Edit tour

Windows Analysis Report
dp687checkversion_amd.exe

Overview

General Information

Sample Name:	dp687checkversion_amd.exe
Analysis ID:	1292937
MD5:	77a352610d3c6916d735673f6b4a4d82
SHA1:	e417db9af675d61ce163f8961ae309b9e97c474c
SHA256:	19094087808f3279ad5c79af7806e896207b39b8951853184e56df44eb278724
Infos:

Detection

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Detected unpacking (overwrites its own PE header)

Detected unpacking (creates a PE file in dynamic memory)

Yara signature match

Sample file is different than original file name gathered from version info

Drops PE files

Tries to load missing DLLs

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query locales information (e.g. system language)

PE file contains sections with non-standard names

Detected potential crypto function

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Sample execution stops while process was sleeping (likely an evasion)

Contains functionality to dynamically determine API calls

Found dropped PE file which has not been started or loaded

Entry point lies outside standard sections

Classification

Process Tree

System is w10x64

dp687checkversion_amd.exe (PID: 7132 cmdline: C:\Users\user\Desktop\dp687checkversion_amd.exe MD5: 77A352610D3C6916D735673F6B4A4D82)

conhost.exe (PID: 7140 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
dp687checkversion_amd.exe	INDICATOR_EXE_Packed_Enigma	Detects executables packed with Enigma	ditekSHen	0x328:$s3: .enigma2

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000000.366391736.0000000140000000.00000002.00000001.01000000.00000003.sdmp	INDICATOR_EXE_Packed_Enigma	Detects executables packed with Enigma	ditekSHen	0x328:$s3: .enigma2
00000000.00000002.368781833.0000000140000000.00000002.00000001.01000000.00000003.sdmp	INDICATOR_EXE_Packed_Enigma	Detects executables packed with Enigma	ditekSHen	0x328:$s3: .enigma2

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.dp687checkversion_amd.exe.140000000.2.raw.unpack	INDICATOR_EXE_Packed_Enigma	Detects executables packed with Enigma	ditekSHen	0x328:$s3: .enigma2
0.0.dp687checkversion_amd.exe.140000000.0.raw.unpack	INDICATOR_EXE_Packed_Enigma	Detects executables packed with Enigma	ditekSHen	0x328:$s3: .enigma2
0.0.dp687checkversion_amd.exe.140000000.0.unpack	INDICATOR_EXE_Packed_Enigma	Detects executables packed with Enigma	ditekSHen	0x328:$s3: .enigma2
0.2.dp687checkversion_amd.exe.140000000.2.unpack	INDICATOR_EXE_Packed_Enigma	Detects executables packed with Enigma	ditekSHen	0x328:$s3: .enigma2

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: dp687checkversion_amd.exe

Virustotal: Detection: 11%

Perma Link

Compliance

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\Desktop\dp687checkversion_amd.exe

Unpacked PE file: 0.2.dp687checkversion_amd.exe.140000000.2.unpack

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Unpacked PE file: 0.2.dp687checkversion_amd.exe.2900000.1.unpack
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Unpacked PE file: 0.2.dp687checkversion_amd.exe.180000000.5.unpack

Source:	Binary string: D:\tool_optional\OperateCardLib_ALL_phase7\Release\OperateCardLib.pdb source: dp687checkversion_amd.exe, 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: 0.pdb> source: dp687checkversion_amd.exe
Source:	Binary string: D:\tool\MFC\TVSU\dp687checkversion\x64\Release\dp687checkversion.pdb)) source: dp687checkversion_amd.exe
Source:	Binary string: 0.pdb source: dp687checkversion_amd.exe
Source:	Binary string: 0.pdb source: dp687checkversion_amd.exe
Source:	Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdb source: dp687checkversion_amd.exe, 00000000.00000002.369620040.00000001802D0000.00000002.00000001.01000000.00000004.sdmp
Source:	Binary string: D:\tool\MFC\TVSU\dp687checkversion\x64\Release\dp687checkversion.pdb source: dp687checkversion_amd.exe
Source:	Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: dp687checkversion_amd.exe, 00000000.00000002.368470033.00000000001CD000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: 0.pdb" source: dp687checkversion_amd.exe
Source:	Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdbGCTL source: dp687checkversion_amd.exe, 00000000.00000002.369620040.00000001802D0000.00000002.00000001.01000000.00000004.sdmp

Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: 0_2_0297A2F0 FindFirstFileExW,		0_2_0297A2F0
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: 0_2_0297A78C FindFirstFileExW,FindNextFileW,FindClose,		0_2_0297A78C

Source: dp687checkversion_amd.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: dp687checkversion_amd.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: dp687checkversion_amd.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: dp687checkversion_amd.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: dp687checkversion_amd.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: dp687checkversion_amd.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: dp687checkversion_amd.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: dp687checkversion_amd.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: dp687checkversion_amd.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: dp687checkversion_amd.exe	String found in binary or memory: http://ocsp.digicert.com0
Source: dp687checkversion_amd.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: dp687checkversion_amd.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: dp687checkversion_amd.exe	String found in binary or memory: http://ocsp.digicert.com0X
Source: dp687checkversion_amd.exe	String found in binary or memory: http://www.digicert.com/CPS0

System Summary

Malicious sample detected (through community Yara rule)

Source: dp687checkversion_amd.exe, type: SAMPLE	Matched rule: Detects executables packed with Enigma Author: ditekSHen
Source: 0.2.dp687checkversion_amd.exe.140000000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with Enigma Author: ditekSHen
Source: 0.0.dp687checkversion_amd.exe.140000000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with Enigma Author: ditekSHen
Source: 0.0.dp687checkversion_amd.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with Enigma Author: ditekSHen
Source: 0.2.dp687checkversion_amd.exe.140000000.2.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with Enigma Author: ditekSHen
Source: 00000000.00000000.366391736.0000000140000000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Detects executables packed with Enigma Author: ditekSHen
Source: 00000000.00000002.368781833.0000000140000000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Detects executables packed with Enigma Author: ditekSHen

Source: dp687checkversion_amd.exe, type: SAMPLE	Matched rule: INDICATOR_EXE_Packed_Enigma snort2_sid = 930052-930054, author = ditekSHen, description = Detects executables packed with Enigma, snort3_sid = 930018
Source: 0.2.dp687checkversion_amd.exe.140000000.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_Enigma snort2_sid = 930052-930054, author = ditekSHen, description = Detects executables packed with Enigma, snort3_sid = 930018
Source: 0.0.dp687checkversion_amd.exe.140000000.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_Enigma snort2_sid = 930052-930054, author = ditekSHen, description = Detects executables packed with Enigma, snort3_sid = 930018
Source: 0.0.dp687checkversion_amd.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_Enigma snort2_sid = 930052-930054, author = ditekSHen, description = Detects executables packed with Enigma, snort3_sid = 930018
Source: 0.2.dp687checkversion_amd.exe.140000000.2.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_Enigma snort2_sid = 930052-930054, author = ditekSHen, description = Detects executables packed with Enigma, snort3_sid = 930018
Source: 00000000.00000000.366391736.0000000140000000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: INDICATOR_EXE_Packed_Enigma snort2_sid = 930052-930054, author = ditekSHen, description = Detects executables packed with Enigma, snort3_sid = 930018
Source: 00000000.00000002.368781833.0000000140000000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: INDICATOR_EXE_Packed_Enigma snort2_sid = 930052-930054, author = ditekSHen, description = Detects executables packed with Enigma, snort3_sid = 930018

Source: dp687checkversion_amd.exe	Binary or memory string: OriginalFilename vs dp687checkversion_amd.exe
Source: dp687checkversion_amd.exe, 00000000.00000002.369757339.0000000180557000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: OriginalFilenameMFC140U.DLL^ vs dp687checkversion_amd.exe
Source: dp687checkversion_amd.exe, 00000000.00000002.368479501.00000000001D2000.00000002.00000001.01000000.00000006.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dll^ vs dp687checkversion_amd.exe
Source: dp687checkversion_amd.exe, 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenameOperateCardLib.dllB vs dp687checkversion_amd.exe
Source: dp687checkversion_amd.exe, 00000000.00000003.368165550.0000000000667000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameOperateCardLib.dllB vs dp687checkversion_amd.exe

Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Section loaded: mfc140u.dll	Jump to behavior
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Section loaded: operatecardlib.dll	Jump to behavior

Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: 0_2_001C5878	0_2_001C5878
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: 0_2_0297A2F0	0_2_0297A2F0
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: 0_2_02984008	0_2_02984008
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: 0_2_029801C0	0_2_029801C0
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: 0_2_0294C14C	0_2_0294C14C
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: 0_2_0296216C	0_2_0296216C
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: 0_2_029606A0	0_2_029606A0
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: 0_2_0296041C	0_2_0296041C
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: 0_2_0293E400	0_2_0293E400
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: 0_2_02982590	0_2_02982590
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: 0_2_02960BC0	0_2_02960BC0
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: 0_2_0296093C	0_2_0296093C
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: 0_2_02960E28	0_2_02960E28
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: 0_2_0297CDD8	0_2_0297CDD8
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: 0_2_0298ED3C	0_2_0298ED3C
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: 0_2_0296130C	0_2_0296130C
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: 0_2_029610A4	0_2_029610A4
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: 0_2_0297CDD8	0_2_0297CDD8
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: 0_2_029857FC	0_2_029857FC
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: 0_2_029814C0	0_2_029814C0
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: 0_2_0296D410	0_2_0296D410
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: 0_2_0297F594	0_2_0297F594
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: 0_2_029615EC	0_2_029615EC

Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: String function: 029775E8 appears 35 times
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: String function: 029422D0 appears 31 times
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: String function: 02943770 appears 41 times
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: String function: 029423A0 appears 51 times

Source: evb4DE9.tmp.0.dr	Static PE information: Section .section
Source: evb4E19.tmp.0.dr	Static PE information: Section .section
Source: evb4DD9.tmp.0.dr	Static PE information: Section .section
Source: evb4D99.tmp.0.dr	Static PE information: Section .section
Source: evb4E2A.tmp.0.dr	Static PE information: Section .section

Source: dp687checkversion_amd.exe

Virustotal: Detection: 11%

Source: C:\Users\user\Desktop\dp687checkversion_amd.exe

File read: C:\Users\user\Desktop\dp687checkversion_amd.exe

Jump to behavior

Source: C:\Users\user\Desktop\dp687checkversion_amd.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\dp687checkversion_amd.exe C:\Users\user\Desktop\dp687checkversion_amd.exe
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7140:120:WilError_01

Source: C:\Users\user\Desktop\dp687checkversion_amd.exe

File created: C:\Users\user\AppData\Local\Temp\evb4CDD.tmp

Jump to behavior

Source: dp687checkversion_amd.exe	String found in binary or memory: TTOM> <SIZE>100, 17</SIZE> <CORNERS>3, 0, 4, 4</CORNERS> </BOTTOM> </BACK> <CAPTION> <LAUNCH_BTN> <SIZE>15, 14</SIZE> <CORNERS>2, 2, 2, 2</CORNERS> </LAUNCH_BTN> <LAUNCH_ICON> <SIZE>8, 8</SIZE> </L
Source: dp687checkversion_amd.exe	String found in binary or memory: <LAUNCH_BTN> <SIZE>15, 14</SIZE> <CORNERS>2, 2, 2, 2</CORNERS> </LAUNCH_BTN> <LAUNCH_ICON> <SIZE>8, 8</SIZE> </LAUNCH_ICON> <TextNormal>115, 131, 153</TextNormal> <TextHighlighted>115, 131, 153</TextHighlighted>
Source: dp687checkversion_amd.exe	String found in binary or memory: SIZE>100, 17</SIZE> <CORNERS>3, 0, 4, 4</CORNERS> </BOTTOM> </BACK> <CAPTION> <LAUNCH_BTN> <SIZE>15, 14</SIZE> <CORNERS>2, 2, 2, 2</CORNERS> </LAUNCH_BTN> <LAUNCH_ICON> <SIZE>8, 8</SIZE> </LAUNCH_ICON>
Source: dp687checkversion_amd.exe	String found in binary or memory: <SIZE>15, 14</SIZE> <CORNERS>2, 2, 2, 2</CORNERS> </LAUNCH_BTN> <LAUNCH_ICON> <SIZE>8, 8</SIZE> </LAUNCH_ICON> <TextNormal>83, 84, 89</TextNormal> <TextHighlighted>83, 84, 89</TextHighlighted> </CAPTION> <SEPA
Source: dp687checkversion_amd.exe	String found in binary or memory: <CORNERS>2, 0, 2, 16</CORNERS> </BOTTOM> </BACK> <CAPTION> <LAUNCH_ICON> <SIZE>12, 12</SIZE> </LAUNCH_ICON> <TextNormal>255, 255, 255</TextNormal> <TextHighlighted>255, 255, 255</TextHighlighted> </CAPTION> <S

Source: classification engine

Classification label: mal72.evad.winEXE@2/5@0/0

Source: C:\Users\user\Desktop\dp687checkversion_amd.exe

Code function: 0_2_0293E400 GetPrivateProfileIntA,_com_util::ConvertStringToBSTR,_com_util::ConvertStringToBSTR,CoInitialize,CLSIDFromProgID,CoCreateInstance,SysFreeString,SysFreeString,GetPrivateProfileIntA,CoInitialize,CLSIDFromProgID,CoCreateInstance,EnumDisplayDevicesA,_com_util::ConvertStringToBSTR,SysFreeString,EnumDisplayDevicesA,

0_2_0293E400

Source: dp687checkversion_amd.exe

Static file information: File size 7504456 > 1048576

Source:	Binary string: D:\tool_optional\OperateCardLib_ALL_phase7\Release\OperateCardLib.pdb source: dp687checkversion_amd.exe, 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: 0.pdb> source: dp687checkversion_amd.exe
Source:	Binary string: D:\tool\MFC\TVSU\dp687checkversion\x64\Release\dp687checkversion.pdb)) source: dp687checkversion_amd.exe
Source:	Binary string: 0.pdb source: dp687checkversion_amd.exe
Source:	Binary string: 0.pdb source: dp687checkversion_amd.exe
Source:	Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdb source: dp687checkversion_amd.exe, 00000000.00000002.369620040.00000001802D0000.00000002.00000001.01000000.00000004.sdmp
Source:	Binary string: D:\tool\MFC\TVSU\dp687checkversion\x64\Release\dp687checkversion.pdb source: dp687checkversion_amd.exe
Source:	Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: dp687checkversion_amd.exe, 00000000.00000002.368470033.00000000001CD000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: 0.pdb" source: dp687checkversion_amd.exe
Source:	Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdbGCTL source: dp687checkversion_amd.exe, 00000000.00000002.369620040.00000001802D0000.00000002.00000001.01000000.00000004.sdmp

Data Obfuscation

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\Desktop\dp687checkversion_amd.exe

Unpacked PE file: 0.2.dp687checkversion_amd.exe.140000000.2.unpack

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Unpacked PE file: 0.2.dp687checkversion_amd.exe.2900000.1.unpack
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Unpacked PE file: 0.2.dp687checkversion_amd.exe.180000000.5.unpack

Source: evb4D99.tmp.0.dr	Static PE information: section name: .section
Source: evb4DD9.tmp.0.dr	Static PE information: section name: .section
Source: evb4DE9.tmp.0.dr	Static PE information: section name: .section
Source: evb4E19.tmp.0.dr	Static PE information: section name: .section
Source: evb4E2A.tmp.0.dr	Static PE information: section name: .section

Source: C:\Users\user\Desktop\dp687checkversion_amd.exe

Code function: 0_2_0293CF60 LoadLibraryW,GetProcAddress,

0_2_0293CF60

Source: initial sample

Static PE information: section where entry point is pointing to: .section

Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	File created: C:\Users\user\AppData\Local\Temp\evb4DE9.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	File created: C:\Users\user\AppData\Local\Temp\evb4E19.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	File created: C:\Users\user\AppData\Local\Temp\evb4D99.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	File created: C:\Users\user\AppData\Local\Temp\evb4DD9.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	File created: C:\Users\user\AppData\Local\Temp\evb4E2A.tmp	Jump to dropped file

Source: C:\Users\user\Desktop\dp687checkversion_amd.exe

0_2_0293E400

Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\evb4DE9.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\evb4E19.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\evb4DD9.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\evb4E2A.tmp	Jump to dropped file

Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: 0_2_0297A2F0 FindFirstFileExW,		0_2_0297A2F0
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: 0_2_0297A78C FindFirstFileExW,FindNextFileW,FindClose,		0_2_0297A78C

Source: C:\Users\user\Desktop\dp687checkversion_amd.exe

Code function: 0_2_0298E284 IsDebuggerPresent,

0_2_0298E284

Source: C:\Users\user\Desktop\dp687checkversion_amd.exe

Code function: 0_2_0293CF60 LoadLibraryW,GetProcAddress,

0_2_0293CF60

Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: 0_2_001CC6CC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_001CC6CC
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: 0_2_02970B04 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_02970B04
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: 0_2_02944B58 SetUnhandledExceptionFilter,	0_2_02944B58
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: 0_2_02944970 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_02944970

Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: EnumSystemLocalesW,	0_2_029862B8
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_02986378
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: EnumSystemLocalesW,	0_2_029861E8
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: EnumSystemLocalesW,	0_2_02986164
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: GetLocaleInfoW,	0_2_029867F0
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_0298671C
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: GetLocaleInfoW,	0_2_029865C4
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_0298691C
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: EnumSystemLocalesW,	0_2_02976EB0
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: EnumSystemLocalesW,	0_2_02976FB4
Source: C:\Users\user\Desktop\dp687checkversion_amd.exe	Code function: EnumSystemLocalesW,	0_2_02977038

Source: C:\Users\user\Desktop\dp687checkversion_amd.exe

Code function: 0_2_0298E000 cpuid

0_2_0298E000

Source: C:\Users\user\Desktop\dp687checkversion_amd.exe

Code function: 0_2_001CC620 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_001CC620

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	1 Process Injection	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	1 Native API	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	1 Obfuscated Files or Information	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	2 Software Packing	NTDS	22 System Information Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	Remote System Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
dp687checkversion_amd.exe	5%	ReversingLabs	Win64.Trojan.Barys
dp687checkversion_amd.exe	11%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Link
C:\Users\user\AppData\Local\Temp\evb4D99.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\evb4D99.tmp	1%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\evb4DD9.tmp	5%	ReversingLabs
C:\Users\user\AppData\Local\Temp\evb4DD9.tmp	2%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\evb4DE9.tmp	5%	ReversingLabs
C:\Users\user\AppData\Local\Temp\evb4DE9.tmp	2%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\evb4E19.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\evb4E19.tmp	1%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\evb4E2A.tmp	0%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox Version:	38.0.0 Beryl
Analysis ID:	1292937
Start date and time:	2023-08-17 19:32:51 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	dp687checkversion_amd.exe
Detection:	MAL
Classification:	mal72.evad.winEXE@2/5@0/0
EGA Information:	Failed
HDC Information:	Successful, ratio: 15.5% (good quality ratio 11.8%) Quality average: 58.8% Quality standard deviation: 38.6%
HCA Information:	Successful, ratio: 100% Number of executed functions: 3 Number of non-executed functions: 118
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Execution Graph export aborted for target dp687checkversion_amd.exe, PID 7132 because there are no executed function

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Local\Temp\evb4D99.tmp

Download File

Process:	C:\Users\user\Desktop\dp687checkversion_amd.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1536
Entropy (8bit):	1.0699853454738915
Encrypted:	false
SSDEEP:	6:idq4Eh/jKjXFeyclltAsv/6HMgHcSl/601d7:eTEh/G70yUQwCHMGcG6C
MD5:	28F2F1E392EB4D56DF2D4024C7D87AF0
SHA1:	C1B10949E5D884B6316E76EEACCD88720EB11785
SHA-256:	3EE94FE211959C6E116F6C17E226EC19C99166F3EF0B63D93AFE60069913CD85
SHA-512:	98F229CA5D024D8658B242803C0025065000C2A0AE0ECA669A6A24F9AB0D85842F91CF375D475A022415B83155ECD7763B9FAE9196B62F23F1F2B78A12544C92
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 1%, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..d....^B*.........." .........................................................PY............................................................. ........................................................................................................................section.@Y.........................@........................................................................................................................................................................................................................................................B..............@..P................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\evb4DD9.tmp

Download File

Process:	C:\Users\user\Desktop\dp687checkversion_amd.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1536
Entropy (8bit):	1.065285292772802
Encrypted:	false
SSDEEP:	6:idq4Eh/jKjXFeyclltAsv/6HMgHE7Wl/6Nm1d7:eTEh/G70yUQwCHMGEG6N0
MD5:	1403EC3C9E96B4B8F39D54A31EC93458
SHA1:	6F54FAF70D9B7DC7DACD94F61DAF5E015E7448DC
SHA-256:	53BAE57B6164C44D139E906D00ACD85A6FD8E6B6439D3769D2B5E42B300D641D
SHA-512:	C7CEFBF5F8655C32BA89100437FE858C0A48D3B2EF97230F2394EB3A7918597581E4E2E7D22802EE719330C3563776DDD65B232E0E003F16EA94B2CAB49EDC4A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 5% Antivirus: Virustotal, Detection: 2%, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..d....^B*.........." .........................................................P.............................................................. ........................................................................................................................section.@..........................@........................................................................................................................................................................................................................................................B..............@..P................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\evb4DE9.tmp

Download File

Process:	C:\Users\user\Desktop\dp687checkversion_amd.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1536
Entropy (8bit):	1.065285292772802
Encrypted:	false
SSDEEP:	6:idq4Eh/jKjXFeyclltAsv/6HMgHE7Wl/6Nm1d7:eTEh/G70yUQwCHMGEG6N0
MD5:	1403EC3C9E96B4B8F39D54A31EC93458
SHA1:	6F54FAF70D9B7DC7DACD94F61DAF5E015E7448DC
SHA-256:	53BAE57B6164C44D139E906D00ACD85A6FD8E6B6439D3769D2B5E42B300D641D
SHA-512:	C7CEFBF5F8655C32BA89100437FE858C0A48D3B2EF97230F2394EB3A7918597581E4E2E7D22802EE719330C3563776DDD65B232E0E003F16EA94B2CAB49EDC4A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 5% Antivirus: Virustotal, Detection: 2%, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..d....^B*.........." .........................................................P.............................................................. ........................................................................................................................section.@..........................@........................................................................................................................................................................................................................................................B..............@..P................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\evb4E19.tmp

Download File

Process:	C:\Users\user\Desktop\dp687checkversion_amd.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1536
Entropy (8bit):	1.0681917989230039
Encrypted:	false
SSDEEP:	6:idq4Eh/jKjXFeyclltAsv/6HMgHSSl/6+1d7:eTEh/G70yUQwCHMGL6M
MD5:	922A6B810FD37CB2D9A5F91A40B3C75D
SHA1:	C324C9FFFC526148758364C9FE7AB7ADCDCBE71F
SHA-256:	C9D93640DB96E9656553663A21B04A4A9B9A08DB1190338184A5ADFB0252508B
SHA-512:	CF4714B0790DF0726A6F6115B4A59EA9DA3F3FFDD6923A3DE15CB78F28AE6392805FC09559ADBE678F540B749F8F757D893A695D68CE4172B887D4B883B95CD5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 1%, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..d....^B*.........." .........................................................P.............................................................. ........................................................................................................................section.@..........................@........................................................................................................................................................................................................................................................B..............@..P................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\evb4E2A.tmp

Download File

Process:	C:\Users\user\Desktop\dp687checkversion_amd.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1536
Entropy (8bit):	1.0681917989230039
Encrypted:	false
SSDEEP:	6:idq4Eh/jKjXFeyclltAsv/6HMgHSSl/6+1d7:eTEh/G70yUQwCHMGL6M
MD5:	922A6B810FD37CB2D9A5F91A40B3C75D
SHA1:	C324C9FFFC526148758364C9FE7AB7ADCDCBE71F
SHA-256:	C9D93640DB96E9656553663A21B04A4A9B9A08DB1190338184A5ADFB0252508B
SHA-512:	CF4714B0790DF0726A6F6115B4A59EA9DA3F3FFDD6923A3DE15CB78F28AE6392805FC09559ADBE678F540B749F8F757D893A695D68CE4172B887D4B883B95CD5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..d....^B*.........." .........................................................P.............................................................. ........................................................................................................................section.@..........................@........................................................................................................................................................................................................................................................B..............@..P................................................................................................................................................................................

Static File Info

General

File type:	PE32+ executable (console) x86-64, for MS Windows
Entropy (8bit):	7.810261167144091
TrID:	Win64 Executable Console (202006/5) 77.82% Win32 EXE PECompact compressed (generic) (41571/9) 16.01% Win64 Executable (generic) (12005/4) 4.62% Generic Win/DOS Executable (2004/3) 0.77% DOS Executable Generic (2002/1) 0.77%
File name:	dp687checkversion_amd.exe
File size:	7'504'456 bytes
MD5:	77a352610d3c6916d735673f6b4a4d82
SHA1:	e417db9af675d61ce163f8961ae309b9e97c474c
SHA256:	19094087808f3279ad5c79af7806e896207b39b8951853184e56df44eb278724
SHA512:	1a916de9c307104eb45dab4b5d8a100e2e752aa7bf5746d8d52247f5883140758cac34e9abd2f1511a10dd5da322fe34292921b09757c63431e5ad9e9bd59e67
SSDEEP:	196608:utpq2f0snfnlEKYzdfL5bfQo+FCpHTaVCCuUBRLU:utpJcsflEKYdVBmvuUbY
TLSH:	5876223FB921EAFCD087C6B058D386E127317E692674138661D6132F5E73A502F6C68E
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x...<...<...<...5.5.0.......>...n...6...n...?...n...!...n...8...Y...;...<...\.......>.....Y.=.......=...Rich<..................

File Icon


Icon Hash:	90cececece8e8eb0

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: dp687checkversion_amd.exePID: 7132, Parent PID: 3524

General

Target ID:	0
Start time:	19:33:45
Start date:	17/08/2023
Path:	C:\Users\user\Desktop\dp687checkversion_amd.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Desktop\dp687checkversion_amd.exe
Imagebase:	0x140000000
File size:	7'504'456 bytes
MD5 hash:	77A352610D3C6916D735673F6B4A4D82
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: INDICATOR_EXE_Packed_Enigma, Description: Detects executables packed with Enigma, Source: 00000000.00000000.366391736.0000000140000000.00000002.00000001.01000000.00000003.sdmp, Author: ditekSHen Rule: INDICATOR_EXE_Packed_Enigma, Description: Detects executables packed with Enigma, Source: 00000000.00000002.368781833.0000000140000000.00000002.00000001.01000000.00000003.sdmp, Author: ditekSHen
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 7140, Parent PID: 7132

General

Target ID:	1
Start time:	19:33:46
Start date:	17/08/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff766460000
File size:	625'664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: dp687checkversion_amd.exePID: 7132, Parent PID: 3524COMMON

Executed Functions

Function 02943930 Relevance: 19.7, APIs: 13, Instructions: 235
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E02943930(long long __edx, void* __edi, void* __esi, void* __esp, long long* __rax, long long __rbx, long long __rcx, long long __rdi, long long __rsi, void* __rbp, long long __r8, long long _a8, long long _a16, char _a24, long long _a32) {
				void* _v8;
				long long _v80;
				void* __r14;
				long long _t31;
				char _t33;
				long long _t36;
				long long _t37;
				long long _t38;
				long long _t39;
				long long _t43;
				long long _t44;
				long long _t50;
				signed int _t51;
				long long _t52;
				char _t53;
				long long _t55;
				void* _t56;
				long long _t57;
				long long _t59;
				long long _t63;
				long long _t64;
				signed char _t66;
				long long _t70;
				char _t72;
				signed int _t73;
				signed int _t74;
				void* _t90;
				long long _t92;
				void* _t93;
				void* _t94;
				long long* _t100;
				long long _t101;
				long long _t102;
				long long _t109;
				long long _t122;
				long long _t127;
				void* _t132;
				void* _t133;
				void* _t134;
				long long _t135;
				void* _t139;
				long long _t143;
				void* _t152;
				long long* _t153;
				long long _t154;
				long long _t155;
				void* _t158;

				_t143 = __r8;
				_t131 = __rbp;
				_t126 = __rsi;
				_t122 = __rdi;
				_t109 = __rcx;
				_t104 = __rbx;
				_t100 = __rax;
				_t95 = __esp;
				_t93 = __esi;
				_t91 = __edi;
				_t80 = __edx;
				_t133 = _t132 - 0x28;
				if(__edx == 0) {
					__eflags = __r8;
					_t74 = _t73 & 0xffffff00 | __r8 != 0x00000000;
					_t134 = _t133 + 0x28;
					L24:
					_a8 = _t104;
					_a24 = _t126;
					_push(_t122);
					_t135 = _t134 - 0x20;
					sil = _t74;
					_t31 =  *0x29a7ffc;
					__eflags = _t31;
					if(_t31 > 0) {
						 *0x29a7ffc = _t31 - 1;
						_t33 = E02944544();
						dil = _t33;
						_a16 = _t33;
						__eflags =  *0x29a8588 - 2;
						if( *0x29a8588 != 2) {
							E02944970(7, _t91, _t95, _t100, _t104, _t121, _t143);
							asm("int3");
							asm("int3");
							asm("int3");
							_t101 = _t135;
							 *((long long*)(_t101 + 0x20)) = _t104;
							 *((long long*)(_t101 + 0x18)) = _t143;
							 *((intOrPtr*)(_t101 + 0x10)) = _t80;
							 *((long long*)(_t101 + 8)) = _t109;
							_push(_t126);
							_push(_t122);
							_push(_t154);
							_t127 = _t143;
							_t92 = _t80;
							_t155 = _t109;
							__eflags = _t80;
							if(_t80 != 0) {
								L33:
								__eflags = _t121 - 1 - 1;
								if(_t121 - 1 > 1) {
									L38:
									_t36 = E02944414();
									_t70 = _t36;
									_v80 = _t36;
									__eflags = _t92 - 1;
									if(_t92 == 1) {
										__eflags = _t36;
										if(_t36 == 0) {
											E02944414();
											E02943930(0, _t92, _t93, _t95, _t101, _t104, _t155, _t122, _t127, _t131, _t127);
											_t101 =  *0x2992a98; // 0x0
											__eflags = _t101;
											if(_t101 != 0) {
												__eflags = 0;
												 *0x29913c0();
											}
										}
									}
									__eflags = _t92;
									if(_t92 == 0) {
										L44:
										_t37 = E02943930(_t92, _t92, _t93, _t95, _t101, _t104, _t155, _t122, _t127, _t131, _t127);
										_t70 = _t37;
										_v80 = _t37;
										__eflags = _t37;
										if(_t37 != 0) {
											_t102 =  *0x2992a98; // 0x0
											__eflags = _t102;
											if(_t102 != 0) {
												_t39 =  *0x29913c0();
												_t70 = _t39;
												_v80 = _t39;
											} else {
												_t27 = _t102 + 1; // 0x1
												_t70 = _t27;
												_v80 = _t70;
											}
										}
									} else {
										__eflags = _t92 - 3;
										if(_t92 == 3) {
											goto L44;
										}
									}
								} else {
									_t101 =  *0x2992a98; // 0x0
									__eflags = _t101;
									if(_t101 != 0) {
										_t43 =  *0x29913c0();
										_t70 = _t43;
										_v80 = _t43;
										__eflags = _t43;
										if(_t43 != 0) {
											goto L37;
										}
									} else {
										_v80 = 1;
										L37:
										_t44 = E02943930(_t92, _t92, _t93, _t95, _t101, _t104, _t155, _t122, _t127, _t131, _t127); // executed
										_t70 = _t44;
										_v80 = _t44;
										__eflags = _t44;
										if(_t44 != 0) {
											goto L38;
										}
									}
								}
								_t38 = _t70;
							} else {
								__eflags =  *0x29a7ffc - _t80;
								if( *0x29a7ffc > _t80) {
									goto L33;
								} else {
									_t38 = 0;
								}
							}
							return _t38;
						} else {
							E0294466C();
							E02944BE0(E0294442C(_t100), _t104);
							 *0x29a8588 = 0;
							E0294469C();
							E02944870(dil, _t121);
							_t50 = E02944894(sil, 0);
							__eflags = _t50;
							_t51 = 0 | _t50 != 0x00000000;
							goto L26;
						}
					} else {
						_t51 = 0;
						__eflags = 0;
						L26:
						return _t51;
					}
				} else {
					_t80 = __edx - 1;
					if(_t80 == 0) {
						_t121 = __r8;
						_t139 = _t133 + 0x28;
						_a8 = __rbx;
						_a16 = __rsi;
						_a32 = __rdi;
						_push(_t154);
						_t134 = _t139 - 0x20;
						_t126 = __r8;
						_t154 = __rcx;
						_t52 = E029446B0(0, _t80, __edi, __esp, __rax, __rcx, __r8, __rdi, __r8); // executed
						__eflags = _t52;
						if(_t52 != 0) {
							_t53 = E02944544();
							_t72 = _t53;
							_a24 = _t53;
							dil = 1;
							__eflags =  *0x29a8588;
							if( *0x29a8588 != 0) {
								_t74 = 7;
								E02944970(7, __edi, __esp, _t100, __rbx, __r8, __r8);
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								goto L24;
							} else {
								 *0x29a8588 = 1;
								_t55 = E029445B4();
								__eflags = _t55;
								if(_t55 != 0) {
									E02944BA4(_t55, __rbx);
									E0294441C();
									E02944440(_t100);
									_t121 = 0x2991400;
									_t63 = E0296B544(_t104, 0x29913e0, 0x2991400);
									__eflags = _t63;
									if(_t63 == 0) {
										_t64 = E02944580(_t72, 0, _t80, _t94, _t152, _t154, _t158);
										__eflags = _t64;
										if(_t64 != 0) {
											_t121 = 0x29913d8;
											E0296B4E0(_t104, 0x29913c8, 0x29913d8, __r8, __rbp);
											 *0x29a8588 = 2;
											dil = 0;
											__eflags = dil;
										}
									}
								}
								_t56 = E02944870(_t72, _t121);
								__eflags = dil;
								if(dil != 0) {
									goto L11;
								} else {
									E02944960(_t56);
									__eflags =  *_t100;
									if( *_t100 != 0) {
										_t59 = E029447D4(_t100);
										__eflags = _t59;
										if(_t59 != 0) {
											_t153 =  *0x29913c0; // 0x298ffc0
											 *_t153();
										}
									}
									 *0x29a7ffc =  *0x29a7ffc + 1;
									_t57 = 1;
								}
								goto L12;
							}
						} else {
							L11:
							_t57 = 0;
							__eflags = 0;
							L12:
							return _t57;
						}
					} else {
						_t90 = _t80 - 1;
						if(_t90 == 0) {
							_t66 = E029445CC(__eflags);
							L7:
							return _t66 & 0x000000ff;
						} else {
							if(_t90 == 1) {
								_t66 = E029445F4();
								goto L7;
							} else {
								return 1;
							}
						}
					}
				}
			}

0x02943930
0x02943930
0x02943930
0x02943930
0x02943930
0x02943930
0x02943930
0x02943930
0x02943930
0x02943930
0x02943930
0x02943930
0x02943936
0x02943971
0x02943974
0x02943977
0x02943a9c
0x02943a9c
0x02943aa1
0x02943aa6
0x02943aa7
0x02943aab
0x02943aae
0x02943ab6
0x02943ab8
0x02943ace
0x02943ad4
0x02943ad9
0x02943adc
0x02943ae0
0x02943ae7
0x02943b23
0x02943b29
0x02943b2a
0x02943b2b
0x02943b2c
0x02943b2f
0x02943b33
0x02943b37
0x02943b3a
0x02943b3e
0x02943b3f
0x02943b40
0x02943b46
0x02943b49
0x02943b4b
0x02943b4e
0x02943b50
0x02943b61
0x02943b64
0x02943b67
0x02943bae
0x02943bb6
0x02943bbb
0x02943bbd
0x02943bc1
0x02943bc4
0x02943bc6
0x02943bc8
0x02943bd2
0x02943bdf
0x02943be4
0x02943beb
0x02943bee
0x02943bf3
0x02943bf8
0x02943bf8
0x02943bee
0x02943bc8
0x02943bfe
0x02943c00
0x02943c07
0x02943c0f
0x02943c14
0x02943c16
0x02943c1a
0x02943c1c
0x02943c1e
0x02943c25
0x02943c28
0x02943c3b
0x02943c41
0x02943c43
0x02943c2a
0x02943c2a
0x02943c2a
0x02943c2d
0x02943c2d
0x02943c28
0x02943c02
0x02943c02
0x02943c05
0x00000000
0x00000000
0x02943c05
0x02943b69
0x02943b69
0x02943b70
0x02943b73
0x02943b7f
0x02943b85
0x02943b87
0x02943b8b
0x02943b8d
0x00000000
0x00000000
0x02943b75
0x02943b75
0x02943b93
0x02943b9b
0x02943ba0
0x02943ba2
0x02943ba6
0x02943ba8
0x00000000
0x00000000
0x02943ba8
0x02943b73
0x02943c4f
0x02943b52
0x02943b52
0x02943b58
0x00000000
0x02943b5a
0x02943b5a
0x02943b5a
0x02943b58
0x02943c5e
0x02943ae9
0x02943ae9
0x02943af3
0x02943af8
0x02943afe
0x02943b06
0x02943b10
0x02943b15
0x02943b1a
0x00000000
0x02943b1a
0x02943aba
0x02943aba
0x02943aba
0x02943abc
0x02943acb
0x02943acb
0x02943938
0x02943938
0x0294393b
0x02943965
0x02943968
0x02943980
0x02943985
0x0294398a
0x0294398f
0x02943991
0x02943995
0x02943998
0x0294399d
0x029439a2
0x029439a4
0x029439be
0x029439c3
0x029439c5
0x029439c9
0x029439cc
0x029439d3
0x02943a8d
0x02943a92
0x02943a98
0x02943a99
0x02943a9a
0x02943a9b
0x00000000
0x029439d9
0x029439d9
0x029439e3
0x029439e8
0x029439ea
0x029439ec
0x029439f1
0x029439f6
0x029439fb
0x02943a09
0x02943a0e
0x02943a10
0x02943a12
0x02943a17
0x02943a19
0x02943a1b
0x02943a29
0x02943a2e
0x02943a38
0x02943a38
0x02943a38
0x02943a19
0x02943a10
0x02943a3d
0x02943a42
0x02943a45
0x00000000
0x02943a4b
0x02943a4b
0x02943a53
0x02943a57
0x02943a5c
0x02943a61
0x02943a63
0x02943a73
0x02943a7a
0x02943a7a
0x02943a63
0x02943a7d
0x02943a83
0x02943a83
0x00000000
0x02943a45
0x029439a6
0x029439a6
0x029439a6
0x029439a6
0x029439a8
0x029439bd
0x029439bd
0x0294393d
0x0294393d
0x02943940
0x02943958
0x0294395d
0x02943964
0x02943942
0x02943945
0x02943951
0x00000000
0x02943947
0x02943950
0x02943950
0x02943945
0x02943940
0x0294393b

APIs

__scrt_dllmain_crt_thread_attach.LIBCMT ref: 02943958
__scrt_acquire_startup_lock.LIBCMT ref: 029439BE
_RTC_Initialize.LIBCMT ref: 029439EC
__scrt_initialize_default_local_stdio_options.LIBCMT ref: 029439F6
__scrt_dllmain_after_initialize_c.LIBCMT ref: 02943A12
__scrt_release_startup_lock.LIBCMT ref: 02943A3D
__scrt_is_nonwritable_in_current_image.LIBCMT ref: 02943A5C
__scrt_fastfail.LIBCMT ref: 02943A92
__scrt_acquire_startup_lock.LIBCMT ref: 02943AD4
_RTC_Initialize.LIBCMT ref: 02943AF3
__scrt_release_startup_lock.LIBCMT ref: 02943B06
__scrt_uninitialize_crt.LIBCMT ref: 02943B10
__scrt_fastfail.LIBCMT ref: 02943B23

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: Initialize__scrt_acquire_startup_lock__scrt_fastfail__scrt_release_startup_lock$__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_default_local_stdio_options__scrt_is_nonwritable_in_current_image__scrt_uninitialize_crt
String ID:
API String ID: 1988982384-0
Opcode ID: 22386f4d9063f7db1a8502b5ce17bdeae7ac195395c57b382308e48114944aae
Instruction ID: 07fa6c4b026f7de32fb26643663a80d74b89f0a23a3b81fc0cf4d35879b8b2b9
Opcode Fuzzy Hash: 22386f4d9063f7db1a8502b5ce17bdeae7ac195395c57b382308e48114944aae
Instruction Fuzzy Hash: F871493171478286EF24EB7AE844B2967A6FBC5BC4F64946ACE0987B14DF38C581CB04

Uniqueness

Uniqueness Score: -1.00%

Function 02976C80 Relevance: 3.1, APIs: 2, Instructions: 73COMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32 ref: 02976CF9
GetFileType.KERNELBASE ref: 02976D0F

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: FileHandleType
String ID:
API String ID: 3000768030-0
Opcode ID: 4b6e858cf1d877f09b4ed8e5c351421e0655c054b30cbb377f8320fc1112a965
Instruction ID: 52b19408eea6f7b4d9921bf4f72b0cfe5de408a05924c88890b61e1dc3eeb38b
Opcode Fuzzy Hash: 4b6e858cf1d877f09b4ed8e5c351421e0655c054b30cbb377f8320fc1112a965
Instruction Fuzzy Hash: 4F218532624F55D2DB248B1AD9943697B68F745BF4F68170ADBAA073E0CB34D4A1C341

Uniqueness

Uniqueness Score: -1.00%

Function 029446B0 Relevance: 3.0, APIs: 2, Instructions: 23
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E029446B0(void* __ecx, void* __edx, void* __edi, void* __esp, void* __rax, void* __rcx, void* __rdx, void* __rdi, void* __rsi) {
				void* __rbx;
				void* _t5;
				void* _t13;
				void* _t15;
				void* _t18;
				void* _t19;

				_t22 = __rsi;
				_t19 = __rcx;
				_t13 = __edi;
				_t10 = __ecx;
				_t15 = __ecx;
				_t2 =  ==  ? 1 :  *0x29a8598 & 0x000000ff;
				 *0x29a8598 =  ==  ? 1 :  *0x29a8598 & 0x000000ff;
				E02944C7C(1, __edx, __rax, _t18, __rdx, __rsi);
				if(L02947C58(_t10, _t13, __esp, _t15, _t19, __rdx, __rdi) != 0) {
					_t5 = E0296DA0C(_t18, _t22); // executed
					__eflags = _t5;
					if(_t5 != 0) {
						return 1;
					}
					L02947CB4(0);
				}
				return 0;
			}

0x029446b0
0x029446b0
0x029446b0
0x029446b0
0x029446bd
0x029446c4
0x029446c7
0x029446cd
0x029446d9
0x029446df
0x029446e4
0x029446e6
0x00000000
0x029446f1
0x029446ea
0x029446ea
0x00000000

APIs

__vcrt_initialize.LIBVCRUNTIME ref: 029446D2

Part of subcall function 02947C58: __vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 02947C61
Part of subcall function 02947C58: __vcrt_initialize_locks.LIBVCRUNTIME ref: 02947C66

__vcrt_uninitialize.LIBVCRUNTIME ref: 029446EA

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: __vcrt_initialize__vcrt_initialize_locks__vcrt_initialize_winapi_thunks__vcrt_uninitialize
String ID:
API String ID: 1882725809-0
Opcode ID: 25b9fecbbbb0899a54da654feda86d768c2a1394f31c596a7f2d9ee70d7e7234
Instruction ID: 9d56bcf4426b0cbd9cafe50c3911292e47c7272f3bc171f59e0d7874703ddaf3
Opcode Fuzzy Hash: 25b9fecbbbb0899a54da654feda86d768c2a1394f31c596a7f2d9ee70d7e7234
Instruction Fuzzy Hash: 6FE0C2402092844AFE1C2BB52981FB937862F4A302F04389C8DDA47203CF0A46FA6E71

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0293E400 Relevance: 47.8, APIs: 16, Strings: 11, Instructions: 572
comCOMMONCrypto

Download Yara Rule

C-Code - Quality: 40%

			E0293E400(void* __ebx, void* __edx, void* __edi, void* __esp, signed long long* __rbx, long long __rdi, CHAR** __rsi, void* __r8, void* __r12, void* __r13, CHAR* __r14, CHAR* __r15) {
				signed long long _t136;
				signed long long _t138;
				signed long long _t140;
				signed long long _t150;
				signed long long _t156;
				signed long long _t160;
				signed int _t161;
				signed long long _t162;
				void* _t169;
				signed long long _t171;
				signed long long _t188;
				signed long long _t194;
				signed long long _t196;
				signed long long _t200;
				signed long long _t201;
				signed long long _t208;
				signed int _t210;
				void* _t211;
				signed long long _t217;
				void* _t225;
				void* _t228;
				signed long long _t239;
				signed long long _t241;
				signed long long _t242;
				signed long long* _t245;
				intOrPtr _t251;
				signed long long _t252;
				signed long long _t253;
				signed long long _t256;
				intOrPtr _t259;
				intOrPtr* _t260;
				intOrPtr* _t268;
				intOrPtr _t279;
				signed long long _t280;
				signed long long _t281;
				signed long long _t290;
				intOrPtr _t293;
				intOrPtr* _t294;
				intOrPtr* _t302;
				CHAR* _t305;
				intOrPtr* _t306;
				void* _t309;
				signed long long _t316;
				CHAR** _t329;
				void* _t336;
				void* _t337;
				void* _t340;
				signed long long _t341;
				signed long long _t342;
				void* _t345;
				char* _t352;
				char* _t353;
				void* _t360;
				void* _t362;
				CHAR* _t367;

				_t367 = __r15;
				_t364 = __r14;
				_t362 = __r13;
				_t360 = __r12;
				_t345 = __r8;
				_t332 = __rsi;
				_t243 = __rbx;
				_t228 = __esp;
				_t225 = __edi;
				_t211 = __edx;
				_t198 = __ebx;
				 *((long long*)(_t340 + 0x10)) = __rsi;
				 *((long long*)(_t340 + 0x18)) = __rdi;
				_t336 = _t340 - 0x60;
				_t341 = _t340 - 0x160;
				_t239 =  *0x29a61e8; // 0xc99624406909
				_t240 = _t239 ^ _t341;
				 *(_t336 + 0x50) = _t240;
				_t352 = "./operatecardlib.ini";
				r8d = 0x14;
				 *0x29a7ff8 = GetPrivateProfileIntA(__r15, __r14);
				L029438E4(_t240, "operatecardlib");
				_t329 = _t240;
				if(_t240 == 0) {
					L55:
					E02945070();
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					 *(_t341 + 8) = _t243;
					 *(_t341 + 0x10) = _t332;
					 *(_t341 + 0x18) = _t329;
					_t337 = _t341 - 0x210;
					_t342 = _t341 - 0x310;
					_t241 =  *0x29a61e8; // 0xc99624406909
					_t242 = _t241 ^ _t342;
					 *(_t337 + 0x200) = _t242;
					_t353 = "./operatecardlib.ini";
					r8d = 0x14;
					_t136 = GetPrivateProfileIntA(_t367, _t364);
					r15d = 0;
					sil = 0;
					_t204 = 0;
					 *0x29a7ff8 = _t136;
					 *0x29a7291 = sil;
					dil = 0;
					 *0x29a7f90 = _t367;
					 *(_t342 + 0x34) = r15d;
					__imp__CoInitialize(_t362, _t360, _t336);
					_t309 = _t342 + 0x70;
					__imp__CLSIDFromProgID();
					__eflags = _t136;
					if(_t136 < 0) {
						L89:
						 *(_t342 + 0x30) = r15d;
						 *(_t342 + 0x5c) = _t242;
						 *(_t342 + 0x64) = _t242;
						 *(_t342 + 0x38) = r15d;
						 *((long long*)(_t342 + 0x50)) = 0x10000;
						 *((intOrPtr*)(_t342 + 0x48)) = 0x24;
						 *(_t342 + 0x4c) = r15b;
						_t138 = E0293CF60(_t204, _t211, _t243, _t342 + 0x48, 0x29a7fe0, _t332, _t345, _t353);
						__eflags = _t138;
						if(_t138 != 0) {
							L105:
							_t251 =  *0x29a7fe0; // 0x0
							L0293BFC0(_t242, _t243, _t251);
							_t252 =  *0x29a7f98; // 0x0
							__eflags = _t252;
							if(_t252 != 0) {
								E0296B140(_t242, _t252);
							}
							_t253 =  *0x29a7fe8; // 0x0
							__eflags = _t253;
							if(_t253 != 0) {
								E0296B140(_t242, _t253);
							}
							goto L109;
						} else {
							_t346 =  *0x29a7fe8; // 0x0
							_t311 = _t342 + 0x30;
							_t256 =  *0x29a7fe0; // 0x0
							__eflags = E0293C390(_t242, _t243, _t256, _t342 + 0x30, _t332, _t346);
							if(__eflags != 0) {
								L104:
								E02943770(__eflags, _t242, "ctlEnumerateDevices returned failure code: 0x%X\n", _t311, _t346, _t353);
								goto L105;
							} else {
								_t204 =  *(_t342 + 0x30);
								L0296B154(_t242, _t256 << 3);
								 *0x29a7fe8 = _t242;
								__eflags = _t242;
								if(_t242 == 0) {
									goto L109;
								} else {
									_t259 =  *0x29a7fe0; // 0x0
									_t311 = _t342 + 0x30;
									_t346 = _t242;
									__eflags = E0293C390(_t242, _t243, _t259, _t342 + 0x30, _t332, _t242);
									if(__eflags != 0) {
										goto L104;
									} else {
										__eflags =  *(_t342 + 0x30) - r15d;
										if( *(_t342 + 0x30) <= r15d) {
											goto L105;
										} else {
											_t260 =  *0x29a7fe8; // 0x0
											_t312 = _t342 + 0x38;
											_t347 =  *0x29a7f98; // 0x0
											_t261 =  *_t260;
											__eflags = E0293C400(_t242, _t243,  *_t260, _t342 + 0x38, _t332, _t347);
											if(__eflags != 0) {
												L97:
												_t148 = E02943770(__eflags, _t242, "ctlEnumerateDisplayOutputs returned failure code: 0x%X\n", _t312, _t347, _t353);
												goto L98;
											} else {
												_t204 =  *(_t342 + 0x38);
												L0296B154(_t242, _t261 << 3);
												 *0x29a7f98 = _t242;
												__eflags = _t242;
												if(_t242 == 0) {
													goto L105;
												} else {
													_t268 =  *0x29a7fe8; // 0x0
													_t312 = _t342 + 0x38;
													_t347 = _t242;
													__eflags = E0293C400(_t242, _t243,  *_t268, _t342 + 0x38, _t332, _t242);
													if(__eflags != 0) {
														goto L97;
													}
													L98:
													_t243 =  *0x29a7f98; // 0x0
													__eflags = _t243;
													if(_t243 == 0) {
														goto L105;
													} else {
														r8d = 0xc4;
														E02947430(_t148, _t204, 0, _t225, _t228, _t337 - 0x7c, _t312, _t347);
														 *((intOrPtr*)(_t337 - 0x80)) = 0xc8;
														_t264 = _t243[1];
														__eflags = _t243[1];
														if(_t243[1] == 0) {
															goto L105;
														} else {
															_t313 = _t337 - 0x80;
															_t150 = E0293CA70(_t242, _t243, _t264, _t337 - 0x80);
															__eflags = _t150;
															if(_t150 != 0) {
																goto L105;
															} else {
																__eflags =  *(_t337 - 0x50) >> 0x00000001 & 0x00000001;
																if(__eflags == 0) {
																	E02943770(__eflags, _t242, "Display 1 is not attached, skipping the call for this display\n", _t313, _t347, _t353);
																	goto L105;
																} else {
																	_t242 =  *0x29a7f98; // 0x0
																	_t140 = 1;
																	 *0x29a7ff0 =  *(_t242 + 8);
																	 *0x29a6000 = 1;
																	 *0x29a6001 = 1;
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L110;
					} else {
						_t242 = 0x29a7f90;
						_t211 = 0;
						_t353 = 0x2991db8;
						 *((long long*)(_t342 + 0x20)) = 0x29a7f90;
						_t79 =  &(_t367[0x15]); // 0x15
						r8d = _t79;
						__imp__CoCreateInstance();
						__eflags = _t136;
						if(_t136 < 0) {
							goto L89;
						} else {
							__eflags =  *0x29a7f90 - _t367; // 0x0
							if(__eflags == 0) {
								goto L89;
							} else {
								_t271 = _t337 + 0x54;
								r8d = 0x1a4;
								E02947430(_t136, 0, 0, _t225, _t228, _t337 + 0x54, _t309, _t345);
								r9d = 0;
								 *((intOrPtr*)(_t337 + 0x50)) = 0x1a8;
								_t204 = 0;
								r13d = r15d;
								_t156 = EnumDisplayDevicesA(??, ??, ??, ??);
								__eflags = _t156;
								if(_t156 == 0) {
									L109:
									_t140 = 0;
									__eflags = 0;
									goto L110;
								} else {
									_t84 =  &(_t367[1]); // 0x1
									r14d = _t84;
									while(1) {
										L60:
										 *(_t342 + 0x3c) = r15d;
										r12d = r15d;
										 *(_t342 + 0x40) = r15d;
										while(1) {
											 *(_t342 + 0x34) = 0x20000000;
											L029438E4(_t242, _t271);
											_t245 = _t242;
											__eflags = _t242;
											if(_t242 == 0) {
												break;
											}
											 *(_t242 + 8) = _t367;
											 *(_t242 + 0x10) = r14d;
											E029452F0(_t198, _t245, _t337 + 0x54, _t329, _t332, _t364);
											 *_t245 = _t242;
											_t271 =  *0x29a7f90; // 0x0
											 *((long long*)(_t342 + 0x28)) = _t342 + 0x3c;
											r8d = r12d;
											 *((long long*)(_t342 + 0x20)) = _t342 + 0x34;
											_t316 = _t242;
											_t160 =  *((intOrPtr*)( *_t271 + 0x60))();
											r12d = r12d + 1;
											r15d = _t160;
											asm("lock xadd [ebx+0x10], ecx");
											__eflags = 0xffffffff - r14d;
											if(0xffffffff == r14d) {
												__eflags =  *_t245;
												if( *_t245 != 0) {
													__imp__#6();
													 *_t245 = 0;
												}
												_t274 = _t245[1];
												__eflags = _t245[1];
												if(_t245[1] != 0) {
													L02943928(_t242, _t274);
													_t245[1] = 0;
												}
												_t271 = _t245;
												L02943920(_t242, _t245);
											}
											_t217 =  *(_t342 + 0x34);
											_t208 =  *(_t342 + 0x3c);
											__eflags = _t217 - 2;
											if(_t217 != 2) {
												L78:
												__eflags = sil;
												if(sil == 0) {
													_t102 = _t316 - 3; // 0x1ffffffd
													_t161 = _t102;
													__eflags = _t161 & 0xfffffffb;
													if((_t161 & 0xfffffffb) == 0) {
														__eflags = _t208 - r14d;
														_t164 =  !=  ? r14d :  *0x29a7291 & 0x000000ff;
														 *0x29a7291 =  !=  ? r14d :  *0x29a7291 & 0x000000ff;
													}
													goto L84;
												} else {
													__eflags = _t217 - 7;
													if(_t217 != 7) {
														L84:
														__eflags = _t217 - 2;
														if(_t217 != 2) {
															goto L71;
														} else {
															__eflags = _t208 - 0x112;
															if(_t208 != 0x112) {
																goto L71;
															} else {
																goto L74;
															}
														}
													} else {
														__eflags = _t208 - 0x112;
														if(_t208 == 0x112) {
															 *0x29a7291 = r14b;
														}
														goto L71;
													}
												}
											} else {
												__eflags = _t208 - 0x212;
												if(_t208 != 0x212) {
													goto L78;
												} else {
													L71:
													__eflags = dil;
													if(dil == 0) {
														L74:
														__eflags =  *0x29a7291;
														if( *0x29a7291 != 0) {
															goto L88;
														} else {
															__eflags = r15d;
															r15d = 0;
															if(r15d == 0) {
																continue;
															} else {
																r13d = r13d + 1;
																r9d = 0;
																_t204 = 0;
																_t162 = EnumDisplayDevicesA(??, ??, ??, ??);
																__eflags = _t162;
																if(_t162 == 0) {
																	goto L109;
																} else {
																	goto L60;
																}
															}
														}
													} else {
														__eflags = _t217 - 5;
														if(_t217 != 5) {
															goto L74;
														} else {
															__eflags = _t208 - 0x212;
															if(_t208 == 0x212) {
																 *0x29a7291 = r14b;
																L88:
																_t204 =  *(_t342 + 0x40);
																_t140 = r14d;
																 *0x29a7f88 =  *(_t342 + 0x40);
																 *0x29a6000 = r14b;
																 *0x29a6001 = 0;
																L110:
																__eflags =  *(_t337 + 0x200) ^ _t342;
																return L029438C0(_t140, _t204, _t242,  *(_t337 + 0x200) ^ _t342);
															} else {
																goto L74;
															}
														}
													}
												}
											}
											goto L112;
										}
										E02945070();
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										return 1;
										goto L112;
									}
								}
							}
						}
					}
				} else {
					r15d = 0;
					r14d = 1;
					 *((long long*)(_t240 + 8)) = __r15;
					 *(_t240 + 0x10) = r14d;
					E029452F0(__ebx, __rbx, "\\\\.\\Display1", _t329, __rsi, __r14);
					 *_t329 = _t240;
					L029438E4(_t240, "\\\\.\\Display1");
					_t332 = _t240;
					if(_t240 == 0) {
						goto L55;
					} else {
						 *((long long*)(_t341 + 0x180)) = __rbx;
						 *((long long*)(_t240 + 8)) = __r15;
						 *(_t240 + 0x10) = r14d;
						_t169 = E029452F0(__ebx, __rbx, "\\\\.\\Display2", _t329, _t332, __r14);
						 *_t332 = _t240;
						_t210 = 0;
						 *0x29a7291 = r15b;
						 *0x29a7f90 = __r15;
						 *(_t341 + 0x30) = r15d;
						 *(_t341 + 0x38) = r15d;
						 *(_t341 + 0x34) = r15d;
						__imp__CoInitialize();
						__imp__CLSIDFromProgID();
						if(_t169 < 0) {
							L21:
							 *(_t341 + 0x3c) = r15d;
							 *(_t341 + 0x5c) = _t240;
							 *(_t341 + 0x64) = _t240;
							 *(_t341 + 0x40) = r15d;
							 *((long long*)(_t341 + 0x50)) = 0x10000;
							 *((intOrPtr*)(_t341 + 0x48)) = 0x24;
							 *(_t341 + 0x4c) = r15b;
							_t171 = E0293CF60(_t210, _t211, _t243, _t341 + 0x48, 0x29a7fe0, _t332, _t345, _t352);
							__eflags = _t171;
							if(_t171 != 0) {
								L37:
								_t279 =  *0x29a7fe0; // 0x0
								 *0x29a6001 = 0xff;
								L0293BFC0(_t240, _t243, _t279);
								_t280 =  *0x29a7f98; // 0x0
								__eflags = _t280;
								if(_t280 != 0) {
									E0296B140(_t240, _t280);
								}
								_t281 =  *0x29a7fe8; // 0x0
								__eflags = _t281;
								if(_t281 != 0) {
									E0296B140(_t240, _t281);
								}
								goto L41;
							} else {
								_t350 =  *0x29a7fe8; // 0x0
								_t319 = _t341 + 0x3c;
								_t290 =  *0x29a7fe0; // 0x0
								__eflags = E0293C390(_t240, _t243, _t290, _t341 + 0x3c, _t332, _t350);
								if(__eflags != 0) {
									L36:
									E02943770(__eflags, _t240, "ctlEnumerateDevices returned failure code: 0x%X\n", _t319, _t350, _t352);
									goto L37;
								} else {
									_t210 =  *(_t341 + 0x3c);
									L0296B154(_t240, _t290 << 3);
									 *0x29a7fe8 = _t240;
									__eflags = _t240;
									if(_t240 == 0) {
										goto L41;
									} else {
										_t293 =  *0x29a7fe0; // 0x0
										_t319 = _t341 + 0x3c;
										_t350 = _t240;
										__eflags = E0293C390(_t240, _t243, _t293, _t341 + 0x3c, _t332, _t240);
										if(__eflags != 0) {
											goto L36;
										} else {
											__eflags =  *(_t341 + 0x3c) - r15d;
											if( *(_t341 + 0x3c) <= r15d) {
												goto L37;
											} else {
												_t294 =  *0x29a7fe8; // 0x0
												_t320 = _t341 + 0x40;
												_t351 =  *0x29a7f98; // 0x0
												_t295 =  *_t294;
												__eflags = E0293C400(_t240, _t243,  *_t294, _t341 + 0x40, _t332, _t351);
												if(__eflags != 0) {
													L29:
													_t186 = E02943770(__eflags, _t240, "ctlEnumerateDisplayOutputs returned failure code: 0x%X\n", _t320, _t351, _t352);
													goto L30;
												} else {
													_t210 =  *(_t341 + 0x40);
													L0296B154(_t240, _t295 << 3);
													 *0x29a7f98 = _t240;
													__eflags = _t240;
													if(_t240 == 0) {
														goto L37;
													} else {
														_t302 =  *0x29a7fe8; // 0x0
														_t320 = _t341 + 0x40;
														_t351 = _t240;
														__eflags = E0293C400(_t240, _t243,  *_t302, _t341 + 0x40, _t332, _t240);
														if(__eflags != 0) {
															goto L29;
														}
														L30:
														_t243 =  *0x29a7f98; // 0x0
														__eflags = _t243;
														if(_t243 == 0) {
															goto L37;
														} else {
															r8d = 0xc4;
															E02947430(_t186, _t210, 0, _t225, _t228, _t336 - 0x7c, _t320, _t351);
															 *((intOrPtr*)(_t336 - 0x80)) = 0xc8;
															_t298 =  *_t243;
															__eflags =  *_t243;
															if( *_t243 == 0) {
																goto L37;
															} else {
																_t321 = _t336 - 0x80;
																_t188 = E0293CA70(_t240, _t243, _t298, _t336 - 0x80);
																__eflags = _t188;
																if(_t188 != 0) {
																	goto L37;
																} else {
																	__eflags = r14b &  *(_t336 - 0x50) >> 0x00000001;
																	if(__eflags == 0) {
																		E02943770(__eflags, _t240, "Display 0 is not attached, skipping the call for this display\n", _t321, _t351, _t352);
																		goto L37;
																	} else {
																		_t240 =  *0x29a7f98; // 0x0
																		 *0x29a7ff0 =  *_t240;
																		 *0x29a6000 = r15b;
																		 *0x29a6001 = r14b;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						} else {
							_t240 = 0x29a7f90;
							_t211 = 0;
							_t352 = 0x2991db8;
							 *((long long*)(_t341 + 0x20)) = 0x29a7f90;
							_t16 =  &(_t367[0x15]); // 0x15
							r8d = _t16;
							__imp__CoCreateInstance();
							if(_t169 < 0) {
								goto L21;
							} else {
								_t305 =  *0x29a7f90; // 0x0
								if(_t305 == 0) {
									goto L21;
								} else {
									_t200 = r15d;
									while(1) {
										 *(_t341 + 0x38) = r15d;
										 *((long long*)(_t341 + 0x28)) = _t341 + 0x34;
										 *(_t341 + 0x34) = r15d;
										 *(_t341 + 0x30) = 0x20000000;
										r8d = _t200;
										_t240 =  *_t305;
										 *((long long*)(_t341 + 0x20)) = _t341 + 0x30;
										 *((intOrPtr*)( *_t305 + 0x60))();
										_t210 =  *(_t341 + 0x30) & 0x000000ff;
										_t194 =  *(_t341 + 0x34);
										if(_t210 == 7 && _t194 != r14d) {
											break;
										}
										if(_t210 != 2 || _t194 == r14d) {
											_t200 = _t200 + 1;
											if(_t200 >= 4) {
												__eflags =  *0x29a7291 - r15b; // 0x0
												if(__eflags != 0) {
													L41:
													r14d = r15d;
												} else {
													_t201 = r15d;
													do {
														_t306 =  *0x29a7f90; // 0x0
														 *((long long*)(_t341 + 0x28)) = _t341 + 0x34;
														 *(_t341 + 0x38) = r15d;
														 *(_t341 + 0x34) = r15d;
														r8d = _t201;
														 *(_t341 + 0x30) = 0x20000000;
														_t240 =  *_t306;
														 *((long long*)(_t341 + 0x20)) = _t341 + 0x30;
														 *((intOrPtr*)( *_t306 + 0x60))();
														_t210 =  *(_t341 + 0x30) & 0x000000ff;
														_t196 =  *(_t341 + 0x34);
														__eflags = _t210 - 7;
														if(_t210 != 7) {
															L16:
															__eflags = _t210 - 2;
															if(_t210 != 2) {
																goto L18;
															} else {
																__eflags = _t196 - r14d;
																if(_t196 != r14d) {
																	goto L20;
																} else {
																	goto L18;
																}
															}
														} else {
															__eflags = _t196 - r14d;
															if(_t196 != r14d) {
																goto L20;
															} else {
																goto L16;
															}
														}
														goto L42;
														L18:
														_t201 = _t201 + 1;
														__eflags = _t201 - 4;
													} while (_t201 < 4);
													goto L41;
												}
											} else {
												_t305 =  *0x29a7f90; // 0x0
												continue;
											}
										} else {
											break;
										}
										goto L42;
									}
									L20:
									 *0x29a7f88 =  *(_t341 + 0x38);
									 *0x29a7291 = r14b;
									 *0x29a6000 = r15b;
									 *0x29a6001 = r15b;
								}
							}
						}
						L42:
						asm("lock xadd [esi+0x10], eax");
						__eflags = 0xffffffff - 1;
						if(0xffffffff == 1) {
							__eflags =  *_t332;
							if( *_t332 != 0) {
								__imp__#6();
								 *_t332 = _t367;
							}
							_t288 = _t332[2];
							__eflags = _t332[2];
							if(_t332[2] != 0) {
								L02943928(_t240, _t288);
								_t332[2] = _t367;
							}
							L02943920(_t240, _t332);
						}
						asm("lock xadd [edi+0x10], ebx");
						__eflags = 0xffffffff - 1;
						if(0xffffffff == 1) {
							__eflags =  *_t329;
							if( *_t329 != 0) {
								__imp__#6();
								 *_t329 = _t367;
							}
							_t285 = _t329[2];
							__eflags = _t329[2];
							if(_t329[2] != 0) {
								L02943928(_t240, _t285);
								_t329[2] = _t367;
							}
							L02943920(_t240, _t329);
						}
						__eflags =  *(_t336 + 0x50) ^ _t341;
						return L029438C0(r14d, _t210, _t240,  *(_t336 + 0x50) ^ _t341);
					}
				}
				L112:
			}

