkremez.com/2018/01/lets-learn-dissecting-formbook.html https://0xmrmagnezi.github.io/malware%20analysis/FormBook/ https://any.run/cybersecurity-blog/xloader-formbook-encryption-analysis-and-malware-decryption/	https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

⊘No configs have been found

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.1785571102.00000000018D0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000000.00000002.1785571102.00000000018D0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2bed0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x13fef:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000000.00000002.1785327912.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000000.00000002.1785327912.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2e1b3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x162d2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.SWIFT.exe.ef0000.0.unpack	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
0.2.SWIFT.exe.ef0000.0.unpack	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2e3b3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x164d2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: SWIFT.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: SWIFT.exe

ReversingLabs: Detection: 87%

Yara detected FormBook

Source: Yara match	File source: 0.2.SWIFT.exe.ef0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1785571102.00000000018D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1785327912.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: SWIFT.exe

Joe Sandbox ML: detected

Source: SWIFT.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: SWIFT.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: wntdll.pdbUGP source: SWIFT.exe, 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000003.1752574924.000000000178C000.00000004.00000020.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000003.1750598446.00000000015DF000.00000004.00000020.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000002.1785601892.0000000001ADE000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: SWIFT.exe, SWIFT.exe, 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000003.1752574924.000000000178C000.00000004.00000020.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000003.1750598446.00000000015DF000.00000004.00000020.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000002.1785601892.0000000001ADE000.00000040.00001000.00020000.00000000.sdmp

E-Banking Fraud

Yara detected FormBook

Source: Yara match	File source: 0.2.SWIFT.exe.ef0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1785571102.00000000018D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1785327912.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.SWIFT.exe.ef0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000000.00000002.1785571102.00000000018D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000000.00000002.1785327912.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown

Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00F1C483 NtClose,	0_2_00F1C483
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2B60 NtClose,LdrInitializeThunk,	0_2_019B2B60
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2DF0 NtQuerySystemInformation,LdrInitializeThunk,	0_2_019B2DF0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2C70 NtFreeVirtualMemory,LdrInitializeThunk,	0_2_019B2C70
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B35C0 NtCreateMutant,LdrInitializeThunk,	0_2_019B35C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B4340 NtSetContextThread,	0_2_019B4340
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B4650 NtSuspendThread,	0_2_019B4650
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2B80 NtQueryInformationFile,	0_2_019B2B80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2BA0 NtEnumerateValueKey,	0_2_019B2BA0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2BF0 NtAllocateVirtualMemory,	0_2_019B2BF0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2BE0 NtQueryValueKey,	0_2_019B2BE0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2AB0 NtWaitForSingleObject,	0_2_019B2AB0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2AD0 NtReadFile,	0_2_019B2AD0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2AF0 NtWriteFile,	0_2_019B2AF0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2DB0 NtEnumerateKey,	0_2_019B2DB0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2DD0 NtDelayExecution,	0_2_019B2DD0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2D10 NtMapViewOfSection,	0_2_019B2D10
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2D00 NtSetInformationFile,	0_2_019B2D00
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2D30 NtUnmapViewOfSection,	0_2_019B2D30
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2CA0 NtQueryInformationToken,	0_2_019B2CA0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2CC0 NtQueryVirtualMemory,	0_2_019B2CC0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2CF0 NtOpenProcess,	0_2_019B2CF0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2C00 NtQueryInformationProcess,	0_2_019B2C00
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2C60 NtCreateKey,	0_2_019B2C60
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2F90 NtProtectVirtualMemory,	0_2_019B2F90
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2FB0 NtResumeThread,	0_2_019B2FB0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2FA0 NtQuerySection,	0_2_019B2FA0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2FE0 NtCreateFile,	0_2_019B2FE0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2F30 NtCreateSection,	0_2_019B2F30
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2F60 NtCreateProcessEx,	0_2_019B2F60
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2E80 NtReadVirtualMemory,	0_2_019B2E80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2EA0 NtAdjustPrivilegesToken,	0_2_019B2EA0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2EE0 NtQueueApcThread,	0_2_019B2EE0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2E30 NtWriteVirtualMemory,	0_2_019B2E30
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B3090 NtSetValueKey,	0_2_019B3090
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B3010 NtOpenDirectoryObject,	0_2_019B3010
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B39B0 NtGetContextThread,	0_2_019B39B0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B3D10 NtOpenProcessToken,	0_2_019B3D10
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B3D70 NtOpenThread,	0_2_019B3D70

Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EF3060	0_2_00EF3060
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EF1000	0_2_00EF1000
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EF118B	0_2_00EF118B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EF1190	0_2_00EF1190
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00F1EAA3	0_2_00F1EAA3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EF1300	0_2_00EF1300
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EF24E0	0_2_00EF24E0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EFFCAC	0_2_00EFFCAC
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EFFCB3	0_2_00EFFCB3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EFDEF7	0_2_00EFDEF7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EFFED3	0_2_00EFFED3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00F06643	0_2_00F06643
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EFDF49	0_2_00EFDF49
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EFDF53	0_2_00EFDF53
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A341A2	0_2_01A341A2
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A401AA	0_2_01A401AA
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A381CC	0_2_01A381CC
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01970100	0_2_01970100
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1A118	0_2_01A1A118
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A08158	0_2_01A08158
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A12000	0_2_01A12000
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A403E6	0_2_01A403E6
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198E3F0	0_2_0198E3F0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3A352	0_2_01A3A352
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A002C0	0_2_01A002C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A40591	0_2_01A40591
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980535	0_2_01980535
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A2E4F6	0_2_01A2E4F6
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A24420	0_2_01A24420
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A32446	0_2_01A32446
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197C7C0	0_2_0197C7C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A4750	0_2_019A4750
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199C6E0	0_2_0199C6E0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A4A9A6	0_2_01A4A9A6
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01996962	0_2_01996962
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019668B8	0_2_019668B8
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE8F0	0_2_019AE8F0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198A840	0_2_0198A840
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01982840	0_2_01982840
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A36BD7	0_2_01A36BD7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3AB40	0_2_01A3AB40
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197EA80	0_2_0197EA80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01998DBF	0_2_01998DBF
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197ADE0	0_2_0197ADE0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198AD00	0_2_0198AD00
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1CD1F	0_2_01A1CD1F
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20CB5	0_2_01A20CB5
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01970CF2	0_2_01970CF2
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980C00	0_2_01980C00
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FEFA0	0_2_019FEFA0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01972FC8	0_2_01972FC8
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198CFE0	0_2_0198CFE0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A22F30	0_2_01A22F30
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A0F30	0_2_019A0F30
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019C2F28	0_2_019C2F28
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F4F40	0_2_019F4F40
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01992E90	0_2_01992E90
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3CE93	0_2_01A3CE93
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3EEDB	0_2_01A3EEDB
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3EE26	0_2_01A3EE26
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980E59	0_2_01980E59
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198B1B0	0_2_0198B1B0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A4B16B	0_2_01A4B16B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196F172	0_2_0196F172
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B516C	0_2_019B516C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3F0E0	0_2_01A3F0E0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A370E9	0_2_01A370E9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019870C0	0_2_019870C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A2F0CC	0_2_01A2F0CC
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019C739A	0_2_019C739A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3132D	0_2_01A3132D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196D34C	0_2_0196D34C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019852A0	0_2_019852A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A212ED	0_2_01A212ED
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199B2C0	0_2_0199B2C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1D5B0	0_2_01A1D5B0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A37571	0_2_01A37571
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3F43F	0_2_01A3F43F
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01971460	0_2_01971460
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3F7B0	0_2_01A3F7B0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A316CC	0_2_01A316CC
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A15910	0_2_01A15910
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01989950	0_2_01989950
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199B950	0_2_0199B950
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019838E0	0_2_019838E0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019ED800	0_2_019ED800
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199FB80	0_2_0199FB80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019BDBF9	0_2_019BDBF9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F5BF0	0_2_019F5BF0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3FB76	0_2_01A3FB76
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A21AA3	0_2_01A21AA3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1DAAC	0_2_01A1DAAC
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019C5AA0	0_2_019C5AA0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A2DAC6	0_2_01A2DAC6
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A37A46	0_2_01A37A46
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3FA49	0_2_01A3FA49
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F3A6C	0_2_019F3A6C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199FDC0	0_2_0199FDC0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A37D73	0_2_01A37D73
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01983D40	0_2_01983D40
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A31D5A	0_2_01A31D5A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3FCF2	0_2_01A3FCF2
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F9C32	0_2_019F9C32
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01981F92	0_2_01981F92
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3FFB1	0_2_01A3FFB1
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3FF09	0_2_01A3FF09
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01989EB0	0_2_01989EB0

Source: C:\Users\user\Desktop\SWIFT.exe	Code function: String function: 0196B970 appears 280 times
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: String function: 019C7E54 appears 102 times
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: String function: 019B5130 appears 58 times
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: String function: 019FF290 appears 105 times
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: String function: 019EEA12 appears 86 times

Source: SWIFT.exe

Static PE information: No import functions for PE file found

Source: SWIFT.exe, 00000000.00000002.1785601892.0000000001A6D000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SWIFT.exe
Source: SWIFT.exe, 00000000.00000003.1752574924.00000000018B9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SWIFT.exe
Source: SWIFT.exe, 00000000.00000003.1750598446.0000000001702000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SWIFT.exe

Source: SWIFT.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 0.2.SWIFT.exe.ef0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000000.00000002.1785571102.00000000018D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000000.00000002.1785327912.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23

Source: SWIFT.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: SWIFT.exe

Static PE information: Section .text

Source: classification engine

Classification label: mal80.troj.winEXE@1/0@0/0

Source: SWIFT.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SWIFT.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SWIFT.exe

ReversingLabs: Detection: 87%

Source: C:\Users\user\Desktop\SWIFT.exe

Section loaded: apphelp.dll

Jump to behavior

Source: SWIFT.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: wntdll.pdbUGP source: SWIFT.exe, 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000003.1752574924.000000000178C000.00000004.00000020.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000003.1750598446.00000000015DF000.00000004.00000020.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000002.1785601892.0000000001ADE000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: SWIFT.exe, SWIFT.exe, 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000003.1752574924.000000000178C000.00000004.00000020.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000003.1750598446.00000000015DF000.00000004.00000020.00020000.00000000.sdmp, SWIFT.exe, 00000000.00000002.1785601892.0000000001ADE000.00000040.00001000.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00F14054 push esi; ret	0_2_00F14055
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EF2145 pushad ; retf	0_2_00EF2170
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00EF32E0 push eax; ret	0_2_00EF32E2
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00F13BEB push esp; retf	0_2_00F13BF3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00F13C2A push cs; retf	0_2_00F13C9D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00F13C05 push esp; retf	0_2_00F13BF3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00F13C05 push cs; retf	0_2_00F13C9D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00F12592 push es; retn 0000h	0_2_00F1259A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_00F0163E push cs; retf	0_2_00F0164B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019709AD push ecx; mov dword ptr [esp], ecx	0_2_019709B6

Source: SWIFT.exe

Static PE information: section name: .text entropy: 7.99490496710245

Source: C:\Users\user\Desktop\SWIFT.exe

Code function: 0_2_019B096E rdtsc

0_2_019B096E

Source: C:\Users\user\Desktop\SWIFT.exe

API coverage: 0.7 %

Source: C:\Users\user\Desktop\SWIFT.exe TID: 6872

Thread sleep time: -30000s >= -30000s

Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\SWIFT.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\SWIFT.exe

Process queried: DebugPort

Jump to behavior

Source: C:\Users\user\Desktop\SWIFT.exe

Code function: 0_2_019B096E rdtsc

0_2_019B096E

Source: C:\Users\user\Desktop\SWIFT.exe

Code function: 0_2_00F075F3 LdrLoadDll,

0_2_00F075F3

Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F019F mov eax, dword ptr fs:[00000030h]	0_2_019F019F
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F019F mov eax, dword ptr fs:[00000030h]	0_2_019F019F
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F019F mov eax, dword ptr fs:[00000030h]	0_2_019F019F
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F019F mov eax, dword ptr fs:[00000030h]	0_2_019F019F
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196A197 mov eax, dword ptr fs:[00000030h]	0_2_0196A197
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196A197 mov eax, dword ptr fs:[00000030h]	0_2_0196A197
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196A197 mov eax, dword ptr fs:[00000030h]	0_2_0196A197
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B0185 mov eax, dword ptr fs:[00000030h]	0_2_019B0185
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A14180 mov eax, dword ptr fs:[00000030h]	0_2_01A14180
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A14180 mov eax, dword ptr fs:[00000030h]	0_2_01A14180
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A2C188 mov eax, dword ptr fs:[00000030h]	0_2_01A2C188
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A2C188 mov eax, dword ptr fs:[00000030h]	0_2_01A2C188
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A461E5 mov eax, dword ptr fs:[00000030h]	0_2_01A461E5
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE1D0 mov eax, dword ptr fs:[00000030h]	0_2_019EE1D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE1D0 mov eax, dword ptr fs:[00000030h]	0_2_019EE1D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE1D0 mov ecx, dword ptr fs:[00000030h]	0_2_019EE1D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE1D0 mov eax, dword ptr fs:[00000030h]	0_2_019EE1D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE1D0 mov eax, dword ptr fs:[00000030h]	0_2_019EE1D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A361C3 mov eax, dword ptr fs:[00000030h]	0_2_01A361C3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A361C3 mov eax, dword ptr fs:[00000030h]	0_2_01A361C3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A01F8 mov eax, dword ptr fs:[00000030h]	0_2_019A01F8
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E10E mov eax, dword ptr fs:[00000030h]	0_2_01A1E10E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E10E mov ecx, dword ptr fs:[00000030h]	0_2_01A1E10E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E10E mov eax, dword ptr fs:[00000030h]	0_2_01A1E10E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E10E mov eax, dword ptr fs:[00000030h]	0_2_01A1E10E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E10E mov ecx, dword ptr fs:[00000030h]	0_2_01A1E10E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E10E mov eax, dword ptr fs:[00000030h]	0_2_01A1E10E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E10E mov eax, dword ptr fs:[00000030h]	0_2_01A1E10E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E10E mov ecx, dword ptr fs:[00000030h]	0_2_01A1E10E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E10E mov eax, dword ptr fs:[00000030h]	0_2_01A1E10E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E10E mov ecx, dword ptr fs:[00000030h]	0_2_01A1E10E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A30115 mov eax, dword ptr fs:[00000030h]	0_2_01A30115
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1A118 mov ecx, dword ptr fs:[00000030h]	0_2_01A1A118
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1A118 mov eax, dword ptr fs:[00000030h]	0_2_01A1A118
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1A118 mov eax, dword ptr fs:[00000030h]	0_2_01A1A118
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1A118 mov eax, dword ptr fs:[00000030h]	0_2_01A1A118
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A0124 mov eax, dword ptr fs:[00000030h]	0_2_019A0124
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196C156 mov eax, dword ptr fs:[00000030h]	0_2_0196C156
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01976154 mov eax, dword ptr fs:[00000030h]	0_2_01976154
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01976154 mov eax, dword ptr fs:[00000030h]	0_2_01976154
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A04144 mov eax, dword ptr fs:[00000030h]	0_2_01A04144
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A04144 mov eax, dword ptr fs:[00000030h]	0_2_01A04144
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A04144 mov ecx, dword ptr fs:[00000030h]	0_2_01A04144
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A04144 mov eax, dword ptr fs:[00000030h]	0_2_01A04144
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A04144 mov eax, dword ptr fs:[00000030h]	0_2_01A04144
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A08158 mov eax, dword ptr fs:[00000030h]	0_2_01A08158
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A080A8 mov eax, dword ptr fs:[00000030h]	0_2_01A080A8
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A360B8 mov eax, dword ptr fs:[00000030h]	0_2_01A360B8
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A360B8 mov ecx, dword ptr fs:[00000030h]	0_2_01A360B8
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197208A mov eax, dword ptr fs:[00000030h]	0_2_0197208A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F20DE mov eax, dword ptr fs:[00000030h]	0_2_019F20DE
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196C0F0 mov eax, dword ptr fs:[00000030h]	0_2_0196C0F0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B20F0 mov ecx, dword ptr fs:[00000030h]	0_2_019B20F0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196A0E3 mov ecx, dword ptr fs:[00000030h]	0_2_0196A0E3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019780E9 mov eax, dword ptr fs:[00000030h]	0_2_019780E9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F60E0 mov eax, dword ptr fs:[00000030h]	0_2_019F60E0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198E016 mov eax, dword ptr fs:[00000030h]	0_2_0198E016
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198E016 mov eax, dword ptr fs:[00000030h]	0_2_0198E016
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198E016 mov eax, dword ptr fs:[00000030h]	0_2_0198E016
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198E016 mov eax, dword ptr fs:[00000030h]	0_2_0198E016
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A06030 mov eax, dword ptr fs:[00000030h]	0_2_01A06030
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F4000 mov ecx, dword ptr fs:[00000030h]	0_2_019F4000
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A12000 mov eax, dword ptr fs:[00000030h]	0_2_01A12000
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A12000 mov eax, dword ptr fs:[00000030h]	0_2_01A12000
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A12000 mov eax, dword ptr fs:[00000030h]	0_2_01A12000
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A12000 mov eax, dword ptr fs:[00000030h]	0_2_01A12000
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A12000 mov eax, dword ptr fs:[00000030h]	0_2_01A12000
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A12000 mov eax, dword ptr fs:[00000030h]	0_2_01A12000
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A12000 mov eax, dword ptr fs:[00000030h]	0_2_01A12000
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A12000 mov eax, dword ptr fs:[00000030h]	0_2_01A12000
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196A020 mov eax, dword ptr fs:[00000030h]	0_2_0196A020
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196C020 mov eax, dword ptr fs:[00000030h]	0_2_0196C020
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01972050 mov eax, dword ptr fs:[00000030h]	0_2_01972050
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F6050 mov eax, dword ptr fs:[00000030h]	0_2_019F6050
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199C073 mov eax, dword ptr fs:[00000030h]	0_2_0199C073
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01968397 mov eax, dword ptr fs:[00000030h]	0_2_01968397
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01968397 mov eax, dword ptr fs:[00000030h]	0_2_01968397
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01968397 mov eax, dword ptr fs:[00000030h]	0_2_01968397
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199438F mov eax, dword ptr fs:[00000030h]	0_2_0199438F
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199438F mov eax, dword ptr fs:[00000030h]	0_2_0199438F
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196E388 mov eax, dword ptr fs:[00000030h]	0_2_0196E388
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196E388 mov eax, dword ptr fs:[00000030h]	0_2_0196E388
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196E388 mov eax, dword ptr fs:[00000030h]	0_2_0196E388
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019783C0 mov eax, dword ptr fs:[00000030h]	0_2_019783C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019783C0 mov eax, dword ptr fs:[00000030h]	0_2_019783C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019783C0 mov eax, dword ptr fs:[00000030h]	0_2_019783C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019783C0 mov eax, dword ptr fs:[00000030h]	0_2_019783C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A3C0 mov eax, dword ptr fs:[00000030h]	0_2_0197A3C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A3C0 mov eax, dword ptr fs:[00000030h]	0_2_0197A3C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A3C0 mov eax, dword ptr fs:[00000030h]	0_2_0197A3C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A3C0 mov eax, dword ptr fs:[00000030h]	0_2_0197A3C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A3C0 mov eax, dword ptr fs:[00000030h]	0_2_0197A3C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A3C0 mov eax, dword ptr fs:[00000030h]	0_2_0197A3C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F63C0 mov eax, dword ptr fs:[00000030h]	0_2_019F63C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A63FF mov eax, dword ptr fs:[00000030h]	0_2_019A63FF
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198E3F0 mov eax, dword ptr fs:[00000030h]	0_2_0198E3F0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198E3F0 mov eax, dword ptr fs:[00000030h]	0_2_0198E3F0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198E3F0 mov eax, dword ptr fs:[00000030h]	0_2_0198E3F0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A2C3CD mov eax, dword ptr fs:[00000030h]	0_2_01A2C3CD
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019803E9 mov eax, dword ptr fs:[00000030h]	0_2_019803E9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019803E9 mov eax, dword ptr fs:[00000030h]	0_2_019803E9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019803E9 mov eax, dword ptr fs:[00000030h]	0_2_019803E9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019803E9 mov eax, dword ptr fs:[00000030h]	0_2_019803E9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019803E9 mov eax, dword ptr fs:[00000030h]	0_2_019803E9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019803E9 mov eax, dword ptr fs:[00000030h]	0_2_019803E9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019803E9 mov eax, dword ptr fs:[00000030h]	0_2_019803E9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019803E9 mov eax, dword ptr fs:[00000030h]	0_2_019803E9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A143D4 mov eax, dword ptr fs:[00000030h]	0_2_01A143D4
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A143D4 mov eax, dword ptr fs:[00000030h]	0_2_01A143D4
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E3DB mov eax, dword ptr fs:[00000030h]	0_2_01A1E3DB
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E3DB mov eax, dword ptr fs:[00000030h]	0_2_01A1E3DB
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E3DB mov ecx, dword ptr fs:[00000030h]	0_2_01A1E3DB
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1E3DB mov eax, dword ptr fs:[00000030h]	0_2_01A1E3DB
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196C310 mov ecx, dword ptr fs:[00000030h]	0_2_0196C310
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01990310 mov ecx, dword ptr fs:[00000030h]	0_2_01990310
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AA30B mov eax, dword ptr fs:[00000030h]	0_2_019AA30B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AA30B mov eax, dword ptr fs:[00000030h]	0_2_019AA30B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AA30B mov eax, dword ptr fs:[00000030h]	0_2_019AA30B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F035C mov eax, dword ptr fs:[00000030h]	0_2_019F035C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F035C mov eax, dword ptr fs:[00000030h]	0_2_019F035C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F035C mov eax, dword ptr fs:[00000030h]	0_2_019F035C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F035C mov ecx, dword ptr fs:[00000030h]	0_2_019F035C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F035C mov eax, dword ptr fs:[00000030h]	0_2_019F035C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F035C mov eax, dword ptr fs:[00000030h]	0_2_019F035C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F2349 mov eax, dword ptr fs:[00000030h]	0_2_019F2349
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1437C mov eax, dword ptr fs:[00000030h]	0_2_01A1437C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3A352 mov eax, dword ptr fs:[00000030h]	0_2_01A3A352
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A18350 mov ecx, dword ptr fs:[00000030h]	0_2_01A18350
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A062A0 mov eax, dword ptr fs:[00000030h]	0_2_01A062A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A062A0 mov ecx, dword ptr fs:[00000030h]	0_2_01A062A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A062A0 mov eax, dword ptr fs:[00000030h]	0_2_01A062A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A062A0 mov eax, dword ptr fs:[00000030h]	0_2_01A062A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A062A0 mov eax, dword ptr fs:[00000030h]	0_2_01A062A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A062A0 mov eax, dword ptr fs:[00000030h]	0_2_01A062A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F0283 mov eax, dword ptr fs:[00000030h]	0_2_019F0283
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F0283 mov eax, dword ptr fs:[00000030h]	0_2_019F0283
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F0283 mov eax, dword ptr fs:[00000030h]	0_2_019F0283
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE284 mov eax, dword ptr fs:[00000030h]	0_2_019AE284
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE284 mov eax, dword ptr fs:[00000030h]	0_2_019AE284
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019802A0 mov eax, dword ptr fs:[00000030h]	0_2_019802A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019802A0 mov eax, dword ptr fs:[00000030h]	0_2_019802A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A2C3 mov eax, dword ptr fs:[00000030h]	0_2_0197A2C3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A2C3 mov eax, dword ptr fs:[00000030h]	0_2_0197A2C3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A2C3 mov eax, dword ptr fs:[00000030h]	0_2_0197A2C3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A2C3 mov eax, dword ptr fs:[00000030h]	0_2_0197A2C3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A2C3 mov eax, dword ptr fs:[00000030h]	0_2_0197A2C3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019802E1 mov eax, dword ptr fs:[00000030h]	0_2_019802E1
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019802E1 mov eax, dword ptr fs:[00000030h]	0_2_019802E1
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019802E1 mov eax, dword ptr fs:[00000030h]	0_2_019802E1
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196823B mov eax, dword ptr fs:[00000030h]	0_2_0196823B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196A250 mov eax, dword ptr fs:[00000030h]	0_2_0196A250
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01976259 mov eax, dword ptr fs:[00000030h]	0_2_01976259
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A20274 mov eax, dword ptr fs:[00000030h]	0_2_01A20274
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F8243 mov eax, dword ptr fs:[00000030h]	0_2_019F8243
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F8243 mov ecx, dword ptr fs:[00000030h]	0_2_019F8243
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A2A250 mov eax, dword ptr fs:[00000030h]	0_2_01A2A250
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A2A250 mov eax, dword ptr fs:[00000030h]	0_2_01A2A250
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01974260 mov eax, dword ptr fs:[00000030h]	0_2_01974260
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01974260 mov eax, dword ptr fs:[00000030h]	0_2_01974260
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01974260 mov eax, dword ptr fs:[00000030h]	0_2_01974260
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196826B mov eax, dword ptr fs:[00000030h]	0_2_0196826B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE59C mov eax, dword ptr fs:[00000030h]	0_2_019AE59C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A4588 mov eax, dword ptr fs:[00000030h]	0_2_019A4588
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01972582 mov eax, dword ptr fs:[00000030h]	0_2_01972582
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01972582 mov ecx, dword ptr fs:[00000030h]	0_2_01972582
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019945B1 mov eax, dword ptr fs:[00000030h]	0_2_019945B1
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019945B1 mov eax, dword ptr fs:[00000030h]	0_2_019945B1
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F05A7 mov eax, dword ptr fs:[00000030h]	0_2_019F05A7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F05A7 mov eax, dword ptr fs:[00000030h]	0_2_019F05A7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F05A7 mov eax, dword ptr fs:[00000030h]	0_2_019F05A7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019765D0 mov eax, dword ptr fs:[00000030h]	0_2_019765D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AA5D0 mov eax, dword ptr fs:[00000030h]	0_2_019AA5D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AA5D0 mov eax, dword ptr fs:[00000030h]	0_2_019AA5D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE5CF mov eax, dword ptr fs:[00000030h]	0_2_019AE5CF
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE5CF mov eax, dword ptr fs:[00000030h]	0_2_019AE5CF
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019725E0 mov eax, dword ptr fs:[00000030h]	0_2_019725E0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AC5ED mov eax, dword ptr fs:[00000030h]	0_2_019AC5ED
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AC5ED mov eax, dword ptr fs:[00000030h]	0_2_019AC5ED
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E5E7 mov eax, dword ptr fs:[00000030h]	0_2_0199E5E7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E5E7 mov eax, dword ptr fs:[00000030h]	0_2_0199E5E7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E5E7 mov eax, dword ptr fs:[00000030h]	0_2_0199E5E7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E5E7 mov eax, dword ptr fs:[00000030h]	0_2_0199E5E7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E5E7 mov eax, dword ptr fs:[00000030h]	0_2_0199E5E7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E5E7 mov eax, dword ptr fs:[00000030h]	0_2_0199E5E7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E5E7 mov eax, dword ptr fs:[00000030h]	0_2_0199E5E7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E5E7 mov eax, dword ptr fs:[00000030h]	0_2_0199E5E7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A06500 mov eax, dword ptr fs:[00000030h]	0_2_01A06500
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A44500 mov eax, dword ptr fs:[00000030h]	0_2_01A44500
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A44500 mov eax, dword ptr fs:[00000030h]	0_2_01A44500
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A44500 mov eax, dword ptr fs:[00000030h]	0_2_01A44500
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A44500 mov eax, dword ptr fs:[00000030h]	0_2_01A44500
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A44500 mov eax, dword ptr fs:[00000030h]	0_2_01A44500
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A44500 mov eax, dword ptr fs:[00000030h]	0_2_01A44500
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A44500 mov eax, dword ptr fs:[00000030h]	0_2_01A44500
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E53E mov eax, dword ptr fs:[00000030h]	0_2_0199E53E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E53E mov eax, dword ptr fs:[00000030h]	0_2_0199E53E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E53E mov eax, dword ptr fs:[00000030h]	0_2_0199E53E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E53E mov eax, dword ptr fs:[00000030h]	0_2_0199E53E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E53E mov eax, dword ptr fs:[00000030h]	0_2_0199E53E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980535 mov eax, dword ptr fs:[00000030h]	0_2_01980535
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980535 mov eax, dword ptr fs:[00000030h]	0_2_01980535
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980535 mov eax, dword ptr fs:[00000030h]	0_2_01980535
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980535 mov eax, dword ptr fs:[00000030h]	0_2_01980535
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980535 mov eax, dword ptr fs:[00000030h]	0_2_01980535
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980535 mov eax, dword ptr fs:[00000030h]	0_2_01980535
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01978550 mov eax, dword ptr fs:[00000030h]	0_2_01978550
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01978550 mov eax, dword ptr fs:[00000030h]	0_2_01978550
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A656A mov eax, dword ptr fs:[00000030h]	0_2_019A656A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A656A mov eax, dword ptr fs:[00000030h]	0_2_019A656A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A656A mov eax, dword ptr fs:[00000030h]	0_2_019A656A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A44B0 mov ecx, dword ptr fs:[00000030h]	0_2_019A44B0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FA4B0 mov eax, dword ptr fs:[00000030h]	0_2_019FA4B0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A2A49A mov eax, dword ptr fs:[00000030h]	0_2_01A2A49A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019764AB mov eax, dword ptr fs:[00000030h]	0_2_019764AB
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019704E5 mov ecx, dword ptr fs:[00000030h]	0_2_019704E5
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A8402 mov eax, dword ptr fs:[00000030h]	0_2_019A8402
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A8402 mov eax, dword ptr fs:[00000030h]	0_2_019A8402
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A8402 mov eax, dword ptr fs:[00000030h]	0_2_019A8402
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AA430 mov eax, dword ptr fs:[00000030h]	0_2_019AA430
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196C427 mov eax, dword ptr fs:[00000030h]	0_2_0196C427
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196E420 mov eax, dword ptr fs:[00000030h]	0_2_0196E420
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196E420 mov eax, dword ptr fs:[00000030h]	0_2_0196E420
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196E420 mov eax, dword ptr fs:[00000030h]	0_2_0196E420
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F6420 mov eax, dword ptr fs:[00000030h]	0_2_019F6420
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F6420 mov eax, dword ptr fs:[00000030h]	0_2_019F6420
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F6420 mov eax, dword ptr fs:[00000030h]	0_2_019F6420
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F6420 mov eax, dword ptr fs:[00000030h]	0_2_019F6420
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F6420 mov eax, dword ptr fs:[00000030h]	0_2_019F6420
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F6420 mov eax, dword ptr fs:[00000030h]	0_2_019F6420
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F6420 mov eax, dword ptr fs:[00000030h]	0_2_019F6420
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199245A mov eax, dword ptr fs:[00000030h]	0_2_0199245A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196645D mov eax, dword ptr fs:[00000030h]	0_2_0196645D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE443 mov eax, dword ptr fs:[00000030h]	0_2_019AE443
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE443 mov eax, dword ptr fs:[00000030h]	0_2_019AE443
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE443 mov eax, dword ptr fs:[00000030h]	0_2_019AE443
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE443 mov eax, dword ptr fs:[00000030h]	0_2_019AE443
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE443 mov eax, dword ptr fs:[00000030h]	0_2_019AE443
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE443 mov eax, dword ptr fs:[00000030h]	0_2_019AE443
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE443 mov eax, dword ptr fs:[00000030h]	0_2_019AE443
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AE443 mov eax, dword ptr fs:[00000030h]	0_2_019AE443
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199A470 mov eax, dword ptr fs:[00000030h]	0_2_0199A470
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199A470 mov eax, dword ptr fs:[00000030h]	0_2_0199A470
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199A470 mov eax, dword ptr fs:[00000030h]	0_2_0199A470
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A2A456 mov eax, dword ptr fs:[00000030h]	0_2_01A2A456
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FC460 mov ecx, dword ptr fs:[00000030h]	0_2_019FC460
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A247A0 mov eax, dword ptr fs:[00000030h]	0_2_01A247A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1678E mov eax, dword ptr fs:[00000030h]	0_2_01A1678E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019707AF mov eax, dword ptr fs:[00000030h]	0_2_019707AF
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197C7C0 mov eax, dword ptr fs:[00000030h]	0_2_0197C7C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F07C3 mov eax, dword ptr fs:[00000030h]	0_2_019F07C3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019747FB mov eax, dword ptr fs:[00000030h]	0_2_019747FB
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019747FB mov eax, dword ptr fs:[00000030h]	0_2_019747FB
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019927ED mov eax, dword ptr fs:[00000030h]	0_2_019927ED
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019927ED mov eax, dword ptr fs:[00000030h]	0_2_019927ED
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019927ED mov eax, dword ptr fs:[00000030h]	0_2_019927ED
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FE7E1 mov eax, dword ptr fs:[00000030h]	0_2_019FE7E1
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01970710 mov eax, dword ptr fs:[00000030h]	0_2_01970710
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A0710 mov eax, dword ptr fs:[00000030h]	0_2_019A0710
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AC700 mov eax, dword ptr fs:[00000030h]	0_2_019AC700
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A273C mov eax, dword ptr fs:[00000030h]	0_2_019A273C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A273C mov ecx, dword ptr fs:[00000030h]	0_2_019A273C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A273C mov eax, dword ptr fs:[00000030h]	0_2_019A273C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EC730 mov eax, dword ptr fs:[00000030h]	0_2_019EC730
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AC720 mov eax, dword ptr fs:[00000030h]	0_2_019AC720
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AC720 mov eax, dword ptr fs:[00000030h]	0_2_019AC720
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FE75D mov eax, dword ptr fs:[00000030h]	0_2_019FE75D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01970750 mov eax, dword ptr fs:[00000030h]	0_2_01970750
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F4755 mov eax, dword ptr fs:[00000030h]	0_2_019F4755
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2750 mov eax, dword ptr fs:[00000030h]	0_2_019B2750
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2750 mov eax, dword ptr fs:[00000030h]	0_2_019B2750
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A674D mov esi, dword ptr fs:[00000030h]	0_2_019A674D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A674D mov eax, dword ptr fs:[00000030h]	0_2_019A674D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A674D mov eax, dword ptr fs:[00000030h]	0_2_019A674D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01978770 mov eax, dword ptr fs:[00000030h]	0_2_01978770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980770 mov eax, dword ptr fs:[00000030h]	0_2_01980770
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01974690 mov eax, dword ptr fs:[00000030h]	0_2_01974690
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01974690 mov eax, dword ptr fs:[00000030h]	0_2_01974690
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A66B0 mov eax, dword ptr fs:[00000030h]	0_2_019A66B0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AC6A6 mov eax, dword ptr fs:[00000030h]	0_2_019AC6A6
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AA6C7 mov ebx, dword ptr fs:[00000030h]	0_2_019AA6C7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AA6C7 mov eax, dword ptr fs:[00000030h]	0_2_019AA6C7
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE6F2 mov eax, dword ptr fs:[00000030h]	0_2_019EE6F2
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE6F2 mov eax, dword ptr fs:[00000030h]	0_2_019EE6F2
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE6F2 mov eax, dword ptr fs:[00000030h]	0_2_019EE6F2
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE6F2 mov eax, dword ptr fs:[00000030h]	0_2_019EE6F2
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F06F1 mov eax, dword ptr fs:[00000030h]	0_2_019F06F1
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F06F1 mov eax, dword ptr fs:[00000030h]	0_2_019F06F1
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B2619 mov eax, dword ptr fs:[00000030h]	0_2_019B2619
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198260B mov eax, dword ptr fs:[00000030h]	0_2_0198260B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198260B mov eax, dword ptr fs:[00000030h]	0_2_0198260B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198260B mov eax, dword ptr fs:[00000030h]	0_2_0198260B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198260B mov eax, dword ptr fs:[00000030h]	0_2_0198260B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198260B mov eax, dword ptr fs:[00000030h]	0_2_0198260B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198260B mov eax, dword ptr fs:[00000030h]	0_2_0198260B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198260B mov eax, dword ptr fs:[00000030h]	0_2_0198260B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE609 mov eax, dword ptr fs:[00000030h]	0_2_019EE609
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A6620 mov eax, dword ptr fs:[00000030h]	0_2_019A6620
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A8620 mov eax, dword ptr fs:[00000030h]	0_2_019A8620
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197262C mov eax, dword ptr fs:[00000030h]	0_2_0197262C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198E627 mov eax, dword ptr fs:[00000030h]	0_2_0198E627
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3866E mov eax, dword ptr fs:[00000030h]	0_2_01A3866E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3866E mov eax, dword ptr fs:[00000030h]	0_2_01A3866E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0198C640 mov eax, dword ptr fs:[00000030h]	0_2_0198C640
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A2674 mov eax, dword ptr fs:[00000030h]	0_2_019A2674
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AA660 mov eax, dword ptr fs:[00000030h]	0_2_019AA660
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AA660 mov eax, dword ptr fs:[00000030h]	0_2_019AA660
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F89B3 mov esi, dword ptr fs:[00000030h]	0_2_019F89B3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F89B3 mov eax, dword ptr fs:[00000030h]	0_2_019F89B3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F89B3 mov eax, dword ptr fs:[00000030h]	0_2_019F89B3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019829A0 mov eax, dword ptr fs:[00000030h]	0_2_019829A0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019709AD mov eax, dword ptr fs:[00000030h]	0_2_019709AD
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019709AD mov eax, dword ptr fs:[00000030h]	0_2_019709AD
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A9D0 mov eax, dword ptr fs:[00000030h]	0_2_0197A9D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A9D0 mov eax, dword ptr fs:[00000030h]	0_2_0197A9D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A9D0 mov eax, dword ptr fs:[00000030h]	0_2_0197A9D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A9D0 mov eax, dword ptr fs:[00000030h]	0_2_0197A9D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A9D0 mov eax, dword ptr fs:[00000030h]	0_2_0197A9D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197A9D0 mov eax, dword ptr fs:[00000030h]	0_2_0197A9D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A49D0 mov eax, dword ptr fs:[00000030h]	0_2_019A49D0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A069C0 mov eax, dword ptr fs:[00000030h]	0_2_01A069C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A29F9 mov eax, dword ptr fs:[00000030h]	0_2_019A29F9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A29F9 mov eax, dword ptr fs:[00000030h]	0_2_019A29F9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3A9D3 mov eax, dword ptr fs:[00000030h]	0_2_01A3A9D3
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FE9E0 mov eax, dword ptr fs:[00000030h]	0_2_019FE9E0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A0892B mov eax, dword ptr fs:[00000030h]	0_2_01A0892B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FC912 mov eax, dword ptr fs:[00000030h]	0_2_019FC912
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01968918 mov eax, dword ptr fs:[00000030h]	0_2_01968918
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01968918 mov eax, dword ptr fs:[00000030h]	0_2_01968918
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE908 mov eax, dword ptr fs:[00000030h]	0_2_019EE908
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EE908 mov eax, dword ptr fs:[00000030h]	0_2_019EE908
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F892A mov eax, dword ptr fs:[00000030h]	0_2_019F892A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019F0946 mov eax, dword ptr fs:[00000030h]	0_2_019F0946
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A14978 mov eax, dword ptr fs:[00000030h]	0_2_01A14978
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A14978 mov eax, dword ptr fs:[00000030h]	0_2_01A14978
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FC97C mov eax, dword ptr fs:[00000030h]	0_2_019FC97C
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B096E mov eax, dword ptr fs:[00000030h]	0_2_019B096E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B096E mov edx, dword ptr fs:[00000030h]	0_2_019B096E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019B096E mov eax, dword ptr fs:[00000030h]	0_2_019B096E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01996962 mov eax, dword ptr fs:[00000030h]	0_2_01996962
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01996962 mov eax, dword ptr fs:[00000030h]	0_2_01996962
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01996962 mov eax, dword ptr fs:[00000030h]	0_2_01996962
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FC89D mov eax, dword ptr fs:[00000030h]	0_2_019FC89D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01970887 mov eax, dword ptr fs:[00000030h]	0_2_01970887
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3A8E4 mov eax, dword ptr fs:[00000030h]	0_2_01A3A8E4
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199E8C0 mov eax, dword ptr fs:[00000030h]	0_2_0199E8C0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AC8F9 mov eax, dword ptr fs:[00000030h]	0_2_019AC8F9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AC8F9 mov eax, dword ptr fs:[00000030h]	0_2_019AC8F9
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FC810 mov eax, dword ptr fs:[00000030h]	0_2_019FC810
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1483A mov eax, dword ptr fs:[00000030h]	0_2_01A1483A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1483A mov eax, dword ptr fs:[00000030h]	0_2_01A1483A
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AA830 mov eax, dword ptr fs:[00000030h]	0_2_019AA830
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01992835 mov eax, dword ptr fs:[00000030h]	0_2_01992835
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01992835 mov eax, dword ptr fs:[00000030h]	0_2_01992835
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01992835 mov eax, dword ptr fs:[00000030h]	0_2_01992835
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01992835 mov ecx, dword ptr fs:[00000030h]	0_2_01992835
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01992835 mov eax, dword ptr fs:[00000030h]	0_2_01992835
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01992835 mov eax, dword ptr fs:[00000030h]	0_2_01992835
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01974859 mov eax, dword ptr fs:[00000030h]	0_2_01974859
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01974859 mov eax, dword ptr fs:[00000030h]	0_2_01974859
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A0854 mov eax, dword ptr fs:[00000030h]	0_2_019A0854
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A06870 mov eax, dword ptr fs:[00000030h]	0_2_01A06870
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A06870 mov eax, dword ptr fs:[00000030h]	0_2_01A06870
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01982840 mov ecx, dword ptr fs:[00000030h]	0_2_01982840
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FE872 mov eax, dword ptr fs:[00000030h]	0_2_019FE872
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FE872 mov eax, dword ptr fs:[00000030h]	0_2_019FE872
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A24BB0 mov eax, dword ptr fs:[00000030h]	0_2_01A24BB0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A24BB0 mov eax, dword ptr fs:[00000030h]	0_2_01A24BB0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980BBE mov eax, dword ptr fs:[00000030h]	0_2_01980BBE
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980BBE mov eax, dword ptr fs:[00000030h]	0_2_01980BBE
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01990BCB mov eax, dword ptr fs:[00000030h]	0_2_01990BCB
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01990BCB mov eax, dword ptr fs:[00000030h]	0_2_01990BCB
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01990BCB mov eax, dword ptr fs:[00000030h]	0_2_01990BCB
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01970BCD mov eax, dword ptr fs:[00000030h]	0_2_01970BCD
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01970BCD mov eax, dword ptr fs:[00000030h]	0_2_01970BCD
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01970BCD mov eax, dword ptr fs:[00000030h]	0_2_01970BCD
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199EBFC mov eax, dword ptr fs:[00000030h]	0_2_0199EBFC
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01978BF0 mov eax, dword ptr fs:[00000030h]	0_2_01978BF0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01978BF0 mov eax, dword ptr fs:[00000030h]	0_2_01978BF0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01978BF0 mov eax, dword ptr fs:[00000030h]	0_2_01978BF0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FCBF0 mov eax, dword ptr fs:[00000030h]	0_2_019FCBF0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1EBD0 mov eax, dword ptr fs:[00000030h]	0_2_01A1EBD0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EEB1D mov eax, dword ptr fs:[00000030h]	0_2_019EEB1D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EEB1D mov eax, dword ptr fs:[00000030h]	0_2_019EEB1D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EEB1D mov eax, dword ptr fs:[00000030h]	0_2_019EEB1D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EEB1D mov eax, dword ptr fs:[00000030h]	0_2_019EEB1D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EEB1D mov eax, dword ptr fs:[00000030h]	0_2_019EEB1D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EEB1D mov eax, dword ptr fs:[00000030h]	0_2_019EEB1D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EEB1D mov eax, dword ptr fs:[00000030h]	0_2_019EEB1D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EEB1D mov eax, dword ptr fs:[00000030h]	0_2_019EEB1D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019EEB1D mov eax, dword ptr fs:[00000030h]	0_2_019EEB1D
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A38B28 mov eax, dword ptr fs:[00000030h]	0_2_01A38B28
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A38B28 mov eax, dword ptr fs:[00000030h]	0_2_01A38B28
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199EB20 mov eax, dword ptr fs:[00000030h]	0_2_0199EB20
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199EB20 mov eax, dword ptr fs:[00000030h]	0_2_0199EB20
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A06B40 mov eax, dword ptr fs:[00000030h]	0_2_01A06B40
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A06B40 mov eax, dword ptr fs:[00000030h]	0_2_01A06B40
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A3AB40 mov eax, dword ptr fs:[00000030h]	0_2_01A3AB40
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A18B42 mov eax, dword ptr fs:[00000030h]	0_2_01A18B42
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0196CB7E mov eax, dword ptr fs:[00000030h]	0_2_0196CB7E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A24B4B mov eax, dword ptr fs:[00000030h]	0_2_01A24B4B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A24B4B mov eax, dword ptr fs:[00000030h]	0_2_01A24B4B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1EB50 mov eax, dword ptr fs:[00000030h]	0_2_01A1EB50
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A8A90 mov edx, dword ptr fs:[00000030h]	0_2_019A8A90
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197EA80 mov eax, dword ptr fs:[00000030h]	0_2_0197EA80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197EA80 mov eax, dword ptr fs:[00000030h]	0_2_0197EA80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197EA80 mov eax, dword ptr fs:[00000030h]	0_2_0197EA80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197EA80 mov eax, dword ptr fs:[00000030h]	0_2_0197EA80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197EA80 mov eax, dword ptr fs:[00000030h]	0_2_0197EA80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197EA80 mov eax, dword ptr fs:[00000030h]	0_2_0197EA80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197EA80 mov eax, dword ptr fs:[00000030h]	0_2_0197EA80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197EA80 mov eax, dword ptr fs:[00000030h]	0_2_0197EA80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0197EA80 mov eax, dword ptr fs:[00000030h]	0_2_0197EA80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A44A80 mov eax, dword ptr fs:[00000030h]	0_2_01A44A80
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01978AA0 mov eax, dword ptr fs:[00000030h]	0_2_01978AA0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01978AA0 mov eax, dword ptr fs:[00000030h]	0_2_01978AA0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019C6AA4 mov eax, dword ptr fs:[00000030h]	0_2_019C6AA4
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01970AD0 mov eax, dword ptr fs:[00000030h]	0_2_01970AD0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A4AD0 mov eax, dword ptr fs:[00000030h]	0_2_019A4AD0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019A4AD0 mov eax, dword ptr fs:[00000030h]	0_2_019A4AD0
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019C6ACC mov eax, dword ptr fs:[00000030h]	0_2_019C6ACC
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019C6ACC mov eax, dword ptr fs:[00000030h]	0_2_019C6ACC
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019C6ACC mov eax, dword ptr fs:[00000030h]	0_2_019C6ACC
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AAAEE mov eax, dword ptr fs:[00000030h]	0_2_019AAAEE
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019AAAEE mov eax, dword ptr fs:[00000030h]	0_2_019AAAEE
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019FCA11 mov eax, dword ptr fs:[00000030h]	0_2_019FCA11
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019ACA38 mov eax, dword ptr fs:[00000030h]	0_2_019ACA38
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01994A35 mov eax, dword ptr fs:[00000030h]	0_2_01994A35
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01994A35 mov eax, dword ptr fs:[00000030h]	0_2_01994A35
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_0199EA2E mov eax, dword ptr fs:[00000030h]	0_2_0199EA2E
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019ACA24 mov eax, dword ptr fs:[00000030h]	0_2_019ACA24
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A1EA60 mov eax, dword ptr fs:[00000030h]	0_2_01A1EA60
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980A5B mov eax, dword ptr fs:[00000030h]	0_2_01980A5B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01980A5B mov eax, dword ptr fs:[00000030h]	0_2_01980A5B
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01976A50 mov eax, dword ptr fs:[00000030h]	0_2_01976A50
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01976A50 mov eax, dword ptr fs:[00000030h]	0_2_01976A50
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01976A50 mov eax, dword ptr fs:[00000030h]	0_2_01976A50
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01976A50 mov eax, dword ptr fs:[00000030h]	0_2_01976A50
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01976A50 mov eax, dword ptr fs:[00000030h]	0_2_01976A50
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01976A50 mov eax, dword ptr fs:[00000030h]	0_2_01976A50
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01976A50 mov eax, dword ptr fs:[00000030h]	0_2_01976A50
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019ECA72 mov eax, dword ptr fs:[00000030h]	0_2_019ECA72
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019ECA72 mov eax, dword ptr fs:[00000030h]	0_2_019ECA72
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019ACA6F mov eax, dword ptr fs:[00000030h]	0_2_019ACA6F
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019ACA6F mov eax, dword ptr fs:[00000030h]	0_2_019ACA6F
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019ACA6F mov eax, dword ptr fs:[00000030h]	0_2_019ACA6F
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A44DAD mov eax, dword ptr fs:[00000030h]	0_2_01A44DAD
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A38DAE mov eax, dword ptr fs:[00000030h]	0_2_01A38DAE
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01A38DAE mov eax, dword ptr fs:[00000030h]	0_2_01A38DAE
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01998DBF mov eax, dword ptr fs:[00000030h]	0_2_01998DBF
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_01998DBF mov eax, dword ptr fs:[00000030h]	0_2_01998DBF
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019ACDB1 mov ecx, dword ptr fs:[00000030h]	0_2_019ACDB1
Source: C:\Users\user\Desktop\SWIFT.exe	Code function: 0_2_019ACDB1 mov eax, dword ptr fs:[00000030h]	0_2_019ACDB1