0x0293e400
0x0293e400
0x0293e400
0x0293e400
0x0293e400
0x0293e400
0x0293e400
0x0293e400
0x0293e400
0x0293e400
0x0293e400
0x0293e400
0x0293e405
0x0293e40f
0x0293e414
0x0293e41b
0x0293e422
0x0293e425
0x0293e429
0x0293e430
0x0293e44f
0x0293e456
0x0293e45b
0x0293e461
0x0293e8bc
0x0293e8c1
0x0293e8c6
0x0293e8c7
0x0293e8c8
0x0293e8c9
0x0293e8ca
0x0293e8cb
0x0293e8cc
0x0293e8cd
0x0293e8ce
0x0293e8cf
0x0293e8d0
0x0293e8d5
0x0293e8da
0x0293e8e8
0x0293e8f0
0x0293e8f7
0x0293e8fe
0x0293e901
0x0293e908
0x0293e90f
0x0293e923
0x0293e929
0x0293e92c
0x0293e92f
0x0293e931
0x0293e938
0x0293e93f
0x0293e942
0x0293e949
0x0293e94e
0x0293e954
0x0293e960
0x0293e966
0x0293e968
0x0293eb87
0x0293eb89
0x0293eb95
0x0293eb9f
0x0293eba4
0x0293eba9
0x0293ebb2
0x0293ebba
0x0293ebbf
0x0293ebc4
0x0293ebc6
0x0293ed1b
0x0293ed1b
0x0293ed22
0x0293ed27
0x0293ed2e
0x0293ed31
0x0293ed33
0x0293ed33
0x0293ed38
0x0293ed3f
0x0293ed42
0x0293ed44
0x0293ed44
0x00000000
0x0293ebcc
0x0293ebcc
0x0293ebd3
0x0293ebd8
0x0293ebe4
0x0293ebe6
0x0293ed0d
0x0293ed16
0x00000000
0x0293ebec
0x0293ebec
0x0293ebf4
0x0293ebf9
0x0293ec00
0x0293ec03
0x00000000
0x0293ec09
0x0293ec09
0x0293ec10
0x0293ec15
0x0293ec1d
0x0293ec1f
0x00000000
0x0293ec25
0x0293ec25
0x0293ec2a
0x00000000
0x0293ec30
0x0293ec30
0x0293ec37
0x0293ec3c
0x0293ec43
0x0293ec4b
0x0293ec4d
0x0293ec87
0x0293ec90
0x00000000
0x0293ec4f
0x0293ec4f
0x0293ec57
0x0293ec5c
0x0293ec63
0x0293ec66
0x00000000
0x0293ec6c
0x0293ec6c
0x0293ec73
0x0293ec78
0x0293ec83
0x0293ec85
0x00000000
0x00000000
0x0293ec95
0x0293ec95
0x0293ec9c
0x0293ec9f
0x00000000
0x0293eca1
0x0293eca7
0x0293ecad
0x0293ecb2
0x0293ecb9
0x0293ecbd
0x0293ecc0
0x00000000
0x0293ecc2
0x0293ecc2
0x0293ecc6
0x0293eccb
0x0293eccd
0x00000000
0x0293eccf
0x0293ecd4
0x0293ecd6
0x0293ed06
0x00000000
0x0293ecd8
0x0293ecd8
0x0293ece3
0x0293ece8
0x0293ecef
0x0293ecf6
0x0293ecf6
0x0293ecd6
0x0293eccd
0x0293ecc0
0x0293ec9f
0x0293ec66
0x0293ec4d
0x0293ec2a
0x0293ec1f
0x0293ec03
0x0293ebe6
0x00000000
0x0293e96e
0x0293e96e
0x0293e975
0x0293e977
0x0293e97e
0x0293e983
0x0293e983
0x0293e98c
0x0293e992
0x0293e994
0x00000000
0x0293e99a
0x0293e99a
0x0293e9a1
0x00000000
0x0293e9a7
0x0293e9a9
0x0293e9ad
0x0293e9b3
0x0293e9b8
0x0293e9bb
0x0293e9c8
0x0293e9ca
0x0293e9cd
0x0293e9d3
0x0293e9d5
0x0293ed49
0x0293ed49
0x0293ed49
0x00000000
0x0293e9db
0x0293e9db
0x0293e9db
0x0293e9e0
0x0293e9e0
0x0293e9e0
0x0293e9e5
0x0293e9e8
0x0293e9f0
0x0293e9f5
0x0293e9fd
0x0293ea02
0x0293ea05
0x0293ea08
0x00000000
0x00000000
0x0293ea12
0x0293ea16
0x0293ea1a
0x0293ea1f
0x0293ea27
0x0293ea33
0x0293ea38
0x0293ea40
0x0293ea45
0x0293ea4b
0x0293ea4f
0x0293ea57
0x0293ea5a
0x0293ea5f
0x0293ea62
0x0293ea67
0x0293ea6a
0x0293ea6c
0x0293ea72
0x0293ea72
0x0293ea79
0x0293ea7d
0x0293ea80
0x0293ea82
0x0293ea87
0x0293ea87
0x0293ea94
0x0293ea97
0x0293ea97
0x0293ea9c
0x0293eaa0
0x0293eaa4
0x0293eaa7
0x0293eb09
0x0293eb09
0x0293eb0c
0x0293eb24
0x0293eb24
0x0293eb27
0x0293eb2c
0x0293eb35
0x0293eb38
0x0293eb3c
0x0293eb3c
0x00000000
0x0293eb0e
0x0293eb0e
0x0293eb11
0x0293eb42
0x0293eb42
0x0293eb45
0x00000000
0x0293eb4b
0x0293eb4b
0x0293eb51
0x00000000
0x0293eb57
0x00000000
0x0293eb57
0x0293eb51
0x0293eb13
0x0293eb13
0x0293eb19
0x0293eb1b
0x0293eb1b
0x00000000
0x0293eb19
0x0293eb11
0x0293eaa9
0x0293eaa9
0x0293eaaf
0x00000000
0x0293eab1
0x0293eab5
0x0293eab5
0x0293eab8
0x0293eacb
0x0293eacb
0x0293ead2
0x00000000
0x0293ead8
0x0293ead8
0x0293eadb
0x0293eae1
0x00000000
0x0293eae7
0x0293eae7
0x0293eaf1
0x0293eaf4
0x0293eaf6
0x0293eafc
0x0293eafe
0x00000000
0x0293eb04
0x00000000
0x0293eb04
0x0293eafe
0x0293eae1
0x0293eaba
0x0293eaba
0x0293eabd
0x00000000
0x0293eabf
0x0293eabf
0x0293eac5
0x0293eb60
0x0293eb67
0x0293eb67
0x0293eb6b
0x0293eb6e
0x0293eb74
0x0293eb7b
0x0293ed4b
0x0293ed52
0x0293ed7a
0x00000000
0x00000000
0x00000000
0x0293eac5
0x0293eabd
0x0293eab8
0x0293eaaf
0x00000000
0x0293eaa7
0x0293ed80
0x0293ed85
0x0293ed86
0x0293ed87
0x0293ed88
0x0293ed89
0x0293ed8a
0x0293ed8b
0x0293ed8c
0x0293ed8d
0x0293ed8e
0x0293ed8f
0x0293ed95
0x00000000
0x0293ed95
0x0293e9e0
0x0293e9d5
0x0293e9a1
0x0293e994
0x0293e467
0x0293e467
0x0293e471
0x0293e477
0x0293e47b
0x0293e47f
0x0293e488
0x0293e48b
0x0293e490
0x0293e496
0x00000000
0x0293e49c
0x0293e4a3
0x0293e4ab
0x0293e4af
0x0293e4b3
0x0293e4b8
0x0293e4bb
0x0293e4bd
0x0293e4c4
0x0293e4cb
0x0293e4d0
0x0293e4d5
0x0293e4da
0x0293e4ec
0x0293e4f4
0x0293e64b
0x0293e64d
0x0293e659
0x0293e663
0x0293e668
0x0293e66d
0x0293e676
0x0293e67e
0x0293e683
0x0293e688
0x0293e68a
0x0293e7d9
0x0293e7d9
0x0293e7e0
0x0293e7e7
0x0293e7ec
0x0293e7f3
0x0293e7f6
0x0293e7f8
0x0293e7f8
0x0293e7fd
0x0293e804
0x0293e807
0x0293e809
0x0293e809
0x00000000
0x0293e690
0x0293e690
0x0293e697
0x0293e69c
0x0293e6a8
0x0293e6aa
0x0293e7cb
0x0293e7d4
0x00000000
0x0293e6b0
0x0293e6b0
0x0293e6b8
0x0293e6bd
0x0293e6c4
0x0293e6c7
0x00000000
0x0293e6cd
0x0293e6cd
0x0293e6d4
0x0293e6d9
0x0293e6e1
0x0293e6e3
0x00000000
0x0293e6e9
0x0293e6e9
0x0293e6ee
0x00000000
0x0293e6f4
0x0293e6f4
0x0293e6fb
0x0293e700
0x0293e707
0x0293e70f
0x0293e711
0x0293e74b
0x0293e754
0x00000000
0x0293e713
0x0293e713
0x0293e71b
0x0293e720
0x0293e727
0x0293e72a
0x00000000
0x0293e730
0x0293e730
0x0293e737
0x0293e73c
0x0293e747
0x0293e749
0x00000000
0x00000000
0x0293e759
0x0293e759
0x0293e760
0x0293e763
0x00000000
0x0293e765
0x0293e76b
0x0293e771
0x0293e776
0x0293e77d
0x0293e780
0x0293e783
0x00000000
0x0293e785
0x0293e785
0x0293e789
0x0293e78e
0x0293e790
0x00000000
0x0293e792
0x0293e797
0x0293e79a
0x0293e7c4
0x00000000
0x0293e79c
0x0293e79c
0x0293e7a6
0x0293e7ad
0x0293e7b4
0x0293e7b4
0x0293e79a
0x0293e790
0x0293e783
0x0293e763
0x0293e72a
0x0293e711
0x0293e6ee
0x0293e6e3
0x0293e6c7
0x0293e6aa
0x0293e4fa
0x0293e4fa
0x0293e501
0x0293e503
0x0293e50a
0x0293e50f
0x0293e50f
0x0293e518
0x0293e520
0x00000000
0x0293e526
0x0293e526
0x0293e530
0x00000000
0x0293e536
0x0293e536
0x0293e540
0x0293e540
0x0293e54a
0x0293e554
0x0293e55e
0x0293e566
0x0293e569
0x0293e56c
0x0293e574
0x0293e577
0x0293e57c
0x0293e583
0x00000000
0x00000000
0x0293e591
0x0293e59c
0x0293e5a1
0x0293e5ac
0x0293e5b3
0x0293e80e
0x0293e80e
0x0293e5b9
0x0293e5b9
0x0293e5c0
0x0293e5c0
0x0293e5cc
0x0293e5d6
0x0293e5e0
0x0293e5e5
0x0293e5e8
0x0293e5f0
0x0293e5f3
0x0293e5fb
0x0293e5fe
0x0293e603
0x0293e607
0x0293e60a
0x0293e611
0x0293e611
0x0293e614
0x00000000
0x0293e616
0x0293e616
0x0293e619
0x00000000
0x00000000
0x00000000
0x00000000
0x0293e619
0x0293e60c
0x0293e60c
0x0293e60f
0x00000000
0x00000000
0x00000000
0x00000000
0x0293e60f
0x00000000
0x0293e61b
0x0293e61b
0x0293e61d
0x0293e61d
0x00000000
0x0293e5c0
0x0293e5a3
0x0293e5a3
0x00000000
0x0293e5a3
0x00000000
0x00000000
0x00000000
0x00000000
0x0293e591
0x0293e627
0x0293e62b
0x0293e631
0x0293e638
0x0293e63f
0x0293e63f
0x0293e530
0x0293e520
0x0293e811
0x0293e818
0x0293e81d
0x0293e820
0x0293e825
0x0293e828
0x0293e82a
0x0293e830
0x0293e830
0x0293e833
0x0293e837
0x0293e83a
0x0293e83c
0x0293e841
0x0293e841
0x0293e84d
0x0293e84d
0x0293e852
0x0293e857
0x0293e862
0x0293e867
0x0293e86a
0x0293e86c
0x0293e872
0x0293e872
0x0293e875
0x0293e879
0x0293e87c
0x0293e87e
0x0293e883
0x0293e883
0x0293e88f
0x0293e88f
0x0293e89b
0x0293e8bb
0x0293e8bb
0x0293e496
0x00000000

APIs

GetPrivateProfileIntA.KERNEL32 ref: 0293E444
_com_util::ConvertStringToBSTR.COMSUPP ref: 0293E47F

Part of subcall function 029438E4: Concurrency::cancel_current_task.LIBCPMT ref: 02943914

CoInitialize.OLE32 ref: 0293E4DA
CLSIDFromProgID.OLE32 ref: 0293E4EC
CoCreateInstance.OLE32 ref: 0293E518
SysFreeString.OLEAUT32 ref: 0293E82A
SysFreeString.OLEAUT32 ref: 0293E86C
_com_util::ConvertStringToBSTR.COMSUPP ref: 0293E4B3

Part of subcall function 029452F0: MultiByteToWideChar.KERNEL32 ref: 02945361
Part of subcall function 029452F0: MultiByteToWideChar.KERNEL32 ref: 029453F0
Part of subcall function 029452F0: SysAllocString.OLEAUT32 ref: 029453FD
Part of subcall function 029452F0: GetLastError.KERNEL32 ref: 02945447
Part of subcall function 029452F0: GetLastError.KERNEL32 ref: 0294547D

GetPrivateProfileIntA.KERNEL32 ref: 0293E923
CoInitialize.OLE32 ref: 0293E94E
CLSIDFromProgID.OLE32 ref: 0293E960
CoCreateInstance.OLE32 ref: 0293E98C
EnumDisplayDevicesA.USER32 ref: 0293E9CD
_com_util::ConvertStringToBSTR.COMSUPP ref: 0293EA1A
SysFreeString.OLEAUT32 ref: 0293EA6C
EnumDisplayDevicesA.USER32 ref: 0293EAF6

Strings

Display 1 is not attached, skipping the call for this display, xrefs: 0293ECFF
ctlEnumerateDevices returned failure code: 0x%X, xrefs: 0293E7CD, 0293ED0F
$, xrefs: 0293EBB2
ctlEnumerateDisplayOutputs returned failure code: 0x%X, xrefs: 0293E74D, 0293EC89
operatecardlib, xrefs: 0293E43D, 0293E91C
Igfxext.CUIExternal, xrefs: 0293E4E5, 0293E959
./operatecardlib.ini, xrefs: 0293E429, 0293E908
\\.\Display2, xrefs: 0293E49C
\\.\Display1, xrefs: 0293E46A
Display 0 is not attached, skipping the call for this display, xrefs: 0293E7BD
delaytime, xrefs: 0293E436, 0293E915

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: String$ConvertFree_com_util::$ByteCharCreateDevicesDisplayEnumErrorFromInitializeInstanceLastMultiPrivateProfileProgWide$AllocConcurrency::cancel_current_task
String ID: $$./operatecardlib.ini$Display 0 is not attached, skipping the call for this display$Display 1 is not attached, skipping the call for this display$Igfxext.CUIExternal$\\.\Display1$\\.\Display2$ctlEnumerateDevices returned failure code: 0x%X$ctlEnumerateDisplayOutputs returned failure code: 0x%X$delaytime$operatecardlib
API String ID: 527975136-3769379956
Opcode ID: a61911e68a51a03e211ba92ba68ad84f75c33280388b57514d40243c55ef71d4
Instruction ID: ecab94eec644ba7388cd8235305056c99d74f9d79b198adbb47a72aa0114213e
Opcode Fuzzy Hash: a61911e68a51a03e211ba92ba68ad84f75c33280388b57514d40243c55ef71d4
Instruction Fuzzy Hash: 8332E232205B40C6EB12DF65E8947AEB7A9FB84798F54452ADE8E43B68DF38C144CB41

Uniqueness

Uniqueness Score: -1.00%

Function 02982590 Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1207
COMMONLIBRARYCODECrypto

Download Yara Rule

C-Code - Quality: 87%

			E02982590(void* __edx, void* __esi, void* __ebp, void* __esp, void* __eflags, signed long long __rbx, signed long long __rcx, void* __rsi, long long __r8, signed long long __r9, long long __r12, void* __r13, void* __r14, void* __r15) {
				void* __rdi;
				void* _t517;
				void* _t528;
				signed long long _t529;
				signed long long _t530;
				signed int _t535;
				signed long long _t539;
				signed long long _t542;
				signed long long _t543;
				signed long long _t558;
				signed long long _t562;
				signed int _t567;
				signed long long _t569;
				signed long long _t591;
				signed long long _t595;
				signed long long _t599;
				void* _t602;
				signed int _t607;
				signed long long _t609;
				signed long long _t631;
				signed int _t638;
				signed long long _t639;
				signed long long _t640;
				void* _t647;
				signed long long _t648;
				void* _t649;
				void* _t655;
				signed long long _t656;
				void* _t657;
				void* _t663;
				void* _t664;
				signed long long _t665;
				void* _t668;
				signed long long _t670;
				signed long long _t673;
				unsigned int _t675;
				void* _t680;
				unsigned int _t683;
				void* _t688;
				void* _t694;
				signed int _t698;
				signed long long _t702;
				signed long long _t705;
				signed int _t717;
				signed int _t723;
				signed int _t727;
				signed int _t731;
				void* _t735;
				signed long long _t736;
				signed long long _t738;
				void* _t742;
				signed int _t746;
				signed int _t747;
				signed long long _t748;
				signed int _t750;
				signed int _t754;
				signed int _t756;
				void* _t757;
				void* _t758;
				signed long long _t766;
				signed long long _t768;
				intOrPtr _t773;
				void* _t775;
				signed long long _t776;
				signed long long _t777;
				signed long long* _t780;
				signed long long _t785;
				signed long long _t788;
				signed long long _t795;
				void* _t798;
				void* _t801;
				signed long long _t825;
				intOrPtr _t826;
				signed long long _t828;
				signed long long _t829;
				signed long long _t830;
				signed long long _t831;
				signed long long _t836;
				signed long long _t847;
				intOrPtr _t848;
				signed long long _t853;
				signed long long* _t854;
				signed long long _t856;
				signed long long _t857;
				void* _t861;
				void* _t863;
				signed long long _t864;
				signed long long _t869;
				signed long long _t873;
				signed long long _t874;
				signed long long _t875;
				signed long long _t878;
				signed long long _t890;
				signed long long _t891;
				signed long long _t894;
				signed long long _t903;
				signed long long _t904;
				signed long long _t907;
				signed long long _t914;
				signed long long _t915;
				long long _t920;
				void* _t922;
				intOrPtr* _t926;
				void* _t928;

				_t928 = __r15;
				_t922 = __r13;
				_t920 = __r12;
				_t914 = __r9;
				_t776 = __rbx;
				_t758 = __esp;
				_t757 = __ebp;
				_t742 = __esi;
				_push(__rbx);
				_push(__rsi);
				_push(_t847);
				_push(__r12);
				_push(__r13);
				_push(__r15);
				_t861 = _t863 - 0x6d8;
				_t864 = _t863 - 0x7d8;
				_t766 =  *0x29a61e8; // 0xc99624406909
				 *(_t861 + 0x6c0) = _t766 ^ _t864;
				 *(_t864 + 0x38) = __rcx;
				_t856 = __r9;
				 *((long long*)(_t864 + 0x68)) = __r9;
				_t926 = __r8;
				 *((long long*)(_t864 + 0x78)) = __r8;
				_t735 = __edx;
				L02989E1C(_t864 + 0x58);
				r12d = 0;
				_t512 =  *(_t864 + 0x58) & 0x0000001f;
				if(( *(_t864 + 0x58) & 0x0000001f) != 0x1f) {
					_t512 = L02989E8C(__eflags, _t864 + 0x58, _t847, __r9);
					 *(_t864 + 0x60) = 1;
				} else {
					 *(_t864 + 0x60) = r12b;
				}
				_t768 =  *(_t864 + 0x38);
				 *(_t926 + 8) = _t856;
				r9d = 0x7ff;
				_t915 = 0xffffffff;
				_t13 = _t776 + 0xd; // 0x2d
				_t698 = _t13;
				_t670 =  <  ? _t698 : 0x20;
				 *_t926 = 0x20;
				_t825 = _t768 >> 0x00000034 & _t914;
				if (_t768 != 0) goto L5;
				if((0xffffffff & _t768) != 0) {
					__eflags = _t825 - _t914;
					if(_t825 == _t914) {
						_t785 = _t768 & 0xffffffff;
						__eflags = _t785;
						if(_t785 != 0) {
							__eflags = _t768;
							if(_t768 >= 0) {
								L12:
								_t673 =  !_t670 & 0x00000001 | 0x00000002;
								__eflags = _t673;
							} else {
								__eflags = _t785 - 0;
								if(_t785 != 0) {
									goto L12;
								} else {
									_t673 = 4;
								}
							}
						} else {
							_t673 = 1;
						}
						 *(_t926 + 4) = 1;
					} else {
						_t673 = r12d;
					}
					_t670 = _t673 - 1;
					__eflags = _t670;
					if(_t670 == 0) {
						_t869 = 0x2996840;
						goto L283;
					} else {
						_t670 = _t670 - 1;
						__eflags = _t670;
						if(_t670 == 0) {
							_t869 = "1#QNAN";
							goto L283;
						} else {
							_t670 = _t670 - 1;
							__eflags = _t670;
							if(_t670 == 0) {
								_t869 = "1#SNAN";
								goto L283;
							} else {
								__eflags = _t670 - 1;
								if(_t670 == 1) {
									_t869 = "1#IND";
									goto L283;
								} else {
									 *(_t864 + 0x38) = _t768 & 0xffffffff;
									_t736 = _t735 + 1;
									asm("movsd xmm0, [esp+0x38]");
									 *(_t864 + 0x50) = _t736;
									asm("movsd [esp+0x48], xmm0");
									_t828 =  *(_t864 + 0x48);
									_t873 = _t828 >> 0x34;
									asm("dec eax");
									_t829 = _t828 & _t915;
									_t795 =  ~(_t873 & _t914);
									asm("sbb eax, eax");
									r8d = r8d & r9d;
									r15d = _t856 + 0;
									r15d = r15d + r8d;
									L02989EDC(L02989FA0(_t512, 0x20, _t670, _t698, _t736, 2, _t757, 0, _t795, _t856), _t873);
									asm("cvttsd2si ecx, xmm0");
									 *(_t861 - 0x7c) = _t736;
									asm("inc ebp");
									_t853 = (_t847 & 0x00000000) + _t829 >> 0x20;
									r13d = r13d & _t670;
									 *(_t861 - 0x78) = _t736;
									 *(_t864 + 0x40) = r13d;
									asm("sbb edx, edx");
									_t702 =  ~_t698 + 1;
									 *(_t861 - 0x80) = _t702;
									__eflags = r15d - 0x434;
									if(r15d < 0x434) {
										__eflags = r15d - 0x36;
										if(__eflags == 0) {
											L90:
											_t528 = _t829 - 1;
											 *(_t864 + 0x38) = r12d;
											asm("bsr eax, [ebp+eax*4-0x7c]");
											if(__eflags == 0) {
												_t529 = r12d;
											} else {
												_t529 = _t528 + 1;
											}
											_t664 = 0x20 - _t529;
											r14d = _t702;
											r12d = r12d | 0xffffffff;
											__eflags = r12d;
											_t530 = _t702;
											while(1) {
												r10d = _t530;
												r8d = 0xfffffffffffff;
												__eflags = _t530 - _t702;
												if(_t530 >= _t702) {
													r9d = 0;
													__eflags = r9d;
												} else {
													r9d =  *(_t861 + _t915 * 4 - 0x7c);
												}
												__eflags = r8d - _t702;
												if(r8d >= _t702) {
													_t675 = 0;
													__eflags = 0;
												} else {
													_t675 =  *(_t861 + _t873 * 4 - 0x7c);
												}
												_t677 = _t675 >> 0x0000001f | _t914 + _t914;
												_t530 = r8d;
												 *(_t861 + _t915 * 4 - 0x7c) = _t675 >> 0x0000001f | _t914 + _t914;
												__eflags = r8d - r12d;
												if(r8d == r12d) {
													break;
												}
												_t702 =  *(_t861 - 0x80);
											}
											__eflags = _t664 - 1;
											_t795 = _t861 + 0x324;
											r14d =  <  ? _t926 + 1 : r14d;
											 *(_t861 - 0x80) = r14d;
											_t738 = 0x435 >> 5;
											_t665 = 0x435;
											_t776 = _t776 << 2;
											_t874 = _t776;
											E02947430(_t926 + 1, _t677, 0, 0x435 >> 5, _t758, _t795, _t829, _t874);
											_t746 = 0x00000435 - r15d & 0x0000001f;
											_t670 = sil;
											_t535 = 1 << _t670;
											 *(_t861 + _t776 + 0x324) = 1;
										} else {
											 *(_t861 + 0x328) = 0x100000;
											 *(_t861 + 0x324) = 0;
											 *(_t861 + 0x320) = 2;
											__eflags = _t736;
											if(__eflags != 0) {
												r8d = r12d;
												while(1) {
													_t638 =  *(_t861 + _t795 * 4 - 0x7c);
													__eflags =  *((intOrPtr*)(_t861 + 0x324 + _t795 * 4)) - _t638;
													if(__eflags != 0) {
														goto L90;
													}
													r8d = r8d + 1;
													__eflags = r8d - 2;
													if(__eflags != 0) {
														continue;
													} else {
														asm("bsr eax, edi");
														 *(_t864 + 0x38) = r12d;
														if(__eflags == 0) {
															_t639 = r12d;
														} else {
															_t639 = _t638 + 1;
														}
														_t668 = 0x20 - _t639;
														r14d = _t702;
														r12d = r12d | 0xffffffff;
														__eflags = r12d;
														_t640 = _t702;
														while(1) {
															r10d = _t640;
															r8d = 0xfffffffffffff;
															__eflags = _t640 - _t702;
															if(_t640 >= _t702) {
																r9d = 0;
																__eflags = r9d;
															} else {
																r9d =  *(_t861 + _t915 * 4 - 0x7c);
															}
															__eflags = r8d - _t702;
															if(r8d >= _t702) {
																_t683 = 0;
																__eflags = 0;
															} else {
																_t683 =  *(_t861 + _t873 * 4 - 0x7c);
															}
															_t685 = _t683 >> 0x0000001e | r9d << 0x00000002;
															_t640 = r8d;
															 *(_t861 + _t915 * 4 - 0x7c) = _t683 >> 0x0000001e | r9d << 0x00000002;
															__eflags = r8d - r12d;
															if(r8d == r12d) {
																break;
															}
															_t702 =  *(_t861 - 0x80);
														}
														__eflags = _t668 - 2;
														_t795 = _t861 + 0x324;
														r14d =  <  ? _t926 + 1 : r14d;
														 *(_t861 - 0x80) = r14d;
														_t738 = 0x436 >> 5;
														_t665 = 0x436;
														_t776 = _t776 << 2;
														_t874 = _t776;
														E02947430(_t926 + 1, _t685, 0, 0x436 >> 5, _t758, _t795, _t829, _t874);
														_t746 = 0x00000436 - r15d & 0x0000001f;
														_t670 = sil;
														_t535 = 1 << _t670;
														__eflags = 1;
														 *(_t861 + _t776 + 0x324) = 1;
													}
													goto L87;
												}
											}
											goto L90;
										}
										L87:
										_t118 = _t853 + 1; // 0x437
										r15d = _t118;
										r8d = r15d;
										_t875 = _t874 << 2;
										 *(_t861 + 0x320) = r15d;
										 *(_t861 + 0x150) = r15d;
										__eflags = _t875;
										if(_t875 != 0) {
											_t665 = 0x1cc;
											_t795 = _t861 + 0x154;
											__eflags = _t875 - _t776;
											if(_t875 > _t776) {
												__eflags = 0;
												E02947430(_t535, _t670, 0, _t738, _t758, _t795, _t829, _t776);
												E02971538(__eflags, 0);
												 *0 = 0x22;
												E02970D4C();
											} else {
												E02946FD0(_t670, _t738, _t746, _t758, _t795, _t861 + 0x324, _t875);
											}
											r15d =  *(_t861 + 0x150);
										}
									} else {
										 *(_t861 + 0x328) = 0x100000;
										 *(_t861 + 0x324) = 0;
										 *(_t861 + 0x320) = 2;
										__eflags = _t736;
										if(_t736 == 0) {
											L46:
											_t64 = _t928 - 0x433; // -1075
											r11d = _t64;
											 *(_t864 + 0x38) = r12d;
											r8d = r11d;
											_t647 = _t829 - 1;
											r11d = r11d & 0x0000001f;
											r8d = r8d >> 5;
											_t754 = 0x20 - r11d;
											_t853 = _t853 << _t754;
											_t738 = 0;
											__eflags = 1;
											asm("bsr eax, [ebp+eax*4-0x7c]");
											r15d = 1;
											r15d =  !r15d;
											if(1 == 0) {
												_t648 = r12d;
											} else {
												_t648 = _t647 + 1;
											}
											_t665 = 0x20 - _t648;
											_t649 = _t829 + _t873;
											__eflags = _t649 - 0x73;
											if(_t649 != 0x73) {
												L51:
												_t670 = r12b;
											} else {
												_t670 = 1;
												__eflags = r11d - _t665;
												if(r11d <= _t665) {
													goto L51;
												}
											}
											r12d = r12d | 0xffffffff;
											__eflags = _t649 - 0x73;
											if(_t649 > 0x73) {
												L67:
												r14d = 0;
												__eflags = r14d;
											} else {
												__eflags = _t670;
												if(_t670 != 0) {
													goto L67;
												} else {
													r14d = 0x72;
													__eflags = _t649 - r14d;
													r14d =  <  ? _t649 : r14d;
													r10d = r14d;
													__eflags = r14d - r12d;
													if(r14d != r12d) {
														while(1) {
															__eflags = r10d - r8d;
															if(r10d < r8d) {
																goto L64;
															}
															_t688 = 0xfffffffffffff;
															__eflags = r10d - r8d - _t702;
															if(r10d - r8d >= _t702) {
																r9d = 0;
																__eflags = r9d;
															} else {
																r9d =  *(_t861 + 0x3fffffffffff84);
															}
															__eflags = _t688 - _t702;
															if(_t688 >= _t702) {
																_t727 = 0;
																__eflags = 0;
															} else {
																_t727 =  *(_t861 + _t795 * 4 - 0x7c);
															}
															r9d = r9d & _t738;
															r10d = r10d + r12d;
															r9d = r9d << r11d;
															 *(_t861 + 0x3fffffffffff84) = (_t727 & r15d) >> _t754 | r9d;
															__eflags = r10d - r12d;
															if(r10d != r12d) {
																_t702 =  *(_t861 - 0x80);
																continue;
															}
															goto L64;
														}
													}
													L64:
													_t670 = 0;
													__eflags = r8d;
													if(r8d != 0) {
														do {
															 *(_t861 + _t795 * 4 - 0x7c) =  *(_t861 + _t795 * 4 - 0x7c) & 0x00000000;
															_t670 = _t670 + 1;
															__eflags = _t670 - r8d;
														} while (_t670 != r8d);
													}
													__eflags = r11d - _t665;
													r14d =  >  ? _t926 + 1 : r14d;
												}
											}
											 *(_t861 + 0x328) =  *(_t861 + 0x328) & 0x00000000;
											r15d = 1;
											 *(_t861 + 0x150) = r15d;
											 *(_t861 - 0x80) = r14d;
											 *(_t861 + 0x320) = 1;
											 *(_t861 + 0x154) = 2;
										} else {
											r8d = r12d;
											while(1) {
												__eflags =  *((intOrPtr*)(_t861 + 0x324 + _t795 * 4)) -  *(_t861 + _t795 * 4 - 0x7c);
												if( *((intOrPtr*)(_t861 + 0x324 + _t795 * 4)) !=  *(_t861 + _t795 * 4 - 0x7c)) {
													goto L46;
												}
												r8d = r8d + 1;
												__eflags = r8d - 2;
												if(r8d != 2) {
													continue;
												} else {
													_t36 = _t928 - 0x432; // -1074
													r11d = _t36;
													 *(_t864 + 0x38) = r12d;
													r8d = r11d;
													_t655 = _t829 - 1;
													r11d = r11d & 0x0000001f;
													r8d = r8d >> 5;
													_t756 = 0x20 - r11d;
													_t853 = _t853 << _t756;
													_t738 = 0;
													__eflags = 1;
													asm("bsr eax, [ebp+eax*4-0x7c]");
													r15d = 1;
													r15d =  !r15d;
													if(1 == 0) {
														_t656 = r12d;
													} else {
														_t656 = _t655 + 1;
													}
													_t665 = 0x20 - _t656;
													_t657 = _t829 + _t873;
													__eflags = _t657 - 0x73;
													if(_t657 != 0x73) {
														L28:
														_t670 = r12b;
													} else {
														_t670 = 1;
														__eflags = r11d - _t665;
														if(r11d <= _t665) {
															goto L28;
														}
													}
													r12d = r12d | 0xffffffff;
													__eflags = _t657 - 0x73;
													if(_t657 > 0x73) {
														L44:
														r14d = 0;
														__eflags = r14d;
													} else {
														__eflags = _t670;
														if(_t670 != 0) {
															goto L44;
														} else {
															r14d = 0x72;
															__eflags = _t657 - r14d;
															r14d =  <  ? _t657 : r14d;
															r10d = r14d;
															__eflags = r14d - r12d;
															if(r14d != r12d) {
																while(1) {
																	__eflags = r10d - r8d;
																	if(r10d < r8d) {
																		goto L41;
																	}
																	_t694 = 0xfffffffffffff;
																	__eflags = r10d - r8d - _t702;
																	if(r10d - r8d >= _t702) {
																		r9d = 0;
																		__eflags = r9d;
																	} else {
																		r9d =  *(_t861 + 0x3fffffffffff84);
																	}
																	__eflags = _t694 - _t702;
																	if(_t694 >= _t702) {
																		_t731 = 0;
																		__eflags = 0;
																	} else {
																		_t731 =  *(_t861 + _t795 * 4 - 0x7c);
																	}
																	r9d = r9d & _t738;
																	r10d = r10d + r12d;
																	r9d = r9d << r11d;
																	 *(_t861 + 0x3fffffffffff84) = (_t731 & r15d) >> _t756 | r9d;
																	__eflags = r10d - r12d;
																	if(r10d != r12d) {
																		_t702 =  *(_t861 - 0x80);
																		continue;
																	}
																	goto L41;
																}
															}
															L41:
															_t670 = 0;
															__eflags = r8d;
															if(r8d != 0) {
																do {
																	 *(_t861 + _t795 * 4 - 0x7c) =  *(_t861 + _t795 * 4 - 0x7c) & 0x00000000;
																	_t670 = _t670 + 1;
																	__eflags = _t670 - r8d;
																} while (_t670 != r8d);
															}
															__eflags = r11d - _t665;
															r14d =  >  ? _t926 + 1 : r14d;
														}
													}
													 *(_t861 + 0x328) =  *(_t861 + 0x328) & 0x00000000;
													r15d = 1;
													 *(_t861 + 0x150) = r15d;
													 *(_t861 - 0x80) = r14d;
													 *(_t861 + 0x320) = 1;
													 *(_t861 + 0x154) = 4;
												}
												goto L105;
											}
											goto L46;
										}
									}
									L105:
									__eflags = r13d;
									if(r13d < 0) {
										r13d =  ~r13d;
										_t830 = 0x2900000;
										_t539 = 0xcccccccd * r13d >> 0x20 >> 3;
										 *(_t864 + 0x44) = _t539;
										r12d = _t539;
										 *(_t864 + 0x30) = _t539;
										__eflags = _t539;
										if(_t539 == 0) {
											L236:
											r13d = r13d - 0xa0000000000000;
											__eflags = r13d;
											if(r13d == 0) {
												goto L172;
											} else {
												_t558 =  *(_t830 + 0x40000000096818);
												__eflags = _t558;
												if(_t558 == 0) {
													goto L246;
												} else {
													__eflags = _t558 - 1;
													if(_t558 == 1) {
														goto L172;
													} else {
														__eflags = r14d;
														if(r14d == 0) {
															goto L172;
														} else {
															r8d = 0;
															r10d = _t558;
															r9d = 0;
															__eflags = r9d;
															do {
																_t670 =  *(_t861 + _t914 * 4 - 0x7c);
																_t795 = _t795 * _t915 + 0;
																 *(_t861 + _t914 * 4 - 0x7c) = _t670;
																r9d = r9d + 1;
																__eflags = r9d - r14d;
															} while (r9d != r14d);
															__eflags = r8d;
															if(r8d == 0) {
																r14d =  *(_t861 - 0x80);
																goto L172;
															} else {
																__eflags =  *(_t861 - 0x80) - 0x73;
																if( *(_t861 - 0x80) >= 0x73) {
																	goto L246;
																} else {
																	 *(_t861 + 0x3fffffffffff84) = r8d;
																	r14d =  *(_t861 - 0x80);
																	r14d = r14d + 1;
																	 *(_t861 - 0x80) = r14d;
																	goto L172;
																}
															}
														}
													}
												}
											}
										} else {
											_t680 = 0x26;
											do {
												__eflags = r12d - _t680;
												_t562 =  >  ? _t680 : r12d;
												 *(_t864 + 0x38) = _t562;
												_t738 = _t562 - 1;
												_t670 =  *(_t830 + 0x40000000096782) & 0x000000ff;
												_t749 =  *(_t830 + 0x40000000096783) & 0x000000ff;
												_t665 = _t670;
												_t776 = _t776 << 2;
												 *(_t861 + 0x320) = _t856 + _t795;
												E02947430(_t856 + _t795, _t670, 0, _t738, _t758, _t861 + 0x324, _t830, _t776);
												_t856 = _t856 << 2;
												_t795 = _t861 + 0x324 + _t776;
												_t567 = E02946FD0(_t670, _t738,  *(_t830 + 0x40000000096783) & 0x000000ff, _t758, _t795, 0x40000002995e70, _t856);
												r10d =  *(_t861 + 0x320);
												__eflags = r10d - 1;
												if(r10d > 1) {
													__eflags = r14d - 1;
													if(r14d > 1) {
														__eflags = r10d - r14d;
														r12d = r14d;
														_t795 =  >=  ? _t861 - 0x7c : _t861 + 0x324;
														_t890 = _t861 + 0x324;
														r12d =  <  ? r10d : r12d;
														 *(_t864 + 0x70) = _t795;
														_t836 =  >=  ? _t890 : _t861 - 0x7c;
														__eflags = _t567 & 0xffffff00 | r10d - r14d > 0x00000000;
														 *(_t864 + 0x48) = _t836;
														r10d =  !=  ? r14d : r10d;
														r14d = 0;
														r9d = 0;
														 *(_t861 + 0x4f0) = r14d;
														__eflags = r12d;
														if(r12d == 0) {
															L226:
															r8d = r14d;
															_t891 = _t890 << 2;
															 *(_t861 - 0x80) = r14d;
															__eflags = _t891;
															if(_t891 != 0) {
																_t795 = _t861 - 0x7c;
																__eflags = _t891 - 0;
																if(_t891 > 0) {
																	__eflags = 0;
																	E02947430(0x1cc, _t670, 0, _t738, _t758, _t795, _t836, 0);
																	E02971538(__eflags, 0);
																	 *0 = 0x22;
																	E02970D4C();
																} else {
																	E02946FD0(_t670, _t738, _t749, _t758, _t795, _t861 + 0x4f4, _t891);
																}
																r14d =  *(_t861 - 0x80);
															}
															r12d =  *(_t864 + 0x30);
															goto L232;
														} else {
															do {
																_t749 =  *(_t795 + _t914 * 4);
																__eflags = _t749;
																if(_t749 != 0) {
																	r11d = 0;
																	r8d = r9d;
																	__eflags = r10d;
																	if(r10d == 0) {
																		L223:
																		__eflags = r8d - 0x73;
																		if(r8d == 0x73) {
																			goto L246;
																		} else {
																			_t795 =  *(_t864 + 0x70);
																			_t836 =  *(_t864 + 0x48);
																			goto L225;
																		}
																	} else {
																		_t665 =  ~r9d;
																		while(1) {
																			__eflags = r8d - 0x73;
																			if(r8d == 0x73) {
																				break;
																			}
																			_t738 = r8d;
																			__eflags = r8d - r14d;
																			if(r8d == r14d) {
																				_t371 = _t861 + 0x4f4 + _t853 * 4;
																				 *_t371 =  *(_t861 + 0x4f4 + _t853 * 4) & 0x00000000;
																				__eflags =  *_t371;
																				_t377 = _t890 + 1; // 0x1
																				 *(_t861 + 0x4f0) = _t377;
																			}
																			r8d = r8d + 1;
																			_t717 =  *(_t836 + 0x40000000000000);
																			_t836 = _t836 * _t856 + 0x20000000000000;
																			 *(_t861 + 0x4f4 + _t853 * 4) = _t717;
																			r14d =  *(_t861 + 0x4f0);
																			__eflags = _t776 + _t890 - r10d;
																			if(_t776 + _t890 != r10d) {
																				_t836 =  *(_t864 + 0x48);
																				continue;
																			}
																			break;
																		}
																		__eflags = r11d;
																		if(r11d == 0) {
																			goto L223;
																		} else {
																			while(1) {
																				__eflags = r8d - 0x73;
																				if(r8d == 0x73) {
																					goto L246;
																				}
																				__eflags = r8d - r14d;
																				if(r8d == r14d) {
																					_t391 = _t861 + 0x4f4 + _t836 * 4;
																					 *_t391 =  *(_t861 + 0x4f4 + _t836 * 4) & 0x00000000;
																					__eflags =  *_t391;
																					_t397 = _t890 + 1; // 0x1
																					 *(_t861 + 0x4f0) = _t397;
																				}
																				_t670 =  *(_t861 + 0x4f4 + _t836 * 4);
																				r8d = r8d + 1;
																				 *(_t861 + 0x4f4 + _t836 * 4) = _t670;
																				r14d =  *(_t861 + 0x4f0);
																				_t795 = _t795 + 0 >> 0x20;
																				r11d = _t670;
																				__eflags = _t670;
																				if(_t670 != 0) {
																					continue;
																				} else {
																					goto L223;
																				}
																				goto L248;
																			}
																			goto L246;
																		}
																	}
																} else {
																	__eflags = r9d - r14d;
																	if(r9d == r14d) {
																		 *(_t861 + 0x4f4 + _t914 * 4) =  *(_t861 + 0x4f4 + _t914 * 4) & _t749;
																		_t369 = _t914 + 1; // 0x1
																		r14d = _t369;
																		 *(_t861 + 0x4f0) = r14d;
																	}
																	goto L225;
																}
																goto L248;
																L225:
																r9d = r9d + 1;
																__eflags = r9d - r12d;
															} while (r9d != r12d);
															goto L226;
														}
													} else {
														_t665 =  *(_t861 - 0x7c);
														_t894 = _t915 << 2;
														r14d = r10d;
														 *(_t861 - 0x80) = r10d;
														__eflags = _t894;
														if(_t894 != 0) {
															_t795 = _t861 - 0x7c;
															__eflags = _t894 - 0;
															if(_t894 > 0) {
																__eflags = 0;
																E02947430(0x1cc, _t670, 0, _t738, _t758, _t795, 0x40000002995e70, 0);
																E02971538(__eflags, 0);
																 *0 = 0x22;
																E02970D4C();
															} else {
																E02946FD0(_t670, _t738, _t749, _t758, _t795, _t861 + 0x324, _t894);
															}
															r14d =  *(_t861 - 0x80);
														}
														__eflags = _t665;
														if(_t665 == 0) {
															goto L184;
														} else {
															__eflags = _t665 - 1;
															if(_t665 == 1) {
																goto L232;
															} else {
																__eflags = r14d;
																if(r14d == 0) {
																	goto L232;
																} else {
																	r8d = 0;
																	_t915 = _t776;
																	r9d = 0;
																	__eflags = r9d;
																	do {
																		_t670 =  *(_t861 + _t914 * 4 - 0x7c);
																		_t795 = _t795 * _t915 + 0;
																		 *(_t861 + _t914 * 4 - 0x7c) = _t670;
																		r9d = r9d + 1;
																		__eflags = r9d - r14d;
																	} while (r9d != r14d);
																	goto L190;
																}
															}
														}
														goto L233;
													}
												} else {
													_t591 =  *(_t861 + 0x324);
													__eflags = _t591;
													if(_t591 != 0) {
														__eflags = _t591 - 1;
														if(_t591 == 1) {
															goto L232;
														} else {
															__eflags = r14d;
															if(r14d == 0) {
																goto L232;
															} else {
																r8d = 0;
																_t915 = 0;
																r9d = 0;
																__eflags = r9d;
																do {
																	_t670 =  *(_t861 + _t914 * 4 - 0x7c);
																	_t795 = 0 + _t795 * 0;
																	 *(_t861 + _t914 * 4 - 0x7c) = _t670;
																	r9d = r9d + 1;
																	__eflags = r9d - r14d;
																} while (r9d != r14d);
																L190:
																__eflags = r8d;
																if(r8d == 0) {
																	r14d =  *(_t861 - 0x80);
																	goto L232;
																} else {
																	__eflags =  *(_t861 - 0x80) - 0x73;
																	if( *(_t861 - 0x80) >= 0x73) {
																		r14d = 0;
																		 *(_t861 - 0x80) = r14d;
																		_t569 = 0;
																	} else {
																		 *(_t861 + 0x3fffffffffff84) = r8d;
																		r14d =  *(_t861 - 0x80);
																		r14d = r14d + 1;
																		goto L185;
																	}
																}
															}
														}
													} else {
														L184:
														r14d = 0;
														__eflags = r14d;
														L185:
														 *(_t861 - 0x80) = r14d;
														L232:
														_t569 = 1;
													}
													L233:
													__eflags = _t569;
													if(_t569 == 0) {
														L246:
														 *(_t861 - 0x80) =  *(_t861 - 0x80) & 0x00000000;
														_t854 =  *((intOrPtr*)(_t864 + 0x68));
														r12d = 0;
														_t780 = _t854;
													} else {
														goto L234;
													}
												}
												goto L248;
												L234:
												r12d = r12d -  *(_t864 + 0x38);
												__eflags = r12d;
												_t830 = 0x2900000;
												 *(_t864 + 0x30) = r12d;
												_t680 = 0x26;
											} while (r12d != 0);
											goto L236;
										}
									} else {
										_t830 = 0x2900000;
										_t595 = 0xcccccccd * r13d >> 0x20 >> 3;
										 *(_t864 + 0x38) = _t595;
										r12d = _t595;
										 *(_t864 + 0x30) = _t595;
										__eflags = _t595;
										if(_t595 == 0) {
											L162:
											_t670 = r13d - 0xa0000000000000;
											__eflags = _t670;
											if(_t670 != 0) {
												_t599 =  *(_t830 + 0x40000000096818);
												__eflags = _t599;
												if(_t599 == 0) {
													goto L178;
												} else {
													__eflags = _t599 - 1;
													if(_t599 != 1) {
														__eflags = r15d;
														if(r15d != 0) {
															r8d = 0;
															r10d = _t599;
															r9d = 0;
															__eflags = r9d;
															do {
																_t670 =  *(_t861 + 0x154 + _t914 * 4);
																_t795 = _t795 * _t915 + 0;
																 *(_t861 + 0x154 + _t914 * 4) = _t670;
																r9d = r9d + 1;
																__eflags = r9d - r15d;
															} while (r9d != r15d);
															__eflags = r8d;
															if(r8d == 0) {
																r15d =  *(_t861 + 0x150);
															} else {
																__eflags =  *(_t861 + 0x150) - 0x73;
																if( *(_t861 + 0x150) >= 0x73) {
																	goto L178;
																} else {
																	 *(_t861 + 0x40000000000154) = r8d;
																	r15d =  *(_t861 + 0x150);
																	r15d = r15d + 1;
																}
																goto L179;
															}
														}
													}
												}
											}
										} else {
											_t602 = 0x26;
											do {
												__eflags = r12d - _t602;
												r13d = r12d;
												r13d =  >  ? _t602 : r13d;
												 *(_t864 + 0x44) = r13d;
												_t670 =  *(_t830 + 0x40000000096782) & 0x000000ff;
												_t750 =  *(_t830 + 0x40000000096783) & 0x000000ff;
												_t665 = _t670;
												_t738 = _t922 - 1;
												_t776 = _t776 << 2;
												 *(_t861 + 0x320) = _t856 + _t795;
												E02947430(_t856 + _t795, _t670, 0, _t738, _t758, _t861 + 0x324, _t830, _t776);
												_t856 = _t856 << 2;
												_t903 = _t856;
												_t795 = _t861 + 0x324 + _t776;
												_t830 = 0x40000002995e70;
												_t607 = E02946FD0(_t670, _t738, _t750, _t758, _t795, 0x40000002995e70, _t903);
												r10d =  *(_t861 + 0x320);
												__eflags = r10d - 1;
												if(r10d > 1) {
													__eflags = r15d - 1;
													if(r15d > 1) {
														__eflags = r10d - r15d;
														r12d = r15d;
														_t922 =  >=  ? _t861 + 0x154 : _t861 + 0x324;
														r12d =  <  ? r10d : r12d;
														_t795 = _t861 + 0x324;
														_t830 =  >=  ? _t795 : _t861 + 0x154;
														__eflags = _t607 & 0xffffff00 | r10d - r15d > 0x00000000;
														 *(_t864 + 0x48) = _t830;
														r10d =  !=  ? r15d : r10d;
														r15d = 0;
														r9d = 0;
														 *(_t861 + 0x4f0) = r15d;
														__eflags = r12d;
														if(r12d == 0) {
															L152:
															r8d = r15d;
															_t904 = _t903 << 2;
															 *(_t861 + 0x150) = r15d;
															__eflags = _t904;
															if(_t904 != 0) {
																_t795 = _t861 + 0x154;
																__eflags = _t904 - 0;
																if(_t904 > 0) {
																	__eflags = 0;
																	E02947430(0x1cc, _t670, 0, _t738, _t758, _t795, _t830, 0);
																	E02971538(__eflags, 0);
																	 *0 = 0x22;
																	E02970D4C();
																} else {
																	_t830 = _t861 + 0x4f4;
																	E02946FD0(_t670, _t738, _t750, _t758, _t795, _t830, _t904);
																}
																r15d =  *(_t861 + 0x150);
															}
															r12d =  *(_t864 + 0x30);
															r13d =  *(_t864 + 0x44);
															goto L158;
														} else {
															do {
																_t750 =  *(_t922 + _t914 * 4);
																__eflags = _t750;
																if(_t750 != 0) {
																	r11d = 0;
																	r8d = r9d;
																	__eflags = r10d;
																	if(r10d == 0) {
																		L149:
																		__eflags = r8d - 0x73;
																		if(r8d == 0x73) {
																			goto L178;
																		} else {
																			_t830 =  *(_t864 + 0x48);
																			goto L151;
																		}
																	} else {
																		_t665 =  ~r9d;
																		while(1) {
																			__eflags = r8d - 0x73;
																			if(r8d == 0x73) {
																				break;
																			}
																			_t738 = r8d;
																			__eflags = r8d - r15d;
																			if(r8d == r15d) {
																				_t215 = _t861 + 0x4f4 + _t853 * 4;
																				 *_t215 =  *(_t861 + 0x4f4 + _t853 * 4) & 0x00000000;
																				__eflags =  *_t215;
																				_t221 = _t903 + 1; // 0x1
																				 *(_t861 + 0x4f0) = _t221;
																			}
																			r8d = r8d + 1;
																			_t723 =  *(_t830 + 0x40000000000000);
																			_t830 = _t830 * _t856 + 0x20000000000000;
																			 *(_t861 + 0x4f4 + _t853 * 4) = _t723;
																			r15d =  *(_t861 + 0x4f0);
																			__eflags = _t903 + _t776 - r10d;
																			if(_t903 + _t776 != r10d) {
																				_t830 =  *(_t864 + 0x48);
																				continue;
																			}
																			break;
																		}
																		__eflags = r11d;
																		if(r11d == 0) {
																			goto L149;
																		} else {
																			while(1) {
																				__eflags = r8d - 0x73;
																				if(r8d == 0x73) {
																					goto L178;
																				}
																				__eflags = r8d - r15d;
																				if(r8d == r15d) {
																					_t235 = _t861 + 0x4f4 + _t830 * 4;
																					 *_t235 =  *(_t861 + 0x4f4 + _t830 * 4) & 0x00000000;
																					__eflags =  *_t235;
																					_t241 = _t903 + 1; // 0x1
																					 *(_t861 + 0x4f0) = _t241;
																				}
																				r8d = r8d + 1;
																				_t670 = r11d;
																				 *(_t861 + 0x4f4 + _t830 * 4) = _t670;
																				r15d =  *(_t861 + 0x4f0);
																				_t795 = _t795 + 0 >> 0x20;
																				r11d = _t670;
																				__eflags = _t670;
																				if(_t670 != 0) {
																					continue;
																				} else {
																					goto L149;
																				}
																				goto L172;
																			}
																			goto L178;
																		}
																	}
																} else {
																	__eflags = r9d - r15d;
																	if(r9d == r15d) {
																		 *(_t861 + 0x4f4 + _t914 * 4) =  *(_t861 + 0x4f4 + _t914 * 4) & _t750;
																		_t213 = _t914 + 1; // 0x1
																		r15d = _t213;
																		 *(_t861 + 0x4f0) = r15d;
																	}
																	goto L151;
																}
																goto L172;
																L151:
																r9d = r9d + 1;
																__eflags = r9d - r12d;
															} while (r9d != r12d);
															goto L152;
														}
													} else {
														_t665 =  *(_t861 + 0x154);
														_t907 = _t915 << 2;
														r15d = r10d;
														 *(_t861 + 0x150) = r10d;
														__eflags = _t907;
														if(_t907 != 0) {
															_t795 = _t861 + 0x154;
															__eflags = _t907 - 0;
															if(_t907 > 0) {
																__eflags = 0;
																E02947430(0x1cc, _t670, 0, _t738, _t758, _t795, 0x40000002995e70, 0);
																E02971538(__eflags, 0);
																 *0 = 0x22;
																E02970D4C();
															} else {
																_t830 = _t861 + 0x324;
																E02946FD0(_t670, _t738, _t750, _t758, _t795, _t830, _t907);
															}
															r15d =  *(_t861 + 0x150);
														}
														__eflags = _t665;
														if(_t665 == 0) {
															goto L110;
														} else {
															__eflags = _t665 - 1;
															if(_t665 == 1) {
																goto L158;
															} else {
																__eflags = r15d;
																if(r15d == 0) {
																	goto L158;
																} else {
																	r8d = 0;
																	_t915 = _t776;
																	r9d = 0;
																	__eflags = r9d;
																	do {
																		_t670 =  *(_t861 + 0x154 + _t914 * 4);
																		_t795 = _t795 * _t915 + 0;
																		 *(_t861 + 0x154 + _t914 * 4) = _t670;
																		r9d = r9d + 1;
																		__eflags = r9d - r15d;
																	} while (r9d != r15d);
																	goto L116;
																}
															}
														}
														goto L159;
													}
												} else {
													_t631 =  *(_t861 + 0x324);
													__eflags = _t631;
													if(_t631 != 0) {
														__eflags = _t631 - 1;
														if(_t631 == 1) {
															goto L158;
														} else {
															__eflags = r15d;
															if(r15d == 0) {
																goto L158;
															} else {
																r8d = 0;
																_t915 = 0;
																r9d = 0;
																__eflags = r9d;
																do {
																	_t670 =  *(_t861 + 0x154 + _t914 * 4);
																	_t795 = 0 + _t795 * 0;
																	 *(_t861 + 0x154 + _t914 * 4) = _t670;
																	r9d = r9d + 1;
																	__eflags = r9d - r15d;
																} while (r9d != r15d);
																L116:
																__eflags = r8d;
																if(r8d == 0) {
																	r15d =  *(_t861 + 0x150);
																	goto L158;
																} else {
																	__eflags =  *(_t861 + 0x150) - 0x73;
																	if( *(_t861 + 0x150) >= 0x73) {
																		r15d = 0;
																		 *(_t861 + 0x150) = r15d;
																		_t609 = 0;
																	} else {
																		 *(_t861 + 0x40000000000154) = r8d;
																		r15d =  *(_t861 + 0x150);
																		r15d = r15d + 1;
																		goto L111;
																	}
																}
															}
														}
													} else {
														L110:
														r15d = 0;
														__eflags = r15d;
														L111:
														 *(_t861 + 0x150) = r15d;
														L158:
														_t609 = 1;
													}
													L159:
													__eflags = _t609;
													if(_t609 == 0) {
														L178:
														r15d = 0;
														__eflags = r15d;
														L179:
														 *(_t861 + 0x150) = r15d;
													} else {
														goto L160;
													}
												}
												goto L172;
												L160:
												r12d = r12d - r13d;
												__eflags = r12d;
												_t830 = 0x2900000;
												 *(_t864 + 0x30) = r12d;
												_t602 = 0x26;
											} while (r12d != 0);
											r13d =  *(_t864 + 0x40);
											goto L162;
										}
										L172:
										_t854 =  *((intOrPtr*)(_t864 + 0x68));
										r12d = 0;
										_t780 = _t854;
										__eflags = r14d;
										if(r14d != 0) {
											r8d = r12d;
											r9d = r12d;
											do {
												r9d = r9d + 1;
												 *(_t861 + _t830 * 4 - 0x7c) = r8d;
												__eflags = r9d - r14d;
											} while (r9d != r14d);
											__eflags = r8d;
											if(r8d != 0) {
												__eflags =  *(_t861 - 0x80) - 0x73;
												if( *(_t861 - 0x80) >= 0x73) {
													r9d = 0;
													__eflags = r9d;
													 *(_t861 + 0x320) = r12d;
													 *(_t861 - 0x80) = r12d;
													L287();
												} else {
													 *(_t861 + 0x3fffffffffff84) = r8d;
													 *(_t861 - 0x80) =  *(_t861 - 0x80) + 1;
												}
											}
										}
									}
									L248:
									_t831 = _t861 + 0x150;
									_t542 = E029814C0(_t670, 0, _t861 - 0x80, _t831, _t914, _t915, _t922);
									_t747 =  *(_t864 + 0x40);
									__eflags = _t542 - 0xa;
									if(_t542 != 0xa) {
										__eflags = _t542;
										if(_t542 != 0) {
											_t543 = _t542 + 0x30;
											__eflags = _t543;
											_t780 =  &(_t854[0]);
											 *_t854 = _t543;
										} else {
											_t747 = _t747 - 1;
										}
									} else {
										_t747 = _t747 + 1;
										 *_t854 = 0x31;
										_t780 =  &(_t854[0]);
										__eflags = r15d;
										if(r15d != 0) {
											r8d = r12d;
											r9d = r12d;
											do {
												r9d = r9d + 1;
												 *(_t861 + 0x154 + _t831 * 4) = r8d;
												__eflags = r9d - r15d;
											} while (r9d != r15d);
											__eflags = r8d;
											if(r8d != 0) {
												__eflags =  *(_t861 + 0x150) - 0x73;
												if( *(_t861 + 0x150) >= 0x73) {
													r9d = 0;
													 *(_t861 + 0x320) = r12d;
													 *(_t861 + 0x150) = r12d;
													L287();
												} else {
													 *(_t861 + 0x40000000000154) = r8d;
													 *(_t861 + 0x150) =  *(_t861 + 0x150) + 1;
												}
											}
										}
									}
									_t773 =  *((intOrPtr*)(_t864 + 0x78));
									_t705 =  *(_t864 + 0x50);
									 *(_t773 + 4) = _t747;
									__eflags = _t747;
									if(_t747 >= 0) {
										__eflags = _t705 - 0x7fffffff;
										if(_t705 <= 0x7fffffff) {
											_t705 = _t705 + _t747;
											__eflags = _t705;
										}
									}
									_t798 =  *((intOrPtr*)(_t861 + 0x740)) - 1;
									_t513 = _t705;
									__eflags = _t798 - _t773;
									_t768 =  <  ? _t798 : _t773;
									_t847 = _t854 + _t768;
									__eflags = _t780 - _t847;
									if(__eflags != 0) {
										r14d = 9;
										_t748 = _t747 | 0xffffffff;
										__eflags = _t748;
										while(1) {
											r10d =  *(_t861 - 0x80);
											__eflags = r10d;
											if(__eflags == 0) {
												goto L276;
											}
											r8d = r12d;
											r9d = r12d;
											do {
												r9d = r9d + 1;
												 *(_t861 + _t831 * 4 - 0x7c) = _t670;
												__eflags = r9d - r10d;
											} while (r9d != r10d);
											__eflags = r8d;
											if(r8d != 0) {
												__eflags =  *(_t861 - 0x80) - 0x73;
												if( *(_t861 - 0x80) >= 0x73) {
													r9d = 0;
													__eflags = r9d;
													 *(_t861 + 0x320) = r12d;
													 *(_t861 - 0x80) = r12d;
													L287();
												} else {
													 *(_t861 + _t768 * 4 - 0x7c) = r8d;
													 *(_t861 - 0x80) =  *(_t861 - 0x80) + 1;
												}
											}
											_t831 = _t861 + 0x150;
											_t801 = _t861 - 0x80;
											E029814C0(_t670, _t768, _t801, _t831, _t914, _t915, _t922);
											r10d = _t738;
											_t878 = _t768;
											r10d = r10d - _t665;
											__eflags = r10d;
											r9d = 8;
											do {
												_t549 = _t801 + _t831;
												_t513 = _t801 + _t831 + _t549;
												r8b = r8b - _t801 + _t831 + _t549;
												_t499 = _t878 + 0x30; // 0x30
												_t670 = _t499;
												r8d = 0xcccccccd * r8d >> 0x20 >> 3;
												__eflags = r10d - r9d;
												if(r10d >= r9d) {
													_t513 = r9d;
													 *(_t780 + _t768) = _t670;
												}
												r9d = r9d + _t748;
												__eflags = r9d - _t748;
											} while (r9d != _t748);
											_t775 = _t847 - _t780;
											__eflags = _t775 - _t926;
											_t768 =  >  ? _t926 : _t775;
											_t780 = _t780 + _t768;
											__eflags = _t780 - _t847;
											if(__eflags != 0) {
												continue;
											}
											goto L276;
										}
									}
									L276:
									 *_t780 = r12b;
									goto L277;
								}
							}
						}
					}
				} else {
					 *(_t926 + 4) = r12d;
					_t869 = 0x299683c;
					L283:
					_t826 =  *((intOrPtr*)(_t861 + 0x740));
					_t788 = _t856;
					if(E0296EAB8(_t768, _t788, _t826, _t869) != 0) {
						r9d = 0;
						 *((long long*)(_t864 + 0x20)) = _t920;
						r8d = 0;
						E02970D9C();
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						 *(_t864 + 8) = _t776;
						 *(_t864 + 0x10) = _t856;
						_push(_t847);
						_t777 = _t914;
						_t857 = _t869;
						_t848 = _t826;
						__eflags = _t914;
						if(_t914 != 0) {
							__eflags = _t788;
							if(__eflags != 0) {
								__eflags = _t857;
								if(_t857 == 0) {
									L295:
									E02947430(_t513, 0, 0, _t735, _t758, _t788, _t826, _t848);
									__eflags = _t857;
									if(__eflags == 0) {
										goto L290;
									} else {
										__eflags = _t848 - _t777;
										if(__eflags >= 0) {
											_t517 = 0x16;
										} else {
											E02971538(__eflags, _t768);
											_t663 = 0x22;
											goto L291;
										}
									}
								} else {
									__eflags = _t848 - _t777;
									if(_t848 < _t777) {
										goto L295;
									} else {
										E02946FD0(0, _t735, _t742, _t758, _t788, _t857, _t777);
										goto L288;
									}
								}
							} else {
								L290:
								E02971538(__eflags, _t768);
								_t663 = 0x16;
								L291:
								 *_t768 = _t663;
								E02970D4C();
								_t517 = _t663;
							}
						} else {
							L288:
							_t517 = 0;
						}
						return _t517;
					} else {
						L277:
						_t764 =  *(_t864 + 0x60) - r12b;
						if( *(_t864 + 0x60) != r12b) {
							_t513 = L02989E3C(_t764, _t768, _t864 + 0x58, _t847, _t856);
						}
						return L029438C0(_t513, _t670, _t768,  *(_t861 + 0x6c0) ^ _t864);
					}
				}
			}

0x02982590
0x02982590
0x02982590
0x02982590
0x02982590
0x02982590
0x02982590
0x02982590
0x02982592
0x02982593
0x02982594
0x02982595
0x02982597
0x0298259b
0x0298259d
0x029825a5
0x029825ac
0x029825b6
0x029825bd
0x029825c2
0x029825ca
0x029825cf
0x029825d2
0x029825d7
0x029825d9
0x029825e2
0x029825e5
0x029825ea
0x029825f8
0x029825fd
0x029825ec
0x029825ec
0x029825ec
0x02982602
0x0298260f
0x02982615
0x0298261b
0x02982625
0x02982625
0x02982628
0x02982632
0x02982635
0x02982638
0x0298263d
0x0298264f
0x02982652
0x0298265c
0x0298265c
0x0298265f
0x02982668
0x0298266b
0x02982683
0x0298268f
0x0298268f
0x0298266d
0x02982677
0x0298267a
0x00000000
0x0298267c
0x0298267c
0x0298267c
0x0298267a
0x02982661
0x02982661
0x02982661
0x02982692
0x02982654
0x02982654
0x02982654
0x0298269a
0x0298269a
0x0298269d
0x029837a3
0x00000000
0x029826a3
0x029826a3
0x029826a3
0x029826a6
0x02983787
0x00000000
0x029826ac
0x029826ac
0x029826ac
0x029826af
0x0298377e
0x00000000
0x029826b5
0x029826b5
0x029826b8
0x02983775
0x00000000
0x029826be
0x029826d0
0x029826d5
0x029826d7
0x029826dd
0x029826e1
0x029826e7
0x029826ef
0x02982709
0x0298270c
0x02982715
0x02982718
0x0298271a
0x0298271d
0x02982721
0x02982729
0x0298272e
0x02982732
0x02982740
0x02982743
0x02982747
0x0298274a
0x0298274f
0x02982756
0x0298275a
0x0298275c
0x0298275f
0x02982766
0x029829f1
0x029829f5
0x02982b24
0x02982b24
0x02982b27
0x02982b2c
0x02982b31
0x02982b37
0x02982b33
0x02982b33
0x02982b33
0x02982b3a
0x02982b3c
0x02982b3f
0x02982b3f
0x02982b43
0x02982b45
0x02982b45
0x02982b48
0x02982b4c
0x02982b4e
0x02982b57
0x02982b57
0x02982b50
0x02982b50
0x02982b50
0x02982b5a
0x02982b5d
0x02982b66
0x02982b66
0x02982b5f
0x02982b5f
0x02982b5f
0x02982b6f
0x02982b71
0x02982b74
0x02982b79
0x02982b7c
0x00000000
0x00000000
0x02982b7e
0x02982b7e
0x02982b83
0x02982b8f
0x02982b96
0x02982b9f
0x02982ba3
0x02982ba8
0x02982baa
0x02982bae
0x02982bb1
0x02982bb6
0x02982bbe
0x02982bc1
0x02982bc3
0x029829fb
0x029829fd
0x02982a07
0x02982a0d
0x02982a13
0x02982a15
0x02982a1b
0x02982a1e
0x02982a21
0x02982a25
0x02982a2c
0x00000000
0x00000000
0x02982a32
0x02982a35
0x02982a38
0x00000000
0x02982a3a
0x02982a3a
0x02982a3d
0x02982a42
0x02982a48
0x02982a44
0x02982a44
0x02982a44
0x02982a4b
0x02982a4d
0x02982a50
0x02982a50
0x02982a54
0x02982a56
0x02982a56
0x02982a59
0x02982a5d
0x02982a5f
0x02982a68
0x02982a68
0x02982a61
0x02982a61
0x02982a61
0x02982a6b
0x02982a6e
0x02982a77
0x02982a77
0x02982a70
0x02982a70
0x02982a70
0x02982a82
0x02982a84
0x02982a87
0x02982a8c
0x02982a8f
0x00000000
0x00000000
0x02982a91
0x02982a91
0x02982a96
0x02982aa1
0x02982aa8
0x02982ab1
0x02982ab5
0x02982aba
0x02982abc
0x02982ac0
0x02982ac3
0x02982ac8
0x02982ad0
0x02982ad3
0x02982ad3
0x02982ad5
0x02982ad5
0x00000000
0x02982a38
0x02982a1e
0x00000000
0x02982a15
0x02982adc
0x02982adc
0x02982adc
0x02982ae0
0x02982ae3
0x02982ae7
0x02982aee
0x02982af5
0x02982af8
0x02982afe
0x02982b03
0x02982b0a
0x02982b0d
0x02982bd2
0x02982bd4
0x02982bd9
0x02982bde
0x02982be4
0x02982b13
0x02982b1a
0x02982b1a
0x02982be9
0x02982be9
0x0298276c
0x0298276e
0x02982778
0x0298277e
0x02982784
0x02982786
0x029828ce
0x029828ce
0x029828ce
0x029828d5
0x029828da
0x029828dd
0x029828e0
0x029828e4
0x029828ef
0x029828f4
0x029828f7
0x029828f7
0x029828fb
0x02982900
0x02982903
0x02982906
0x0298290c
0x02982908
0x02982908
0x02982908
0x0298290f
0x02982911
0x02982915
0x02982918
0x02982921
0x02982921
0x0298291a
0x0298291a
0x0298291c
0x0298291f
0x00000000
0x00000000
0x0298291f
0x02982924
0x02982928
0x0298292b
0x029829bd
0x029829bd
0x029829bd
0x02982931
0x02982931
0x02982933
0x00000000
0x02982939
0x02982939
0x0298293f
0x02982942
0x02982946
0x02982949
0x0298294c
0x0298294e
0x0298294e
0x02982951
0x00000000
0x00000000
0x02982959
0x0298295c
0x0298295e
0x02982967
0x02982967
0x02982960
0x02982960
0x02982960
0x0298296a
0x0298296c
0x02982974
0x02982974
0x0298296e
0x0298296e
0x0298296e
0x0298297e
0x02982983
0x02982989
0x0298298f
0x02982993
0x02982996
0x02982998
0x00000000
0x02982998
0x00000000
0x02982996
0x0298294e
0x0298299d
0x0298299d
0x0298299f
0x029829a2
0x029829a4
0x029829a4
0x029829a9
0x029829ab
0x029829ab
0x029829a4
0x029829b0
0x029829b7
0x029829b7
0x02982933
0x029829c0
0x029829c7
0x029829cd
0x029829d4
0x029829d8
0x029829e2
0x0298278c
0x0298278c
0x0298278f
0x02982796
0x0298279d
0x00000000
0x00000000
0x029827a3
0x029827a6
0x029827a9
0x00000000
0x029827ab
0x029827ab
0x029827ab
0x029827b2
0x029827b7
0x029827ba
0x029827bd
0x029827c1
0x029827cc
0x029827d1
0x029827d4
0x029827d4
0x029827d8
0x029827dd
0x029827e0
0x029827e3
0x029827e9
0x029827e5
0x029827e5
0x029827e5
0x029827ec
0x029827ee
0x029827f2
0x029827f5
0x029827fe
0x029827fe
0x029827f7
0x029827f7
0x029827f9
0x029827fc
0x00000000
0x00000000
0x029827fc
0x02982801
0x02982805
0x02982808
0x0298289a
0x0298289a
0x0298289a
0x0298280e
0x0298280e
0x02982810
0x00000000
0x02982816
0x02982816
0x0298281c
0x0298281f
0x02982823
0x02982826
0x02982829
0x0298282b
0x0298282b
0x0298282e
0x00000000
0x00000000
0x02982836
0x02982839
0x0298283b
0x02982844
0x02982844
0x0298283d
0x0298283d
0x0298283d
0x02982847
0x02982849
0x02982851
0x02982851
0x0298284b
0x0298284b
0x0298284b
0x0298285b
0x02982860
0x02982866
0x0298286c
0x02982870
0x02982873
0x02982875
0x00000000
0x02982875
0x00000000
0x02982873
0x0298282b
0x0298287a
0x0298287a
0x0298287c
0x0298287f
0x02982881
0x02982881
0x02982886
0x02982888
0x02982888
0x02982881
0x0298288d
0x02982894
0x02982894
0x02982810
0x0298289d
0x029828a4
0x029828aa
0x029828b1
0x029828b5
0x029828bf
0x029828bf
0x00000000
0x029827a9
0x00000000
0x0298278f
0x02982786
0x02982bf0
0x02982bf5
0x02982bf8
0x029830ee
0x029830f6
0x029830fd
0x02983100
0x02983104
0x02983107
0x0298310b
0x0298310d
0x029834a5
0x029834aa
0x029834aa
0x029834ad
0x00000000
0x029834b3
0x029834b7
0x029834be
0x029834c0
0x00000000
0x029834c2
0x029834c2
0x029834c5
0x00000000
0x029834cb
0x029834cb
0x029834ce
0x00000000
0x029834d4
0x029834d4
0x029834d7
0x029834da
0x029834da
0x029834dd
0x029834dd
0x029834e9
0x029834ef
0x029834f8
0x029834fb
0x029834fb
0x02983500
0x02983503
0x02983523
0x00000000
0x02983505
0x02983505
0x02983509
0x00000000
0x0298350b
0x0298350e
0x02983513
0x02983517
0x0298351a
0x00000000
0x0298351a
0x02983509
0x02983503
0x029834ce
0x029834c5
0x029834c0
0x02983113
0x02983113
0x02983118
0x02983118
0x0298311e
0x02983121
0x02983127
0x02983129
0x02983131
0x02983139
0x0298313b
0x0298314e
0x02983154
0x02983160
0x0298317d
0x02983184
0x02983189
0x02983190
0x02983194
0x02983221
0x02983225
0x029832c6
0x029832cd
0x029832d7
0x029832db
0x029832e2
0x029832e6
0x029832f2
0x029832f6
0x029832f8
0x029832fd
0x02983301
0x02983304
0x02983307
0x0298330e
0x02983311
0x0298342c
0x0298342c
0x0298342f
0x02983433
0x02983437
0x0298343a
0x02983441
0x02983445
0x02983448
0x0298345b
0x0298345d
0x02983462
0x02983467
0x0298346d
0x0298344a
0x02983451
0x02983451
0x02983472
0x02983472
0x02983476
0x00000000
0x02983317
0x02983317
0x02983317
0x0298331e
0x02983320
0x02983343
0x02983346
0x02983349
0x0298334c
0x0298340c
0x0298340c
0x02983410
0x00000000
0x02983416
0x02983416
0x0298341b
0x00000000
0x0298341b
0x02983352
0x02983355
0x02983357
0x02983357
0x0298335b
0x00000000
0x00000000
0x0298335d
0x02983360
0x02983363
0x02983365
0x02983365
0x02983365
0x0298336d
0x02983371
0x02983371
0x0298337b
0x0298337e
0x02983392
0x0298339c
0x029833a3
0x029833ae
0x029833b1
0x029833b3
0x00000000
0x029833b3
0x00000000
0x029833b1
0x029833ba
0x029833bd
0x00000000
0x029833bf
0x029833bf
0x029833bf
0x029833c3
0x00000000
0x00000000
0x029833cc
0x029833cf
0x029833d1
0x029833d1
0x029833d1
0x029833d9
0x029833dd
0x029833dd
0x029833e3
0x029833ea
0x029833f3
0x029833fa
0x02983401
0x02983405
0x02983408
0x0298340a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0298340a
0x00000000
0x029833bf
0x029833bd
0x02983322
0x02983322
0x02983325
0x0298332b
0x02983333
0x02983333
0x02983337
0x02983337
0x00000000
0x02983325
0x00000000
0x02983420
0x02983420
0x02983423
0x02983423
0x00000000
0x02983317
0x0298322b
0x0298322b
0x02983231
0x02983235
0x02983238
0x0298323c
0x0298323f
0x02983246
0x0298324a
0x0298324d
0x02983260
0x02983262
0x02983267
0x0298326c
0x02983272
0x0298324f
0x02983256
0x02983256
0x02983277
0x02983277
0x0298327b
0x0298327d
0x00000000
0x02983283
0x02983283
0x02983286
0x00000000
0x0298328c
0x0298328c
0x0298328f
0x00000000
0x02983295
0x02983295
0x02983298
0x0298329b
0x0298329b
0x0298329e
0x0298329e
0x029832aa
0x029832b0
0x029832b9
0x029832bc
0x029832bc
0x00000000
0x029832c1
0x0298328f
0x02983286
0x00000000
0x0298327d
0x0298319a
0x0298319a
0x029831a0
0x029831a2
0x029831b0
0x029831b3
0x00000000
0x029831b9
0x029831b9
0x029831bc
0x00000000
0x029831c2
0x029831c2
0x029831c5
0x029831c8
0x029831c8
0x029831cb
0x029831cb
0x029831d7
0x029831dd
0x029831e6
0x029831e9
0x029831e9
0x029831ee
0x029831ee
0x029831f1
0x02983218
0x00000000
0x029831f3
0x029831f3
0x029831f7
0x0298320a
0x0298320d
0x02983211
0x029831f9
0x029831fc
0x02983201
0x02983205
0x00000000
0x02983205
0x029831f7
0x029831f1
0x029831bc
0x029831a4
0x029831a4
0x029831a4
0x029831a4
0x029831a7
0x029831a7
0x0298347b
0x0298347b
0x0298347b
0x0298347d
0x0298347d
0x0298347f
0x0298352c
0x0298352c
0x02983530
0x02983535
0x02983538
0x00000000
0x00000000
0x00000000
0x0298347f
0x00000000
0x02983485
0x02983485
0x02983485
0x0298348a
0x02983491
0x02983496
0x02983496
0x00000000
0x029834a1
0x02982bfe
0x02982c03
0x02982c0a
0x02982c0d
0x02982c11
0x02982c14
0x02982c18
0x02982c1a
0x02982ff1
0x02982ff9
0x02982ff9
0x02982ffb
0x02983004
0x0298300b
0x0298300d
0x00000000
0x02983013
0x02983013
0x02983016
0x02983018
0x0298301b
0x0298301d
0x02983020
0x02983023
0x02983023
0x02983026
0x02983026
0x02983035
0x0298303b
0x02983047
0x0298304a
0x0298304a
0x0298304f
0x02983052
0x0298307b
0x02983054
0x02983054
0x0298305b
0x00000000
0x02983061
0x02983067
0x0298306f
0x02983076
0x02983076
0x00000000
0x0298305b
0x02983052
0x0298301b
0x02983016
0x0298300d
0x02982c20
0x02982c20
0x02982c25
0x02982c25
0x02982c28
0x02982c2b
0x02982c2f
0x02982c38
0x02982c40
0x02982c48
0x02982c4a
0x02982c4e
0x02982c5f
0x02982c65
0x02982c71
0x02982c8b
0x02982c8e
0x02982c91
0x02982c95
0x02982c9a
0x02982ca1
0x02982ca5
0x02982d4d
0x02982d51
0x02982e04
0x02982e0e
0x02982e18
0x02982e23
0x02982e27
0x02982e2e
0x02982e35
0x02982e37
0x02982e3c
0x02982e40
0x02982e43
0x02982e46
0x02982e4d
0x02982e50
0x02982f67
0x02982f67
0x02982f6a
0x02982f6e
0x02982f75
0x02982f78
0x02982f7f
0x02982f86
0x02982f89
0x02982f9c
0x02982f9e
0x02982fa3
0x02982fa8
0x02982fae
0x02982f8b
0x02982f8b
0x02982f92
0x02982f92
0x02982fb3
0x02982fb3
0x02982fba
0x02982fbf
0x00000000
0x02982e56
0x02982e56
0x02982e56
0x02982e5e
0x02982e60
0x02982e83
0x02982e86
0x02982e89
0x02982e8c
0x02982f4c
0x02982f4c
0x02982f50
0x00000000
0x02982f56
0x02982f56
0x00000000
0x02982f56
0x02982e92
0x02982e95
0x02982e97
0x02982e97
0x02982e9b
0x00000000
0x00000000
0x02982e9d
0x02982ea0
0x02982ea3
0x02982ea5
0x02982ea5
0x02982ea5
0x02982ead
0x02982eb1
0x02982eb1
0x02982ebb
0x02982ebe
0x02982ed2
0x02982edc
0x02982ee3
0x02982eee
0x02982ef1
0x02982ef3
0x00000000
0x02982ef3
0x00000000
0x02982ef1
0x02982efa
0x02982efd
0x00000000
0x02982eff
0x02982eff
0x02982eff
0x02982f03
0x00000000
0x00000000
0x02982f0c
0x02982f0f
0x02982f11
0x02982f11
0x02982f11
0x02982f19
0x02982f1d
0x02982f1d
0x02982f2a
0x02982f2d
0x02982f33
0x02982f3a
0x02982f41
0x02982f45
0x02982f48
0x02982f4a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x02982f4a
0x00000000
0x02982eff
0x02982efd
0x02982e62
0x02982e62
0x02982e65
0x02982e6b
0x02982e73
0x02982e73
0x02982e77
0x02982e77
0x00000000
0x02982e65
0x00000000
0x02982f5b
0x02982f5b
0x02982f5e
0x02982f5e
0x00000000
0x02982e56
0x02982d57
0x02982d57
0x02982d60
0x02982d64
0x02982d67
0x02982d6e
0x02982d71
0x02982d78
0x02982d7f
0x02982d82
0x02982d95
0x02982d97
0x02982d9c
0x02982da1
0x02982da7
0x02982d84
0x02982d84
0x02982d8b
0x02982d8b
0x02982dac
0x02982dac
0x02982db3
0x02982db5
0x00000000
0x02982dbb
0x02982dbb
0x02982dbe
0x00000000
0x02982dc4
0x02982dc4
0x02982dc7
0x00000000
0x02982dcd
0x02982dcd
0x02982dd0
0x02982dd3
0x02982dd3
0x02982dd6
0x02982dd6
0x02982de5
0x02982deb
0x02982df7
0x02982dfa
0x02982dfa
0x00000000
0x02982dff
0x02982dc7
0x02982dbe
0x00000000
0x02982db5
0x02982cab
0x02982cab
0x02982cb1
0x02982cb3
0x02982cc4
0x02982cc7
0x00000000
0x02982ccd
0x02982ccd
0x02982cd0
0x00000000
0x02982cd6
0x02982cd6
0x02982cd9
0x02982cdc
0x02982cdc
0x02982cdf
0x02982cdf
0x02982cee
0x02982cf4
0x02982d00
0x02982d03
0x02982d03
0x02982d08
0x02982d08
0x02982d0b
0x02982d41
0x00000000
0x02982d0d
0x02982d0d
0x02982d14
0x02982d30
0x02982d33
0x02982d3a
0x02982d16
0x02982d1c
0x02982d24
0x02982d2b
0x00000000
0x02982d2b
0x02982d14
0x02982d0b
0x02982cd0
0x02982cb5
0x02982cb5
0x02982cb5
0x02982cb5
0x02982cb8
0x02982cb8
0x02982fc4
0x02982fc4
0x02982fc4
0x02982fc6
0x02982fc6
0x02982fc8
0x029830e2
0x029830e2
0x029830e2
0x029830e5
0x029830e5
0x00000000
0x00000000
0x00000000
0x02982fc8
0x00000000
0x02982fce
0x02982fce
0x02982fce
0x02982fd1
0x02982fd8
0x02982fdd
0x02982fdd
0x02982fec
0x00000000
0x02982fec
0x02983082
0x02983082
0x02983087
0x0298308a
0x0298308d
0x02983090
0x02983096
0x02983099
0x0298309c
0x0298309f
0x029830b1
0x029830ba
0x029830ba
0x029830bf
0x029830c2
0x029830c8
0x029830cc
0x0298353d
0x0298353d
0x02983540
0x0298354e
0x0298355b
0x029830d2
0x029830d5
0x029830da
0x029830da
0x029830cc
0x029830c2
0x02983090
0x02983560
0x02983560
0x0298356b
0x02983570
0x02983574
0x02983577
0x0298360d
0x0298360f
0x02983615
0x02983615
0x02983617
0x0298361b
0x02983611
0x02983611
0x02983611
0x0298357d
0x0298357d
0x0298357f
0x02983582
0x02983586
0x02983589
0x0298358f
0x02983592
0x02983595
0x02983598
0x029835ad
0x029835b9
0x029835b9
0x029835be
0x029835c1
0x029835c3
0x029835ca
0x029835e2
0x029835e5
0x029835f3
0x02983606
0x029835cc
0x029835d2
0x029835da
0x029835da
0x029835ca
0x029835c1
0x02983589
0x0298361d
0x02983622
0x02983626
0x02983629
0x0298362b
0x0298362d
0x02983633
0x02983635
0x02983635
0x02983635
0x02983633
0x0298363e
0x02983641
0x02983643
0x02983646
0x0298364a
0x0298364d
0x02983650
0x02983656
0x0298365c
0x0298365c
0x0298365f
0x0298365f
0x02983663
0x02983666
0x00000000
0x00000000
0x0298366c
0x0298366f
0x02983672
0x02983675
0x0298368c
0x02983694
0x02983694
0x02983699
0x0298369c
0x0298369e
0x029836a2
0x029836b1
0x029836b1
0x029836b4
0x029836c2
0x029836cf
0x029836a4
0x029836a7
0x029836ac
0x029836ac
0x029836a2
0x029836d4
0x029836db
0x029836df
0x029836e4
0x029836e7
0x029836ea
0x029836ea
0x029836ed
0x029836f3
0x02983703
0x02983706
0x02983708
0x0298370b
0x0298370b
0x0298370f
0x02983712
0x02983715
0x02983717
0x0298371a
0x0298371a
0x0298371d
0x02983720
0x02983720
0x02983728
0x0298372b
0x0298372e
0x02983732
0x02983735
0x02983738
0x00000000
0x00000000
0x00000000
0x02983738
0x0298365f
0x0298373e
0x0298373e
0x00000000
0x0298373e
0x029826b8
0x029826af
0x029826a6
0x0298263f
0x0298263f
0x02982643
0x0298378e
0x0298378e
0x02983795
0x0298379f
0x029837ac
0x029837af
0x029837b4
0x029837bb
0x029837c0
0x029837c1
0x029837c2
0x029837c3
0x029837c4
0x029837c9
0x029837ce
0x029837d3
0x029837d6
0x029837d9
0x029837dc
0x029837df
0x029837e5
0x029837e8
0x029837ff
0x02983802
0x02983816
0x0298381b
0x02983820
0x02983823
0x00000000
0x02983825
0x02983825
0x02983828
0x02983836
0x0298382a
0x0298382a
0x0298382f
0x00000000
0x0298382f
0x02983828
0x02983804
0x02983804
0x02983807
0x00000000
0x02983809
0x0298380f
0x00000000
0x0298380f
0x02983807
0x029837ea
0x029837ea
0x029837ea
0x029837ef
0x029837f4
0x029837f4
0x029837f6
0x029837fb
0x029837fb
0x029837e1
0x029837e1
0x029837e1
0x029837e1
0x0298384a
0x029837a1
0x02983741
0x02983741
0x02983746
0x0298374d
0x0298374d
0x02983774
0x02983774
0x0298379f

APIs

fegetenv.LIBCMT ref: 029825D9
_invalid_parameter_noinfo.LIBCMT ref: 02982BE4
_invalid_parameter_noinfo.LIBCMT ref: 02982DA7
_invalid_parameter_noinfo.LIBCMT ref: 02982FAE
_invalid_parameter_noinfo.LIBCMT ref: 02983272
_invalid_parameter_noinfo.LIBCMT ref: 0298346D
memcpy_s.LIBCPMT ref: 0298355B
memcpy_s.LIBCPMT ref: 02983606
memcpy_s.LIBCPMT ref: 029836CF

Strings

1#SNAN, xrefs: 0298377E
1#QNAN, xrefs: 02983787
1#INF, xrefs: 029837A3
1#IND, xrefs: 02983775

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 808467561-2761157908
Opcode ID: 1bad5e1e3758a136e6d0aac99f4b60749456f990e7e812fd6714fffb5f6eb6ff
Instruction ID: 785cbabad7485de0805bb0caf909a32ad57c5059f80fc561e2db8b91e8d70efd
Opcode Fuzzy Hash: 1bad5e1e3758a136e6d0aac99f4b60749456f990e7e812fd6714fffb5f6eb6ff
Instruction Fuzzy Hash: 25A2F1B2A102D18BDB29DF79D540BE937A9F788B8CF485229DE0657F48DB35C640CB44

Uniqueness

Uniqueness Score: -1.00%

Function 029801C0 Relevance: 16.9, APIs: 8, Strings: 1, Instructions: 1132
COMMONCrypto

Download Yara Rule

C-Code - Quality: 89%

			E029801C0(unsigned int __ebx, signed int __ecx, signed int __edx, void* __ebp, void* __esp, void* __eflags, long long __r8, signed int __r9, signed long long __r10) {
				void* __rbx;
				void* __rsi;
				void* __rbp;
				void* __r13;
				void* _t474;
				void* _t483;
				signed int _t484;
				unsigned int _t485;
				signed int _t490;
				unsigned int _t494;
				unsigned int _t497;
				unsigned int _t498;
				signed int _t518;
				unsigned int _t522;
				signed int _t527;
				unsigned int _t529;
				unsigned int _t551;
				unsigned int _t555;
				signed int _t559;
				signed int _t563;
				signed int _t568;
				unsigned int _t570;
				unsigned int _t592;
				signed int _t599;
				signed int _t600;
				unsigned int _t601;
				void* _t608;
				signed int _t609;
				void* _t610;
				void* _t617;
				signed int _t618;
				void* _t619;
				signed int _t626;
				signed int _t629;
				signed int _t630;
				signed int _t631;
				unsigned int _t632;
				signed int _t636;
				signed int _t637;
				unsigned int _t638;
				void* _t641;
				void* _t642;
				unsigned int _t644;
				unsigned int _t649;
				signed int _t650;
				void* _t651;
				signed int _t657;
				signed int _t658;
				void* _t659;
				signed int _t662;
				unsigned int _t664;
				signed int _t679;
				signed int _t688;
				signed int _t694;
				signed int _t698;
				void* _t703;
				signed int _t706;
				signed int _t713;
				unsigned int _t714;
				void* _t720;
				signed long long _t737;
				signed int* _t744;
				signed long long _t745;
				void* _t747;
				signed long long _t748;
				signed long long _t751;
				unsigned int* _t752;
				signed long long _t755;
				void* _t758;
				void* _t763;
				signed long long _t785;
				signed long long _t786;
				signed long long _t787;
				signed long long _t788;
				signed long long _t790;
				signed long long _t793;
				signed long long _t803;
				void* _t804;
				signed long long _t805;
				unsigned int* _t806;
				void* _t807;
				void* _t808;
				signed long long _t809;
				signed long long _t813;
				signed long long _t814;
				signed long long _t815;
				signed long long _t818;
				signed long long _t830;
				signed long long _t831;
				signed long long _t834;
				signed long long _t844;
				signed long long _t845;
				signed long long _t848;
				signed long long _t855;
				signed long long _t856;
				signed long long _t857;
				void* _t862;
				void* _t863;

				_t856 = __r10;
				_t855 = __r9;
				_t720 = __esp;
				_t662 = __edx;
				_t631 = __ecx;
				_t807 = _t808 - 0x6c8;
				_t809 = _t808 - 0x7c8;
				_t737 =  *0x29a61e8; // 0xc99624406909
				 *(_t807 + 0x6b0) = _t737 ^ _t809;
				 *((long long*)(_t809 + 0x60)) =  *((intOrPtr*)(_t807 + 0x730));
				 *((long long*)(_t809 + 0x58)) = __r8;
				 *(_t809 + 0x40) = __edx;
				asm("movsd [esp+0x38], xmm0");
				_t785 =  *(_t809 + 0x38);
				 *((long long*)(_t809 + 0x48)) = __r9;
				_t813 = _t785 >> 0x34;
				r9d = 0x7ff;
				asm("dec eax");
				_t786 = _t785 & 0xffffffff;
				_t755 =  ~(_t813 & __r9);
				asm("sbb eax, eax");
				r8d = r8d & r9d;
				_t703 = _t805 + 0xffffffff + r8d;
				L02989EDC(L02989FA0(_t474, __ebx, __ecx, __edx, _t703, 2, __ebp, 0xffffffff, _t755, _t805), _t813);
				asm("cvttsd2si ecx, xmm0");
				 *(_t809 + 0x74) = __ebx;
				asm("sbb eax, eax");
				_t751 = (_t748 & 0x00000000) + _t786 >> 0x20;
				 *((intOrPtr*)(_t809 + 0x78)) = __ebx;
				 *(_t809 + 0x20) =  ~(_t755 - 0x7fffffff & 0xfffffffe) & _t631;
				asm("sbb edx, edx");
				r14d = 0;
				_t664 =  ~_t662 + 1;
				 *(_t809 + 0x70) = _t664;
				if(_t703 < 0x434) {
					__eflags = _t703 - 0x36;
					if(__eflags == 0) {
						L72:
						_t483 = _t786 - 1;
						 *(_t809 + 0x28) = r14d;
						asm("bsr eax, [esp+eax*4+0x74]");
						if(__eflags == 0) {
							_t484 = r14d;
						} else {
							_t484 = _t483 + 1;
						}
						r8d = 0x20;
						r15d = _t664;
						r8d = r8d - _t484;
						_t485 = _t664;
						r13d = r13d | 0xffffffff;
						__eflags = r13d;
						while(1) {
							r11d = _t485;
							r9d = 0xffffffffffffe;
							__eflags = _t485 - _t664;
							if(_t485 >= _t664) {
								r10d = r14d;
							} else {
								r10d =  *(_t809 + 0x74 + _t857 * 4);
							}
							__eflags = r9d - _t664;
							if(r9d >= _t664) {
								_t632 = r14d;
							} else {
								_t632 =  *(_t809 + 0x74 + _t855 * 4);
							}
							_t634 = _t632 >> 0x0000001f | _t856 + _t856;
							_t485 = r9d;
							 *(_t809 + 0x74 + _t857 * 4) = _t632 >> 0x0000001f | _t856 + _t856;
							__eflags = r9d - r13d;
							if(r9d == r13d) {
								break;
							}
							_t664 =  *(_t809 + 0x70);
						}
						__eflags = r8d - 1;
						_t755 = _t807 + 0x314;
						r15d =  <  ? _t863 + 1 : r15d;
						 *(_t809 + 0x70) = r15d;
						_t705 = 0x435 >> 5;
						_t626 = 0x435;
						_t751 = _t751 << 2;
						_t814 = _t751;
						E02947430(_t863 + 1, _t634, 0, 0x435 >> 5, _t720, _t755, _t786, _t814);
						_t713 = 0x00000435 - _t703 & 0x0000001f;
						_t635 = sil;
						_t490 = 1 << sil;
						 *(_t807 + _t751 + 0x314) = 1;
						L69:
						_t102 = _t803 + 1; // 0x437
						r12d = _t102;
						r8d = r12d;
						_t815 = _t814 << 2;
						 *(_t807 + 0x310) = r12d;
						 *(_t807 + 0x140) = r12d;
						__eflags = _t815;
						if(_t815 != 0) {
							_t626 = 0x1cc;
							_t755 = _t807 + 0x144;
							__eflags = _t815 - _t751;
							if(_t815 > _t751) {
								__eflags = 0;
								E02947430(_t490, _t635, 0, _t705, _t720, _t755, _t786, _t751);
								E02971538(__eflags, 0xffffffff);
								 *0xffffffff = 0x22;
								E02970D4C();
							} else {
								E02946FD0(_t635, _t705, _t713, _t720, _t755, _t807 + 0x314, _t815);
							}
							r12d =  *(_t807 + 0x140);
						}
						L87:
						_t636 =  *(_t809 + 0x20);
						__eflags = _t636;
						if(_t636 < 0) {
							_t637 =  ~_t636;
							 *(_t809 + 0x30) = _t637;
							_t787 = 0x2900000;
							_t494 = 0xcccccccd * _t637 >> 0x20 >> 3;
							 *(_t809 + 0x28) = _t494;
							r13d = _t494;
							 *(_t809 + 0x24) = _t494;
							__eflags = _t494;
							if(_t494 == 0) {
								L215:
								_t638 = _t637 - 0x9ffffffffffff6;
								__eflags = _t638;
								if(_t638 == 0) {
									L152:
									_t806 =  *((intOrPtr*)(_t809 + 0x48));
									_t752 = _t806;
									__eflags = r15d;
									if(r15d == 0) {
										L227:
										_t788 = _t807 + 0x140;
										_t497 = E029814C0(_t638, 0xffffffff, _t809 + 0x70, _t788, _t855, _t856, _t862);
										_t706 =  *(_t809 + 0x20);
										__eflags = _t497 - 0xa;
										if(_t497 != 0xa) {
											__eflags = _t497;
											if(_t497 != 0) {
												_t498 = _t497 + 0x30;
												__eflags = _t498;
												_t752 =  &(_t806[0]);
												 *_t806 = _t498;
											} else {
												_t706 = _t706 - 1;
											}
											L238:
											_t744 =  *((intOrPtr*)(_t809 + 0x58));
											 *_t744 = _t706;
											_t499 =  *(_t809 + 0x40);
											__eflags = _t706;
											if(_t706 >= 0) {
												__eflags = _t499 - 0x7fffffff;
												if(_t499 <= 0x7fffffff) {
													__eflags = _t499;
												}
											}
											_t758 =  *((intOrPtr*)(_t809 + 0x60)) - 1;
											__eflags = _t758 - _t744;
											_t745 =  <  ? _t758 : _t744;
											_t804 = _t806 + _t745;
											__eflags = _t752 - _t804;
											if(_t752 == _t804) {
												L255:
												 *_t752 = r14b;
												__eflags =  *(_t807 + 0x6b0) ^ _t809;
												return L029438C0(_t499, _t638, _t745,  *(_t807 + 0x6b0) ^ _t809);
											} else {
												r15d = 9;
												_t714 = _t713 | 0xffffffff;
												__eflags = _t714;
												while(1) {
													r10d =  *(_t809 + 0x70);
													__eflags = r10d;
													if(r10d == 0) {
														goto L255;
													}
													r8d = r14d;
													r9d = r14d;
													do {
														r9d = r9d + 1;
														 *(_t809 + 0x74 + _t788 * 4) = _t638;
														__eflags = r9d - r10d;
													} while (r9d != r10d);
													__eflags = r8d;
													if(r8d != 0) {
														__eflags =  *(_t809 + 0x70) - 0x73;
														if( *(_t809 + 0x70) >= 0x73) {
															r9d = 0;
															__eflags = r9d;
															 *(_t807 + 0x310) = r14d;
															 *(_t809 + 0x70) = r14d;
															E029837C4(0x1cc, _t706, _t714, _t720, _t745, _t752, _t809 + 0x74, _t788, _t806, _t807 + 0x314, _t855);
														} else {
															 *(_t809 + 0x74 + _t745 * 4) = r8d;
															 *(_t809 + 0x70) =  *(_t809 + 0x70) + 1;
														}
													}
													_t788 = _t807 + 0x140;
													_t763 = _t809 + 0x70;
													E029814C0(_t638, _t745, _t763, _t788, _t855, _t856, _t862);
													r10d = _t706;
													_t818 = _t745;
													r10d = r10d - _t626;
													__eflags = r10d;
													r9d = 8;
													do {
														_t506 = _t763 + _t788;
														_t499 = _t763 + _t788 + _t506;
														r8b = r8b - _t763 + _t788 + _t506;
														_t471 = _t818 + 0x30; // 0x30
														_t638 = _t471;
														r8d = 0xcccccccd * r8d >> 0x20 >> 3;
														__eflags = r10d - r9d;
														if(r10d >= r9d) {
															_t499 = r9d;
															 *(_t752 + _t745) = _t638;
														}
														r9d = r9d + _t714;
														__eflags = r9d - _t714;
													} while (r9d != _t714);
													_t747 = _t804 - _t752;
													__eflags = _t747 - _t863;
													_t745 =  >  ? _t863 : _t747;
													_t752 = _t752 + _t745;
													__eflags = _t752 - _t804;
													if(_t752 != _t804) {
														continue;
													}
													goto L255;
												}
												goto L255;
											}
										}
										_t706 = _t706 + 1;
										 *_t806 = 0x31;
										_t752 =  &(_t806[0]);
										__eflags = r12d;
										if(r12d == 0) {
											goto L238;
										}
										r8d = r14d;
										r9d = r14d;
										do {
											r9d = r9d + 1;
											 *(_t807 + 0x144 + _t788 * 4) = r8d;
											__eflags = r9d - r12d;
										} while (r9d != r12d);
										__eflags = r8d;
										if(r8d != 0) {
											__eflags =  *(_t807 + 0x140) - 0x73;
											if( *(_t807 + 0x140) >= 0x73) {
												r9d = 0;
												 *(_t807 + 0x310) = r14d;
												 *(_t807 + 0x140) = r14d;
												E029837C4(0x1cc, _t706, _t713, _t720, 0xffffffff, _t752, _t807 + 0x144, _t788, _t806, _t807 + 0x314, _t855);
											} else {
												 *(_t807 + 0x40000000000140) = r8d;
												 *(_t807 + 0x140) =  *(_t807 + 0x140) + 1;
											}
										}
										goto L238;
									}
									r8d = r14d;
									r9d = r14d;
									do {
										r9d = r9d + 1;
										 *(_t809 + 0x74 + _t787 * 4) = r8d;
										__eflags = r9d - r15d;
									} while (r9d != r15d);
									__eflags = r8d;
									if(r8d != 0) {
										__eflags =  *(_t809 + 0x70) - 0x73;
										if( *(_t809 + 0x70) >= 0x73) {
											r9d = 0;
											__eflags = r9d;
											 *(_t807 + 0x310) = r14d;
											 *(_t809 + 0x70) = r14d;
											E029837C4(0x1cc, _t705, _t713, _t720, 0xffffffff, _t752, _t809 + 0x74, _t787, _t806, _t807 + 0x314, _t855);
										} else {
											 *(_t809 + 0x40000000000070) = r8d;
											 *(_t809 + 0x70) =  *(_t809 + 0x70) + 1;
										}
									}
									goto L227;
								}
								_t518 =  *(_t787 + 0x40000000096814);
								__eflags = _t518;
								if(_t518 == 0) {
									L225:
									_t806 =  *((intOrPtr*)(_t809 + 0x48));
									_t752 = _t806;
									 *(_t809 + 0x70) = r14d;
									goto L227;
								}
								__eflags = _t518 - 1;
								if(_t518 == 1) {
									goto L152;
								}
								__eflags = r15d;
								if(r15d == 0) {
									goto L152;
								}
								r8d = r14d;
								r9d = r14d;
								r10d = _t518;
								do {
									r9d = r9d + 1;
									_t638 =  *(_t809 + 0x74 + _t787 * 4);
									_t755 = _t755 * _t856 + 0xffffffff;
									 *(_t809 + 0x74 + _t787 * 4) = _t638;
									__eflags = r9d - r15d;
								} while (r9d != r15d);
								__eflags = r8d;
								if(r8d == 0) {
									r15d =  *(_t809 + 0x70);
									goto L152;
								}
								__eflags =  *(_t809 + 0x70) - 0x73;
								if( *(_t809 + 0x70) >= 0x73) {
									goto L225;
								}
								 *(_t809 + 0x40000000000070) = r8d;
								r15d =  *(_t809 + 0x70);
								r15d = r15d + 1;
								 *(_t809 + 0x70) = r15d;
								goto L152;
							}
							_t641 = 0x26;
							do {
								__eflags = r13d - _t641;
								_t522 =  >  ? _t641 : r13d;
								 *(_t809 + 0x34) = _t522;
								_t705 = _t522 - 1;
								_t638 =  *(_t787 + 0x4000000009677e) & 0x000000ff;
								_t713 =  *(_t787 + 0x4000000009677f) & 0x000000ff;
								_t626 = _t638;
								_t751 = _t751 << 2;
								 *(_t807 + 0x310) = _t805 + _t755;
								E02947430(_t805 + _t755, _t638, 0, _t522 - 1, _t720, _t807 + 0x314, _t787, _t751);
								_t805 = _t805 << 2;
								_t755 = _t807 + 0x314 + _t751;
								_t790 = 0x40000002995e6c;
								_t527 = E02946FD0(_t638, _t522 - 1, _t713, _t720, _t755, 0x40000002995e6c, _t805);
								r10d =  *(_t807 + 0x310);
								__eflags = r10d - 1;
								if(r10d > 1) {
									__eflags = r15d - 1;
									if(r15d > 1) {
										__eflags = r10d - r15d;
										 *(_t807 + 0x4e0) = r14d;
										r13d = r15d;
										r13d =  <  ? r10d : r13d;
										_t755 =  >=  ? _t809 + 0x74 : _t807 + 0x314;
										_t830 = _t807 + 0x314;
										 *(_t809 + 0x50) = _t755;
										r9d = r14d;
										_t793 =  >=  ? _t830 : _t809 + 0x74;
										__eflags = _t527 & 0xffffff00 | r10d - r15d > 0x00000000;
										 *(_t809 + 0x38) = _t793;
										r10d =  !=  ? r15d : r10d;
										r15d = r14d;
										__eflags = r13d;
										if(r13d == 0) {
											L205:
											r8d = r15d;
											_t831 = _t830 << 2;
											 *(_t809 + 0x70) = r15d;
											__eflags = _t831;
											if(_t831 != 0) {
												_t755 = _t809 + 0x74;
												__eflags = _t831 - 0xffffffff;
												if(_t831 > 0xffffffff) {
													__eflags = 0;
													E02947430(0x1cc, _t638, 0, _t705, _t720, _t755, _t793, 0xffffffff);
													E02971538(__eflags, 0xffffffff);
													 *0xffffffff = 0x22;
													E02970D4C();
												} else {
													E02946FD0(_t638, _t705, _t713, _t720, _t755, _t807 + 0x4e4, _t831);
												}
												r15d =  *(_t809 + 0x70);
											}
											r13d =  *(_t809 + 0x24);
											L211:
											_t529 = 1;
											L212:
											__eflags = _t529;
											if(_t529 == 0) {
												goto L225;
											}
											goto L213;
										} else {
											goto L187;
										}
										do {
											L187:
											_t713 =  *(_t755 + 0x3ffffffffffffc);
											__eflags = _t713;
											if(_t713 != 0) {
												r11d = r14d;
												r8d = r9d;
												__eflags = r10d;
												if(r10d == 0) {
													L202:
													__eflags = r8d - 0x73;
													if(r8d == 0x73) {
														goto L225;
													}
													_t755 =  *(_t809 + 0x50);
													_t793 =  *(_t809 + 0x38);
													goto L204;
												}
												_t626 =  ~r9d;
												while(1) {
													__eflags = r8d - 0x73;
													if(r8d == 0x73) {
														break;
													}
													_t705 = r8d;
													__eflags = r8d - r15d;
													if(r8d == r15d) {
														_t349 = _t830 + 1; // 0x1
														 *(_t807 + 0x4e4 + _t803 * 4) = r14d;
														 *(_t807 + 0x4e0) = _t349;
													}
													r8d = r8d + 1;
													_t679 =  *(_t793 + 0x3ffffffffffffc);
													_t793 = _t793 * _t805 + 0x1ffffffffffffe;
													 *(_t807 + 0x4e4 + _t803 * 4) = _t679;
													r15d =  *(_t807 + 0x4e0);
													__eflags = _t751 + _t830 - r10d;
													if(_t751 + _t830 == r10d) {
														break;
													} else {
														_t793 =  *(_t809 + 0x38);
														continue;
													}
												}
												__eflags = r11d;
												if(r11d == 0) {
													goto L202;
												} else {
													goto L198;
												}
												while(1) {
													L198:
													__eflags = r8d - 0x73;
													if(r8d == 0x73) {
														goto L225;
													}
													__eflags = r8d - r15d;
													if(r8d == r15d) {
														_t366 = _t830 + 1; // 0x1
														 *(_t807 + 0x4e4 + _t793 * 4) = r14d;
														 *(_t807 + 0x4e0) = _t366;
													}
													r8d = r8d + 1;
													_t638 = r11d;
													 *(_t807 + 0x4e4 + _t793 * 4) = _t638;
													r15d =  *(_t807 + 0x4e0);
													_t755 = _t755 + 0xffffffff >> 0x20;
													r11d = _t638;
													__eflags = _t638;
													if(_t638 != 0) {
														continue;
													} else {
														goto L202;
													}
												}
												goto L225;
											}
											__eflags = r9d - r15d;
											if(r9d == r15d) {
												_t344 = _t855 + 1; // 0x1
												r15d = _t344;
												 *(_t807 + 0x400000000004e0) = r14d;
												 *(_t807 + 0x4e0) = r15d;
											}
											L204:
											r9d = r9d + 1;
											__eflags = r9d - r13d;
										} while (r9d != r13d);
										goto L205;
									}
									_t626 =  *(_t809 + 0x74);
									_t834 = _t856 << 2;
									r15d = r10d;
									 *(_t809 + 0x70) = r10d;
									__eflags = _t834;
									if(_t834 != 0) {
										_t755 = _t809 + 0x74;
										__eflags = _t834 - 0xffffffff;
										if(_t834 > 0xffffffff) {
											__eflags = 0;
											E02947430(0x1cc, _t638, 0, _t705, _t720, _t755, 0x40000002995e6c, 0xffffffff);
											E02971538(__eflags, 0xffffffff);
											 *0xffffffff = 0x22;
											E02970D4C();
										} else {
											_t790 = _t807 + 0x314;
											E02946FD0(_t638, _t705, _t713, _t720, _t755, _t790, _t834);
										}
										r15d =  *(_t809 + 0x70);
									}
									__eflags = _t626;
									if(_t626 == 0) {
										L164:
										r15d = r14d;
										 *(_t809 + 0x70) = r14d;
									} else {
										__eflags = _t626 - 1;
										if(_t626 == 1) {
											goto L211;
										}
										__eflags = r15d;
										if(r15d == 0) {
											goto L211;
										}
										r8d = r14d;
										r9d = r14d;
										_t856 = _t751;
										do {
											r9d = r9d + 1;
											_t638 =  *(_t809 + 0x74 + _t790 * 4);
											_t755 = _t755 * _t856 + 0xffffffff;
											 *(_t809 + 0x74 + _t790 * 4) = _t638;
											__eflags = r9d - r15d;
										} while (r9d != r15d);
										L169:
										__eflags = r8d;
										if(r8d == 0) {
											r15d =  *(_t809 + 0x70);
											goto L211;
										}
										__eflags =  *(_t809 + 0x70) - 0x73;
										if( *(_t809 + 0x70) >= 0x73) {
											r15d = r14d;
											 *(_t809 + 0x70) = r14d;
											_t529 = r14b;
											goto L212;
										}
										 *(_t809 + 0x40000000000070) = r8d;
										r15d =  *(_t809 + 0x70);
										r15d = r15d + 1;
										 *(_t809 + 0x70) = r15d;
									}
									goto L211;
								}
								_t551 =  *(_t807 + 0x314);
								__eflags = _t551;
								if(_t551 != 0) {
									__eflags = _t551 - 1;
									if(_t551 == 1) {
										goto L211;
									}
									__eflags = r15d;
									if(r15d == 0) {
										goto L211;
									}
									r8d = r14d;
									r9d = r14d;
									_t856 = 0xffffffff;
									do {
										r9d = r9d + 1;
										_t638 =  *(_t809 + 0x10000000a657a24);
										_t755 = 0xffffffff + _t755 * 0xffffffff;
										 *(_t809 + 0x10000000a657a24) = _t638;
										__eflags = r9d - r15d;
									} while (r9d != r15d);
									goto L169;
								}
								goto L164;
								L213:
								r13d = r13d -  *(_t809 + 0x34);
								__eflags = r13d;
								_t787 = 0x2900000;
								 *(_t809 + 0x24) = r13d;
								_t641 = 0x26;
							} while (r13d != 0);
							_t637 =  *(_t809 + 0x30);
							goto L215;
						}
						_t787 = 0x2900000;
						_t555 = 0xcccccccd * _t636 >> 0x20 >> 3;
						 *(_t809 + 0x34) = _t555;
						r13d = _t555;
						 *(_t809 + 0x24) = _t555;
						__eflags = _t555;
						if(_t555 == 0) {
							L143:
							_t638 = _t636 - 0x9ffffffffffff6;
							__eflags = _t638;
							if(_t638 == 0) {
								goto L152;
							}
							_t559 =  *(_t787 + 0x40000000096814);
							__eflags = _t559;
							if(_t559 == 0) {
								L159:
								r12d = r14d;
								 *(_t807 + 0x140) = r14d;
								goto L152;
							}
							__eflags = _t559 - 1;
							if(_t559 == 1) {
								goto L152;
							}
							__eflags = r12d;
							if(r12d == 0) {
								goto L152;
							}
							r8d = r14d;
							r9d = r14d;
							r10d = _t559;
							do {
								r9d = r9d + 1;
								_t638 =  *(_t807 + 0x144 + _t787 * 4);
								_t755 = _t755 * _t856 + 0xffffffff;
								 *(_t807 + 0x144 + _t787 * 4) = _t638;
								__eflags = r9d - r12d;
							} while (r9d != r12d);
							__eflags = r8d;
							if(r8d == 0) {
								r12d =  *(_t807 + 0x140);
								goto L152;
							}
							__eflags =  *(_t807 + 0x140) - 0x73;
							if( *(_t807 + 0x140) >= 0x73) {
								goto L159;
							}
							 *(_t807 + 0x40000000000140) = r8d;
							r12d =  *(_t807 + 0x140);
							r12d = r12d + 1;
							__eflags = r12d;
							 *(_t807 + 0x140) = r12d;
							goto L152;
						}
						_t642 = 0x26;
						do {
							__eflags = r13d - _t642;
							_t563 =  >  ? _t642 : r13d;
							 *(_t809 + 0x30) = _t563;
							_t705 = _t563 - 1;
							_t638 =  *(_t787 + 0x4000000009677e) & 0x000000ff;
							_t713 =  *(_t787 + 0x4000000009677f) & 0x000000ff;
							_t626 = _t638;
							_t751 = _t751 << 2;
							 *(_t807 + 0x310) = _t805 + _t755;
							E02947430(_t805 + _t755, _t638, 0, _t563 - 1, _t720, _t807 + 0x314, _t787, _t751);
							_t805 = _t805 << 2;
							_t755 = _t807 + 0x314 + _t751;
							_t787 = 0x40000002995e6c;
							_t568 = E02946FD0(_t638, _t563 - 1, _t713, _t720, _t755, 0x40000002995e6c, _t805);
							r10d =  *(_t807 + 0x310);
							__eflags = r10d - 1;
							if(r10d > 1) {
								__eflags = r12d - 1;
								if(r12d > 1) {
									__eflags = r10d - r12d;
									 *(_t807 + 0x4e0) = r14d;
									r13d = r12d;
									r13d =  <  ? r10d : r13d;
									_t755 =  >=  ? _t807 + 0x144 : _t807 + 0x314;
									_t844 = _t807 + 0x314;
									 *(_t809 + 0x38) = _t755;
									r9d = r14d;
									_t787 =  >=  ? _t844 : _t807 + 0x144;
									__eflags = _t568 & 0xffffff00 | r10d - r12d > 0x00000000;
									 *(_t809 + 0x28) = _t787;
									r10d =  !=  ? r12d : r10d;
									r12d = r14d;
									__eflags = r13d;
									if(r13d == 0) {
										L133:
										r8d = r12d;
										_t845 = _t844 << 2;
										 *(_t807 + 0x140) = r12d;
										__eflags = _t845;
										if(_t845 != 0) {
											_t755 = _t807 + 0x144;
											__eflags = _t845 - 0xffffffff;
											if(_t845 > 0xffffffff) {
												__eflags = 0;
												E02947430(0x1cc, _t638, 0, _t705, _t720, _t755, _t787, 0xffffffff);
												E02971538(__eflags, 0xffffffff);
												 *0xffffffff = 0x22;
												E02970D4C();
											} else {
												_t787 = _t807 + 0x4e4;
												E02946FD0(_t638, _t705, _t713, _t720, _t755, _t787, _t845);
											}
											r12d =  *(_t807 + 0x140);
										}
										r13d =  *(_t809 + 0x24);
										L139:
										_t570 = 1;
										L140:
										__eflags = _t570;
										if(_t570 == 0) {
											goto L159;
										}
										goto L141;
									} else {
										goto L115;
									}
									do {
										L115:
										_t713 =  *(_t755 + 0x3ffffffffffffc);
										__eflags = _t713;
										if(_t713 != 0) {
											r11d = r14d;
											r8d = r9d;
											__eflags = r10d;
											if(r10d == 0) {
												L130:
												__eflags = r8d - 0x73;
												if(r8d == 0x73) {
													goto L159;
												}
												_t755 =  *(_t809 + 0x38);
												_t787 =  *(_t809 + 0x28);
												goto L132;
											}
											_t626 =  ~r9d;
											while(1) {
												__eflags = r8d - 0x73;
												if(r8d == 0x73) {
													break;
												}
												_t705 = r8d;
												__eflags = r8d - r12d;
												if(r8d == r12d) {
													_t198 = _t844 + 1; // 0x1
													 *(_t807 + 0x4e4 + _t803 * 4) = r14d;
													 *(_t807 + 0x4e0) = _t198;
												}
												r8d = r8d + 1;
												_t688 =  *(_t787 + 0x3ffffffffffffc);
												_t787 = _t787 * _t805 + 0x1ffffffffffffe;
												 *(_t807 + 0x4e4 + _t803 * 4) = _t688;
												r12d =  *(_t807 + 0x4e0);
												__eflags = _t751 + _t844 - r10d;
												if(_t751 + _t844 == r10d) {
													break;
												} else {
													_t787 =  *(_t809 + 0x28);
													continue;
												}
											}
											__eflags = r11d;
											if(r11d == 0) {
												goto L130;
											} else {
												goto L126;
											}
											while(1) {
												L126:
												__eflags = r8d - 0x73;
												if(r8d == 0x73) {
													goto L159;
												}
												__eflags = r8d - r12d;
												if(r8d == r12d) {
													_t215 = _t844 + 1; // 0x1
													 *(_t807 + 0x4e4 + _t787 * 4) = r14d;
													 *(_t807 + 0x4e0) = _t215;
												}
												r8d = r8d + 1;
												_t638 = r11d;
												 *(_t807 + 0x4e4 + _t787 * 4) = _t638;
												r12d =  *(_t807 + 0x4e0);
												_t755 = _t755 + 0xffffffff >> 0x20;
												r11d = _t638;
												__eflags = _t638;
												if(_t638 != 0) {
													continue;
												} else {
													goto L130;
												}
											}
											goto L159;
										}
										__eflags = r9d - r12d;
										if(r9d == r12d) {
											_t193 = _t855 + 1; // 0x1
											r12d = _t193;
											 *(_t807 + 0x400000000004e0) = r14d;
											 *(_t807 + 0x4e0) = r12d;
										}
										L132:
										r9d = r9d + 1;
										__eflags = r9d - r13d;
									} while (r9d != r13d);
									goto L133;
								}
								_t626 =  *(_t807 + 0x144);
								_t848 = _t856 << 2;
								r12d = r10d;
								 *(_t807 + 0x140) = r10d;
								__eflags = _t848;
								if(_t848 != 0) {
									_t755 = _t807 + 0x144;
									__eflags = _t848 - 0xffffffff;
									if(_t848 > 0xffffffff) {
										__eflags = 0;
										E02947430(0x1cc, _t638, 0, _t705, _t720, _t755, 0x40000002995e6c, 0xffffffff);
										E02971538(__eflags, 0xffffffff);
										 *0xffffffff = 0x22;
										E02970D4C();
									} else {
										_t787 = _t807 + 0x314;
										E02946FD0(_t638, _t705, _t713, _t720, _t755, _t787, _t848);
									}
									r12d =  *(_t807 + 0x140);
								}
								__eflags = _t626;
								if(_t626 == 0) {
									L92:
									r12d = r14d;
									 *(_t807 + 0x140) = r14d;
								} else {
									__eflags = _t626 - 1;
									if(_t626 == 1) {
										goto L139;
									}
									__eflags = r12d;
									if(r12d == 0) {
										goto L139;
									}
									r8d = r14d;
									r9d = r14d;
									_t856 = _t751;
									do {
										r9d = r9d + 1;
										_t638 =  *(_t807 + 0x144 + _t787 * 4);
										_t755 = _t755 * _t856 + 0xffffffff;
										 *(_t807 + 0x144 + _t787 * 4) = _t638;
										__eflags = r9d - r12d;
									} while (r9d != r12d);
									L97:
									__eflags = r8d;
									if(r8d == 0) {
										r12d =  *(_t807 + 0x140);
										goto L139;
									}
									__eflags =  *(_t807 + 0x140) - 0x73;
									if( *(_t807 + 0x140) >= 0x73) {
										r12d = r14d;
										 *(_t807 + 0x140) = r14d;
										_t570 = r14b;
										goto L140;
									}
									 *(_t807 + 0x40000000000140) = r8d;
									r12d =  *(_t807 + 0x140);
									r12d = r12d + 1;
									 *(_t807 + 0x140) = r12d;
								}
								goto L139;
							}
							_t592 =  *(_t807 + 0x314);
							__eflags = _t592;
							if(_t592 != 0) {
								__eflags = _t592 - 1;
								if(_t592 == 1) {
									goto L139;
								}
								__eflags = r12d;
								if(r12d == 0) {
									goto L139;
								}
								r8d = r14d;
								r9d = r14d;
								_t856 = 0xffffffff;
								do {
									r9d = r9d + 1;
									_t638 =  *(_t807 + 0x10000000a657af4);
									_t755 = 0xffffffff + _t755 * 0xffffffff;
									 *(_t807 + 0x10000000a657af4) = _t638;
									__eflags = r9d - r12d;
								} while (r9d != r12d);
								goto L97;
							}
							goto L92;
							L141:
							r13d = r13d -  *(_t809 + 0x30);
							__eflags = r13d;
							_t787 = 0x2900000;
							 *(_t809 + 0x24) = r13d;
							_t642 = 0x26;
						} while (r13d != 0);
						_t636 =  *(_t809 + 0x20);
						goto L143;
					}
					 *(_t807 + 0x318) = 0x100000;
					 *(_t807 + 0x314) = 0;
					 *(_t807 + 0x310) = 2;
					__eflags = __ebx;
					if(__eflags == 0) {
						goto L72;
					}
					r8d = r14d;
					while(1) {
						_t599 =  *(_t809 + 0x74 + _t755 * 4);
						__eflags =  *((intOrPtr*)(_t807 + 0x314 + _t755 * 4)) - _t599;
						if(__eflags != 0) {
							goto L72;
						}
						r8d = r8d + 1;
						__eflags = r8d - 2;
						if(__eflags != 0) {
							continue;
						}
						asm("bsr eax, ebx");
						 *(_t809 + 0x28) = r14d;
						if(__eflags == 0) {
							_t600 = r14d;
						} else {
							_t600 = _t599 + 1;
						}
						r8d = 0x20;
						r15d = _t664;
						r8d = r8d - _t600;
						_t601 = _t664;
						r13d = r13d | 0xffffffff;
						__eflags = r13d;
						while(1) {
							r11d = _t601;
							r9d = 0xffffffffffffe;
							__eflags = _t601 - _t664;
							if(_t601 >= _t664) {
								r10d = r14d;
							} else {
								r10d =  *(_t809 + 0x74 + _t857 * 4);
							}
							__eflags = r9d - _t664;
							if(r9d >= _t664) {
								_t644 = r14d;
							} else {
								_t644 =  *(_t809 + 0x74 + _t855 * 4);
							}
							_t646 = _t644 >> 0x0000001e | r10d << 0x00000002;
							_t601 = r9d;
							 *(_t809 + 0x74 + _t857 * 4) = _t644 >> 0x0000001e | r10d << 0x00000002;
							__eflags = r9d - r13d;
							if(r9d == r13d) {
								break;
							}
							_t664 =  *(_t809 + 0x70);
						}
						__eflags = r8d - 2;
						_t755 = _t807 + 0x314;
						r15d =  <  ? _t863 + 1 : r15d;
						 *(_t809 + 0x70) = r15d;
						_t705 = 0x436 >> 5;
						_t626 = 0x436;
						_t751 = _t751 << 2;
						_t814 = _t751;
						E02947430(_t863 + 1, _t646, 0, 0x436 >> 5, _t720, _t755, _t786, _t814);
						_t713 = 0x00000436 - _t703 & 0x0000001f;
						_t635 = sil;
						_t490 = 1 << sil;
						__eflags = 1;
						 *(_t807 + _t751 + 0x314) = 1;
						goto L69;
					}
					goto L72;
				}
				 *(_t807 + 0x318) = 0x100000;
				 *(_t807 + 0x314) = 0;
				 *(_t807 + 0x310) = 2;
				if(__ebx == 0) {
					L28:
					_t629 = _t803 - 0x433;
					 *(_t809 + 0x28) = r14d;
					r8d = 0x20;
					_t608 = _t786 - 1;
					r9d = _t629;
					_t626 = _t629 & 0x0000001f;
					r9d = r9d >> 5;
					_t713 = r8d - _t626;
					_t803 = _t803 << _t713;
					_t705 = _t813 - 0x1e;
					__eflags = _t705;
					asm("bsr eax, [esp+eax*4+0x74]");
					r12d = _t705;
					r12d =  !r12d;
					if(_t705 == 0) {
						_t609 = r14d;
					} else {
						_t609 = _t608 + 1;
					}
					r8d = r8d - _t609;
					_t610 = _t786 + _t855;
					__eflags = _t610 - 0x73;
					if(_t610 != 0x73) {
						L33:
						_t649 = r14b;
						goto L34;
					} else {
						_t649 = 1;
						__eflags = _t626 - r8d;
						if(_t626 > r8d) {
							L34:
							r13d = r13d | 0xffffffff;
							__eflags = _t610 - 0x73;
							if(_t610 > 0x73) {
								L49:
								r15d = r14d;
								 *(_t809 + 0x70) = r14d;
								L50:
								r12d = 1;
								 *(_t807 + 0x318) = r14d;
								 *(_t807 + 0x140) = r12d;
								 *(_t807 + 0x310) = 1;
								 *(_t807 + 0x144) = 2;
								goto L87;
							}
							__eflags = _t649;
							if(_t649 != 0) {
								goto L49;
							}
							r15d = 0x72;
							__eflags = _t610 - r15d;
							r15d =  <  ? _t610 : r15d;
							r11d = r15d;
							__eflags = r15d - r13d;
							if(r15d == r13d) {
								L46:
								_t650 = r14d;
								__eflags = r9d;
								if(r9d == 0) {
									L48:
									__eflags = _t626 - r8d;
									r15d =  >  ? _t863 + 1 : r15d;
									 *(_t809 + 0x70) = r15d;
									goto L50;
								} else {
									goto L47;
								}
								do {
									L47:
									_t650 = _t650 + 1;
									 *(_t809 + 0x40000000000070) = r14d;
									__eflags = _t650 - r9d;
								} while (_t650 != r9d);
								goto L48;
							} else {
								goto L37;
							}
							while(1) {
								L37:
								__eflags = r11d - r9d;
								if(r11d < r9d) {
									goto L46;
								}
								_t651 = 0xffffffffffffe;
								__eflags = r11d - r9d - _t664;
								if(r11d - r9d >= _t664) {
									r10d = r14d;
								} else {
									r10d =  *(_t809 + 0x40000000000070);
								}
								__eflags = _t651 - _t664;
								if(_t651 >= _t664) {
									_t694 = r14d;
								} else {
									_t694 =  *(_t809 + 0x74 + _t755 * 4);
								}
								r10d = r10d & _t705;
								r11d = r11d + r13d;
								r10d = r10d << _t626;
								 *(_t809 + 0x40000000000070) = (_t694 & r12d) >> _t713 | r10d;
								__eflags = r11d - r13d;
								if(r11d == r13d) {
									goto L46;
								} else {
									_t664 =  *(_t809 + 0x70);
									continue;
								}
							}
							goto L46;
						}
						goto L33;
					}
				} else {
					r8d = r14d;
					while( *((intOrPtr*)(_t807 + 0x314 + _t755 * 4)) ==  *(_t809 + 0x74 + _t755 * 4)) {
						r8d = r8d + 1;
						if(r8d != 2) {
							continue;
						} else {
							_t630 = _t803 - 0x432;
							 *(_t809 + 0x28) = r14d;
							r8d = 0x20;
							_t617 = _t786 - 1;
							r9d = _t630;
							_t626 = _t630 & 0x0000001f;
							r9d = r9d >> 5;
							_t713 = r8d - _t626;
							_t27 = _t813 - 0x1f; // -30
							_t803 = _t803 << _t713;
							_t705 = _t27 - 1;
							asm("bsr eax, [esp+eax*4+0x74]");
							r12d = _t705;
							r12d =  !r12d;
							if(_t705 == 0) {
								_t618 = r14d;
							} else {
								_t618 = _t617 + 1;
							}
							r8d = r8d - _t618;
							_t619 = _t786 + _t855;
							if(_t619 != 0x73) {
								L10:
								_t657 = r14b;
								L11:
								r13d = r13d | 0xffffffff;
								if(_t619 > 0x73 || _t657 != 0) {
									r15d = r14d;
									 *(_t809 + 0x70) = r14d;
									goto L27;
								} else {
									r15d = 0x72;
									r15d =  <  ? _t619 : r15d;
									r11d = r15d;
									if(r15d == r13d) {
										L23:
										_t658 = r14d;
										__eflags = r9d;
										if(r9d == 0) {
											L25:
											__eflags = _t626 - r8d;
											r15d =  >  ? _t863 + 1 : r15d;
											 *(_t809 + 0x70) = r15d;
											L27:
											r12d = 1;
											 *(_t807 + 0x318) = r14d;
											 *(_t807 + 0x140) = r12d;
											 *(_t807 + 0x310) = 1;
											 *(_t807 + 0x144) = 4;
											goto L87;
										} else {
											goto L24;
										}
										do {
											L24:
											_t658 = _t658 + 1;
											 *(_t809 + 0x40000000000070) = r14d;
											__eflags = _t658 - r9d;
										} while (_t658 != r9d);
										goto L25;
									}
									while(r11d >= r9d) {
										if(_t659 >= _t664) {
											_t698 = r14d;
										} else {
											_t698 =  *(_t809 + 0x74 + _t755 * 4);
										}
										r10d = r10d & _t705;
										r11d = r11d + r13d;
										r10d = r10d << _t626;
										 *(_t809 + 0x40000000000070) = (_t698 & r12d) >> _t713 | r10d;
										if(r11d == r13d) {
											goto L23;
										}
										_t664 =  *(_t809 + 0x70);
									}
									goto L23;
								}
							}
							_t657 = 1;
							if(_t626 > r8d) {
								goto L11;
							}
							goto L10;
						}
					}
					goto L28;
				}
			}