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Stealing of Sensitive Information

Yara detected FormBook

Source: Yara match	File source: 0.2.SWIFT.exe.ef0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1785571102.00000000018D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1785327912.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

Remote Access Functionality

Yara detected FormBook

Source: Yara match	File source: 0.2.SWIFT.exe.ef0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1785571102.00000000018D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1785327912.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	2 Virtualization/Sandbox Evasion	OS Credential Dumping	2 Security Software Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	2 Software Packing	LSASS Memory	2 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	1 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	3 Obfuscated Files or Information	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label
SWIFT.exe	88%	ReversingLabs	Win32.Backdoor.FormBook
SWIFT.exe	100%	Avira	TR/Crypt.ZPACK.Gen
SWIFT.exe	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false		unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1519450
Start date and time:	2024-09-26 15:09:11 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 39s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SWIFT.exe
Detection:	MAL
Classification:	mal80.troj.winEXE@1/0@0/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 97% Number of executed functions: 10 Number of non-executed functions: 330
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded IPs from analysis (whitelisted): 20.12.23.50, 93.184.221.240
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, wu.azureedge.net, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Report size exceeded maximum capacity and may have missing disassembly code.
VT rate limit hit for: SWIFT.exe

Simulations

Behavior and APIs

Time	Type	Description
09:10:44	API Interceptor	3x Sleep call for process: SWIFT.exe modified

Joe Sandbox View / Context

IPs

⊘No context

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
fp2e7a.wpc.phicdn.net	http://erptanacsadas.hu.pages.services/secure-business-document/?ts=1726767567620	Get hash	malicious	HtmlDropper	Browse	192.229.221.95
	https://urbantechvibeos.za.com/xnVG/	Get hash	malicious	HTMLPhisher	Browse	192.229.221.95
	https://finalsteptogo.com/uploads/il4.txt	Get hash	malicious	Unknown	Browse	192.229.221.95
	http://t.nypost.com/1/e/r?aqet=clk&r=2&ca=35257893&v0=rhn21600@pvwfzajcv.com&yf=//youtube.com.com/q/ndppd/aanqtpx/YW1hbmRhLm1pbGxlckB5Ym9ubGluZS5jby51aw==&ru=//eddieslawn.com/q/ndppd/aanqtpx/YW1hbmRhLm1pbGxlckB5Ym9ubGluZS5jby51aw==&yf=//eduyieldyf.com/q/ndppd/aanqtpx/YW1hbmRhLm1pbGxlckB5Ym9ubGluZS5jby51aw==	Get hash	malicious	HTMLPhisher	Browse	192.229.221.95
	https://game-repack.site/2024/09/26/bloodborne	Get hash	malicious	Unknown	Browse	192.229.221.95
	http://instructionhub.net/?gad_source=2&gclid=EAIaIQobChMI-pqSm7HgiAMVbfB5BB3YEjS_EAAYASAAEgJAAPD_BwE	Get hash	malicious	WinSearchAbuse	Browse	192.229.221.95
	http://ti6.htinenate.com	Get hash	malicious	Unknown	Browse	192.229.221.95
	FkGxLJH08w.js	Get hash	malicious	Unknown	Browse	192.229.221.95
	ArCJ8k69CP.js	Get hash	malicious	Unknown	Browse	192.229.221.95
	https://coreleete.de/pt/Odrivex/	Get hash	malicious	HTMLPhisher	Browse	192.229.221.95

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.963866298138486
TrID:	Win32 Executable (generic) a (10002005/4) 99.98% DOS Executable Generic (2002/1) 0.02%
File name:	SWIFT.exe
File size:	287'232 bytes
MD5:	465973fa54e5fd54a551b13a73f2c6cd
SHA1:	76595877d28c884913df6b8f20285f41df0f7476
SHA256:	239c18582da00658ece4b6d51f5a1f923bc63ede887fdf5b820c82a3723f394a
SHA512:	b28abfda73238a0740ec7b53727addd668c9a0168c7047b18532966aaedca16cb3dbeaf39969615ac840669717f4df2139226e7984171a2d6238efd9ef9c9ab9
SSDEEP:	6144:U7QHHIJOFNEpsUSKIDEQoI0N1ryniSxGqBFWiQHTVSO:Uk4OnEpsUSKIDEQJu1unips9IQ
TLSH:	355422F3AB85C0D5E9252EF15E9EAF9541898F4B1D364BC56B073C5A7338290623C32D
File Content Preview:	MZER.....X.......<......(...............................................!..L.!This program cannot be run in DOS mode....$.......y...=`g.=`g.=`g.....:`g.....<`g.....<`g.Rich=`g.........PE..L...Xt.^.................P...................`....@................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x4015b0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x5EE17458 [Thu Jun 11 00:01:28 2020 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
sub esp, 00000308h
push ebx
push esi
push edi
push 000002ECh
lea eax, dword ptr [ebp-00000304h]
push 00000000h
push eax
mov dword ptr [ebp-00000308h], 00000000h
call 00007F3E006DD86Ch
mov dword ptr [ebp-18h], 00002316h
mov dword ptr [ebp-04h], 00000031h
mov dword ptr [ebp-14h], 0000352Bh
mov dword ptr [ebp-0Ch], 00007F4Bh
mov dword ptr [ebp-10h], 00003A88h
call 00007F3E006DDB34h
mov dword ptr [ebp-78h], eax
lea eax, dword ptr [ebp-00000300h]
push eax
push 0000039Bh
call 00007F3E006DBB40h
add esp, 14h
mov ebx, 00002DF1h
lea ecx, dword ptr [ecx+00h]
mov eax, 151D07EBh
imul ebx
sar edx, 04h
mov ebx, edx
shr ebx, 1Fh
add ebx, edx
jne 00007F3E006DBE3Fh
mov esi, 00005291h
jmp 00007F3E006DBE58h
lea ebx, dword ptr [ebx+00000000h]
mov eax, 473C1AB7h
imul esi
sar edx, 06h
mov esi, edx
shr esi, 1Fh
add esi, edx
jne 00007F3E006DBE3Fh
lea eax, dword ptr [ebp-0000027Ch]
push eax
push 00005D59h
call 00007F3E006DBAF1h
lea eax, dword ptr [ebp-0000027Ch]
push 08F93FA4h
push eax
call 00007F3E006DC430h
lea eax, dword ptr [ebp+00000084h]

Rich Headers

Programming Language:

[C++] VS2012 build 50727
[ASM] VS2012 build 50727
[LNK] VS2012 build 50727

Data Directories

Name	Virtual Address	Virtual Size
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x44ee4	0x45000	919e267f31ec20963e95ddce4ef81f84	False	0.988967674365942	data	7.99490496710245	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Network Behavior

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 26, 2024 15:10:54.959064960 CEST	1.1.1.1	192.168.2.8	0x1687	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 26, 2024 15:10:54.959064960 CEST	1.1.1.1	192.168.2.8	0x1687	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

System Behavior

Analysis Process: SWIFT.exePID: 1012, Parent PID: 4084

General

Target ID:	0
Start time:	09:10:36
Start date:	26/09/2024
Path:	C:\Users\user\Desktop\SWIFT.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SWIFT.exe"
Imagebase:	0xef0000
File size:	287'232 bytes
MD5 hash:	465973FA54E5FD54A551B13A73F2C6CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.1785571102.00000000018D0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.1785571102.00000000018D0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.1785327912.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.1785327912.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: SWIFT.exePID: 1012, Parent PID: 4084COMMON

Execution Graph

Execution Coverage:	0.8%
Dynamic/Decrypted Code Coverage:	5.4%
Signature Coverage:	9.8%
Total number of Nodes:	112
Total number of Limit Nodes:	12

Executed Functions

Function 00F075F3 Relevance: 1.5, APIs: 1, Instructions: 48
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00F07665

Memory Dump Source

Source File: 00000000.00000002.1785327912.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.1785312585.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_SWIFT.jbxd

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 89db293b298fe0c12458df407a44d2f821da8a9ce99c989979f984b8acfd5efa
Instruction ID: 6082b0c23cbe0c84dc63de5fd0adb06de9aff0011044b4bc0a8db050ac6e77c0
Opcode Fuzzy Hash: 89db293b298fe0c12458df407a44d2f821da8a9ce99c989979f984b8acfd5efa
Instruction Fuzzy Hash: D20121B5D0020DABDF10EBE4DC42FDEB778AB54304F0081A5E90997281F675EB58AB91

Function 00F1C483 Relevance: 1.5, APIs: 1, Instructions: 25
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 00F1C4BA

Memory Dump Source

Source File: 00000000.00000002.1785327912.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.1785312585.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_SWIFT.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: ac97b4c43902d33c4ec92173f30c2d26f5861e0743695127f772d8a548054a39
Instruction ID: ba7f3dcd10b6e77df6960dc8b6916265a8f549fa7aca37f0fd2138acad8cbed6
Opcode Fuzzy Hash: ac97b4c43902d33c4ec92173f30c2d26f5861e0743695127f772d8a548054a39
Instruction Fuzzy Hash: BBE04F352002047BC610BA69DC41F9777ACDFC5B10F10441AFA1C67182C6B1BA0186A1

Function 019B2B60 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 019B2B6A

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 1450a16c9479ada7d0e3daff7e1a78b0ee8a75826d7cef3d806a0ca601e89144
Instruction ID: 9403930d3818d4bdc237e46fcd02fc9553769bdc08c1edcd2b0f5a2a5b06ee0e
Opcode Fuzzy Hash: 1450a16c9479ada7d0e3daff7e1a78b0ee8a75826d7cef3d806a0ca601e89144
Instruction Fuzzy Hash: D3900261202500034105715D4418616804E97E0601B55C025E1454590DC52689916226

Function 019B2DF0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 019B2DFA

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: bdbe98773f166c4b03beb97bc556d95f5a3b4bbdd9d7530fe07f9f36ae1c034a
Instruction ID: b6ba6445005381e23c074b49bc5fc46735f2de8aa1404d9ada11d2f24677947e
Opcode Fuzzy Hash: bdbe98773f166c4b03beb97bc556d95f5a3b4bbdd9d7530fe07f9f36ae1c034a
Instruction Fuzzy Hash: A690023120150413D111715D4508707404D97D0641F95C416A0864558DD6578A52A222

Function 019B2C70 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 019B2C7A

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 276d53b872da03feb236c8e65ec828f7c2057d930a355b36b3bfa19a0e590416
Instruction ID: e4db71e05a550855e1bb56a6521eee0d899e815798e4ab91d795cab115bd0634
Opcode Fuzzy Hash: 276d53b872da03feb236c8e65ec828f7c2057d930a355b36b3bfa19a0e590416
Instruction Fuzzy Hash: 7390023120158802D110715D840874A404997D0701F59C415A4864658DC69689917222

Function 019B35C0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 019B35CA

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: c9ae0fa1434d86dad15fbea305fea12893509184904a1354b41e5a44900b9ee7
Instruction ID: 09062d2f6dc61e30a108a396d8538426a5c6145c516dfae7210b717ebb33cf4a
Opcode Fuzzy Hash: c9ae0fa1434d86dad15fbea305fea12893509184904a1354b41e5a44900b9ee7
Instruction Fuzzy Hash: 6E90023160560402D100715D4518706504997D0601F65C415A0864568DC7968A5166A3

Function 00F1C7F3 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(00000000,00000004,00000000,68AFBEA1,00000007,00000000,00000004,00000000,00F06E75,000000F4), ref: 00F1C832

Memory Dump Source

Source File: 00000000.00000002.1785327912.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.1785312585.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_SWIFT.jbxd

Yara matches

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 1e96225afe08b9273e61a5852ac3e22411838b467e08afe5843f7510d07b2ee8
Instruction ID: 140739432e93d8eccef5dbd5a35de8aec186177d0728ced89d29ee68a1adc3bb
Opcode Fuzzy Hash: 1e96225afe08b9273e61a5852ac3e22411838b467e08afe5843f7510d07b2ee8
Instruction Fuzzy Hash: A4E06DB12042087BC610EE58DC41FDB77ACDFC5710F000409F908A7241D6B1B9118AB5

Function 00F1C7A3 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00F0E434,?,?,00000000,?,00F0E434,?,?,?), ref: 00F1C7DF

Memory Dump Source

Source File: 00000000.00000002.1785327912.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.1785312585.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_SWIFT.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 64c00d02f523502eb1660e3799242fc5495c015b61913834d372ac60d948e997
Instruction ID: bbef1ac470222b437ee36587bf7c76d135a79d9045eb9abe0b5ca8862026af90
Opcode Fuzzy Hash: 64c00d02f523502eb1660e3799242fc5495c015b61913834d372ac60d948e997
Instruction Fuzzy Hash: 34E06DB22002047BC610EF58EC41EAB77ADDFC5750F000419F918A7281D771BA108BB5

Function 00F1C843 Relevance: 1.5, APIs: 1, Instructions: 25
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?), ref: 00F1C87A

Memory Dump Source

Source File: 00000000.00000002.1785327912.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000000.00000002.1785312585.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ef0000_SWIFT.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 70dbe3668ed7c10ea1d60b24a3b03d86c8d677dc8f3fa783b2cedd13162d6288
Instruction ID: ac5d7d3ed3104773604322fad0969ea28c8ddc372f21e206d9f2c40e51043fdd
Opcode Fuzzy Hash: 70dbe3668ed7c10ea1d60b24a3b03d86c8d677dc8f3fa783b2cedd13162d6288
Instruction Fuzzy Hash: 09E046362006047BD220BB59DC41F9B77ACEBC5B20F408415FA08A7281CAB1BA0187F0

Function 019B2C0A Relevance: 1.5, APIs: 1, Instructions: 8
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 019B2C24

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 59c926e8ad3f749f031143552928866c23f695cce07cbd687ae47eba1740bac4
Instruction ID: 2671905b16960eb7a1cf2b8e55f745b529dd6f263d206da91a652c66d3e9cd7e
Opcode Fuzzy Hash: 59c926e8ad3f749f031143552928866c23f695cce07cbd687ae47eba1740bac4
Instruction Fuzzy Hash: 6CB09B71D015C5C5DA11E764470C7177A44B7D0702F15C065D2470641F4739D5D1E276

Non-executed Functions

Function 019F2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON

Download Yara Rule

Strings

UseImpersonatedDeviceMap, xrefs: 019F251C
CFGOptions, xrefs: 019F2967
MaxDeadActivationContexts, xrefs: 019F2D82
minkernel\ntdll\ldrinit.c, xrefs: 019F3187
FrontEndHeapDebugOptions, xrefs: 019F2489
MaxLoaderThreads, xrefs: 019F24EC
@, xrefs: 019F2942
GlobalFlag2, xrefs: 019F2FC0
RaiseExceptionOnPossibleDeadlock, xrefs: 019F2579
DisableExceptionChainValidation, xrefs: 019F275F
ShutdownFlags, xrefs: 019F24A1
Initializing the application verifier package failed with status 0x%08lx, xrefs: 019F3176
ExecuteOptions, xrefs: 019F25A0
LdrpInitializeExecutionOptions, xrefs: 019F317D
MinimumStackCommitInBytes, xrefs: 019F2BB0
@, xrefs: 019F2B74
DisableHeapLookaside, xrefs: 019F246D
TracingFlags, xrefs: 019F2549
UnloadEventTraceDepth, xrefs: 019F24C0
GlobalFlag, xrefs: 019F2F3F, 019F3059