0x029801c0
0x029801c0
0x029801c0
0x029801c0
0x029801c0
0x029801cd
0x029801d5
0x029801dc
0x029801e6
0x029801f9
0x029801fe
0x02980203
0x02980207
0x0298020d
0x02980215
0x0298021a
0x0298021e
0x0298023a
0x0298024a
0x02980250
0x02980253
0x02980255
0x0298025b
0x02980263
0x02980268
0x0298026c
0x0298027b
0x0298027d
0x02980283
0x02980287
0x0298028f
0x02980291
0x02980296
0x02980298
0x029802a2
0x02980549
0x0298054c
0x02980685
0x02980685
0x02980688
0x0298068d
0x02980692
0x02980698
0x02980694
0x02980694
0x02980694
0x0298069b
0x029806a1
0x029806a4
0x029806a7
0x029806a9
0x029806a9
0x029806ad
0x029806ad
0x029806b0
0x029806b4
0x029806b6
0x029806bf
0x029806b8
0x029806b8
0x029806b8
0x029806c2
0x029806c5
0x029806ce
0x029806c7
0x029806c7
0x029806c7
0x029806d8
0x029806da
0x029806dd
0x029806e2
0x029806e5
0x00000000
0x00000000
0x029806e7
0x029806e7
0x029806ed
0x029806fa
0x02980701
0x02980709
0x0298070e
0x02980713
0x02980715
0x02980719
0x0298071c
0x02980721
0x02980729
0x0298072c
0x0298072e
0x0298063d
0x0298063d
0x0298063d
0x02980641
0x02980644
0x02980648
0x0298064f
0x02980656
0x02980659
0x0298065f
0x02980664
0x0298066b
0x0298066e
0x0298073d
0x0298073f
0x02980744
0x02980749
0x0298074f
0x02980674
0x0298067b
0x0298067b
0x02980754
0x02980754
0x0298075b
0x0298075b
0x02980764
0x02980766
0x02980c71
0x02980c75
0x02980c7b
0x02980c82
0x02980c85
0x02980c89
0x02980c8c
0x02980c90
0x02980c92
0x02981047
0x0298104c
0x0298104c
0x0298104e
0x02980bfc
0x02980bfc
0x02980c01
0x02980c04
0x02980c07
0x02981106
0x02981106
0x02981112
0x02981117
0x0298111b
0x0298111e
0x029811b4
0x029811b6
0x029811bc
0x029811bc
0x029811be
0x029811c2
0x029811b8
0x029811b8
0x029811b8
0x029811c4
0x029811c4
0x029811c9
0x029811cb
0x029811cf
0x029811d1
0x029811d3
0x029811d8
0x029811da
0x029811da
0x029811d8
0x029811e1
0x029811e4
0x029811e7
0x029811eb
0x029811ef
0x029811f2
0x029812e7
0x029812e7
0x029812f1
0x0298130c
0x029811f8
0x029811f8
0x029811fe
0x029811fe
0x02981201
0x02981201
0x02981206
0x02981209
0x00000000
0x00000000
0x0298120f
0x02981212
0x02981215
0x02981218
0x0298122f
0x02981237
0x02981237
0x0298123c
0x0298123f
0x02981241
0x02981246
0x02981257
0x02981257
0x0298125a
0x02981268
0x02981277
0x02981248
0x0298124c
0x02981251
0x02981251
0x02981246
0x0298127c
0x02981283
0x02981288
0x0298128d
0x02981290
0x02981293
0x02981293
0x02981296
0x0298129c
0x029812ac
0x029812af
0x029812b1
0x029812b4
0x029812b4
0x029812b8
0x029812bb
0x029812be
0x029812c0
0x029812c3
0x029812c3
0x029812c6
0x029812c9
0x029812c9
0x029812d1
0x029812d4
0x029812d7
0x029812db
0x029812de
0x029812e1
0x00000000
0x00000000
0x00000000
0x029812e1
0x00000000
0x02981201
0x029811f2
0x02981124
0x02981126
0x02981129
0x0298112d
0x02981130
0x00000000
0x00000000
0x02981136
0x02981139
0x0298113c
0x0298113f
0x02981154
0x02981160
0x02981160
0x02981165
0x02981168
0x0298116a
0x02981171
0x02981189
0x0298118c
0x0298119a
0x029811ad
0x02981173
0x02981179
0x02981181
0x02981181
0x02981171
0x00000000
0x02981168
0x02980c0d
0x02980c10
0x02980c13
0x02980c16
0x02980c28
0x02980c31
0x02980c31
0x02980c36
0x02980c39
0x02980c3f
0x02980c44
0x029810e1
0x029810e1
0x029810e4
0x029810f2
0x02981101
0x02980c4a
0x02980c4e
0x02980c53
0x02980c53
0x02980c44
0x00000000
0x02980c39
0x02981057
0x0298105e
0x02981060
0x029810d2
0x029810d2
0x029810d7
0x029810da
0x00000000
0x029810da
0x02981062
0x02981065
0x00000000
0x00000000
0x0298106b
0x0298106e
0x00000000
0x00000000
0x02981074
0x02981077
0x0298107a
0x0298107d
0x02981080
0x02981086
0x0298108e
0x02981094
0x0298109c
0x0298109c
0x029810a1
0x029810a4
0x029810c8
0x00000000
0x029810c8
0x029810a6
0x029810ab
0x00000000
0x00000000
0x029810b1
0x029810b6
0x029810bb
0x029810be
0x00000000
0x029810be
0x02980c98
0x02980c9d
0x02980c9d
0x02980ca3
0x02980ca6
0x02980cac
0x02980cae
0x02980cb6
0x02980cbe
0x02980cc0
0x02980cd3
0x02980cd9
0x02980ce5
0x02980d02
0x02980d05
0x02980d09
0x02980d0e
0x02980d15
0x02980d19
0x02980db6
0x02980dba
0x02980e60
0x02980e63
0x02980e6f
0x02980e72
0x02980e7d
0x02980e81
0x02980e8b
0x02980e95
0x02980e98
0x02980e9c
0x02980e9e
0x02980ea3
0x02980ea7
0x02980eaa
0x02980ead
0x02980fc7
0x02980fc7
0x02980fca
0x02980fce
0x02980fd3
0x02980fd6
0x02980fdd
0x02980fe2
0x02980fe5
0x02980ff8
0x02980ffa
0x02980fff
0x02981004
0x0298100a
0x02980fe7
0x02980fee
0x02980fee
0x0298100f
0x0298100f
0x02981014
0x02981019
0x02981019
0x0298101b
0x0298101b
0x0298101d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x02980eb3
0x02980eb3
0x02980eb6
0x02980eb9
0x02980ebb
0x02980ede
0x02980ee1
0x02980ee4
0x02980ee7
0x02980fa7
0x02980fa7
0x02980fab
0x00000000
0x00000000
0x02980fb1
0x02980fb6
0x00000000
0x02980fb6
0x02980ef0
0x02980ef2
0x02980ef2
0x02980ef6
0x00000000
0x00000000
0x02980ef8
0x02980efb
0x02980efe
0x02980f00
0x02980f04
0x02980f0c
0x02980f0c
0x02980f16
0x02980f19
0x02980f2d
0x02980f37
0x02980f3e
0x02980f49
0x02980f4c
0x00000000
0x02980f4e
0x02980f4e
0x00000000
0x02980f4e
0x02980f4c
0x02980f55
0x02980f58
0x00000000
0x00000000
0x00000000
0x00000000
0x02980f5a
0x02980f5a
0x02980f5a
0x02980f5e
0x00000000
0x00000000
0x02980f67
0x02980f6a
0x02980f6c
0x02980f70
0x02980f78
0x02980f78
0x02980f85
0x02980f88
0x02980f8e
0x02980f95
0x02980f9c
0x02980fa0
0x02980fa3
0x02980fa5
0x00000000
0x00000000
0x00000000
0x00000000
0x02980fa5
0x00000000
0x02980f5a
0x02980ebd
0x02980ec0
0x02980ec6
0x02980ec6
0x02980eca
0x02980ed2
0x02980ed2
0x02980fbb
0x02980fbb
0x02980fbe
0x02980fbe
0x00000000
0x02980eb3
0x02980dc0
0x02980dc7
0x02980dcb
0x02980dce
0x02980dd3
0x02980dd6
0x02980ddd
0x02980de2
0x02980de5
0x02980df8
0x02980dfa
0x02980dff
0x02980e04
0x02980e0a
0x02980de7
0x02980de7
0x02980dee
0x02980dee
0x02980e0f
0x02980e0f
0x02980e14
0x02980e16
0x02980d29
0x02980d29
0x02980d2c
0x02980e1c
0x02980e1c
0x02980e1f
0x00000000
0x00000000
0x02980e25
0x02980e28
0x00000000
0x00000000
0x02980e2e
0x02980e31
0x02980e34
0x02980e37
0x02980e3a
0x02980e40
0x02980e48
0x02980e4e
0x02980e56
0x02980e56
0x02980d75
0x02980d75
0x02980d78
0x02980dac
0x00000000
0x02980dac
0x02980d7a
0x02980d7f
0x02980d9c
0x02980d9f
0x02980da4
0x00000000
0x02980da4
0x02980d85
0x02980d8a
0x02980d8f
0x02980d92
0x02980d92
0x00000000
0x02980e16
0x02980d1f
0x02980d25
0x02980d27
0x02980d36
0x02980d39
0x00000000
0x00000000
0x02980d3f
0x02980d42
0x00000000
0x00000000
0x02980d48
0x02980d4b
0x02980d4e
0x02980d51
0x02980d54
0x02980d5a
0x02980d62
0x02980d68
0x02980d70
0x02980d70
0x00000000
0x02980d51
0x00000000
0x02981023
0x02981023
0x02981023
0x02981028
0x0298102f
0x02981034
0x02981034
0x0298103f
0x00000000
0x02981043
0x02980770
0x02980777
0x0298077a
0x0298077e
0x02980781
0x02980785
0x02980787
0x02980b6b
0x02980b70
0x02980b70
0x02980b72
0x00000000
0x00000000
0x02980b7b
0x02980b82
0x02980b84
0x02980c65
0x02980c65
0x02980c68
0x00000000
0x02980c68
0x02980b8a
0x02980b8d
0x00000000
0x00000000
0x02980b8f
0x02980b92
0x00000000
0x00000000
0x02980b94
0x02980b97
0x02980b9a
0x02980b9d
0x02980ba0
0x02980ba6
0x02980bb1
0x02980bb7
0x02980bc2
0x02980bc2
0x02980bc7
0x02980bca
0x02980c5c
0x00000000
0x02980c5c
0x02980bd0
0x02980bd7
0x00000000
0x00000000
0x02980be3
0x02980beb
0x02980bf2
0x02980bf2
0x02980bf5
0x00000000
0x02980bf5
0x0298078d
0x02980792
0x02980792
0x02980798
0x0298079b
0x029807a1
0x029807a3
0x029807ab
0x029807b3
0x029807b5
0x029807c8
0x029807ce
0x029807da
0x029807f7
0x029807fa
0x029807fe
0x02980803
0x0298080a
0x0298080e
0x029808c2
0x029808c6
0x0298097a
0x0298097d
0x0298098b
0x0298098e
0x02980999
0x0298099d
0x029809a7
0x029809b3
0x029809b6
0x029809ba
0x029809bc
0x029809c1
0x029809c5
0x029809c8
0x029809cb
0x02980ae5
0x02980ae5
0x02980ae8
0x02980aec
0x02980af3
0x02980af6
0x02980afd
0x02980b04
0x02980b07
0x02980b1a
0x02980b1c
0x02980b21
0x02980b26
0x02980b2c
0x02980b09
0x02980b09
0x02980b10
0x02980b10
0x02980b31
0x02980b31
0x02980b38
0x02980b3d
0x02980b3d
0x02980b3f
0x02980b3f
0x02980b41
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x029809d1
0x029809d1
0x029809d4
0x029809d7
0x029809d9
0x029809fc
0x029809ff
0x02980a02
0x02980a05
0x02980ac5
0x02980ac5
0x02980ac9
0x00000000
0x00000000
0x02980acf
0x02980ad4
0x00000000
0x02980ad4
0x02980a0e
0x02980a10
0x02980a10
0x02980a14
0x00000000
0x00000000
0x02980a16
0x02980a19
0x02980a1c
0x02980a1e
0x02980a22
0x02980a2a
0x02980a2a
0x02980a34
0x02980a37
0x02980a4b
0x02980a55
0x02980a5c
0x02980a67
0x02980a6a
0x00000000
0x02980a6c
0x02980a6c
0x00000000
0x02980a6c
0x02980a6a
0x02980a73
0x02980a76
0x00000000
0x00000000
0x00000000
0x00000000
0x02980a78
0x02980a78
0x02980a78
0x02980a7c
0x00000000
0x00000000
0x02980a85
0x02980a88
0x02980a8a
0x02980a8e
0x02980a96
0x02980a96
0x02980aa3
0x02980aa6
0x02980aac
0x02980ab3
0x02980aba
0x02980abe
0x02980ac1
0x02980ac3
0x00000000
0x00000000
0x00000000
0x00000000
0x02980ac3
0x00000000
0x02980a78
0x029809db
0x029809de
0x029809e4
0x029809e4
0x029809e8
0x029809f0
0x029809f0
0x02980ad9
0x02980ad9
0x02980adc
0x02980adc
0x00000000
0x029809d1
0x029808cc
0x029808d5
0x029808d9
0x029808dc
0x029808e3
0x029808e6
0x029808ed
0x029808f4
0x029808f7
0x0298090a
0x0298090c
0x02980911
0x02980916
0x0298091c
0x029808f9
0x029808f9
0x02980900
0x02980900
0x02980921
0x02980921
0x02980928
0x0298092a
0x0298081e
0x0298081e
0x02980821
0x02980930
0x02980930
0x02980933
0x00000000
0x00000000
0x02980939
0x0298093c
0x00000000
0x00000000
0x02980942
0x02980945
0x02980948
0x0298094b
0x0298094e
0x02980954
0x0298095f
0x02980965
0x02980970
0x02980970
0x02980872
0x02980872
0x02980875
0x029808b6
0x00000000
0x029808b6
0x02980877
0x0298087e
0x029808a4
0x029808a7
0x029808ae
0x00000000
0x029808ae
0x02980886
0x0298088e
0x02980895
0x02980898
0x02980898
0x00000000
0x0298092a
0x02980814
0x0298081a
0x0298081c
0x0298082d
0x02980830
0x00000000
0x00000000
0x02980836
0x02980839
0x00000000
0x00000000
0x0298083f
0x02980842
0x02980845
0x02980848
0x0298084b
0x02980851
0x0298085c
0x02980862
0x0298086d
0x0298086d
0x00000000
0x02980848
0x00000000
0x02980b47
0x02980b47
0x02980b47
0x02980b4c
0x02980b53
0x02980b58
0x02980b58
0x02980b67
0x00000000
0x02980b67
0x02980554
0x0298055e
0x02980564
0x0298056a
0x0298056c
0x00000000
0x00000000
0x02980572
0x02980575
0x02980578
0x0298057c
0x02980583
0x00000000
0x00000000
0x02980589
0x0298058c
0x0298058f
0x00000000
0x00000000
0x02980591
0x02980594
0x02980599
0x0298059f
0x0298059b
0x0298059b
0x0298059b
0x029805a2
0x029805a8
0x029805ab
0x029805ae
0x029805b0
0x029805b0
0x029805b4
0x029805b4
0x029805b7
0x029805bb
0x029805bd
0x029805c6
0x029805bf
0x029805bf
0x029805bf
0x029805c9
0x029805cc
0x029805d5
0x029805ce
0x029805ce
0x029805ce
0x029805e1
0x029805e3
0x029805e6
0x029805eb
0x029805ee
0x00000000
0x00000000
0x029805f0
0x029805f0
0x029805f6
0x02980602
0x02980609
0x02980611
0x02980616
0x0298061b
0x0298061d
0x02980621
0x02980624
0x02980629
0x02980631
0x02980634
0x02980634
0x02980636
0x00000000
0x02980636
0x00000000
0x02980575
0x029802aa
0x029802b4
0x029802ba
0x029802c2
0x02980418
0x02980418
0x0298041e
0x02980423
0x02980429
0x0298042c
0x02980432
0x02980435
0x02980439
0x02980441
0x02980444
0x02980444
0x02980448
0x0298044d
0x02980450
0x02980453
0x02980459
0x02980455
0x02980455
0x02980455
0x0298045c
0x0298045f
0x02980463
0x02980466
0x0298046f
0x0298046f
0x00000000
0x02980468
0x02980468
0x0298046a
0x0298046d
0x02980472
0x02980472
0x02980476
0x02980479
0x02980514
0x02980514
0x02980517
0x0298051c
0x0298051c
0x02980522
0x02980529
0x02980530
0x0298053a
0x00000000
0x0298053a
0x0298047f
0x02980481
0x00000000
0x00000000
0x02980487
0x0298048d
0x02980490
0x02980494
0x02980497
0x0298049a
0x029804ec
0x029804ec
0x029804ef
0x029804f2
0x02980502
0x02980502
0x02980509
0x0298050d
0x00000000
0x00000000
0x00000000
0x00000000
0x029804f4
0x029804f4
0x029804f6
0x029804f8
0x029804fd
0x029804fd
0x00000000
0x00000000
0x00000000
0x00000000
0x0298049c
0x0298049c
0x0298049c
0x0298049f
0x00000000
0x00000000
0x029804a7
0x029804aa
0x029804ac
0x029804b5
0x029804ae
0x029804ae
0x029804ae
0x029804b8
0x029804ba
0x029804c2
0x029804bc
0x029804bc
0x029804bc
0x029804cd
0x029804d2
0x029804d7
0x029804dd
0x029804e1
0x029804e4
0x00000000
0x029804e6
0x029804e6
0x00000000
0x029804e6
0x029804e4
0x00000000
0x0298049c
0x00000000
0x0298046d
0x029802c8
0x029802c8
0x029802cb
0x029802df
0x029802e5
0x00000000
0x029802e7
0x029802e7
0x029802ed
0x029802f2
0x029802f8
0x029802fb
0x02980301
0x02980304
0x02980308
0x0298030c
0x02980310
0x02980313
0x02980317
0x0298031c
0x0298031f
0x02980322
0x02980328
0x02980324
0x02980324
0x02980324
0x0298032b
0x0298032e
0x02980335
0x0298033e
0x0298033e
0x02980341
0x02980341
0x02980348
0x029803e3
0x029803e6
0x00000000
0x02980356
0x02980356
0x0298035f
0x02980363
0x02980369
0x029803bb
0x029803bb
0x029803be
0x029803c1
0x029803d1
0x029803d1
0x029803d8
0x029803dc
0x029803eb
0x029803eb
0x029803f1
0x029803f8
0x029803ff
0x02980409
0x00000000
0x00000000
0x00000000
0x00000000
0x029803c3
0x029803c3
0x029803c5
0x029803c7
0x029803cc
0x029803cc
0x00000000
0x029803c3
0x0298036b
0x02980389
0x02980391
0x0298038b
0x0298038b
0x0298038b
0x0298039c
0x029803a1
0x029803a6
0x029803ac
0x029803b3
0x00000000
0x00000000
0x029803b5
0x029803b5
0x00000000
0x0298036b
0x02980348
0x02980337
0x0298033c
0x00000000
0x00000000
0x00000000
0x0298033c
0x029802e5
0x00000000
0x029802cb

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0298074F
memcpy_s.LIBCPMT ref: 02981101
memcpy_s.LIBCPMT ref: 029811AD
memcpy_s.LIBCPMT ref: 02981277

Strings

s, xrefs: 02981241

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: memcpy_s$_invalid_parameter_noinfo
String ID: s
API String ID: 2880407647-453955339
Opcode ID: 60ac2102ab4e18312f4f7fdb8b224395627c62d38c53ae37670c41064920c8f0
Instruction ID: b678a03ccb02de62c1c86faf3c2a0e7b60cd7f99f7a21ebd7bbf08da139bcd6f
Opcode Fuzzy Hash: 60ac2102ab4e18312f4f7fdb8b224395627c62d38c53ae37670c41064920c8f0
Instruction Fuzzy Hash: 9392E4B26142C08BCB39DF29E540BE977A9F38878CF581219DB4AA7B58D738D645CF40

Uniqueness

Uniqueness Score: -1.00%

Function 0298691C Relevance: 10.7, APIs: 7, Instructions: 171
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E0298691C(signed int __ecx, void* __edi, void* __esp, void* __eflags, long long __rcx, signed short* __rdx, intOrPtr* __r8, void* __r9, void* __r11) {
				signed int _v72;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				void* __rbx;
				void* __rsi;
				void* __rbp;
				int _t50;
				void* _t51;
				signed short _t53;
				signed short _t71;
				intOrPtr _t78;
				intOrPtr _t80;
				void* _t82;
				void* _t83;
				signed long long _t107;
				signed long long _t108;
				intOrPtr* _t109;
				intOrPtr* _t110;
				void* _t112;
				intOrPtr* _t113;
				signed long long _t119;
				intOrPtr* _t125;
				intOrPtr* _t126;
				void* _t127;
				signed long long _t128;
				void* _t130;
				void* _t137;
				void* _t138;
				long long _t139;
				signed short* _t141;

				_t138 = __r11;
				_t137 = __r9;
				_t133 = __r8;
				_t120 = __rdx;
				_t114 = __rcx;
				_t85 = __esp;
				_t82 = __edi;
				_t72 = __ecx;
				_t129 = _t130;
				_t131 = _t130 - 0x40;
				_t107 =  *0x29a61e8; // 0xc99624406909
				_t108 = _t107 ^ _t130 - 0x00000040;
				_v72 = _t108;
				_t126 = __r8;
				_t141 = __rdx;
				_t139 = __rcx;
				L0297390C(__esp, _t108, _t112, __rcx, __rdx, _t127, _t130, __r9);
				_t128 = _t108;
				_v88 = _t108;
				_v80 = 0;
				L0297390C(__esp, _t108, _t112, _t114, __rdx, _t128, _t130, __r9);
				_t115 =  &_v88;
				r12d = 0;
				_t5 = _t128 + 0xa0; // 0xa0
				_t113 = _t5;
				 *(_t108 + 0x3a0) = _t115;
				_t109 = _t139 + 0x80;
				 *((long long*)(_t128 + 0x98)) = _t139;
				 *_t113 = _t109;
				if(_t109 != 0 &&  *_t109 != r12w) {
					_t80 =  *0x2996df0; // 0x17
					_t115 = 0x2996c80;
					_t133 = _t113;
					E0298689C(_t80 - 1, _t109, _t113, 0x2996c80, _t128, _t129, _t113);
				}
				_v88 = r12d;
				_t110 =  *((intOrPtr*)(_t128 + 0x98));
				if(_t110 == 0 ||  *_t110 == r12w) {
					_t111 =  *_t113;
					__eflags = _t111;
					if(_t111 == 0) {
						L21:
						_v88 = 0x104;
						_t50 = GetUserDefaultLCID();
						_v80 = _t50;
						_v84 = _t50;
						goto L22;
					}
					__eflags =  *_t111 - r12w;
					if( *_t111 == r12w) {
						goto L21;
					}
					L0297390C(_t85, _t111, _t113, _t115, _t120, _t128, _t129, _t137);
					_t125 = _t111;
					_t119 = _t115 | 0xffffffff;
					__eflags = _t119;
					_t111 =  *((intOrPtr*)(_t111 + 0xa0));
					do {
						_t119 = _t119 + 1;
						__eflags =  *((intOrPtr*)(_t111 + _t119 * 2)) - r12w;
					} while ( *((intOrPtr*)(_t111 + _t119 * 2)) != r12w);
					__eflags = _t119 - 3;
					_t115 = 0x298607c;
					 *(_t125 + 0xb4) = r12d & 0xffffff00 | _t119 == 0x00000003;
					EnumSystemLocalesW(??, ??);
					__eflags = _v88 & 0x00000004;
					if((_v88 & 0x00000004) == 0) {
						_v88 = r12d;
					}
					goto L22;
				} else {
					_t111 =  *_t113;
					if(_t111 == 0) {
						L8:
						_t115 =  &_v88;
						E029862B8(_t72, __eflags, _t111, _t113,  &_v88, _t120, _t133);
						L9:
						if(_v88 != r12d) {
							L23:
							_t111 = _t139 + 0x100;
							asm("dec eax");
							_t53 = E0298671C(_t113, _t115 & _t139 + 0x00000100,  &_v88, _t128);
							_t71 = _t53;
							if(_t53 == 0) {
								L33:
								_t51 = 0;
								__eflags = 0;
								L34:
								return L029438C0(_t51, _t72, _t111, _v72 ^ _t131);
							}
							_t72 = _t71 & 0x0000ffff;
							if(IsValidCodePage(??) == 0) {
								goto L33;
							}
							_t72 = _v84;
							if(IsValidLocale(??, ??) == 0) {
								goto L33;
							}
							_t102 = _t141;
							if(_t141 != 0) {
								 *_t141 = _t71;
							}
							_t72 = _v84;
							_t36 = _t128 + 0x2f0; // 0x2f0
							r9d = 0;
							_t37 = _t137 + 0x55; // 0x55
							_t83 = _t37;
							r8d = _t83;
							E02978270(_v84, _t82, _t102, _t111, _t113, _t36, _t128, _t129, _t138);
							_t103 = _t126;
							if(_t126 == 0) {
								L32:
								_t51 = 1;
								goto L34;
							} else {
								r9d = 0;
								r8d = _t83;
								E02978270(_v84, _t82, _t103, _t111, _t113, _t126 + 0x120, _t128, _t129, _t138);
								_t72 = _v84;
								r9d = 0x40;
								if(GetLocaleInfoW(??, ??, ??, ??) == 0) {
									goto L33;
								}
								_t72 = _v80;
								r9d = 0x40;
								if(GetLocaleInfoW(??, ??, ??, ??) == 0) {
									goto L33;
								}
								_t72 = _t71;
								_t44 = _t128 - 0x36; // 0xa
								r9d = _t44;
								_t45 = _t128 - 0x30; // 0x10
								r8d = _t45;
								E0298B030(_t71);
								goto L32;
							}
						}
						_t78 =  *0x2996c70; // 0x41
						_t14 = _t128 + 0x98; // 0x98
						_t136 = _t14;
						_t115 = 0x2996860;
						if(E0298689C(_t78 - 1, _t111, _t113, 0x2996860, _t128, _t129, _t14) == 0) {
							L22:
							if(_v88 == r12d) {
								goto L33;
							}
							goto L23;
						}
						_t111 =  *_t113;
						if(_t111 == 0) {
							L14:
							_t115 =  &_v88;
							E029862B8(_t72, __eflags, _t111, _t113,  &_v88, _t120, _t136);
							goto L22;
						}
						_t97 =  *_t111 - r12w;
						if( *_t111 == r12w) {
							goto L14;
						}
						_t115 =  &_v88;
						E029861E8(_t72, _t97, _t111, _t113,  &_v88, _t120, _t136, _t137);
						goto L22;
					}
					_t93 =  *_t111 - r12w;
					if( *_t111 == r12w) {
						goto L8;
					}
					_t115 =  &_v88;
					E029861E8(_t72, _t93, _t111, _t113,  &_v88, _t120, _t133, _t137);
					goto L9;
				}
			}

0x0298691c
0x0298691c
0x0298691c
0x0298691c
0x0298691c
0x0298691c
0x0298691c
0x0298691c
0x02986927
0x0298692a
0x0298692e
0x02986935
0x02986938
0x0298693c
0x0298693f
0x02986942
0x02986945
0x0298694a
0x0298694f
0x02986953
0x02986956
0x0298695b
0x0298695f
0x02986962
0x02986962
0x02986969
0x02986970
0x02986977
0x0298697e
0x02986984
0x0298698c
0x02986992
0x0298699b
0x0298699e
0x0298699e
0x029869a3
0x029869a7
0x029869b1
0x02986a2c
0x02986a2f
0x02986a32
0x02986a85
0x02986a85
0x02986a8c
0x02986a92
0x02986a95
0x00000000
0x02986a95
0x02986a34
0x02986a38
0x00000000
0x00000000
0x02986a3a
0x02986a3f
0x02986a42
0x02986a42
0x02986a46
0x02986a4d
0x02986a4d
0x02986a50
0x02986a50
0x02986a57
0x02986a5e
0x02986a68
0x02986a73
0x02986a79
0x02986a7d
0x02986a7f
0x02986a7f
0x00000000
0x029869b9
0x029869b9
0x029869bf
0x029869d2
0x029869d2
0x029869d6
0x029869db
0x029869df
0x02986aa2
0x02986aa2
0x02986ab0
0x02986ab6
0x02986abb
0x02986abf
0x02986b7d
0x02986b7d
0x02986b7d
0x02986b7f
0x02986b99
0x02986b99
0x02986ac5
0x02986ad0
0x00000000
0x00000000
0x02986ad6
0x02986ae6
0x00000000
0x00000000
0x02986aec
0x02986aef
0x02986af1
0x02986af1
0x02986af4
0x02986af7
0x02986afe
0x02986b01
0x02986b01
0x02986b05
0x02986b08
0x02986b0d
0x02986b10
0x02986b76
0x02986b76
0x00000000
0x02986b12
0x02986b1c
0x02986b1f
0x02986b22
0x02986b27
0x02986b2f
0x02986b42
0x00000000
0x00000000
0x02986b44
0x02986b4e
0x02986b5e
0x00000000
0x00000000
0x02986b67
0x02986b69
0x02986b69
0x02986b6d
0x02986b6d
0x02986b71
0x00000000
0x02986b71
0x02986b10
0x029869e5
0x029869eb
0x029869eb
0x029869f4
0x02986a02
0x02986a98
0x02986a9c
0x00000000
0x00000000
0x00000000
0x02986a9c
0x02986a08
0x02986a0e
0x02986a21
0x02986a21
0x02986a25
0x00000000
0x02986a25
0x02986a10
0x02986a14
0x00000000
0x00000000
0x02986a16
0x02986a1a
0x00000000
0x02986a1a
0x029869c1
0x029869c5
0x00000000
0x00000000
0x029869c7
0x029869cb
0x00000000
0x029869cb

APIs

Part of subcall function 0297390C: GetLastError.KERNEL32(?,?,?,029599FF,?,?,?,0296DD17,?,?,?,?,?,?,?,0296E29F), ref: 0297391B
Part of subcall function 0297390C: SetLastError.KERNEL32(?,?,?,029599FF,?,?,?,0296DD17,?,?,?,?,?,?,?,0296E29F), ref: 029739B9

EnumSystemLocalesW.KERNEL32(?,00000001,?,00000000,?,00000000,?,02975D34), ref: 02986A73
GetUserDefaultLCID.KERNEL32(?,00000001,?,00000000), ref: 02986A8C
ProcessCodePage.LIBCMT ref: 02986AB6
IsValidCodePage.KERNEL32 ref: 02986AC8
IsValidLocale.KERNEL32 ref: 02986ADE
GetLocaleInfoW.KERNEL32 ref: 02986B3A
GetLocaleInfoW.KERNEL32 ref: 02986B56

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
String ID:
API String ID: 3939093798-0
Opcode ID: cdc4ab844c057a60743a634e76daf81367423038d4cd85bc68ed3df6a819ab12
Instruction ID: 9c257f9ee56fbd5efa6315870b5172034ebfecf9136b013b9c5cac311cfc08cd
Opcode Fuzzy Hash: cdc4ab844c057a60743a634e76daf81367423038d4cd85bc68ed3df6a819ab12
Instruction Fuzzy Hash: D6619932B107518AEF10AF65D8507AC37BDBB88B88F48852ACE1E5B794EF39C485C750

Uniqueness

Uniqueness Score: -1.00%

Function 02970B04 Relevance: 9.1, APIs: 6, Instructions: 83
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 50%

			E02970B04(void* __ecx, intOrPtr __edx, void* __esp, long long __rbx, void* __rdx, long long __rsi, void* __r8) {
				void* _t36;
				void* _t37;
				int _t39;
				void* _t43;
				void* _t45;
				intOrPtr _t50;
				int _t51;
				intOrPtr _t52;
				void* _t53;
				signed long long _t61;
				long long _t64;
				void* _t81;
				void* _t89;
				void* _t91;
				signed long long _t92;
				void* _t94;

				_t94 = __r8;
				_t81 = __rdx;
				_t53 = __esp;
				_t44 = __ecx;
				 *((long long*)(_t91 + 0x10)) = __rbx;
				 *((long long*)(_t91 + 0x18)) = __rsi;
				_t89 = _t91 - 0x4f0;
				_t92 = _t91 - 0x5f0;
				_t61 =  *0x29a61e8; // 0xc99624406909
				 *(_t89 + 0x4e0) = _t61 ^ _t92;
				_t50 = r8d;
				_t52 = __edx;
				_t43 = __ecx;
				if(__ecx != 0xffffffff) {
					_t36 = E02944968(_t36);
				}
				r8d = 0x98;
				_t37 = E02947430(_t36, _t44, 0, _t50, _t53, _t92 + 0x70, _t81, _t94);
				r8d = 0x4d0;
				E02947430(_t37, _t44, 0, _t50, _t53, _t89 + 0x10, _t81, _t94);
				 *((long long*)(_t92 + 0x48)) = _t92 + 0x70;
				_t64 = _t89 + 0x10;
				 *((long long*)(_t92 + 0x50)) = _t64;
				__imp__RtlCaptureContext();
				r8d = 0;
				__imp__RtlLookupFunctionEntry();
				if(_t64 != 0) {
					 *(_t92 + 0x38) =  *(_t92 + 0x38) & 0x00000000;
					 *((long long*)(_t92 + 0x30)) = _t92 + 0x58;
					 *((long long*)(_t92 + 0x28)) = _t92 + 0x60;
					 *((long long*)(_t92 + 0x20)) = _t89 + 0x10;
					__imp__RtlVirtualUnwind();
				}
				 *((long long*)(_t89 + 0x108)) =  *((intOrPtr*)(_t89 + 0x508));
				 *((intOrPtr*)(_t92 + 0x70)) = _t52;
				 *((long long*)(_t89 + 0xa8)) = _t89 + 0x510;
				_t68 =  *((intOrPtr*)(_t89 + 0x508));
				 *((long long*)(_t89 - 0x80)) =  *((intOrPtr*)(_t89 + 0x508));
				 *((intOrPtr*)(_t92 + 0x74)) = _t50;
				_t39 = IsDebuggerPresent();
				_t45 = 0;
				_t51 = _t39;
				SetUnhandledExceptionFilter(??);
				if(UnhandledExceptionFilter(??) == 0 && _t51 == 0 && _t43 != 0xffffffff) {
					_t45 = _t43;
					_t41 = E02944968(_t41);
				}
				return L029438C0(_t41, _t45, _t68,  *(_t89 + 0x4e0) ^ _t92);
			}

0x02970b04
0x02970b04
0x02970b04
0x02970b04
0x02970b04
0x02970b09
0x02970b12
0x02970b1a
0x02970b21
0x02970b2b
0x02970b32
0x02970b35
0x02970b37
0x02970b3c
0x02970b3e
0x02970b3e
0x02970b4a
0x02970b50
0x02970b5b
0x02970b61
0x02970b6b
0x02970b74
0x02970b78
0x02970b7d
0x02970b92
0x02970b95
0x02970b9e
0x02970ba0
0x02970bb3
0x02970bc0
0x02970bc9
0x02970bd0
0x02970bd0
0x02970bdd
0x02970bef
0x02970bf3
0x02970bfa
0x02970c01
0x02970c05
0x02970c09
0x02970c0f
0x02970c11
0x02970c13
0x02970c26
0x02970c31
0x02970c33
0x02970c33
0x02970c5e

APIs

RtlCaptureContext.KERNEL32 ref: 02970B7D
RtlLookupFunctionEntry.KERNEL32 ref: 02970B95
RtlVirtualUnwind.KERNEL32 ref: 02970BD0
IsDebuggerPresent.KERNEL32 ref: 02970C09
SetUnhandledExceptionFilter.KERNEL32 ref: 02970C13
UnhandledExceptionFilter.KERNEL32 ref: 02970C1E

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: 9579845254088a6f7eaba1d1dc2aac158eeabe4a6bfce13d0c823e4b113e4b03
Instruction ID: 90d7ed6761e962e6f03e3504aa4c2d62b60c8b6dfd4edcd68bedd23fcb17c182
Opcode Fuzzy Hash: 9579845254088a6f7eaba1d1dc2aac158eeabe4a6bfce13d0c823e4b113e4b03
Instruction Fuzzy Hash: C3317336214FC186DB60CF25E8447AE73A5F7897A8F54012AEE9D53B58EF38C159CB00

Uniqueness

Uniqueness Score: -1.00%

Function 0297A78C Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 119
fileCOMMON

Download Yara Rule

C-Code - Quality: 63%

			E0297A78C(long long __rbx, void* __rcx, signed short* __rdx, intOrPtr* __r8) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r15;
				signed long long _t23;
				signed long long _t25;
				int _t27;
				signed int _t34;
				signed long long _t38;
				void* _t40;
				signed long long _t45;
				signed long long _t48;
				signed short* _t60;
				signed long long _t68;
				long long _t70;
				void* _t72;
				signed long long _t74;
				signed long long _t75;
				void* _t78;
				void* _t80;
				signed long long _t81;
				intOrPtr* _t91;
				signed long long _t93;
				signed long long _t94;

				_t60 = __rdx;
				_t47 = __rbx;
				 *((long long*)(_t80 + 0x20)) = __rbx;
				_push(_t72);
				_push(_t70);
				_push(_t93);
				_t81 = _t80 - 0x290;
				_t45 =  *0x29a61e8; // 0xc99624406909
				_t46 = _t45 ^ _t81;
				 *(_t81 + 0x280) = _t46;
				_t91 = __r8;
				_t78 = __rcx;
				if(__rdx == __rcx) {
					L4:
					_t34 =  *_t60 & 0x0000ffff;
					if(_t34 != 0x3a) {
						L7:
						_t34 = _t34 - 0x2f;
						_t38 = 0;
						__eflags = _t34 - 0x2d;
						if(__eflags > 0) {
							L9:
							L10:
							 *(_t81 + 0x28) = _t38;
							_t85 = _t81 + 0x30;
							_t63 = (_t60 - _t78 >> 1) + 1;
							 *((long long*)(_t81 + 0x20)) = _t70;
							asm("dec ebp");
							r9d = 0;
							_t94 = _t93 & (_t60 - _t78 >> 0x00000001) + 0x00000001;
							FindFirstFileExW(??, ??, ??, ??, ??, ??);
							_t48 = _t46;
							__eflags = _t46 - 0xffffffff;
							if(_t46 != 0xffffffff) {
								_t74 =  *((intOrPtr*)(_t91 + 8)) -  *_t91;
								__eflags = _t74;
								_t75 = _t74 >> 3;
								do {
									__eflags =  *((short*)(_t81 + 0x5c)) - 0x2e;
									if( *((short*)(_t81 + 0x5c)) != 0x2e) {
										L17:
										_t85 = _t94;
										_t23 = E0297A2F0(_t48, _t81 + 0x5c, _t78, _t75, _t94, _t91);
										__eflags = _t23;
										if(_t23 != 0) {
											_t38 = _t23;
											L22:
											FindClose();
											L23:
											_t25 = _t38;
											L24:
											return L029438C0(_t25, _t34, _t46,  *(_t81 + 0x280) ^ _t81);
										}
										goto L18;
									}
									__eflags =  *((intOrPtr*)(_t81 + 0x5e)) - _t38;
									if( *((intOrPtr*)(_t81 + 0x5e)) == _t38) {
										goto L18;
									}
									__eflags =  *((short*)(_t81 + 0x5e)) - 0x2e;
									if( *((short*)(_t81 + 0x5e)) != 0x2e) {
										goto L17;
									}
									__eflags =  *((intOrPtr*)(_t81 + 0x60)) - _t38;
									if( *((intOrPtr*)(_t81 + 0x60)) == _t38) {
										goto L18;
									}
									goto L17;
									L18:
									_t27 = FindNextFileW();
									__eflags = _t27;
								} while (_t27 != 0);
								_t46 =  *_t91;
								_t68 =  *((intOrPtr*)(_t91 + 8)) -  *_t91 >> 3;
								__eflags = _t75 - _t68;
								if(_t75 != _t68) {
									r8d = 8;
									E029886B0(_t34, 0, _t48, _t46 + _t75 * 8, _t68 - _t75, _t70, _t75, _t78, _t85, 0x297955c, _t94);
								}
								goto L22;
							}
							r8d = 0;
							_t38 = E0297A2F0(_t48, _t78, _t63, _t72, _t85, _t91);
							goto L23;
						}
						asm("dec ecx");
						if(__eflags < 0) {
							goto L10;
						}
						goto L9;
					}
					_t46 = _t78 + 2;
					if(_t60 == _t46) {
						goto L7;
					}
					r8d = 0;
					_t25 = E0297A2F0(_t47, _t78, _t60, _t72, 0x801, _t91);
					goto L24;
				} else {
					goto L1;
				}
				do {
					L1:
					_t40 = ( *_t60 & 0x0000ffff) - 0x2f - 0x2d;
					if(_t40 > 0) {
						goto L3;
					}
					asm("dec ecx");
					if(_t40 < 0) {
						goto L4;
					}
					L3:
					_t60 = _t60 - 2;
				} while (_t60 != _t78);
				goto L4;
			}

0x0297a78c
0x0297a78c
0x0297a78c
0x0297a792
0x0297a793
0x0297a796
0x0297a798
0x0297a79f
0x0297a7a6
0x0297a7a9
0x0297a7b1
0x0297a7be
0x0297a7c4
0x0297a7e5
0x0297a7e5
0x0297a7ec
0x0297a80c
0x0297a80c
0x0297a810
0x0297a812
0x0297a816
0x0297a823
0x0297a826
0x0297a829
0x0297a830
0x0297a835
0x0297a838
0x0297a842
0x0297a845
0x0297a848
0x0297a84d
0x0297a853
0x0297a856
0x0297a85a
0x0297a877
0x0297a877
0x0297a87a
0x0297a87e
0x0297a87e
0x0297a884
0x0297a89c
0x0297a8a4
0x0297a8aa
0x0297a8af
0x0297a8b1
0x0297a8f3
0x0297a8f5
0x0297a8f8
0x0297a8fe
0x0297a8fe
0x0297a900
0x0297a926
0x0297a926
0x00000000
0x0297a8b1
0x0297a886
0x0297a88b
0x00000000
0x00000000
0x0297a88d
0x0297a893
0x00000000
0x00000000
0x0297a895
0x0297a89a
0x00000000
0x00000000
0x00000000
0x0297a8b3
0x0297a8bb
0x0297a8c1
0x0297a8c1
0x0297a8c5
0x0297a8cf
0x0297a8d3
0x0297a8d6
0x0297a8e6
0x0297a8ec
0x0297a8ec
0x00000000
0x0297a8d6
0x0297a85f
0x0297a86c
0x00000000
0x0297a86c
0x0297a81b
0x0297a821
0x00000000
0x00000000
0x00000000
0x0297a821
0x0297a7ee
0x0297a7f5
0x00000000
0x00000000
0x0297a7fa
0x0297a802
0x00000000
0x00000000
0x00000000
0x00000000
0x0297a7c6
0x0297a7c6
0x0297a7cd
0x0297a7d1
0x00000000
0x00000000
0x0297a7d6
0x0297a7da
0x00000000
0x00000000
0x0297a7dc
0x0297a7dc
0x0297a7e0
0x00000000

APIs

FindFirstFileExW.KERNEL32 ref: 0297A84D
FindNextFileW.KERNEL32 ref: 0297A8BB
FindClose.KERNEL32 ref: 0297A8F8

Strings

., xrefs: 0297A88D
., xrefs: 0297A87E

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: Find$File$CloseFirstNext
String ID: .$.
API String ID: 3541575487-3769392785
Opcode ID: c71093e41c921f6e7f4c062a205810fcf071a68b420c56269bd7539d6b8fa610
Instruction ID: 69ab0ff8abca4eef5f4beab7aa04e16e6a349e2f70bcfee0839f6259773c31ce
Opcode Fuzzy Hash: c71093e41c921f6e7f4c062a205810fcf071a68b420c56269bd7539d6b8fa610
Instruction Fuzzy Hash: B141E8B2B1469048DE20DFA6E8187AEB365F784BE4F448122DE4D47B84EF7CC1868744

Uniqueness

Uniqueness Score: -1.00%

Function 0293CF60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 25%

			E0293CF60(void* __ecx, void* __edx, long long __rbx, void* __rcx, void* __rdx, long long __rsi, void* __r8, void* __r9, long long _a24, long long _a32) {
				void* _v8;
				signed int _v24;
				char _v1048;
				void* _t11;
				void* _t13;
				void* _t15;
				void* _t16;
				signed long long _t22;
				long long _t24;
				void* _t41;

				_t16 = __ecx;
				_a24 = __rbx;
				_a32 = __rsi;
				_t42 = _t41 - 0x430;
				_t22 =  *0x29a61e8; // 0xc99624406909
				_v24 = _t22 ^ _t41 - 0x00000430;
				_t24 =  *0x29a7288; // 0x0
				_t15 = 0x40000001;
				if(_t24 != 0) {
					L5:
					GetProcAddress();
					if(_t24 == 0) {
						goto L7;
					} else {
						_t11 =  *_t24();
					}
				} else {
					_t13 = L0293BDF0(__rcx,  &_v1048);
					_t15 = _t13;
					if(_t13 != 0) {
						_t24 =  *0x29a7288; // 0x0
						if(_t24 == 0) {
							L7:
							_t11 = _t15;
						} else {
							goto L5;
						}
					} else {
						LoadLibraryW();
						 *0x29a7288 = _t24;
						if(_t24 != 0) {
							goto L5;
						} else {
							_t11 = 0x40000026;
						}
					}
				}
				return L029438C0(_t11, _t16, _t24, _v24 ^ _t42);
			}

0x0293cf60
0x0293cf60
0x0293cf65
0x0293cf6b
0x0293cf72
0x0293cf7c
0x0293cf84
0x0293cf91
0x0293cf99
0x0293cfd5
0x0293cfdf
0x0293cfe8
0x00000000
0x0293cfea
0x0293cff0
0x0293cff0
0x0293cf9b
0x0293cfa0
0x0293cfa5
0x0293cfa9
0x0293cfc9
0x0293cfd3
0x0293cff4
0x0293cff4
0x00000000
0x00000000
0x00000000
0x0293cfab
0x0293cfb0
0x0293cfb6
0x0293cfc0
0x00000000
0x0293cfc2
0x0293cfc2
0x0293cfc2
0x0293cfc0
0x0293cfa9
0x0293d01a

APIs

LoadLibraryW.KERNEL32 ref: 0293CFB0
GetProcAddress.KERNEL32 ref: 0293CFDF

Strings

ctlInit, xrefs: 0293CFD5

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: ctlInit
API String ID: 2574300362-2889992395
Opcode ID: e6a545a2dabe0472889363f4c6ac54cd5e4b7b6d0087530b61f22f5d55f25cd2
Instruction ID: b6d5c3daf3c5072ea53d894ab2efb8e3de1f3e4acf3d84116f63c4fb710d4e46
Opcode Fuzzy Hash: e6a545a2dabe0472889363f4c6ac54cd5e4b7b6d0087530b61f22f5d55f25cd2
Instruction Fuzzy Hash: 72113961315F8181EE21CB19B85836AA3A4FB8CBD8F844536AE8DA7728EF3CC545C700

Uniqueness

Uniqueness Score: -1.00%

Function 0297CDD8 Relevance: 4.9, APIs: 3, Instructions: 439
stringCOMMONCrypto

Download Yara Rule

C-Code - Quality: 80%

			E0297CDD8(void* __ecx, signed long long __edx, signed long long __ebp, signed long long __rax, long long __rbx, signed long long __rcx, void* __rdi, signed long long __rsi, signed long long __rbp, void* __r9, void* __r12, void* __r13, void* __r14, void* __r15, signed char _a8, signed long long _a16, long long _a24) {
				signed long long _v72;
				signed long long _v80;
				signed long long _v88;
				signed long long _v96;
				signed long long _v160;
				signed long long _v168;
				signed long long _v176;
				signed long long _v184;
				signed long long _v216;
				void* _v224;
				void* _v232;
				void* _v240;
				signed long long _v272;
				signed long long _t100;
				signed long long _t103;
				void* _t105;
				signed long long _t109;
				signed long long _t112;
				void* _t114;
				signed long long _t117;
				signed long long _t118;
				void* _t119;
				signed long long _t120;
				void* _t121;
				signed long long _t122;
				signed long long _t125;
				signed long long _t138;
				void* _t140;
				signed long long _t153;
				void* _t165;
				signed long long _t166;
				signed long long _t167;
				signed long long _t168;
				signed long long _t169;
				void* _t171;
				signed long long _t174;
				void* _t175;
				signed long long _t176;
				signed long long _t185;
				signed long long _t186;
				signed long long _t188;
				signed long long _t189;
				signed long long _t190;
				signed long long _t192;
				signed long long _t193;
				signed long long _t195;
				signed long long _t196;
				signed long long _t197;
				signed long long _t198;
				signed long long _t199;
				signed long long _t202;
				signed long long _t204;
				signed long long _t211;
				signed long long _t216;
				signed long long _t217;
				signed long long _t218;
				signed long long _t220;
				signed long long _t242;
				signed long long _t247;
				signed long long _t249;
				signed long long _t251;
				signed long long _t252;
				signed long long _t255;
				signed long long _t261;
				signed long long _t263;
				signed long long _t264;
				signed long long _t267;
				signed long long _t270;
				void* _t274;
				void* _t275;
				void* _t277;
				void* _t279;
				void* _t288;
				void* _t289;
				void* _t290;
				void* _t291;
				signed long long _t294;
				signed long long _t297;
				signed long long _t299;
				signed long long _t301;
				signed long long _t302;
				signed long long _t305;
				signed long long _t307;
				signed long long _t309;
				signed long long _t311;
				signed long long _t312;
				signed long long _t315;
				signed long long _t319;
				signed long long _t321;

				_t291 = __r12;
				_t288 = __r9;
				_t264 = __rbp;
				_t255 = __rsi;
				_t173 = __rax;
				_t168 = __ebp;
				_t140 = __ecx;
				_a24 = __rbx;
				_a16 = __edx;
				_push(__rbp);
				_push(__rsi);
				_push(__rdi);
				_push(__r12);
				_push(__r13);
				_push(__r14);
				_t275 = _t274 - 0x30;
				_t166 = 0;
				_t138 = __edx;
				_t319 = __rcx;
				_t172 = __rcx;
				if(__rcx != 0) {
					_t153 = 0x3d;
					_t247 = __rcx;
					_t100 = strchr(??, ??);
					_t297 = __rax;
					__eflags = __rax;
					if(__eflags == 0) {
						L50:
						E02971538(__eflags, _t173);
						__eflags = _t255 | 0xffffffff;
						 *_t173 = 0x16;
						goto L51;
					} else {
						__eflags = __rax - __rcx;
						if(__eflags == 0) {
							goto L50;
						} else {
							_t305 =  *0x29ab030; // 0x7004d0
							__eflags = _t305 -  *0x29ab048; // 0x7004d0
							bpl =  *(__rax + 1);
							_a8 = bpl;
							if(__eflags == 0) {
								L116();
								_t305 = __rax;
								 *0x29ab030 = __rax;
							}
							r12d = 1;
							__eflags = _t305;
							if(_t305 != 0) {
								L19:
								_t173 =  *_t305;
								_t294 = _t297 - _t319;
								__eflags = _t294;
								_t185 = _t305;
								while(1) {
									__eflags = _t173;
									if(_t173 == 0) {
										break;
									}
									_t285 = _t294;
									_t241 = _t173;
									_t100 = E02989338(_t153, _t165, _t166, _t185, _t319, _t173, _t255, _t294, _t288, _t289, _t305);
									__eflags = _t100;
									if(_t100 != 0) {
										L24:
										_t185 = _t185 + 8;
										_t173 =  *_t185;
										continue;
									} else {
										_t173 =  *_t185;
										__eflags =  *((char*)(_t294 + _t173)) - 0x3d;
										if( *((char*)(_t294 + _t173)) == 0x3d) {
											L25:
											_t188 = _t185 - _t305 >> 3;
										} else {
											__eflags =  *((intOrPtr*)(_t294 + _t173)) - sil;
											if( *((intOrPtr*)(_t294 + _t173)) == sil) {
												goto L25;
											} else {
												goto L24;
											}
										}
									}
									L27:
									__eflags = _t188;
									if(_t188 < 0) {
										L35:
										__eflags = bpl;
										if(bpl == 0) {
											goto L53;
										} else {
											_t189 =  ~_t188;
											_t18 = _t189 + 2; // 0x7004d2
											_t241 = _t18;
											__eflags = _t241 - _t189;
											if(_t241 >= _t189) {
												_t173 = 0xffffffff;
												__eflags = _t241 - 0xffffffff;
												if(_t241 >= 0xffffffff) {
													goto L37;
												} else {
													r8d = 8;
													L0297D880(_t100, _t140, _t165, _t171, _t189, _t305, _t241, _t255, _t264, _t285, _t288);
													_t140 = 0;
													_t105 = E02971650(0xffffffff, _t305);
													__eflags = 0xffffffff;
													if(0xffffffff == 0) {
														goto L37;
													} else {
														 *(0xffffffff + _t189 * 8) = _t319;
														 *(0xffffffff + 8 + _t189 * 8) = _t255;
														 *0x29ab030 = 0xffffffff;
														goto L41;
													}
												}
											} else {
												L37:
												goto L54;
											}
										}
									} else {
										__eflags =  *_t305 - _t255;
										if( *_t305 == _t255) {
											goto L35;
										} else {
											_t105 = E02971650(_t173,  *(_t305 + _t188 * 8));
											__eflags = bpl;
											if(bpl == 0) {
												while(1) {
													__eflags =  *(_t305 + _t188 * 8) - _t255;
													if( *(_t305 + _t188 * 8) == _t255) {
														break;
													}
													_t173 =  *((intOrPtr*)(_t305 + 8 + _t188 * 8));
													 *(_t305 + _t188 * 8) = _t173;
													_t188 = _t188 + 1;
													__eflags = _t188;
												}
												r8d = 8;
												_t241 = _t188;
												L0297D880(_t105, _t140, _t165, _t171, _t188, _t305, _t188, _t255, _t264, _t285, _t288);
												_t140 = 0;
												_t204 = _t173;
												_t105 = E02971650(_t173, _t305);
												__eflags = _t204;
												if(_t204 != 0) {
													 *0x29ab030 = _t204;
												}
											} else {
												 *(_t305 + _t188 * 8) = _t319;
												L41:
												_t247 = _t255;
											}
											__eflags = _a16 - _t166;
											if(_a16 == _t166) {
												goto L55;
											} else {
												_t267 = _t264 | 0xffffffff;
												__eflags = _t267;
												_t307 = _t267;
												do {
													_t307 = _t307 + 1;
													__eflags =  *((intOrPtr*)(_t319 + _t307)) - sil;
												} while ( *((intOrPtr*)(_t319 + _t307)) != sil);
												E02976E08(_t105, _t307 + 2, _t241);
												_t190 = _t173;
												__eflags = _t173;
												if(_t173 == 0) {
													L49:
													E02971650(_t173, _t190);
													goto L55;
												} else {
													_t286 = _t319;
													_t242 = _t307 + 2;
													_t211 = _t173;
													__eflags = E0296EAB8(_t173, _t211, _t242, _t319);
													if(__eflags != 0) {
														r9d = 0;
														_v72 = _t255;
														r8d = 0;
														_t141 = 0;
														E02970D9C();
														asm("int3");
														_v96 = _t190;
														_v88 = _t267;
														_v80 = _t255;
														_push(_t247);
														_push(_t294);
														_push(_t297);
														_push(_t307);
														_push(_t319);
														_t277 = _t275 - 0x30;
														_t167 = 0;
														_t169 = 0;
														_t321 = _t211;
														__eflags = _t211;
														if(__eflags != 0) {
															_t156 = 0x3d;
															_t249 = _t321;
															_t109 = L0298FF14(0x3d, _t211, _t288);
															_t299 = _t173;
															__eflags = _t173;
															if(__eflags == 0) {
																L108:
																E02971538(__eflags, _t173);
																__eflags = _t255 | 0xffffffff;
																 *_t173 = 0x16;
																goto L109;
															} else {
																__eflags = _t173 - _t321;
																if(__eflags == 0) {
																	goto L108;
																} else {
																	_t309 =  *0x29ab038; // 0x0
																	__eflags = _t309 -  *0x29ab040; // 0x0
																	r12d =  *(_t173 + 2) & 0x0000ffff;
																	if(__eflags == 0) {
																		L132();
																		_t309 = _t173;
																		 *0x29ab038 = _t173;
																	}
																	__eflags = _t309;
																	if(_t309 != 0) {
																		L77:
																		_t173 =  *_t309;
																		_t301 = _t299 - _t321;
																		__eflags = _t301;
																		_t302 = _t301 >> 1;
																		_t192 = _t309;
																		while(1) {
																			__eflags = _t173;
																			if(_t173 == 0) {
																				break;
																			}
																			_t286 = _t302;
																			_t242 = _t173;
																			_t109 = E02989144(_t156, _t167, _t173, _t192, _t321, _t242, _t249, _t255, _t267, _t302, _t288, _t290);
																			__eflags = _t109;
																			if(_t109 != 0) {
																				L82:
																				_t192 = _t192 + 8;
																				_t173 =  *_t192;
																				continue;
																			} else {
																				_t173 =  *_t192;
																				_t141 = 0x3d;
																				__eflags =  *((intOrPtr*)(_t173 + _t302 * 2)) - 0x3d;
																				if( *((intOrPtr*)(_t173 + _t302 * 2)) == 0x3d) {
																					L83:
																					_t195 = _t192 - _t309 >> 3;
																				} else {
																					__eflags =  *((intOrPtr*)(_t173 + _t302 * 2)) - _t167;
																					if( *((intOrPtr*)(_t173 + _t302 * 2)) == _t167) {
																						goto L83;
																					} else {
																						goto L82;
																					}
																				}
																			}
																			L85:
																			__eflags = _t195;
																			if(_t195 < 0) {
																				L93:
																				__eflags = r12w;
																				if(r12w == 0) {
																					goto L111;
																				} else {
																					_t196 =  ~_t195;
																					_t54 = _t196 + 2; // 0x2
																					_t242 = _t54;
																					__eflags = _t242 - _t196;
																					if(_t242 >= _t196) {
																						_t173 = 0xffffffff;
																						__eflags = _t242 - 0xffffffff;
																						if(_t242 >= 0xffffffff) {
																							goto L95;
																						} else {
																							r8d = 8;
																							L0297D880(_t109, _t141, _t165, _t171, _t196, _t309, _t242, _t255, _t267, _t286, _t288);
																							_t114 = E02971650(0xffffffff, _t309);
																							__eflags = 0xffffffff;
																							if(0xffffffff == 0) {
																								goto L95;
																							} else {
																								 *(0xffffffff + _t196 * 8) = _t321;
																								 *(0xffffffff + 8 + _t196 * 8) = _t255;
																								 *0x29ab038 = 0xffffffff;
																								goto L99;
																							}
																						}
																					} else {
																						L95:
																						goto L112;
																					}
																				}
																			} else {
																				__eflags =  *_t309 - _t255;
																				if( *_t309 == _t255) {
																					goto L93;
																				} else {
																					_t114 = E02971650(_t173,  *(_t309 + _t195 * 8));
																					__eflags = r12w;
																					if(r12w == 0) {
																						while(1) {
																							__eflags =  *(_t309 + _t195 * 8) - _t255;
																							if( *(_t309 + _t195 * 8) == _t255) {
																								break;
																							}
																							_t173 =  *((intOrPtr*)(_t309 + 8 + _t195 * 8));
																							 *(_t309 + _t195 * 8) = _t173;
																							_t195 = _t195 + 1;
																							__eflags = _t195;
																						}
																						r8d = 8;
																						_t242 = _t195;
																						L0297D880(_t114, _t141, _t165, _t171, _t195, _t309, _t242, _t255, _t267, _t286, _t288);
																						_t202 = _t173;
																						_t114 = E02971650(_t173, _t309);
																						__eflags = _t202;
																						if(_t202 != 0) {
																							 *0x29ab038 = _t202;
																						}
																					} else {
																						 *(_t309 + _t195 * 8) = _t321;
																						L99:
																						_t249 = _t255;
																					}
																					__eflags = _t169;
																					if(_t169 == 0) {
																						goto L113;
																					} else {
																						_t270 = _t267 | 0xffffffff;
																						__eflags = _t270;
																						_t311 = _t270;
																						do {
																							_t311 = _t311 + 1;
																							__eflags =  *((intOrPtr*)(_t321 + _t311 * 2)) - _t167;
																						} while ( *((intOrPtr*)(_t321 + _t311 * 2)) != _t167);
																						_t312 = _t311 + _t242;
																						E02976E08(_t114, _t312, _t242);
																						_t197 = _t173;
																						__eflags = _t173;
																						if(_t173 == 0) {
																							L107:
																							E02971650(_t173, _t197);
																							goto L113;
																						} else {
																							_t287 = _t321;
																							_t243 = _t312;
																							_t216 = _t173;
																							_t117 = E0297C99C(_t173, _t216, _t312, _t321);
																							__eflags = _t117;
																							if(_t117 != 0) {
																								r9d = 0;
																								_v160 = _t255;
																								r8d = 0;
																								E02970D9C();
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								_v184 = _t197;
																								_v176 = _t255;
																								_v168 = _t249;
																								_push(_t312);
																								_t279 = _t277 - 0x30;
																								_t251 = _t216;
																								__eflags = _t216;
																								if(_t216 != 0) {
																									_t174 = _t251;
																									__eflags =  *_t251 - _t216;
																									if( *_t251 != _t216) {
																										do {
																											_t216 = _t216 + 1;
																											_t174 = _t174 + 8;
																											__eflags =  *_t174;
																										} while ( *_t174 != 0);
																									}
																									_t217 = _t216 + 1;
																									_t118 = E02976E08(_t117, _t217, _t243);
																									_t198 = _t174;
																									__eflags = _t174;
																									if(_t174 == 0) {
																										L131:
																										_t119 = E0296EB34(_t171, _t174, _t198, _t217, _t243, _t255, _t287, _t288);
																										asm("int3");
																										asm("int3");
																										asm("int3");
																										asm("int3");
																										_t175 = _t279;
																										 *(_t175 + 8) = _t198;
																										 *(_t175 + 0x10) = _t270;
																										 *(_t175 + 0x18) = _t255;
																										 *(_t175 + 0x20) = _t251;
																										_push(_t312);
																										_t252 = _t217;
																										__eflags = _t217;
																										if(_t217 != 0) {
																											_t218 = _t270;
																											_t176 = _t252;
																											__eflags =  *_t252 - _t270;
																											if( *_t252 != _t270) {
																												do {
																													_t218 = _t218 + 1;
																													_t176 = _t176 + 8;
																													__eflags =  *_t176 - _t270;
																												} while ( *_t176 != _t270);
																											}
																											_t219 = _t218 + 1;
																											_t120 = E02976E08(_t119, _t218 + 1, _t243);
																											_t199 = _t176;
																											__eflags = _t176;
																											if(_t176 == 0) {
																												L147:
																												_t121 = E0296EB34(_t171, _t176, _t199, _t219, _t243, _t255, _t287, _t288);
																												asm("int3");
																												asm("int3");
																												_t220 =  *0x29ab030; // 0x7004d0
																												__eflags = _t220 -  *0x29ab048; // 0x7004d0
																												if(__eflags == 0) {
																													L116();
																													 *0x29ab030 = _t176;
																												}
																												return _t121;
																											} else {
																												_t176 =  *_t252;
																												__eflags = _t176;
																												if(_t176 == 0) {
																													L145:
																													_t122 = E02971650(_t176, _t219);
																													goto L134;
																												} else {
																													_t315 = _t199 - _t252;
																													__eflags = _t315;
																													do {
																														_t261 = _t255 | 0xffffffff;
																														__eflags = _t261;
																														do {
																															_t261 = _t261 + 1;
																															__eflags =  *(_t176 + _t261 * 2);
																														} while ( *(_t176 + _t261 * 2) != 0);
																														E02976E08(_t120, _t261 + 1, _t243);
																														 *(_t315 + _t252) = _t176;
																														E02971650(_t176, _t261 + 1);
																														_t219 =  *(_t315 + _t252);
																														__eflags =  *(_t315 + _t252);
																														if( *(_t315 + _t252) == 0) {
																															goto L147;
																														} else {
																															_t287 =  *_t252;
																															_t243 = _t261 + 1;
																															_t120 = E0297C99C(_t176, _t219, _t261 + 1,  *_t252);
																															__eflags = _t120;
																															if(_t120 != 0) {
																																r9d = 0;
																																_v272 = _t270;
																																r8d = 0;
																																E02970D9C();
																																asm("int3");
																																goto L147;
																															} else {
																																goto L144;
																															}
																														}
																														goto L150;
																														L144:
																														_t252 = _t252 + 8;
																														_t176 =  *_t252;
																														__eflags = _t176;
																													} while (_t176 != 0);
																													goto L145;
																												}
																											}
																										} else {
																											_t122 = 0;
																											__eflags = 0;
																											L134:
																											return _t122;
																										}
																									} else {
																										_t174 =  *_t251;
																										__eflags = _t174;
																										if(_t174 == 0) {
																											L129:
																											_t125 = E02971650(_t174, _t217);
																											goto L118;
																										} else {
																											_t312 = _t198 - _t251;
																											__eflags = _t312;
																											do {
																												_t263 = _t255 | 0xffffffff;
																												__eflags = _t263;
																												do {
																													_t263 = _t263 + 1;
																													__eflags =  *((char*)(_t174 + _t263));
																												} while ( *((char*)(_t174 + _t263)) != 0);
																												E02976E08(_t118, _t263 + 1, _t243);
																												 *(_t312 + _t251) = _t174;
																												E02971650(_t174, _t263 + 1);
																												_t217 =  *(_t312 + _t251);
																												__eflags = _t217;
																												if(_t217 == 0) {
																													goto L131;
																												} else {
																													_t287 =  *_t251;
																													_t243 = _t263 + 1;
																													_t118 = E0296EAB8(_t174, _t217, _t263 + 1,  *_t251);
																													__eflags = _t118;
																													if(_t118 != 0) {
																														_v216 = _v216 & 0x00000000;
																														r9d = 0;
																														r8d = 0;
																														E02970D9C();
																														asm("int3");
																														goto L131;
																													} else {
																														goto L128;
																													}
																												}
																												goto L150;
																												L128:
																												_t251 = _t251 + 8;
																												_t174 =  *_t251;
																												__eflags = _t174;
																											} while (_t174 != 0);
																											goto L129;
																										}
																									}
																								} else {
																									_t125 = 0;
																									__eflags = 0;
																									L118:
																									return _t125;
																								}
																							} else {
																								r12w =  ~r12w;
																								_t62 = _t302 + 1; // 0x1
																								_t173 = _t197 + _t62 * 2;
																								asm("dec eax");
																								 *(_t173 - 2) = _t167;
																								__eflags = SetEnvironmentVariableW(??, ??);
																								if(__eflags == 0) {
																									E02971538(__eflags, _t173);
																									_t167 = _t169;
																									 *_t173 = 0x2a;
																								}
																								goto L107;
																							}
																						}
																					}
																				}
																			}
																			goto L150;
																		}
																		_t193 = _t192 - _t309;
																		__eflags = _t193;
																		_t195 =  ~(_t193 >> 3);
																		goto L85;
																	} else {
																		_t173 =  *0x29ab030; // 0x7004d0
																		__eflags = _t169;
																		if(_t169 == 0) {
																			L70:
																			__eflags = r12w;
																			if(r12w == 0) {
																				L109:
																				_t169 = _t167;
																				goto L110;
																			} else {
																				__eflags = _t173;
																				if(_t173 != 0) {
																					L75:
																					_t156 = 8;
																					E02976E08(_t109, _t190, _t242);
																					_t141 = 0;
																					__eflags = 0;
																					 *0x29ab038 = _t173;
																					_t109 = E02971650(_t173, _t190);
																					_t309 =  *0x29ab038; // 0x0
																					goto L76;
																				} else {
																					_t38 = _t173 + 8; // 0x7004d8
																					_t156 = _t38;
																					E02976E08(_t109, _t190, _t242);
																					_t141 = 0;
																					 *0x29ab030 = _t173;
																					_t109 = E02971650(_t173, _t190);
																					__eflags =  *0x29ab030 - _t255; // 0x7004d0
																					if(__eflags != 0) {
																						_t309 =  *0x29ab038; // 0x0
																						__eflags = _t309;
																						if(_t309 != 0) {
																							goto L77;
																						} else {
																							goto L75;
																						}
																					} else {
																						goto L73;
																					}
																				}
																			}
																		} else {
																			__eflags = _t173;
																			if(_t173 == 0) {
																				goto L70;
																			} else {
																				_t109 = E0296D154(_t167, _t171, _t286, _t288, _t294, _t299);
																				__eflags = _t173;
																				if(__eflags == 0) {
																					goto L108;
																				} else {
																					_t309 =  *0x29ab038; // 0x0
																					__eflags = _t309 -  *0x29ab040; // 0x0
																					if(__eflags == 0) {
																						L132();
																						_t309 = _t173;
																						 *0x29ab038 = _t173;
																					}
																					L76:
																					__eflags = _t309;
																					if(_t309 == 0) {
																						L73:
																						L110:
																						_t167 = _t169;
																						L111:
																						_t169 = _t167;
																						L112:
																						_t167 = _t169;
																						L113:
																						E02971650(_t173, _t249);
																						_t112 = _t167;
																						goto L114;
																					} else {
																						goto L77;
																					}
																				}
																			}
																		}
																	}
																}
															}
														} else {
															_t112 = E02971538(__eflags, _t173);
															 *_t173 = 0x16;
															L114:
															return _t112;
														}
													} else {
														_t28 = _t297 + 1; // 0x1
														_t173 = _t190 - _t319;
														_a8 =  ~_a8;
														asm("dec eax");
														 *((intOrPtr*)(_t28 + _t173 - 1)) = sil;
														__eflags = E029895F4(_t140, __eflags, _t190, _t190, _t242 & _t28 + _t173, _t247, _t255, _t286, _t288);
														if(__eflags == 0) {
															E02971538(__eflags, _t173);
															_t166 = _t168;
															 *_t173 = 0x2a;
														}
														goto L49;
													}
												}
											}
										}
									}
									goto L150;
								}
								_t186 = _t185 - _t305;
								__eflags = _t186;
								_t188 =  ~(_t186 >> 3);
								goto L27;
							} else {
								__eflags = _t138;
								if(_t138 == 0) {
									L12:
									__eflags = bpl;
									if(bpl == 0) {
										L51:
										_t168 = _t166;
										goto L52;
									} else {
										_t153 = 8;
										E02976E08(_t100, _t291, _t241);
										_t140 = 0;
										 *0x29ab030 = _t173;
										_t100 = E02971650(_t173, _t291);
										_t305 =  *0x29ab030; // 0x7004d0
										__eflags = _t305;
										if(_t305 != 0) {
											__eflags =  *0x29ab038 - _t255; // 0x0
											if(__eflags != 0) {
												goto L18;
											} else {
												_t153 = 8;
												E02976E08(_t100, _t291, _t241);
												_t140 = 0;
												 *0x29ab038 = _t173;
												_t100 = E02971650(_t173, _t291);
												__eflags =  *0x29ab038 - _t255; // 0x0
												if(__eflags == 0) {
													goto L14;
												} else {
													_t305 =  *0x29ab030; // 0x7004d0
													goto L18;
												}
											}
										} else {
											goto L14;
										}
									}
								} else {
									__eflags =  *0x29ab038 - _t255; // 0x0
									if(__eflags == 0) {
										goto L12;
									} else {
										_t100 = E0296D118(_t153, _t166, _t241, _t255, _t285);
										__eflags = _t173;
										if(__eflags == 0) {
											goto L50;
										} else {
											_t305 =  *0x29ab030; // 0x7004d0
											__eflags = _t305 -  *0x29ab048; // 0x7004d0
											if(__eflags == 0) {
												L116();
												_t305 = _t173;
												 *0x29ab030 = _t173;
											}
											L18:
											__eflags = _t305;
											if(_t305 == 0) {
												L14:
												L52:
												_t166 = _t168;
												L53:
												_t168 = _t166;
												L54:
												_t166 = _t168;
												L55:
												E02971650(_t173, _t247);
												_t103 = _t166;
												goto L56;
											} else {
												goto L19;
											}
										}
									}
								}
							}
						}
					}
				} else {
					_t103 = E02971538(_t172, __rax);
					 *__rax = 0x16;
					L56:
					return _t103;
				}
				L150:
			}

0x0297cdd8
0x0297cdd8
0x0297cdd8
0x0297cdd8
0x0297cdd8
0x0297cdd8
0x0297cdd8
0x0297cdd8
0x0297cddd
0x0297cde1
0x0297cde2
0x0297cde3
0x0297cde4
0x0297cde6
0x0297cde8
0x0297cdec
0x0297cdf0
0x0297cdf2
0x0297cdf4
0x0297cdf7
0x0297cdfa
0x0297ce10
0x0297ce15
0x0297ce18
0x0297ce1d
0x0297ce20
0x0297ce23
0x0297d0aa
0x0297d0aa
0x0297d0af
0x0297d0b3
0x00000000
0x0297ce29
0x0297ce29
0x0297ce2c
0x00000000
0x0297ce32
0x0297ce32
0x0297ce39
0x0297ce40
0x0297ce44
0x0297ce49
0x0297ce4e
0x0297ce53
0x0297ce56
0x0297ce56
0x0297ce5d
0x0297ce63
0x0297ce66
0x0297cf21
0x0297cf21
0x0297cf27
0x0297cf27
0x0297cf2a
0x0297cf2d
0x0297cf2d
0x0297cf30
0x00000000
0x00000000
0x0297cf32
0x0297cf35
0x0297cf3b
0x0297cf40
0x0297cf42
0x0297cf54
0x0297cf54
0x0297cf58
0x00000000
0x0297cf44
0x0297cf44
0x0297cf47
0x0297cf4c
0x0297cf5d
0x0297cf60
0x0297cf4e
0x0297cf4e
0x0297cf52
0x00000000
0x00000000
0x00000000
0x00000000
0x0297cf52
0x0297cf4c
0x0297cf70
0x0297cf70
0x0297cf73
0x0297cfcc
0x0297cfcc
0x0297cfcf
0x00000000
0x0297cfd5
0x0297cfd5
0x0297cfd8
0x0297cfd8
0x0297cfdc
0x0297cfdf
0x0297cfea
0x0297cff4
0x0297cff7
0x00000000
0x0297cff9
0x0297cff9
0x0297d002
0x0297d007
0x0297d00c
0x0297d011
0x0297d014
0x00000000
0x0297d016
0x0297d016
0x0297d01a
0x0297d01f
0x00000000
0x0297d01f
0x0297d014
0x0297cfe1
0x0297cfe1
0x00000000
0x0297cfe1
0x0297cfdf
0x0297cf75
0x0297cf75
0x0297cf78
0x00000000
0x0297cf7a
0x0297cf7e
0x0297cf83
0x0297cf86
0x0297cf9d
0x0297cf9d
0x0297cfa1
0x00000000
0x00000000
0x0297cf91
0x0297cf96
0x0297cf9a
0x0297cf9a
0x0297cf9a
0x0297cfa3
0x0297cfa9
0x0297cfaf
0x0297cfb4
0x0297cfb6
0x0297cfb9
0x0297cfbe
0x0297cfc1
0x0297cfc3
0x0297cfc3
0x0297cf88
0x0297cf88
0x0297d026
0x0297d026
0x0297d026
0x0297d029
0x0297d02d
0x00000000
0x0297d033
0x0297d033
0x0297d033
0x0297d037
0x0297d03a
0x0297d03a
0x0297d03d
0x0297d03d
0x0297d04c
0x0297d051
0x0297d054
0x0297d057
0x0297d0a0
0x0297d0a3
0x00000000
0x0297d059
0x0297d059
0x0297d05c
0x0297d060
0x0297d068
0x0297d06a
0x0297d0e3
0x0297d0e6
0x0297d0eb
0x0297d0f0
0x0297d0f2
0x0297d0f7
0x0297d0f8
0x0297d0fd
0x0297d102
0x0297d107
0x0297d108
0x0297d10a
0x0297d10c
0x0297d10e
0x0297d110
0x0297d114
0x0297d116
0x0297d118
0x0297d11b
0x0297d11e
0x0297d134
0x0297d139
0x0297d13c
0x0297d141
0x0297d144
0x0297d147
0x0297d3c7
0x0297d3c7
0x0297d3cc
0x0297d3d0
0x00000000
0x0297d14d
0x0297d14d
0x0297d150
0x00000000
0x0297d156
0x0297d156
0x0297d15d
0x0297d164
0x0297d169
0x0297d16e
0x0297d173
0x0297d176
0x0297d176
0x0297d182
0x0297d185
0x0297d23a
0x0297d23a
0x0297d23d
0x0297d23d
0x0297d240
0x0297d243
0x0297d246
0x0297d246
0x0297d249
0x00000000
0x00000000
0x0297d24b
0x0297d24e
0x0297d254
0x0297d259
0x0297d25b
0x0297d273
0x0297d273
0x0297d277
0x00000000
0x0297d25d
0x0297d25d
0x0297d260
0x0297d265
0x0297d26a
0x0297d27c
0x0297d27f
0x0297d26c
0x0297d26c
0x0297d271
0x00000000
0x00000000
0x00000000
0x00000000
0x0297d271
0x0297d26a
0x0297d28f
0x0297d28f
0x0297d292
0x0297d2ec
0x0297d2ec
0x0297d2f0
0x00000000
0x0297d2f6
0x0297d2f6
0x0297d2f9
0x0297d2f9
0x0297d2fd
0x0297d300
0x0297d30b
0x0297d315
0x0297d318
0x00000000
0x0297d31a
0x0297d31a
0x0297d323
0x0297d32d
0x0297d332
0x0297d335
0x00000000
0x0297d337
0x0297d337
0x0297d33b
0x0297d340
0x00000000
0x0297d340
0x0297d335
0x0297d302
0x0297d302
0x00000000
0x0297d302
0x0297d300
0x0297d294
0x0297d294
0x0297d297
0x00000000
0x0297d299
0x0297d29d
0x0297d2a2
0x0297d2a6
0x0297d2bd
0x0297d2bd
0x0297d2c1
0x00000000
0x00000000
0x0297d2b1
0x0297d2b6
0x0297d2ba
0x0297d2ba
0x0297d2ba
0x0297d2c3
0x0297d2c9
0x0297d2cf
0x0297d2d6
0x0297d2d9
0x0297d2de
0x0297d2e1
0x0297d2e3
0x0297d2e3
0x0297d2a8
0x0297d2a8
0x0297d347
0x0297d347
0x0297d347
0x0297d34a
0x0297d34c
0x00000000
0x0297d352
0x0297d352
0x0297d352
0x0297d356
0x0297d359
0x0297d359
0x0297d35c
0x0297d35c
0x0297d368
0x0297d36e
0x0297d373
0x0297d376
0x0297d379
0x0297d3bd
0x0297d3c0
0x00000000
0x0297d37b
0x0297d37b
0x0297d37e
0x0297d381
0x0297d384
0x0297d389
0x0297d38b
0x0297d405
0x0297d408
0x0297d40d
0x0297d414
0x0297d419
0x0297d41a
0x0297d41b
0x0297d41c
0x0297d421
0x0297d426
0x0297d42b
0x0297d42d
0x0297d431
0x0297d434
0x0297d437
0x0297d453
0x0297d456
0x0297d459
0x0297d45b
0x0297d45b
0x0297d45e
0x0297d462
0x0297d462
0x0297d45b
0x0297d468
0x0297d470
0x0297d475
0x0297d478
0x0297d47b
0x0297d4fb
0x0297d4fb
0x0297d500
0x0297d501
0x0297d502
0x0297d503
0x0297d504
0x0297d507
0x0297d50b
0x0297d50f
0x0297d513
0x0297d517
0x0297d51f
0x0297d522
0x0297d525
0x0297d544
0x0297d547
0x0297d54a
0x0297d54d
0x0297d54f
0x0297d54f
0x0297d552
0x0297d556
0x0297d556
0x0297d54f
0x0297d55b
0x0297d563
0x0297d568
0x0297d56b
0x0297d56e
0x0297d5ed
0x0297d5ed
0x0297d5f2
0x0297d5f3
0x0297d5f8
0x0297d5ff
0x0297d606
0x0297d608
0x0297d60d
0x0297d60d
0x0297d618
0x0297d570
0x0297d570
0x0297d573
0x0297d576
0x0297d5c9
0x0297d5cb
0x00000000
0x0297d578
0x0297d57b
0x0297d57b
0x0297d57e
0x0297d57e
0x0297d57e
0x0297d582
0x0297d582
0x0297d585
0x0297d585
0x0297d594
0x0297d59b
0x0297d59f
0x0297d5a4
0x0297d5a8
0x0297d5ab
0x00000000
0x0297d5ad
0x0297d5ad
0x0297d5b0
0x0297d5b4
0x0297d5b9
0x0297d5bb
0x0297d5d8
0x0297d5db
0x0297d5e0
0x0297d5e7
0x0297d5ec
0x00000000
0x00000000
0x00000000
0x00000000
0x0297d5bb
0x00000000
0x0297d5bd
0x0297d5bd
0x0297d5c1
0x0297d5c4
0x0297d5c4
0x00000000
0x0297d57e
0x0297d576
0x0297d527
0x0297d527
0x0297d527
0x0297d529
0x0297d543
0x0297d543
0x0297d47d
0x0297d47d
0x0297d480
0x0297d483
0x0297d4d6
0x0297d4d8
0x00000000
0x0297d485
0x0297d488
0x0297d488
0x0297d48b
0x0297d48b
0x0297d48b
0x0297d48f
0x0297d48f
0x0297d492
0x0297d492
0x0297d4a1
0x0297d4a8
0x0297d4ac
0x0297d4b1
0x0297d4b5
0x0297d4b8
0x00000000
0x0297d4ba
0x0297d4ba
0x0297d4bd
0x0297d4c1
0x0297d4c6
0x0297d4c8
0x0297d4e5
0x0297d4eb
0x0297d4ee
0x0297d4f5
0x0297d4fa
0x00000000
0x00000000
0x00000000
0x00000000
0x0297d4c8
0x00000000
0x0297d4ca
0x0297d4ca
0x0297d4ce
0x0297d4d1
0x0297d4d1
0x00000000
0x0297d48b
0x0297d483
0x0297d439
0x0297d439
0x0297d439
0x0297d43b
0x0297d450
0x0297d450
0x0297d38d
0x0297d38d
0x0297d391
0x0297d395
0x0297d39c
0x0297d39f
0x0297d3ac
0x0297d3ae
0x0297d3b0
0x0297d3b5
0x0297d3b7
0x0297d3b7
0x00000000
0x0297d3ae
0x0297d38b
0x0297d379
0x0297d34c
0x0297d297
0x00000000
0x0297d292
0x0297d285
0x0297d285
0x0297d28c
0x00000000
0x0297d18b
0x0297d18b
0x0297d192
0x0297d194
0x0297d1cd
0x0297d1cd
0x0297d1d1
0x0297d3d6
0x0297d3d6
0x00000000
0x0297d1d7
0x0297d1d7
0x0297d1da
0x0297d213
0x0297d213
0x0297d21b
0x0297d220
0x0297d220
0x0297d222
0x0297d229
0x0297d22e
0x00000000
0x0297d1dc
0x0297d1dc
0x0297d1dc
0x0297d1e2
0x0297d1e7
0x0297d1e9
0x0297d1f0
0x0297d1f5
0x0297d1fc
0x0297d207
0x0297d20e
0x0297d211
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0297d1fc
0x0297d1da
0x0297d196
0x0297d196
0x0297d199
0x00000000
0x0297d19b
0x0297d19b
0x0297d1a0
0x0297d1a3
0x00000000
0x0297d1a9
0x0297d1a9
0x0297d1b0
0x0297d1b7
0x0297d1bc
0x0297d1c1
0x0297d1c4
0x0297d1c4
0x0297d235
0x0297d235
0x0297d238
0x0297d1fe
0x0297d3d8
0x0297d3d8
0x0297d3da
0x0297d3da
0x0297d3dc
0x0297d3dc
0x0297d3de
0x0297d3e1
0x0297d3e6
0x00000000
0x00000000
0x00000000
0x00000000
0x0297d238
0x0297d1a3
0x0297d199
0x0297d194
0x0297d185
0x0297d150
0x0297d120
0x0297d120
0x0297d125
0x0297d3e8
0x0297d404
0x0297d404
0x0297d06c
0x0297d06f
0x0297d073
0x0297d079
0x0297d07d
0x0297d083
0x0297d08f
0x0297d091
0x0297d093
0x0297d098
0x0297d09a
0x0297d09a
0x00000000
0x0297d091
0x0297d06a
0x0297d057
0x0297d02d
0x0297cf78
0x00000000
0x0297cf73
0x0297cf66
0x0297cf66
0x0297cf6d
0x00000000
0x0297ce6c
0x0297ce6c
0x0297ce6e
0x0297ceaf
0x0297ceaf
0x0297ceb2
0x0297d0b9
0x0297d0b9
0x00000000
0x0297ceb8
0x0297ceb8
0x0297cec0
0x0297cec5
0x0297cec7
0x0297cece
0x0297ced3
0x0297ceda
0x0297cedd
0x0297cee8
0x0297ceef
0x00000000
0x0297cef1
0x0297cef1
0x0297cef9
0x0297cefe
0x0297cf00
0x0297cf07
0x0297cf0c
0x0297cf13
0x00000000
0x0297cf15
0x0297cf15
0x00000000
0x0297cf15
0x0297cf13
0x00000000
0x00000000
0x00000000
0x0297cedd
0x0297ce70
0x0297ce70
0x0297ce77
0x00000000
0x0297ce79
0x0297ce79
0x0297ce7e
0x0297ce81
0x00000000
0x0297ce87
0x0297ce87
0x0297ce8e
0x0297ce95
0x0297ce9e
0x0297cea3
0x0297cea6
0x0297cea6
0x0297cf1c
0x0297cf1c
0x0297cf1f
0x0297cedf
0x0297d0bb
0x0297d0bb
0x0297d0bd
0x0297d0bd
0x0297d0bf
0x0297d0bf
0x0297d0c1
0x0297d0c4
0x0297d0c9
0x00000000
0x00000000
0x00000000
0x00000000
0x0297cf1f
0x0297ce81
0x0297ce77
0x0297ce6e
0x0297ce66
0x0297ce2c
0x0297cdfc
0x0297cdfc
0x0297ce01
0x0297d0cb
0x0297d0e2
0x0297d0e2
0x00000000

APIs

strchr.LIBVCRUNTIME ref: 0297CE18

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: strchr
String ID:
API String ID: 2830005266-0
Opcode ID: b9d1085c37647ca150c5841f750bb9bf4f6d7e869979a820cd4a65177d1a13c9
Instruction ID: 7f84033e245627a4403b6af69767fb6149fa00ee43889112317a983d732d3d90
Opcode Fuzzy Hash: b9d1085c37647ca150c5841f750bb9bf4f6d7e869979a820cd4a65177d1a13c9
Instruction Fuzzy Hash: 69E1D022311B5441DE25EF25A85832A2B99BF85FF8F498B26CE7D573D4EF39C4028760

Uniqueness

Uniqueness Score: -1.00%

Function 029814C0 Relevance: 4.8, APIs: 3, Instructions: 317
COMMONLIBRARYCODECrypto

Download Yara Rule

C-Code - Quality: 79%

			E029814C0(signed long long __ecx, signed long long __rax, signed long long __rcx, signed long long* __rdx, void* __r9, signed long long __r10, signed long long __r13, signed int _a8, long long _a16, signed char _a24, intOrPtr _a32) {
				signed long long _v64;
				char _v532;
				signed long long _v536;
				signed long long _v544;
				signed long long _v552;
				intOrPtr _v556;
				signed int _v560;
				signed int _v568;
				void* __rbx;
				void* __rsi;
				signed int _t116;
				void* _t117;
				signed int _t121;
				signed int _t128;
				signed int _t142;
				signed int _t145;
				signed long long _t149;
				signed int _t150;
				signed char _t151;
				signed char _t154;
				signed char _t157;
				signed long long _t160;
				signed int _t161;
				signed char _t162;
				signed int _t173;
				signed long long _t175;
				void* _t176;
				signed int _t177;
				signed int _t179;
				signed long long _t180;
				void* _t183;
				signed long long _t191;
				signed long long _t193;
				void* _t195;
				signed long long _t196;
				signed long long _t198;
				signed long long _t210;
				void* _t211;
				signed long long _t212;
				signed long long _t215;
				signed long long _t219;
				unsigned long long _t221;
				signed long long _t228;
				signed long long _t230;
				signed long long _t232;
				signed long long _t234;
				signed long long _t236;
				signed long long _t239;
				signed long long _t241;
				signed long long* _t243;
				signed long long _t244;
				signed long long _t246;

				_t241 = __r13;
				_t230 = __r10;
				_t227 = __r9;
				_t209 = __rdx;
				_t199 = __rcx;
				_t188 = __rax;
				_t149 = __ecx;
				_a16 = __rdx;
				r10d =  *__rcx;
				_t243 = __rdx;
				_t214 = __rcx;
				if(r10d == 0) {
					L61:
					_t116 = 0;
					__eflags = 0;
					L62:
					return _t116;
				}
				_t175 =  *__rdx;
				if(_t175 == 0) {
					goto L61;
				}
				r10d = r10d - 1;
				_t117 = _t211 - 1;
				if(_t117 != 0) {
					__eflags = _t117 - r10d;
					if(_t117 > r10d) {
						goto L61;
					}
					r8d = r10d;
					_t210 = r10d;
					r8d = r8d - _t117;
					r9d = r10d;
					_t196 = r8d;
					__eflags = _t210 - _t196;
					if(_t210 < _t196) {
						L18:
						r8d = r8d + 1;
						__eflags = r8d;
						L19:
						__eflags = r8d;
						if(__eflags == 0) {
							goto L61;
						}
						r9d =  *(_t243 + 4 + _t188 * 4);
						_t116 = _t211 - 2;
						_t177 =  *(_t243 + 4 + _t188 * 4);
						asm("inc ecx");
						_a8 = _t177;
						if(__eflags == 0) {
							r11d = 0x20;
						} else {
							r11d = 0x1f;
							r11d = r11d - _t116;
						}
						_t145 = 0x20 - r11d;
						_a24 = r11d;
						_v568 = _t145;
						__eflags = r11d;
						if(r11d != 0) {
							_t157 = r11d;
							_t116 = r9d << _t157;
							r9d = _t177 >> _t145;
							_t179 = _t177 << _t157;
							r9d = r9d | _t116;
							_a8 = _t179;
							__eflags = _t175 - 2;
							if(_t175 > 2) {
								_t116 =  *(_t243 + 4 + _t188 * 4) >> _t145;
								_t180 = _t179 | _t116;
								__eflags = _t180;
								_a8 = _t180;
							}
						}
						r14d = _t219 - 1;
						r12d = 0;
						__eflags = r14d;
						if(r14d < 0) {
							L54:
							_t160 = _t230 + 1;
							_t150 = _t160;
							__eflags = _t160 -  *_t214;
							if(_t160 >=  *_t214) {
								L57:
								 *_t214 = _t160;
								__eflags = _t160;
								if(_t160 == 0) {
									L60:
									goto L62;
								} else {
									goto L58;
								}
								while(1) {
									L58:
									_t160 = _t160 - 1;
									__eflags =  *(_t214 + 4 + _t210 * 4);
									if( *(_t214 + 4 + _t210 * 4) != 0) {
										goto L60;
									}
									 *_t214 = _t160;
									__eflags = _t160;
									if(_t160 != 0) {
										continue;
									}
									goto L60;
								}
								goto L60;
							}
							asm("o16 nop [eax+eax]");
							do {
								_t116 = _t150;
								_t150 = _t150 + 1;
								 *(_t214 + 4 + _t188 * 4) = 0;
								__eflags = _t150 -  *_t214;
							} while (_t150 <  *_t214);
							goto L57;
						} else {
							r15d = 0xffffffff;
							_v64 = _t241;
							r13d = _t243 + _t211;
							_v544 = _t196;
							_v552 = _t188;
							do {
								__eflags = r13d - r10d;
								if(r13d > r10d) {
									_t161 = 0;
								} else {
									_t161 =  *((intOrPtr*)(_t214 + 4 + _t241 * 4));
								}
								_a32 = _t161;
								_t151 =  *(_t214 + 4 + _t188 * 4);
								_t67 = _t241 - 2; // -2
								_t121 = _t67;
								r11d =  *(_t214 + 4 + _t188 * 4);
								_v560 = _t199;
								_v556 = _t161;
								_t162 = _a24;
								__eflags = _t162;
								if(_t162 == 0) {
									_t219 = _v560;
								} else {
									_t199 = _v552;
									r8d = r11d;
									_t154 = _t162;
									_t193 = _v560 << _t154;
									_t219 = _t219 >> _t151 | _t193;
									r11d = r11d << _t154;
									__eflags = r13d - 3;
									if(r13d >= 3) {
										_t121 =  *(_t214 + 4 + _t193 * 4) >> _v568;
										r11d = r11d | _t121;
									}
								}
								_t188 = _t219;
								r8d = _t121 % _t196;
								_t228 = _t188;
								__eflags = _t188 - _t246;
								if(_t188 > _t246) {
									_t191 = 0x1 + _t228;
									_t228 = _t246;
									_t188 = _t191 * _t196;
									_t219 = _t219 + 0x1;
									__eflags = _t219;
								}
								__eflags = _t219 - _t246;
								if(_t219 > _t246) {
									L41:
									__eflags = _t228;
									if(_t228 == 0) {
										goto L52;
									}
									_t230 = _t215;
									r11d = 0;
									__eflags = _t175;
									if(_t175 == 0) {
										L46:
										__eflags = _t188 - _t230;
										if(_t188 >= _t230) {
											L51:
											_t107 = _t241 - 1; // -1
											r10d = _t107;
											goto L52;
										}
										r10d = 0;
										__eflags = _t175;
										if(_t175 == 0) {
											L50:
											__eflags = _t228 - 1;
											goto L51;
										}
										_t221 = _t215;
										_t236 = _a16 + 4;
										__eflags = _t236;
										do {
											r10d = r10d + 1;
											_t210 = _t214 + _t188 * 4;
											_t236 = _t236 + 4;
											 *(_t210 + 4) = r8d;
											_t221 = _t221 + _t188 + _t199 >> 0x20;
											__eflags = r10d - _t175;
										} while (r10d < _t175);
										goto L50;
									}
									_t198 = _a16 + 4;
									__eflags = _t198;
									do {
										_t198 = _t198 + 4;
										_t188 = _t188 * _t228;
										r8d = r10d;
										_t232 = _t230 + _t188 >> 0x20;
										_t128 =  *(_t214 + 4 + _t188 * 4);
										_t210 = _t232;
										__eflags = _t128 - r8d;
										_t230 =  >=  ? _t210 : _t232 + 1;
										r11d = r11d + 1;
										 *((intOrPtr*)(_t214 + 4 + _t199 * 4)) = _t128 - r8d;
										__eflags = r11d - _t175;
									} while (r11d < _t175);
									_t196 = _v544;
									goto L46;
								} else {
									_t188 = _t188 * _t228;
									__eflags = _t188;
									while(1) {
										_t199 = _t219 << 0x00000020 | _t234;
										__eflags = _t188 - _t199;
										if(_t188 <= _t199) {
											goto L41;
										}
										_t228 = _t228 - 1;
										_t188 = _t188 - _t210;
										_t219 = _t219 + _t196;
										__eflags = _t219 - _t246;
										if(_t219 <= _t246) {
											continue;
										}
										goto L41;
									}
									goto L41;
								}
								L52:
								r13d = r13d - 1;
								_t116 = r9d;
								_t239 = (_t239 << 0x20) + _t188;
								r14d = r14d - 1;
								__eflags = r14d;
							} while (r14d >= 0);
							goto L54;
						}
					}
					_t188 = _t196 * 4;
					_t234 = __rdx - _t188 - __rcx;
					__eflags = _t234;
					_t199 =  &((__rcx + 4)[_t210]);
					while(1) {
						__eflags =  *((intOrPtr*)(_t234 + _t199)) -  *_t199;
						if( *((intOrPtr*)(_t234 + _t199)) !=  *_t199) {
							break;
						}
						r9d = r9d - 1;
						_t210 = _t210 - 1;
						_t199 = _t199 - 4;
						__eflags = _t210 - _t196;
						if(_t210 >= _t196) {
							continue;
						}
						goto L18;
					}
					_t210 = r9d - r8d;
					_t188 = r9d;
					__eflags =  *((intOrPtr*)(_t243 + 4 + _t210 * 4)) -  *(_t214 + 4 + _t188 * 4);
					if( *((intOrPtr*)(_t243 + 4 + _t210 * 4)) >=  *(_t214 + 4 + _t188 * 4)) {
						goto L19;
					}
					goto L18;
				}
				r12d = __rdx[0];
				if(r12d != 1) {
					__eflags = r10d;
					if(r10d != 0) {
						r15d = 0xffffffff;
						_t212 = _t215;
						_t244 = _t215;
						__eflags = r10d - r15d;
						if(r10d == r15d) {
							L10:
							r9d = 0;
							_v536 = 0;
							 *_t214 = 0;
							_t116 = E029837C4(0x1cc, _t175, _t176, _t183, _t188, _t195,  &(_t214[0]), _t209, _t214,  &_v532, _t227);
							_t214[0] = r14d;
							__eflags = _t149;
							_t214[1] = _t149;
							bpl = _t149 != 0;
							 *_t214 = 1;
							goto L62;
						}
						do {
							r10d = r10d + r15d;
							_t188 = _t188 | _t244 << 0x00000020;
							_t244 = __rdx;
							_t212 = (_t212 << 0x20) + _t188;
							__eflags = r10d - r15d;
						} while (r10d != r15d);
						goto L10;
					}
					 *__rcx = 0;
					r9d = 0;
					_v536 = 0;
					E029837C4(0x1cc, _t175, _t176, _t183, __rax, _t195, __rcx + 4, __rdx, __rcx,  &_v532, __r9);
					_t142 =  *(__rcx + 4);
					_t116 = _t142 / r12d;
					_t173 = _t142 % r12d;
					__eflags = _t173;
					 *(__rcx + 4) = _t173;
					bpl = _t173 != 0;
					 *__rcx = 0;
				} else {
					 *__rcx = 0;
					r9d = 0;
					_v536 = 0;
					E029837C4(0x1cc, _t175, _t176, _t183, __rax, _t195, __rcx + 4, __rdx, __rcx,  &_v532, __r9);
					_t116 =  *(__rcx + 4);
				}
			}

0x029814c0
0x029814c0
0x029814c0
0x029814c0
0x029814c0
0x029814c0
0x029814c0
0x029814c0
0x029814d6
0x029814d9
0x029814dc
0x029814e2
0x029818d5
0x029818d5
0x029818d5
0x029818d7
0x029818e8
0x029818e8
0x029814e8
0x029814ec
0x00000000
0x00000000
0x029814f2
0x029814f5
0x029814fa
0x029815e2
0x029815e5
0x00000000
0x00000000
0x029815eb
0x029815ee
0x029815f1
0x029815f4
0x029815f7
0x029815fa
0x029815fd
0x02981648
0x02981648
0x02981648
0x0298164b
0x0298164b
0x0298164e
0x00000000
0x00000000
0x0298165c
0x02981661
0x02981664
0x02981669
0x0298166d
0x02981674
0x02981681
0x02981676
0x02981676
0x0298167c
0x0298167c
0x02981684
0x02981687
0x0298168f
0x02981693
0x02981696
0x029816a1
0x029816a4
0x029816a6
0x029816a9
0x029816ab
0x029816ae
0x029816b5
0x029816b8
0x029816c4
0x029816c6
0x029816c6
0x029816c8
0x029816c8
0x029816b8
0x029816d1
0x029816d5
0x029816d8
0x029816db
0x029818a0
0x029818a0
0x029818a4
0x029818a6
0x029818a8
0x029818bc
0x029818bc
0x029818be
0x029818c0
0x029818d0
0x00000000
0x00000000
0x00000000
0x00000000
0x029818c2
0x029818c2
0x029818c2
0x029818c4
0x029818c8
0x00000000
0x00000000
0x029818ca
0x029818cc
0x029818ce
0x00000000
0x00000000
0x00000000
0x029818ce
0x00000000
0x029818c2
0x029818aa
0x029818b0
0x029818b0
0x029818b2
0x029818b4
0x029818b8
0x029818b8
0x00000000
0x029816e1
0x029816e3
0x029816ec
0x029816f4
0x029816f8
0x029816fd
0x02981702
0x02981702
0x02981705
0x0298170e
0x02981707
0x02981707
0x02981707
0x02981714
0x0298171b
0x0298171f
0x0298171f
0x02981723
0x02981728
0x0298172d
0x02981731
0x02981738
0x0298173a
0x02981770
0x0298173c
0x0298173c
0x02981741
0x0298174c
0x0298174e
0x02981751
0x02981754
0x02981757
0x0298175b
0x02981769
0x0298176b
0x0298176b
0x0298175b
0x02981777
0x0298177d
0x02981780
0x02981783
0x02981786
0x02981792
0x02981795
0x02981798
0x0298179c
0x0298179c
0x0298179c
0x0298179f
0x029817a2
0x029817ce
0x029817ce
0x029817d1
0x00000000
0x00000000
0x029817d7
0x029817da
0x029817dd
0x029817df
0x0298182f
0x02981836
0x02981839
0x0298187d
0x0298187d
0x0298187d
0x00000000
0x0298187d
0x0298183b
0x0298183e
0x02981840
0x0298187a
0x0298187a
0x00000000
0x0298187a
0x0298184a
0x0298184d
0x0298184d
0x02981851
0x02981855
0x0298185c
0x02981863
0x0298186d
0x02981871
0x02981875
0x02981875
0x00000000
0x02981851
0x029817e9
0x029817e9
0x029817f0
0x029817f2
0x029817f6
0x02981801
0x02981806
0x0298180a
0x0298180e
0x02981814
0x02981817
0x0298181e
0x02981821
0x02981825
0x02981825
0x0298182a
0x00000000
0x029817a4
0x029817ad
0x029817ad
0x029817b1
0x029817b8
0x029817bb
0x029817be
0x00000000
0x00000000
0x029817c0
0x029817c3
0x029817c6
0x029817c9
0x029817cc
0x00000000
0x00000000
0x00000000
0x029817cc
0x00000000
0x029817b1
0x02981881
0x02981885
0x02981888
0x0298188b
0x0298188e
0x0298188e
0x0298188e
0x00000000
0x02981898
0x029816db
0x02981603
0x02981611
0x02981611
0x02981614
0x02981618
0x0298161a
0x0298161e
0x00000000
0x00000000
0x02981620
0x02981623
0x02981626
0x0298162a
0x0298162d
0x00000000
0x00000000
0x00000000
0x0298162f
0x02981637
0x0298163a
0x02981641
0x02981646
0x00000000
0x00000000
0x00000000
0x02981646
0x02981500
0x0298150a
0x02981532
0x02981535
0x0298156d
0x02981573
0x02981576
0x02981579
0x0298157c
0x029815a6
0x029815a6
0x029815a9
0x029815b2
0x029815bd
0x029815c5
0x029815d0
0x029815d2
0x029815d5
0x029815db
0x00000000
0x029815db
0x02981581
0x0298158c
0x0298158f
0x0298159b
0x0298159e
0x029815a1
0x029815a1
0x00000000
0x02981581
0x0298153f
0x02981541
0x02981548
0x02981551
0x02981558
0x0298155a
0x0298155a
0x0298155d
0x0298155f
0x02981562
0x02981566
0x0298150c
0x02981518
0x0298151a
0x0298151d
0x02981526
0x0298152b
0x0298152b

APIs

memcpy_s.LIBCPMT ref: 02981526
memcpy_s.LIBCPMT ref: 02981551

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: memcpy_s
String ID:
API String ID: 1502251526-0
Opcode ID: f29a0bb860d4118634f67aafa1ddaca256022312cfb6a51d3fdb2b26d395dc9a
Instruction ID: ea29a762a7143798483da1c0c4212798bde87885b3c5a035f6c0655a9ea5acf4
Opcode Fuzzy Hash: f29a0bb860d4118634f67aafa1ddaca256022312cfb6a51d3fdb2b26d395dc9a
Instruction Fuzzy Hash: 6BB1E67271568987DB34DF19E184A5AB7A6F388788F4C9229DF4E87704D739E842CB40

Uniqueness

Uniqueness Score: -1.00%

Function 02986378 Relevance: 4.7, APIs: 3, Instructions: 169
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E02986378(void* __ecx, signed int __edx, void* __ebp, void* __esp, void* __eflags, long long __rbx, void* __rcx, void* __rdx, void* __r9) {
				void* __rdi;
				void* __rsi;
				signed int _t47;
				int _t48;
				signed int _t49;
				void* _t51;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				void* _t67;
				signed int _t68;
				signed int _t69;
				signed int _t70;
				signed int _t75;
				signed int _t76;
				signed int _t77;
				signed int _t78;
				signed int _t80;
				void* _t82;
				signed int _t83;
				void* _t85;
				signed long long _t98;
				signed long long _t99;
				signed long long _t100;
				void* _t102;
				intOrPtr _t113;
				void* _t119;
				signed int* _t120;
				int _t122;
				intOrPtr* _t123;
				signed long long _t125;
				signed long long _t127;
				void* _t128;
				signed long long _t129;
				void* _t131;
				void* _t132;
				void* _t134;
				void* _t138;

				_t136 = __r9;
				_t104 = __rcx;
				_t85 = __ebp;
				_t78 = __edx;
				 *((long long*)(_t128 + 0x10)) = __rbx;
				 *(_t128 + 0x18) = _t125;
				_t129 = _t128 - 0x120;
				_t98 =  *0x29a61e8; // 0xc99624406909
				_t99 = _t98 ^ _t129;
				 *(_t129 + 0x110) = _t99;
				_t102 = __rcx;
				L0297390C(__esp, _t99, __rcx, __rcx, __rdx, _t122, _t125, __r9, _t138);
				_t4 = _t99 + 0x98; // 0x98
				_t123 = _t4;
				L0297390C(__esp, _t99, _t102, _t104, __rdx, _t123, _t125, __r9, _t119);
				_t120 =  *((intOrPtr*)(_t99 + 0x3a0));
				_t47 = E029866CC(_t102, __rdx);
				_t131 = _t129 + 0x20;
				r9d = 0x78;
				_t74 = _t47;
				_t70 = _t47;
				asm("sbb edx, edx");
				_t80 = (_t78 & 0xfffff005) + 0x1002;
				_t48 = GetLocaleInfoW(_t122, ??, ??);
				r14d = 0;
				if(_t48 == 0) {
					L38:
					 *_t120 = r14d;
					_t49 = 1;
					L39:
					return L029438C0(_t49, _t74, _t99,  *(_t129 + 0x110) ^ _t129);
				}
				_t51 = E02985294(_t80, _t99, _t102,  *((intOrPtr*)(_t123 + 8)), _t129 + 0x20, _t123, _t125, _t131);
				_t127 = _t125 | 0xffffffff;
				if(_t51 != 0) {
					L19:
					_t74 = 0x300;
					if(( *_t120 & 0x00000300) == 0x300) {
						L37:
						_t49 =  !( *_t120 >> 2) & 0x00000001;
						goto L39;
					}
					_t132 = _t129 + 0x20;
					r9d = 0x78;
					_t74 = _t70;
					asm("sbb edx, edx");
					_t82 = (_t80 & 0xfffff002) + 0x1001;
					if(GetLocaleInfoW(??, ??, ??, ??) == 0) {
						goto L38;
					}
					_t116 = _t129 + 0x20;
					if(E02985294(_t82, _t99, _t102,  *_t123, _t129 + 0x20, _t123, _t127, _t132) != 0) {
						__eflags =  *((intOrPtr*)(_t123 + 0x18)) - r14d;
						if( *((intOrPtr*)(_t123 + 0x18)) != r14d) {
							goto L37;
						}
						__eflags =  *((intOrPtr*)(_t123 + 0x14)) - r14d;
						if( *((intOrPtr*)(_t123 + 0x14)) == r14d) {
							goto L37;
						}
						_t110 =  *_t123;
						_t116 = _t129 + 0x20;
						_t61 = E02985294(_t82, _t99, _t102,  *_t123, _t129 + 0x20, _t123, _t127, _t132);
						__eflags = _t61;
						if(_t61 != 0) {
							goto L37;
						}
						_t83 = 0;
						__eflags = 0;
						L33:
						_t74 = _t70;
						_t62 = E029867F0(_t70, _t83, __eflags, _t99, _t102, _t110, _t116, _t123, _t136);
						__eflags = _t62;
						if(_t62 == 0) {
							goto L37;
						}
						asm("bts dword [edi], 0x8");
						L35:
						if(_t120[1] == r14d) {
							_t120[1] = _t70;
						}
						goto L37;
					}
					_t63 =  *_t120;
					asm("bts eax, 0x9");
					 *_t120 = _t63;
					if( *((intOrPtr*)(_t123 + 0x18)) == r14d) {
						__eflags =  *((intOrPtr*)(_t123 + 0x14)) - r14d;
						if( *((intOrPtr*)(_t123 + 0x14)) == r14d) {
							goto L23;
						}
						_t110 =  *_t123;
						do {
							_t127 = _t127 + 1;
							__eflags =  *((intOrPtr*)(_t110 + _t127 * 2)) - r14w;
						} while ( *((intOrPtr*)(_t110 + _t127 * 2)) != r14w);
						__eflags = _t85 -  *((intOrPtr*)(_t123 + 0x14));
						if(__eflags != 0) {
							goto L23;
						}
						_t83 = 1;
						goto L33;
					}
					L23:
					asm("bts eax, 0x8");
					 *_t120 = _t63;
					goto L35;
				}
				_t11 = _t138 + 0x78; // 0x78
				r9d = _t11;
				_t134 = _t129 + 0x20;
				_t74 = _t70;
				asm("sbb edx, edx");
				_t80 = (_t80 & 0xfffff002) + 0x1001;
				if(GetLocaleInfoW(??, ??, ??, ??) == 0) {
					goto L38;
				}
				_t67 = E02985294(_t80, _t99, _t102,  *_t123, _t129 + 0x20, _t123, _t127, _t134);
				_t75 =  *_t120;
				if(_t67 != 0) {
					__eflags = _t75 & 0x00000002;
					if((_t75 & 0x00000002) != 0) {
						goto L19;
					}
					_t68 = _t75;
					__eflags =  *((intOrPtr*)(_t123 + 0x14)) - r14d;
					if( *((intOrPtr*)(_t123 + 0x14)) == r14d) {
						L13:
						__eflags = _t68 & 0x00000001;
						if((_t68 & 0x00000001) != 0) {
							goto L19;
						}
						_t80 = r14d;
						_t99 = 0x2997818;
						while(1) {
							__eflags = _t70 -  *_t99;
							if(_t70 ==  *_t99) {
								goto L19;
							}
							_t80 = _t80 + 1;
							_t99 = _t99 + 2;
							__eflags = _t80 - 0xa;
							if(_t80 < 0xa) {
								continue;
							}
							_t76 = _t75 | 0x00000001;
							__eflags = _t76;
							goto L18;
						}
						goto L19;
					}
					_t69 = E0296E744(_t80, _t99, _t102,  *_t123, _t129 + 0x20, _t120, _t123,  *((intOrPtr*)(_t123 + 0x14)), _t136);
					_t75 =  *_t120;
					__eflags = _t69;
					if(_t69 != 0) {
						_t68 = _t75;
						goto L13;
					}
					_t77 = _t75 | 0x00000002;
					__eflags = _t77;
					_t120[2] = _t70;
					 *_t120 = _t77;
					_t100 = _t127;
					_t113 =  *_t123;
					do {
						_t100 = _t100 + 1;
						__eflags =  *((intOrPtr*)(_t113 + _t100 * 2)) - r14w;
					} while ( *((intOrPtr*)(_t113 + _t100 * 2)) != r14w);
					__eflags = _t69 -  *((intOrPtr*)(_t123 + 0x14));
					if(_t69 ==  *((intOrPtr*)(_t123 + 0x14))) {
						_t120[1] = _t70;
					}
				} else {
					_t76 = _t75 | 0x00000304;
					_t120[1] = _t70;
					L18:
					_t120[2] = _t70;
					 *_t120 = _t76;
				}
			}

0x02986378
0x02986378
0x02986378
0x02986378
0x02986378
0x0298637d
0x02986386
0x0298638d
0x02986394
0x02986397
0x0298639f
0x029863a2
0x029863a7
0x029863a7
0x029863ae
0x029863b6
0x029863bd
0x029863c5
0x029863cc
0x029863d2
0x029863d4
0x029863d6
0x029863de
0x029863e4
0x029863ea
0x029863ef
0x02986592
0x02986592
0x02986595
0x0298659a
0x029865c1
0x029865c1
0x029863fe
0x02986403
0x02986409
0x029864c7
0x029864c9
0x029864d2
0x02986586
0x0298658d
0x00000000
0x0298658d
0x029864db
0x029864e2
0x029864e8
0x029864ea
0x029864f2
0x02986500
0x00000000
0x00000000
0x02986509
0x02986515
0x0298654c
0x02986550
0x00000000
0x00000000
0x02986552
0x02986556
0x00000000
0x00000000
0x02986558
0x0298655b
0x02986560
0x02986565
0x02986567
0x00000000
0x00000000
0x02986569
0x02986569
0x0298656b
0x0298656e
0x02986570
0x02986575
0x02986577
0x00000000
0x00000000
0x02986579
0x0298657d
0x02986581
0x02986583
0x02986583
0x00000000
0x02986581
0x02986517
0x02986519
0x0298651d
0x02986523
0x0298652d
0x02986531
0x00000000
0x00000000
0x02986533
0x02986536
0x02986536
0x02986539
0x02986539
0x02986540
0x02986543
0x00000000
0x00000000
0x02986545
0x00000000
0x02986545
0x02986525
0x02986525
0x02986529
0x00000000
0x02986529
0x02986412
0x02986412
0x02986418
0x0298641d
0x0298641f
0x02986427
0x02986435
0x00000000
0x00000000
0x02986443
0x02986448
0x0298644c
0x02986459
0x0298645c
0x00000000
0x00000000
0x0298645e
0x02986460
0x02986464
0x029864a1
0x029864a1
0x029864a3
0x00000000
0x00000000
0x029864a5
0x029864a8
0x029864af
0x029864af
0x029864b2
0x00000000
0x00000000
0x029864b4
0x029864b6
0x029864ba
0x029864bd
0x00000000
0x00000000
0x029864bf
0x029864bf
0x00000000
0x029864bf
0x00000000
0x029864af
0x02986472
0x02986477
0x02986479
0x0298647b
0x0298649f
0x00000000
0x0298649f
0x0298647d
0x0298647d
0x02986480
0x02986483
0x02986485
0x02986488
0x0298648b
0x0298648b
0x0298648e
0x0298648e
0x02986495
0x02986498
0x0298649a
0x0298649a
0x0298644e
0x0298644e
0x02986454
0x029864c2
0x029864c2
0x029864c5
0x029864c5