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
API String ID: 0-2160512332
Opcode ID: 61ac5e61a6c15b2e77e0475ab8e2b14485ec07057437fd3453d6f4601f16f79a
Instruction ID: c6dcb19be0b64ec18b71404e75449d3c0f492944d022ecf514efacb67b2f0192
Opcode Fuzzy Hash: 61ac5e61a6c15b2e77e0475ab8e2b14485ec07057437fd3453d6f4601f16f79a
Instruction Fuzzy Hash: 85928D71604742ABE721DF28C880F6BBBE8BB84754F14492DFB98D7290D774E944CB92

Function 019668B8 Relevance: 19.0, Strings: 15, Instructions: 249COMMON

Download Yara Rule

Strings

SE_DllUnloaded, xrefs: 019669A5
SE_ShimDllLoaded, xrefs: 019668F1
SE_GetProcAddressForCaller, xrefs: 01966A59
minkernel\ntdll\ldrinit.c, xrefs: 019C9BC3
SE_InitializeEngine, xrefs: 019668C5
SE_LdrResolveDllName, xrefs: 01966A2C
SE_InstallBeforeInit, xrefs: 0196691E
LdrpGetShimEngineInterface, xrefs: 019C9BB9
SE_LdrEntryRemoved, xrefs: 019669D2
SE_DllLoaded, xrefs: 01966978
SE_ProcessDying, xrefs: 019669FF
Could not locate procedure "%s" in the shim engine DLL, xrefs: 019C9BB3
SE_InstallAfterInit, xrefs: 0196694B
ApphelpCheckModule, xrefs: 01966A86
apphelp.dll, xrefs: 0196698A

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: ApphelpCheckModule$Could not locate procedure "%s" in the shim engine DLL$LdrpGetShimEngineInterface$SE_DllLoaded$SE_DllUnloaded$SE_GetProcAddressForCaller$SE_InitializeEngine$SE_InstallAfterInit$SE_InstallBeforeInit$SE_LdrEntryRemoved$SE_LdrResolveDllName$SE_ProcessDying$SE_ShimDllLoaded$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 0-3089669407
Opcode ID: 30ece9ff441495bb1185a07d5f13dce97090115e3cb3aa514d0b47b7171d9368
Instruction ID: 43c4d840c2aba41a3fd518424a705659149c9c34f1122929225d9137bbf9b457
Opcode Fuzzy Hash: 30ece9ff441495bb1185a07d5f13dce97090115e3cb3aa514d0b47b7171d9368
Instruction Fuzzy Hash: FD8162B2D01209BF9B11EBE4DDD0EDF77BDAB54A54B150426F908F7110E631DE058BA1

Function 01A15910 Relevance: 18.5, Strings: 14, Instructions: 963COMMON

Download Yara Rule

Strings

\Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 01A15FE1
LanguageConfigurationPending, xrefs: 01A16221
PreferredUILanguages, xrefs: 01A163D1
LanguageConfiguration, xrefs: 01A16420
PreferredUILanguagesPending, xrefs: 01A161D2
Control Panel\Desktop, xrefs: 01A1615E
@, xrefs: 01A16277
\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 01A1635D
*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!, xrefs: 01A15A84
@, xrefs: 01A1647A
InstallLanguageFallback, xrefs: 01A16050
@, xrefs: 01A16027
@, xrefs: 01A163A0
@, xrefs: 01A161B0

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!$@$@$@$@$@$Control Panel\Desktop$InstallLanguageFallback$LanguageConfiguration$LanguageConfigurationPending$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
API String ID: 0-1325123933
Opcode ID: b6ec5a1f78136b5b0b84620025a26b91108d57ed64556f054684b81f12da778b
Instruction ID: 42644d7930ee566c7f843abb65ce8cdbe57e6c4568296e1e0162865c8b471e0a
Opcode Fuzzy Hash: b6ec5a1f78136b5b0b84620025a26b91108d57ed64556f054684b81f12da778b
Instruction Fuzzy Hash: C67268B19083419FD321DF28C980BABBBE9BBC9710F44492DFA89D7254E770D905CB92

Function 019A8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON

Download Yara Rule

Strings

Invalid debug info address of this critical section, xrefs: 019E54B6
Critical section debug info address, xrefs: 019E541F, 019E552E
Thread identifier, xrefs: 019E553A
undeleted critical section in freed memory, xrefs: 019E542B
Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 019E540A, 019E5496, 019E5519
double initialized or corrupted critical section, xrefs: 019E5508
First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 019E54E2
Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 019E54CE
8, xrefs: 019E52E3
Critical section address., xrefs: 019E5502
Thread is in a state in which it cannot own a critical section, xrefs: 019E5543
corrupted critical section, xrefs: 019E54C2
Critical section address, xrefs: 019E5425, 019E54BC, 019E5534
Address of the debug info found in the active list., xrefs: 019E54AE, 019E54FA

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
API String ID: 0-2368682639
Opcode ID: d376ba1c8025f11ec7fc7aeca0ebf09eb750558114b092d33afe0a6fa04bebcc
Instruction ID: a7813df4330ffaa308eff642024c6bb324478e83a8246fbbbf39511775addf46
Opcode Fuzzy Hash: d376ba1c8025f11ec7fc7aeca0ebf09eb750558114b092d33afe0a6fa04bebcc
Instruction Fuzzy Hash: E8819E74A00348EFEB61CF9AC845FAEBBF9BB48B09F114159E90CB7251D371A945CB60

Function 019A29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON

Download Yara Rule

Strings

SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 019E22E4
SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 019E2412
@, xrefs: 019E259B
RtlpResolveAssemblyStorageMapEntry, xrefs: 019E261F
SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 019E24C0
SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 019E2498
SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 019E2409
SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 019E2602
SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 019E25EB
SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 019E2624
SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 019E2506

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
API String ID: 0-4009184096
Opcode ID: c1acf9448302447629b6fadff231c71727f229410e6f2739d04dc96068e7c982
Instruction ID: 4360268797180b768106d2decb83dba0e6aee86cd25713ea3fb76e203f4e2fd5
Opcode Fuzzy Hash: c1acf9448302447629b6fadff231c71727f229410e6f2739d04dc96068e7c982
Instruction Fuzzy Hash: 5B0251B1D002299BDB31DB54CD84BDAB7BCAB54704F4045DAA60DA7241EB30AF84CF99

Function 019A0F30 Relevance: 13.3, Strings: 10, Instructions: 764COMMON

Download Yara Rule

Strings

%, xrefs: 019A0F7E
%%%u, xrefs: 019E14CC
h, xrefs: 019A0FB0
w, xrefs: 019A0FBA
l, xrefs: 019A0FC4
9, xrefs: 019A0F9C
0, xrefs: 019A0F92
%%%u!%s!, xrefs: 019E14A1
, xrefs: 019A0FEC
!, xrefs: 019A0FA6

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: $!$%$%%%u$%%%u!%s!$0$9$h$l$w
API String ID: 0-360209818
Opcode ID: 63f71d557851d0b679575e8dac5c35f4366f1ce02f318c57352be7513a88fa58
Instruction ID: e46e201056f8222b5004ab232c44ca8de7457c01be1ad72afe8b3f31d36c8950
Opcode Fuzzy Hash: 63f71d557851d0b679575e8dac5c35f4366f1ce02f318c57352be7513a88fa58
Instruction Fuzzy Hash: D762AFB5E002298FDB25CF18C844BA9BBF6BF95711F5482EAD54DAB240D7329AD1CF40

Function 01A18B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON

Download Yara Rule

Strings

runtimebroker.exe, xrefs: 01A18B73
csrss.exe, xrefs: 01A18B80
lsass.exe, xrefs: 01A18BA1
services.exe, xrefs: 01A18B96
DefaultBrowser_NOPUBLISHERID, xrefs: 01A18D00
http://schemas.microsoft.com/SMI/2020/WindowsSettings, xrefs: 01A18BD0
SegmentHeap, xrefs: 01A18BE9
heapType, xrefs: 01A18BCB
smss.exe, xrefs: 01A18B8B
svchost.exe, xrefs: 01A18B68

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
API String ID: 0-2515994595
Opcode ID: d8d38b0e90d7534f5eafc31a1d7aa5358241efba38cdf2df54f104fc2849eeaa
Instruction ID: 0ae32f6ff5e1d0ce1219788a1628a7cce79e5789c1370e43c3e2e2a53a5c3c5d
Opcode Fuzzy Hash: d8d38b0e90d7534f5eafc31a1d7aa5358241efba38cdf2df54f104fc2849eeaa
Instruction Fuzzy Hash: 2B51D0B16043159FD729CF588984BABBBE8FFD4240F544A2DE999C3244E778D608CBD2

Function 01A212ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON

Download Yara Rule

Strings

Heap block at %p has incorrect segment offset (%x), xrefs: 01A2181A
Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x), xrefs: 01A218F8
Heap entry %p has incorrect PreviousSize field (%04x instead of %04x), xrefs: 01A2186B
Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x), xrefs: 01A218A5
Heap block at %p is not last block in segment (%p), xrefs: 01A217B7
Heap block at %p has corrupted PreviousSize (%lx), xrefs: 01A2176D
Free Heap block %p modified at %p after it was freed, xrefs: 01A2171B
HEAP: , xrefs: 01A21706, 01A21756, 01A217A8, 01A21809, 01A2184D, 01A21895, 01A218E6
HEAP[%wZ]: , xrefs: 01A216CD, 01A216F9, 01A21749, 01A2179B, 01A217FC, 01A21840, 01A218D9

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
API String ID: 0-3591852110
Opcode ID: 2869e270ddf13dffbe4756aa3a3eb695ff0eaf7e91cdeb70a1df83cbfc87e4ea
Instruction ID: b76be54932227e0bbf8e4c19e69859c60e42fc2f5a610ef983ec375e4a03d484
Opcode Fuzzy Hash: 2869e270ddf13dffbe4756aa3a3eb695ff0eaf7e91cdeb70a1df83cbfc87e4ea
Instruction Fuzzy Hash: 3912B130600652DFE725CF6DC485BBABBF6FF49714F188459E48A8B642E734E981CB90

Function 0198AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON

Download Yara Rule

Strings

LdrpFindLoadedDllInternal, xrefs: 019D82D7
LdrGetDllHandleEx, xrefs: 019D807C, 019D83B2
LdrpInitializeDllPath, xrefs: 019D80AD
Status: 0x%08lx, xrefs: 019D82D0, 019D83AB
DLL name: %wZ, xrefs: 019D8075
minkernel\ntdll\ldrfind.c, xrefs: 019D82E1
minkernel\ntdll\ldrutil.c, xrefs: 019D80B7
minkernel\ntdll\ldrapi.c, xrefs: 019D8086, 019D83BC
DLL search path passed in externally: %ws, xrefs: 019D80A6

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
API String ID: 0-3197712848
Opcode ID: cf5bb923d4ac0c083b033d35762b7d51383f69187dea9b3a4ca042de109fa0ac
Instruction ID: fd01f0f0fe27de103999a11cfd9a2a6019e66c6a4abcb80e21cacbb39e0b1a03
Opcode Fuzzy Hash: cf5bb923d4ac0c083b033d35762b7d51383f69187dea9b3a4ca042de109fa0ac
Instruction Fuzzy Hash: 2912D1716083429FD725EF28C440BAAB7E9BFC4714F08491EF98D9B292E734D945CB92

Function 0196D34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON

Download Yara Rule

Strings

PreferredUILanguages, xrefs: 0196D4B8, 0196D4C5
@, xrefs: 0196D3E9
Control Panel\Desktop\MuiCached, xrefs: 0196D62B
MachinePreferredUILanguages, xrefs: 0196D685
PreferredUILanguagesPending, xrefs: 019CA8DE
Control Panel\Desktop, xrefs: 0196D45D
@, xrefs: 0196D49D
@, xrefs: 0196D663
\Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 0196D3B6

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
API String ID: 0-3532704233
Opcode ID: 706098cef3aa610db9cce664f8aa4298b70d4d03ba420ee606ebcefb616b3ac2
Instruction ID: 035c7f0ca742965781e3c65086a65939e2907274e29a06528c3117cf42242b4a
Opcode Fuzzy Hash: 706098cef3aa610db9cce664f8aa4298b70d4d03ba420ee606ebcefb616b3ac2
Instruction Fuzzy Hash: 1CB18B716083569BD721DF68C880A6BBBECAB88754F05492EF9DDD7240E730DD448BA2

Function 01A20CB5 Relevance: 10.4, Strings: 8, Instructions: 402COMMON

Download Yara Rule

Strings

Pseudo Tag %04x size incorrect (%Ix != %Ix) %p, xrefs: 01A2113D
Total size of free blocks in arena (%Id) does not match number total in heap header (%Id), xrefs: 01A2106F
Tag %04x (%ws) size incorrect (%Ix != %Ix) %p, xrefs: 01A21192
Non-Dedicated free list element %p is out of order, xrefs: 01A20E6D
dedicated (%04Ix) free list element %p is marked busy, xrefs: 01A20ED1
Number of free blocks in arena (%ld) does not match number in the free lists (%ld), xrefs: 01A20FE4
HEAP: , xrefs: 01A20E61, 01A20EC2, 01A20FD5, 01A2105E, 01A21124, 01A21178
HEAP[%wZ]: , xrefs: 01A20E54, 01A20EB5, 01A20FC8, 01A21051, 01A21117, 01A2116B

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
API String ID: 0-1357697941
Opcode ID: f42c0a4caa0c9566df82d5d787dda9bf8fa3a6077a76cf0dbeada9e375f4ce49
Instruction ID: 7fc9ebae9f7ad7348a46aa09d54c10afa639eb23d1ddd49af321cf8c029a29d8
Opcode Fuzzy Hash: f42c0a4caa0c9566df82d5d787dda9bf8fa3a6077a76cf0dbeada9e375f4ce49
Instruction Fuzzy Hash: 62F10431A046A6EFDB25CF6CC140BAABBF5FF09714F088059E58A9B252D734A985CB50

Function 01A20274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON

Download Yara Rule

Strings

RtlReAllocateHeap, xrefs: 01A202BF, 01A20362
Just reallocated block at %p to %Ix bytes, xrefs: 01A205F1
Just reallocated block at %p to 0x%Ix bytes with tag %ws, xrefs: 01A2069F
About to rellocate block at %p to 0x%Ix bytes with tag %ws, xrefs: 01A204D3
About to reallocate block at %p to %Ix bytes, xrefs: 01A203BA
Invalid allocation size - %Ix (exceeded %Ix), xrefs: 01A206EA
HEAP: , xrefs: 01A203A6, 01A204B5, 01A205DD, 01A20682, 01A206D9
HEAP[%wZ]: , xrefs: 01A20399, 01A204A8, 01A205D0, 01A20675, 01A206CC

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
API String ID: 0-1700792311
Opcode ID: 87807586e93b87ecd25b74b5fb753e31654f1d25e617f2123e35cadbe8e97523
Instruction ID: 058906fd4819dc8edac8fad8fd4d219997026a11cb93ea052bdcb5093517de5d
Opcode Fuzzy Hash: 87807586e93b87ecd25b74b5fb753e31654f1d25e617f2123e35cadbe8e97523
Instruction Fuzzy Hash: 00D1FF35600696DFDB22DFACC540AADBBF1FF8A714F088059F44A9B662D735D981CB20

Function 019F89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON

Download Yara Rule

Strings

VerifierFlags, xrefs: 019F8C50
VerifierDebug, xrefs: 019F8CA5
AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 019F8A67
VerifierDlls, xrefs: 019F8CBD
HandleTraces, xrefs: 019F8C8F
AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 019F8A3D
AVRF: -*- final list of providers -*- , xrefs: 019F8B8F

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
API String ID: 0-3223716464
Opcode ID: f73145a73d0d45fafb99090a47b740206e78c3c2f76631b2acd1fb72f0e39466
Instruction ID: c25a32413316f2f577ff59ed353c6cf878a67f3cb48717890bae1f750f92ba82
Opcode Fuzzy Hash: f73145a73d0d45fafb99090a47b740206e78c3c2f76631b2acd1fb72f0e39466
Instruction Fuzzy Hash: BC911272A41306BFD762EF288880F1A7BA8AFA4754F04081CFB4D6B290D730EC05C791

Function 0197EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON

Download Yara Rule

Strings

R, xrefs: 0197EB62
LdrpResSearchResourceInsideDirectory Enter, xrefs: 0197EB58
T, xrefs: 0197EB4E
LdrpResSearchResourceInsideDirectory Exit, xrefs: 0197EB6C
, xrefs: 0197F299
{, xrefs: 019D4643

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
API String ID: 0-1109411897
Opcode ID: a9fe6a3cbee595b09baecbab963afb6b10d19b5131e04da0f266485fc3072127
Instruction ID: acdab613dfb821815a808bceed0ec8566500b07628c7bc23097c9206a985d750
Opcode Fuzzy Hash: a9fe6a3cbee595b09baecbab963afb6b10d19b5131e04da0f266485fc3072127
Instruction Fuzzy Hash: D7A24874A0562A8FDB64CF18CD88BA9BBB5BF85705F1486E9D91DA7650DB309EC0CF00

Function 0196F172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON

Download Yara Rule

Strings

(UCRBlock != NULL), xrefs: 019CDF6F
(!TrailingUCR), xrefs: 019CE3A9
((LONG)FreeEntry->Size > 1), xrefs: 019CE0B3
(LONG)FreeEntry->Size > 1, xrefs: 019CE291
HEAP: , xrefs: 019CDF64, 019CE0A8, 019CE286, 019CE39E
HEAP[%wZ]: , xrefs: 019CDF57, 019CE09B, 019CE279, 019CE391

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
API String ID: 0-523794902
Opcode ID: cf5fa69fd805d6eb724282649f00705ff2b702813e8c62ad62b4c0425f290e22
Instruction ID: e84ffbca4020b3005c45e96f3cd2c52840633547418bbce6836843d2053f5281
Opcode Fuzzy Hash: cf5fa69fd805d6eb724282649f00705ff2b702813e8c62ad62b4c0425f290e22
Instruction Fuzzy Hash: 8142EE312083829FD715DF28D494B6ABBE9FF84B04F08496DE48ACB352D734E945CB62

Function 0197ADE0 Relevance: 8.1, Strings: 6, Instructions: 573COMMON

Download Yara Rule

Strings

MUI, xrefs: 0197B410
LdrpResSearchResourceMappedFile Enter, xrefs: 0197AEB8
H, xrefs: 0197AEC2
LdrpResSearchResourceMappedFile Exit, xrefs: 0197AECC
#, xrefs: 019D363D
J, xrefs: 0197AEAE

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
API String ID: 0-4098886588
Opcode ID: 01c5f5d7927ae1ce39caa69f57b01e87c04b134203cded028f07104f17c64dc3
Instruction ID: b155830a5583004ee2bcba5fff5a332951e804e7c3f4894654bdf45bf5e56036
Opcode Fuzzy Hash: 01c5f5d7927ae1ce39caa69f57b01e87c04b134203cded028f07104f17c64dc3
Instruction Fuzzy Hash: 27329071A052698BEB22CF18C894BEEBBB9BF45341F1441E9E84EA7251D7359F81CF40

Function 0198B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON

Download Yara Rule

Strings

LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx, xrefs: 019D84D0
minkernel\ntdll\ldrutil.c, xrefs: 019D840D, 019D84E1
SxS, xrefs: 019D83ED
API set, xrefs: 019D83F4, 019D83F9
DLL %wZ was redirected to %wZ by %s, xrefs: 019D83FC
LdrpPreprocessDllName, xrefs: 019D8403, 019D84D7

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
API String ID: 0-122214566
Opcode ID: bb2e6eae9b7a28d1562ec01ef4dcf0009641bf9364aa72dd11cf271152fe7d8d
Instruction ID: 375bff9fe7da9460464ae935b0390c915119e8d9ca2eb962d3f0c8206512e651
Opcode Fuzzy Hash: bb2e6eae9b7a28d1562ec01ef4dcf0009641bf9364aa72dd11cf271152fe7d8d
Instruction Fuzzy Hash: 3FC15B31A00216ABDF25AF68C891F7EBBA9BF95710F1C8069ED0F9B291D774C844C391

Function 019A63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON

Download Yara Rule

Strings

NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop, xrefs: 019E41FE
_LdrpInitialize, xrefs: 019E40DF, 019E4141, 019E4205, 019E425F
minkernel\ntdll\ldrinit.c, xrefs: 019E40E9, 019E414B, 019E420F, 019E4269
Process initialization failed with status 0x%08lx, xrefs: 019E413A
Delaying execution failed with status 0x%08lx, xrefs: 019E4258
LDR:MRDATA: Process initialization failed with status 0x%08lx, xrefs: 019E40D8

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
API String ID: 0-792281065
Opcode ID: 62cc76967fcf2a76ef05da6f3b426d8b1f5f0dd65d608868664f9d09581af72d
Instruction ID: d800d1e10013fb5e4c21e791ddbda2cedb8e6683efb09f0fb2c346878a3afc4f
Opcode Fuzzy Hash: 62cc76967fcf2a76ef05da6f3b426d8b1f5f0dd65d608868664f9d09581af72d
Instruction Fuzzy Hash: B09126B0B00315DBEB26DF58D848BAA7BE5FF91B65F48002CE90CAB291D7749806C7D1

Function 0196645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON

Download Yara Rule

Strings

Getting the shim engine exports failed with status 0x%08lx, xrefs: 019C9A01
Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 019C99ED
minkernel\ntdll\ldrinit.c, xrefs: 019C9A11, 019C9A3A
LdrpInitShimEngine, xrefs: 019C99F4, 019C9A07, 019C9A30
Loading the shim engine DLL failed with status 0x%08lx, xrefs: 019C9A2A
apphelp.dll, xrefs: 01966496

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 0-204845295
Opcode ID: 866c1c5f124ffdd723101ac3f099e0b253c422e4544f5f053418487608d23e28
Instruction ID: 45d59f31da694db7d32b304dff92dd97d5e136a204b00f6303ded3812230a909
Opcode Fuzzy Hash: 866c1c5f124ffdd723101ac3f099e0b253c422e4544f5f053418487608d23e28
Instruction Fuzzy Hash: A4518E712083059FD725DB28C851FAB77E8EBC4B48F00091DF99D9B1A1D630E905CBA3

Function 019AC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON

Download Yara Rule

Strings

LdrpInitializeProcess, xrefs: 019AC6C4
minkernel\ntdll\ldrinit.c, xrefs: 019AC6C3
Unable to build import redirection Table, Status = 0x%x, xrefs: 019E81E5
LdrpInitializeImportRedirection, xrefs: 019E8177, 019E81EB
Loading import redirection DLL: '%wZ', xrefs: 019E8170
minkernel\ntdll\ldrredirect.c, xrefs: 019E8181, 019E81F5

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
API String ID: 0-475462383
Opcode ID: 3872e8e8cfeaefdd154f720e2a1b4896df5392871aeac59af6962da457e928e9
Instruction ID: 0d088cc672dd943aa225aca2ba0cd3ea1b53f3f38e434dc8f47779279ff8df33
Opcode Fuzzy Hash: 3872e8e8cfeaefdd154f720e2a1b4896df5392871aeac59af6962da457e928e9
Instruction Fuzzy Hash: D43100B1644706AFD325EF68D94AE2AB7D4FFD0B50F04051CF94CAB291E620EC09C7A2

Function 019A2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON

Download Yara Rule

Strings

SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 019E2180
SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 019E21BF
SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 019E219F
RtlGetAssemblyStorageRoot, xrefs: 019E2160, 019E219A, 019E21BA
SXS: %s() passed the empty activation context, xrefs: 019E2165
SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 019E2178

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
API String ID: 0-861424205
Opcode ID: 27d3ce327e94cb270511dabedb8f1dca066708c59536f9912176799f1a5dbd4e
Instruction ID: 90d778c783571efc7c963a3c8080b347a1c199803f4ee8fb4e137723f80c421d
Opcode Fuzzy Hash: 27d3ce327e94cb270511dabedb8f1dca066708c59536f9912176799f1a5dbd4e
Instruction Fuzzy Hash: 5431C63AA41215BBE726DB99CC85F6A7BBCEB95A50F454059FB0C77240D270EB00C7E1

Function 01989950 Relevance: 6.7, Strings: 5, Instructions: 462COMMON

Download Yara Rule

Strings

, xrefs: 019899F1
Internal error check failed, xrefs: 019D76B2
Status != STATUS_SXS_SECTION_NOT_FOUND, xrefs: 019D76A3
minkernel\ntdll\sxsisol.cpp, xrefs: 019D76AD
, xrefs: 019899F9

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
API String ID: 0-3393094623
Opcode ID: f35f7cd062a4ba51dc08d4bef1645d42b126ecde64a74cdec1106c10106138df
Instruction ID: 301ddb8029805bf8027de0adf6c2e1f001347bee5fd4a603fda75c4560e07fc7
Opcode Fuzzy Hash: f35f7cd062a4ba51dc08d4bef1645d42b126ecde64a74cdec1106c10106138df
Instruction Fuzzy Hash: 42025A719083418FD721EF68C180B6BBBE9BFC9708F44891EE98D9B251E774D844CB92

Function 019B096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON

Download Yara Rule

APIs

Part of subcall function 019B2DF0: LdrInitializeThunk.NTDLL ref: 019B2DFA

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 019B0BA3
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 019B0BB6
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 019B0D60
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 019B0D74

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
String ID:
API String ID: 1404860816-0
Opcode ID: 9bd8b4a316f1076a6f62167b2ac797d455b95555c64c8eb799bdb81d622708cc
Instruction ID: 13385328a19d8eae8a87154f095668a50834e95546e6f594d3813c74c2244e9d
Opcode Fuzzy Hash: 9bd8b4a316f1076a6f62167b2ac797d455b95555c64c8eb799bdb81d622708cc
Instruction Fuzzy Hash: 75424971900715DFDB21CF68C984BEAB7F9BF44314F1445A9E98DAB242E770AA84CF60

Function 019F4F40 Relevance: 6.5, Strings: 5, Instructions: 246COMMON

Download Yara Rule

Strings

\microsoft.system.package.metadata\Application, xrefs: 019F5158
/, xrefs: 019F4F6D
.Local, xrefs: 019F5170
.DLL, xrefs: 019F50C7, 019F519C
\, xrefs: 019F4F66

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
API String ID: 0-2518169356
Opcode ID: 4c7f2cee89bb99aa8af521692fa54932ec0edc73303d4690b66b94bcca135362
Instruction ID: 93b9f42e5267f6cf81cbf2a8adf153ca07d85cc8f7887011210d7db230669a7b
Opcode Fuzzy Hash: 4c7f2cee89bb99aa8af521692fa54932ec0edc73303d4690b66b94bcca135362
Instruction Fuzzy Hash: C791C476E0061AEBDB21CF5CC880AAEB7B4FF49310F594169EA19E7350D735E901CB90

Function 019870C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON

Download Yara Rule

Strings

HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 01987C96, 01988696
HEAP: , xrefs: 01987C7C, 0198867F
HEAP[%wZ]: , xrefs: 01987C6D, 01988670

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
API String ID: 0-3178619729
Opcode ID: 70977e1f1b2aae77485a6a1b203608674d700651611e6b3e564e270bc0c984db
Instruction ID: bf1f177ef8f09f19821ecfe12c83cf3bec3181343de72e838e7a924e09085562
Opcode Fuzzy Hash: 70977e1f1b2aae77485a6a1b203608674d700651611e6b3e564e270bc0c984db
Instruction Fuzzy Hash: C713B070A00255DFDB29DF68C480BA9BBF5FF49304F2485A9D94DAB382D734A945CFA0

Function 0198A840 Relevance: 5.4, Strings: 4, Instructions: 358COMMON

Download Yara Rule

Strings

SsHd, xrefs: 0198A885
SXS: String hash collision chain offset at %p (= %ld) out of bounds, xrefs: 019D7D56
SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p, xrefs: 019D7D39
RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section., xrefs: 019D7D03

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.$SXS: String hash collision chain offset at %p (= %ld) out of bounds$SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p$SsHd
API String ID: 0-2905229100
Opcode ID: d6dc3502cd001d3a9c3f49cfa9ad921b75939414e9df7a49e234cd498224fbe0
Instruction ID: 37237ce70a5e53366be55946ceec001f71d370a4f0c9d3763837bd5ef543e616
Opcode Fuzzy Hash: d6dc3502cd001d3a9c3f49cfa9ad921b75939414e9df7a49e234cd498224fbe0
Instruction Fuzzy Hash: EED1B236A00215DFDF25DFA8C8C0AADBBB9FF48314F18805AE949AB351D3759841CB91

Function 01983D40 Relevance: 5.4, Strings: 3, Instructions: 1603COMMON

Download Yara Rule

Strings

HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 01984393, 019845CB, 0198486D
HEAP: , xrefs: 0198437C, 019845B4, 01984853
HEAP[%wZ]: , xrefs: 0198436D, 019845A5, 01984844

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
API String ID: 0-3178619729
Opcode ID: 7deb59ef4cbd0125bbbfcfce7f8925aafb724c77820f38570de912f51f45baaf
Instruction ID: 67b0a8447bdf9f4795c368b6caf1b70c42ea7df40b5c4226b42c9346eb309bbb
Opcode Fuzzy Hash: 7deb59ef4cbd0125bbbfcfce7f8925aafb724c77820f38570de912f51f45baaf
Instruction Fuzzy Hash: AFE2AF70A00216DFEB25DF68C490BADBBF5FF49704F1481A9E949AB386D734A845CF90

Function 0197A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON

Download Yara Rule

Strings

6, xrefs: 0197A3F7
8, xrefs: 0197A3E7
LdrResFallbackLangList Enter, xrefs: 0197A3EF
LdrResFallbackLangList Exit, xrefs: 0197A3FF

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
API String ID: 0-379654539
Opcode ID: c54777d3731d9b2de95749c2067eb96164877e5dfc59f8e93759d3425d6589e7
Instruction ID: 2e5ae22c950e37ea6d9ba06ae2db595c133c95d5894782dbb9d2ec2be5af4b81
Opcode Fuzzy Hash: c54777d3731d9b2de95749c2067eb96164877e5dfc59f8e93759d3425d6589e7
Instruction Fuzzy Hash: B2C1AD75608382CFD711CF68C144B6EB7E8FF84B04F08896AF9998B291E735DA45CB52

Function 019A8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON

Download Yara Rule

Strings

LdrpInitializeProcess, xrefs: 019A8422
minkernel\ntdll\ldrinit.c, xrefs: 019A8421
@, xrefs: 019A8591
\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 019A855E

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
API String ID: 0-1918872054
Opcode ID: 03d9d10ff3d3f61c745605790f969b4bde3386781570c910b3db47a8b212d923
Instruction ID: d90eb0210f0f8ac95ded9b06faf11a7e3c22b53898055498d155d2753889908d
Opcode Fuzzy Hash: 03d9d10ff3d3f61c745605790f969b4bde3386781570c910b3db47a8b212d923
Instruction Fuzzy Hash: 7B917171508345AFE722EF65CD84EABBAECFF84645F40092DFA8C92151D730D944CB52

Function 01980C00 Relevance: 5.3, Strings: 4, Instructions: 260COMMON

Download Yara Rule

Strings

ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 019D55AE
((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 019D54ED
HEAP: , xrefs: 019D54E0, 019D55A1
HEAP[%wZ]: , xrefs: 019D54D1, 019D5592

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
API String ID: 0-1657114761
Opcode ID: 4003569cd593f0c7324f910ef67b6c8ba4fa133c168beb8512fa0255f372f829
Instruction ID: df2484d9aa7b27ff7136f96c642b49131515d617ed1cdebe329e01db2fbe00c2
Opcode Fuzzy Hash: 4003569cd593f0c7324f910ef67b6c8ba4fa133c168beb8512fa0255f372f829
Instruction Fuzzy Hash: C0A1DF30A007469FE725EF28C441BBABBF5BF54304F18856DE49E8B682D734E849CB91

Function 019A273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON

Download Yara Rule

Strings

SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 019E22B6
RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 019E21D9, 019E22B1
.Local, xrefs: 019A28D8
SXS: %s() passed the empty activation context, xrefs: 019E21DE

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
API String ID: 0-1239276146
Opcode ID: eeb11bf3d66b6745be5e2fd8531ff5d70fead26f6b5708b3e9572767b6354a4e
Instruction ID: 5547090ffadc2d81307703d1e7fbc4e7a6f755c21d99cf352c3e58b1f0faf741
Opcode Fuzzy Hash: eeb11bf3d66b6745be5e2fd8531ff5d70fead26f6b5708b3e9572767b6354a4e
Instruction Fuzzy Hash: BEA1BE319002299BDB25CF68CC88BA9B7B8BF98714F6541E9D90CAB351D7309E84CFD0

Function 019A4AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON

Download Yara Rule

Strings

SXS: %s() called with invalid flags 0x%08lx, xrefs: 019E342A
SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 019E3437
RtlDeactivateActivationContext, xrefs: 019E3425, 019E3432, 019E3451
SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 019E3456

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
API String ID: 0-1245972979
Opcode ID: ff29f0c062539bdd0ccb77140a97fa2c7e23a19626ae1ebfb76d9d9e24c4c4c8
Instruction ID: 74276a33e80ccebeac55e10844f25bb3f01e5fcd6732cb28f16445a3636ef145
Opcode Fuzzy Hash: ff29f0c062539bdd0ccb77140a97fa2c7e23a19626ae1ebfb76d9d9e24c4c4c8
Instruction Fuzzy Hash: 12612E32600A029BD723CF1DC885F2AB7E9BF80B12F598529E85D9B241E770E904CBD1

Function 019764AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON

Download Yara Rule

Strings

ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 019D106B
ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 019D10AE
ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 019D1028
ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 019D0FE5

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
API String ID: 0-1468400865
Opcode ID: 71ca95352b9e63abd1238ffe18e0d20b2bcd327c5bc565ac99577b419190e45e
Instruction ID: 5b436718a4cca7bfaa0d4e9a7adfcc7b4ae8aa47a97be79581b2da9d808afbea
Opcode Fuzzy Hash: 71ca95352b9e63abd1238ffe18e0d20b2bcd327c5bc565ac99577b419190e45e
Instruction Fuzzy Hash: 5371ADB1904705AFEB21EF18C884F9B7FA8AF95764F400869F94C8B246D734D588DB92

Function 0199245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON

Download Yara Rule

Strings

minkernel\ntdll\ldrinit.c, xrefs: 019DA9A2
Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 019DA992
apphelp.dll, xrefs: 01992462
LdrpDynamicShimModule, xrefs: 019DA998

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 0-176724104
Opcode ID: 58d146396bcfdac1e426ddc834730a824be43b7c387b5e50ffb873082a4d45cb
Instruction ID: 33962068316c7d17512c88473021625cdde455d80f762a10d35166a3e0bf3157
Opcode Fuzzy Hash: 58d146396bcfdac1e426ddc834730a824be43b7c387b5e50ffb873082a4d45cb
Instruction Fuzzy Hash: C03148B9A00202FBDB32DF6DC881EAA77B9FF84B00F154059E90D67265C7B09952C780

Function 019829A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON

Download Yara Rule

Strings

Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0198327D
HEAP: , xrefs: 01983264
HEAP[%wZ]: , xrefs: 01983255

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
API String ID: 0-617086771
Opcode ID: 3a3a01a553c56ac2a177752b48a392d98c1e482744209db32a83c379817cc4e9
Instruction ID: 611987ca8d914694a35090f0a34e0bf41ec855a8061a790ccdd6e486beb1bb2b
Opcode Fuzzy Hash: 3a3a01a553c56ac2a177752b48a392d98c1e482744209db32a83c379817cc4e9
Instruction Fuzzy Hash: E392DD71A042499FDB25DF68C440BAEBBF5FF48704F18849AE849AB392D735EA41CF50

Function 01A002C0 Relevance: 4.4, Strings: 3, Instructions: 611COMMON

Download Yara Rule

Strings

"""", xrefs: 01A004D0
MitigationAuditOptions, xrefs: 01A0032D
MitigationOptions, xrefs: 01A00326

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: """"$MitigationAuditOptions$MitigationOptions
API String ID: 0-1670051934
Opcode ID: 5491b633d9a5f8b35fedb5f2337c2eaa6c9e864f1362a834bb047021ae176332
Instruction ID: 4b0b8b5c404b907eca654614b4072fe01afde568c9d1e91eb47c1d3a80358808
Opcode Fuzzy Hash: 5491b633d9a5f8b35fedb5f2337c2eaa6c9e864f1362a834bb047021ae176332
Instruction Fuzzy Hash: 27227F72A047028FD726CF2DDA91726BBE2BBC4390F19892EF1DA87690D771E544CB41

Function 01980770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON

Download Yara Rule

Strings

(UCRBlock->Size >= *Size), xrefs: 019D50CA
HEAP[%wZ]: , xrefs: 019D50AE
HEAP: , xrefs: 019D50BD

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
API String ID: 0-4253913091
Opcode ID: 45a2bfe30c98458c37c34f1c46e6e5e305a421b65c618272a44e0709fa023082
Instruction ID: 6b097c4c6e7d563d874822352f09e235ca778decea8d093485136618bbdb6b7b
Opcode Fuzzy Hash: 45a2bfe30c98458c37c34f1c46e6e5e305a421b65c618272a44e0709fa023082
Instruction Fuzzy Hash: 3DF1CC30A00606DFEB25DF68C984F6ABBB9FF44304F188568F51A9B391D734E985CB91

Function 01971460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON

Download Yara Rule

Strings

HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 01971728
HEAP: , xrefs: 01971596
HEAP[%wZ]: , xrefs: 01971712

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
API String ID: 0-3178619729
Opcode ID: 6ebaf5b5220e4376ce00d214a6e5b75f9983a1d042f7997388006251c011fc04
Instruction ID: 7aeb99f480a2fb227e160f0f324347dccb83198860389efe942ac4071668e512
Opcode Fuzzy Hash: 6ebaf5b5220e4376ce00d214a6e5b75f9983a1d042f7997388006251c011fc04
Instruction Fuzzy Hash: C6E1D230A046459FDB29CF2CC491B7ABBFAAF48704F18886DE5DACB246D734E944CB50

Function 01996962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON

Download Yara Rule

Strings

@, xrefs: 01996C24
, xrefs: 019DCA51

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: $@
API String ID: 0-1077428164
Opcode ID: e06bbc51a84e1e288f5571743041577dcf8e767c2fcf5a7feee6594fc8d663cd
Instruction ID: b525b514833460505cc1cc14110281df0c349a0cb0590e0374b8523e5edf4378
Opcode Fuzzy Hash: e06bbc51a84e1e288f5571743041577dcf8e767c2fcf5a7feee6594fc8d663cd
Instruction Fuzzy Hash: C9C280716183419FDB29CF69C881BABBBE9AFC8754F04892DE98DC7241DB34D844CB52

Function 0196A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON

Download Yara Rule

Strings

FilterFullPath, xrefs: 019CC2E6
\??\, xrefs: 019CC1E4
UseFilter, xrefs: 0196A1C1

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: FilterFullPath$UseFilter$\??\
API String ID: 0-2779062949
Opcode ID: f04e69017b8b4f3d2133bd4f706c079e1e0b176790b1a1cfee6d456b3fe3cee8
Instruction ID: 9dfb2c9f9326f54b058330649d4d5995317bf8893d913f32f5837673b74813e7
Opcode Fuzzy Hash: f04e69017b8b4f3d2133bd4f706c079e1e0b176790b1a1cfee6d456b3fe3cee8
Instruction Fuzzy Hash: C3A14B719116299BDB31DB68CC88BEABBB8EF44B10F1041E9E90DA7250D735AE84CF51

Function 01990BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON

Download Yara Rule

Strings

minkernel\ntdll\ldrinit.c, xrefs: 019DA121
Failed to allocated memory for shimmed module list, xrefs: 019DA10F
LdrpCheckModule, xrefs: 019DA117

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
API String ID: 0-161242083
Opcode ID: 03e7471cafe661730955ee57b8df1f6c3afd02d7d0b0cfb51e306b10e6d488d0
Instruction ID: ccfd4aa269a543fba2f1f48296098bb8192040b08d2ccdb14887737a32b61320
Opcode Fuzzy Hash: 03e7471cafe661730955ee57b8df1f6c3afd02d7d0b0cfb51e306b10e6d488d0
Instruction Fuzzy Hash: 5D71A175E00205DFDF25DF6DC981AAEB7F8FF88604F18842DE51AA7251E734A942CB50

Function 01980A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON

Download Yara Rule

Strings

((PHEAP_ENTRY)LastKnownEntry <= Entry), xrefs: 019D534D
HEAP: , xrefs: 019D5342
HEAP[%wZ]: , xrefs: 019D5335

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
API String ID: 0-1334570610
Opcode ID: 1e045a011e93609a7a5d4b5dcab66d83e791dca4c10328c99edfb8f68d906935
Instruction ID: fd2f177b95147976101acb446d17e6423bd68aec3696c89c894841204364e658
Opcode Fuzzy Hash: 1e045a011e93609a7a5d4b5dcab66d83e791dca4c10328c99edfb8f68d906935
Instruction Fuzzy Hash: 1F61BC31600302DFEB29DF28C584B6AFBE5FF44304F19856AE45D8B296D770E885CB91

Function 01A1DAAC Relevance: 3.9, Strings: 3, Instructions: 163COMMON

Download Yara Rule

Strings

Heap block at %p modified at %p past requested size of %Ix, xrefs: 01A1DC32
HEAP: , xrefs: 01A1DC1F
HEAP[%wZ]: , xrefs: 01A1DC12

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
API String ID: 0-3815128232
Opcode ID: e94b862cf0ce32b1870e1eca90404119a978bc6521acd1db003e794c9f6b7763
Instruction ID: 51a7d796ddc0166fa1000dd6ba94eff676a2a59c91cc2b7fbf5d81f2be76d4fa
Opcode Fuzzy Hash: e94b862cf0ce32b1870e1eca90404119a978bc6521acd1db003e794c9f6b7763
Instruction Fuzzy Hash: 525105362086108AE364CBADC44C77277F5FB45645F18885AE5C7CB289D26AE842DB61

Function 019AC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON

Download Yara Rule

Strings

minkernel\ntdll\ldrinit.c, xrefs: 019E82E8
Failed to reallocate the system dirs string !, xrefs: 019E82D7
LdrpInitializePerUserWindowsDirectory, xrefs: 019E82DE

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
API String ID: 0-1783798831
Opcode ID: 68a6406d47a5f52dc5b4d4071251fdcd1efd61a3ca02305d4b036c8371a5d98d
Instruction ID: d2a72b31387b1c29ca288fbcf7c4775fd06bcae9ea005d248f74303094df348d
Opcode Fuzzy Hash: 68a6406d47a5f52dc5b4d4071251fdcd1efd61a3ca02305d4b036c8371a5d98d
Instruction Fuzzy Hash: 6341F0B9544301ABCB21EB68D944B5B7BE8BF84A50F00482AF95DE7261EB70D805CBA1

Function 01A2C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON

Download Yara Rule

Strings

PreferredUILanguages, xrefs: 01A2C212
\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 01A2C1C5
@, xrefs: 01A2C1F1

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
API String ID: 0-2968386058
Opcode ID: 1234aae01d7ba1271662e449d9234c269231abedf143f57a4d94c935784f8668
Instruction ID: cf54afb2977f3e35c50b727d9fa7208c499722842cd3c2704f2c0f82c8900129
Opcode Fuzzy Hash: 1234aae01d7ba1271662e449d9234c269231abedf143f57a4d94c935784f8668
Instruction Fuzzy Hash: 8D416271E00219EBEF11EBDCC881FEEBBBDAB55710F14406AEA09B7244DB749A448B50

Function 01A04144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON

Download Yara Rule

Strings

@, xrefs: 01A04225
LdrpResValidateFilePath Exit, xrefs: 01A04172
LdrpResValidateFilePath Enter, xrefs: 01A04160

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
API String ID: 0-1373925480
Opcode ID: 3ba6158d48987ecd41c69d7d0ee7d2ccf6d85070afb24c20e3225da31eb16f1e
Instruction ID: 210f574a50ed42a2324249fd816473ef0d28b98e51e60f277cf400ee76d4277b
Opcode Fuzzy Hash: 3ba6158d48987ecd41c69d7d0ee7d2ccf6d85070afb24c20e3225da31eb16f1e
Instruction Fuzzy Hash: 3C412432A047498BEB27DBE9E840BADBBB4FF99740F18045ADA05EB7D1D7349901CB11

Function 019F4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON

Download Yara Rule

Strings

minkernel\ntdll\ldrredirect.c, xrefs: 019F4899
LdrpCheckRedirection, xrefs: 019F488F
Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 019F4888

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
API String ID: 0-3154609507
Opcode ID: fbebadfa3e8e71cde4c8b1224297eab98e11ff0f40974b41af7ee993c9e516fd
Instruction ID: 967dd8914ace841bb444970f4d176d1723bcbc2235193c152219c1ad3fcb4267
Opcode Fuzzy Hash: fbebadfa3e8e71cde4c8b1224297eab98e11ff0f40974b41af7ee993c9e516fd
Instruction Fuzzy Hash: 4941AE32A04651AFCB21CE69D840E27BBE8AF89A51F15066DEE4C97325D730E800CBD2

Function 01980BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON

Download Yara Rule

Strings

(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size), xrefs: 019D5449
HEAP: , xrefs: 019D543E
HEAP[%wZ]: , xrefs: 019D5431

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
API String ID: 0-2558761708
Opcode ID: a4f3fe7cbc1926f9df0ddb847de6dd23f5070771b5ff8ecf3eceb5a6bbe6fae7
Instruction ID: dfa72218dee9afa78eb7fe53ab097f79cae59d5e539e25f1f1beebaed97fc3f8
Opcode Fuzzy Hash: a4f3fe7cbc1926f9df0ddb847de6dd23f5070771b5ff8ecf3eceb5a6bbe6fae7
Instruction Fuzzy Hash: EB11B4323551429FFB69DA18C441F76B7A9EF80B2AF198529F40ECB251D730D845C751

Function 019F20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON

Download Yara Rule

Strings

minkernel\ntdll\ldrinit.c, xrefs: 019F2104
Process initialization failed with status 0x%08lx, xrefs: 019F20F3
LdrpInitializationFailure, xrefs: 019F20FA

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
API String ID: 0-2986994758
Opcode ID: d3019f413b3a05bd5e774ec1854f512384bd24c1321b749d5b2a3e1fd0a03cb0
Instruction ID: 03f44aed499acd4c22e03e804a9711e0e1e6891c726de3154cd659a461b2d267
Opcode Fuzzy Hash: d3019f413b3a05bd5e774ec1854f512384bd24c1321b749d5b2a3e1fd0a03cb0
Instruction Fuzzy Hash: 28F0AFB9B40308BBEB24E74CDC56FA937ACFB80A54F10006DFB0877281D2A0A901C795

Function 019803E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 019D4D8A

Strings

#%u, xrefs: 019D4D82

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID: ___swprintf_l
String ID: #%u
API String ID: 48624451-232158463
Opcode ID: c3c6f3d235ba11f605e606c34d6e6b969cd2871ddcf6ca5da4a95950314c2a22
Instruction ID: f18313516b3f6c576cf4611c505a94c47ed09ffea1c4b826e897b5ade3e110cb
Opcode Fuzzy Hash: c3c6f3d235ba11f605e606c34d6e6b969cd2871ddcf6ca5da4a95950314c2a22
Instruction Fuzzy Hash: 83714B71A0114A9FDB01DFA8C994FAEB7F8BF58704F154065E909E7251EB34EE05CB60

Function 019852A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON

Download Yara Rule

Strings

@, xrefs: 01985445
@, xrefs: 019855A3

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: @$@
API String ID: 0-149943524
Opcode ID: 38e3453e730210e4d4f8a6b214bfec61d90eee820804603f4989afed7971719b
Instruction ID: 98cbed3c33deec7100f5ac81f988a2049ec70957e2574bd6f31948e97f8b4db4
Opcode Fuzzy Hash: 38e3453e730210e4d4f8a6b214bfec61d90eee820804603f4989afed7971719b
Instruction Fuzzy Hash: 2732A1745083128FE724EF19C480B7EBBE5EF84745F16891EFA8A97290E734D948CB52

Function 0197A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON

Download Yara Rule

Strings

LdrResSearchResource Exit, xrefs: 0197AA25
LdrResSearchResource Enter, xrefs: 0197AA13

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
API String ID: 0-4066393604
Opcode ID: 270d7a6a1139dfcfe98ba88dd0b716cffc0adeba806a1ef7b00baf74d571b88a
Instruction ID: c9dd407ad181b7d7de3e1b653a3d12b314eb3fc78d5a0582eec96f7fa56ee78a
Opcode Fuzzy Hash: 270d7a6a1139dfcfe98ba88dd0b716cffc0adeba806a1ef7b00baf74d571b88a
Instruction Fuzzy Hash: 7EE19171E04209AFEF26DF9DC980BAEBBBABF58711F184825E909E7241D734D940CB51

Function 01972FC8 Relevance: 2.9, Strings: 2, Instructions: 410COMMON

Download Yara Rule

Strings

@4Qw@4Qw, xrefs: 019733AD, 019733B3, 019733E2
PATH, xrefs: 019730D6, 01973124

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: @4Qw@4Qw$PATH
API String ID: 0-1814558670
Opcode ID: 21c6703ecfb20c1a0c5f11aacf53b52dc51a90ed3c45b9e94d636c4204f0a50c
Instruction ID: 049182b7f55113bbade305142cb61de234568beb3e35658782fa5f883f8a17f1
Opcode Fuzzy Hash: 21c6703ecfb20c1a0c5f11aacf53b52dc51a90ed3c45b9e94d636c4204f0a50c
Instruction Fuzzy Hash: CCF1C375E00219EBDB25CFADE981ABEBBB5FF88700F454029E549AB350D7309E41DB90

Function 01A3A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON

Download Yara Rule

Strings

`, xrefs: 01A3A44B
`, xrefs: 01A3A551

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: `$`
API String ID: 0-197956300
Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
Instruction ID: bc87bd3531ee98f3e8f31ac9278dee78fca634e58b7d8ac876f6d8b292dc1918
Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
Instruction Fuzzy Hash: E6C1DF312043529BEB25CF28C941B6BBBE5AFD4318F084A2DF6DACB291D779D505CB81

Function 01970CF2 Relevance: 2.8, Strings: 2, Instructions: 317COMMON

Download Yara Rule

Strings

ResIdCount less than 2., xrefs: 019CEEC9
Failed to retrieve service checksum., xrefs: 019CEE56

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: Failed to retrieve service checksum.$ResIdCount less than 2.
API String ID: 0-863616075
Opcode ID: f2fa18ee01e82353d68a44843cb7dc42a7bbb46a8b0669d936049aea0036d9c3
Instruction ID: 39918f927ee23fbfc5a053e6ae63149fd407d72a4d47fdfd44547a4581a56bf6
Opcode Fuzzy Hash: f2fa18ee01e82353d68a44843cb7dc42a7bbb46a8b0669d936049aea0036d9c3
Instruction Fuzzy Hash: EBE1F0B19083849FE324CF15C440BABBBE4BF88715F408A2EE5DD9B281D7719909CF56

Function 019EE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON

Download Yara Rule

Strings

UEFI, xrefs: 019EE751
Legacy, xrefs: 019EE75A

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID: InitializeThunk
String ID: Legacy$UEFI
API String ID: 2994545307-634100481
Opcode ID: 31ab295e1a5f5003f3cd9665fadd692273ded306342e56de0e69d5e8ec7981eb
Instruction ID: 20dd5042ab01dda4e6e803091452c92ee08eb7a0588e656ee2ba4adae173ba6d
Opcode Fuzzy Hash: 31ab295e1a5f5003f3cd9665fadd692273ded306342e56de0e69d5e8ec7981eb
Instruction Fuzzy Hash: 46615B71E402099FDB16DFA8C984BAEBBF9FB48700F14446DE64DEB291D731A900CB51

Function 01A143D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON

Download Yara Rule

Strings

MUI, xrefs: 01A14525
@, xrefs: 01A14437

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: @$MUI
API String ID: 0-17815947
Opcode ID: 37eff93a02f90d13766b5426509098a3afc1b4086dacb7ec886606a25c9d7897
Instruction ID: 5570fcaef6059eb7197c39036a1ea1eb0456c7e407c88df1b6804eaac01e698b
Opcode Fuzzy Hash: 37eff93a02f90d13766b5426509098a3afc1b4086dacb7ec886606a25c9d7897
Instruction Fuzzy Hash: 51510971E0021DAFEF11DFA9CD80EEEBBB9EB48754F100529E615A7294D7309D05CB60

Function 019704E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON

Download Yara Rule

Strings

kLsE, xrefs: 01970540
TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0197063D

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
API String ID: 0-2547482624
Opcode ID: f9f367029756d774b357c628f685a1245aea82d55ec8d0e356e0dc73463f0f3e
Instruction ID: 5081c519bd0df4e1c9e1f7862d7ea0119731a89bcd8f5c62fc8fb9d9b5deab2c
Opcode Fuzzy Hash: f9f367029756d774b357c628f685a1245aea82d55ec8d0e356e0dc73463f0f3e
Instruction Fuzzy Hash: C151CE715007428FD724DF69C5806A7BBE8AF86305F18493EFA9E87241E770E545CB92

Function 0197A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON

Download Yara Rule

Strings

RtlpResUltimateFallbackInfo Exit, xrefs: 0197A309
RtlpResUltimateFallbackInfo Enter, xrefs: 0197A2FB

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
API String ID: 0-2876891731
Opcode ID: 6cf929c4a22a6e833a4c1c486600d358e325e5f5758d3649e9198390c2286cad
Instruction ID: c3330b06e4c2201ffdaede6822a1733d7df5617163f1434da29070c40906e946
Opcode Fuzzy Hash: 6cf929c4a22a6e833a4c1c486600d358e325e5f5758d3649e9198390c2286cad
Instruction Fuzzy Hash: 9E41D131A04649DFEB15DF59C840F6EBBB8FF85701F1884A9E918DB291E3B9DA00CB50

Function 019AA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON

Download Yara Rule

Strings

Cleanup Group, xrefs: 019AA5E4
Threadpool!, xrefs: 019AA5E9

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID: InitializeThunk
String ID: Cleanup Group$Threadpool!
API String ID: 2994545307-4008356553
Opcode ID: 0721d9f0d90fea23e5d475a59cb6e89e45911e17a3b25a3c58c55171ad4be0dc
Instruction ID: d3940c9fd3f5ce4d2293e08a9c1937a37baa251a425959b18169fbd30b91cd09
Opcode Fuzzy Hash: 0721d9f0d90fea23e5d475a59cb6e89e45911e17a3b25a3c58c55171ad4be0dc
Instruction Fuzzy Hash: 5701D1B6240704AFE311DF14CE45F1677E8E794B15F018939A64CC71A0E374E808CB86

Function 0197C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON

Download Yara Rule

Strings

MUI, xrefs: 0197C8C3, 0197CA40

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: MUI
API String ID: 0-1339004836
Opcode ID: e6af9a23739f4af6f5efd3925e9f59b629b89d5a35c8ff3a2e755bd5c19d36a8
Instruction ID: d5e49604d1e2cfc91a6c05ec47285220cd58221af9a0dbb1683751d575d7feeb
Opcode Fuzzy Hash: e6af9a23739f4af6f5efd3925e9f59b629b89d5a35c8ff3a2e755bd5c19d36a8
Instruction Fuzzy Hash: 65825B75E002199FEB25CFA9C880BEDBBB5BF48710F148169E95DAB391D730AD81CB50

Function 019C2F28 Relevance: 2.0, Strings: 1, Instructions: 762COMMON

Download Yara Rule

Strings

P`?wRb?w, xrefs: 019C300D, 019C33E4, 019C343B, 019C34FE, 019C352E

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: P`?wRb?w
API String ID: 0-3112501033
Opcode ID: 6d295dfd82e5046a6df42d15302b5f1d4b1ecdfb90b959f5340d49a3ca02a04b
Instruction ID: 2fe84b0344f34dd44b338850063716e7b5b38163ff6b3b7e352fe831512942c0
Opcode Fuzzy Hash: 6d295dfd82e5046a6df42d15302b5f1d4b1ecdfb90b959f5340d49a3ca02a04b
Instruction Fuzzy Hash: A2421472D0424AAEEF29DB6CD8446BDBBB9BF05B11F14C01EE5CDA7281D6318B41CB52

Function 01A1CD1F Relevance: 1.9, Strings: 1, Instructions: 620COMMON

Download Yara Rule

Strings

@, xrefs: 01A1CDAC

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
Instruction ID: ac15e0903583b11c922a24b2af2d8ca389efcb93c07aa1a766287f49bf13e359
Opcode Fuzzy Hash: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
Instruction Fuzzy Hash: AC621870D012188FCB98DFAAC4D4AADB7B2FF8C311F648199E9816B745C7356A16CF60

Function 01992E90 Relevance: 1.7, Strings: 1, Instructions: 438COMMON

Download Yara Rule

Strings

0, xrefs: 01993240

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 52fe6d262bfe81d3ad049a05723f1355d2fc85babd49ca2546fa6b6d1a79e3d4
Instruction ID: 3dfe4878562a18f1018209a5dfbdf4965014357e34620167244cd3509431a852
Opcode Fuzzy Hash: 52fe6d262bfe81d3ad049a05723f1355d2fc85babd49ca2546fa6b6d1a79e3d4
Instruction Fuzzy Hash: 64F1AC716083469FDF26CF2CC480A6ABBE5BFC8714F05886DE99E87251CB34DA45CB52

Function 019FEFA0 Relevance: 1.6, APIs: 1, Instructions: 121COMMON

Download Yara Rule

APIs

__aullrem.LIBCMT ref: 019FF05B

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID: __aullrem
String ID:
API String ID: 3758378126-0
Opcode ID: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
Instruction ID: b57101837ac9cbfc8619562b32f710518d191af303cc25c475ae10afb377164a
Opcode Fuzzy Hash: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
Instruction Fuzzy Hash: CA418272F1011AABDF18DFBCC8805AEF7F6FF88310B188639D619E7680D674A9508790

Function 01A21AA3 Relevance: 1.6, Strings: 1, Instructions: 370COMMON

Download Yara Rule

Strings

., xrefs: 01A21C01

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: .
API String ID: 0-248832578
Opcode ID: 8d241d864743fa1603848fed790297e3be58d1a3f4ea284c9bc211da76ff5a10
Instruction ID: 0c22e5d0c0d36d8cd744b25ff047b93a824dbe9fa4ffa85ef346cd30bc9ece70
Opcode Fuzzy Hash: 8d241d864743fa1603848fed790297e3be58d1a3f4ea284c9bc211da76ff5a10
Instruction Fuzzy Hash: 71E18CB5D002698BDF21DFADC880ABDBBF1FF44710F54815AE885AB291E7749D82CB50

Function 01970100 Relevance: 1.6, Strings: 1, Instructions: 321COMMON

Download Yara Rule

Strings

, xrefs: 01970255

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: b5bab6053521af86d3cd893bd562262aa7892991d6aeba517b9119ce8199a6de
Instruction ID: 66a9932d589bba29052d1ce0df055de73b45674d948e45fdfc889c11ffa27baf
Opcode Fuzzy Hash: b5bab6053521af86d3cd893bd562262aa7892991d6aeba517b9119ce8199a6de
Instruction Fuzzy Hash: C8A13C31A042696BDF25CA29C840BFE6FAD5F97B05F0C449DFE8FA7281D67489408B61

Function 01A24420 Relevance: 1.6, Strings: 1, Instructions: 307COMMON

Download Yara Rule

Strings

, xrefs: 01A24606

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 5da964dd94e722dbf1f605aa3a0415c905de8f390f51f759bb8d6d4d513e43b2
Instruction ID: b6c9699b94bb3b09cdef5614f3b62e1942141b8194cf54ae2910dcf83b3540dd
Opcode Fuzzy Hash: 5da964dd94e722dbf1f605aa3a0415c905de8f390f51f759bb8d6d4d513e43b2
Instruction Fuzzy Hash: E4A11434604378AADF35CB6CCC40BFA6BA49F9E714F080498EE9A6B281D775C944CB60

Function 019F6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON

Download Yara Rule

Strings

, xrefs: 019F65C1

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 55e629fae65846bb992a76a0b8764aebd1aea61085973dd3dd5222385e7ddf54
Instruction ID: 938ce05b29c4871256aa5be8295eda651df34713cc816a1d66f4cac064bc17bf
Opcode Fuzzy Hash: 55e629fae65846bb992a76a0b8764aebd1aea61085973dd3dd5222385e7ddf54
Instruction Fuzzy Hash: 35917271A00219BFEB21DF99CD85FAE7BB8EF58B50F100059F704BB191D675A900CBA0

Function 01A1E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON

Download Yara Rule

Strings

, xrefs: 01A1E1FA

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: bb5bf2d5362b936487f61c17bc3156cae9c10d63ca18f29083c98bafd57b82b9
Instruction ID: c55994676eadc5b234f090518a7dcfc1d73f89b02bacc73c20f7aa70fe14ba13
Opcode Fuzzy Hash: bb5bf2d5362b936487f61c17bc3156cae9c10d63ca18f29083c98bafd57b82b9
Instruction Fuzzy Hash: 7791AA72A00649BEDF27ABA4DC94FEFBBB9EF95740F040029F905A7254DB749901CB90

Function 019AA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON

Download Yara Rule

Strings

GlobalTags, xrefs: 019E67C9

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: GlobalTags
API String ID: 0-1106856819
Opcode ID: 3d6c2e114dd37512466d391367c0ee5738c47e9f656a501dcdfc30852c07ae09
Instruction ID: d1016ebf0f8016ac1bc07ee780dd9624050d4cca48760dfe54d1002d5478c533
Opcode Fuzzy Hash: 3d6c2e114dd37512466d391367c0ee5738c47e9f656a501dcdfc30852c07ae09
Instruction Fuzzy Hash: DD718EB5E0030A8FDF2ACF9DC594AADBBF5BFA8701F14812EE509A7241E7319941CB50

Function 01A14978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON

Download Yara Rule

Strings

.mui, xrefs: 01A14A7F

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: .mui
API String ID: 0-1199573805
Opcode ID: 28412db947785940e90ae8a5deec33b6954fe174ef4024238e013e30b0ac501e
Instruction ID: 3bc7e2fc29cf66c626a56e22c38795f898b4a5cdc5bd8b2c3803b792041b2f6f
Opcode Fuzzy Hash: 28412db947785940e90ae8a5deec33b6954fe174ef4024238e013e30b0ac501e
Instruction Fuzzy Hash: BF519472D0022A9BDF10DF9DD840AAEBBB5BF58B50F0A4129EA15BB254D7349D01CFE4

Function 0198E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON

Download Yara Rule

Strings

EXT-, xrefs: 0198E6A4

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: EXT-
API String ID: 0-1948896318
Opcode ID: 308d85b1bdf124732e323c665a15e10b870ae36f9f29a6354c03607f62288d6d
Instruction ID: 9ff047177b992a97a40bd58f2b2ddab6032fbc95b983d55ecd9af41859929bdb
Opcode Fuzzy Hash: 308d85b1bdf124732e323c665a15e10b870ae36f9f29a6354c03607f62288d6d
Instruction Fuzzy Hash: 80418072508312ABD711FA79C950F6BB7ECAFC8B14F04092DF99DE7180E674D90487A6