APIs

Part of subcall function 0297390C: GetLastError.KERNEL32(?,?,?,029599FF,?,?,?,0296DD17,?,?,?,?,?,?,?,0296E29F), ref: 0297391B
Part of subcall function 0297390C: SetLastError.KERNEL32(?,?,?,029599FF,?,?,?,0296DD17,?,?,?,?,?,?,?,0296E29F), ref: 029739B9

GetLocaleInfoW.KERNEL32 ref: 029863E4

Part of subcall function 02985294: _invalid_parameter_noinfo.LIBCMT ref: 029852B4

GetLocaleInfoW.KERNEL32 ref: 0298642D

Part of subcall function 02985294: _invalid_parameter_noinfo.LIBCMT ref: 02985369

GetLocaleInfoW.KERNEL32 ref: 029864F8

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: InfoLocale$ErrorLast_invalid_parameter_noinfo
String ID:
API String ID: 3644580040-0
Opcode ID: f761d167f56f70df0f816b146e725bc71188f88146728e28362a0f6ea39251d8
Instruction ID: faf7012cf10ba0943bc20b14a3083722eb3462665b2ddba394a1f281d9704c6d
Opcode Fuzzy Hash: f761d167f56f70df0f816b146e725bc71188f88146728e28362a0f6ea39251d8
Instruction Fuzzy Hash: A051B0723006428BDB34AF25E59076DB7B9F788B44F488129CB9E9BB98DF38D155CB40

Uniqueness

Uniqueness Score: -1.00%

Function 0298ED3C Relevance: 3.2, APIs: 2, Instructions: 232COMMONLIBRARYCODE

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 0298EF8B
RaiseException.KERNEL32 ref: 0298EF9C

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: 3361b37e3677c19d7a3f814619604ba87e967705723e14841974572d4b6e2c7d
Instruction ID: 68504acfa07b20708e031613553a31951cb9a19bcbd67059b678382d7d3486d1
Opcode Fuzzy Hash: 3361b37e3677c19d7a3f814619604ba87e967705723e14841974572d4b6e2c7d
Instruction Fuzzy Hash: 9AA12C77611B888BDB15DF29C89635C7BA0F384B9CF198915EB9D87B64CB39C452C700

Uniqueness

Uniqueness Score: -1.00%

Function 0297F594 Relevance: 1.9, APIs: 1, Instructions: 368
COMMONCrypto

Download Yara Rule

C-Code - Quality: 54%

			E0297F594(signed int __ecx, void* __edi, void* __esp, signed long long __rbx, long long* __rcx, void* __rdx, long long __rsi, void* __r10) {
				void* __rdi;
				void* __r12;
				void* __r14;
				void* __r15;
				signed int* _t119;
				void* _t122;
				signed int* _t136;
				signed int _t138;
				void* _t141;
				void* _t144;
				signed int _t154;
				char _t163;
				signed int* _t167;
				void* _t181;
				signed int* _t183;
				void* _t186;
				signed long long _t211;
				signed int** _t216;
				signed int** _t218;
				signed long long _t222;
				long long _t223;
				long long* _t225;
				signed long long _t234;
				signed int* _t237;
				void* _t239;
				char* _t248;
				signed char* _t249;
				void* _t252;
				void* _t256;
				signed char* _t259;
				void* _t261;
				long long* _t263;
				long long _t265;
				signed long long _t267;
				void* _t269;
				signed long long _t270;
				intOrPtr* _t274;
				void* _t278;
				signed long long _t280;
				signed long long _t282;
				void* _t284;
				signed long long _t285;
				signed int* _t289;

				_t277 = __r10;
				_t265 = __rsi;
				_t252 = __rdx;
				_t225 = __rcx;
				_t223 = __rbx;
				_t186 = __esp;
				_t181 = __edi;
				_t168 = __ecx;
				_t278 = _t269;
				 *((long long*)(_t278 + 0x10)) = __rbx;
				 *(_t278 + 0x18) = _t267;
				 *((long long*)(_t278 + 0x20)) = __rsi;
				_push(_t280);
				_push(_t282);
				_push(_t285);
				_t270 = _t269 - 0xa0;
				_t211 =  *0x29a61e8; // 0xc99624406909
				_t212 = _t211 ^ _t270;
				 *(_t270 + 0x98) = _t212;
				_t272 =  *((intOrPtr*)(__rcx + 0x138));
				_t167 = 0;
				 *((long long*)(_t278 - 0x58)) = __rcx;
				_t263 = __rcx;
				 *((long long*)(_t278 - 0x50)) = __rbx;
				r13d = 0;
				r14d = 0;
				r12d = 0;
				if( *((intOrPtr*)(__rcx + 0x138)) == 0) {
					__eflags =  *((intOrPtr*)(__rcx + 0x100));
					if( *((intOrPtr*)(__rcx + 0x100)) != 0) {
						asm("lock dec dword [eax]");
					}
					 *((long long*)(_t225 + 0x100)) = _t223;
					 *_t225 = 0x2995760;
					 *((long long*)(_t225 + 0x108)) = _t223;
					 *((long long*)(_t225 + 0x110)) = 0x29959e0;
					_t212 = 0x2995b60;
					 *((long long*)(_t225 + 0x118)) = 0x2995b60;
					_t119 = 0;
					__eflags = 0;
					 *((intOrPtr*)(_t225 + 8)) = 1;
					L43:
					return L029438C0(_t119, _t168, _t212,  *(_t270 + 0x98) ^ _t270);
				}
				_t289 = __rcx + 0xc;
				 *(_t270 + 0x58) = __rbx;
				_t10 = _t223 + 1; // 0x1
				_t183 = _t10;
				if( *_t289 != 0) {
					L3:
					_t228 = _t265;
					E02976E08(_t118, _t265, _t252);
					 *(_t270 + 0x58) = _t212;
					_t122 = E02971650(_t212, _t265);
					_t178 = 2;
					E02976E08(_t122, _t265, _t252);
					_t282 = _t212;
					E02976E08(E02971650(_t212, _t265), _t228, _t265);
					_t285 = _t212;
					E02976E08(E02971650(_t212, _t228), _t228, _t265);
					_t267 = _t212;
					E02976E08(E02971650(_t212, _t228), _t228, _t265);
					_t168 = 0;
					_t280 = _t212;
					E02971650(_t212, _t228);
					if( *(_t270 + 0x58) == _t223 || _t282 == 0 || _t280 == 0 || _t285 == 0 || _t267 == 0) {
						L38:
						E02971650(_t212,  *(_t270 + 0x58));
						E02971650(_t212, _t282);
						E02971650(_t212, _t285);
						E02971650(_t212, _t267);
						_t167 = _t183;
						goto L39;
					} else {
						_t234 = _t280;
						_t136 = _t167;
						do {
							 *_t234 = _t136;
							_t234 = _t234 + _t265;
							_t136 = _t136 + _t183;
						} while (_t136 < 0x100);
						_t168 =  *_t289;
						_t256 = _t270 + 0x80;
						if(GetCPInfo(??, ??) == 0 ||  *(_t270 + 0x80) > 5) {
							goto L38;
						} else {
							_t138 =  *(_t270 + 0x80) & 0x0000ffff;
							 *(_t270 + 0x50) = _t138;
							if(_t138 <= _t183) {
								L20:
								_t26 = _t285 + 0x81; // 0x81
								_t28 = _t280 + 1; // 0x1
								 *(_t270 + 0x40) = _t167;
								 *(_t270 + 0x38) =  *_t289;
								 *(_t270 + 0x30) = 0xff;
								 *(_t270 + 0x28) = _t26;
								_t168 = 0;
								 *(_t270 + 0x20) = 0xff;
								_t34 = _t212 + 1; // 0x100
								r8d = _t34;
								_t141 = E0297EBBC(_t167, 0, _t178, _t199, _t212, _t223, _t26,  *((intOrPtr*)(_t263 + 0x138)), _t265, _t28, _t277, _t278);
								_t200 = _t141;
								if(_t141 == 0) {
									goto L38;
								}
								_t35 = _t267 + 0x81; // 0x81
								_t37 = _t280 + 1; // 0x1
								 *(_t270 + 0x40) = _t167;
								r8d = 0x200;
								 *(_t270 + 0x38) =  *_t289;
								 *(_t270 + 0x30) = 0xff;
								 *(_t270 + 0x28) = _t35;
								_t168 = 0;
								 *(_t270 + 0x20) = 0xff;
								_t144 = E0297EBBC(_t167, 0, _t178, _t200, _t212, _t223, _t35,  *((intOrPtr*)(_t263 + 0x138)), _t265, _t37, _t277, _t278);
								_t201 = _t144;
								if(_t144 == 0) {
									goto L38;
								}
								_t43 = _t282 + 0x100; // 0x100
								_t237 = _t43;
								 *(_t270 + 0x30) = _t167;
								r9d = 0x100;
								 *(_t270 + 0x28) =  *_t289;
								 *(_t270 + 0x60) = _t237;
								 *(_t270 + 0x20) = _t237;
								_t168 = 0;
								if(E0298542C(_t183, _t186, _t201, _t223, _t237, _t263, _t265, _t280, _t277, _t278) == 0) {
									goto L38;
								}
								_t48 = _t282 + 0xfe; // 0xfe
								_t216 = _t48;
								 *_t216 = _t167;
								 *(_t285 + 0x7f) = _t167;
								 *(_t267 + 0x7f) = _t167;
								 *(_t285 + 0x80) = _t167;
								 *(_t267 + 0x80) = _t167;
								 *(_t270 + 0x68) = _t216;
								if( *(_t270 + 0x50) <= _t183) {
									L34:
									_t71 = _t282 + 0x200; // 0x200
									r15d = 0x80;
									asm("movups xmm0, [ecx]");
									asm("movups xmm1, [ecx+0x10]");
									asm("inc ecx");
									asm("inc ecx");
									asm("movups xmm0, [ecx+0x20]");
									asm("movups xmm1, [ecx+0x30]");
									asm("inc ecx");
									asm("inc ecx");
									asm("movups xmm0, [ecx+0x40]");
									asm("movups xmm1, [ecx+0x50]");
									asm("inc ecx");
									asm("inc ecx");
									asm("movups xmm0, [ecx+0x60]");
									asm("movups xmm1, [ecx+0x70]");
									asm("inc ecx");
									_t284 = _t289 + _t282;
									_t239 = _t71 + _t289;
									asm("inc ecx");
									_t217 =  *((intOrPtr*)(_t239 + 0x70));
									asm("movups xmm0, [ecx]");
									asm("movups xmm1, [ecx+0x10]");
									asm("inc ecx");
									asm("movups xmm0, [ecx+0x20]");
									asm("inc ecx");
									asm("movups xmm1, [ecx+0x30]");
									asm("inc ecx");
									asm("movups xmm0, [ecx+0x40]");
									asm("inc ecx");
									asm("movups xmm1, [ecx+0x50]");
									asm("inc ecx");
									asm("movups xmm0, [ecx+0x60]");
									asm("inc ecx");
									asm("inc ecx");
									 *((long long*)(_t284 + 0x70)) =  *((intOrPtr*)(_t239 + 0x70));
									 *((intOrPtr*)(_t284 + 0x78)) =  *((intOrPtr*)(_t239 + 0x78));
									 *((short*)(_t284 + 0x7c)) =  *(_t239 + 0x7c) & 0x0000ffff;
									asm("inc ecx");
									asm("inc ecx");
									asm("inc ecx");
									asm("inc ecx");
									asm("inc ecx");
									asm("inc ecx");
									asm("inc ecx");
									asm("inc ecx");
									asm("inc ecx");
									asm("inc ecx");
									asm("inc ecx");
									asm("inc ecx");
									asm("inc ecx");
									asm("repne inc ecx");
									asm("inc ecx");
									asm("repne inc ecx");
									 *((intOrPtr*)(_t285 + 0x78)) =  *((intOrPtr*)(_t285 + 0x178));
									 *((short*)(_t285 + 0x7c)) =  *(_t285 + 0x17c) & 0x0000ffff;
									 *((char*)(_t285 + 0x7e)) =  *((intOrPtr*)(_t285 + 0x17e));
									asm("movups xmm0, [ebp+0x100]");
									asm("movups xmm1, [ebp+0x110]");
									asm("movups [ebp], xmm0");
									asm("movups xmm0, [ebp+0x120]");
									asm("movups [ebp+0x10], xmm1");
									asm("movups xmm1, [ebp+0x130]");
									asm("movups [ebp+0x20], xmm0");
									asm("movups xmm0, [ebp+0x140]");
									asm("movups [ebp+0x30], xmm1");
									asm("movups xmm1, [ebp+0x150]");
									asm("movups [ebp+0x40], xmm0");
									asm("movups xmm0, [ebp+0x160]");
									asm("movups [ebp+0x50], xmm1");
									asm("movsd xmm1, [ebp+0x170]");
									asm("movups [ebp+0x60], xmm0");
									asm("movsd [ebp+0x70], xmm1");
									 *((intOrPtr*)(_t267 + 0x78)) =  *((intOrPtr*)(_t267 + 0x178));
									 *((short*)(_t267 + 0x7c)) =  *(_t267 + 0x17c) & 0x0000ffff;
									_t154 =  *((intOrPtr*)(_t267 + 0x17e));
									 *(_t267 + 0x7e) = _t154;
									if( *(_t263 + 0x100) != 0) {
										asm("lock xadd [ecx], eax");
										if((_t154 | 0xffffffff) == _t183) {
											E02971650(_t217,  *((intOrPtr*)(_t263 + 0x108)) - 0xfe);
											E02971650(_t217,  *((intOrPtr*)(_t263 + 0x110)) - _t289);
											E02971650(_t217,  *((intOrPtr*)(_t263 + 0x118)) - _t289);
											E02971650(_t217,  *(_t263 + 0x100));
										}
									}
									_t218 =  *(_t270 + 0x58);
									 *_t218 = _t183;
									 *(_t263 + 0x100) = _t218;
									 *_t263 =  *(_t270 + 0x60);
									 *((long long*)(_t263 + 0x108)) =  *(_t270 + 0x68);
									_t100 = _t285 + 0x80; // 0x80
									 *((long long*)(_t263 + 0x110)) = _t100;
									_t102 = _t267 + 0x80; // 0x80
									_t212 = _t102;
									 *((long long*)(_t263 + 0x118)) = _t102;
									 *(_t263 + 8) =  *(_t270 + 0x50);
									L39:
									E02971650(_t212, _t280);
									_t119 = _t167;
									goto L43;
								}
								if( *_t289 != 0xfde9) {
									_t259 = _t270 + 0x86;
									__eflags =  *((intOrPtr*)(_t270 + 0x86)) - _t167;
									if( *((intOrPtr*)(_t270 + 0x86)) == _t167) {
										goto L34;
									}
									r9d = 0x8000;
									while(1) {
										__eflags = _t259[1] - _t167;
										if(_t259[1] == _t167) {
											goto L34;
										}
										_t168 =  *_t259 & 0x000000ff;
										__eflags = _t168 - (_t259[1] & 0x000000ff);
										if(_t168 > (_t259[1] & 0x000000ff)) {
											L33:
											_t259 =  &(_t259[2]);
											__eflags =  *_t259 - _t167;
											if( *_t259 != _t167) {
												continue;
											}
											goto L34;
										} else {
											goto L32;
										}
										do {
											L32:
											_t222 = _t168;
											 *((intOrPtr*)(_t282 + 0x100 + _t222 * 2)) = r9w;
											 *(_t285 + 0x80 + _t222) = _t168;
											 *(_t267 + 0x80 + _t222) = _t168;
											_t168 = _t183 + _t168;
											__eflags = _t168 - (_t259[1] & 0x000000ff);
										} while (_t168 <= (_t259[1] & 0x000000ff));
										goto L33;
									}
									goto L34;
								}
								_t55 = _t267 + 0x142; // 0x142
								_t248 = _t55;
								_t261 = _t285 - _t267;
								_t56 = _t282 + 0x284; // 0x284
								_t274 = _t56;
								_t163 = 0xc2;
								r9d = 0x8000;
								do {
									 *_t274 = r9w;
									_t274 = _t274 + 2;
									 *((char*)(_t261 + _t248)) = _t163;
									 *_t248 = _t163;
									_t163 = _t163 + _t183;
									_t248 = _t248 + _t265;
								} while (_t163 < 0xf5);
								goto L34;
							}
							_t199 =  *_t289 - 0xfde9;
							if( *_t289 != 0xfde9) {
								_t249 = _t270 + 0x86;
								__eflags =  *((intOrPtr*)(_t270 + 0x86)) - _t167;
								if(__eflags == 0) {
									goto L20;
								} else {
									goto L16;
								}
								while(1) {
									L16:
									__eflags = _t249[1] - _t167;
									if(__eflags == 0) {
										goto L20;
									}
									_t178 =  *_t249 & 0x000000ff;
									__eflags = _t178 - (_t249[1] & 0x000000ff);
									if(_t178 > (_t249[1] & 0x000000ff)) {
										L19:
										_t249 =  &(_t249[2]);
										__eflags =  *_t249 - _t167;
										if(__eflags != 0) {
											continue;
										}
										goto L20;
									} else {
										goto L18;
									}
									do {
										L18:
										_t212 = _t178;
										_t178 = _t183 + _t178;
										 *((char*)(_t212 + _t280)) = 0x20;
										__eflags = _t178 - (_t249[1] & 0x000000ff);
									} while (_t178 <= (_t249[1] & 0x000000ff));
									goto L19;
								}
								goto L20;
							}
							_t19 = _t280 + 0x80; // 0x80
							r8d = 0x80;
							_t178 = 0x20;
							E02947430(_t138, _t168, 0x20, _t181, _t186, _t19, _t256, _t272);
							goto L20;
						}
					}
				}
				 *(_t270 + 0x20) = _t289;
				r9d = 0x1004;
				if(L02989C54(__ecx, 0, _t278 - 0x58, __rcx, __rsi, _t267, _t272, __r10, _t278, _t280, _t285, _t289) != 0) {
					goto L38;
				}
				goto L3;
			}

0x0297f594
0x0297f594
0x0297f594
0x0297f594
0x0297f594
0x0297f594
0x0297f594
0x0297f594
0x0297f594
0x0297f597
0x0297f59b
0x0297f59f
0x0297f5a4
0x0297f5a6
0x0297f5a8
0x0297f5ac
0x0297f5b3
0x0297f5ba
0x0297f5bd
0x0297f5c5
0x0297f5cc
0x0297f5ce
0x0297f5d2
0x0297f5d5
0x0297f5d9
0x0297f5dc
0x0297f5e1
0x0297f5e7
0x0297fb6a
0x0297fb6d
0x0297fb6f
0x0297fb6f
0x0297fb79
0x0297fb80
0x0297fb8f
0x0297fb96
0x0297fb9d
0x0297fba4
0x0297fbab
0x0297fbab
0x0297fbad
0x0297fbb0
0x0297fbe0
0x0297fbe0
0x0297f5ed
0x0297f5f1
0x0297f5f6
0x0297f5f6
0x0297f5fc
0x0297f61c
0x0297f621
0x0297f624
0x0297f62b
0x0297f630
0x0297f63a
0x0297f641
0x0297f648
0x0297f655
0x0297f65c
0x0297f669
0x0297f670
0x0297f680
0x0297f685
0x0297f687
0x0297f68a
0x0297f694
0x0297fb33
0x0297fb38
0x0297fb40
0x0297fb48
0x0297fb50
0x0297fb55
0x00000000
0x0297f6be
0x0297f6be
0x0297f6c1
0x0297f6c3
0x0297f6c3
0x0297f6c5
0x0297f6c8
0x0297f6ca
0x0297f6d1
0x0297f6d4
0x0297f6e4
0x00000000
0x0297f6f8
0x0297f6f8
0x0297f700
0x0297f706
0x0297f763
0x0297f766
0x0297f774
0x0297f779
0x0297f77d
0x0297f786
0x0297f78a
0x0297f78f
0x0297f791
0x0297f795
0x0297f795
0x0297f799
0x0297f79e
0x0297f7a0
0x00000000
0x00000000
0x0297f7a9
0x0297f7b7
0x0297f7bc
0x0297f7c0
0x0297f7c6
0x0297f7cf
0x0297f7d3
0x0297f7d8
0x0297f7da
0x0297f7de
0x0297f7e3
0x0297f7e5
0x00000000
0x00000000
0x0297f7ee
0x0297f7ee
0x0297f7f5
0x0297f7f9
0x0297f7ff
0x0297f806
0x0297f80d
0x0297f812
0x0297f81b
0x00000000
0x00000000
0x0297f821
0x0297f821
0x0297f828
0x0297f82b
0x0297f82f
0x0297f832
0x0297f839
0x0297f83f
0x0297f848
0x0297f8e5
0x0297f8e5
0x0297f8ec
0x0297f8f2
0x0297f8f5
0x0297f8f9
0x0297f8fe
0x0297f903
0x0297f907
0x0297f90b
0x0297f910
0x0297f915
0x0297f919
0x0297f91d
0x0297f922
0x0297f927
0x0297f92b
0x0297f92f
0x0297f934
0x0297f937
0x0297f93a
0x0297f93f
0x0297f943
0x0297f946
0x0297f94a
0x0297f94f
0x0297f953
0x0297f958
0x0297f95c
0x0297f961
0x0297f965
0x0297f96a
0x0297f96e
0x0297f973
0x0297f977
0x0297f97c
0x0297f981
0x0297f988
0x0297f990
0x0297f99c
0x0297f9a4
0x0297f9ac
0x0297f9b0
0x0297f9b8
0x0297f9bd
0x0297f9c5
0x0297f9ca
0x0297f9d2
0x0297f9d7
0x0297f9df
0x0297f9e4
0x0297f9ec
0x0297f9f1
0x0297f9fa
0x0297f9ff
0x0297fa05
0x0297fa11
0x0297fa1d
0x0297fa21
0x0297fa2e
0x0297fa35
0x0297fa39
0x0297fa40
0x0297fa44
0x0297fa4b
0x0297fa4f
0x0297fa56
0x0297fa5a
0x0297fa61
0x0297fa65
0x0297fa6c
0x0297fa70
0x0297fa78
0x0297fa7c
0x0297fa81
0x0297fa8b
0x0297fa8f
0x0297fa95
0x0297faa2
0x0297faa7
0x0297faad
0x0297fabd
0x0297facc
0x0297fadb
0x0297fae7
0x0297fae7
0x0297faad
0x0297faec
0x0297faf1
0x0297faf3
0x0297faff
0x0297fb07
0x0297fb0e
0x0297fb15
0x0297fb1c
0x0297fb1c
0x0297fb23
0x0297fb2e
0x0297fb57
0x0297fb5a
0x0297fb5f
0x00000000
0x0297fb5f
0x0297f855
0x0297f891
0x0297f899
0x0297f8a0
0x00000000
0x00000000
0x0297f8a2
0x0297f8a8
0x0297f8a8
0x0297f8ab
0x00000000
0x00000000
0x0297f8ad
0x0297f8b4
0x0297f8b6
0x0297f8dd
0x0297f8dd
0x0297f8e1
0x0297f8e3
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0297f8b8
0x0297f8b8
0x0297f8b8
0x0297f8bb
0x0297f8c4
0x0297f8cc
0x0297f8d3
0x0297f8d9
0x0297f8d9
0x00000000
0x0297f8b8
0x00000000
0x0297f8a8
0x0297f85a
0x0297f85a
0x0297f861
0x0297f864
0x0297f864
0x0297f86b
0x0297f870
0x0297f876
0x0297f876
0x0297f87a
0x0297f87e
0x0297f881
0x0297f883
0x0297f885
0x0297f888
0x00000000
0x0297f88f
0x0297f708
0x0297f70f
0x0297f728
0x0297f730
0x0297f737
0x00000000
0x00000000
0x00000000
0x00000000
0x0297f739
0x0297f739
0x0297f739
0x0297f73c
0x00000000
0x00000000
0x0297f73e
0x0297f745
0x0297f747
0x0297f75b
0x0297f75b
0x0297f75f
0x0297f761
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0297f749
0x0297f749
0x0297f749
0x0297f74c
0x0297f74e
0x0297f757
0x0297f757
0x00000000
0x0297f749
0x00000000
0x0297f739
0x0297f711
0x0297f719
0x0297f71f
0x0297f721
0x00000000
0x0297f721
0x0297f6e4
0x0297f694
0x0297f600
0x0297f605
0x0297f616
0x00000000
0x00000000
0x00000000

APIs

GetCPInfo.KERNEL32 ref: 0297F6DC

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: Info
String ID:
API String ID: 1807457897-0
Opcode ID: c6c33bea4c4076fac42db3c17c86f37ff0a702f2ecab0520c0efb14ea26b8a4c
Instruction ID: 74c99bd0443df6649ce73dca5b518d4f244217bb503d42b67ced4ae16245230b
Opcode Fuzzy Hash: c6c33bea4c4076fac42db3c17c86f37ff0a702f2ecab0520c0efb14ea26b8a4c
Instruction Fuzzy Hash: A4028932A08BC486D751CF38D4547EE77A8F798788F59922ADF8C97612EB34D285C700

Uniqueness

Uniqueness Score: -1.00%

Function 02984008 Relevance: 1.8, APIs: 1, Instructions: 336
COMMONCrypto

Download Yara Rule

C-Code - Quality: 80%

			E02984008(signed int __eax, void* __ecx, long long __rbx, long long __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r8, void* __r9, void* __r10, long long _a8, long long _a16, long long _a24) {
				void* _v40;
				signed int _v48;
				char _v56;
				long long _v72;
				void* __rbp;
				void* __r12;
				void* __r14;
				void* __r15;
				signed int _t113;
				void* _t115;
				void* _t117;
				signed int _t123;
				signed int _t124;
				signed int _t125;
				signed int _t126;
				signed int _t127;
				signed int _t128;
				signed int _t129;
				signed int _t130;
				signed int _t131;
				signed int _t132;
				signed int _t133;
				signed int _t134;
				signed int _t135;
				signed int _t136;
				signed int _t137;
				signed int _t138;
				signed int _t139;
				signed int _t140;
				signed int _t141;
				signed int _t142;
				intOrPtr _t177;
				int _t178;
				signed long long _t209;
				int* _t235;
				long long _t236;
				long long _t238;
				signed long long _t277;
				void* _t278;
				intOrPtr* _t280;
				long long _t285;
				void* _t287;
				void* _t288;
				int* _t313;
				void* _t314;
				void* _t315;
				void* _t316;
				signed long long _t318;
				void* _t319;
				intOrPtr* _t320;
				signed long long _t321;
				signed long long _t322;

				_t315 = __r10;
				_t314 = __r9;
				_t278 = __rdx;
				_t238 = __rcx;
				_t236 = __rbx;
				_t113 = __eax;
				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				_t287 = _t288;
				r15d = 0;
				_v56 = __rcx;
				_v48 = _v48 & _t322;
				_t285 = __rcx;
				if( *((intOrPtr*)(__rcx + 0x140)) != _t322 ||  *((intOrPtr*)(__rcx + 0x148)) != _t322) {
					r13d = 1;
					E02976E08(_t113, _t238, _t278);
					_t321 = _t209;
					_t115 = E02971650(_t209, _t238);
					if(_t321 != 0) {
						E02976E08(_t115, _t319, _t278);
						_t318 = _t209;
						_t113 = E02971650(_t209, _t319);
						if(_t318 != 0) {
							if( *((intOrPtr*)(_t285 + 0x140)) == _t322) {
								asm("movups xmm0, [eax]");
								asm("inc ecx");
								asm("movups xmm1, [eax+0x10]");
								asm("inc ecx");
								asm("movups xmm0, [eax+0x20]");
								asm("inc ecx");
								asm("movups xmm1, [eax+0x30]");
								asm("inc ecx");
								asm("movups xmm0, [eax+0x40]");
								asm("inc ecx");
								asm("movups xmm1, [eax+0x50]");
								asm("inc ecx");
								asm("movups xmm0, [eax+0x60]");
								asm("inc ecx");
								asm("movups xmm0, [eax+0x70]");
								asm("inc ecx");
								asm("movups xmm1, [eax+edx]");
								asm("inc ecx");
								 *((long long*)(_t321 + _t278 + 0x10)) =  *((intOrPtr*)(0x29a6ee0 + _t278 + 0x10));
								L25:
								 *_t321 =  *( *(_t285 + 0xf8));
								 *((long long*)(_t321 + 8)) =  *((intOrPtr*)( *(_t285 + 0xf8) + 8));
								 *((long long*)(_t321 + 0x10)) =  *((intOrPtr*)( *(_t285 + 0xf8) + 0x10));
								 *((long long*)(_t321 + 0x58)) =  *((intOrPtr*)( *(_t285 + 0xf8) + 0x58));
								 *((long long*)(_t321 + 0x60)) =  *((intOrPtr*)( *(_t285 + 0xf8) + 0x60));
								 *_t318 = r13d;
								if(_t322 != 0) {
									 *_t322 = r13d;
								}
								goto L27;
							}
							E02976E08(_t113, _t319, _t236);
							_t322 = _t209;
							E02971650(_t209, _t319);
							if(_t322 != 0) {
								_t283 =  *((intOrPtr*)(_t285 + 0x140));
								_t11 = _t321 + 0x18; // 0x18
								_v72 = _t11;
								r9d = 0x15;
								_t13 =  &_v56; // -15
								_t123 = L02989C54(0, r13d, _t13,  *((intOrPtr*)(_t285 + 0x140)), _t285, _t287,  *((intOrPtr*)(_t285 + 0x140)), _t315, _t316, _t318, _t321, _t322);
								_t14 = _t321 + 0x20; // 0x20
								r9d = 0x14;
								_v72 = _t14;
								_t16 =  &_v56; // -15
								_t124 = L02989C54(0, r13d, _t16, _t283, _t285, _t287, _t283, _t315, _t316, _t318, _t321, _t322);
								_t17 = _t321 + 0x28; // 0x28
								r9d = 0x16;
								_v72 = _t17;
								_t19 =  &_v56; // -15
								_t125 = L02989C54(0, r13d, _t19, _t283, _t285, _t287, _t283, _t315, _t316, _t318, _t321, _t322);
								_t20 =  &_v56; // -15
								_t21 = _t321 + 0x30; // 0x30
								r9d = 0x17;
								_v72 = _t21;
								_t126 = L02989C54(0, r13d, _t20, _t283, _t285, _t287, _t283, _t315, _t316, _t318, _t321, _t322);
								r9d = 0x18;
								_t23 = _t321 + 0x38; // 0x38
								_t320 = _t23;
								_v72 = _t320;
								_t25 =  &_v56; // -15
								_t127 = L02989C54(0, _t314 - 0x17, _t25, _t283, _t285, _t287, _t283, _t315, _t316, _t318, _t321, _t322);
								r9d = 0x50;
								_t27 =  &_v56; // -15
								_t28 = _t321 + 0x40; // 0x40
								_v72 = _t28;
								_t128 = L02989C54(0, _t314 - 0x4f, _t27, _t283, _t285, _t287, _t283, _t315, _t316, _t318, _t321, _t322);
								r9d = 0x51;
								_t31 =  &_v56; // -15
								_t32 = _t321 + 0x48; // 0x48
								_v72 = _t32;
								_t129 = L02989C54(0, _t314 - 0x50, _t31, _t283, _t285, _t287, _t283, _t315, _t316, _t318, _t321, _t322);
								_t35 =  &_v56; // -15
								_t36 = _t321 + 0x50; // 0x50
								r9d = 0x1a;
								_v72 = _t36;
								_t130 = L02989C54(0, 0, _t35, _t283, _t285, _t287, _t283, _t315, _t316, _t318, _t321, _t322);
								_t38 =  &_v56; // -15
								_t39 = _t321 + 0x51; // 0x51
								r9d = 0x19;
								_v72 = _t39;
								_t131 = L02989C54(0, 0, _t38, _t283, _t285, _t287, _t283, _t315, _t316, _t318, _t321, _t322);
								_t41 =  &_v56; // -15
								_t42 = _t321 + 0x52; // 0x52
								r9d = 0x54;
								_v72 = _t42;
								_t132 = L02989C54(0, 0, _t41, _t283, _t285, _t287, _t283, _t315, _t316, _t318, _t321, _t322);
								_t44 = _t321 + 0x53; // 0x53
								r9d = 0x55;
								_v72 = _t44;
								_t46 =  &_v56; // -15
								_t133 = L02989C54(0, 0, _t46, _t283, _t285, _t287, _t283, _t315, _t316, _t318, _t321, _t322);
								_t47 =  &_v56; // -15
								_t48 = _t321 + 0x54; // 0x54
								r9d = 0x56;
								_v72 = _t48;
								_t134 = L02989C54(0, 0, _t47, _t283, _t285, _t287, _t283, _t315, _t316, _t318, _t321, _t322);
								_t50 =  &_v56; // -15
								_t51 = _t321 + 0x55; // 0x55
								r9d = 0x57;
								_v72 = _t51;
								_t135 = L02989C54(0, 0, _t50, _t283, _t285, _t287, _t283, _t315, _t316, _t318, _t321, _t322);
								_t53 =  &_v56; // -15
								_t54 = _t321 + 0x56; // 0x56
								r9d = 0x52;
								_v72 = _t54;
								_t136 = L02989C54(0, 0, _t53, _t283, _t285, _t287, _t283, _t315, _t316, _t318, _t321, _t322);
								_t56 =  &_v56; // -15
								_t57 = _t321 + 0x57; // 0x57
								r9d = 0x53;
								_v72 = _t57;
								_t137 = L02989C54(0, 0, _t56, _t283, _t285, _t287, _t283, _t315, _t316, _t318, _t321, _t322);
								r9d = 0x15;
								_t59 =  &_v56; // -15
								_t60 = _t321 + 0x68; // 0x68
								_v72 = _t60;
								_t138 = L02989C54(0, _t314 - 0x13, _t59, _t283, _t285, _t287, _t283, _t315, _t316, _t318, _t321, _t322);
								r9d = 0x14;
								_t63 =  &_v56; // -15
								_t64 = _t321 + 0x70; // 0x70
								_v72 = _t64;
								_t139 = L02989C54(0, _t314 - 0x12, _t63, _t283, _t285, _t287, _t283, _t315, _t316, _t318, _t321, _t322);
								r9d = 0x16;
								_t67 =  &_v56; // -15
								_t68 = _t321 + 0x78; // 0x78
								_v72 = _t68;
								_t140 = L02989C54(0, _t314 - 0x14, _t67, _t283, _t285, _t287, _t283, _t315, _t316, _t318, _t321, _t322);
								r9d = 0x17;
								_t71 =  &_v56; // -15
								_t72 = _t321 + 0x80; // 0x80
								_v72 = _t72;
								_t141 = L02989C54(0, _t314 - 0x15, _t71, _t283, _t285, _t287, _t283, _t315, _t316, _t318, _t321, _t322);
								r9d = 0x50;
								_t75 =  &_v56; // -15
								_t76 = _t321 + 0x88; // 0x88
								_v72 = _t76;
								_t142 = L02989C54(0, _t314 - 0x4e, _t75, _t283, _t285, _t287, _t283, _t315, _t316, _t318, _t321, _t322);
								_t79 = _t321 + 0x90; // 0x90
								_t235 = _t79;
								r9d = 0x51;
								_v72 = _t235;
								_t81 =  &_v56; // -15
								if((L02989C54(0, _t314 - 0x4f, _t81, _t283, _t285, _t287, _t283, _t315, _t316, _t318, _t321, _t322) | _t123 | _t124 | _t125 | _t126 | _t127 | _t128 | _t129 | _t130 | _t131 | _t132 | _t133 | _t134 | _t135 | _t136 | _t137 | _t138 | _t139 | _t140 | _t141 | _t142) == 0) {
									_t280 =  *_t320;
									_t113 =  *_t280;
									if(_t113 == 0) {
										r13d = 1;
										goto L25;
									} else {
										goto L14;
									}
									do {
										L14:
										_t83 = _t235 - 0x30; // -48
										_t177 = _t83;
										if(_t177 > 9) {
											if(_t113 != 0x3b) {
												L16:
												r13d = 1;
												_t280 = _t280 + _t320;
												goto L17;
											}
											_t313 = _t280;
											do {
												_t235 = _t313 + 1;
												_t178 =  *_t235;
												 *_t313 = _t178;
												_t313 = _t235;
											} while (_t178 != 0);
											r13d = 1;
											goto L17;
										}
										 *_t280 = _t177;
										goto L16;
										L17:
										_t113 =  *_t280;
									} while (_t113 != 0);
									goto L25;
								}
								L02983EFC(_t321);
								E02971650(_t235, _t321);
								E02971650(_t235, _t318);
								E02971650(_t235, _t322);
								_t117 = 1;
								goto L33;
							}
							E02971650(_t209, _t321);
							_t277 = _t318;
							L7:
							E02971650(_t209, _t277);
							goto L4;
						}
						_t277 = _t321;
						goto L7;
					}
					L4:
					_t117 = r13d;
					goto L33;
				} else {
					r12d = 0;
					_t321 = 0x29a6ee0;
					L27:
					_t217 =  *(_t285 + 0xf0);
					if( *(_t285 + 0xf0) != 0) {
						asm("lock dec dword [eax]");
					}
					if( *(_t285 + 0xe0) != 0) {
						asm("lock xadd [ecx], eax");
						if((_t113 | 0xffffffff) == 1) {
							E02971650(_t217,  *(_t285 + 0xf8));
							E02971650(_t217,  *(_t285 + 0xe0));
						}
					}
					 *(_t285 + 0xf0) = _t322;
					_t117 = 0;
					 *(_t285 + 0xe0) = _t318;
					 *(_t285 + 0xf8) = _t321;
					L33:
					return _t117;
				}
			}

0x02984008
0x02984008
0x02984008
0x02984008
0x02984008
0x02984008
0x02984008
0x0298400d
0x02984012
0x02984020
0x02984027
0x0298402a
0x0298402e
0x02984032
0x0298403c
0x02984056
0x02984064
0x0298406b
0x0298406e
0x02984076
0x0298408a
0x02984091
0x02984094
0x0298409c
0x029840af
0x02984410
0x02984413
0x02984417
0x0298441b
0x02984420
0x02984424
0x02984429
0x0298442d
0x02984432
0x02984436
0x0298443b
0x0298443f
0x02984444
0x02984448
0x0298444d
0x02984451
0x02984457
0x0298445b
0x02984465
0x02984472
0x0298447c
0x0298448a
0x02984499
0x029844a8
0x029844b7
0x029844bb
0x029844c2
0x029844c4
0x029844c4
0x00000000
0x029844c2
0x029840bb
0x029840c2
0x029840c5
0x029840cd
0x029840dc
0x029840e3
0x029840ea
0x029840ef
0x029840f5
0x029840fc
0x02984101
0x02984105
0x0298410b
0x02984113
0x0298411c
0x02984121
0x02984125
0x0298412b
0x02984133
0x0298413c
0x02984143
0x02984147
0x0298414b
0x02984154
0x0298415c
0x02984161
0x02984167
0x02984167
0x0298416e
0x02984173
0x0298417d
0x02984182
0x02984188
0x02984191
0x02984195
0x0298419e
0x029841a3
0x029841a9
0x029841b2
0x029841b6
0x029841bf
0x029841c6
0x029841ca
0x029841ce
0x029841d7
0x029841de
0x029841e5
0x029841e9
0x029841ed
0x029841f6
0x029841fd
0x02984204
0x02984208
0x0298420c
0x02984215
0x0298421c
0x02984223
0x02984227
0x02984230
0x02984237
0x0298423b
0x02984242
0x02984246
0x0298424a
0x02984253
0x0298425a
0x02984261
0x02984265
0x02984269
0x02984272
0x02984279
0x02984280
0x02984284
0x02984288
0x02984291
0x02984298
0x0298429f
0x029842a3
0x029842a7
0x029842b0
0x029842b7
0x029842bc
0x029842c2
0x029842cb
0x029842cf
0x029842d8
0x029842dd
0x029842e3
0x029842ec
0x029842f0
0x029842f9
0x029842fe
0x02984304
0x0298430d
0x02984311
0x0298431a
0x0298431f
0x02984325
0x0298432e
0x02984335
0x0298433e
0x02984343
0x02984349
0x02984352
0x02984359
0x02984362
0x02984369
0x02984369
0x02984370
0x02984376
0x0298437e
0x0298438d
0x029843b9
0x029843bd
0x029843c1
0x0298446c
0x00000000
0x00000000
0x00000000
0x00000000
0x029843c7
0x029843c7
0x029843c7
0x029843c7
0x029843cd
0x029843e7
0x029843d1
0x029843d1
0x029843d7
0x00000000
0x029843d7
0x029843e9
0x029843ec
0x029843ec
0x029843f0
0x029843f2
0x029843f5
0x029843f8
0x029843fc
0x00000000
0x029843fc
0x029843cf
0x00000000
0x029843da
0x029843da
0x029843dc
0x00000000
0x029843e0
0x02984392
0x0298439a
0x029843a2
0x029843aa
0x029843af
0x00000000
0x029843af
0x029840d2
0x029840d7
0x029840a1
0x029840a1
0x00000000
0x029840a1
0x0298409e
0x00000000
0x0298409e
0x02984078
0x02984078
0x00000000
0x02984047
0x02984047
0x0298404a
0x029844c7
0x029844c7
0x029844d1
0x029844d3
0x029844d3
0x029844e0
0x029844e5
0x029844ec
0x029844f5
0x02984501
0x02984501
0x029844ec
0x02984506
0x0298450d
0x0298450f
0x02984516
0x0298451d
0x0298453a
0x0298453a

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09e1a70cab1140bc21df5f29ad84b1391a75d5a3a964b96c0b62d76ebe63aa44
Instruction ID: 3994925cce19de4e7d87850696dfdcfc61edbd78b84749cec90c9a7d19184a42
Opcode Fuzzy Hash: 09e1a70cab1140bc21df5f29ad84b1391a75d5a3a964b96c0b62d76ebe63aa44
Instruction Fuzzy Hash: 58D19332704B8186EB20EF61E4846EE37A9F798788F454A26CF9D57B55EF39C249C700

Uniqueness

Uniqueness Score: -1.00%

Function 0297A2F0 Relevance: 1.6, APIs: 1, Instructions: 148
COMMONCrypto

Download Yara Rule

C-Code - Quality: 67%

			E0297A2F0(long long __rbx, intOrPtr* __rcx, intOrPtr* __rdx, signed long long __rsi, signed int __r8, signed long long* __r9) {
				void* __rdi;
				void* __r15;
				void* _t98;
				signed long long _t100;
				signed char _t101;
				signed long long _t104;
				signed long long _t105;
				signed long long _t106;
				signed long long _t108;
				signed long long _t109;
				signed long long _t110;
				signed long long _t112;
				signed long long _t118;
				signed long long _t121;
				signed long long _t124;
				signed long long _t131;
				void* _t132;
				void* _t147;
				signed long long _t148;
				signed long long _t149;
				void* _t150;
				signed long long _t156;
				signed long long _t157;
				signed long long _t161;
				int* _t163;
				signed long long _t168;
				void* _t172;
				char* _t176;
				signed long long _t193;
				signed long long _t201;
				signed long long* _t205;
				signed long long _t208;
				signed long long _t209;
				signed long long _t212;
				signed long long _t213;
				signed long long _t214;
				void* _t215;
				signed long long _t218;
				void* _t219;
				void* _t220;
				signed long long _t221;
				signed int _t224;
				intOrPtr* _t225;
				intOrPtr* _t235;
				intOrPtr* _t236;
				signed long long _t240;
				signed long long _t241;
				signed long long _t245;
				signed long long _t247;
				signed long long _t248;
				signed long long _t250;
				signed long long _t253;
				signed long long _t256;

				_t224 = __r8;
				_t208 = __rsi;
				 *((long long*)(_t219 + 8)) = __rbx;
				 *(_t219 + 0x10) = _t212;
				 *((long long*)(_t219 + 0x18)) = __rsi;
				_t220 = _t219 - 0x30;
				_t213 = _t212 | 0xffffffff;
				_t205 = __r9;
				_t149 = 0;
				_t245 = __r8;
				_t240 = __rdx;
				_t235 = __rcx;
				do {
					_t213 = _t213 + 1;
				} while ( *((intOrPtr*)(__rcx + _t213 * 2)) != 0);
				_t214 = _t213 + 1;
				_t155 =  !__r8;
				if(_t214 <= _t155) {
					_t9 = _t224 + 1; // 0x1
					_t256 = _t9 + _t214;
					E02976E08(_t98, _t256, __rdx);
					_t161 = _t155;
					__eflags = _t245;
					if(_t245 == 0) {
						L7:
						_t256 = _t256 - _t245;
						_t168 = _t161 + _t245 * 2;
						_t193 = _t256;
						_t229 = _t214;
						_t225 = _t235;
						_t100 = E0298513C(2, _t155, _t161, _t168, _t193, _t225, _t214);
						__eflags = _t100;
						if(_t100 != 0) {
							goto L19;
						} else {
							_t188 = _t205[1];
							r15d = _t155 + 8;
							_t250 = _t205[2];
							__eflags = _t188 - _t250;
							if(_t188 != _t250) {
								L18:
								 *_t188 = _t161;
								_t205[1] = _t205[1] + _t256;
							} else {
								__eflags =  *_t205 - _t208;
								if( *_t205 != _t208) {
									_t155 = 0xffffffff;
									_t253 = _t250 -  *_t205 >> 3;
									__eflags = _t253 - 0xffffffff;
									if(_t253 > 0xffffffff) {
										goto L15;
									} else {
										_t189 =  *_t205;
										_t218 = _t253 + _t253;
										L0297D880(_t100, _t132, _t147, _t150, _t161,  *_t205, _t218, _t208, _t218, _t256, _t229);
										__eflags = 0xffffffff;
										if(0xffffffff != 0) {
											 *_t205 = 0xffffffff;
											_t205[1] = 0xffffffff + _t253 * 8;
											_t205[2] = 0xffffffff + _t218 * 8;
											__eflags = 0;
											E02971650(0xffffffff, 0xffffffff + _t218 * 8);
											_t188 = _t205[1];
											goto L18;
										} else {
											__eflags = 0;
											E02971650(0xffffffff, _t189);
											goto L15;
										}
									}
								} else {
									E02976E08(_t100, _t188, _t193);
									 *_t205 = _t155;
									E02971650(_t155, _t188);
									_t188 =  *_t205;
									__eflags = _t188;
									if(_t188 == 0) {
										L15:
										_t188 = _t161;
										E02971650(_t155, _t161);
										_t149 = 0xc;
									} else {
										_t155 = _t188 + 0x20;
										_t205[1] = _t188;
										_t205[2] = _t188 + 0x20;
										goto L18;
									}
								}
							}
							E02971650(_t155, _t188);
							_t124 = _t149;
							goto L4;
						}
					} else {
						_t229 = _t245;
						_t225 = __rdx;
						_t193 = _t256;
						_t168 = _t155;
						_t131 = E0298513C(2, _t155, _t161, _t168, _t193, __rdx, _t245);
						__eflags = _t131;
						if(_t131 != 0) {
							L19:
							r9d = 0;
							 *(_t220 + 0x20) = _t208;
							r8d = 0;
							E02970D9C();
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							 *(_t220 + 0x20) = _t161;
							_push(_t214);
							_push(_t208);
							_push(_t205);
							_push(_t235);
							_push(_t240);
							_push(_t245);
							_push(_t256);
							_t215 = _t220 - 0x230;
							_t221 = _t220 - 0x330;
							_t156 =  *0x29a61e8; // 0xc99624406909
							_t157 = _t156 ^ _t221;
							 *(_t215 + 0x220) = _t157;
							_t236 = _t225;
							_t209 = _t168;
							__eflags = _t193 - _t168;
							if(_t193 != _t168) {
								do {
									_t121 =  *_t193 - 0x2f;
									__eflags = _t121 - 0x2d;
									if(__eflags > 0) {
										goto L23;
									} else {
										_t157 = _t121;
										asm("dec eax");
										if(__eflags >= 0) {
											goto L23;
										}
									}
									goto L24;
									L23:
									E02989090(0, 0, _t157, 0x801, _t209, _t193, _t209, _t225);
									_t193 = _t157;
									__eflags = _t157 - _t209;
								} while (_t157 != _t209);
							}
							L24:
							r8b =  *_t193;
							__eflags = r8b - 0x3a;
							if(r8b != 0x3a) {
								L27:
								r8b = r8b - 0x2f;
								_t148 = 0;
								__eflags = r8b - 0x2d;
								if(__eflags > 0) {
									L29:
									_t101 = dil;
								} else {
									asm("dec eax");
									_t101 = 1;
									if(__eflags >= 0) {
										goto L29;
									}
								}
								 *(_t215 - 0x60) = _t205;
								 *(_t215 - 0x58) = _t205;
								 *(_t215 - 0x50) = _t205;
								 *(_t215 - 0x48) = _t205;
								asm("dec ebp");
								 *(_t215 - 0x40) = _t205;
								_t241 = _t240 & _t193 - _t209 + 0x00000001;
								 *((intOrPtr*)(_t215 - 0x38)) = dil;
								L029599C0( ~_t101, 0x801, _t221 + 0x30, _t193 - _t209 + 1, _t209);
								_t158 =  *((intOrPtr*)(_t221 + 0x38));
								r15d = 0xfde9;
								__eflags =  *((intOrPtr*)(_t158 + 0xc)) - r15d;
								if(__eflags != 0) {
									_t104 = L02977BB4(__eflags, _t158);
									__eflags = _t104;
									if(_t104 != 0) {
										__eflags =  *((intOrPtr*)(_t221 + 0x48)) - dil;
										if( *((intOrPtr*)(_t221 + 0x48)) != dil) {
											_t158 =  *((intOrPtr*)(_t221 + 0x30));
											_t53 = _t158 + 0x3a8;
											 *_t53 =  *(_t158 + 0x3a8) & 0xfffffffd;
											__eflags =  *_t53;
										}
										r8d = _t148;
									} else {
										__eflags =  *((intOrPtr*)(_t221 + 0x48)) - dil;
										if( *((intOrPtr*)(_t221 + 0x48)) != dil) {
											_t158 =  *((intOrPtr*)(_t221 + 0x30));
											_t49 = _t158 + 0x3a8;
											 *_t49 =  *(_t158 + 0x3a8) & 0xfffffffd;
											__eflags =  *_t49;
										}
										r8d = 1;
									}
								} else {
									__eflags =  *((intOrPtr*)(_t221 + 0x48)) - dil;
									if( *((intOrPtr*)(_t221 + 0x48)) != dil) {
										_t158 =  *((intOrPtr*)(_t221 + 0x30));
										_t45 = _t158 + 0x3a8;
										 *_t45 =  *(_t158 + 0x3a8) & 0xfffffffd;
										__eflags =  *_t45;
									}
									r8d = r15d;
								}
								_t196 = _t215 - 0x60;
								_t105 = L0297988C(0, 0, 0x801, _t209, _t215 - 0x60, _t205, _t209, _t215, _t225, _t229);
								_t226 = _t215 - 0x30;
								__eflags = _t105;
								 *(_t221 + 0x28) = _t148;
								 *(_t221 + 0x20) = _t205;
								_t172 =  !=  ? _t205 :  *(_t215 - 0x50);
								r9d = 0;
								_t106 = FindFirstFileExW(??, ??, ??, ??, ??, ??);
								_t163 = _t158;
								__eflags = _t158 - 0xffffffff;
								if(_t158 != 0xffffffff) {
									_t247 =  *((intOrPtr*)(_t236 + 8)) -  *_t236;
									__eflags = _t247;
									_t248 = _t247 >> 3;
									do {
										 *(_t221 + 0x70) = _t205;
										 *(_t221 + 0x78) = _t205;
										 *(_t215 - 0x80) = _t205;
										 *(_t215 - 0x78) = _t205;
										 *(_t215 - 0x70) = _t205;
										 *((intOrPtr*)(_t215 - 0x68)) = dil;
										L029599C0(_t106, _t163, _t221 + 0x50, _t196, _t209);
										_t158 =  *((intOrPtr*)(_t221 + 0x58));
										__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t221 + 0x58)) + 0xc)) - r15d;
										if(__eflags != 0) {
											_t108 = L02977BB4(__eflags, _t158);
											__eflags = _t108;
											if(_t108 != 0) {
												__eflags =  *((intOrPtr*)(_t221 + 0x68)) - dil;
												if( *((intOrPtr*)(_t221 + 0x68)) != dil) {
													_t158 =  *((intOrPtr*)(_t221 + 0x50));
													_t80 = _t158 + 0x3a8;
													 *_t80 =  *(_t158 + 0x3a8) & 0xfffffffd;
													__eflags =  *_t80;
												}
												r8d = _t148;
											} else {
												__eflags =  *((intOrPtr*)(_t221 + 0x68)) - dil;
												if( *((intOrPtr*)(_t221 + 0x68)) != dil) {
													_t158 =  *((intOrPtr*)(_t221 + 0x50));
													_t76 = _t158 + 0x3a8;
													 *_t76 =  *(_t158 + 0x3a8) & 0xfffffffd;
													__eflags =  *_t76;
												}
												r8d = 1;
											}
										} else {
											__eflags =  *((intOrPtr*)(_t221 + 0x68)) - dil;
											if( *((intOrPtr*)(_t221 + 0x68)) != dil) {
												_t158 =  *((intOrPtr*)(_t221 + 0x50));
												_t72 = _t158 + 0x3a8;
												 *_t72 =  *(_t158 + 0x3a8) & 0xfffffffd;
												__eflags =  *_t72;
											}
											r8d = r15d;
										}
										_t109 = L02979A04(0, 0, _t163, _t215 - 4, _t221 + 0x70, _t205, _t209, _t215, _t226);
										_t257 =  *(_t215 - 0x80);
										__eflags = _t109;
										_t176 =  !=  ? _t205 :  *(_t215 - 0x80);
										__eflags =  *_t176 - 0x2e;
										if( *_t176 != 0x2e) {
											L59:
											_t226 = _t241;
											_t110 = L0297A168(_t163, _t176, _t209, _t209, _t241, _t236);
											_t148 = _t110;
											__eflags = _t110;
											if(_t110 != 0) {
												__eflags =  *((char*)(_t215 - 0x68));
												if( *((char*)(_t215 - 0x68)) != 0) {
													E02971650(_t158, _t257);
												}
											} else {
												_t148 = 0;
												__eflags = 0;
												goto L61;
											}
										} else {
											_t118 =  *((intOrPtr*)(_t176 + 1));
											__eflags = _t118;
											if(_t118 == 0) {
												goto L61;
											} else {
												__eflags = _t118 - 0x2e;
												if(_t118 != 0x2e) {
													goto L59;
												} else {
													__eflags =  *((intOrPtr*)(_t176 + 2)) - dil;
													if( *((intOrPtr*)(_t176 + 2)) == dil) {
														goto L61;
													} else {
														goto L59;
													}
												}
											}
										}
										L68:
										FindClose();
										goto L69;
										L61:
										__eflags =  *((intOrPtr*)(_t215 - 0x68)) - dil;
										if( *((intOrPtr*)(_t215 - 0x68)) != dil) {
											E02971650(_t158, _t257);
										}
										_t196 = _t215 - 0x30;
										_t106 = FindNextFileW(??, ??);
										r15d = 0xfde9;
										__eflags = _t106;
									} while (_t106 != 0);
									_t158 =  *_t236;
									_t201 =  *((intOrPtr*)(_t236 + 8)) -  *_t236 >> 3;
									__eflags = _t248 - _t201;
									if(_t248 != _t201) {
										r8d = 8;
										E029886B0(0, 0, _t163, _t158 + _t248 * 8, _t201 - _t248, _t205, _t209, _t215, _t226, 0x2979570, _t257);
									}
									goto L68;
								} else {
									r8d = 0;
									_t148 = L0297A168(_t163, _t209, _t196, _t209, _t226, _t236);
								}
								L69:
								__eflags =  *((char*)(_t215 - 0x38));
								if( *((char*)(_t215 - 0x38)) != 0) {
									E02971650(_t158,  *(_t215 - 0x50));
								}
								_t112 = _t148;
							} else {
								_t158 = _t209 + 1;
								__eflags = _t193 - _t209 + 1;
								if(_t193 == _t209 + 1) {
									goto L27;
								} else {
									r8d = 0;
									_t112 = L0297A168(0x801, _t209, _t193, _t209, _t225, _t236);
								}
							}
							__eflags =  *(_t215 + 0x220) ^ _t221;
							return L029438C0(_t112, 0, _t158,  *(_t215 + 0x220) ^ _t221);
						} else {
							goto L7;
						}
					}
				} else {
					_t124 = 0xc;
					L4:
					return _t124;
				}
			}

0x0297a2f0
0x0297a2f0
0x0297a2f0
0x0297a2f5
0x0297a2fa
0x0297a308
0x0297a30c
0x0297a310
0x0297a313
0x0297a315
0x0297a318
0x0297a31b
0x0297a31e
0x0297a31e
0x0297a321
0x0297a32a
0x0297a32d
0x0297a333
0x0297a357
0x0297a360
0x0297a366
0x0297a36b
0x0297a36e
0x0297a371
0x0297a38c
0x0297a38c
0x0297a38f
0x0297a393
0x0297a396
0x0297a399
0x0297a39c
0x0297a3a1
0x0297a3a3
0x00000000
0x0297a3a9
0x0297a3a9
0x0297a3ad
0x0297a3b1
0x0297a3b5
0x0297a3b8
0x0297a45b
0x0297a45b
0x0297a45e
0x0297a3be
0x0297a3be
0x0297a3c1
0x0297a3f1
0x0297a3fb
0x0297a3ff
0x0297a402
0x00000000
0x0297a404
0x0297a404
0x0297a407
0x0297a411
0x0297a416
0x0297a419
0x0297a441
0x0297a444
0x0297a44c
0x0297a450
0x0297a452
0x0297a457
0x00000000
0x0297a41b
0x0297a41b
0x0297a41d
0x00000000
0x0297a41d
0x0297a419
0x0297a3c3
0x0297a3c9
0x0297a3d0
0x0297a3d3
0x0297a3d8
0x0297a3db
0x0297a3de
0x0297a422
0x0297a422
0x0297a425
0x0297a42a
0x0297a3e0
0x0297a3e0
0x0297a3e4
0x0297a3e8
0x00000000
0x0297a3e8
0x0297a3de
0x0297a3c1
0x0297a431
0x0297a436
0x00000000
0x0297a436
0x0297a373
0x0297a373
0x0297a376
0x0297a379
0x0297a37c
0x0297a37f
0x0297a384
0x0297a386
0x0297a464
0x0297a464
0x0297a467
0x0297a46c
0x0297a473
0x0297a478
0x0297a479
0x0297a47a
0x0297a47b
0x0297a47c
0x0297a481
0x0297a482
0x0297a483
0x0297a484
0x0297a486
0x0297a488
0x0297a48a
0x0297a48c
0x0297a494
0x0297a49b
0x0297a4a2
0x0297a4a5
0x0297a4ac
0x0297a4af
0x0297a4bc
0x0297a4bf
0x0297a4c1
0x0297a4c3
0x0297a4c5
0x0297a4c7
0x00000000
0x0297a4c9
0x0297a4c9
0x0297a4cd
0x0297a4d1
0x00000000
0x00000000
0x0297a4d1
0x00000000
0x0297a4d3
0x0297a4d6
0x0297a4db
0x0297a4de
0x0297a4de
0x0297a4c1
0x0297a4e3
0x0297a4e3
0x0297a4e6
0x0297a4ea
0x0297a50a
0x0297a50a
0x0297a50e
0x0297a510
0x0297a514
0x0297a522
0x0297a522
0x0297a516
0x0297a51a
0x0297a51e
0x0297a520
0x00000000
0x00000000
0x0297a520
0x0297a528
0x0297a52f
0x0297a535
0x0297a53e
0x0297a542
0x0297a545
0x0297a549
0x0297a54c
0x0297a552
0x0297a557
0x0297a55c
0x0297a562
0x0297a566
0x0297a580
0x0297a585
0x0297a587
0x0297a5a4
0x0297a5a9
0x0297a5ab
0x0297a5b0
0x0297a5b0
0x0297a5b0
0x0297a5b0
0x0297a5b7
0x0297a589
0x0297a589
0x0297a58e
0x0297a590
0x0297a595
0x0297a595
0x0297a595
0x0297a595
0x0297a59c
0x0297a59c
0x0297a568
0x0297a568
0x0297a56d
0x0297a56f
0x0297a574
0x0297a574
0x0297a574
0x0297a574
0x0297a57b
0x0297a57b
0x0297a5ba
0x0297a5c1
0x0297a5ca
0x0297a5ce
0x0297a5d0
0x0297a5d4
0x0297a5d9
0x0297a5dd
0x0297a5e2
0x0297a5e8
0x0297a5eb
0x0297a5ef
0x0297a60d
0x0297a60d
0x0297a611
0x0297a615
0x0297a617
0x0297a621
0x0297a626
0x0297a62a
0x0297a62e
0x0297a632
0x0297a636
0x0297a63b
0x0297a640
0x0297a644
0x0297a65e
0x0297a663
0x0297a665
0x0297a682
0x0297a687
0x0297a689
0x0297a68e
0x0297a68e
0x0297a68e
0x0297a68e
0x0297a695
0x0297a667
0x0297a667
0x0297a66c
0x0297a66e
0x0297a673
0x0297a673
0x0297a673
0x0297a673
0x0297a67a
0x0297a67a
0x0297a646
0x0297a646
0x0297a64b
0x0297a64d
0x0297a652
0x0297a652
0x0297a652
0x0297a652
0x0297a659
0x0297a659
0x0297a6a1
0x0297a6a6
0x0297a6aa
0x0297a6af
0x0297a6b3
0x0297a6b6
0x0297a6c9
0x0297a6cc
0x0297a6d2
0x0297a6d7
0x0297a6d9
0x0297a6db
0x0297a738
0x0297a73c
0x0297a741
0x0297a741
0x0297a6dd
0x0297a6dd
0x0297a6dd
0x00000000
0x0297a6dd
0x0297a6b8
0x0297a6b8
0x0297a6bb
0x0297a6bd
0x00000000
0x0297a6bf
0x0297a6bf
0x0297a6c1
0x00000000
0x0297a6c3
0x0297a6c3
0x0297a6c7
0x00000000
0x00000000
0x00000000
0x00000000
0x0297a6c7
0x0297a6c1
0x0297a6bd
0x0297a746
0x0297a749
0x00000000
0x0297a6df
0x0297a6df
0x0297a6e3
0x0297a6e8
0x0297a6e8
0x0297a6ed
0x0297a6f4
0x0297a6fa
0x0297a700
0x0297a700
0x0297a708
0x0297a714
0x0297a718
0x0297a71b
0x0297a72b
0x0297a731
0x0297a731
0x00000000
0x0297a5f1
0x0297a5f4
0x0297a601
0x0297a601
0x0297a74f
0x0297a74f
0x0297a753
0x0297a759
0x0297a759
0x0297a75e
0x0297a4ec
0x0297a4ec
0x0297a4f0
0x0297a4f3
0x00000000
0x0297a4f5
0x0297a4f8
0x0297a500
0x0297a500
0x0297a4f3
0x0297a767
0x0297a789
0x00000000
0x00000000
0x00000000
0x0297a386
0x0297a335
0x0297a335
0x0297a33a
0x0297a356
0x0297a356