Function 019EC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

BinaryHash, xrefs: 019EC77F

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: BinaryHash
API String ID: 0-2202222882
Opcode ID: a2198a7e9330d0d12b49b327ab97fac26d89e07f7485260a06396b40f16ea63b
Instruction ID: 2ef6156eed7cecad559c339e04927cab65ff2ea226e3fac788bf5d07e2fe82a0
Opcode Fuzzy Hash: a2198a7e9330d0d12b49b327ab97fac26d89e07f7485260a06396b40f16ea63b
Instruction Fuzzy Hash: E24133B1D0022DABDB21DB54CD84FDEB7BCAB45714F0045A5EB4CAB140DB709E898FA5

Function 01A06B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON

Download Yara Rule

Strings

#, xrefs: 01A06B91

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: e5661b6f742b7a5155b257c810409d8a65b98f0c0a25b6d0ace64fee6e650849
Instruction ID: c400d9576cab5d7ee9ea829790bd59675aae566de0b407dc1fcab2ace904dc75
Opcode Fuzzy Hash: e5661b6f742b7a5155b257c810409d8a65b98f0c0a25b6d0ace64fee6e650849
Instruction Fuzzy Hash: 0E311431E007199AEB23DB69D850BFE7BB8DF45708F144028E949AB2C2CB75E855CB90

Function 019ECA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON

Download Yara Rule

Strings

BinaryName, xrefs: 019ECAA2

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: BinaryName
API String ID: 0-215506332
Opcode ID: afa42af23f57c916bbae20acfec98cf8610db7c761b80a2ed026ce1f01968c40
Instruction ID: 018a7c34d84df5601477834c89774330031fb4a013a8185d15b7e002ba8d6f6b
Opcode Fuzzy Hash: afa42af23f57c916bbae20acfec98cf8610db7c761b80a2ed026ce1f01968c40
Instruction Fuzzy Hash: 64310536D00519AFEF16DB59C849EAFBBB8EB80710F054529A919AB250D730EE04D7E0

Function 019F892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON

Download Yara Rule

Strings

AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 019F895E

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
API String ID: 0-702105204
Opcode ID: 7e7a955092dc5af698e002d3ef9d274e8b0b3cfb6eb4363833b9f44f37db0d12
Instruction ID: 03d0dabb18b7f1025d7e466c5059d24b098e5eee32b230bd8a26b5a0772903c4
Opcode Fuzzy Hash: 7e7a955092dc5af698e002d3ef9d274e8b0b3cfb6eb4363833b9f44f37db0d12
Instruction Fuzzy Hash: 6B01F236700201BFE760AA69CC84E6A7B6DEFD26A8F04142CF74916161CB30A8C1C792

Function 019AE8F0 Relevance: 1.0, Instructions: 985COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 605a66e78eb55ba5e9b0a28f889825d32f2df8a9b132027f6333ad7db07e3e0d
Instruction ID: 80ba43d2edcf2f3ab8dda8c027f9c72877fef42819c97ad72a8a784435726e65
Opcode Fuzzy Hash: 605a66e78eb55ba5e9b0a28f889825d32f2df8a9b132027f6333ad7db07e3e0d
Instruction Fuzzy Hash: 37824476F102188FCB58CFADD8916DDB7F2EF88314B19802DE41AEB345DA34AC568B45

Function 019B516C Relevance: .8, Instructions: 785COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f5a34f4e913328e9abda7922a29f34869dfd70cda64ee27c0bed3a80e72b375
Instruction ID: 06a6245a5f1f58afefd7027e2093e3d599a2405aece8ec5dc6f8d0deec61626e
Opcode Fuzzy Hash: 2f5a34f4e913328e9abda7922a29f34869dfd70cda64ee27c0bed3a80e72b375
Instruction Fuzzy Hash: 3B62CF3290865AEFEF25CF08D6D04EEBB62BE45315B4AC65CC89E67604D371BA44CBD0

Function 01A12000 Relevance: .8, Instructions: 757COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea0e75dbe5c7bba77a9a570c8c3cd6ba6c324175ab82255f32bfa9bbb4983733
Instruction ID: c0a21554f748fb29fb3c76b14db36f8595297e5c836e465ffd2d36f4eb02f0e7
Opcode Fuzzy Hash: ea0e75dbe5c7bba77a9a570c8c3cd6ba6c324175ab82255f32bfa9bbb4983733
Instruction Fuzzy Hash: 3742C2356083419BE726CF68C890B6FBBE5BFC8340F28092EFA8697254D771D945CB52

Function 019C739A Relevance: .7, Instructions: 705COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22a5f2e37ff38ee4eac8e303fb634f94de92b33422057e5fbcd713d94db98d9e
Instruction ID: aa4f800a25dac4c7c1b9119930fd4f7f308dee4e6b9545d56538e0ae5fbbee52
Opcode Fuzzy Hash: 22a5f2e37ff38ee4eac8e303fb634f94de92b33422057e5fbcd713d94db98d9e
Instruction Fuzzy Hash: FD42CF71A006168FDB19CF9DC480ABEBBB6FF88B10B14855DD59AAB341D730E942CF91

Function 019C5AA0 Relevance: .7, Instructions: 652COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
Instruction ID: eb35deafee5a148e98e8bfd7d17763f272ec6adeb0cd97324e3dbf259a8d3c2a
Opcode Fuzzy Hash: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
Instruction Fuzzy Hash: 89128273B716180BC344CD7DCC852C27293ABD452875FCA3CAD68CB706F66AED1A6684

Function 0199B2C0 Relevance: .6, Instructions: 629COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7873559e88678b75be3ac447b4a50efd459c702d39d9343260de32e74a3d3c73
Instruction ID: d73621c1353f5af02a146de9980fc77bec98a8b08e0b70063ecb6b7e093cace3
Opcode Fuzzy Hash: 7873559e88678b75be3ac447b4a50efd459c702d39d9343260de32e74a3d3c73
Instruction Fuzzy Hash: 1E32A176E00219DBDF14DF9CD890BAEBBB5FF94714F180029E90AAB391E7359901CB90

Function 01A08158 Relevance: .6, Instructions: 617COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f78ccf9cc382152a583ca16c59b419db20d8a143cdefb36cee77dea260f3e25
Instruction ID: b26e19173f8d196aa17a16185f4f53818fc9ae2b22fa0d0f63bce7bb189b9096
Opcode Fuzzy Hash: 2f78ccf9cc382152a583ca16c59b419db20d8a143cdefb36cee77dea260f3e25
Instruction Fuzzy Hash: 1A426075E002198FEB25CF69C841BADBBF5BF88300F158099E94DEB282D7389985CF54

Function 01982840 Relevance: .6, Instructions: 605COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dc837ccd098f342b72db05030320852290e41db25c0bd130c29609b9e12104d
Instruction ID: 8bacf04bccf57ceef86bbde5ed5762519a9d19c5801afc6be3e8b0d05e1e50eb
Opcode Fuzzy Hash: 6dc837ccd098f342b72db05030320852290e41db25c0bd130c29609b9e12104d
Instruction Fuzzy Hash: 7A32FF70A007598FEB25CF69C944BBEBBF6BF84704F24851DE48E9B285D735A842CB50

Function 01A1A118 Relevance: .6, Instructions: 591COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ebdf0025aca7c74fa7b3a9b764f1de524ca1aadb41e4b649899e529f20ccc72
Instruction ID: 90627bf3a67d40b6004bbfe769d2f8cff963063f33237ffed843f532fe216857
Opcode Fuzzy Hash: 3ebdf0025aca7c74fa7b3a9b764f1de524ca1aadb41e4b649899e529f20ccc72
Instruction Fuzzy Hash: E422C1742066E18BEB25CF2DC054372BBF1AF44340F08885AE996CF29ED735E552DB60

Function 01A316CC Relevance: .6, Instructions: 571COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b081a7a482b3227e80f6446475cbf6fe3d77ee189446593b0d126c45a0982b83
Instruction ID: 54bd21d9f143d938988d4e1957b41913fb4826a2f5ce198cad1c161f582fe5ae
Opcode Fuzzy Hash: b081a7a482b3227e80f6446475cbf6fe3d77ee189446593b0d126c45a0982b83
Instruction Fuzzy Hash: F4227F35A002168FDB1ACF99C490BBAB7F2FFC9314B28456DE556DB345DB30A942CB90

Function 0199FB80 Relevance: .6, Instructions: 559COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e6ebd658e1296fd86f42dd80d0e05948fb0b582a7083fe993e46e0ea7444726
Instruction ID: ebf3814475a2209cd2901b8dd8ad8173800211f045ed282c76a38e672bd02935
Opcode Fuzzy Hash: 6e6ebd658e1296fd86f42dd80d0e05948fb0b582a7083fe993e46e0ea7444726
Instruction Fuzzy Hash: E822A574A00206DFDF16DFA8C884BAEB7F9FF84300F184569E9199B245E774E945CB90

Function 01998DBF Relevance: .6, Instructions: 554COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df0a5802060a34a28e583e4d9cde69910cc17a89a6c56cbc665c2fd3b13ed485
Instruction ID: 88cdf0d00847d1e7ed9b0713c1faf871f6843f0adde9f1b3e7f87fb485e62d38
Opcode Fuzzy Hash: df0a5802060a34a28e583e4d9cde69910cc17a89a6c56cbc665c2fd3b13ed485
Instruction Fuzzy Hash: 55227170E0011ADBDF15CF99C4809BEFBF6BF89705B18845AE9599B241E734ED41CBA0

Function 01976A50 Relevance: .5, Instructions: 548COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f0b8bbb006ef73e7608a072c86626f61399240b6cfe531bdf09f73c6c3972a4
Instruction ID: 993f8129e2aadd34bb4771b3b44c61fdce870a79734572f695d98cadd004df3c
Opcode Fuzzy Hash: 4f0b8bbb006ef73e7608a072c86626f61399240b6cfe531bdf09f73c6c3972a4
Instruction Fuzzy Hash: D032B275A04605CFEB25CF68C580BAEBBF5FF88310F148969E959AB351DB34E841CB90

Function 01A32446 Relevance: .5, Instructions: 485COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7971e2220a92bd36367c25373bc12de83640b1e7b351427fbf9d5da0f0f01d0b
Instruction ID: 7ff40c98cccb2ebcfb72131d65cca1876dadd75688b9fc9bdcade54d9bb87387
Opcode Fuzzy Hash: 7971e2220a92bd36367c25373bc12de83640b1e7b351427fbf9d5da0f0f01d0b
Instruction Fuzzy Hash: FF02CE356046518BEB65CF2EC450375BBF1AFC5300B1985ABF9D6CB282E338E942DB60

Function 01A341A2 Relevance: .5, Instructions: 452COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88262721cc3c2fdafad1a764a5a5058f6ec42d4cbc12da128bd91bcb4014db9b
Instruction ID: 61c2dbb8701f80acf87faaf0aae12190e44aac9e8d332c7386da6ca236962697
Opcode Fuzzy Hash: 88262721cc3c2fdafad1a764a5a5058f6ec42d4cbc12da128bd91bcb4014db9b
Instruction Fuzzy Hash: 0B028D71E00219DFCB15CF99C4807ADBBB2FF98304F29856AE556AB352E730AD42CB50

Function 01A4B16B Relevance: .4, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7954bdd54400035ae7b559dd8a005d3a8571cd3b37ae2cd266780d1bcc060203
Instruction ID: 5aab5db793092cf84d16c427e8449d9b5d03b3563eb1a6866fd20072c281dd75
Opcode Fuzzy Hash: 7954bdd54400035ae7b559dd8a005d3a8571cd3b37ae2cd266780d1bcc060203
Instruction Fuzzy Hash: E2F1E572E006158FDB18CF6DC99067EFBF5AFD8210B19416DD856EB381E634EA41CBA0

Function 01A4A9A6 Relevance: .4, Instructions: 425COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f9c94d87c582dcad0e6854868192b6b339131773cca659a0f0c4ba378b3ed5f
Instruction ID: ce2d80b7db0fff258c779f26071fb8dfeda42aeae0bd876a06fa22f0e3d15b77
Opcode Fuzzy Hash: 0f9c94d87c582dcad0e6854868192b6b339131773cca659a0f0c4ba378b3ed5f
Instruction Fuzzy Hash: 9BF1D4B3E405269BCB28CFA9C5A057DFBF5AF94210B194169D857EB380D734DE41CB90

Function 01994A35 Relevance: .4, Instructions: 423COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
Instruction ID: bbeb8e029ca07b8cdf740778f894068f0e247fd6b755067bb223613588c62f44
Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
Instruction Fuzzy Hash: A0F16371E0021A9FDF16CF9DC580BAEBBF9AF44715F058529E909AB354E734E842CB60

Function 01A22F30 Relevance: .4, Instructions: 412COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92957247aaadb6de02a9a1bef8da6e646bf8675b309a10dc85338c173f47848f
Instruction ID: eb09a595fa9427cecc3604ddeec86fa5f66e8fec7cc5ac4940db04f1c11a4eba
Opcode Fuzzy Hash: 92957247aaadb6de02a9a1bef8da6e646bf8675b309a10dc85338c173f47848f
Instruction Fuzzy Hash: E4E1F475A043A59FDF24CFACC4407FEBBF1BF4A310F18841AD586AB281D6399985CB50

Function 0199FDC0 Relevance: .4, Instructions: 390COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b7c3ed3a904aec151db6c06248eb0296bdcbe84fe276adf1b05bf59c2541900
Instruction ID: e522823543a811f9a06e4872b82b5f9366b1b3d2d02eecff9d92d58ffcde8965
Opcode Fuzzy Hash: 6b7c3ed3a904aec151db6c06248eb0296bdcbe84fe276adf1b05bf59c2541900
Instruction Fuzzy Hash: 80F17F74E0020ADFDF15DFA8C484AAEBBF5FF44304F1885A9E909AB246E774DA45CB50

Function 01A0892B Relevance: .4, Instructions: 386COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a99c0fd499f98a1ac5dfd2b80fe81748dc0affbe515551a0da73ce8317c9edb
Instruction ID: 846ca1a1e4853e3aae7ec7335b9a437a7b96fc9e6800f7d17f59672fb4fbfa8c
Opcode Fuzzy Hash: 3a99c0fd499f98a1ac5dfd2b80fe81748dc0affbe515551a0da73ce8317c9edb
Instruction Fuzzy Hash: E0D10271E00A0A9BDF06CF58D841BFEBBF1AF88304F198169D955E7281E739E905CB64

Function 019765D0 Relevance: .4, Instructions: 383COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 630fb45423b7d8e34d78f6a7b4f31d0d73705721043a897e42788d31eccacae9
Instruction ID: f104acfd7d073546b02d9e344f2eb96ad21fd796042ca7dba8448b0ddab7581b
Opcode Fuzzy Hash: 630fb45423b7d8e34d78f6a7b4f31d0d73705721043a897e42788d31eccacae9
Instruction Fuzzy Hash: 54E19D71608742CFD715DF28C090A6ABBF4FF89314F058A6DE9998B351EB31E905CB92

Function 01968397 Relevance: .4, Instructions: 380COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc6d555df5a0d4fc30b1a389d7959ea9157c868c788cf4e74407b9014eaf2dce
Instruction ID: a430c94e09dc277b1392fc30f4f847062b437302dc6e22b5490c4014bc46711a
Opcode Fuzzy Hash: dc6d555df5a0d4fc30b1a389d7959ea9157c868c788cf4e74407b9014eaf2dce
Instruction Fuzzy Hash: 22D1F371A0030A9BDF14DF28C881EBA77ADBF94754F04462DE95EDB280E734DA50CB61

Function 0199C6E0 Relevance: .4, Instructions: 367COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7de0e37a3ad2787993727a655011bfcbdfb82e6cb6e1362c2cbdae48bd69df1e
Instruction ID: d6e9f9cb55b11b35f85af0f73b647db0288ec507420ab5caae1bde9535109831
Opcode Fuzzy Hash: 7de0e37a3ad2787993727a655011bfcbdfb82e6cb6e1362c2cbdae48bd69df1e
Instruction Fuzzy Hash: D2D1C131E0421A8BEF29CF8DC9417BDBBB9FB44352F14842AD50EEB295C7788941CB56

Function 019838E0 Relevance: .3, Instructions: 349COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bc01bfdcd3730df13296b3c47a766c610ef7c7f0933a8ab0c7ad1eaf092447a
Instruction ID: a84dc9dff90b768f28ccc7ce014e08573e03fbd72ce29f111d7f85a7bcc426c9
Opcode Fuzzy Hash: 4bc01bfdcd3730df13296b3c47a766c610ef7c7f0933a8ab0c7ad1eaf092447a
Instruction Fuzzy Hash: 97E1AF75A00205CFDB18CF59C890AAABBF5FF48710F248569E959EB391D734EE41CBA0

Function 0198CFE0 Relevance: .3, Instructions: 345COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15c785425962842395074b55410ec7125ea8d960113bbd3c50ea7e02efa9e6e5
Instruction ID: cc7682883793df2494593f9250e17b9568bf86fb992fabec56ed4266927d6b9e
Opcode Fuzzy Hash: 15c785425962842395074b55410ec7125ea8d960113bbd3c50ea7e02efa9e6e5
Instruction Fuzzy Hash: 44D1D330A003199FEB25EFA9C880BAAB7F5BF45714F0440A9D90DA72D1DB34AD85CF51

Function 019F8243 Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
Instruction ID: 76290cf325e0429dc7e973d16b0e7a0c84a57049222dac3f9f956ab4a3584108
Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
Instruction Fuzzy Hash: B2B17C75A00609BFDF64DB99C940AABBBB9FF84344F14446DAB0AA7790DB34E905CB10

Function 01980535 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
Instruction ID: 7de1fd655a5f4f81bf8c5df4e18d5c22d3dd9355cbdde683a9b0f1a35ef6bd2d
Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
Instruction Fuzzy Hash: E7B11831600646AFDB21EB68C850FBEBBFAAF84300F194595E55ED7291D730EA45CBA0

Function 019783C0 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf3f90f3c49c740d7a6fdd03151b959844613f8e8c409365744b6baa6aeb29c9
Instruction ID: d4b074dd013d7e6a4b4481276d1878732e3603339722548aeab2d3f1adcda18a
Opcode Fuzzy Hash: bf3f90f3c49c740d7a6fdd03151b959844613f8e8c409365744b6baa6aeb29c9
Instruction Fuzzy Hash: 3DC14875608341CFD764CF19C484BABB7E9BF88704F44496DE98987291E774E908CFA2

Function 0196C427 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fde581332bf69f8c52c8cccb2e2a54608eed1e30ab7307f95a90ed3f4ea7f876
Instruction ID: bcbb22e510b737c5bdf138a26b64b12006de3e2b8083a751ed6c5eb220175dac
Opcode Fuzzy Hash: fde581332bf69f8c52c8cccb2e2a54608eed1e30ab7307f95a90ed3f4ea7f876
Instruction Fuzzy Hash: 65B17470A0426A8BDB25DF58CC90BA9B3B9EF84740F0485E9E54EE7241EB30DD85CB25

Function 0199E5E7 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95bc7c2eba32f7e94ecc8f788e8719f9a3765a79fa698836ea018a210de4bdf6
Instruction ID: 1a06d2b1a7e0e21940830b142ea84f127683cf1ca4c481622f4fdaf735ed810d
Opcode Fuzzy Hash: 95bc7c2eba32f7e94ecc8f788e8719f9a3765a79fa698836ea018a210de4bdf6
Instruction Fuzzy Hash: F0A12631E00259AFEF22DBACC845FAEBBB8BB40714F054525EA09AB291D7749D41CBD1

Function 019B0185 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79fb400ed937d279e31f4bfe1a758ea73f26c8e8ccf6b59b07e84b5380413c85
Instruction ID: 24e1af189971db85a6b51f4e4ef23ae86f2ed662475439db89120e66ce9682b1
Opcode Fuzzy Hash: 79fb400ed937d279e31f4bfe1a758ea73f26c8e8ccf6b59b07e84b5380413c85
Instruction Fuzzy Hash: D2A1C170B016169BDB25CF69C6D4BEBB7F9FF44715F08402AEA0997281EB38E815CB50

Function 01A44500 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e10e7efa3022fc68a755ebafc8d1e9c0844eeb5afc72620acf890b16dd8f1cdd
Instruction ID: 85d9e184a7c8544c0af9102e33d30f2f34918b29005395de2b640888d395956a
Opcode Fuzzy Hash: e10e7efa3022fc68a755ebafc8d1e9c0844eeb5afc72620acf890b16dd8f1cdd
Instruction Fuzzy Hash: EBA1DF72A04612EFD712DF28C980B5ABBE9FF88704F054528F5899B661D774ED01CB91

Function 019F60E0 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35432f56a5567e745eb0a93d785b815a609f4c83a21a00d935578800a4bda78e
Instruction ID: 21456166b46d2c05907cfdd2cb2357e886024a5a22d66046349b07645699c970
Opcode Fuzzy Hash: 35432f56a5567e745eb0a93d785b815a609f4c83a21a00d935578800a4bda78e
Instruction Fuzzy Hash: 58919275E0021ABFDB15CF68D884BAEBBB9EB49710F15415DE718EB241D774D9008BA0

Function 0198E3F0 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0815f93cc2382f495ae3261dddabf990189fc31cdfc5dc0f4d11d06337d99625
Instruction ID: e2139a7cdc827b9b8c7e6f29e8bc7ebf7c8da4e91bd46fb2c8c8d7220e493ac3
Opcode Fuzzy Hash: 0815f93cc2382f495ae3261dddabf990189fc31cdfc5dc0f4d11d06337d99625
Instruction Fuzzy Hash: 55913332A006169BEB24FB6CC490B79BBA9FF94B15F048469ED0DDB280E634DD01C7A1

Function 019A4750 Relevance: .3, Instructions: 251COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
Instruction ID: 375cdd394c1ab81f9aed3bd98106bf2b8b624323fe6ae01ed34da9f87a558585
Opcode Fuzzy Hash: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
Instruction Fuzzy Hash: 22815D21A04296CFDB124EACC8C567DBFA4FF52300F5D4A7AD54A8B341C2A4DD4AC7D2

Function 019BDBF9 Relevance: .2, Instructions: 244COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
Instruction ID: 90e4e35742d680ebc675bd66112d8134bcfd07fc4b80d71b48b8877c426fae09
Opcode Fuzzy Hash: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
Instruction Fuzzy Hash: 9F915172610A068FE725CF6DC9C5AA2BFE4FF55329B148A18D5EADB6A0C335E511CB00

Function 01A3F7B0 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b6f7d5e11194001fcd47041c35e52822553e94407c9131d3afa2a2be1d5628d
Instruction ID: 94bb2aac85ac99d648873bbe7c620542b5ab976f8ac85924c3969cd810a27f0c
Opcode Fuzzy Hash: 8b6f7d5e11194001fcd47041c35e52822553e94407c9131d3afa2a2be1d5628d
Instruction Fuzzy Hash: 1791E571E20216AFEB15CF28C9807AABBF1AFC8310F048579F955DB291D774E905CB91

Function 01A3F43F Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da998aaf653aae8e16e564a6b6f2a8ad342dbf262025c62a2b3649f349345c5f
Instruction ID: e11851106b192cec6b854301638e6c1d9239dca66cdc0f4ecb509e872a9cd403
Opcode Fuzzy Hash: da998aaf653aae8e16e564a6b6f2a8ad342dbf262025c62a2b3649f349345c5f
Instruction Fuzzy Hash: 7291D172A101159FDF18CF79C8906BEBBF1FF88310B198269E856DB296D734E905CB50

Function 01A381CC Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f26a861e32906b6e7aa7876eb83489c98ed0c18efe18c0ec6a5aa1211d14ca5
Instruction ID: db2c187b1e06b0c4d2f23d334633bf0847dc1ccc17c520d9e8942c70581791d2
Opcode Fuzzy Hash: 9f26a861e32906b6e7aa7876eb83489c98ed0c18efe18c0ec6a5aa1211d14ca5
Instruction Fuzzy Hash: FA818371E006159BCB14CFADC8806AEB7F5FFC8210B19436AF921E7794D778A952CB90

Function 01980E59 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b61c09bdad118352a2fe8bb8cdd05ccd998e2cf4536ed994f63a0eda8ce3341d
Instruction ID: f6cceb5f3ad297bccda4f58eed7db5f08c44c6497a93bfabab6245fcf36ce29c
Opcode Fuzzy Hash: b61c09bdad118352a2fe8bb8cdd05ccd998e2cf4536ed994f63a0eda8ce3341d
Instruction Fuzzy Hash: 0981D231A001199FDB25DF5DC8809AFBBB6FFC5201B29C295F818AB34AD730E945CB90

Function 019C6ACC Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9afbfffc734c1ecf64be01f1ca8999fac1f03fc918e4dfb97f32da7c6cfc79f4
Instruction ID: 30f1dca072bd307830e982cbf1176c7e6af6aecbdd27e63c8d36a70618b280dc
Opcode Fuzzy Hash: 9afbfffc734c1ecf64be01f1ca8999fac1f03fc918e4dfb97f32da7c6cfc79f4
Instruction Fuzzy Hash: C2819471E006169BDB19CF69C940ABEBBF9FB48B00F04852EE589D7741E334D941CBA5

Function 01A2E4F6 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09ef8e8d0cbf89eeb116bd1b2d6221643a00812aa4e8241fa9e1803b0092c456
Instruction ID: 3f8da55363d583a9952ac475dc469bb07ce318c3b7ef1a51fd712ac51b1eb558
Opcode Fuzzy Hash: 09ef8e8d0cbf89eeb116bd1b2d6221643a00812aa4e8241fa9e1803b0092c456
Instruction Fuzzy Hash: 8C819276E002259BDB28CF6DC5906ADFBF2EF89310B198169D816EB385D734DD41CB90

Function 01A3AB40 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
Instruction ID: 75363a94a7a651cf34e64dcd9e192f77670ca0ce76d2da7cbb3596fbd483ec07
Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
Instruction Fuzzy Hash: C5818E31A0021A9FDF19CF99C880BAEBBB2BFC4310F188569E956DB345DB34E905CB50

Function 019AE284 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4433cc0fddf5daa00b6e9d783aefd37fbf1f5d4ffccd402cd266e35958ad6058
Instruction ID: 55872fe0f5f7e96112b53e0dd2d2bd81308fbc378f3fad593f1e5bb172690ded
Opcode Fuzzy Hash: 4433cc0fddf5daa00b6e9d783aefd37fbf1f5d4ffccd402cd266e35958ad6058
Instruction Fuzzy Hash: 88816571A00609EFDB16DFA9C980BEEBBF9FF88354F504429E559A7250DB30AC45CB90

Function 0199B950 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdd8dac9dc0632aa6b10ab08fb25e0028e1d1c0089db71551947f1c737f06354
Instruction ID: 79345f7ff8701ff0f37bbbd5ca768ecf57486f1d50727f66d8f41b6d5c46a186
Opcode Fuzzy Hash: fdd8dac9dc0632aa6b10ab08fb25e0028e1d1c0089db71551947f1c737f06354
Instruction Fuzzy Hash: 2171F3306042508EEB25CE2ED980F3677E6AB8471AF548959E99F8F1C5D73DE802CB60

Function 0198C640 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcd13ae228a5a8270bcd2342f61c38a5f6ab88bdf6a6ee7aa39ff10c12d4553d
Instruction ID: 5e94747558dc32ba955a1373cdaae67626258e4055253016fd3c14afd559b1f9
Opcode Fuzzy Hash: dcd13ae228a5a8270bcd2342f61c38a5f6ab88bdf6a6ee7aa39ff10c12d4553d
Instruction Fuzzy Hash: 4671D275D00225DBCB25DF58C890BFEBBB4FF58710F14852AE95AAB391D330A801CBA0

Function 01A247A0 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e30617ac11b5a9c4b2c548ce7fbc71eeeaec7f991dd2e2b7adb0e951535d21e
Instruction ID: 0c9fc37bef05404f208d0a3d2ca432fef0da0ea2e3514aab5c913300e3058b9d
Opcode Fuzzy Hash: 6e30617ac11b5a9c4b2c548ce7fbc71eeeaec7f991dd2e2b7adb0e951535d21e
Instruction Fuzzy Hash: 5471B1B0E00615EFDB20DF9DDA40A9ABFF8FF98300F14415AE618EB268C7719945CB54

Function 01A2DAC6 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a35d16954b46174b8c3075f22d6d8f1c13c01d4bd2985485fb7109078bf52165
Instruction ID: 4bd5bd69b54512fc042e0ee93f57e004ea8cb86720df401e601ab0bb9682d615
Opcode Fuzzy Hash: a35d16954b46174b8c3075f22d6d8f1c13c01d4bd2985485fb7109078bf52165
Instruction Fuzzy Hash: 65816A70D006659FDB25CFAEC444ABABBF1EF89700F048459E895AB386D374E845DF50

Function 0198260B Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 621023a476fa089797fecf247a3904cb9657f486d2fba7f20660e92a959b3efb
Instruction ID: ecfc0dda8a00419aa7edcab8e1649f34600ba897cfaff6813cdf5454758d3245
Opcode Fuzzy Hash: 621023a476fa089797fecf247a3904cb9657f486d2fba7f20660e92a959b3efb
Instruction Fuzzy Hash: B071C0756042428FD311EF2DC480B2AB7E9FF84314F0485AAE899CB352DB34E946CBA1

Function 01A370E9 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69c61d056c5a2079539ef004aadb97339b5d736d1c7efd336b4d4b833dced340
Instruction ID: 6b71629c987c28c576a5a0db3c632ae7e861cc97f04082c61b9970c5e91c2060
Opcode Fuzzy Hash: 69c61d056c5a2079539ef004aadb97339b5d736d1c7efd336b4d4b833dced340
Instruction Fuzzy Hash: 3161A3B2E003179BDB15AFE9C881BBFB779AFD4610F144429F915A7240EB74D941CBA0

Function 01A2F0CC Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bad2204ea8d1536bc458fe99acfa3f008b5a73f1f20d1c6e190ca7287acd0594
Instruction ID: 2b60828b033bc715841f8dd3e00c50b118a4ae2d57592d98ce6f41fda84716df
Opcode Fuzzy Hash: bad2204ea8d1536bc458fe99acfa3f008b5a73f1f20d1c6e190ca7287acd0594
Instruction Fuzzy Hash: 50718879A00732DFDB24CF5EC59057AB7F1FF86604BA8486EDA8297240D774A981CF90

Function 019F035C Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
Instruction ID: 5787c78ddcd0340f99000a0af8da0971f55517b73c87efe317d18b8d51f29a2c
Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
Instruction Fuzzy Hash: 97715F71E00619EFDB10DFA9C984EDEBBB9FF88700F144569E609A7251DB34EA01CB90

Function 01A062A0 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45175dd783feb5b08c5070ded048a6e664f0b56c328410bf9ca1a5b45d33e897
Instruction ID: ab6c9dd194465f93c12ad071181a49cc7ff4391ceb2fd83878f62185b0ad87cb
Opcode Fuzzy Hash: 45175dd783feb5b08c5070ded048a6e664f0b56c328410bf9ca1a5b45d33e897
Instruction Fuzzy Hash: BB71F132200701AFEB33DF18D984F56BBB6EF84728F154428E65A8B2E1DB75E954CB50

Function 01978AA0 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b127e3e74ef81352d8887a6597c673a1bbaccc53f22e46685ac166023763fec
Instruction ID: 35e731cd960ea9db835a0133a9d8a7a053bce4e13de23cbe3b31944bdbbc7b47
Opcode Fuzzy Hash: 5b127e3e74ef81352d8887a6597c673a1bbaccc53f22e46685ac166023763fec
Instruction Fuzzy Hash: C081E372A04316CFDB29CF9CC588BADB7B5BF88711F15812DEA08AB291C7749D41CB90

Function 019ACDB1 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ebdc1af40e8708d4db9c23031c4815aa72fa336b83b4a93b5df1075f403b1bc
Instruction ID: fa908a36536e11e08768c6b4da334a5f8a8db52c6a03c1cf07898bd885e6a5f3
Opcode Fuzzy Hash: 9ebdc1af40e8708d4db9c23031c4815aa72fa336b83b4a93b5df1075f403b1bc
Instruction Fuzzy Hash: 33619171A00206DFDB19DFA8C884AAEB7F9FF48314F644569E619EB291DB319901CF90

Function 01A37A46 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f63085b39c9a19d95f97c38777b3202157bb9741320ec23f647f15c23424108
Instruction ID: 4cecc48706be2a5beb38b8f81769af0ef7ca7b82419b69c86b1c487c98e6f256
Opcode Fuzzy Hash: 7f63085b39c9a19d95f97c38777b3202157bb9741320ec23f647f15c23424108
Instruction Fuzzy Hash: B951E7B5A001265BCB19DFA9C880BBABBF6EFC8310F144169F955DB385DA34CD42C7A0

Function 01A3132D Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be160d927ae78a29be10af10ee7e39ec321b524f237ccd5960d9eba71adc7ecd
Instruction ID: 1c9b0b0fa7d4f1ca9b263c8b65772afebc3bcb59afb4ea06f12e541311f3695b
Opcode Fuzzy Hash: be160d927ae78a29be10af10ee7e39ec321b524f237ccd5960d9eba71adc7ecd
Instruction Fuzzy Hash: C5818275A00205DFCB09CF69C590AAEBBF1FF88300F1981A9E859EB355D734EA51CB90

Function 01A2A250 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92b282673e4e02593d97cbeeeb0db56f3cef602d9a89e48ceccadf4eeb55019e
Instruction ID: 749582c18510b9c2e861c9e129379c95fe7d00549071ce62ba245b4df89a8f1e
Opcode Fuzzy Hash: 92b282673e4e02593d97cbeeeb0db56f3cef602d9a89e48ceccadf4eeb55019e
Instruction Fuzzy Hash: B551EF72504722AFD322DE6CC884E5BBBE8EBC9710F010929FA45DB651D770ED04CBA2

Function 01A3CE93 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
Instruction ID: 7f3035034550a06e25621c3f45642cf319b8fb7c136ddae15f7a4de5dc9b8ad0
Opcode Fuzzy Hash: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
Instruction Fuzzy Hash: 9A5136326043028BD701DF3C8C5076BBBE6AFD1270F19846EF996E724ADA30D905C7A1

Function 01A38DAE Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32be381e5d176247ffb1b741991b49f5935782ed15d6218a4e045216ce46444b
Instruction ID: ee158ddd011062d15ca934b1cf6438b09acd7dffd5637277df3b87535ed4cb0b
Opcode Fuzzy Hash: 32be381e5d176247ffb1b741991b49f5935782ed15d6218a4e045216ce46444b
Instruction Fuzzy Hash: 5051C1B26047029FD712DF28C840BAAB7E5FFD4350F048A2DF98597291D778E909CBA5

Function 01A18350 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c6e7a1a98fc46b8f0aaad5a9b40e8f529161252bafa9d909174f8e0f5e5eeb3
Instruction ID: b1227f027bac51fd8f26b9eb324b172d6186064dc80d8055bff96cee873ffae3
Opcode Fuzzy Hash: 0c6e7a1a98fc46b8f0aaad5a9b40e8f529161252bafa9d909174f8e0f5e5eeb3
Instruction Fuzzy Hash: E151B170900705DFD721DF6AC880AABFBF8FF94710F104A1EE296976A5CBB4A545CB90

Function 01A37D73 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a2b808fcaa278e504ef98c911a433c98fb88e77e0c2e476c039a6d362dd36b6
Instruction ID: 976e0cb15dd4b856262d5bb674cf803b80b8adcad4673434c5066dbb6f357b2e
Opcode Fuzzy Hash: 1a2b808fcaa278e504ef98c911a433c98fb88e77e0c2e476c039a6d362dd36b6
Instruction Fuzzy Hash: E051A376A1014A8BCB08CFACC480AAEB7F1EF98314B15827AD955EB355E734DA15CB90

Function 019AE443 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15588ec84003e4f2ae19cc1ecbe73812fbede04539de3730654fe28196071def
Instruction ID: 58968b67d092ca37e6b28109ece75a83de9ad39f375d1f957d8d8e6616b696b9
Opcode Fuzzy Hash: 15588ec84003e4f2ae19cc1ecbe73812fbede04539de3730654fe28196071def
Instruction Fuzzy Hash: E1517E71600A05DFCB22EF69C984EAAB3FDFF54B84F800829E54A97260D734ED45CB90

Function 01A14180 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22545b6061946a798522cc65fdad9179a61b0fdc83fbf58cbf213ff557498c4e
Instruction ID: 0513b62b5e8b75d49e8d02bfe8a18fa38038a0937edf435d4196083c402ef90b
Opcode Fuzzy Hash: 22545b6061946a798522cc65fdad9179a61b0fdc83fbf58cbf213ff557498c4e
Instruction Fuzzy Hash: 905133B16083029FD754DF2DC880A6BBBE5BFC8718F48492DF599C7254EB30DA058B96

Function 019945B1 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
Instruction ID: 693c0c49240cc3b965d5dff6a5f04f15e8afc9393994ea4ecbdebc7cd0924e75
Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
Instruction Fuzzy Hash: 6051B571D0021EABDF16DF98C540BEEBBB9BF49750F05806AEA09AB250D734DD45CBA0

Function 019F3A6C Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: deed374ef37a212f535429889a4878974880736baf3f32c56b0bf8d6dd223358
Instruction ID: ae917e624b29012be5679bdf3dabc13f960cce7639f6208f8f50dd3ead967421
Opcode Fuzzy Hash: deed374ef37a212f535429889a4878974880736baf3f32c56b0bf8d6dd223358
Instruction Fuzzy Hash: 48516E32E4011D5BEF25CA68D471BFFB3EAFB41311F44081AEA19BB3C0C67A6A46D650

Function 019ED800 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21e45bddde92ef0db7568e2a06af30f6e76bb000ebad4e1fc77b73e88166592a
Instruction ID: 27ea702dcaae80dabc0d7f027f82a0e90c9cae04d51d1fafc5ab794a4f9eaaf4
Opcode Fuzzy Hash: 21e45bddde92ef0db7568e2a06af30f6e76bb000ebad4e1fc77b73e88166592a
Instruction Fuzzy Hash: D1511274A00216EBDB15DF99C884ABEBBF9FF44701F044169E949CB780E734E950CB91

Function 019FE9E0 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
Instruction ID: 28e4fbe0daf4f1ea9b384eb7aa3a912b0fd0d3a41f699cb985ed0f00638290d1
Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
Instruction Fuzzy Hash: D251963190021EBFEF11DF95C984FAEBB79AF40326F16466DD71A671A0D7309D4487A0

Function 01A37571 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7773123aefcd278f1fa7c6acdab1bda53f4d9454603a910ebe061c6414ce575
Instruction ID: c89d011012db52d663a863c7bbd1811175303d188dac8b2154f5f25a956f4dea
Opcode Fuzzy Hash: f7773123aefcd278f1fa7c6acdab1bda53f4d9454603a910ebe061c6414ce575
Instruction Fuzzy Hash: 8251E371A0021AABDB159FA8D854B7EFBB9FF88240F144129E911E7290DB70AE11DB80

Function 01A38B28 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0712e63f82b8ac773442b7cdb584ef285541fbaabcd164011c77f2f37e0faaa4
Instruction ID: 61770fc4f4c6b5ed5523c89d5ee3997a3a80a4a58981cc0c1d379468a44eac09
Opcode Fuzzy Hash: 0712e63f82b8ac773442b7cdb584ef285541fbaabcd164011c77f2f37e0faaa4
Instruction Fuzzy Hash: 9941D2707056129BDA299F2DC994B7FBBAAEFD0620F188319F955C7281DB3CD901C690

Function 019FCBF0 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bf15c79bc2eeade711edd6c21d36a53eefb8b0d45e3afee35578f4c35cf123f
Instruction ID: 686c6774dfe4ea45429e97941123577467541e26118c7f1b661fbe2660dfb125
Opcode Fuzzy Hash: 6bf15c79bc2eeade711edd6c21d36a53eefb8b0d45e3afee35578f4c35cf123f
Instruction Fuzzy Hash: 9B518C75D0021AEFCB20DFA9C980E9EBBB9FF88355B118919D61EA7744D730AD01CB90

Function 019F5BF0 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cca456fe999f2c70bb7bb54a64fe015d21d672d04901403410b0d6e37a717c4
Instruction ID: a8105f3a06020f0f27190b182267df152bc8cf37b17ff6b287baea5a8bcd2c65
Opcode Fuzzy Hash: 5cca456fe999f2c70bb7bb54a64fe015d21d672d04901403410b0d6e37a717c4
Instruction Fuzzy Hash: 17412D31F41316BFDB25FFB98802A6E76E4AFA4711F01452EE60EF7385EA3488018795

Function 019AA430 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9729c14f499ac1076706e650372fbceb5bd52919737d8ff8b9a57752e27fc139
Instruction ID: 1b251ca60195cac4926b1400e2f4689b70b0706b70c24475ef960d21718d3ddd
Opcode Fuzzy Hash: 9729c14f499ac1076706e650372fbceb5bd52919737d8ff8b9a57752e27fc139
Instruction Fuzzy Hash: 9341F5756402129FDF26EF78D880F6E37A9ABA4B08F41042DEA0E9B251D7719805CBA4

Function 01A3A9D3 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
Instruction ID: 743a4f72d7abe9ae5ee54262d1e69f9e48337e0769945ea9a254a21e0d673243
Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
Instruction Fuzzy Hash: 1A41C472A047269FD729CF68C980B6AB7A9FFC0210F05462EF996C7641EB30ED05C790

Function 019A01F8 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f8b1b23be2535c737fcdc865bce9fb1afc13953d1679d05a2868b5f4a4e936e
Instruction ID: 3d154fe2e43f78f729b1a088a5c1866801b550d0a5e32a6150ef0974a6cfb580
Opcode Fuzzy Hash: 9f8b1b23be2535c737fcdc865bce9fb1afc13953d1679d05a2868b5f4a4e936e
Instruction Fuzzy Hash: 9941DF35E00219DBDB15DF98C440AEEBBB8BF88B14F59812AF819F7240D7359D49CBA4

Function 0199EBFC Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5758fe7c8253e063a5772fa61eee34c0af4758c0490bc9594819e33969213168
Instruction ID: ee978a5392595c9b5c15af79539e6a987418f3c3b3750a00a92e82f8831225af
Opcode Fuzzy Hash: 5758fe7c8253e063a5772fa61eee34c0af4758c0490bc9594819e33969213168
Instruction Fuzzy Hash: 1C4190716043429FDB25EF2CC880A57B7E9FF88214F044929E99FC7651EB35E845CB51

Function 019B2750 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
Instruction ID: daba49a55c3f98fe8a90fd1f71e83382c26eb441247e5f2b80b7bd074dc340c3
Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
Instruction Fuzzy Hash: A9516A75A00215CFCB16CF98C584AAEF7F6FF84710F2481A9D919A7361E770AE42CB90

Function 01976154 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63c7df5393b10201fbf9daecbb6e0e2212222c0cb921a2771e2365a430110b3e
Instruction ID: fcf6688697acc3fd214f3a74a234abdc9d71f2432886b5aea6f4318f80c2111e
Opcode Fuzzy Hash: 63c7df5393b10201fbf9daecbb6e0e2212222c0cb921a2771e2365a430110b3e
Instruction Fuzzy Hash: 4151F670A00606DFEB269B28CC04BE8BBB5FF51314F1482A9D51DA76D1E7349981CF80

Function 01970BCD Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c69f2c772f3e8ba40178532b71d7d83a8d47ea49ff994e4f48aedc7673a766f
Instruction ID: 8d766ebab34da6104cd167d3111e31eeac21cbb9f96af42d8289cd84604c73e9
Opcode Fuzzy Hash: 3c69f2c772f3e8ba40178532b71d7d83a8d47ea49ff994e4f48aedc7673a766f
Instruction Fuzzy Hash: 7841A471E002299BDB21DF68C940FEA7BB8FF85B40F0500A9E94DAB241D774DE80CB91

Function 01A3866E Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
Instruction ID: bca9dea1557bf34f0a4ed4123815a269390c2a0f3d865fa4d718e82872063498
Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
Instruction Fuzzy Hash: 1E41D675B00205ABDB15DF99CD84BAFBBBAAFC8600F244169F904A7341D778DE04D760

Function 01A3F0E0 Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e74c78fad02fe5548ec92d7f3b01403b7fbdcb3e8faa4281bbafcc29d1ad2ea
Instruction ID: 356f824f45ccdb6809e56b5f6553928a0f888172b5247d78191a67a9c9f466b4
Opcode Fuzzy Hash: 0e74c78fad02fe5548ec92d7f3b01403b7fbdcb3e8faa4281bbafcc29d1ad2ea
Instruction Fuzzy Hash: DD41C3716183418FD704CF29E86597ABBE5FFC9615F04495DF9968B382CB30D809CB62

Function 01970887 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5db1605ec182dcec5e712d7b74c3c69c84f7d3985c98675e761d047b17977def
Instruction ID: 92dd533239b72e3040a1025fbe643e8825064235e409fd39d1d34805a9f35e6e
Opcode Fuzzy Hash: 5db1605ec182dcec5e712d7b74c3c69c84f7d3985c98675e761d047b17977def
Instruction Fuzzy Hash: 2941B5B16007069FE325DF28C480A26BBF9FF8A314B188A6DE54F87A51E731F845CB50

Function 01A1D5B0 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88c057287c081982c7d6bb13eaa2fd05249c8c4058a8438d5b1002ad59a2f42f
Instruction ID: 51396333ae2e4d5c6faa3e9b1b6cf7affae8d7fb8712c78e98c2cba1ab0a43c3
Opcode Fuzzy Hash: 88c057287c081982c7d6bb13eaa2fd05249c8c4058a8438d5b1002ad59a2f42f
Instruction Fuzzy Hash: 74412430A182959FCB15CF6CC499ABAFFF1FF59300F098889D5D58B24AC734A456DB60

Function 0199A470 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3234b3ff204e34dcaa6b2bc822f17da73cfc6fcd409fac25413a2ebcdae19510
Instruction ID: 42c1e68c9bd5c98aead2f13a176ac42f59cbc74a9b1c2feb64166051fde50740
Opcode Fuzzy Hash: 3234b3ff204e34dcaa6b2bc822f17da73cfc6fcd409fac25413a2ebcdae19510
Instruction Fuzzy Hash: 6241CC32A40205CFDF21DF6CC894BED7BB8FB58B21F144569D419AB2E2DB349901CBA1

Function 01978BF0 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce772155e6899f58e96d57c1aeb65a378b0f8d98b3339ab62a4569ec549ebdf4
Instruction ID: a108aa872a54827f1435549717b0eaaa61193b23be9a7f2f2f150f1cc2eae271
Opcode Fuzzy Hash: ce772155e6899f58e96d57c1aeb65a378b0f8d98b3339ab62a4569ec549ebdf4
Instruction Fuzzy Hash: 02412936D00202DBD729DF58C884B5ABBB5FF98B14F15802DD9099B265C775D842CFD0

Function 01968918 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8255b83dbb495abfc16a0e8060ccc61598f04ae6d11671ca575de47b06a4c79e
Instruction ID: d2762dbe18a2b23e8dc6524c431036bed7f79e34b30df2aa8298119cdfaa59f6
Opcode Fuzzy Hash: 8255b83dbb495abfc16a0e8060ccc61598f04ae6d11671ca575de47b06a4c79e
Instruction Fuzzy Hash: 5C415C315083069ED712DF69C841A6BB7E9AF84B94F40092FF989D7250E771DE058BA3

Function 0196A020 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
Instruction ID: cdc91c55651095fc96aee63f8ac2c0706ee09d54cdf035367531b5b1b2bdbe56
Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
Instruction Fuzzy Hash: 16418231A00212DBDB11FE198451BB97B7DEB91B91F15806EE58EAB340D6369D40C771

Function 019709AD Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b66426b86ef2b1eadf3269bc3337df972388052608d948c2cd056210184a5ce6
Instruction ID: 81ae2d271d00b4866536799890f6694de2e5bf61e5b6f5e64d26da10ec31de06
Opcode Fuzzy Hash: b66426b86ef2b1eadf3269bc3337df972388052608d948c2cd056210184a5ce6
Instruction Fuzzy Hash: 1E417AB1A40701EFD725EF18C840B26BBF8FF95715F248A6AE44D8B251E770E942CB90

Function 019A0710 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
Instruction ID: a026f53f1225fbbb9b0431e46977641dfbae31ffa1c876ecb10ac40f900afec1
Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
Instruction Fuzzy Hash: FD414971A00705EFDB24CF98C980AAABBF8FF18700B54496DE55AD7290D730EA48CF95

Function 0197262C Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4a87043d478ae48deba87d5925c7fdfb951d4f4c496b3932d8939705fb52d79
Instruction ID: 222d9fd16e48bb7490eeede19f33ee74627e51b1d7d278e7e65e096c52e07506
Opcode Fuzzy Hash: e4a87043d478ae48deba87d5925c7fdfb951d4f4c496b3932d8939705fb52d79
Instruction Fuzzy Hash: C341A0B1511701DFCB26EF28CA40A59B7FAFF94711F1085AAC51E9B2A1EB30A941CF51

Function 019AC8F9 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23198d6806f6bac7527bcfd10bd81e6fdf5a22b64b154951252e99632791ac0a
Instruction ID: bfcf0ad6268e5a015056f97f42a8a22b01b0a4a3cb3f0eafa50296f52982d310
Opcode Fuzzy Hash: 23198d6806f6bac7527bcfd10bd81e6fdf5a22b64b154951252e99632791ac0a
Instruction Fuzzy Hash: A6319CB1A00305DFDB52CF98C140799BBF4FB88724F2085AED119DB251D3329906CF90

Function 019F07C3 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 717d6f352ed2bd0ab945f1e9e5ea27ded937f1fb1e1a06c792b0cfeaf8c0d0c8
Instruction ID: b0464f82dea74a8d4ead63fe1d985fba8375a1fa5841784790841950a72b18ce
Opcode Fuzzy Hash: 717d6f352ed2bd0ab945f1e9e5ea27ded937f1fb1e1a06c792b0cfeaf8c0d0c8
Instruction Fuzzy Hash: 3E417D71A04301AFD760DF29C845B9BBBE8FF88664F004A2EFA9CD7251D7709905CB92

Function 01A3EEDB Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3c286481d2b848ec0c01a560013131bea0e3ca5bf253a2bf1b8fcad13e2e008
Instruction ID: 5ad4d2ea7123753ae633620747d280d6499e86d43fe30c97cf4c9076a56ec6c9
Opcode Fuzzy Hash: e3c286481d2b848ec0c01a560013131bea0e3ca5bf253a2bf1b8fcad13e2e008
Instruction Fuzzy Hash: 6141C333E1402A8BCB18CF68C49157AF7F1FF89304B5642BDE916AB295DB74AD05CB90

Function 01A3FA49 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a004e53b3ba1797e163170dfe9e2954860627262f8412a912b9d97f7f52d2b24
Instruction ID: 8cd22a7623399f1e36e77f1222b13c1ebd98530132e11a7a67d9f57d33f559ea
Opcode Fuzzy Hash: a004e53b3ba1797e163170dfe9e2954860627262f8412a912b9d97f7f52d2b24
Instruction Fuzzy Hash: 1531E572F201069FD718CF29CC44BA67BA6EFC9350F088538F919CB285E674D946C395

Function 019F05A7 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4d803507b2a6f057dda72265ccfe5cef069d2dc967fe85d94c03f80c51c4669
Instruction ID: 5e5dfc385bde88beeca59ffc09faa86ba92bf8a9be465a6b99e17468bf91f19c
Opcode Fuzzy Hash: a4d803507b2a6f057dda72265ccfe5cef069d2dc967fe85d94c03f80c51c4669
Instruction Fuzzy Hash: AD41C472604741AFD320DF68C840A6AB7EEFFC8700F18061DFA5997691E730E914C7A6

Function 01974859 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64afb0ac7a5c438a63fcc5e452ead1f466bc602dd775f10899d03a6630e6513c
Instruction ID: 1da3180976fe8ba77e5118d9236cced7d9bf1632c5cdf3bfb2deba415ecda015
Opcode Fuzzy Hash: 64afb0ac7a5c438a63fcc5e452ead1f466bc602dd775f10899d03a6630e6513c
Instruction Fuzzy Hash: 9D41C2706043068BD725DF2CD884B2ABBE9FFC0B55F14442DEA598B2A2DB70D951CB92

Function 01A3FB76 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35050a6ae1246d139271f4547c6e5b2c288cd6c2602e0ebb187c255c42ea2250
Instruction ID: f269bd933f58433a74240262524c8644c69290d84566bae3b725d79146d3c8a7
Opcode Fuzzy Hash: 35050a6ae1246d139271f4547c6e5b2c288cd6c2602e0ebb187c255c42ea2250
Instruction Fuzzy Hash: AF31CF72A20105AFEB148F69DD54BABBBE5EFCC350B058428F918CB251DA34E902C7A1

Function 019802E1 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
Instruction ID: 2915233c58d90a6a4c1b7b26fc68bc6b35373ce4c1161d7fafdc4de64a371b3e
Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
Instruction Fuzzy Hash: 4F310731A04244AFDB129B78CC44BDBBFE9AF54350F0885A6F45DD7352D6749848CBA0

Function 01A1E3DB Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5f079913f732acf0a483e3ddec05da3bf89acce243fd32d8c82eb4996e8e4de
Instruction ID: 52895ea2631ebe39fde1922c31ed2ae4f0d5972cb16f064c017c8b7d00f302c0
Opcode Fuzzy Hash: b5f079913f732acf0a483e3ddec05da3bf89acce243fd32d8c82eb4996e8e4de
Instruction Fuzzy Hash: 4631BC75790706ABD723AF65CC41F6F76B5EB99B50F000028FA04AB2D6DA65DD00C7E4

Function 01A24B4B Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01b087d64c63469a7dd6a71186033f613906cfa738d97a7d36ffc2b2d6964f79
Instruction ID: cf48d11e762c9f69eaae8842b77a6273cd41ab552532261f85c3b8f8bf958305
Opcode Fuzzy Hash: 01b087d64c63469a7dd6a71186033f613906cfa738d97a7d36ffc2b2d6964f79
Instruction Fuzzy Hash: 1D31E272605621CFC325DF1DD880E26BBF5FB88360F0A446EE9999B665D730E805CB91

Function 01974260 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1be131684d363a540e41d2b26b1d7759df463fd8a174b799cf4bcec622dc03c
Instruction ID: b0e2badd5a4e6082c792eaf4f5bcb5046b304aeef0c613605f95cf0270638406
Opcode Fuzzy Hash: d1be131684d363a540e41d2b26b1d7759df463fd8a174b799cf4bcec622dc03c
Instruction Fuzzy Hash: 8541DD75201B05DFD726CF28C981FD6BBE8AF89710F058829E69E8B251D770E800CB90

Function 01A24BB0 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ee9a1db83cbb5c2dfeadb60d888f3de4fb0fbe5fb6fcfcd258e2fa57f583c6d
Instruction ID: 1aca36200a57ad4544373cd97a32a9fee9c81b56e1c6e2c1143a49bfa2095471
Opcode Fuzzy Hash: 6ee9a1db83cbb5c2dfeadb60d888f3de4fb0fbe5fb6fcfcd258e2fa57f583c6d
Instruction Fuzzy Hash: 543178716046118FD720DF2DD880A3ABBE5FB88720F09496DF9999B795E730EC05CB91

Function 019EEB1D Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e9d02e0ae15f179cd547ef0b5bfc805e3748e23fa216894c041842019ad25cd
Instruction ID: 9654c301abddcdea10c510f63eac010cd6b30859e7500a744fcdf12f435cdbe4
Opcode Fuzzy Hash: 2e9d02e0ae15f179cd547ef0b5bfc805e3748e23fa216894c041842019ad25cd
Instruction Fuzzy Hash: 2631C131B01686ABF7235B5ECD4CF257BDDBB80B45F1D00A4AB4D9B6D2DB68E840C220

Function 01A361C3 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b8b32c13a5b1f5e90f6324e22428edd7b803cb583eb8e26c710ab8660639624
Instruction ID: 46e746e433832c96ec937b0900ce3ffe6c1c71d6d1130ca437fb280d54826106
Opcode Fuzzy Hash: 0b8b32c13a5b1f5e90f6324e22428edd7b803cb583eb8e26c710ab8660639624
Instruction Fuzzy Hash: E331B275E00116BBDB15DF98CD80FAEB7B5EB84B40F464168F909AB245D7B0EE01CBA4

Function 01A1483A Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bb84f0c190fd657d17a227946b2ab0af50a2f6d5e64ca9f162848bee39408c6
Instruction ID: 386a7e7fdc6b9f7a85b943747e50ab2a142986800ac9c5d3e20d2e59a6391554
Opcode Fuzzy Hash: 1bb84f0c190fd657d17a227946b2ab0af50a2f6d5e64ca9f162848bee39408c6
Instruction Fuzzy Hash: 00315376A4012DABCB21DF58DD88BDE7BBAAF9C310F1400A5A508E7254CB30DE918F90

Function 01A36BD7 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e694af786cca3f5a4131b70537d5e5e29fc684f12ab268dfd66c1fe7c6c7b8ee
Instruction ID: 5b793d905641eb5a954761b2ea97d5acf9461f80eb5e222d7416b8c44dd9d36b
Opcode Fuzzy Hash: e694af786cca3f5a4131b70537d5e5e29fc684f12ab268dfd66c1fe7c6c7b8ee
Instruction Fuzzy Hash: B4316D71A10204ABCB24CF69D8C5A5B7BF4FF8D340F458469F918DF249D270E945CBA4

Function 0199EB20 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7bca1ed49dd6299c1e42bffd77e57402e8a09582095f9334a8f64791d0b634d
Instruction ID: 2dd375160a15e3983703da52e1b4c65df705b2e9b132cca56039c78ab68fa1a3
Opcode Fuzzy Hash: d7bca1ed49dd6299c1e42bffd77e57402e8a09582095f9334a8f64791d0b634d
Instruction Fuzzy Hash: FD318476E00219AFDB21DFAEC840EAEBBF9EF44750F118465E51ED7250D7709E019BA0

Function 01A360B8 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6ded1ba8d49a0389282af507f61d18a50065a527ca17354d00293915895bc0a
Instruction ID: 864360bec1c8b76a21578602da0959e46921f38d3723f3446ec0b27176be4d03
Opcode Fuzzy Hash: a6ded1ba8d49a0389282af507f61d18a50065a527ca17354d00293915895bc0a
Instruction Fuzzy Hash: C631D171A00716BBDB22AFA9C850B6AB7F9AF84754F144069F50DEB352DB70DE018B90

Function 019707AF Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4ebaa1f271c82aa97e6f18b4d7459213c4d90397f677531a20abb87e361204c
Instruction ID: 67e223753e3a72acc30ad54034a0914c1c3af43eb6a6e63013f439c636288e2e
Opcode Fuzzy Hash: c4ebaa1f271c82aa97e6f18b4d7459213c4d90397f677531a20abb87e361204c
Instruction Fuzzy Hash: 6331E372E04716DBC712DE68C880EABBBA9AFD5650F09492DFD5E97310DA31DC0187E2

Function 01978550 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ec506d686d9d2704ac13ccd31be3f8b7e71d6afb5a9ce71cfd3f91c93866753
Instruction ID: e96a8b9af90a507924183010e204a68751443a862a6693b4b9ddceee2a35e337
Opcode Fuzzy Hash: 9ec506d686d9d2704ac13ccd31be3f8b7e71d6afb5a9ce71cfd3f91c93866753
Instruction Fuzzy Hash: 2C316F716093019FE720CF19C944B2AFBE9FF98710F1589AEE98897351D771E844CB92

Function 019AA6C7 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
Instruction ID: aeaee438c683ae75242a967d5821435f286c7a67f56081576ea60c9ef21c3ecb
Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
Instruction Fuzzy Hash: 45312AB2B00B01AFE761CF69CE40B57BBF8BB58A50F44492DA59EC3651E630E904CB60

Function 01A1EBD0 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72e3f32a99741a62d81eea16e9e9e17551e693c756fd84dfb8c9daeaf3cca04f
Instruction ID: cf83d750f4029b9be664c1e9fb75247ad4af285d0faf6f62d9215f28a1a236b6
Opcode Fuzzy Hash: 72e3f32a99741a62d81eea16e9e9e17551e693c756fd84dfb8c9daeaf3cca04f
Instruction Fuzzy Hash: 1A31B8B1509302DFCB12EF19C94086ABBF5FF89614F0449AEE8889B215D330D985CBD2

Function 0199438F Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9819ba0ae4e9a8baa0f93f3d128dc436e788b679320df4711dac5640b99300f8
Instruction ID: a8ec32568de04f5beb38d8fa7ed6fddb4afd354b335f4528c259055980572e30
Opcode Fuzzy Hash: 9819ba0ae4e9a8baa0f93f3d128dc436e788b679320df4711dac5640b99300f8
Instruction Fuzzy Hash: BE31D631B002069FDB21EFBCCA81A6EB7F9AB94744F008529D54ED7254D730E946CB91

Function 0196CB7E Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
Instruction ID: ff56b26d28b164fa0ec7ac53e27b4026da11e35ce1255cd499dd0e2624433833
Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
Instruction Fuzzy Hash: 3F212B32E0025FAADB11DBB98810BAFBBB9AF54740F058435AE99E7340E274DD00C7A1

Function 0196C156 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c4fd041d9a926f313d0043c62e24d95bc967edb481dc238a3252cb33c68da82
Instruction ID: 71e46e28e7fecc3394874f67c2cc47f06203162bed8714ef0a13a7f561d29a19
Opcode Fuzzy Hash: 7c4fd041d9a926f313d0043c62e24d95bc967edb481dc238a3252cb33c68da82
Instruction Fuzzy Hash: 463127B55002018BD721AF68CC41BA977F8BF90714F5481BDD9CE9B382EA34D986CBE1

Function 01A2C3CD Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
Instruction ID: 873a77ecab664a0cf50cf3baa23c792602e34eff8d75f9cc7f0acf38a0e4204d
Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
Instruction Fuzzy Hash: 8C21303AA0066676DB15AB99CD04EBFBBB5EF90720F80841AFA9587553E634D940C3A0

Function 0196E420 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aadd521009af0673254d40dc76047fa37494a93f7fca60549b9ed5a4c5e0b1c7
Instruction ID: 6a992a9b636df5ead9fe2b744eb94c596d5e51cc8852aebead8977039b4179c3
Opcode Fuzzy Hash: aadd521009af0673254d40dc76047fa37494a93f7fca60549b9ed5a4c5e0b1c7
Instruction Fuzzy Hash: A431C535A4152C9BDB31DF28CD41FEE77BDEB55B40F0105A1E64DA7290D674AE808FA0

Function 019A4588 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
Instruction ID: d645da8310fb64a80c748c03c9d901c3a2bbbc57755da76ffda8b85b75a5d29d
Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
Instruction Fuzzy Hash: 15218371A00609EFCB15CF58C984A8EBBB9FF48714F548065EE199F241D6B1EE09CB90

Function 019A44B0 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28228597d89fc64cbcb32755096b543f7874be13d8c30371ae065f2a767636ce
Instruction ID: 822f8bed4bad3aeab185797335c311250829daaec37747c81f299e09b026eb63
Opcode Fuzzy Hash: 28228597d89fc64cbcb32755096b543f7874be13d8c30371ae065f2a767636ce
Instruction Fuzzy Hash: 5621D1726047459BCB22DF18C880F6BB7E8FB88721F444929FD8C9B641D770E9058BE2

Function 0196E388 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
Instruction ID: 802404ca6c9865975b6e22dedbd87fbd682d426790d201eac14ea8f84586f5ee
Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
Instruction Fuzzy Hash: DA31AB35600605EFD721CF68C984F6AB7F9FF85754F1049A9E55A8B280E730EE02CB60

Function 01A403E6 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7da033b42ae2fe728f526ab8b478068a0eb64952981d040d8cd05713494b8023
Instruction ID: 4ff28dacd0bf745d3dbf31c8f3a3cef88a34de6b86589a4d003d889f5c7a4309
Opcode Fuzzy Hash: 7da033b42ae2fe728f526ab8b478068a0eb64952981d040d8cd05713494b8023
Instruction Fuzzy Hash: 66316F75A00119AFCB18CBA4C994A9FBBB9FB8C214F114129FA06E3201DB30AD05DBA0