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1284f6a6fb9bc54db87088cc1c85232fac4906337925ebc540ca461f05d8814e
Instruction ID: 8e75a253797320c7b3cc9c7905255743af058de383866904854842ba8ecfe8be
Opcode Fuzzy Hash: 1284f6a6fb9bc54db87088cc1c85232fac4906337925ebc540ca461f05d8814e
Instruction Fuzzy Hash: 36510522714B9089EB20DFB6ED0469E7BA9F784BE8F544219DE9847F98DF38C141CB00

Uniqueness

Uniqueness Score: -1.00%

Function 029865C4 Relevance: 1.6, APIs: 1, Instructions: 70
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E029865C4(void* __ecx, signed int __edx, void* __esp, void* __eflags, long long __rbx, void* __rcx, void* __rdx, long long __rsi, void* __rbp, void* __r9, long long _a16, long long _a24) {
				void* _v8;
				signed int _v24;
				char _v264;
				signed int _t22;
				signed int _t23;
				signed int _t24;
				signed int _t30;
				signed int _t31;
				signed int _t32;
				signed int _t37;
				void* _t39;
				signed int _t40;
				signed long long _t45;
				signed long long _t46;
				void* _t48;
				signed int* _t57;
				signed long long _t59;
				void* _t62;

				_t67 = __r9;
				_t61 = __rbp;
				_t50 = __rcx;
				_t37 = __edx;
				_a16 = __rbx;
				_a24 = __rsi;
				_t63 = _t62 - 0x120;
				_t45 =  *0x29a61e8; // 0xc99624406909
				_t46 = _t45 ^ _t62 - 0x00000120;
				_v24 = _t46;
				_t48 = __rcx;
				L0297390C(__esp, _t46, __rcx, __rcx, __rdx, __rsi, __rbp, __r9);
				_t59 = _t46;
				L0297390C(__esp, _t46, _t48, _t50, __rdx, _t59, __rbp, __r9);
				_t57 =  *((intOrPtr*)(_t46 + 0x3a0));
				_t22 = E029866CC(_t48, __rdx);
				r9d = 0x78;
				_t36 = _t22;
				_t32 = _t22;
				asm("sbb edx, edx");
				_t39 = (_t37 & 0xfffff002) + 0x1001;
				_t23 = GetLocaleInfoW(??, ??, ??, ??);
				if(_t23 != 0) {
					_t52 =  *((intOrPtr*)(_t59 + 0x98));
					_t56 =  &_v264;
					_t24 = E02985294(_t39, _t46, _t48, _t52,  &_v264, _t59, __rbp,  &_v264);
					_t36 =  *(_t59 + 0xb0);
					__eflags = _t24;
					if(_t24 != 0) {
						__eflags = _t36;
						if(_t36 == 0) {
							__eflags =  *((intOrPtr*)(_t59 + 0xac)) - _t36;
							if( *((intOrPtr*)(_t59 + 0xac)) != _t36) {
								_t52 =  *((intOrPtr*)(_t59 + 0x98));
								_t56 =  &_v264;
								_t30 = E02985294(_t39, _t46, _t48,  *((intOrPtr*)(_t59 + 0x98)),  &_v264, _t59, _t61,  &_v264);
								__eflags = _t30;
								if(_t30 == 0) {
									_t40 = 0;
									__eflags = 0;
									goto L9;
								}
							}
						}
					} else {
						__eflags = _t36;
						if(__eflags != 0) {
							L10:
							 *_t57 =  *_t57 | 0x00000004;
							__eflags =  *_t57;
							_t57[1] = _t32;
							_t57[2] = _t32;
						} else {
							_t40 = _t52 + 1;
							L9:
							_t36 = _t32;
							_t31 = E029867F0(_t32, _t40, __eflags, _t46, _t48, _t52, _t56, _t59, _t67);
							__eflags = _t31;
							if(_t31 != 0) {
								goto L10;
							}
						}
					}
					_t28 =  !( *_t57 >> 2) & 0x00000001;
					__eflags =  !( *_t57 >> 2) & 0x00000001;
				} else {
					 *_t57 =  *_t57 & _t23;
					_t28 = 1;
				}
				return L029438C0(_t28, _t36, _t46, _v24 ^ _t63);
			}

0x029865c4
0x029865c4
0x029865c4
0x029865c4
0x029865c4
0x029865c9
0x029865cf
0x029865d6
0x029865dd
0x029865e0
0x029865e8
0x029865eb
0x029865f0
0x029865f3
0x029865fb
0x02986602
0x02986614
0x0298661a
0x0298661c
0x0298661e
0x02986626
0x0298662c
0x02986634
0x0298663f
0x02986646
0x0298664b
0x02986650
0x02986656
0x02986658
0x02986663
0x02986665
0x02986667
0x0298666d
0x0298666f
0x02986676
0x0298667b
0x02986680
0x02986682
0x02986684
0x02986684
0x00000000
0x02986684
0x02986682
0x0298666d
0x0298665a
0x0298665a
0x0298665c
0x02986694
0x02986694
0x02986694
0x02986697
0x0298669a
0x0298665e
0x0298665e
0x02986686
0x02986689
0x0298668b
0x02986690
0x02986692
0x00000000
0x00000000
0x02986692
0x0298665c
0x029866a4
0x029866a4
0x02986636
0x02986636
0x02986638
0x02986638
0x029866cb

APIs

Part of subcall function 0297390C: GetLastError.KERNEL32(?,?,?,029599FF,?,?,?,0296DD17,?,?,?,?,?,?,?,0296E29F), ref: 0297391B
Part of subcall function 0297390C: SetLastError.KERNEL32(?,?,?,029599FF,?,?,?,0296DD17,?,?,?,?,?,?,?,0296E29F), ref: 029739B9

GetLocaleInfoW.KERNEL32 ref: 0298662C

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 4461d5dee6c5029eb3157990cae7706726a2998a57acb29e5ea25824267daa4b
Instruction ID: 69a30aa5ba9a4efcaf19c1fd317544944fe62158fc9a13aeb7d33db96c69128c
Opcode Fuzzy Hash: 4461d5dee6c5029eb3157990cae7706726a2998a57acb29e5ea25824267daa4b
Instruction Fuzzy Hash: E3218C72710AC186EB28EF26E5407AE73AAF789784F488139CB998B715DF38D555CB00

Uniqueness

Uniqueness Score: -1.00%

Function 029861E8 Relevance: 1.6, APIs: 1, Instructions: 61
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E029861E8(void* __ecx, void* __eflags, void* __rax, long long __rbx, signed int* __rcx, void* __rdx, signed int __r8, void* __r9, long long _a8) {
				signed int _t34;
				signed int _t35;
				signed char _t36;
				signed char _t42;
				void* _t44;
				void* _t55;
				intOrPtr _t56;
				intOrPtr _t57;
				signed int* _t59;
				signed short* _t63;
				intOrPtr* _t65;
				void* _t66;
				void* _t67;
				signed long long _t72;
				signed long long _t74;

				_t55 = __rax;
				_a8 = __rbx;
				_t59 = __rcx;
				L0297390C(_t44, __rax, __rcx, __rcx, __rdx, _t66, _t67, __r9);
				_t72 = __r8 | 0xffffffff;
				_t74 = _t72;
				_t2 = _t55 + 0x98; // 0x98
				_t65 = _t2;
				_t56 =  *_t65;
				do {
					_t74 = _t74 + 1;
				} while ( *((intOrPtr*)(_t56 + _t74 * 2)) != 0);
				 *(_t65 + 0x18) = 0 | _t74 == 0x00000003;
				_t57 =  *((intOrPtr*)(_t65 + 8));
				do {
					_t72 = _t72 + 1;
				} while ( *((intOrPtr*)(_t57 + _t72 * 2)) != 0);
				r8d = 2;
				 *(_t65 + 0x1c) = 0 | _t72 == 0x00000003;
				_t59[1] = 0;
				if( *(_t65 + 0x18) == 0) {
					_t63 =  *_t65;
					r10d = 0;
					while(1) {
						r9d =  *_t63 & 0x0000ffff;
						_t63 = _t63 + _t72;
						_t16 = _t74 - 0x41; // 0x58
						if(_t16 <= 0x19) {
							goto L8;
						}
						r9w = r9w - 0x61;
						if(r9w <= 0x19) {
							goto L8;
						}
						r8d = r10d;
						goto L10;
						L8:
						r10d = r10d + 1;
					}
				}
				L10:
				 *((intOrPtr*)(_t65 + 0x14)) = r8d;
				_t34 = EnumSystemLocalesW(??, ??);
				__eflags =  *_t59 & 0x00000007;
				asm("bt ecx, 0x9");
				_t35 = _t34 & 0xffffff00 | __eflags > 0x00000000;
				_t42 = (0 | __eflags != 0x00000000) & _t35;
				asm("bt ecx, 0x8");
				_t36 = _t35 & 0xffffff00 | __eflags > 0x00000000;
				__eflags = _t36 & _t42;
				if((_t36 & _t42) == 0) {
					 *_t59 = 0;
				}
				return _t36;
			}

0x029861e8
0x029861e8
0x029861f2
0x029861f5
0x029861fa
0x029861fe
0x02986203
0x02986203
0x0298620a
0x0298620d
0x0298620d
0x02986210
0x02986220
0x02986223
0x02986227
0x02986227
0x0298622a
0x02986237
0x02986240
0x02986243
0x02986249
0x0298624b
0x0298624e
0x02986251
0x02986251
0x02986255
0x02986258
0x02986260
0x00000000
0x00000000
0x02986262
0x0298626c
0x00000000
0x00000000
0x02986273
0x00000000
0x0298626e
0x0298626e
0x0298626e
0x02986251
0x02986276
0x02986276
0x02986286
0x0298628e
0x02986294
0x02986298
0x0298629b
0x0298629d
0x029862a1
0x029862a4
0x029862a6
0x029862a8
0x029862a8
0x029862b4

APIs

Part of subcall function 0297390C: GetLastError.KERNEL32(?,?,?,029599FF,?,?,?,0296DD17,?,?,?,?,?,?,?,0296E29F), ref: 0297391B
Part of subcall function 0297390C: SetLastError.KERNEL32(?,?,?,029599FF,?,?,?,0296DD17,?,?,?,?,?,?,?,0296E29F), ref: 029739B9

EnumSystemLocalesW.KERNEL32(?,?,?,02986A1F,?,00000001,?,00000000,?,00000000,?,02975D34), ref: 02986286

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 6d488668e6ff28c33ea5dabf8860efa0ae88d63a9650f66b0bb9d31cf80be045
Instruction ID: 19ee78f5369940f0c3d73d7e8eacfcbe87c428fe84a27b027cf998915f0bf5b0
Opcode Fuzzy Hash: 6d488668e6ff28c33ea5dabf8860efa0ae88d63a9650f66b0bb9d31cf80be045
Instruction Fuzzy Hash: 201108B3A14644CADF149F69D0447AC7B65F380FE4F488215CA6A8B390DB74C5D1CB41

Uniqueness

Uniqueness Score: -1.00%

Function 029867F0 Relevance: 1.6, APIs: 1, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 42%

			E029867F0(signed int __ecx, void* __edx, void* __eflags, void* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, void* __r9, intOrPtr _a8, long long _a16, long long _a24) {
				int _t13;
				void* _t14;
				signed int _t16;
				signed int _t19;
				signed int _t22;
				void* _t24;
				void* _t25;
				signed long long _t36;
				signed long long _t37;
				void* _t38;
				void* _t42;
				signed short* _t48;

				_t38 = __rdx;
				_a16 = __rbx;
				_a24 = __rsi;
				_t24 = __edx;
				_t16 = __ecx;
				L0297390C(_t25, __rax, __rbx, __rcx, __rdx, __rsi, _t42, __r9);
				_t19 = _t16 & 0x000003ff;
				r9d = 2;
				asm("bts ecx, 0xa");
				_t13 = GetLocaleInfoW(??, ??, ??, ??);
				r10d = 0;
				if(_t13 == 0) {
					L11:
					_t14 = 0;
				} else {
					if(_t16 == _a8 || _t24 == 0) {
						L10:
						_t14 = 1;
					} else {
						_t48 =  *((intOrPtr*)(__rax + 0x98));
						r8d = r10d;
						_t22 =  *_t48 & 0x0000ffff;
						_t36 =  &(_t48[1]);
						while(_t38 - 0x41 <= 0x19 || _t22 - 0x61 <= 0x19) {
							_t22 =  *_t36 & 0x0000ffff;
							r8d = r8d + 1;
							_t36 = _t36 + 2;
						}
						_t37 = _t36 | 0xffffffff;
						do {
							_t37 = _t37 + 1;
						} while (_t48[_t37] != r10w);
						if(r8d == _t19) {
							goto L11;
						} else {
							goto L10;
						}
					}
				}
				return _t14;
			}

0x029867f0
0x029867f0
0x029867f5
0x029867ff
0x02986801
0x02986803
0x0298680f
0x02986815
0x0298681b
0x02986827
0x0298682d
0x02986832
0x02986889
0x02986889
0x02986834
0x02986838
0x02986882
0x02986882
0x0298683e
0x0298683e
0x02986845
0x02986848
0x0298684c
0x02986850
0x02986863
0x02986866
0x02986869
0x02986869
0x0298686f
0x02986873
0x02986873
0x02986876
0x02986880
0x00000000
0x00000000
0x00000000
0x00000000
0x02986880
0x02986838
0x0298689a

APIs

Part of subcall function 0297390C: GetLastError.KERNEL32(?,?,?,029599FF,?,?,?,0296DD17,?,?,?,?,?,?,?,0296E29F), ref: 0297391B
Part of subcall function 0297390C: SetLastError.KERNEL32(?,?,?,029599FF,?,?,?,0296DD17,?,?,?,?,?,?,?,0296E29F), ref: 029739B9

GetLocaleInfoW.KERNEL32(?,?,?,02986575), ref: 02986827

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 00274245878bd0a173a5b651686d002a4403b7e99d013d3a8dccf5a8147f1a7b
Instruction ID: 98951f75703f566f5c1e8fb42f2760bbdca7acc6fb63c17b3fded0c73f61d0db
Opcode Fuzzy Hash: 00274245878bd0a173a5b651686d002a4403b7e99d013d3a8dccf5a8147f1a7b
Instruction Fuzzy Hash: B2012B3271465583DB28AB66E0547792369F780B64F18522AEB7E4B6C8DB35C4C1CF40

Uniqueness

Uniqueness Score: -1.00%

Function 0298E284 Relevance: 1.5, APIs: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E0298E284(void* __ebx, void* __ecx, void* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, long long __rbp, void* __r8, void* __r9, void* __r10, void* __r11, long long _a8, long long _a16, long long _a24) {
				void* __rdi;
				int _t7;
				void* _t8;
				void* _t10;
				void* _t19;
				void* _t24;
				void* _t26;
				void* _t31;
				void* _t35;

				_t32 = __rsi;
				_t28 = __rcx;
				_t24 = __rax;
				_t17 = __ecx;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t19 = r8d;
				_t35 = __rdx;
				_t26 = __rcx;
				_t7 = IsDebuggerPresent();
				sil = _t7 != 0;
				if(_t7 == 0) {
					L5:
					_t8 = E02979460(_t17);
					__eflags = _t8 - 2;
					if(_t8 != 2) {
						L11:
						_t10 = (sil & 0xffffffff) + 3;
						__eflags = _t10;
					} else {
						__eflags = E0297865C(_t17, _t24, _t26, _t32, _t35);
						if(__eflags == 0) {
							goto L11;
						} else {
							__eflags = E02978934(__eflags, _t26, _t28, _t32, _t35);
							if(__eflags != 0) {
								E02978888(__eflags, _t24);
								_t28 = _t24;
							} else {
								asm("bts edi, 0x15");
								__eflags = 0;
							}
							r9d = _t19;
							_t10 = E0297846C(__eflags, _t24, _t26, _t28, _t26, _t31, _t32, _t35, _t35);
						}
					}
				} else {
					if(__rcx != 0) {
						_t28 = __rcx;
						E0298F24C(__ecx, __rcx, __rcx, __rdx, __r8, __r10, __r11);
					}
					if(E029794F0(_t17) == 1) {
						goto L5;
					} else {
						_t10 = 4;
					}
				}
				return _t10;
			}

0x0298e284
0x0298e284
0x0298e284
0x0298e284
0x0298e284
0x0298e289
0x0298e28e
0x0298e298
0x0298e29b
0x0298e29e
0x0298e2a1
0x0298e2a9
0x0298e2af
0x0298e2cf
0x0298e2cf
0x0298e2d4
0x0298e2d7
0x0298e30b
0x0298e30f
0x0298e30f
0x0298e2d9
0x0298e2de
0x0298e2e0
0x00000000
0x0298e2e2
0x0298e2e7
0x0298e2e9
0x0298e301
0x0298e306
0x0298e2eb
0x0298e2eb
0x0298e2ef
0x0298e2ef
0x0298e2f7
0x0298e2fa
0x0298e2fa
0x0298e2e0
0x0298e2b1
0x0298e2b4
0x0298e2b6
0x0298e2b9
0x0298e2b9
0x0298e2c6
0x00000000
0x0298e2c8
0x0298e2c8
0x0298e2c8
0x0298e2c6
0x0298e326

APIs

IsDebuggerPresent.KERNEL32 ref: 0298E2A1

Part of subcall function 0298F24C: _Wcsftime.LIBCMT ref: 0298F2C0
Part of subcall function 0298F24C: OutputDebugStringW.KERNEL32(?,?,?,?,?,?,?,0298E2BE), ref: 0298F2CC

Part of subcall function 02978888: try_get_function.LIBVCRUNTIME ref: 029788A8
Part of subcall function 02978888: try_get_function.LIBVCRUNTIME ref: 029788DA

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: try_get_function$DebugDebuggerOutputPresentStringWcsftime
String ID:
API String ID: 3924213984-0
Opcode ID: 87815cadabda39c15ed7d8ef8360cf1d114c77fffff3a8634c1d68bc0e67054f
Instruction ID: 38e66756c4d984223e9db3deab9bbb8491e9e8471f91f26b752bed2c94c0b5df
Opcode Fuzzy Hash: 87815cadabda39c15ed7d8ef8360cf1d114c77fffff3a8634c1d68bc0e67054f
Instruction Fuzzy Hash: CF01D621208750C1EE34BB62B45836E6259FBC5BC4F4C4439FEC9D7709CF29C8419A52

Uniqueness

Uniqueness Score: -1.00%

Function 029862B8 Relevance: 1.5, APIs: 1, Instructions: 41
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E029862B8(void* __ecx, void* __eflags, void* __rax, long long __rbx, signed char* __rcx, void* __rdx, signed int __r8, long long _a8) {
				int _t16;
				intOrPtr _t19;
				void* _t22;
				signed char* _t32;
				signed char* _t34;
				signed short* _t37;
				void* _t38;
				void* _t39;
				signed long long _t44;
				void* _t45;
				void* _t46;

				_t34 = __rcx;
				_a8 = __rbx;
				_t32 = __rcx;
				L0297390C(_t22, __rax, __rcx, __rcx, __rdx, _t38, _t39, _t45);
				_t44 = __r8 | 0xffffffff;
				_t46 = __rax;
				_t37 =  *((intOrPtr*)(__rax + 0x98));
				do {
					_t44 = _t44 + 1;
				} while (_t37[_t44] != 0);
				_t19 = 2;
				_t6 = _t44 == 3;
				 *(__rax + 0xb0) = 0 | _t6;
				if(_t6 != 0) {
					r9d = 0;
					while(1) {
						r8d =  *_t37 & 0x0000ffff;
						_t37 = _t37 + _t34;
						if(_t44 - 0x41 <= 0x19) {
							goto L6;
						}
						r8w = r8w - 0x61;
						if(r8w <= 0x19) {
							goto L6;
						}
						_t19 = r9d;
						goto L8;
						L6:
						r9d = r9d + 1;
					}
				}
				L8:
				 *((intOrPtr*)(_t46 + 0xac)) = _t19;
				_t16 = EnumSystemLocalesW(??, ??);
				if(( *_t32 & 0x00000004) == 0) {
					 *_t32 = 0;
				}
				return _t16;
			}

0x029862b8
0x029862b8
0x029862c2
0x029862c5
0x029862ca
0x029862ce
0x029862d3
0x029862da
0x029862da
0x029862dd
0x029862ea
0x029862ef
0x029862f2
0x029862f9
0x029862fb
0x029862fe
0x029862fe
0x02986302
0x0298630d
0x00000000
0x00000000
0x0298630f
0x02986319
0x00000000
0x00000000
0x02986320
0x00000000
0x0298631b
0x0298631b
0x0298631b
0x029862fe
0x02986323
0x02986323
0x02986336
0x0298633f
0x02986341
0x02986341
0x0298634d

APIs

Part of subcall function 0297390C: GetLastError.KERNEL32(?,?,?,029599FF,?,?,?,0296DD17,?,?,?,?,?,?,?,0296E29F), ref: 0297391B
Part of subcall function 0297390C: SetLastError.KERNEL32(?,?,?,029599FF,?,?,?,0296DD17,?,?,?,?,?,?,?,0296E29F), ref: 029739B9

EnumSystemLocalesW.KERNEL32(?,?,?,029869DB,?,00000001,?,00000000,?,00000000,?,02975D34), ref: 02986336

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 09ee9f1f3c126b39bb00e0cc0899bceec5d0ceb43989d9e3cdd3434a15d80528
Instruction ID: bc30a11b0c6faaa71f743f40099a0cd9661188082ae3d70501b831ee253c52fa
Opcode Fuzzy Hash: 09ee9f1f3c126b39bb00e0cc0899bceec5d0ceb43989d9e3cdd3434a15d80528
Instruction Fuzzy Hash: 22012672B042848ADB105F5AF440BAD77AEE740BA5F498322D6758B3D8CB74C0C5CB00

Uniqueness

Uniqueness Score: -1.00%

Function 02976EB0 Relevance: 1.5, APIs: 1, Instructions: 32COMMON

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(?,?,00000000,02977D51,?,?,?,?,?,?,?,?,00000000,02985708), ref: 02976EFF

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 44095e9996225e5bb9837463751e697602707480eff20eb244a6a75597efc6e4
Instruction ID: 7e5a3b0ea482514e2760a29700002f54d02330fe173f4cc09c7ee5ce7684619e
Opcode Fuzzy Hash: 44095e9996225e5bb9837463751e697602707480eff20eb244a6a75597efc6e4
Instruction Fuzzy Hash: FAF06D72300B4483EB04DF69F8943A93366F798BD8F489126EA4983324CF3CC5A0C740

Uniqueness

Uniqueness Score: -1.00%

Function 02986164 Relevance: 1.5, APIs: 1, Instructions: 26
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E02986164(void* __eflags, void* __rax, long long __rbx, signed char* __rcx, signed int __rdx, long long _a8) {
				int _t15;
				void* _t18;
				intOrPtr _t25;
				signed char* _t27;
				signed long long _t32;
				void* _t33;
				void* _t34;
				void* _t39;

				_a8 = __rbx;
				_t27 = __rcx;
				L0297390C(_t18, __rax, __rcx, __rcx, __rdx, _t33, _t34, _t39);
				_t32 = __rdx | 0xffffffff;
				_t25 =  *((intOrPtr*)(__rax + 0xa0));
				do {
					_t32 = _t32 + 1;
				} while ( *((intOrPtr*)(_t25 + _t32 * 2)) != 0);
				 *(__rax + 0xb4) = 0 | _t32 == 0x00000003;
				_t15 = EnumSystemLocalesW(??, ??);
				if(( *_t27 & 0x00000004) == 0) {
					 *_t27 = 0;
				}
				return _t15;
			}

0x02986164
0x0298616e
0x02986171
0x02986176
0x0298617f
0x02986186
0x02986186
0x02986189
0x029861a4
0x029861ab
0x029861b4
0x029861b6
0x029861b6
0x029861c2

APIs

Part of subcall function 0297390C: GetLastError.KERNEL32(?,?,?,029599FF,?,?,?,0296DD17,?,?,?,?,?,?,?,0296E29F), ref: 0297391B
Part of subcall function 0297390C: SetLastError.KERNEL32(?,?,?,029599FF,?,?,?,0296DD17,?,?,?,?,?,?,?,0296E29F), ref: 029739B9

EnumSystemLocalesW.KERNEL32 ref: 029861AB

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 16ecb944e004c073bd00abe107e61edd6cf6953e88297a6cdd7c9b41940791f7
Instruction ID: 39da130f88d8479f422ae1be03c24db72caf13d5027a34548ad7464e4843ff63
Opcode Fuzzy Hash: 16ecb944e004c073bd00abe107e61edd6cf6953e88297a6cdd7c9b41940791f7
Instruction Fuzzy Hash: 44F0A76270078485DB105F6AE94036DBBB5E785BB0F48C311DB74873E5CB78C090C701

Uniqueness

Uniqueness Score: -1.00%

Function 02976FB4 Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32 ref: 02976FEE

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: dfb7c8cde88ed7482590a558c720d06b1a6bf1cd8ad44133f82f2c5d6fc61760
Instruction ID: 19d8d4802ef962ee3eb27acc7330d22327bd53edf1536fa53b93c84e85f7200d
Opcode Fuzzy Hash: dfb7c8cde88ed7482590a558c720d06b1a6bf1cd8ad44133f82f2c5d6fc61760
Instruction Fuzzy Hash: 8BE01AA5710B0481EB44DB59EC593693365B35DBE8F809016D90D87324DA3CC1959341

Uniqueness

Uniqueness Score: -1.00%

Function 02977038 Relevance: 1.5, APIs: 1, Instructions: 17COMMON

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32 ref: 0297706C

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 8c3e12fe1a0ed66a8ee15b9050c3f05edfafa52cf6a72ecb2ece8086fa3b5cf4
Instruction ID: d0a559289af2b508b98e6792e32e5017e902ad8f05ccca2fadae10d302b7e6fe
Opcode Fuzzy Hash: 8c3e12fe1a0ed66a8ee15b9050c3f05edfafa52cf6a72ecb2ece8086fa3b5cf4
Instruction Fuzzy Hash: A0E0C220A10B0181E7049B85FC6C3B42365F3ED769F841116EC0D47320DB3CC2999340

Uniqueness

Uniqueness Score: -1.00%

Function 029606A0 Relevance: 1.5, Strings: 1, Instructions: 210
COMMONCrypto

Download Yara Rule

C-Code - Quality: 64%

			E029606A0(void* __ebx, void* __edi, void* __esi, void* __esp, long long __rbx, void* __rcx, void* __rdx, long long __rsi, long long __rbp, void* __r8, void* __r9, void* __r10, void* __r11, void* __r12, void* __r13, char _a8, char _a10, long long _a16, long long _a24, long long _a32) {
				long long _v40;
				void* __rdi;
				void* __r15;
				intOrPtr _t69;
				void* _t70;
				signed int _t71;
				signed int _t79;
				void* _t96;
				unsigned int _t97;
				unsigned int _t100;
				unsigned int _t104;
				void* _t105;
				intOrPtr _t106;
				intOrPtr _t111;
				void* _t115;
				void* _t116;
				void* _t119;
				void* _t120;
				void* _t121;
				void* _t132;
				void* _t137;
				void* _t145;
				void* _t147;
				intOrPtr* _t150;
				void* _t153;
				void* _t154;
				void* _t163;
				void* _t164;
				void* _t165;
				intOrPtr* _t166;
				void* _t167;

				_t165 = __r13;
				_t164 = __r12;
				_t163 = __r11;
				_t162 = __r10;
				_t157 = __r9;
				_t156 = __r8;
				_t151 = __rbp;
				_t148 = __rsi;
				_t145 = __rdx;
				_t139 = __rcx;
				_t120 = __esp;
				_t115 = __esi;
				_t113 = __edi;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t154 = _t153 - 0x30;
				_t69 =  *((intOrPtr*)(__rcx + 0x41));
				_t137 = __rcx;
				r15d = 1;
				sil = 0x78;
				bpl = 0x58;
				r14b = 0x41;
				_t121 = _t69 - 0x64;
				if(_t121 > 0) {
					if(_t69 <= 0x67) {
						L33:
						_t70 = E02963394(_t96, _t105, _t113, _t116, _t120, _t137, _t139, _t148, _t151, _t156, _t157, _t162, _t164, _t165, _t167);
						L34:
						if(_t70 != 0) {
							if( *((intOrPtr*)(_t137 + 0x47c)) != 2 ||  *((intOrPtr*)(_t137 + 0x478)) != r15d) {
								if( *((char*)(_t137 + 0x40)) != 0) {
									goto L69;
								}
								_t97 =  *(_t137 + 0x30);
								_a8 = 0;
								_a10 = 0;
								if((r15b & _t97 >> 0x00000004) == 0) {
									L47:
									_t106 =  *((intOrPtr*)(_t137 + 0x41));
									if((_t106 - bpl & 0x000000df) != 0 || (r15b & _t97 >> 0x00000005) == 0) {
										r8b = 0;
									} else {
										r8b = r15b;
									}
									_t79 = _t106 - r14b & 0xffffff00 | (_t106 - r14b & 0x000000df) == 0x00000000;
									if(r8b != 0 || _t79 != 0) {
										 *((char*)(_t154 + _t147 + 0x50)) = 0x30;
										if(_t106 == bpl || _t106 == r14b) {
											sil = bpl;
										}
										 *((intOrPtr*)(_t154 + _t147 + 0x51)) = sil;
										_t147 = _t147 + 2;
									}
									_t119 =  *((intOrPtr*)(_t137 + 0x34)) -  *((intOrPtr*)(_t137 + 0x50));
									if((_t97 & 0x0000000c) == 0) {
										r8d = _t119;
										E02958E88(0x20, _t137, _t137 + 0x468, _t147, _t148, _t151, _t137 + 0x28);
									}
									_t166 = _t137 + 0x468;
									_t150 = _t137 + 0x28;
									if((r15b &  *( *_t166 + 0x14) >> 0x0000000c) == 0 ||  *((long long*)( *_t166 + 8)) != 0) {
										r8d = 0;
										_v40 = _t137 + 0x10;
										E0296A848(_t137, _t166,  &_a8, _t147, _t150, _t151, _t150);
									} else {
										 *_t150 =  *_t150;
									}
									_t100 =  *(_t137 + 0x30);
									if((r15b & _t100 >> 0x00000003) != 0 && (r15b & _t100 >> 0x00000002) == 0) {
										r8d = _t119;
										E02958E88(0x30, _t137, _t166, _t147, _t150, _t151, _t150);
									}
									L02969C08(_t137, _t137, _t150, _t151);
									if( *_t150 >= 0 && (r15b &  *(_t137 + 0x30) >> 0x00000002) != 0) {
										r8d = _t119;
										E02958E88(0x20, _t137, _t166, _t147, _t150, _t151, _t150);
									}
									goto L69;
								}
								if((r15b & _t97 >> 0x00000006) == 0) {
									if((r15b & _t97) == 0) {
										if((r15b & _t97 >> 0x00000001) == 0) {
											goto L47;
										}
										_a8 = 0x20;
										L46:
										_t147 = _t167;
										goto L47;
									}
									_a8 = 0x2b;
									goto L46;
								}
								_a8 = 0x2d;
								goto L46;
							} else {
								L69:
								_t71 = r15b;
								L70:
								return _t71;
							}
						}
						L35:
						_t71 = 0;
						goto L70;
					}
					if(_t69 == 0x69) {
						L29:
						 *(_t139 + 0x30) =  *(_t139 + 0x30) | 0x00000010;
						L30:
						_t111 = 0xa;
						L31:
						r8d = 0;
						L32:
						_t70 = E02965470(_t111, _t115, _t137, _t139, _t145, _t151);
						goto L34;
					}
					if(_t69 == 0x6e) {
						_t70 = E029669EC(_t105, __edi, _t132, __rcx, __rcx, __r9, __r10);
						goto L34;
					}
					if(_t69 == 0x6f) {
						_t104 =  *(__rcx + 0x30);
						if((r15b & _t104 >> 0x00000005) != 0) {
							asm("bts ecx, 0x7");
							 *(__rcx + 0x30) = _t104;
						}
						_t111 = 8;
						_t139 = _t137;
						goto L31;
					}
					if(_t69 == 0x70) {
						 *((intOrPtr*)(__rcx + 0x38)) = 0x10;
						 *((intOrPtr*)(__rcx + 0x3c)) = 0xb;
						L24:
						r8b = r15b;
						_t111 = 0x10;
						goto L32;
					}
					if(_t69 == 0x73) {
						L22:
						_t70 = E02967738(_t105, _t113, _t116, _t137, _t139, _t151, _t163);
						goto L34;
					}
					if(_t69 == 0x75) {
						goto L30;
					}
					if(_t69 != sil) {
						goto L35;
					}
					_t111 = 0x10;
					goto L31;
				}
				if(_t121 == 0) {
					goto L29;
				}
				if(_t69 == r14b) {
					goto L33;
				}
				if(_t69 == 0x43) {
					L11:
					_t70 = E0296497C(0, _t137, _t139, _t156, _t157, _t162);
					goto L34;
				}
				if(_t69 <= 0x44) {
					goto L35;
				}
				if(_t69 <= 0x47) {
					goto L33;
				}
				if(_t69 == 0x53) {
					goto L22;
				}
				if(_t69 == bpl) {
					goto L24;
				}
				if(_t69 == 0x5a) {
					_t70 = E02962940(__ebx, _t105, __rcx, __rcx, __r8, __r9, __r10);
					goto L34;
				}
				if(_t69 == 0x61) {
					goto L33;
				}
				if(_t69 != 0x63) {
					goto L35;
				}
				goto L11;
			}

0x029606a0
0x029606a0
0x029606a0
0x029606a0
0x029606a0
0x029606a0
0x029606a0
0x029606a0
0x029606a0
0x029606a0
0x029606a0
0x029606a0
0x029606a0
0x029606a0
0x029606a5
0x029606aa
0x029606b4
0x029606b8
0x029606bb
0x029606be
0x029606c4
0x029606c7
0x029606ca
0x029606cd
0x029606cf
0x02960729
0x029607a6
0x029607a6
0x029607ab
0x029607ad
0x029607bd
0x029607d0
0x00000000
0x00000000
0x029607d6
0x029607db
0x029607e2
0x029607ee
0x0296081e
0x0296081e
0x02960828
0x02960839
0x02960834
0x02960834
0x02960834
0x02960843
0x02960849
0x0296084f
0x02960857
0x0296085e
0x0296085e
0x02960861
0x02960866
0x02960866
0x02960870
0x02960875
0x0296087b
0x02960887
0x02960887
0x0296088c
0x02960896
0x029608a3
0x029608ba
0x029608bd
0x029608ca
0x029608af
0x029608af
0x029608af
0x029608cf
0x029608da
0x029608e7
0x029608ef
0x029608ef
0x029608f9
0x02960901
0x02960911
0x02960919
0x02960919
0x00000000
0x02960901
0x029607f8
0x02960804
0x02960814
0x00000000
0x00000000
0x02960816
0x0296081b
0x0296081b
0x00000000
0x0296081b
0x02960806
0x00000000
0x02960806
0x029607fa
0x00000000
0x0296091e
0x0296091e
0x0296091e
0x02960921
0x02960939
0x02960939
0x029607bd
0x029607af
0x029607af
0x00000000
0x029607af
0x0296072d
0x02960793
0x02960793
0x02960797
0x02960797
0x0296079c
0x0296079c
0x0296079f
0x0296079f
0x00000000
0x0296079f
0x02960731
0x0296078c
0x00000000
0x0296078c
0x02960735
0x0296076e
0x02960779
0x0296077b
0x0296077f
0x0296077f
0x02960782
0x02960787
0x00000000
0x02960787
0x02960739
0x02960756
0x0296075d
0x02960764
0x02960764
0x02960767
0x00000000
0x02960767
0x0296073d
0x0296074f
0x0296074f
0x00000000
0x0296074f
0x02960741
0x00000000
0x00000000
0x02960746
0x00000000
0x00000000
0x02960748
0x00000000
0x02960748
0x029606d1
0x00000000
0x00000000
0x029606da
0x00000000
0x00000000
0x029606e2
0x02960711
0x02960713
0x00000000
0x02960713
0x029606e6
0x00000000
0x00000000
0x029606ee
0x00000000
0x00000000
0x029606f6
0x00000000
0x00000000
0x029606fb
0x00000000
0x00000000
0x029606ff
0x0296071d
0x00000000
0x0296071d
0x02960703
0x00000000
0x00000000
0x0296070b
0x00000000
0x00000000
0x00000000

Strings

0, xrefs: 0296084F

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: fed5cb38d4f17acc3a44769b3007947e68306e30fb63a6ec3f444e3b7be67afd
Instruction ID: e195cd1f0c92c710ee48c77e9fb3b13eaec193333ecfd4dc1d0f608e70ea7ac2
Opcode Fuzzy Hash: fed5cb38d4f17acc3a44769b3007947e68306e30fb63a6ec3f444e3b7be67afd
Instruction Fuzzy Hash: 1A61EF2220438886DB39CA2995CC3BE67EAF781B8CF481516CE855775ACB36C487CF42

Uniqueness

Uniqueness Score: -1.00%

Function 0296216C Relevance: 1.5, Strings: 1, Instructions: 209
COMMONCrypto

Download Yara Rule

C-Code - Quality: 65%

			E0296216C(void* __ebx, unsigned int __ecx, void* __esp, long long __rbx, void* __rcx, void* __rdx, long long __rsi, long long __rbp, void* __r8, void* __r10, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				signed int _v48;
				short _v52;
				short _v56;
				long long _v72;
				void* __rdi;
				void* __r12;
				void* __r13;
				void* __r15;
				signed int _t71;
				void* _t72;
				signed int _t73;
				signed char _t77;
				signed short _t79;
				signed short _t80;
				signed int _t81;
				signed char _t84;
				void* _t85;
				signed char _t89;
				signed char _t91;
				signed char _t93;
				short _t94;
				signed char _t96;
				unsigned int _t99;
				void* _t100;
				signed short _t101;
				intOrPtr _t106;
				void* _t108;
				signed int _t110;
				signed short _t111;
				signed int _t114;
				void* _t115;
				void* _t116;
				signed long long _t128;
				void* _t131;
				void* _t141;
				signed int _t143;
				void* _t146;
				void* _t149;
				signed long long _t150;
				void* _t152;
				void* _t157;
				void* _t158;
				void* _t160;
				void* _t161;
				void* _t162;
				signed int _t163;

				_t157 = __r10;
				_t152 = __r8;
				_t147 = __rbp;
				_t144 = __rsi;
				_t141 = __rdx;
				_t133 = __rcx;
				_t115 = __esp;
				_t98 = __ecx;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t150 = _t149 - 0x40;
				_t128 =  *0x29a61e8; // 0xc99624406909
				_t129 = _t128 ^ _t150;
				_v48 = _t128 ^ _t150;
				_t71 =  *(__rcx + 0x42) & 0x0000ffff;
				_t110 = 0x78;
				_t131 = __rcx;
				_t6 = _t144 - 0x20; // 0x58
				_t111 = _t6;
				_t7 = _t144 - 0x77; // 0x1
				r15d = _t7;
				_t116 = _t71 - 0x64;
				if(_t116 > 0) {
					__eflags = _t71 - 0x67;
					if(_t71 <= 0x67) {
						L33:
						_t72 = E02964680(_t98, _t100, _t108, _t111, _t115, _t131, _t133, _t143, _t144, _t147, _t152, _t157, _t160, _t161, _t163);
						L34:
						if(_t72 != 0) {
							__eflags =  *((char*)(_t131 + 0x40));
							if( *((char*)(_t131 + 0x40)) != 0) {
								L64:
								_t73 = r15b;
								L65:
								return L029438C0(_t73, _t98, _t129, _v48 ^ _t150);
							}
							_t99 =  *(_t131 + 0x30);
							_v56 = 0;
							_v52 = 0;
							_t77 = _t99 >> 4;
							_t20 = _t143 + 0x20; // 0x20
							r13d = _t20;
							__eflags = r15b & _t77;
							if((r15b & _t77) == 0) {
								L46:
								_t101 =  *(_t131 + 0x42) & 0x0000ffff;
								r9d = 0xffdf;
								_t79 = (_t101 & 0x0000ffff) - _t111;
								__eflags = r9w & _t79;
								if((r9w & _t79) != 0) {
									L49:
									r8b = 0;
									__eflags = r8b;
									L50:
									_t80 = _t141 - 0x41;
									r12d = 0x30;
									__eflags = r9w & _t80;
									_t81 = _t80 & 0xffffff00 | (r9w & _t80) == 0x00000000;
									__eflags = r8b;
									if(r8b != 0) {
										L52:
										 *((intOrPtr*)(_t150 + 0x30 + _t143 * 2)) = r12w;
										__eflags = _t101 - _t111;
										if(_t101 == _t111) {
											L54:
											_t110 = _t111 & 0x0000ffff;
											L55:
											 *(_t150 + 0x32 + _t143 * 2) = _t110;
											__eflags = _t143;
											L56:
											_t162 = _t131 + 0x28;
											_t146 = _t131 + 0x468;
											_t114 =  *((intOrPtr*)(_t131 + 0x34)) -  *((intOrPtr*)(_t131 + 0x50));
											__eflags = _t99 & 0x0000000c;
											if((_t99 & 0x0000000c) == 0) {
												r8d = _t114;
												_t81 = E02959020(_t81, r13b, _t131, _t146, _t143, _t162, _t157);
											}
											_t129 = _t131 + 0x10;
											r8d = 0;
											_v72 = _t131 + 0x10;
											E0296A7A0(_t81, _t110, _t131, _t146, _t146, _t147, _t162);
											_t98 =  *(_t131 + 0x30);
											_t84 = _t98 >> 3;
											__eflags = r15b & _t84;
											if((r15b & _t84) != 0) {
												_t98 = _t98 >> 2;
												__eflags = r15b & _t98;
												if((r15b & _t98) == 0) {
													r8d = _t114;
													E02959020(_t84, r12b, _t131, _t146, _t143, _t162, _t157);
												}
											}
											_t85 = E0296A5C8(_t98, 0, _t131, _t131, _t146, _t147);
											_t154 = _t131 + 0x28;
											__eflags =  *(_t131 + 0x28);
											if( *(_t131 + 0x28) >= 0) {
												r10d =  *(_t131 + 0x30);
												r10d = r10d >> 2;
												__eflags = r15b & r10b;
												if((r15b & r10b) != 0) {
													r8d = _t114;
													E02959020(_t85, r13b, _t131, _t146, _t143, _t154, _t157);
												}
											}
											goto L64;
										}
										__eflags = _t101 - 0x41;
										if(_t101 != 0x41) {
											goto L55;
										}
										goto L54;
									}
									__eflags = _t81;
									if(_t81 == 0) {
										goto L56;
									}
									goto L52;
								}
								_t89 = _t99 >> 5;
								__eflags = r15b & _t89;
								if((r15b & _t89) == 0) {
									goto L49;
								}
								r8b = r15b;
								goto L50;
							}
							_t91 = _t99 >> 6;
							__eflags = r15b & _t91;
							if((r15b & _t91) == 0) {
								__eflags = r15b & _t99;
								if((r15b & _t99) == 0) {
									_t93 = _t99 >> 1;
									__eflags = r15b & _t93;
									if((r15b & _t93) == 0) {
										goto L46;
									}
									_v56 = r13w;
									L45:
									_t143 = _t163;
									goto L46;
								}
								_t94 = 0x2b;
								L40:
								_v56 = _t94;
								goto L45;
							}
							_t25 = _t143 + 0x2d; // 0x2d
							_t94 = _t25;
							goto L40;
						}
						L35:
						_t73 = 0;
						goto L65;
					}
					__eflags = _t71 - 0x69;
					if(_t71 == 0x69) {
						L29:
						_t14 = _t133 + 0x30;
						 *_t14 =  *(_t133 + 0x30) | 0x00000010;
						__eflags =  *_t14;
						L30:
						_t106 = 0xa;
						L31:
						r8d = 0;
						__eflags = r8d;
						L32:
						_t72 = E02966744(_t106, _t110, _t131, _t133, _t141, _t144, _t147);
						goto L34;
					}
					__eflags = _t71 - 0x6e;
					if(_t71 == 0x6e) {
						_t72 = E02967324(_t100, __rcx, __rcx, __rdx, __rsi);
						goto L34;
					}
					__eflags = _t71 - 0x6f;
					if(_t71 == 0x6f) {
						_t98 =  *(__rcx + 0x30);
						_t96 = _t98 >> 5;
						__eflags = r15b & _t96;
						if((r15b & _t96) != 0) {
							asm("bts ecx, 0x7");
							 *(__rcx + 0x30) = _t98;
						}
						_t106 = 8;
						_t133 = _t131;
						goto L31;
					}
					__eflags = _t71 - 0x70;
					if(_t71 == 0x70) {
						 *((intOrPtr*)(__rcx + 0x38)) = 0x10;
						 *((intOrPtr*)(__rcx + 0x3c)) = 0xb;
						L24:
						r8b = r15b;
						_t106 = 0x10;
						goto L32;
					}
					__eflags = _t71 - 0x73;
					if(_t71 == 0x73) {
						L22:
						_t72 = L02967EA0(_t111, _t131, _t133, _t144, _t147, _t158);
						goto L34;
					}
					__eflags = _t71 - 0x75;
					if(_t71 == 0x75) {
						goto L30;
					}
					__eflags = _t71 - 0x78;
					if(_t71 != 0x78) {
						goto L35;
					} else {
						_t106 = 0x10;
						goto L31;
					}
				}
				if(_t116 == 0) {
					goto L29;
				}
				if(_t71 == 0x41) {
					goto L33;
				}
				if(_t71 == 0x43) {
					L11:
					_t72 = E02965140(_t111, _t125, _t131, _t133, _t144, _t147);
					goto L34;
				}
				if(_t71 <= 0x44) {
					goto L35;
				}
				if(_t71 <= 0x47) {
					goto L33;
				}
				if(_t71 == 0x53) {
					goto L22;
				}
				if(_t71 == _t111) {
					goto L24;
				}
				if(_t71 == 0x5a) {
					_t72 = E0296315C(__ecx, __rcx, __rcx, __rsi);
					goto L34;
				}
				if(_t71 == 0x61) {
					goto L33;
				}
				_t125 = _t71 - 0x63;
				if(_t71 != 0x63) {
					goto L35;
				}
				goto L11;
			}

0x0296216c
0x0296216c
0x0296216c
0x0296216c
0x0296216c
0x0296216c
0x0296216c
0x0296216c
0x0296216c
0x02962171
0x02962176
0x02962184
0x02962188
0x0296218f
0x02962192
0x02962197
0x0296219b
0x029621a0
0x029621a3
0x029621a3
0x029621a6
0x029621a6
0x029621aa
0x029621ae
0x02962215
0x02962219
0x029622a6
0x029622a6
0x029622ab
0x029622ad
0x029622b6
0x029622ba
0x02962408
0x02962408
0x0296240b
0x02962435
0x02962435
0x029622c0
0x029622c5
0x029622cb
0x029622d2
0x029622d5
0x029622d5
0x029622d9
0x029622dc
0x02962310
0x02962310
0x02962314
0x0296231d
0x02962320
0x02962324
0x02962335
0x02962335
0x02962335
0x02962338
0x02962338
0x0296233b
0x02962341
0x02962345
0x02962348
0x0296234b
0x02962351
0x02962351
0x02962357
0x0296235a
0x02962362
0x02962362
0x02962365
0x02962365
0x0296236a
0x0296236e
0x02962371
0x02962378
0x0296237f
0x02962381
0x02962384
0x02962389
0x02962392
0x02962392
0x02962397
0x0296239e
0x029623a1
0x029623ae
0x029623b3
0x029623b8
0x029623bb
0x029623be
0x029623c0
0x029623c3
0x029623c6
0x029623cb
0x029623d4
0x029623d4
0x029623c6
0x029623de
0x029623e3
0x029623e7
0x029623eb
0x029623ed
0x029623f1
0x029623f5
0x029623f8
0x029623fa
0x02962403
0x02962403
0x029623f8
0x00000000
0x029623eb
0x0296235c
0x02962360
0x00000000
0x00000000
0x00000000
0x02962360
0x0296234d
0x0296234f
0x00000000
0x00000000
0x00000000
0x0296234f
0x02962328
0x0296232b
0x0296232e
0x00000000
0x00000000
0x02962330
0x00000000
0x02962330
0x029622e0
0x029622e3
0x029622e6
0x029622f2
0x029622f5
0x02962300
0x02962302
0x02962305
0x00000000
0x00000000
0x02962307
0x0296230d
0x0296230d
0x00000000
0x0296230d
0x029622f7
0x029622eb
0x029622eb
0x00000000
0x029622eb
0x029622e8
0x029622e8
0x00000000
0x029622e8
0x029622af
0x029622af
0x00000000
0x029622af
0x0296221f
0x02962223
0x02962293
0x02962293
0x02962293
0x02962293
0x02962297
0x02962297
0x0296229c
0x0296229c
0x0296229c
0x0296229f
0x0296229f
0x00000000
0x0296229f
0x02962225
0x02962229
0x0296228c
0x00000000
0x0296228c
0x0296222b
0x0296222f
0x0296226e
0x02962273
0x02962276
0x02962279
0x0296227b
0x0296227f
0x0296227f
0x02962282
0x02962287
0x00000000
0x02962287
0x02962231
0x02962235
0x02962256
0x0296225d
0x02962264
0x02962264
0x02962267
0x00000000
0x02962267
0x02962237
0x0296223b
0x0296224f
0x0296224f
0x00000000
0x0296224f
0x0296223d
0x02962241
0x00000000
0x00000000
0x02962243
0x02962246
0x00000000
0x02962248
0x02962248
0x00000000
0x02962248
0x02962246
0x029621b0
0x00000000
0x00000000
0x029621ba
0x00000000
0x00000000
0x029621c4
0x029621ff
0x02962201
0x00000000
0x02962201
0x029621ca
0x00000000
0x00000000
0x029621d4
0x00000000
0x00000000
0x029621de
0x00000000
0x00000000
0x029621e3
0x00000000
0x00000000
0x029621e9
0x0296220b
0x00000000
0x0296220b
0x029621ef
0x00000000
0x00000000
0x029621f5
0x029621f9
0x00000000
0x00000000
0x00000000

Strings

0, xrefs: 0296233B

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: 0
API String ID: 3215553584-4108050209
Opcode ID: 66bd15029b0126c6a95acb7655bf651076869e49ca3bf9a480cc9d7df132c66e
Instruction ID: f97beda0e8182b3433ecdeb38d17dd26a881cedd14aa491edd6324f8f2a8a93a
Opcode Fuzzy Hash: 66bd15029b0126c6a95acb7655bf651076869e49ca3bf9a480cc9d7df132c66e
Instruction Fuzzy Hash: BF610426F1424186DB2CDF2A904CBBE27E9F781B88F885526DE8657B5CCB39C483C745

Uniqueness

Uniqueness Score: -1.00%

Function 0296041C Relevance: 1.5, Strings: 1, Instructions: 206
COMMONCrypto

Download Yara Rule

C-Code - Quality: 62%

			E0296041C(void* __ebx, void* __esi, void* __esp, long long __rbx, void* __rcx, void* __rdx, long long __rsi, long long __rbp, void* __r8, void* __r10, void* __r11, void* __r12, void* __r13, char _a8, char _a10, long long _a16, long long _a24, long long _a32) {
				long long _v40;
				void* __rdi;
				void* __r15;
				intOrPtr _t67;
				void* _t68;
				signed int _t69;
				signed int _t77;
				void* _t94;
				unsigned int _t95;
				unsigned int _t98;
				unsigned int _t102;
				void* _t103;
				intOrPtr _t104;
				intOrPtr _t109;
				void* _t111;
				void* _t113;
				void* _t114;
				void* _t117;
				void* _t118;
				void* _t119;
				void* _t134;
				void* _t144;
				intOrPtr* _t147;
				void* _t150;
				void* _t151;
				void* _t153;
				void* _t158;
				void* _t159;
				void* _t160;
				void* _t161;
				intOrPtr* _t162;
				void* _t163;

				_t161 = __r13;
				_t160 = __r12;
				_t159 = __r11;
				_t158 = __r10;
				_t153 = __r8;
				_t148 = __rbp;
				_t145 = __rsi;
				_t142 = __rdx;
				_t136 = __rcx;
				_t118 = __esp;
				_t113 = __esi;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t151 = _t150 - 0x30;
				_t67 =  *((intOrPtr*)(__rcx + 0x41));
				_t134 = __rcx;
				r15d = 1;
				sil = 0x78;
				bpl = 0x58;
				r14b = 0x41;
				_t119 = _t67 - 0x64;
				if(_t119 > 0) {
					if(_t67 <= 0x67) {
						L33:
						_t68 = E029631D8(_t94, _t103, _t111, _t114, _t118, _t134, _t136, _t145, _t148, _t153, _t158, _t160, _t161, _t163);
						L34:
						if(_t68 != 0) {
							if( *((char*)(_t134 + 0x40)) != 0) {
								L67:
								_t69 = r15b;
								L68:
								return _t69;
							}
							_t95 =  *(_t134 + 0x30);
							_a8 = 0;
							_a10 = 0;
							if((r15b & _t95 >> 0x00000004) == 0) {
								L45:
								_t104 =  *((intOrPtr*)(_t134 + 0x41));
								if((_t104 - bpl & 0x000000df) != 0 || (r15b & _t95 >> 0x00000005) == 0) {
									r8b = 0;
								} else {
									r8b = r15b;
								}
								_t77 = _t104 - r14b & 0xffffff00 | (_t104 - r14b & 0x000000df) == 0x00000000;
								if(r8b != 0 || _t77 != 0) {
									 *((char*)(_t151 + _t144 + 0x50)) = 0x30;
									if(_t104 == bpl || _t104 == r14b) {
										sil = bpl;
									}
									 *((intOrPtr*)(_t151 + _t144 + 0x51)) = sil;
									_t144 = _t144 + 2;
								}
								_t117 =  *((intOrPtr*)(_t134 + 0x34)) -  *((intOrPtr*)(_t134 + 0x50));
								if((_t95 & 0x0000000c) == 0) {
									r8d = _t117;
									E02958E88(0x20, _t134, _t134 + 0x468, _t144, _t145, _t148, _t134 + 0x28);
								}
								_t162 = _t134 + 0x468;
								_t147 = _t134 + 0x28;
								if((r15b &  *( *_t162 + 0x14) >> 0x0000000c) == 0 ||  *((long long*)( *_t162 + 8)) != 0) {
									r8d = 0;
									_v40 = _t134 + 0x10;
									E0296A848(_t134, _t162,  &_a8, _t144, _t147, _t148, _t147);
								} else {
									 *_t147 =  *_t147;
								}
								_t98 =  *(_t134 + 0x30);
								if((r15b & _t98 >> 0x00000003) != 0 && (r15b & _t98 >> 0x00000002) == 0) {
									r8d = _t117;
									E02958E88(0x30, _t134, _t162, _t144, _t147, _t148, _t147);
								}
								E02969AE4(_t134, _t134, _t147, _t148);
								if( *_t147 >= 0 && (r15b &  *(_t134 + 0x30) >> 0x00000002) != 0) {
									r8d = _t117;
									E02958E88(0x20, _t134, _t162, _t144, _t147, _t148, _t147);
								}
								goto L67;
							}
							if((r15b & _t95 >> 0x00000006) == 0) {
								if((r15b & _t95) == 0) {
									if((r15b & _t95 >> 0x00000001) == 0) {
										goto L45;
									}
									_a8 = 0x20;
									L44:
									_t144 = _t163;
									goto L45;
								}
								_a8 = 0x2b;
								goto L44;
							}
							_a8 = 0x2d;
							goto L44;
						}
						L35:
						_t69 = 0;
						goto L68;
					}
					if(_t67 == 0x69) {
						L29:
						 *(_t136 + 0x30) =  *(_t136 + 0x30) | 0x00000010;
						L30:
						_t109 = 0xa;
						L31:
						r8d = 0;
						L32:
						_t68 = E029652A8(_t109, _t113, _t134, _t136, _t142, _t145, _t148);
						goto L34;
					}
					if(_t67 == 0x6e) {
						_t68 = E02966910(_t103, __rcx, __rcx, __rdx, __rsi);
						goto L34;
					}
					if(_t67 == 0x6f) {
						_t102 =  *(__rcx + 0x30);
						if((r15b & _t102 >> 0x00000005) != 0) {
							asm("bts ecx, 0x7");
							 *(__rcx + 0x30) = _t102;
						}
						_t109 = 8;
						_t136 = _t134;
						goto L31;
					}
					if(_t67 == 0x70) {
						 *((intOrPtr*)(__rcx + 0x38)) = 0x10;
						 *((intOrPtr*)(__rcx + 0x3c)) = 0xb;
						L24:
						r8b = r15b;
						_t109 = 0x10;
						goto L32;
					}
					if(_t67 == 0x73) {
						L22:
						_t68 = E029676A0(_t114, _t136, _t159);
						goto L34;
					}
					if(_t67 == 0x75) {
						goto L30;
					}
					if(_t67 != sil) {
						goto L35;
					}
					_t109 = 0x10;
					goto L31;
				}
				if(_t119 == 0) {
					goto L29;
				}
				if(_t67 == r14b) {
					goto L33;
				}
				if(_t67 == 0x43) {
					L11:
					_t68 = E029648C0(_t136);
					goto L34;
				}
				if(_t67 <= 0x44) {
					goto L35;
				}
				if(_t67 <= 0x47) {
					goto L33;
				}
				if(_t67 == 0x53) {
					goto L22;
				}
				if(_t67 == bpl) {
					goto L24;
				}
				if(_t67 == 0x5a) {
					_t68 = E029628C8(__rcx);
					goto L34;
				}
				if(_t67 == 0x61) {
					goto L33;
				}
				if(_t67 != 0x63) {
					goto L35;
				}
				goto L11;
			}

0x0296041c
0x0296041c
0x0296041c
0x0296041c
0x0296041c
0x0296041c
0x0296041c
0x0296041c
0x0296041c
0x0296041c
0x0296041c
0x0296041c
0x02960421
0x02960426
0x02960430
0x02960434
0x02960437
0x0296043a
0x02960440
0x02960443
0x02960446
0x02960449
0x0296044b
0x029604a5
0x02960522
0x02960522
0x02960527
0x02960529
0x02960536
0x02960684
0x02960684
0x02960687
0x0296069f
0x0296069f
0x0296053c
0x02960541
0x02960548
0x02960554
0x02960584
0x02960584
0x0296058e
0x0296059f
0x0296059a
0x0296059a
0x0296059a
0x029605a9
0x029605af
0x029605b5
0x029605bd
0x029605c4
0x029605c4
0x029605c7
0x029605cc
0x029605cc
0x029605d6
0x029605db
0x029605e1
0x029605ed
0x029605ed
0x029605f2
0x029605fc
0x02960609
0x02960620
0x02960623
0x02960630
0x02960615
0x02960615
0x02960615
0x02960635
0x02960640
0x0296064d
0x02960655
0x02960655
0x0296065f
0x02960667
0x02960677
0x0296067f
0x0296067f
0x00000000
0x02960667
0x0296055e
0x0296056a
0x0296057a
0x00000000
0x00000000
0x0296057c
0x02960581
0x02960581
0x00000000
0x02960581
0x0296056c
0x00000000
0x0296056c
0x02960560
0x00000000
0x02960560
0x0296052b
0x0296052b
0x00000000
0x0296052b
0x029604a9
0x0296050f
0x0296050f
0x02960513
0x02960513
0x02960518
0x02960518
0x0296051b
0x0296051b
0x00000000
0x0296051b
0x029604ad
0x02960508
0x00000000
0x02960508
0x029604b1
0x029604ea
0x029604f5
0x029604f7
0x029604fb
0x029604fb
0x029604fe
0x02960503
0x00000000
0x02960503
0x029604b5
0x029604d2
0x029604d9
0x029604e0
0x029604e0
0x029604e3
0x00000000
0x029604e3
0x029604b9
0x029604cb
0x029604cb
0x00000000
0x029604cb
0x029604bd
0x00000000
0x00000000
0x029604c2
0x00000000
0x00000000
0x029604c4
0x00000000
0x029604c4
0x0296044d
0x00000000
0x00000000
0x02960456
0x00000000
0x00000000
0x0296045e
0x0296048d
0x0296048f
0x00000000
0x0296048f
0x02960462
0x00000000
0x00000000
0x0296046a
0x00000000
0x00000000
0x02960472
0x00000000
0x00000000
0x02960477
0x00000000
0x00000000
0x0296047b
0x02960499
0x00000000
0x02960499
0x0296047f
0x00000000
0x00000000
0x02960487
0x00000000
0x00000000
0x00000000