Function 019EE609 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48589c7cbb5f7bc558428831e9c49d21aac4c818a73e6b62426539c62be8eba6
Instruction ID: 6157de2b44dc97e17a92268d52613696e209a2679c52b08d99766a85fccce8b2
Opcode Fuzzy Hash: 48589c7cbb5f7bc558428831e9c49d21aac4c818a73e6b62426539c62be8eba6
Instruction Fuzzy Hash: 18317E79600206AFCB16CF18C4889AE77F9FF84704B154459F80D9B395E731EA50CF94

Function 01A40591 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: caba8cebc52b4b4d73d13a8bbd19000ec7fd4d0d5ab70a1a3ee99fcaeb56d383
Instruction ID: a66e4a140b799cbf808f5841abfdb661e9b2245ade76ae0c96665331a6c561b1
Opcode Fuzzy Hash: caba8cebc52b4b4d73d13a8bbd19000ec7fd4d0d5ab70a1a3ee99fcaeb56d383
Instruction Fuzzy Hash: 4421A0326102058FD728CF29DA80AA6B7B2EFD4310F658438EA55DB286D774F845D790

Function 019F06F1 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dcb78ddd50f1b196909acb2e66dd4d5098bae58514223ea3b71d2fd890dbc3c
Instruction ID: 11da2242e2c311f8c6252730202f4f716a40eca3f29673e01228c4b0e7c0f6e2
Opcode Fuzzy Hash: 6dcb78ddd50f1b196909acb2e66dd4d5098bae58514223ea3b71d2fd890dbc3c
Instruction Fuzzy Hash: 4F219F75A00229EBCF21DF59C881ABEB7F9FF48740B550069F945EB251D738AD42CBA0

Function 019F019F Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8b33f8078cd0433493ac9a4de04c3502ce2796726e0532f6f7ffe5f4422209a
Instruction ID: f2158d6bfeeb5c9b8b519cd6f16ddb5690384191a4e3547ff18dac201f27b83e
Opcode Fuzzy Hash: c8b33f8078cd0433493ac9a4de04c3502ce2796726e0532f6f7ffe5f4422209a
Instruction Fuzzy Hash: CC218B75A00645BBD715DB6DC980E6AB7ACFF98740F180069FA08D76A1D634ED40CB64

Function 019F0283 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 010cb93e3240146c2670577944e2cccc199fd4602a633ed1c0c1a12070ff5527
Instruction ID: 3f4948cddee22854b571d125c0429b0ea52b3a643f11317dd9be574e5abd7077
Opcode Fuzzy Hash: 010cb93e3240146c2670577944e2cccc199fd4602a633ed1c0c1a12070ff5527
Instruction Fuzzy Hash: E321B072904246ABD721EF5EC944FABBBDDEF90644F0C045ABE8887262D770D905C7A1

Function 01992835 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 702e726b21035af6cd9b258429e6d205a26acb09d9f3fb1ee70cf775259927e7
Instruction ID: 7fc1fef5ab947efc05868e7fdab48b573eb78d3f7ddcd05901924378605d6056
Opcode Fuzzy Hash: 702e726b21035af6cd9b258429e6d205a26acb09d9f3fb1ee70cf775259927e7
Instruction Fuzzy Hash: 3F21DE31745681ABE722976D8C08F147B9DBF41B75F1903A4FA2C9F6D2D768D801C251

Function 01A401AA Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ebaa7184d57bdb5e9fcd3dde0a8e794eb38973a25d1cfccb561ebd6607b392d
Instruction ID: 6c0f70ee5f597d887df86216f1ad94ab1e1bd724c3476c198647d9864fa88d51
Opcode Fuzzy Hash: 1ebaa7184d57bdb5e9fcd3dde0a8e794eb38973a25d1cfccb561ebd6607b392d
Instruction Fuzzy Hash: 1B21E4612142604FD705CF2AA8B48B6BFE9EFCA52570981E6E985CB743C534D80AC7A0

Function 019AA30B Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc9ccfa3808ead07cd40541e0e62ff58de87be293ccd65d6535f211149383f32
Instruction ID: 06ee8808a4abb03bf312ade134aab6dda5085dcccc0b6d9b9ca475f1aad67c63
Opcode Fuzzy Hash: cc9ccfa3808ead07cd40541e0e62ff58de87be293ccd65d6535f211149383f32
Instruction Fuzzy Hash: C821A979200A01AFC726DF29CC00B56B7F9FF58B04F248468A50DCBB62E731E846CB94

Function 01A2A49A Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28ba4143f2f33aba4afc0b330b54e0a1ee19ca07a9fa78947d38e8061691509f
Instruction ID: 1e71a18b15991b24728dd53b2154fef191f45510c6646d392212e32625b9561d
Opcode Fuzzy Hash: 28ba4143f2f33aba4afc0b330b54e0a1ee19ca07a9fa78947d38e8061691509f
Instruction Fuzzy Hash: 52112972380A21BFE322566DDC41F27B699EFD4B60F150028FB08CB691EB70EC018795

Function 019F0946 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aed0e02e93c281cc7731be98719fce7255c9a14163315f1980b5501d1b5d933a
Instruction ID: 5dc326295a24e79711a8eeff17aaf065965ae5ae35726e68f1f6b1291acfd323
Opcode Fuzzy Hash: aed0e02e93c281cc7731be98719fce7255c9a14163315f1980b5501d1b5d933a
Instruction Fuzzy Hash: 852116B1E10209ABCB20DFAAD8809AEFBF9FF98610F10012EE519A7250D6709941CB64

Function 01A080A8 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
Instruction ID: e726c1f7bfecd94655099f73cd6bf3a98452f1fa9268a15778767ff36a6f8a7c
Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
Instruction Fuzzy Hash: 87216A72E00209EFDB129F98DC40BAEBBBAEF88310F204419F945A7291D738D9518B54

Function 01A3EE26 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aecfa49fac9930243def966521c60a60236a252e2729a25fca0885f82e148710
Instruction ID: 322280b76f20b06cf688e28c0282412ca61d735f1b7978388c803ebfe40e3daa
Opcode Fuzzy Hash: aecfa49fac9930243def966521c60a60236a252e2729a25fca0885f82e148710
Instruction Fuzzy Hash: D921B133A10911AF9B18CF3DC81456BF7E6EFCD31436A427AE912DB2A4D770B9118784

Function 019A0124 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
Instruction ID: a49be8b97f535ae5a631ab7b2971e905e4f6641cd6017bff7b85df856c3e0c69
Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
Instruction Fuzzy Hash: EB11BF72601609BFE7229F98CC81F9ABBBCEB81754F144429F6099B190D671ED48CBA0

Function 01978770 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bebdfec1cd6ab592c5c7b8b4b9c657d6cd9549e766fdfc40ce2701630c567de3
Instruction ID: 18a05375e411675b3254bda0db3b06f2f4b43a0238a3127a63caf8a7044c9245
Opcode Fuzzy Hash: bebdfec1cd6ab592c5c7b8b4b9c657d6cd9549e766fdfc40ce2701630c567de3
Instruction Fuzzy Hash: 9E11BF717006519BDB11CF5DC4C4A66FBEDAF8AB11B19806DEE0D9F205D6B2D9018790

Function 019AAAEE Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
Instruction ID: ddd13a85a322d6b3d55e15db44bb2e9ac8a5dcea6eee7910dc63d48d75bfebb2
Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
Instruction Fuzzy Hash: 51218B72600641DFDB329F49C944E66FBEAEB94B11F55883DE94E87A20C730ED05CB80

Function 019780E9 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c643c96a72a0394d6586df6bdc0e3e52f2e61e8c3c3e5bb42d62f341afd8c6bd
Instruction ID: 32933185eb08bc3925a3528be2f085b3bb13c624fe8b38129eb3a542347376c9
Opcode Fuzzy Hash: c643c96a72a0394d6586df6bdc0e3e52f2e61e8c3c3e5bb42d62f341afd8c6bd
Instruction Fuzzy Hash: F0219D35A00206DFCB14CF98D580AAEBBB9FF88318F20856DD109AB351CB71AD06CBD0

Function 019A674D Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86860b48258ff21d2d17f58831b8169d7999eb66671b3c69e7d23080a77295ba
Instruction ID: e08c85556ac683a64c49ff498943e7596055fae0fb94e6def6f901a20ae1413a
Opcode Fuzzy Hash: 86860b48258ff21d2d17f58831b8169d7999eb66671b3c69e7d23080a77295ba
Instruction Fuzzy Hash: 71218C75610B01EFD7219F68C880F66B7E8FF84250F88882DE5AEC7250DA70A844CBA0

Function 0199E8C0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 691b978b7fc5dbf26d06965bf5fa9bb84a77660f44208e8018aba31fd840e5e0
Instruction ID: 7022be9ac1fbb60336fb6cc8518096fbf7823e552a926d58b8b6a739af559d64
Opcode Fuzzy Hash: 691b978b7fc5dbf26d06965bf5fa9bb84a77660f44208e8018aba31fd840e5e0
Instruction Fuzzy Hash: 111108727041149BCF19DB2DCC81A6B725AEFD5771B258929D92F8B290E9309C02C290

Function 01A06870 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cb0af3566200580e53ed9d6d5fa30e9c75137e34f53a4f79ccbe6a02b8fd5fb
Instruction ID: 78be7e2a2e6384cb6ce9ad781be010f644129730ef42d28b801fc57ee13e3421
Opcode Fuzzy Hash: 2cb0af3566200580e53ed9d6d5fa30e9c75137e34f53a4f79ccbe6a02b8fd5fb
Instruction Fuzzy Hash: B6110632240504EFD723DB9DDD40F9A77E8EF95B98F014024F209DB2A1DA70E915C790

Function 019A66B0 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbda0a8cfcbafc7b818627ba0cc943de3f40b2a2f4c6504cd304ab083d8594c0
Instruction ID: 7dd6914fd0a5d012dbb63971a4b0682fd9301fa08d502404c1306614135ca008
Opcode Fuzzy Hash: fbda0a8cfcbafc7b818627ba0cc943de3f40b2a2f4c6504cd304ab083d8594c0
Instruction Fuzzy Hash: DB11BC76A113059BCB25DF59C580E5ABFE8AB84610F4A4079D90DAB321E634DD04CBE0

Function 01A3A8E4 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
Instruction ID: 076a10e49d386136abe755651551b7558e650a3f26d15ac04a371b83f2bc3665
Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
Instruction Fuzzy Hash: 9D11B236A00915AFDB19CB58C805B9EBBB5FFC4210F058269F895E7350E675EE51CB80

Function 01970AD0 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
Instruction ID: e44b691a8be0e0b89d4cafc597828ff226c9b9e572c1be22d43f0e10dc0e7b3f
Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
Instruction Fuzzy Hash: 5A2106B5A00B059FD3A0CF29C580B52BBF4FB48B10F10492EE98AC7B50E371E914CB90

Function 019FE7E1 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
Instruction ID: 4866be8628f789cc47d624e5315dcf050368650987bb139a51121a62ccd30c05
Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
Instruction Fuzzy Hash: C9118C32600601FBE721AF48C840B56BBB9EF85769F16842CEB0D9B170DB31DC40DB91

Function 019927ED Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4b64604be5a9010a906a0dc6f6cd6cd603667105b996090213f641fa0e2849a
Instruction ID: 8fd16487ad9bd7b956ad78de609183617af38880d574612db210bd50818fe21e
Opcode Fuzzy Hash: c4b64604be5a9010a906a0dc6f6cd6cd603667105b996090213f641fa0e2849a
Instruction Fuzzy Hash: A1012232705645BBE726A76FD888F277B8CEF807A5F094464F90C8B281DA24DC00C2A2

Function 01974690 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f492a528b58d621a37fc3b66db49c1d6c1c04afc282ad6e93742d9743a7b97a3
Instruction ID: 3be06df4d7cb7c3c04479faa257fd25c5876bad63f1e14705b6121e670659a1e
Opcode Fuzzy Hash: f492a528b58d621a37fc3b66db49c1d6c1c04afc282ad6e93742d9743a7b97a3
Instruction Fuzzy Hash: E311CE36341645AFDB25CF59D980F56BBA8EFC6B65F00452AF91C8B262C370E840CF60

Function 019A6620 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 913d8a0d2228503c46e21c46bd102ba1dc38bdd79cdcbae7bd2dbe3b1b6f23e1
Instruction ID: 44f28ba7ff5c08d7a0118473988b63a7a25227ed88bc203881673df0d709e6e8
Opcode Fuzzy Hash: 913d8a0d2228503c46e21c46bd102ba1dc38bdd79cdcbae7bd2dbe3b1b6f23e1
Instruction Fuzzy Hash: A1118276A00715ABDB21EF59C980B5EFBBCFF84B51F950455DA09A7200D730AD058B90

Function 0199EA2E Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5352ad3b89ed5339a8012652e8b4cd8b3017455ae2a0f158b9740cfbac1b3601
Instruction ID: 532094ddfee30db4bc7602ade84363de105550b60602a35e072fa2a02a3d4f5b
Opcode Fuzzy Hash: 5352ad3b89ed5339a8012652e8b4cd8b3017455ae2a0f158b9740cfbac1b3601
Instruction Fuzzy Hash: 1D01CC75A011099FDB25DF19D404E26BBE9FBE1358F20816AE0088B274CB74EC46CB90

Function 0199E53E Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
Instruction ID: 10a6dbe4ec6c80243f22c685a3c307a8e2de4586197010ac453378a8de1b1bc4
Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
Instruction Fuzzy Hash: B611E5726016C69BEF239B6CD944B253BD8AF40B49F1904A0DE4E87652F728D843C252

Function 019FE75D Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
Instruction ID: 52ee096a9d455e2fe0d28ac53e9b6bcd8792bf672b93f5263c42fb35f522fbfa
Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
Instruction Fuzzy Hash: DC018C32600206BFE7219B58CC00F5ABAADEF85B56F168428EB0D9B270E775DD40CB90

Function 0196A250 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
Instruction ID: 54e53dfe3a34fb5f4935830ad5930ed7f5ed6fff3140e7e18d6829f686b76a90
Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
Instruction Fuzzy Hash: D10126314447219BCB318F19D840A327BECEF55761700892DFC9EAB281C335D400CB70

Function 019EE1D0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 865e5579e93f12d5c5b1ec270b282a2f4c954d2942877fbe83011e46f66fdd48
Instruction ID: 97a99581c1e73c69f0cf2270dccb2f3b3e0afd5ac5fcf68a260bf5dcd671181f
Opcode Fuzzy Hash: 865e5579e93f12d5c5b1ec270b282a2f4c954d2942877fbe83011e46f66fdd48
Instruction Fuzzy Hash: E411AD32641241EFDB16EF19CD80F56BBB8FF94B44F2000A5EA099B661C635ED01CA90

Function 01976259 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ecbfb8f0990883024f89363732a9d042f7697d0c7679e525b875efacc6da27e
Instruction ID: 259b0aca2bab6ad0b65e5ffe65c6608c2d57f910f2e92f3987ecb60f3dd29ce8
Opcode Fuzzy Hash: 1ecbfb8f0990883024f89363732a9d042f7697d0c7679e525b875efacc6da27e
Instruction Fuzzy Hash: AF115A70941229ABEF65EF64CD82FE9B278EF44710F504194A72CA60E0DA70AE81CF84

Function 0197208A Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
Instruction ID: 84384121f9f164bda4629eebf3f210aa789ef08af45c29659086edce882c8ebd
Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
Instruction Fuzzy Hash: 1501F1326102018BEF169B2DD880F92776BBFC4B00F5544A9ED498F246EA71D881C3A0

Function 019F6050 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0f863e2b5b909d94f97fbad2992c0b36b1f980cd0df57f74d7ce03c28deeec7
Instruction ID: bfd609f9b371dfeabd22b2bcc4c47618b04cb67b1dc9348b9edf009fc5d7a63f
Opcode Fuzzy Hash: f0f863e2b5b909d94f97fbad2992c0b36b1f980cd0df57f74d7ce03c28deeec7
Instruction Fuzzy Hash: CE111777900119BBCB12DB95CC84DDFBB7CEF58254F044166EA0AE7211EA34AA19CBE0

Function 01A06500 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a33a7b55c282d53989f0668c85707d3149f8c923d122695667d5b66a3ac863b6
Instruction ID: 2ebb6410b90f67413c698848fbab5316c3f499d755fb68fa84bb63f81e7d1542
Opcode Fuzzy Hash: a33a7b55c282d53989f0668c85707d3149f8c923d122695667d5b66a3ac863b6
Instruction Fuzzy Hash: 3311C8366441459FD712CF68E840BA5B7B5FB9A318F088159E849CF395D732FC45CBA0

Function 019FC810 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f963082c93f7768a56bdfbd5766c3fc42cd746004011408f3f88f498d8636650
Instruction ID: 4c336960bba117d03c8ccc20c6659cea274102538ebbfed72239217b93aad23f
Opcode Fuzzy Hash: f963082c93f7768a56bdfbd5766c3fc42cd746004011408f3f88f498d8636650
Instruction Fuzzy Hash: C811ECB1E00209ABCB04DF99D581A9EB7F8FF58650F10806AE915E7351D674EA018BA4

Function 01A1EA60 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c7e3aac0886fd5011499bf7a99b87efbc5c79f78136ff864b1b07a51aa02181
Instruction ID: 4640c53e5b946b0c6dc0ecd738cb23c21f9658131e6ca024e25b71c8c1bd199c
Opcode Fuzzy Hash: 6c7e3aac0886fd5011499bf7a99b87efbc5c79f78136ff864b1b07a51aa02181
Instruction Fuzzy Hash: F30184325402119BCB33BB298440D76BBFAFF91692F05442EEA495B615CB34DC82CBA1

Function 019B20F0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa4723fd7fe9be9b65086ee405c96c53780e5195d6d4649f2e27e0dc3244f6b1
Instruction ID: d40816e5b12c8ef734f70717c44cad35b3832e303a964843079c160cecd19dd6
Opcode Fuzzy Hash: aa4723fd7fe9be9b65086ee405c96c53780e5195d6d4649f2e27e0dc3244f6b1
Instruction Fuzzy Hash: D9116D35A0020DABCB05EF64C991EAE7BB9FB85640F004059F91A97250D635EE11CB90

Function 0196C020 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
Instruction ID: 0f42df76ad07e1d6b71cb8ea57b41fb80d1a162e231efda1649a6ba2c87d63f6
Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
Instruction Fuzzy Hash: 6A01DD321007459FEF229AA9C540F6777EDFFD5650F44482DA58D87540DA74F502C7A1

Function 019AE5CF Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d65b6fc8dd172ba84300fba1d82750c17d7a2ed0a327ac759b3687914b1c92b1
Instruction ID: 5e1144078c735aab8c523ab9e94b6f23fb1eb8def5296bdf8c55154386ca55b6
Opcode Fuzzy Hash: d65b6fc8dd172ba84300fba1d82750c17d7a2ed0a327ac759b3687914b1c92b1
Instruction Fuzzy Hash: 3A0184B16415417BD711BB7DCD44E57B7ECFBD4A547000629B50D93651DB24EC01C6F0

Function 01A069C0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fc437b88ec301c111cf112e5c37d105ee4299b01f04780628f7a4443e46dd7f
Instruction ID: 9b402f96537f5d49dff28ddc0aa6e56f130ac778479e89e17fe8f31af6e4d36c
Opcode Fuzzy Hash: 8fc437b88ec301c111cf112e5c37d105ee4299b01f04780628f7a4443e46dd7f
Instruction Fuzzy Hash: 9A01FC322142029BD321EF6ED8889A7BBB8FF98764F114129E95D871C0E7309951C7D1

Function 019FC460 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9bfbcd9c50b5c957bb36c9d60f7b8bdbb975be07f85e8e6ccb9c1c61d8fe065
Instruction ID: e715e78fb6f716e740e7760babde6d695cfcb39434f7625fc55b00e9269243ab
Opcode Fuzzy Hash: e9bfbcd9c50b5c957bb36c9d60f7b8bdbb975be07f85e8e6ccb9c1c61d8fe065
Instruction Fuzzy Hash: 4F115B75A0020DABDB15EF68C840EAE7BB9FB88640F008059FE0597350DA35EA11DB90

Function 019FC97C Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d7ef5c882ea5b29995fcbbc65b49a391e943d4043cc74da81399bd9b08ad831
Instruction ID: 8771625569d7a4b88c8ff37eb27c47f877c88a80d8523b581336c93d0817ed72
Opcode Fuzzy Hash: 6d7ef5c882ea5b29995fcbbc65b49a391e943d4043cc74da81399bd9b08ad831
Instruction Fuzzy Hash: 4F115E716143099FC700DF69D54199BBBE4FF98710F00851EFA98D7351D630E901CBA6

Function 01A44A80 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
Instruction ID: 10d43f0cc55d3ca9d33cc8e3441598fd350668d55bec3234e52e860bd43f5ca9
Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
Instruction Fuzzy Hash: 8001FC32200A019FD721DB5DD844F57B7E6FFC9710F044829E6428B650DE70F841C754

Function 019FCA11 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 543d7770c7cf4e82e1fdfded40ec720fdda38dadd55225dcedc8fb094ece7370
Instruction ID: f507a2ccc1c13de8487e290e5331c0aaea584fee0518a140cb754d7097b1cf71
Opcode Fuzzy Hash: 543d7770c7cf4e82e1fdfded40ec720fdda38dadd55225dcedc8fb094ece7370
Instruction Fuzzy Hash: EF118BB16083099FC300DF69C44198BBBE8FF99750F00891EFA58D73A0E630E900CBA2

Function 0198E016 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
Instruction ID: e3ab70bafca9d7be83c1b60de54977fa7dc3f344bba76111cd05fa4c5956d4c3
Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
Instruction Fuzzy Hash: 38017C322045809FE322AB1DC958F367BDCEB85B58F0908A9F94DCB692D768DC41C622

Function 0196826B Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ab8b9db6416d2b6738b4835ea3c070e2f2b391ebb7117f18413be57e3b0c63b
Instruction ID: 6610312b6debba99e26f6969746d3348123533f60bc563bd90f4204dd63b3c3a
Opcode Fuzzy Hash: 0ab8b9db6416d2b6738b4835ea3c070e2f2b391ebb7117f18413be57e3b0c63b
Instruction Fuzzy Hash: 5F01A231700709EBDB14EB6AD8459AEBBADFF90650B154029DA0EA7640DE70DD02C7A1

Function 01A1EB50 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 97604b345c8ca74147f7c04ad48451b39567fcf7385055c1c1e525753ee9bf79
Instruction ID: f24c826fd16b65664f18c21d8552a94c43b2cf682264b5963b2bfb320bce1319
Opcode Fuzzy Hash: 97604b345c8ca74147f7c04ad48451b39567fcf7385055c1c1e525753ee9bf79
Instruction Fuzzy Hash: 0B01A271284701AFD3329B19D940F42BAA8FF95B90F05482AF60A9F3A4D6B4A841CB64

Function 01972582 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3619cb4591d3eaacad83e92c2a460429c3c78fd4eebbc93df37465d74452e2a8
Instruction ID: 391e3ce1ca7bae79e9307fa44bf85a53f46772f6ee68756ab888ab752ea78efa
Opcode Fuzzy Hash: 3619cb4591d3eaacad83e92c2a460429c3c78fd4eebbc93df37465d74452e2a8
Instruction Fuzzy Hash: A4F0F432A51B21B7C731DB5A8C40F07BAAEFFC4F90F014029A60A97640CA30ED01CAA0

Function 0199C073 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
Instruction ID: 217972a8a78e454a174d9f301826f283d0c18968669df599a073c3de59b19250
Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
Instruction Fuzzy Hash: 7AF0C2B2A00611ABE724CF4DDC40E57FBEEDBD1A80F058128A609C7220EA31ED04CB90

Function 0196C310 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
Instruction ID: eabc2e142b393073f6ed145dc277834a2a218007060657a4d66a5a889ae8a92b
Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
Instruction Fuzzy Hash: 6FF0F673204A23ABDB3256594840F2BBA9D8FD1AA4F1A4036F28D9B204CA649D0296F1

Function 019ACA6F Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
Instruction ID: 4eece915b29855bc6b1b6e7629d9ce82d6033647aef4ae13d4091249332dc1ca
Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
Instruction Fuzzy Hash: 1F01F9322006859BD733975EC809F69BBDCEF81B50F084465FA0C8F6A1E774D900C350

Function 01A461E5 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56cba713f8cbc0fc388d0406ea81bbd441c6140180dc7870c68367359fd947b8
Instruction ID: 90751c7974fece387802c1e320ac57a3892fe552b4f33cfc0e3ef9457e5dfbbe
Opcode Fuzzy Hash: 56cba713f8cbc0fc388d0406ea81bbd441c6140180dc7870c68367359fd947b8
Instruction Fuzzy Hash: FB018F71E00249EBCB00DFA9D541AEEBBF8BF98710F14005AE505E7280D734EA01CBA4

Function 019F63C0 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
Instruction ID: 07295c3a2019def5fad53ae5aa59af98d0015005f1ef6c9fd55cd88cc42089bd
Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
Instruction Fuzzy Hash: 66F0127210011DBFEF019F95DD80DAF7B7DEB956D8B104125FA1592160D631DD21A7A0

Function 019FA4B0 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e6fad14b9c135956f0c4c2173797e236d640fa515e6fedde7ccef2c9875b98f
Instruction ID: 01b3016fbafa6fb182a7971d05ee8653bfad272e3324f8f6329d82e189f7f02e
Opcode Fuzzy Hash: 3e6fad14b9c135956f0c4c2173797e236d640fa515e6fedde7ccef2c9875b98f
Instruction Fuzzy Hash: 9D019736100209ABCF129F84DC44EDE3FAAFB4C7A4F068105FE1866260C732D971EB81

Function 0196C0F0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 253e49b7c0ece9f0814686261e7901003c959eb82e32b2166b087572ad3630d7
Instruction ID: da7fa1bbd5572fc5d7d2158b8755887d62bfbad734b7a0df3e9ad6ddfe922261
Opcode Fuzzy Hash: 253e49b7c0ece9f0814686261e7901003c959eb82e32b2166b087572ad3630d7
Instruction Fuzzy Hash: 22F0F0712043459BF21496598C01F32729EFBC0752F26802AFB4D8F681EA70E84182A4

Function 019A656A Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 453e8d5768bc6b6740991cd6363acacb08a7cb1414ec0c90c738561f74be1967
Instruction ID: a995b99353ba7931518d07ebf8bbed86c7c16939efb32ea87e6fa41bf363014e
Opcode Fuzzy Hash: 453e8d5768bc6b6740991cd6363acacb08a7cb1414ec0c90c738561f74be1967
Instruction Fuzzy Hash: 86018170600681DBE7239B2CCE48F2537E8BB91B44F881590FA49CBAE6D768D405C610

Function 01A1437C Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
Instruction ID: de201a7e07b5966d2f3d740f84911a1983a3f530bec711a411da07b7e0044c55
Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
Instruction Fuzzy Hash: 35F02E31345E1347FB36AB2D8420B2FB6559FD4F90B19052E9606CB684DF20DC00D7D0

Function 019FC89D Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34b50c989348ed263523491445b40217c4e9c7f89ad5c226f3ad6f565e6c646b
Instruction ID: d61f1790f1793a7cadba96d212dc006ab7c8accd949314f16c5f68371278106e
Opcode Fuzzy Hash: 34b50c989348ed263523491445b40217c4e9c7f89ad5c226f3ad6f565e6c646b
Instruction Fuzzy Hash: 2BF0C2706053089FC314EF68C542E1BB7E4FF98710F40865EB998DB390E634EA01CB96

Function 019FE872 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
Instruction ID: 51bdac4e61a2482938eff18943618284d7c78c6918dc6159002f7e168c705c98
Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
Instruction Fuzzy Hash: 99F05472B11511BBD321AA4DCC80F16B76DAFD5A60F1A0469AB0C9B270C760EC0187D1

Function 019A0854 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
Instruction ID: f80da56a3b5c772ae4c6357e94266c6e86cddda225877d34c282fb612a1cedc1
Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
Instruction Fuzzy Hash: A8F0B472610204AFE714DB25CC05F56B6EDFF98340F198478A549D71A0FAB1ED05C699

Function 019FC912 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a69b0b4e9f8a78f35a3c59b3c89ba2b99563075d1cac2b7b3bbcabf341855f51
Instruction ID: 30616252ddf64968468ccdcb3fd3779e70d618ec5809bf5b0619575ee8b7c19f
Opcode Fuzzy Hash: a69b0b4e9f8a78f35a3c59b3c89ba2b99563075d1cac2b7b3bbcabf341855f51
Instruction Fuzzy Hash: 92F0AF70A0020DEFCB04EF69C551E9EB7F4EF58300F008069A909EB385DA34EA01CB50

Function 019747FB Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b594fb95c941d6098b3141fec05486c93ea1246fca21c867463ccdfbb59bd39
Instruction ID: 388bfb7c8cb48f84f90317649fd42d19a14333099f35f496dbfb54f9191eb093
Opcode Fuzzy Hash: 4b594fb95c941d6098b3141fec05486c93ea1246fca21c867463ccdfbb59bd39
Instruction Fuzzy Hash: 49F0BE719167E99FE732DB6CC444FE5BBDC9F02622F08896AD59D87503C734D880CA52

Function 01A30115 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ab37a2a3894ac7bc84a11fe16f8d71324723db1284f88f9482807b5db998552
Instruction ID: 184d748542d851688ba54c47b14b392a42811d61fe46705ee79a6b302fee904c
Opcode Fuzzy Hash: 9ab37a2a3894ac7bc84a11fe16f8d71324723db1284f88f9482807b5db998552
Instruction Fuzzy Hash: 9FF0202B41A7901ADF366B2C7BA03D16F68A782510F091089FCA8A721AC5748883C320

Function 019AC5ED Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78880d712d7273b951d0fc47c377c971480ad834122fe2aebb96b0d4eb7b4630
Instruction ID: 6a955e85739e74fc2d81c708b36298da208d13a9c37b0d4bfe86da934a3634a0
Opcode Fuzzy Hash: 78880d712d7273b951d0fc47c377c971480ad834122fe2aebb96b0d4eb7b4630
Instruction Fuzzy Hash: 58F0E2B19116979FE332D71CC148F55BBDCAB447A2F8A9825D40E8F612C260F888CAD0

Function 019B2619 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
Instruction ID: 10a99af8a92f6f9888af9b8395243ab987ef9dcc49652e0bc24c8e97daf741f3
Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
Instruction Fuzzy Hash: 00E0D8723006016BE712AF59CDC4F87776EDFD2B10F05007AB6085F292CAE2EC0982A4

Function 01A06030 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
Instruction ID: 00ac95d2cde37c58738621f68ba14e48e93c3fa474a5d36a6783e15eb0c634f5
Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
Instruction Fuzzy Hash: 8DF03072544204AFE322DF09E984F92B7F8EB45379F46C025E60D9B5A1D37AEC50CBA4

Function 01970710 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
Instruction ID: f8977ed705aae78a0e5e4776cea7ef29ecc7ed267db6f883e0cb783b16c5af28
Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
Instruction Fuzzy Hash: 7AF0E5392043859BDB16DF1AD440AA5BFA8FF46750F040458F84A8B301D731EA81CB51

Function 019A49D0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
Instruction ID: 1b94e704949699e6afda7e43e161b31a3343d21a60db63e5ef664b1f1f2935fb
Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
Instruction Fuzzy Hash: A2E0D832244145ABD3212A59C810F6677A9DBD07A1F9A0429E20DDB150DBF0DC44C7D8

Function 01A1678E Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
Instruction ID: ceb838738d7b33c896ce616c723c728754f4187dc838c99db075df37880e1bd1
Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
Instruction Fuzzy Hash: BCE0DF32A01110BBEB21AB99CD05F9ABEACDB90EA0F050054B609E70E4E5B0EE04C6D0

Function 019725E0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 5d3877477ef41ac7d77b134c4fedb2cb5106369c0623ae102b60fddaee979e4f
Instruction ID: 438166b113e183f8efb301df8e0e20ee1468b0c2ad553964b58e590076680648
Opcode Fuzzy Hash: 5d3877477ef41ac7d77b134c4fedb2cb5106369c0623ae102b60fddaee979e4f
Instruction Fuzzy Hash: 19E092721109549BC722BF29DD01F8A779AEFA0760F014525F119571A0CA30AD10C784

Function 01A2A456 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
Instruction ID: d75071042eb575dafb6d845849950ab1d1b37b6a464f16d9630cbdafbbd42245
Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
Instruction Fuzzy Hash: ABE0ED31011661DFEB366B2AD948B52BAE5AF90711F148829E19A168B1C775D881CA40

Function 019F4000 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
Instruction ID: 01f050086522e08821e75038a8687240fa6f86b474d9b9c7dbf7b99b8ab56642
Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
Instruction Fuzzy Hash: B5E0C2343003059FE715CF19C040B637BBABFD5A11F28C078AA488F205EB32E842CB40

Function 019ACA38 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95c64258209c65742f2f9d1f9a1080d5e26a92657b2b620242d409b7ebf8df31
Instruction ID: fec88ea25622dda512ade36ff2a9b9401d13b35e352f1b27276a9a1975a4005c
Opcode Fuzzy Hash: 95c64258209c65742f2f9d1f9a1080d5e26a92657b2b620242d409b7ebf8df31
Instruction Fuzzy Hash: 4BD02B324850217ECF76F128BC14FB33A9D9B80620F064870F10D96021D534DC8582C4

Function 0196823B Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
Instruction ID: 05ca9018219fa3d52d2ef065f9d31205bb33c7cfa0cec0e75c1a11a39750dc26
Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
Instruction Fuzzy Hash: A0E0CD31450720DFDB322F15DD10F5176A9FF94F91F104C29E08D150648770AC81CB54

Function 01972050 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 158e8fcae2282b281bac5536f1191a5b11434ace26574955ace6d1692177e45a
Instruction ID: 7038f0275dbdef6565b655c23d066d430f877bc6831d8329febc58dcd68c0145
Opcode Fuzzy Hash: 158e8fcae2282b281bac5536f1191a5b11434ace26574955ace6d1692177e45a
Instruction Fuzzy Hash: 39E0C2322104506BC311FF5DED00F4A739EEFE4660F004122F158872E0CA60ED01C794

Function 019A8A90 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
Instruction ID: 2223ed9a4e7bfe520bc1158999e48108539d0bf2f37d321876512adb9c471776
Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
Instruction Fuzzy Hash: C2E08633111A1487C728EE58D525B7277A8EF45721F09463EA61747780C534E948C7D4

Function 019C6AA4 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
Instruction ID: 9424f4d5f144d0d2e62c245336b2bfe8e058983e2d4eb6f944fd22f65a08c37d
Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
Instruction Fuzzy Hash: DCD05E36511A50AFC3329F1BEA00C13BBF9FBC4E11705062EA54A83A20C671E806CBA0

Function 019AE59C Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
Instruction ID: 8560d89c011db4220f7e04cbf266c428abcc13ce843a2e07a3a6ada4970c4c2e
Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
Instruction Fuzzy Hash: 4ED0A932A14620ABDB32AA1CFC04FC333E9BB88B21F060459B008C7250C360EC81CA84

Function 019EE908 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
Instruction ID: 6e1220f9e3bfb1ce47e4e664a08e96924bcc6cb67c9befa13f79481eed8dccfc
Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
Instruction Fuzzy Hash: 3BE0EC75A506849BDF17EF59D644F5ABBF9BB94B40F150054A50C5B661C624E900CB40

Function 0196A0E3 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
Instruction ID: b43ca8685e406d5879d561e6263c848443000f3a91f9d321cc5c2db41c7e0b32
Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
Instruction Fuzzy Hash: 06D0223222603093CB2866556800F63790DABC1AD4F0A002C780EA3800C4048C42C2F0

Function 019AA830 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
Instruction ID: 1394e5cff071bebd0c9177a9ce57045ca991f13c050e964ebdc06dd48a1c6bb4
Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
Instruction Fuzzy Hash: 9DD012771E054DBBCB11AF66DC01F957BA9E7A4BA0F444020B908875A0C63AE950D584

Function 019ACA24 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e342c310f8563ff31537e3a59a07ed49e199744521ff2adefc82b291b63a34c
Instruction ID: 5f1fe09dbe02f19f87b679d8be3cbc2d652ab5bf234499a7359c6ec85751d29e
Opcode Fuzzy Hash: 3e342c310f8563ff31537e3a59a07ed49e199744521ff2adefc82b291b63a34c
Instruction Fuzzy Hash: BDD0A739515401CBDF1BDF48C528D3E36B4FB10A41B80006CE70855120F324DC01C640

Function 019802A0 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
Instruction ID: ff970529f8acc682f13e5d09298b0029ff8f148065cd8ba1488bb804e59416f1
Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
Instruction Fuzzy Hash: 93D0C935712E80CFD71BCB1CC5A4F1533A8BB44B85F854890F405CBB62D67CD944CA00

Function 019AC700 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
Instruction ID: 3738947b8e7a48be8a42b5abdf37e76557e4aa45d7eb8c4645cf4230289d8fd7
Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
Instruction Fuzzy Hash: 9EC012322A0648AFC712AA99CD01F027BA9EBA8B40F000021F6088B670C631E920EA84

Function 01990310 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
Instruction ID: 877cc927a8a329dbb2179a7166f93c5a2f11c32cf7c6914c05d63b305803a459
Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
Instruction Fuzzy Hash: 3BD01236100249EFCB01DF45C890D9A772EFBD8710F548019FD19076108A31ED62DA50

Function 01970750 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
Instruction ID: c47500ef7c6eabff617f7780d6300310e27d895b4cbd776735a974f0061a219c
Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
Instruction Fuzzy Hash: 1CC04C757415418FCF15DF1AD294F5577E4F744B41F150890E849CB722E724F901CA11

Function 01A44DAD Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
Instruction ID: dfaa8fd91073e3df881795c7e9e7ad50b782c862fd4ed72fbab8f189aa18fbb5
Opcode Fuzzy Hash: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
Instruction Fuzzy Hash: C8B01232213545DFCB026724CB00B1C32A9BF417C0F0900F0650489830D6188910E501

Function 019B4340 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3a1663122e51471450f0877b9f7c8c54be2e3dba8a844d6474d09703237463e
Instruction ID: 95cb35298ceecb014cdd9338552a4696a2e44fead96e3383f85ebc9899e88fff
Opcode Fuzzy Hash: a3a1663122e51471450f0877b9f7c8c54be2e3dba8a844d6474d09703237463e
Instruction Fuzzy Hash: 08900231605900129140715D48885468049A7E0701B55C015E0864554CCA158A565362

Function 019B4650 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 341a50457c6cc3545ede8ec2bf4b73bebe80afb6ccf416dedd5f8f8cec0db43a
Instruction ID: 63595d7cd78100c7b308decb5feb4dd67cb73fc272210f196e99a5b392148aec
Opcode Fuzzy Hash: 341a50457c6cc3545ede8ec2bf4b73bebe80afb6ccf416dedd5f8f8cec0db43a
Instruction Fuzzy Hash: AE900261601600424140715D4808406A049A7E1701395C119A0994560CC6198955936A

Function 019B2B80 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca418cfcf3c29a8339642d8cca4ccdc2798923d3ef4587e34d4f80c711b435cc
Instruction ID: cee0129f1b3bb350c7036a3c4c6510428309dabf6768d579bb3440e3ada2ea69
Opcode Fuzzy Hash: ca418cfcf3c29a8339642d8cca4ccdc2798923d3ef4587e34d4f80c711b435cc
Instruction Fuzzy Hash: CB90023120150802D104715D4808686404997D0701F55C015A6464655ED66689917232

Function 019B2BA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 401fc4c4b80e2afbc64d50429308d211b5df3699b3b28facf617f4e3e848f1b1
Instruction ID: eff29237300c237908f1fb27dffb3e896397e68d23010d5e7c1e759ba56101cc
Opcode Fuzzy Hash: 401fc4c4b80e2afbc64d50429308d211b5df3699b3b28facf617f4e3e848f1b1
Instruction Fuzzy Hash: 1A90023160550802D150715D4418746404997D0701F55C015A0464654DC7568B5577A2

Function 019B2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f6078a81e48d0a9c10668b9903883b17f79781e21d2d2716bfa451ba9fadf13
Instruction ID: 97bc19290bf56248abdf55632e99e561b9ce35ded7d9b982bc9139883f9165f5
Opcode Fuzzy Hash: 1f6078a81e48d0a9c10668b9903883b17f79781e21d2d2716bfa451ba9fadf13
Instruction Fuzzy Hash: 9590023120150802D180715D440864A404997D1701F95C019A0465654DCA168B5977A2

Function 019B2BE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a11095d35b32d3171387a9081a4a10e66ca75171d92c9b1e6301e6b3bb795482
Instruction ID: c88ad340832de915e33e977c27835fce7bbb76671681200a132eb43c5a8e32b2
Opcode Fuzzy Hash: a11095d35b32d3171387a9081a4a10e66ca75171d92c9b1e6301e6b3bb795482
Instruction Fuzzy Hash: 4290023120554842D140715D4408A46405997D0705F55C015A04A4694DD6268E55B762

Function 019B2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 906aa0c60605b7f294e4f43b2debf10f0ef12686f762c9ca25ec00e8d9a4c629
Instruction ID: 6b07191000d28be99729a8c7e44288fdc0ca5e96bef14866b41de2a9b24c40ae
Opcode Fuzzy Hash: 906aa0c60605b7f294e4f43b2debf10f0ef12686f762c9ca25ec00e8d9a4c629
Instruction Fuzzy Hash: 619002A1201640924500B25D8408B0A854997E0601B55C01AE1494560CC52689519236

Function 019B2AD0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09c91a52b616b8bb9e35744ccca919d3a770b0c94ac256cdfea2379132fd4d42
Instruction ID: f78ef36688d76e58862339da5c84c517e598cbc4fea87ff9d09b94dd6c8a097d
Opcode Fuzzy Hash: 09c91a52b616b8bb9e35744ccca919d3a770b0c94ac256cdfea2379132fd4d42
Instruction Fuzzy Hash: 27900435311500030105F55D070C50740CFD7D5751355C035F1455550CD733CD715333

Function 019B2AF0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4e6628b8af5bffe48e20083476c1afd5b40c3538393aa8cf6b838dde889b937
Instruction ID: 8453c6362d0f14e53577b88ed7daae9dc69222e0b2b44ca924321c37f7e44a33
Opcode Fuzzy Hash: f4e6628b8af5bffe48e20083476c1afd5b40c3538393aa8cf6b838dde889b937
Instruction Fuzzy Hash: C3900225221500020145B55D060850B4489A7D6751395C019F1856590CC62289655322

Function 019B2DB0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6c83549c4898d761ee7b1a0046a31b28e4ef3fa6a95bf5ef03aff9141041cef
Instruction ID: 9ae26954dc0fdbe7d00d347ca592591ec077c4bb6aa89be577203f72783d2d5a
Opcode Fuzzy Hash: e6c83549c4898d761ee7b1a0046a31b28e4ef3fa6a95bf5ef03aff9141041cef
Instruction Fuzzy Hash: DE90023124150402D141715D4408606404DA7D0641F95C016A0864554EC6568B56AB62

Function 019B2DD0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb6ae8f83d8f34427aa9e7ca8e7aed20ce4e8f14b884bd3b455f6b2cadbe6018
Instruction ID: d983a1b8d028dd6576b4093e65cd7d0ce0c38c73a51a0c3ea170c5c0e9510d80
Opcode Fuzzy Hash: eb6ae8f83d8f34427aa9e7ca8e7aed20ce4e8f14b884bd3b455f6b2cadbe6018
Instruction Fuzzy Hash: C3900221242541525545B15D4408507804AA7E0641795C016A1854950CC5279956D722

Function 019B2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf1fd3886caaae09ebe244d64f8edd069345970f60807148ac660fe30226f3f8
Instruction ID: b65bf95bb8d0085ea9674ff729a4ec5c1109426aaab69ed7337f488a08dc2a40
Opcode Fuzzy Hash: bf1fd3886caaae09ebe244d64f8edd069345970f60807148ac660fe30226f3f8
Instruction Fuzzy Hash: 2190022921350002D180715D540C60A404997D1602F95D419A0455558CC91689695322

Function 019B2D00 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e41494b9095b4c0a50ea9fb3ad72fcedd24bc437622d0f840d4d4180701bb25c
Instruction ID: 8aefeb364be236be2e9e9de819e92a74a9c7d9f3c340dff2f7b934a5c519913b
Opcode Fuzzy Hash: e41494b9095b4c0a50ea9fb3ad72fcedd24bc437622d0f840d4d4180701bb25c
Instruction Fuzzy Hash: 2390022120554442D100755D540CA06404997D0605F55D015A14A4595DC6368951A232

Function 019B2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b586b8a951c6bbd0968e9c17ddea796b69f7706a815cc7a9ffe517f2198ab558
Instruction ID: 9503c40cfe47010aad1b81da388e2403d712609fabfe08754fb59236691a763d
Opcode Fuzzy Hash: b586b8a951c6bbd0968e9c17ddea796b69f7706a815cc7a9ffe517f2198ab558
Instruction Fuzzy Hash: 8490022130150003D140715D541C6068049E7E1701F55D015E0854554CD91689565323

Function 019B2CA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: def3fe7b987e7ef4fcf40c35afd17032da265ed96788e7d5888aebf34a3fe433
Instruction ID: cabc04651fc24560531abf1ab511d2edd8ea5fb42d1159100516b91b93acad88
Opcode Fuzzy Hash: def3fe7b987e7ef4fcf40c35afd17032da265ed96788e7d5888aebf34a3fe433
Instruction Fuzzy Hash: F290023120150402D100759D540C646404997E0701F55D015A5464555EC66689916232

Function 019B2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1350e27fccdb3df4d2b171ba901dab06080122d5cb811a6fdc2d3418613f0ef4
Instruction ID: 411b39f734011057f29eebffd64347d4f2261f56013dd6e9a89ee096a2a7d8ec
Opcode Fuzzy Hash: 1350e27fccdb3df4d2b171ba901dab06080122d5cb811a6fdc2d3418613f0ef4
Instruction Fuzzy Hash: D690022160550402D140715D541C706405997D0601F55D015A0464554DC65A8B5567A2

Function 019B2CF0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abd8dc81200c3903cf27c772b3b2322c95d16fc69cc9838bbb89dc99dcc4c060
Instruction ID: 8f2739d2b07f3d7e595066c13fd1b7f872f1a7730375d57ce2bc204bf8e30c71
Opcode Fuzzy Hash: abd8dc81200c3903cf27c772b3b2322c95d16fc69cc9838bbb89dc99dcc4c060
Instruction Fuzzy Hash: 7490043130150403D100715D550C707404DD7D0701F55D415F0C7455CDD757CD517333

Function 019B2C60 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cd7e6daaa6463e1624b0f1e4e5d244d0da98338132e1a841f8fb6b4d2854bbe
Instruction ID: 557f0d1f7d3d5640de78d1ece46e4c5b672788eeed3415c5e4bfb0629b843386
Opcode Fuzzy Hash: 4cd7e6daaa6463e1624b0f1e4e5d244d0da98338132e1a841f8fb6b4d2854bbe
Instruction Fuzzy Hash: E090023120150842D100715D4408B46404997E0701F55C01AA0564654DC616C9517622

Function 019B2F90 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8a8208b497d52248e708af636b2c68bd6359ae6317ee256a9341c74ee8ef3c0
Instruction ID: 367421d6d7184c343c040de7353f481dcc730c63b52f18933fe1b512b96e0791
Opcode Fuzzy Hash: a8a8208b497d52248e708af636b2c68bd6359ae6317ee256a9341c74ee8ef3c0
Instruction Fuzzy Hash: DE90023120190402D100715D481870B404997D0702F55C015A15A4555DC62689516672

Function 019B2FB0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c5ad30f220bca3d152cc9682d8778dee21067abb73dc9c6791705628a2629b8
Instruction ID: 165cd7c46f07416fcd9577525467ce7ed16b58bd9fe3b13a0583f68472a9d4b9
Opcode Fuzzy Hash: 8c5ad30f220bca3d152cc9682d8778dee21067abb73dc9c6791705628a2629b8
Instruction Fuzzy Hash: 3C900221601500424140716D88489068049BBE1611755C125A0DD8550DC55A89655766

Function 019B2FA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 872e72e1304018ecf05201c9538f756db8a9fde9ae74a4361ec394b94aa0af41
Instruction ID: 785891e2e9bb5231b5293245b1943848900839201948ec218a17bf22741072a2
Opcode Fuzzy Hash: 872e72e1304018ecf05201c9538f756db8a9fde9ae74a4361ec394b94aa0af41
Instruction Fuzzy Hash: 8190023120190402D100715D480C747404997D0702F55C015A55A4555EC666C9916632

Function 019B2FE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17394b965e45239545c88efdc29d364c1c14d725f145c331716152fe990f6ebc
Instruction ID: db93809bfe5635a2b533a338371ea48971a4ff29ae768248f8798f15bf78ac9b
Opcode Fuzzy Hash: 17394b965e45239545c88efdc29d364c1c14d725f145c331716152fe990f6ebc
Instruction Fuzzy Hash: 21900221211D0042D200756D4C18B07404997D0703F55C119A0594554CC91689615622

Function 019B2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff0539db6f7b36662747ddba8566cff143cb0c89e027ec7d747a4381688e7d1b
Instruction ID: b9505a9100ea674b2ce718183ac572f9952739c775e003678870d385c053c9d1
Opcode Fuzzy Hash: ff0539db6f7b36662747ddba8566cff143cb0c89e027ec7d747a4381688e7d1b
Instruction Fuzzy Hash: FD90026134150442D100715D4418B064049D7E1701F55C019E14A4554DC61ACD526227

Function 019B2F60 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8937d44765e3deeda8d2fd39beb7df1dbbd6fbe09477a2aefe253a57d3961774
Instruction ID: 472a3d628929d31f82b7c1adaff5950d67f1044e91e5ee62a003c6003fbdb165
Opcode Fuzzy Hash: 8937d44765e3deeda8d2fd39beb7df1dbbd6fbe09477a2aefe253a57d3961774
Instruction Fuzzy Hash: 6490026121150042D104715D4408706408997E1601F55C016A2594554CC52A8D615226

Function 019B2E80 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b1ca738d3ddadb475dd259494ebb5447c35ae9008329e12c175f61ca0351642
Instruction ID: 1e61e3e1f58f7a601627ea3e524b4598c4ffeae93fe9a0c039914e4ad507eeb9
Opcode Fuzzy Hash: 5b1ca738d3ddadb475dd259494ebb5447c35ae9008329e12c175f61ca0351642
Instruction Fuzzy Hash: 2990022160150502D101715D4408616404E97D0641F95C026A1464555ECA268A92A232

Function 019B2EA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98e1ac410ad8c8833f8aab0a661aa8d46d34367c17877ec008c7824817c08b0c
Instruction ID: 890cb72de919d3121e0d463d2f291cef7cfe8a3e25ef599470d5bc152b84bca2
Opcode Fuzzy Hash: 98e1ac410ad8c8833f8aab0a661aa8d46d34367c17877ec008c7824817c08b0c
Instruction Fuzzy Hash: 4B90027120150402D140715D4408746404997D0701F55C015A54A4554EC65A8ED56766

Function 019B2EE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a12fdaa2c124a2acfc85e5f29da7a9ef21a5982dae39bfdf9026fc605855653
Instruction ID: abb79cf1ae1c3cff8aa389fa5d0ba9d1a266bc90270e4fcae82eabfee87760bd
Opcode Fuzzy Hash: 0a12fdaa2c124a2acfc85e5f29da7a9ef21a5982dae39bfdf9026fc605855653
Instruction Fuzzy Hash: DF90026120190403D140755D4808607404997D0702F55C015A24A4555ECA2A8D516236

Function 019B2E30 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87c1a0a030f6425ef38704438285438a228d3d5fff422db85eeb18dc68257927
Instruction ID: edd540067541c99407af4543fc6e46f37abacbe0ac71431754f62713ecb9a6e6
Opcode Fuzzy Hash: 87c1a0a030f6425ef38704438285438a228d3d5fff422db85eeb18dc68257927
Instruction Fuzzy Hash: 6090022130150402D102715D4418606404DD7D1745F95C016E1864555DC6268A53A233

Function 019B3090 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7ed0cb35bde3770ef69b2bb396de03e5b7617549f4c35bbac50e50d29c2101f
Instruction ID: 9c02f12f4d2245d417e7a0e6074ec4fe5a89e4a4719f67ee096a3a80b9910057
Opcode Fuzzy Hash: c7ed0cb35bde3770ef69b2bb396de03e5b7617549f4c35bbac50e50d29c2101f
Instruction Fuzzy Hash: B190022124150802D140715D8418707404AD7D0A01F55C015A0464554DC6178A6567B2

Function 019B3010 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7ec8e810ab0e44b390c33fc2134ad591e3d0211f9a061c487ec8587ce62a1da
Instruction ID: bcdb558a79ed4b87f4fee23f8193ace5028fd14e52e987bbcce80bb4bfec543f
Opcode Fuzzy Hash: f7ec8e810ab0e44b390c33fc2134ad591e3d0211f9a061c487ec8587ce62a1da
Instruction Fuzzy Hash: 0B90022120194442D140725D4808B0F814997E1602F95C01DA4596554CC91689555722

Function 019B39B0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86f97ccc2b8f0fab780f84bf241b82684d0382e326d4f8ae748c73e76a9035a8
Instruction ID: 0d14b9435936b1e97b15bb1cdb07e5db07831db8a9f435c408638d7538927bc4
Opcode Fuzzy Hash: 86f97ccc2b8f0fab780f84bf241b82684d0382e326d4f8ae748c73e76a9035a8
Instruction Fuzzy Hash: 1190022124555102D150715D44086168049B7E0601F55C025A0C54594DC55689556322

Function 019B3D10 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 581f3d87adb1bccc7dc15c554ce112fe37a42a28843f6d7445e5a9679152de31
Instruction ID: f61ba5d5df7345d75d988f3db3e67b27b05d1fd36ca11f7b83232ac5200ecc44
Opcode Fuzzy Hash: 581f3d87adb1bccc7dc15c554ce112fe37a42a28843f6d7445e5a9679152de31
Instruction Fuzzy Hash: 62900231202501429540725D5808A4E814997E1702B95D419A0455554CC91589615322

Function 019B2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction ID: ba91332b74d1f97dde10c0f07bffbb558f37e935c96f2dcc56638f93796da4b6
Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction Fuzzy Hash:

Function 019B2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 019B293C
___swprintf_l.LIBCMT ref: 019B295E
___swprintf_l.LIBCMT ref: 019B29A3
___swprintf_l.LIBCMT ref: 019EA52E

Strings

::%hs%u.%u.%u.%u, xrefs: 019EA527
:%u.%u.%u.%u, xrefs: 019EA5B8
::ffff:0:%u.%u.%u.%u, xrefs: 019EA54E
ffff:, xrefs: 019EA504

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: 7ef88d8d6328fc688e4a770af82d33ab95da7d84fa7524523eb96adf0baf012a
Instruction ID: a9bac4bc08cc7551c0ecca4c0a9a6ebfe81ad3a0913de66d1efb24fdce823949
Opcode Fuzzy Hash: 7ef88d8d6328fc688e4a770af82d33ab95da7d84fa7524523eb96adf0baf012a
Instruction Fuzzy Hash: 1351D4B5A00116BBDB21DB9CCAD09BEFBB8FB48641B148529E4ADD7641D734EE0087E1

Function 01A22410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 01A224A6
___swprintf_l.LIBCMT ref: 01A224E2
___swprintf_l.LIBCMT ref: 01A2257D
___swprintf_l.LIBCMT ref: 01A225A3
___swprintf_l.LIBCMT ref: 01A225C8
___swprintf_l.LIBCMT ref: 01A22608

Strings

::%hs%u.%u.%u.%u, xrefs: 01A2249E
ffff:, xrefs: 01A2247D, 01A2249D
::ffff:0:%u.%u.%u.%u, xrefs: 01A224DA
:%u.%u.%u.%u, xrefs: 01A225FF

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: ddf53cff7231ebc48ac3fc01d69af6fe1c76a5cc126bd97efbeb5b28538927c3
Instruction ID: d7d89232a8899b60d3574827bb0db0c1c407012d94a2ff7ba386bb13eb753e45
Opcode Fuzzy Hash: ddf53cff7231ebc48ac3fc01d69af6fe1c76a5cc126bd97efbeb5b28538927c3
Instruction Fuzzy Hash: FC51F675A00665AFDB31DFADC890A7EB7F8EF44200B04C46AE4DAC7642D674DA40C760

Function 019A7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON

Download Yara Rule

Strings

CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 019E4742
CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 019E46FC
Execute=1, xrefs: 019E4713
CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 019E4655
CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 019E4725
ExecuteOptions, xrefs: 019E46A0
CLIENT(ntdll): Processing section info %ws..., xrefs: 019E4787

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
API String ID: 0-484625025
Opcode ID: 15ebf0b951b98adc4a295015faf5c56babd1ae06721363278058184ca2a3503d
Instruction ID: 9c9f8979c8e7ade625de5133dc3bacd1041f096cecc01bb2e61c6e184ae0fed5
Opcode Fuzzy Hash: 15ebf0b951b98adc4a295015faf5c56babd1ae06721363278058184ca2a3503d
Instruction Fuzzy Hash: AC513A31A002097AEF25EBE8DC86FE977B8AF54304F4400A9D60DA7191D7729A498F91

Function 019BB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 019BB6BF

Strings

+, xrefs: 019BB65A
0, xrefs: 019BB66F
0, xrefs: 019BB695
-, xrefs: 019BB650

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID: __aulldvrm
String ID: +$-$0$0
API String ID: 1302938615-699404926
Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
Instruction ID: 700c65215880cbaf4961815436c19e070f2e83388135442424ba0706eebbe889
Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
Instruction Fuzzy Hash: DE81F370E012499EEF25CE6CCAD0BFEBBB5AF45321F18451AD85BA76C1C7308840CB51

Function 01A220E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 01A2214F
___swprintf_l.LIBCMT ref: 01A22172

Strings

]:%u, xrefs: 01A22169
%%%u, xrefs: 01A22146
[, xrefs: 01A2212B

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID: ___swprintf_l
String ID: %%%u$[$]:%u
API String ID: 48624451-2819853543
Opcode ID: f941e30fa4c6f4049c45dcb448eea0c379e94e0bb58c9889a3351d64555f7638
Instruction ID: 59f996443fb48328ff6a299de756a91f59b46eca36d03563ad46099e3c2316ed
Opcode Fuzzy Hash: f941e30fa4c6f4049c45dcb448eea0c379e94e0bb58c9889a3351d64555f7638
Instruction Fuzzy Hash: 1521357AE00229ABDB11DF7DDD40EEE7BF8EF54654F54011AE949D3201E730DA018BA1

Function 0199F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON

Download Yara Rule

Strings

RTL: Re-Waiting, xrefs: 019E031E
RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 019E02E7
RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 019E02BD

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
API String ID: 0-2474120054
Opcode ID: 435787ab41d36f3f36cd563f9e3ba1d0e26cf47a8b9262dd49124c303e3a2659
Instruction ID: cf9cd34de0daaae21a846712cfb4abd5fa093fac802e933c475f8ae22c1e7873
Opcode Fuzzy Hash: 435787ab41d36f3f36cd563f9e3ba1d0e26cf47a8b9262dd49124c303e3a2659
Instruction Fuzzy Hash: BAE1AE316047419FDB26CF2CC888B6ABBE4BB84314F180A6DF5A9CB2E1D774D945CB52

Function 019AB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 019E728C

Strings

RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 019E7294
RTL: Re-Waiting, xrefs: 019E72C1
RTL: Resource at %p, xrefs: 019E72A3

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
API String ID: 885266447-605551621
Opcode ID: a09d4f90b644f61b41404ca1899d8a98875fd57cb25fc6d2356a6b90f686aa70
Instruction ID: 978789d139f9e707431070dbcf2fdb57cc5946bd1f0d63b09ba0f0d5f2833b52
Opcode Fuzzy Hash: a09d4f90b644f61b41404ca1899d8a98875fd57cb25fc6d2356a6b90f686aa70
Instruction Fuzzy Hash: 8241D231700206ABD726DE69CC41F66BBE5FB94B11F100A19F95EAB340DB21F846C7D2

Function 01A22300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 01A2238D
___swprintf_l.LIBCMT ref: 01A223B3

Strings

%%%u, xrefs: 01A22384
]:%u, xrefs: 01A223AA

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID: ___swprintf_l
String ID: %%%u$]:%u
API String ID: 48624451-3050659472
Opcode ID: b87ea2eb72fe7dcbcb0d03745de956c769ec1094570c5a0e32295ed336f59181
Instruction ID: d4ed2748c86276862b4f9e66cadaca1f6cc480807d6ee2e70180a51e8d7bacdc
Opcode Fuzzy Hash: b87ea2eb72fe7dcbcb0d03745de956c769ec1094570c5a0e32295ed336f59181
Instruction Fuzzy Hash: 58317576A002299FDB20DF2DCD40BEEB7F8EF54610F44455AE949E3240EB30AA459FA1

Function 01979126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON

Download Yara Rule

Strings

@, xrefs: 01979175
$, xrefs: 01979191

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID:
String ID: $$@
API String ID: 0-1194432280
Opcode ID: 84f61255a1f771d228ab551c3a74790650703a3c227fefc7d6149673319262ba
Instruction ID: 75535cb34ecba7f4dc80e0259bd9ec57fe6e982ca89cffd667b6d93ba90f6da6
Opcode Fuzzy Hash: 84f61255a1f771d228ab551c3a74790650703a3c227fefc7d6149673319262ba
Instruction Fuzzy Hash: 6E810A75D002699BDB35DB54CC45BEAB6B8BF48714F0041EAEA1DB7250E7309E85CFA0

Function 019FCEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON

Download Yara Rule

APIs

@_EH4_CallFilterFunc@8.LIBCMT ref: 019FCFBD

Strings

@4Qw@4Qw, xrefs: 019FCFD5, 019FCFDA, 019FCFF1
@, xrefs: 019FCF0A

Memory Dump Source

Source File: 00000000.00000002.1785601892.0000000001940000.00000040.00001000.00020000.00000000.sdmp, Offset: 01940000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1940000_SWIFT.jbxd

Similarity

API ID: CallFilterFunc@8
String ID: @$@4Qw@4Qw
API String ID: 4062629308-2383119779
Opcode ID: ddc6815e162b7c4afef5491a2d02dea2decffdc96938af1d15b4e35382291b58
Instruction ID: 5039b295db67b09387a4b47c02cf91058eb6d00694424a13fb40814b40bdea0e
Opcode Fuzzy Hash: ddc6815e162b7c4afef5491a2d02dea2decffdc96938af1d15b4e35382291b58
Instruction Fuzzy Hash: 04419E75900219EFDB219FA9C840AADFBF8FF95B00F04442EEA19DB265D734D901CB61

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SWIFT.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

E-Banking Fraud

System Summary

Data Obfuscation

Malware Analysis System Evasion

Anti Debugging

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Network Behavior

DNS Answers

Statistics

CPU Usage

Memory Usage

System Behavior

Analysis Process: SWIFT.exePID: 1012, Parent PID: 4084

General

Chronological Activities

Disassembly

Analysis Process: SWIFT.exePID: 1012, Parent PID: 4084COMMON

Execution Graph

Graph

Executed Functions

Function 00F075F3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON

Control-flow Graph

Windows Analysis Report
SWIFT.exe

Function 00F075F3 Relevance: 1.5, APIs: 1, Instructions: 48
libraryloaderCOMMON

Function 00F1C483 Relevance: 1.5, APIs: 1, Instructions: 25
nativeCOMMON

Function 019B2B60 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Function 019B2DF0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Function 019B2C70 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Function 019B35C0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 00F1C7F3 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Function 00F1C7A3 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Function 00F1C843 Relevance: 1.5, APIs: 1, Instructions: 25
COMMON

Function 019B2C0A Relevance: 1.5, APIs: 1, Instructions: 8
libraryCOMMONLIBRARYCODE