Strings

0, xrefs: 029605B5

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: 0
API String ID: 3215553584-4108050209
Opcode ID: 57f1753b644ffbda7ff7c7d28321c39a08f9ccf84c32b47ced9489112601b017
Instruction ID: ed1f9673ff854e3175e0d2b28d5fb8be42a2493e1605578d40dc13b61bfb795e
Opcode Fuzzy Hash: 57f1753b644ffbda7ff7c7d28321c39a08f9ccf84c32b47ced9489112601b017
Instruction Fuzzy Hash: 4951256230478886DB38DA2A90CC3BE67DAF781B4CF481616CE8617759C775C447CB41

Uniqueness

Uniqueness Score: -1.00%

Function 0296093C Relevance: 1.5, Strings: 1, Instructions: 206
COMMONCrypto

Download Yara Rule

C-Code - Quality: 62%

			E0296093C(void* __ebx, void* __esi, void* __esp, long long __rbx, void* __rcx, void* __rdx, long long __rsi, long long __rbp, void* __r8, void* __r10, void* __r11, void* __r12, void* __r13, char _a8, char _a10, long long _a16, long long _a24, long long _a32) {
				long long _v40;
				void* __rdi;
				void* __r15;
				intOrPtr _t67;
				void* _t68;
				signed int _t69;
				signed int _t77;
				void* _t94;
				unsigned int _t95;
				unsigned int _t98;
				unsigned int _t102;
				void* _t103;
				intOrPtr _t104;
				intOrPtr _t109;
				void* _t111;
				void* _t113;
				void* _t114;
				void* _t117;
				void* _t118;
				void* _t119;
				void* _t134;
				void* _t144;
				intOrPtr* _t147;
				void* _t150;
				void* _t151;
				void* _t153;
				void* _t158;
				void* _t159;
				void* _t160;
				void* _t161;
				intOrPtr* _t162;
				void* _t163;

				_t161 = __r13;
				_t160 = __r12;
				_t159 = __r11;
				_t158 = __r10;
				_t153 = __r8;
				_t148 = __rbp;
				_t145 = __rsi;
				_t142 = __rdx;
				_t136 = __rcx;
				_t118 = __esp;
				_t113 = __esi;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t151 = _t150 - 0x30;
				_t67 =  *((intOrPtr*)(__rcx + 0x41));
				_t134 = __rcx;
				r15d = 1;
				sil = 0x78;
				bpl = 0x58;
				r14b = 0x41;
				_t119 = _t67 - 0x64;
				if(_t119 > 0) {
					if(_t67 <= 0x67) {
						L33:
						_t68 = E02963588(_t94, _t103, _t111, _t114, _t118, _t134, _t136, _t145, _t148, _t153, _t158, _t160, _t161, _t163);
						L34:
						if(_t68 != 0) {
							if( *((char*)(_t134 + 0x40)) != 0) {
								L67:
								_t69 = r15b;
								L68:
								return _t69;
							}
							_t95 =  *(_t134 + 0x30);
							_a8 = 0;
							_a10 = 0;
							if((r15b & _t95 >> 0x00000004) == 0) {
								L45:
								_t104 =  *((intOrPtr*)(_t134 + 0x41));
								if((_t104 - bpl & 0x000000df) != 0 || (r15b & _t95 >> 0x00000005) == 0) {
									r8b = 0;
								} else {
									r8b = r15b;
								}
								_t77 = _t104 - r14b & 0xffffff00 | (_t104 - r14b & 0x000000df) == 0x00000000;
								if(r8b != 0 || _t77 != 0) {
									 *((char*)(_t151 + _t144 + 0x50)) = 0x30;
									if(_t104 == bpl || _t104 == r14b) {
										sil = bpl;
									}
									 *((intOrPtr*)(_t151 + _t144 + 0x51)) = sil;
									_t144 = _t144 + 2;
								}
								_t117 =  *((intOrPtr*)(_t134 + 0x34)) -  *((intOrPtr*)(_t134 + 0x50));
								if((_t95 & 0x0000000c) == 0) {
									r8d = _t117;
									E02958E88(0x20, _t134, _t134 + 0x468, _t144, _t145, _t148, _t134 + 0x28);
								}
								_t162 = _t134 + 0x468;
								_t147 = _t134 + 0x28;
								if((r15b &  *( *_t162 + 0x14) >> 0x0000000c) == 0 ||  *((long long*)( *_t162 + 8)) != 0) {
									r8d = 0;
									_v40 = _t134 + 0x10;
									E0296A848(_t134, _t162,  &_a8, _t144, _t147, _t148, _t147);
								} else {
									 *_t147 =  *_t147;
								}
								_t98 =  *(_t134 + 0x30);
								if((r15b & _t98 >> 0x00000003) != 0 && (r15b & _t98 >> 0x00000002) == 0) {
									r8d = _t117;
									E02958E88(0x30, _t134, _t162, _t144, _t147, _t148, _t147);
								}
								L02969D2C(_t134, _t134, _t147, _t148);
								if( *_t147 >= 0 && (r15b &  *(_t134 + 0x30) >> 0x00000002) != 0) {
									r8d = _t117;
									E02958E88(0x20, _t134, _t162, _t144, _t147, _t148, _t147);
								}
								goto L67;
							}
							if((r15b & _t95 >> 0x00000006) == 0) {
								if((r15b & _t95) == 0) {
									if((r15b & _t95 >> 0x00000001) == 0) {
										goto L45;
									}
									_a8 = 0x20;
									L44:
									_t144 = _t163;
									goto L45;
								}
								_a8 = 0x2b;
								goto L44;
							}
							_a8 = 0x2d;
							goto L44;
						}
						L35:
						_t69 = 0;
						goto L68;
					}
					if(_t67 == 0x69) {
						L29:
						 *(_t136 + 0x30) =  *(_t136 + 0x30) | 0x00000010;
						L30:
						_t109 = 0xa;
						L31:
						r8d = 0;
						L32:
						_t68 = E02965674(_t109, _t113, _t134, _t136, _t142, _t145, _t148);
						goto L34;
					}
					if(_t67 == 0x6e) {
						_t68 = E02966AF0(_t103, __rcx, __rcx, __rdx, __rsi);
						goto L34;
					}
					if(_t67 == 0x6f) {
						_t102 =  *(__rcx + 0x30);
						if((r15b & _t102 >> 0x00000005) != 0) {
							asm("bts ecx, 0x7");
							 *(__rcx + 0x30) = _t102;
						}
						_t109 = 8;
						_t136 = _t134;
						goto L31;
					}
					if(_t67 == 0x70) {
						 *((intOrPtr*)(__rcx + 0x38)) = 0x10;
						 *((intOrPtr*)(__rcx + 0x3c)) = 0xb;
						L24:
						r8b = r15b;
						_t109 = 0x10;
						goto L32;
					}
					if(_t67 == 0x73) {
						L22:
						_t68 = E029677F0(_t114, _t136, _t159);
						goto L34;
					}
					if(_t67 == 0x75) {
						goto L30;
					}
					if(_t67 != sil) {
						goto L35;
					}
					_t109 = 0x10;
					goto L31;
				}
				if(_t119 == 0) {
					goto L29;
				}
				if(_t67 == r14b) {
					goto L33;
				}
				if(_t67 == 0x43) {
					L11:
					_t68 = E02964A7C(_t136);
					goto L34;
				}
				if(_t67 <= 0x44) {
					goto L35;
				}
				if(_t67 <= 0x47) {
					goto L33;
				}
				if(_t67 == 0x53) {
					goto L22;
				}
				if(_t67 == bpl) {
					goto L24;
				}
				if(_t67 == 0x5a) {
					_t68 = E02962A9C(__rcx);
					goto L34;
				}
				if(_t67 == 0x61) {
					goto L33;
				}
				if(_t67 != 0x63) {
					goto L35;
				}
				goto L11;
			}

0x0296093c
0x0296093c
0x0296093c
0x0296093c
0x0296093c
0x0296093c
0x0296093c
0x0296093c
0x0296093c
0x0296093c
0x0296093c
0x0296093c
0x02960941
0x02960946
0x02960950
0x02960954
0x02960957
0x0296095a
0x02960960
0x02960963
0x02960966
0x02960969
0x0296096b
0x029609c5
0x02960a42
0x02960a42
0x02960a47
0x02960a49
0x02960a56
0x02960ba4
0x02960ba4
0x02960ba7
0x02960bbf
0x02960bbf
0x02960a5c
0x02960a61
0x02960a68
0x02960a74
0x02960aa4
0x02960aa4
0x02960aae
0x02960abf
0x02960aba
0x02960aba
0x02960aba
0x02960ac9
0x02960acf
0x02960ad5
0x02960add
0x02960ae4
0x02960ae4
0x02960ae7
0x02960aec
0x02960aec
0x02960af6
0x02960afb
0x02960b01
0x02960b0d
0x02960b0d
0x02960b12
0x02960b1c
0x02960b29
0x02960b40
0x02960b43
0x02960b50
0x02960b35
0x02960b35
0x02960b35
0x02960b55
0x02960b60
0x02960b6d
0x02960b75
0x02960b75
0x02960b7f
0x02960b87
0x02960b97
0x02960b9f
0x02960b9f
0x00000000
0x02960b87
0x02960a7e
0x02960a8a
0x02960a9a
0x00000000
0x00000000
0x02960a9c
0x02960aa1
0x02960aa1
0x00000000
0x02960aa1
0x02960a8c
0x00000000
0x02960a8c
0x02960a80
0x00000000
0x02960a80
0x02960a4b
0x02960a4b
0x00000000
0x02960a4b
0x029609c9
0x02960a2f
0x02960a2f
0x02960a33
0x02960a33
0x02960a38
0x02960a38
0x02960a3b
0x02960a3b
0x00000000
0x02960a3b
0x029609cd
0x02960a28
0x00000000
0x02960a28
0x029609d1
0x02960a0a
0x02960a15
0x02960a17
0x02960a1b
0x02960a1b
0x02960a1e
0x02960a23
0x00000000
0x02960a23
0x029609d5
0x029609f2
0x029609f9
0x02960a00
0x02960a00
0x02960a03
0x00000000
0x02960a03
0x029609d9
0x029609eb
0x029609eb
0x00000000
0x029609eb
0x029609dd
0x00000000
0x00000000
0x029609e2
0x00000000
0x00000000
0x029609e4
0x00000000
0x029609e4
0x0296096d
0x00000000
0x00000000
0x02960976
0x00000000
0x00000000
0x0296097e
0x029609ad
0x029609af
0x00000000
0x029609af
0x02960982
0x00000000
0x00000000
0x0296098a
0x00000000
0x00000000
0x02960992
0x00000000
0x00000000
0x02960997
0x00000000
0x00000000
0x0296099b
0x029609b9
0x00000000
0x029609b9
0x0296099f
0x00000000
0x00000000
0x029609a7
0x00000000
0x00000000
0x00000000

Strings

0, xrefs: 02960AD5

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: 0
API String ID: 3215553584-4108050209
Opcode ID: 29892209911a2dd4a9a5e5f3035d1fbb52aa3c3877fe0a02d5e9ae2ee4643089
Instruction ID: 6a86f6f25eeeb4765b4781678899fbd55da103c477dc4b20e6d74f3c618d1796
Opcode Fuzzy Hash: 29892209911a2dd4a9a5e5f3035d1fbb52aa3c3877fe0a02d5e9ae2ee4643089
Instruction Fuzzy Hash: 1C51122621438586DF288E2990DC3BE6BEBF781B8CF88551ACE8557759CB77C447CB01

Uniqueness

Uniqueness Score: -1.00%

Function 02960E28 Relevance: 1.4, Strings: 1, Instructions: 200
COMMONCrypto

Download Yara Rule

C-Code - Quality: 71%

			E02960E28(void* __ebx, void* __edi, void* __ebp, void* __esp, long long __rbx, void* __rcx, long long __rsi, long long __rbp, void* __r8, void* __r9, void* __r10, void* __r11, void* __r12, void* __r13, char _a8, char _a10, long long _a16, long long _a24, long long _a32) {
				long long _v40;
				void* __rdi;
				void* __r15;
				intOrPtr _t63;
				void* _t64;
				signed int _t65;
				signed int _t73;
				void* _t77;
				void* _t89;
				unsigned int _t90;
				signed char _t91;
				unsigned int _t92;
				void* _t93;
				intOrPtr _t94;
				intOrPtr _t99;
				void* _t103;
				void* _t106;
				void* _t107;
				void* _t108;
				void* _t109;
				void* _t120;
				void* _t123;
				void* _t131;
				void* _t133;
				intOrPtr* _t138;
				void* _t139;
				void* _t140;
				void* _t149;
				void* _t150;
				void* _t151;
				void* _t152;
				void* _t153;

				_t151 = __r13;
				_t150 = __r12;
				_t149 = __r11;
				_t148 = __r10;
				_t143 = __r9;
				_t142 = __r8;
				_t136 = __rbp;
				_t134 = __rsi;
				_t125 = __rcx;
				_t108 = __esp;
				_t107 = __ebp;
				_t101 = __edi;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t140 = _t139 - 0x30;
				_t63 =  *((intOrPtr*)(__rcx + 0x41));
				_t123 = __rcx;
				r15d = 1;
				sil = 0x78;
				bpl = 0x58;
				r14b = 0x41;
				_t109 = _t63 - 0x64;
				if(_t109 > 0) {
					if(_t63 <= 0x67) {
						L33:
						_t64 = L02963900(_t89, _t93, _t101, _t107, _t108, _t123, _t125, _t134, _t136, _t142, _t143, _t148, _t150, _t151, _t153);
						L34:
						if(_t64 != 0) {
							if( *((intOrPtr*)(_t123 + 0x47c)) != 2 ||  *((intOrPtr*)(_t123 + 0x478)) != r15d) {
								if( *((char*)(_t123 + 0x40)) != 0) {
									goto L65;
								}
								_t90 =  *(_t123 + 0x30);
								_a8 = 0;
								_a10 = 0;
								if((r15b & _t90 >> 0x00000004) == 0) {
									L47:
									_t94 =  *((intOrPtr*)(_t123 + 0x41));
									if((_t94 - bpl & 0x000000df) != 0 || (r15b & _t90 >> 0x00000005) == 0) {
										r8b = 0;
									} else {
										r8b = r15b;
									}
									_t73 = _t94 - r14b & 0xffffff00 | (_t94 - r14b & 0x000000df) == 0x00000000;
									if(r8b != 0 || _t73 != 0) {
										 *((char*)(_t140 + _t133 + 0x50)) = 0x30;
										if(_t94 == bpl || _t94 == r14b) {
											sil = bpl;
										}
										 *((intOrPtr*)(_t140 + _t133 + 0x51)) = sil;
										_t133 = _t133 + 2;
									}
									_t138 = _t123 + 0x28;
									_t152 = _t123 + 0x468;
									_t106 =  *((intOrPtr*)(_t123 + 0x34)) -  *((intOrPtr*)(_t123 + 0x50));
									if((_t90 & 0x0000000c) == 0) {
										r8d = _t106;
										_t73 = E02958FA8(_t73, 0x20, _t123, _t152, _t133, _t138, _t148);
									}
									r8d = 0;
									_v40 = _t123 + 0x10;
									E0296A6FC(_t73, 0, _t106, _t123, _t152, _t133, _t134, _t138, _t138);
									_t91 =  *(_t123 + 0x30);
									_t76 = _t91 >> 3;
									if((r15b & _t91 >> 0x00000003) != 0 && (r15b & _t91) == 0) {
										r8d = _t106;
										E02958FA8(_t76, 0x30, _t123, _t152, _t133, _t138, _t148);
									}
									_t77 = L02969F28(_t91, _t106, _t123, _t123, _t134, _t138, _t142);
									if( *_t138 >= 0) {
										r10d =  *(_t123 + 0x30);
										r10d = r10d >> 2;
										if((r15b & r10b) != 0) {
											r8d = _t106;
											E02958FA8(_t77, 0x20, _t123, _t152, _t133, _t138, _t148);
										}
									}
									goto L65;
								}
								if((r15b & _t90 >> 0x00000006) == 0) {
									if((r15b & _t90) == 0) {
										if((r15b & _t90 >> 0x00000001) == 0) {
											goto L47;
										}
										_a8 = 0x20;
										L46:
										_t133 = _t153;
										goto L47;
									}
									_a8 = 0x2b;
									goto L46;
								}
								_a8 = 0x2d;
								goto L46;
							} else {
								L65:
								_t65 = r15b;
								L66:
								return _t65;
							}
						}
						L35:
						_t65 = 0;
						goto L66;
					}
					if(_t63 == 0x69) {
						L29:
						 *(_t125 + 0x30) =  *(_t125 + 0x30) | 0x00000010;
						L30:
						_t99 = 0xa;
						L31:
						r8d = 0;
						L32:
						_t64 = L02965A04(_t99, _t103, _t123, _t125, _t131, _t136);
						goto L34;
					}
					if(_t63 == 0x6e) {
						_t64 = E02966CA8(_t93, __edi, _t120, __rcx, __rcx, __r9, __r10);
						goto L34;
					}
					if(_t63 == 0x6f) {
						_t92 =  *(__rcx + 0x30);
						if((r15b & _t92 >> 0x00000005) != 0) {
							asm("bts ecx, 0x7");
							 *(__rcx + 0x30) = _t92;
						}
						_t99 = 8;
						_t125 = _t123;
						goto L31;
					}
					if(_t63 == 0x70) {
						 *((intOrPtr*)(__rcx + 0x38)) = 0x10;
						 *((intOrPtr*)(__rcx + 0x3c)) = 0xb;
						L24:
						r8b = r15b;
						_t99 = 0x10;
						goto L32;
					}
					if(_t63 == 0x73) {
						L22:
						_t64 = L02967920(_t93, _t101, _t107, _t123, _t125, _t136, _t149);
						goto L34;
					}
					if(_t63 == 0x75) {
						goto L30;
					}
					if(_t63 != sil) {
						goto L35;
					}
					_t99 = 0x10;
					goto L31;
				}
				if(_t109 == 0) {
					goto L29;
				}
				if(_t63 == r14b) {
					goto L33;
				}
				if(_t63 == 0x43) {
					L11:
					_t64 = E02964BF4(0, _t123, _t125, _t142, _t143, _t148);
					goto L34;
				}
				if(_t63 <= 0x44) {
					goto L35;
				}
				if(_t63 <= 0x47) {
					goto L33;
				}
				if(_t63 == 0x53) {
					goto L22;
				}
				if(_t63 == bpl) {
					goto L24;
				}
				if(_t63 == 0x5a) {
					_t64 = E02962B8C(__ebx, _t93, __rcx, __rcx, __r8, __r9, __r10);
					goto L34;
				}
				if(_t63 == 0x61) {
					goto L33;
				}
				if(_t63 != 0x63) {
					goto L35;
				}
				goto L11;
			}

0x02960e28
0x02960e28
0x02960e28
0x02960e28
0x02960e28
0x02960e28
0x02960e28
0x02960e28
0x02960e28
0x02960e28
0x02960e28
0x02960e28
0x02960e28
0x02960e2d
0x02960e32
0x02960e3c
0x02960e40
0x02960e43
0x02960e46
0x02960e4c
0x02960e4f
0x02960e52
0x02960e55
0x02960e57
0x02960eb1
0x02960f2e
0x02960f2e
0x02960f33
0x02960f35
0x02960f45
0x02960f58
0x00000000
0x00000000
0x02960f5e
0x02960f63
0x02960f6a
0x02960f76
0x02960fa6
0x02960fa6
0x02960fb0
0x02960fc1
0x02960fbc
0x02960fbc
0x02960fbc
0x02960fcb
0x02960fd1
0x02960fd7
0x02960fdf
0x02960fe6
0x02960fe6
0x02960fe9
0x02960fee
0x02960fee
0x02960ff5
0x02960ffc
0x02961003
0x02961008
0x0296100d
0x02961015
0x02961015
0x02961021
0x02961024
0x02961031
0x02961036
0x0296103b
0x02961041
0x0296104e
0x02961056
0x02961056
0x02961060
0x02961069
0x0296106b
0x0296106f
0x02961076
0x0296107b
0x02961083
0x02961083
0x02961076
0x00000000
0x02961069
0x02960f80
0x02960f8c
0x02960f9c
0x00000000
0x00000000
0x02960f9e
0x02960fa3
0x02960fa3
0x00000000
0x02960fa3
0x02960f8e
0x00000000
0x02960f8e
0x02960f82
0x00000000
0x02961088
0x02961088
0x02961088
0x0296108b
0x029610a3
0x029610a3
0x02960f45
0x02960f37
0x02960f37
0x00000000
0x02960f37
0x02960eb5
0x02960f1b
0x02960f1b
0x02960f1f
0x02960f1f
0x02960f24
0x02960f24
0x02960f27
0x02960f27
0x00000000
0x02960f27
0x02960eb9
0x02960f14
0x00000000
0x02960f14
0x02960ebd
0x02960ef6
0x02960f01
0x02960f03
0x02960f07
0x02960f07
0x02960f0a
0x02960f0f
0x00000000
0x02960f0f
0x02960ec1
0x02960ede
0x02960ee5
0x02960eec
0x02960eec
0x02960eef
0x00000000
0x02960eef
0x02960ec5
0x02960ed7
0x02960ed7
0x00000000
0x02960ed7
0x02960ec9
0x00000000
0x00000000
0x02960ece
0x00000000
0x00000000
0x02960ed0
0x00000000
0x02960ed0
0x02960e59
0x00000000
0x00000000
0x02960e62
0x00000000
0x00000000
0x02960e6a
0x02960e99
0x02960e9b
0x00000000
0x02960e9b
0x02960e6e
0x00000000
0x00000000
0x02960e76
0x00000000
0x00000000
0x02960e7e
0x00000000
0x00000000
0x02960e83
0x00000000
0x00000000
0x02960e87
0x02960ea5
0x00000000
0x02960ea5
0x02960e8b
0x00000000
0x00000000
0x02960e93
0x00000000
0x00000000
0x00000000

Strings

0, xrefs: 02960FD7

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: f1a3df048fc6ed27dd47efb713a0bdab6ecd4db2806901a5f9cbd3621b4450f8
Instruction ID: eabd85fbd79a6324cfbab502b54ab0e1381168a05685b95bedd551d9e0d1f1d2
Opcode Fuzzy Hash: f1a3df048fc6ed27dd47efb713a0bdab6ecd4db2806901a5f9cbd3621b4450f8
Instruction Fuzzy Hash: A95147223282858EDF3D8A69908C3BE67DAF782B4CF841526DDC56B758C735C487CB41

Uniqueness

Uniqueness Score: -1.00%

Function 029610A4 Relevance: 1.4, Strings: 1, Instructions: 196
COMMONCrypto

Download Yara Rule

C-Code - Quality: 71%

			E029610A4(void* __ebx, void* __ebp, void* __esp, long long __rbx, void* __rcx, long long __rsi, long long __rbp, void* __r8, void* __r10, void* __r11, void* __r12, void* __r13, char _a8, char _a10, long long _a16, long long _a24, long long _a32) {
				long long _v40;
				void* __rdi;
				void* __r15;
				intOrPtr _t61;
				void* _t62;
				signed int _t63;
				signed int _t71;
				void* _t75;
				void* _t87;
				unsigned int _t88;
				signed char _t89;
				unsigned int _t90;
				void* _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				void* _t99;
				void* _t101;
				void* _t104;
				void* _t105;
				void* _t106;
				void* _t107;
				void* _t120;
				void* _t128;
				void* _t130;
				intOrPtr* _t135;
				void* _t136;
				void* _t137;
				void* _t139;
				void* _t144;
				void* _t145;
				void* _t146;
				void* _t147;
				void* _t148;
				void* _t149;

				_t147 = __r13;
				_t146 = __r12;
				_t145 = __r11;
				_t144 = __r10;
				_t139 = __r8;
				_t133 = __rbp;
				_t131 = __rsi;
				_t122 = __rcx;
				_t106 = __esp;
				_t105 = __ebp;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t137 = _t136 - 0x30;
				_t61 =  *((intOrPtr*)(__rcx + 0x41));
				_t120 = __rcx;
				r15d = 1;
				sil = 0x78;
				bpl = 0x58;
				r14b = 0x41;
				_t107 = _t61 - 0x64;
				if(_t107 > 0) {
					if(_t61 <= 0x67) {
						L33:
						_t62 = E02963AF4(_t87, _t91, _t99, _t105, _t106, _t120, _t122, _t131, _t133, _t139, _t144, _t146, _t147, _t149);
						L34:
						if(_t62 != 0) {
							if( *((char*)(_t120 + 0x40)) != 0) {
								L63:
								_t63 = r15b;
								L64:
								return _t63;
							}
							_t88 =  *(_t120 + 0x30);
							_a8 = 0;
							_a10 = 0;
							if((r15b & _t88 >> 0x00000004) == 0) {
								L45:
								_t92 =  *((intOrPtr*)(_t120 + 0x41));
								if((_t92 - bpl & 0x000000df) != 0 || (r15b & _t88 >> 0x00000005) == 0) {
									r8b = 0;
								} else {
									r8b = r15b;
								}
								_t71 = _t92 - r14b & 0xffffff00 | (_t92 - r14b & 0x000000df) == 0x00000000;
								if(r8b != 0 || _t71 != 0) {
									 *((char*)(_t137 + _t130 + 0x50)) = 0x30;
									if(_t92 == bpl || _t92 == r14b) {
										sil = bpl;
									}
									 *((intOrPtr*)(_t137 + _t130 + 0x51)) = sil;
									_t130 = _t130 + 2;
								}
								_t135 = _t120 + 0x28;
								_t148 = _t120 + 0x468;
								_t104 =  *((intOrPtr*)(_t120 + 0x34)) -  *((intOrPtr*)(_t120 + 0x50));
								if((_t88 & 0x0000000c) == 0) {
									r8d = _t104;
									_t71 = E02958FA8(_t71, 0x20, _t120, _t148, _t130, _t135, _t144);
								}
								r8d = 0;
								_v40 = _t120 + 0x10;
								E0296A6FC(_t71, 0, _t104, _t120, _t148, _t130, _t131, _t135, _t135);
								_t89 =  *(_t120 + 0x30);
								_t74 = _t89 >> 3;
								if((r15b & _t89 >> 0x00000003) != 0 && (r15b & _t89) == 0) {
									r8d = _t104;
									E02958FA8(_t74, 0x30, _t120, _t148, _t130, _t135, _t144);
								}
								_t75 = E0296A000(_t89, _t104, _t120, _t120, _t131, _t135, _t139);
								if( *_t135 >= 0) {
									r10d =  *(_t120 + 0x30);
									r10d = r10d >> 2;
									if((r15b & r10b) != 0) {
										r8d = _t104;
										E02958FA8(_t75, 0x20, _t120, _t148, _t130, _t135, _t144);
									}
								}
								goto L63;
							}
							if((r15b & _t88 >> 0x00000006) == 0) {
								if((r15b & _t88) == 0) {
									if((r15b & _t88 >> 0x00000001) == 0) {
										goto L45;
									}
									_a8 = 0x20;
									L44:
									_t130 = _t149;
									goto L45;
								}
								_a8 = 0x2b;
								goto L44;
							}
							_a8 = 0x2d;
							goto L44;
						}
						L35:
						_t63 = 0;
						goto L64;
					}
					if(_t61 == 0x69) {
						L29:
						 *(_t122 + 0x30) =  *(_t122 + 0x30) | 0x00000010;
						L30:
						_t97 = 0xa;
						L31:
						r8d = 0;
						L32:
						_t62 = L02965C08(_t97, _t101, _t120, _t122, _t128, _t131, _t133);
						goto L34;
					}
					if(_t61 == 0x6e) {
						_t62 = E02966DAC(_t91, __rcx, __rcx, _t128, __rsi);
						goto L34;
					}
					if(_t61 == 0x6f) {
						_t90 =  *(__rcx + 0x30);
						if((r15b & _t90 >> 0x00000005) != 0) {
							asm("bts ecx, 0x7");
							 *(__rcx + 0x30) = _t90;
						}
						_t97 = 8;
						_t122 = _t120;
						goto L31;
					}
					if(_t61 == 0x70) {
						 *((intOrPtr*)(__rcx + 0x38)) = 0x10;
						 *((intOrPtr*)(__rcx + 0x3c)) = 0xb;
						L24:
						r8b = r15b;
						_t97 = 0x10;
						goto L32;
					}
					if(_t61 == 0x73) {
						L22:
						_t62 = L029679D8(_t105, _t122, _t145);
						goto L34;
					}
					if(_t61 == 0x75) {
						goto L30;
					}
					if(_t61 != sil) {
						goto L35;
					}
					_t97 = 0x10;
					goto L31;
				}
				if(_t107 == 0) {
					goto L29;
				}
				if(_t61 == r14b) {
					goto L33;
				}
				if(_t61 == 0x43) {
					L11:
					_t62 = E02964CF4(_t122);
					goto L34;
				}
				if(_t61 <= 0x44) {
					goto L35;
				}
				if(_t61 <= 0x47) {
					goto L33;
				}
				if(_t61 == 0x53) {
					goto L22;
				}
				if(_t61 == bpl) {
					goto L24;
				}
				if(_t61 == 0x5a) {
					_t62 = E02962CE8(__rcx);
					goto L34;
				}
				if(_t61 == 0x61) {
					goto L33;
				}
				if(_t61 != 0x63) {
					goto L35;
				}
				goto L11;
			}

0x029610a4
0x029610a4
0x029610a4
0x029610a4
0x029610a4
0x029610a4
0x029610a4
0x029610a4
0x029610a4
0x029610a4
0x029610a4
0x029610a9
0x029610ae
0x029610b8
0x029610bc
0x029610bf
0x029610c2
0x029610c8
0x029610cb
0x029610ce
0x029610d1
0x029610d3
0x0296112d
0x029611aa
0x029611aa
0x029611af
0x029611b1
0x029611be
0x029612ee
0x029612ee
0x029612f1
0x02961309
0x02961309
0x029611c4
0x029611c9
0x029611d0
0x029611dc
0x0296120c
0x0296120c
0x02961216
0x02961227
0x02961222
0x02961222
0x02961222
0x02961231
0x02961237
0x0296123d
0x02961245
0x0296124c
0x0296124c
0x0296124f
0x02961254
0x02961254
0x0296125b
0x02961262
0x02961269
0x0296126e
0x02961273
0x0296127b
0x0296127b
0x02961287
0x0296128a
0x02961297
0x0296129c
0x029612a1
0x029612a7
0x029612b4
0x029612bc
0x029612bc
0x029612c6
0x029612cf
0x029612d1
0x029612d5
0x029612dc
0x029612e1
0x029612e9
0x029612e9
0x029612dc
0x00000000
0x029612cf
0x029611e6
0x029611f2
0x02961202
0x00000000
0x00000000
0x02961204
0x02961209
0x02961209
0x00000000
0x02961209
0x029611f4
0x00000000
0x029611f4
0x029611e8
0x00000000
0x029611e8
0x029611b3
0x029611b3
0x00000000
0x029611b3
0x02961131
0x02961197
0x02961197
0x0296119b
0x0296119b
0x029611a0
0x029611a0
0x029611a3
0x029611a3
0x00000000
0x029611a3
0x02961135
0x02961190
0x00000000
0x02961190
0x02961139
0x02961172
0x0296117d
0x0296117f
0x02961183
0x02961183
0x02961186
0x0296118b
0x00000000
0x0296118b
0x0296113d
0x0296115a
0x02961161
0x02961168
0x02961168
0x0296116b
0x00000000
0x0296116b
0x02961141
0x02961153
0x02961153
0x00000000
0x02961153
0x02961145
0x00000000
0x00000000
0x0296114a
0x00000000
0x00000000
0x0296114c
0x00000000
0x0296114c
0x029610d5
0x00000000
0x00000000
0x029610de
0x00000000
0x00000000
0x029610e6
0x02961115
0x02961117
0x00000000
0x02961117
0x029610ea
0x00000000
0x00000000
0x029610f2
0x00000000
0x00000000
0x029610fa
0x00000000
0x00000000
0x029610ff
0x00000000
0x00000000
0x02961103
0x02961121
0x00000000
0x02961121
0x02961107
0x00000000
0x00000000
0x0296110f
0x00000000
0x00000000
0x00000000

Strings

0, xrefs: 0296123D

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: 0
API String ID: 3215553584-4108050209
Opcode ID: e4fb5cfadd3860fc707b8e6dca316af78b28fb88d75d76524af272a23562ae5f
Instruction ID: 039a44e90f8f40981ec66dd9c416bd85f8ad752c1da1501773ba2c42b96eb9b8
Opcode Fuzzy Hash: e4fb5cfadd3860fc707b8e6dca316af78b28fb88d75d76524af272a23562ae5f
Instruction Fuzzy Hash: 86515B123142854ADB3C8A69A00C3BE6BEBE782B8CF851606DD8D9B72DC775C087CF45

Uniqueness

Uniqueness Score: -1.00%

Function 02960BC0 Relevance: 1.4, Strings: 1, Instructions: 196
COMMONLIBRARYCODECrypto

Download Yara Rule

C-Code - Quality: 71%

			E02960BC0(void* __ebx, void* __ebp, void* __esp, long long __rbx, void* __rcx, long long __rsi, long long __rbp, void* __r8, void* __r10, void* __r11, void* __r12, void* __r13, char _a8, char _a10, long long _a16, long long _a24, long long _a32) {
				long long _v40;
				void* __rdi;
				void* __r15;
				intOrPtr _t61;
				void* _t62;
				signed int _t63;
				signed int _t71;
				void* _t75;
				void* _t87;
				unsigned int _t88;
				signed char _t89;
				unsigned int _t90;
				void* _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				void* _t99;
				void* _t101;
				void* _t104;
				void* _t105;
				void* _t106;
				void* _t107;
				void* _t120;
				void* _t128;
				void* _t130;
				intOrPtr* _t135;
				void* _t136;
				void* _t137;
				void* _t139;
				void* _t144;
				void* _t145;
				void* _t146;
				void* _t147;
				void* _t148;
				void* _t149;

				_t147 = __r13;
				_t146 = __r12;
				_t145 = __r11;
				_t144 = __r10;
				_t139 = __r8;
				_t133 = __rbp;
				_t131 = __rsi;
				_t122 = __rcx;
				_t106 = __esp;
				_t105 = __ebp;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t137 = _t136 - 0x30;
				_t61 =  *((intOrPtr*)(__rcx + 0x41));
				_t120 = __rcx;
				r15d = 1;
				sil = 0x78;
				bpl = 0x58;
				r14b = 0x41;
				_t107 = _t61 - 0x64;
				if(_t107 > 0) {
					if(_t61 <= 0x67) {
						L33:
						_t62 = E02963744(_t87, _t91, _t99, _t105, _t106, _t120, _t122, _t131, _t133, _t139, _t144, _t146, _t147, _t149);
						L34:
						if(_t62 != 0) {
							if( *((char*)(_t120 + 0x40)) != 0) {
								L63:
								_t63 = r15b;
								L64:
								return _t63;
							}
							_t88 =  *(_t120 + 0x30);
							_a8 = 0;
							_a10 = 0;
							if((r15b & _t88 >> 0x00000004) == 0) {
								L45:
								_t92 =  *((intOrPtr*)(_t120 + 0x41));
								if((_t92 - bpl & 0x000000df) != 0 || (r15b & _t88 >> 0x00000005) == 0) {
									r8b = 0;
								} else {
									r8b = r15b;
								}
								_t71 = _t92 - r14b & 0xffffff00 | (_t92 - r14b & 0x000000df) == 0x00000000;
								if(r8b != 0 || _t71 != 0) {
									 *((char*)(_t137 + _t130 + 0x50)) = 0x30;
									if(_t92 == bpl || _t92 == r14b) {
										sil = bpl;
									}
									 *((intOrPtr*)(_t137 + _t130 + 0x51)) = sil;
									_t130 = _t130 + 2;
								}
								_t135 = _t120 + 0x28;
								_t148 = _t120 + 0x468;
								_t104 =  *((intOrPtr*)(_t120 + 0x34)) -  *((intOrPtr*)(_t120 + 0x50));
								if((_t88 & 0x0000000c) == 0) {
									r8d = _t104;
									_t71 = E02958FA8(_t71, 0x20, _t120, _t148, _t130, _t135, _t144);
								}
								r8d = 0;
								_v40 = _t120 + 0x10;
								E0296A6FC(_t71, 0, _t104, _t120, _t148, _t130, _t131, _t135, _t135);
								_t89 =  *(_t120 + 0x30);
								_t74 = _t89 >> 3;
								if((r15b & _t89 >> 0x00000003) != 0 && (r15b & _t89) == 0) {
									r8d = _t104;
									E02958FA8(_t74, 0x30, _t120, _t148, _t130, _t135, _t144);
								}
								_t75 = L02969E50(_t89, _t104, _t120, _t120, _t131, _t135, _t139);
								if( *_t135 >= 0) {
									r10d =  *(_t120 + 0x30);
									r10d = r10d >> 2;
									if((r15b & r10b) != 0) {
										r8d = _t104;
										E02958FA8(_t75, 0x20, _t120, _t148, _t130, _t135, _t144);
									}
								}
								goto L63;
							}
							if((r15b & _t88 >> 0x00000006) == 0) {
								if((r15b & _t88) == 0) {
									if((r15b & _t88 >> 0x00000001) == 0) {
										goto L45;
									}
									_a8 = 0x20;
									L44:
									_t130 = _t149;
									goto L45;
								}
								_a8 = 0x2b;
								goto L44;
							}
							_a8 = 0x2d;
							goto L44;
						}
						L35:
						_t63 = 0;
						goto L64;
					}
					if(_t61 == 0x69) {
						L29:
						 *(_t122 + 0x30) =  *(_t122 + 0x30) | 0x00000010;
						L30:
						_t97 = 0xa;
						L31:
						r8d = 0;
						L32:
						_t62 = L0296583C(_t97, _t101, _t120, _t122, _t128, _t131, _t133);
						goto L34;
					}
					if(_t61 == 0x6e) {
						_t62 = E02966BCC(_t91, __rcx, __rcx, _t128, __rsi);
						goto L34;
					}
					if(_t61 == 0x6f) {
						_t90 =  *(__rcx + 0x30);
						if((r15b & _t90 >> 0x00000005) != 0) {
							asm("bts ecx, 0x7");
							 *(__rcx + 0x30) = _t90;
						}
						_t97 = 8;
						_t122 = _t120;
						goto L31;
					}
					if(_t61 == 0x70) {
						 *((intOrPtr*)(__rcx + 0x38)) = 0x10;
						 *((intOrPtr*)(__rcx + 0x3c)) = 0xb;
						L24:
						r8b = r15b;
						_t97 = 0x10;
						goto L32;
					}
					if(_t61 == 0x73) {
						L22:
						_t62 = L02967888(_t105, _t122, _t145);
						goto L34;
					}
					if(_t61 == 0x75) {
						goto L30;
					}
					if(_t61 != sil) {
						goto L35;
					}
					_t97 = 0x10;
					goto L31;
				}
				if(_t107 == 0) {
					goto L29;
				}
				if(_t61 == r14b) {
					goto L33;
				}
				if(_t61 == 0x43) {
					L11:
					_t62 = E02964B38(_t122);
					goto L34;
				}
				if(_t61 <= 0x44) {
					goto L35;
				}
				if(_t61 <= 0x47) {
					goto L33;
				}
				if(_t61 == 0x53) {
					goto L22;
				}
				if(_t61 == bpl) {
					goto L24;
				}
				if(_t61 == 0x5a) {
					_t62 = E02962B14(__rcx);
					goto L34;
				}
				if(_t61 == 0x61) {
					goto L33;
				}
				if(_t61 != 0x63) {
					goto L35;
				}
				goto L11;
			}

0x02960bc0
0x02960bc0
0x02960bc0
0x02960bc0
0x02960bc0
0x02960bc0
0x02960bc0
0x02960bc0
0x02960bc0
0x02960bc0
0x02960bc0
0x02960bc5
0x02960bca
0x02960bd4
0x02960bd8
0x02960bdb
0x02960bde
0x02960be4
0x02960be7
0x02960bea
0x02960bed
0x02960bef
0x02960c49
0x02960cc6
0x02960cc6
0x02960ccb
0x02960ccd
0x02960cda
0x02960e0a
0x02960e0a
0x02960e0d
0x02960e25
0x02960e25
0x02960ce0
0x02960ce5
0x02960cec
0x02960cf8
0x02960d28
0x02960d28
0x02960d32
0x02960d43
0x02960d3e
0x02960d3e
0x02960d3e
0x02960d4d
0x02960d53
0x02960d59
0x02960d61
0x02960d68
0x02960d68
0x02960d6b
0x02960d70
0x02960d70
0x02960d77
0x02960d7e
0x02960d85
0x02960d8a
0x02960d8f
0x02960d97
0x02960d97
0x02960da3
0x02960da6
0x02960db3
0x02960db8
0x02960dbd
0x02960dc3
0x02960dd0
0x02960dd8
0x02960dd8
0x02960de2
0x02960deb
0x02960ded
0x02960df1
0x02960df8
0x02960dfd
0x02960e05
0x02960e05
0x02960df8
0x00000000
0x02960deb
0x02960d02
0x02960d0e
0x02960d1e
0x00000000
0x00000000
0x02960d20
0x02960d25
0x02960d25
0x00000000
0x02960d25
0x02960d10
0x00000000
0x02960d10
0x02960d04
0x00000000
0x02960d04
0x02960ccf
0x02960ccf
0x00000000
0x02960ccf
0x02960c4d
0x02960cb3
0x02960cb3
0x02960cb7
0x02960cb7
0x02960cbc
0x02960cbc
0x02960cbf
0x02960cbf
0x00000000
0x02960cbf
0x02960c51
0x02960cac
0x00000000
0x02960cac
0x02960c55
0x02960c8e
0x02960c99
0x02960c9b
0x02960c9f
0x02960c9f
0x02960ca2
0x02960ca7
0x00000000
0x02960ca7
0x02960c59
0x02960c76
0x02960c7d
0x02960c84
0x02960c84
0x02960c87
0x00000000
0x02960c87
0x02960c5d
0x02960c6f
0x02960c6f
0x00000000
0x02960c6f
0x02960c61
0x00000000
0x00000000
0x02960c66
0x00000000
0x00000000
0x02960c68
0x00000000
0x02960c68
0x02960bf1
0x00000000
0x00000000
0x02960bfa
0x00000000
0x00000000
0x02960c02
0x02960c31
0x02960c33
0x00000000
0x02960c33
0x02960c06
0x00000000
0x00000000
0x02960c0e
0x00000000
0x00000000
0x02960c16
0x00000000
0x00000000
0x02960c1b
0x00000000
0x00000000
0x02960c1f
0x02960c3d
0x00000000
0x02960c3d
0x02960c23
0x00000000
0x00000000
0x02960c2b
0x00000000
0x00000000
0x00000000

Strings

0, xrefs: 02960D59

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: 0
API String ID: 3215553584-4108050209
Opcode ID: 4603d0f43a27ee046cc5bb8b5ab7e379bbf5225eea1bd1a78caed6ebb0442979
Instruction ID: 0c6958782a543b4541e46f19953637a304026a71e155481263311496ddac72c6
Opcode Fuzzy Hash: 4603d0f43a27ee046cc5bb8b5ab7e379bbf5225eea1bd1a78caed6ebb0442979
Instruction Fuzzy Hash: B95158223147844ADB398B2990DC3BA67EBFB82B4CF481A05CD816B75DC77AC44BCB45

Uniqueness

Uniqueness Score: -1.00%

Function 029857FC Relevance: .3, Instructions: 272
COMMONCrypto

Download Yara Rule

C-Code - Quality: 68%

			E029857FC(void* __ecx, signed int __edx, void* __esp, void* __eflags, long long __rbx, long long __rcx, void* __rdx, void* __rsi, long long __rbp, void* __r9, void* __r13, long long _a16, long long _a24) {
				void* _v24;
				signed int _v40;
				char _v168;
				long long _v184;
				long long _v192;
				long long _v200;
				void* _v224;
				signed int _v240;
				char _v480;
				long long _v496;
				long long _v504;
				long long _v512;
				char _v520;
				void* __rdi;
				signed long long _t97;
				signed long long _t107;
				signed long long _t108;
				signed int _t109;
				signed long long _t110;
				signed long long _t112;
				signed long long _t113;
				signed long long _t119;
				signed long long _t120;
				intOrPtr _t121;
				signed long long _t123;
				signed long long _t124;
				signed long long _t126;
				signed long long _t129;
				signed long long _t130;
				signed long long _t131;
				signed long long _t132;
				signed long long _t133;
				signed int _t139;
				signed int _t141;
				signed long long _t142;
				signed int _t143;
				signed int _t145;
				void* _t153;
				signed int _t154;
				void* _t160;
				signed long long _t163;
				signed long long _t164;
				signed long long _t165;
				signed long long _t166;
				signed long long _t167;
				long long _t169;
				long long _t171;
				signed long long* _t173;
				signed long long* _t182;
				signed long long* _t187;
				signed long long _t193;
				signed short* _t195;
				char* _t204;
				void* _t209;
				signed long long _t211;
				signed long long _t212;
				signed long long* _t214;
				char* _t216;
				long long _t219;
				long long _t223;
				void* _t225;
				signed long long _t226;
				signed long long _t228;
				signed long long _t242;
				signed long long _t243;
				signed short* _t245;
				signed long long _t246;
				signed long long _t247;
				signed long long _t248;
				void* _t251;

				_t251 = __r13;
				_t241 = __r9;
				_t223 = __rbp;
				_t160 = __eflags;
				_t159 = __esp;
				_t143 = __edx;
				_a16 = __rbx;
				_a24 = __rbp;
				_push(__rsi);
				_push(_t211);
				_t226 = _t225 - 0xc0;
				_t163 =  *0x29a61e8; // 0xc99624406909
				_t164 = _t163 ^ _t226;
				_v40 = _t164;
				_t219 = __rcx;
				L0297390C(__esp, _t164, __rbx, __rcx, __rdx, __rcx, __rbp, __r9, __r13);
				r9d = 0x40;
				_t5 = _t164 + 0x98; // 0x98
				_t169 = _t5;
				_t136 =  ~( *(_t169 + 0x1c));
				asm("sbb edx, edx");
				_t145 = (_t143 & 0xfffff005) + 0x1002;
				if(L02977F84(_t145, _t160, _t164, _t169, _t219, _t219, __rbp,  &_v168) != 0) {
					_t97 = E02985294(_t145, _t164, _t169,  *((intOrPtr*)(_t169 + 8)),  &_v168, _t219, _t223,  &_v168);
					_t212 = _t211 | 0xffffffff;
					r13d = _t212 + 0x56;
					__eflags = _t97;
					if(__eflags != 0) {
						L14:
						_t136 = 0x300;
						__eflags = ( *(_t169 + 0x10) & 0x00000300) - 0x300;
						if(__eflags == 0) {
							L45:
							_t103 =  !( *(_t169 + 0x10) >> 2) & 0x00000001;
							__eflags =  !( *(_t169 + 0x10) >> 2) & 0x00000001;
							goto L46;
						} else {
							r9d = 0x40;
							asm("sbb edx, edx");
							_t147 = (_t145 & 0xfffff002) + 0x1001;
							_t107 = L02977F84((_t145 & 0xfffff002) + 0x1001, __eflags, _t164, _t169, _t219, _t219, _t223,  &_v168);
							__eflags = _t107;
							if(_t107 == 0) {
								goto L1;
							} else {
								_t108 = E02985294(_t147, _t164, _t169,  *_t169,  &_v168, _t219, _t223,  &_v168);
								__eflags = _t108;
								if(_t108 != 0) {
									goto L45;
								} else {
									_t109 =  *(_t169 + 0x10);
									asm("bts eax, 0x9");
									 *(_t169 + 0x10) = _t109;
									__eflags =  *(_t169 + 0x18);
									if( *(_t169 + 0x18) == 0) {
										__eflags =  *(_t169 + 0x14);
										if( *(_t169 + 0x14) == 0) {
											L42:
											asm("bts eax, 0x8");
											_t57 = _t169 + 0x258; // 0x2f0
											_t182 = _t57;
											 *(_t169 + 0x10) = _t109;
											__eflags =  *_t182;
											if( *_t182 != 0) {
												goto L45;
											} else {
												do {
													_t212 = _t212 + 1;
													__eflags =  *(_t219 + _t212 * 2);
												} while ( *(_t219 + _t212 * 2) != 0);
												goto L44;
											}
										} else {
											_t209 =  *_t169;
											_t193 = _t212;
											do {
												_t193 = _t193 + 1;
												__eflags =  *(_t209 + _t193 * 2);
											} while ( *(_t209 + _t193 * 2) != 0);
											__eflags = 0x300 -  *(_t169 + 0x14);
											if(__eflags != 0) {
												goto L42;
											} else {
												_t126 = L02985CA0(__eflags, _t219, _t209, _t219, _t223, _t241);
												__eflags = _t126;
												if(_t126 != 0) {
													L39:
													asm("bts dword [ebx+0x10], 0x8");
													_t54 = _t169 + 0x258; // 0x2f0
													_t182 = _t54;
													__eflags =  *_t182;
													if( *_t182 != 0) {
														goto L45;
													} else {
														do {
															_t212 = _t212 + 1;
															__eflags =  *(_t219 + _t212 * 2);
														} while ( *(_t219 + _t212 * 2) != 0);
														goto L44;
													}
												} else {
													_t245 =  *_t169;
													r8d = 0;
													_t195 = _t245;
													__eflags = _t245;
													if(_t245 != 0) {
														_t154 =  *_t245 & 0x0000ffff;
														while(1) {
															_t195 =  &(_t195[1]);
															_t126 = _t209 - 0x41;
															__eflags = _t126 - 0x19;
															if(_t126 <= 0x19) {
																goto L35;
															}
															_t147 = _t154 - 0x61;
															__eflags = _t154 - 0x61 - 0x19;
															if(_t154 - 0x61 <= 0x19) {
																goto L35;
															}
															goto L36;
															L35:
															_t154 =  *_t195 & 0x0000ffff;
															r8d = r8d + 1;
														}
													}
													L36:
													_t167 = _t212;
													do {
														_t167 = _t167 + 1;
														__eflags = _t245[_t167];
													} while (_t245[_t167] != 0);
													__eflags = r8d - _t126;
													if(r8d == _t126) {
														goto L45;
													} else {
														goto L39;
													}
												}
											}
										}
									} else {
										asm("bts eax, 0x8");
										_t36 = _t169 + 0x258; // 0x2f0
										_t182 = _t36;
										 *(_t169 + 0x10) = _t109;
										__eflags =  *_t182;
										if( *_t182 != 0) {
											goto L45;
										} else {
											do {
												_t212 = _t212 + 1;
												__eflags =  *(_t219 + _t212 * 2);
											} while ( *(_t219 + _t212 * 2) != 0);
											L44:
											_t242 = _t212 + 1;
											_t203 = _t251;
											_t110 = E0298513C(_t147, _t164, _t169, _t182, _t251, _t219, _t242);
											__eflags = _t110;
											if(_t110 != 0) {
												goto L47;
											} else {
												goto L45;
											}
										}
									}
								}
							}
						}
					} else {
						r9d = _t212 + 0x41;
						asm("sbb edx, edx");
						_t145 = (_t145 & 0xfffff002) + 0x1001;
						_t129 = L02977F84(_t145, __eflags, _t164, _t169, _t219, _t219, _t223,  &_v168);
						__eflags = _t129;
						if(_t129 == 0) {
							goto L1;
						} else {
							_t210 =  &_v168;
							_t130 = E02985294(_t145, _t164, _t169,  *_t169,  &_v168, _t219, _t223,  &_v168);
							_t141 =  *(_t169 + 0x10);
							__eflags = _t130;
							if(_t130 != 0) {
								__eflags = _t141 & 0x00000002;
								if((_t141 & 0x00000002) != 0) {
									goto L14;
								} else {
									__eflags =  *(_t169 + 0x14);
									if( *(_t169 + 0x14) == 0) {
										L21:
										__eflags =  *(_t169 + 0x10) & 0x00000001;
										if(__eflags != 0) {
											goto L14;
										} else {
											_t131 = L02985CA0(__eflags, _t219, _t210, _t219, _t223, _t241);
											__eflags = _t131;
											if(_t131 == 0) {
												goto L14;
											} else {
												_t43 = _t169 + 0x10;
												 *_t43 =  *(_t169 + 0x10) | 0x00000001;
												__eflags =  *_t43;
												_t246 = _t212;
												do {
													_t246 = _t246 + 1;
													__eflags =  *(_t219 + _t246 * 2);
												} while ( *(_t219 + _t246 * 2) != 0);
												goto L13;
											}
										}
									} else {
										_t210 =  &_v168;
										_t133 = E0296E744(_t145, _t164, _t169,  *_t169,  &_v168, _t212, _t219,  *(_t169 + 0x14), _t241);
										__eflags = _t133;
										if(_t133 != 0) {
											goto L21;
										} else {
											_t24 = _t169 + 0x10;
											 *_t24 =  *(_t169 + 0x10) | 0x00000002;
											__eflags =  *_t24;
											_t247 = _t212;
											do {
												_t247 = _t247 + 1;
												__eflags =  *(_t219 + _t247 * 2);
											} while ( *(_t219 + _t247 * 2) != 0);
											goto L13;
										}
									}
								}
							} else {
								_t142 = _t141 | 0x00000304;
								__eflags = _t142;
								_t248 = _t212;
								 *(_t169 + 0x10) = _t142;
								do {
									_t248 = _t248 + 1;
									__eflags =  *(_t219 + _t248 * 2);
								} while ( *(_t219 + _t248 * 2) != 0);
								L13:
								_t28 = _t169 + 0x258; // 0x2f0
								_t182 = _t28;
								_t203 = _t251;
								_t242 = _t246 + 1;
								_t132 = E0298513C(_t145, _t164, _t169, _t182, _t251, _t219, _t242);
								__eflags = _t132;
								if(_t132 != 0) {
									L47:
									r9d = 0;
									_v184 = _t223;
									r8d = 0;
									E02970D9C();
									asm("int3");
									asm("int3");
									asm("int3");
									_v200 = _t169;
									_v192 = _t219;
									_t228 = _t226 - 0x130;
									_t165 =  *0x29a61e8; // 0xc99624406909
									_t166 = _t165 ^ _t228;
									_v240 = _t166;
									_t214 = _t182;
									L0297390C(_t159, _t166, _t169, _t182, _t203, _t219, _t223, _t242, _t212);
									r9d = 0x78;
									_t72 = _t166 + 0x98; // 0x98
									_t171 = _t72;
									_t139 =  ~( *(_t171 + 0x18));
									asm("sbb edx, edx");
									_t112 = L02977F84(0x1001, __eflags, _t166, _t171, _t214, _t219, _t223,  &_v480);
									__eflags = _t112;
									if(_t112 != 0) {
										_t204 =  &_v480;
										_t113 = E02985294(0x1001, _t166, _t171,  *_t171, _t204, _t219, _t223,  &_v480);
										__eflags = _t113;
										if(_t113 != 0) {
											L54:
											_t117 =  !( *(_t171 + 0x10) >> 2) & 0x00000001;
											__eflags =  !( *(_t171 + 0x10) >> 2) & 0x00000001;
											goto L55;
										} else {
											_t243 = _t242 | 0xffffffff;
											__eflags = _t243;
											do {
												_t243 = _t243 + 1;
												__eflags =  *(_t214 + _t243 * 2);
											} while ( *(_t214 + _t243 * 2) != 0);
											_t79 = _t171 + 0x258; // 0x2f0
											_t187 = _t79;
											_t236 = _t214;
											_t119 = E0298513C(0x55, _t166, _t171, _t187, _t204, _t214, _t243 + 1);
											__eflags = _t119;
											if(_t119 != 0) {
												r9d = 0;
												_v496 = _t219;
												r8d = 0;
												E02970D9C();
												asm("int3");
												asm("int3");
												asm("int3");
												_v512 = _t171;
												_v504 = _t219;
												_push(_t214);
												_t216 = _t204;
												_t173 = _t187;
												__eflags = _t187;
												if(__eflags == 0) {
													L69:
													_t153 = 0x20001004;
													goto L64;
												} else {
													__eflags =  *_t187;
													if(__eflags == 0) {
														goto L69;
													} else {
														__eflags = E0298B1D0(_t187, 0x2997808);
														if(__eflags == 0) {
															goto L69;
														} else {
															_t123 = E02985294(0, _t166, _t173, _t173, L"utf8", _t219, _t223, _t236);
															__eflags = _t123;
															if(_t123 == 0) {
																L66:
																_t121 = 0xfde9;
															} else {
																_t124 = E02985294(0, _t166, _t173, _t173, L"utf-8", _t219, _t223, _t236);
																__eflags = _t124;
																if(_t124 == 0) {
																	goto L66;
																} else {
																	__eflags = E0298B1D0(_t173, 0x2997810);
																	if(__eflags != 0) {
																		_t121 = E0297084C(_t173);
																	} else {
																		_t153 = 0x2000000b;
																		L64:
																		r9d = 2;
																		_t120 = L02977F84(_t153, __eflags, _t166, _t173, _t216 + 0x258, _t219, _t223,  &_v520);
																		__eflags = _t120;
																		if(_t120 == 0) {
																			_t121 = 0;
																		} else {
																			_t121 = _v520;
																			__eflags = _t121 - 3;
																			if(_t121 < 3) {
																				goto L66;
																			}
																		}
																	}
																}
															}
														}
													}
												}
												return _t121;
											} else {
												_t80 = _t171 + 0x10;
												 *_t80 =  *(_t171 + 0x10) | 0x00000004;
												__eflags =  *_t80;
												goto L54;
											}
										}
									} else {
										 *(_t171 + 0x10) = 0;
										_t75 = _t219 + 1; // 0x1
										_t117 = _t75;
										L55:
										__eflags = _v240 ^ _t228;
										return L029438C0(_t117, _t139, _t166, _v240 ^ _t228);
									}
								} else {
									goto L14;
								}
							}
						}
					}
				} else {
					L1:
					 *(_t169 + 0x10) = 0;
					_t103 = 1;
					L46:
					return L029438C0(_t103, _t136, _t164, _v40 ^ _t226);
				}
			}

0x029857fc
0x029857fc
0x029857fc
0x029857fc
0x029857fc
0x029857fc
0x029857fc
0x02985801
0x02985806
0x02985807
0x0298580a
0x02985811
0x02985818
0x0298581b
0x02985823
0x02985826
0x0298582b
0x02985836
0x02985836
0x02985840
0x02985845
0x0298584d
0x0298585c
0x02985874
0x02985879
0x0298587d
0x02985881
0x02985883
0x02985932
0x02985935
0x0298593c
0x0298593e
0x02985a9e
0x02985aa6
0x02985aa6
0x00000000
0x02985944
0x0298594e
0x02985957
0x0298595f
0x02985965
0x0298596a
0x0298596c
0x00000000
0x02985972
0x0298597a
0x0298597f
0x02985981
0x00000000
0x02985987
0x02985987
0x0298598a
0x0298598e
0x02985991
0x02985994
0x029859eb
0x029859ee
0x02985a6f
0x02985a6f
0x02985a73
0x02985a73
0x02985a7a
0x02985a7d
0x02985a80
0x00000000
0x02985a82
0x02985a82
0x02985a82
0x02985a85
0x02985a85
0x00000000
0x02985a82
0x029859f0
0x029859f0
0x029859f3
0x029859f6
0x029859f6
0x029859f9
0x029859f9
0x029859ff
0x02985a02
0x00000000
0x02985a04
0x02985a07
0x02985a0c
0x02985a0e
0x02985a53
0x02985a53
0x02985a58
0x02985a58
0x02985a5f
0x02985a62
0x00000000
0x02985a64
0x02985a64
0x02985a64
0x02985a67
0x02985a67
0x00000000
0x02985a6d
0x02985a10
0x02985a10
0x02985a13
0x02985a16
0x02985a19
0x02985a1c
0x02985a1e
0x02985a22
0x02985a22
0x02985a26
0x02985a29
0x02985a2d
0x00000000
0x00000000
0x02985a2f
0x02985a33
0x02985a37
0x00000000
0x00000000
0x00000000
0x02985a39
0x02985a39
0x02985a3c
0x02985a3c
0x02985a22
0x02985a41
0x02985a41
0x02985a44
0x02985a44
0x02985a47
0x02985a47
0x02985a4e
0x02985a51
0x00000000
0x00000000
0x00000000
0x00000000
0x02985a51
0x02985a0e
0x02985a02
0x02985996
0x02985996
0x0298599a
0x0298599a
0x029859a1
0x029859a4
0x029859a7
0x00000000
0x029859ad
0x029859ad
0x029859ad
0x029859b0
0x029859b0
0x02985a8b
0x02985a8b
0x02985a92
0x02985a95
0x02985a9a
0x02985a9c
0x00000000
0x00000000
0x00000000
0x00000000
0x02985a9c
0x029859a7
0x02985994
0x02985981
0x0298596c
0x02985889
0x0298588c
0x0298589a
0x029858a2
0x029858a8
0x029858ad
0x029858af
0x00000000
0x029858b1
0x029858b4
0x029858b9
0x029858be
0x029858c1
0x029858c3
0x029858dd
0x029858e0
0x00000000
0x029858e2
0x029858e2
0x029858e5
0x029859bb
0x029859bb
0x029859bf
0x00000000
0x029859c5
0x029859c8
0x029859cd
0x029859cf
0x00000000
0x029859d5
0x029859d5
0x029859d5
0x029859d5
0x029859d9
0x029859dc
0x029859dc
0x029859df
0x029859df
0x00000000
0x029859e6
0x029859cf
0x029858eb
0x029858ef
0x029858f7
0x029858fc
0x029858fe
0x00000000
0x02985904
0x02985904
0x02985904
0x02985904
0x02985908
0x0298590b
0x0298590b
0x0298590e
0x0298590e
0x00000000
0x0298590b
0x029858fe
0x029858e5
0x029858c5
0x029858c5
0x029858c5
0x029858cb
0x029858ce
0x029858d1
0x029858d1
0x029858d4
0x029858d4
0x02985915
0x02985915
0x02985915
0x0298591c
0x02985922
0x02985925
0x0298592a
0x0298592c
0x02985ad1
0x02985ad1
0x02985ad4
0x02985ad9
0x02985ae0
0x02985ae5
0x02985ae6
0x02985ae7
0x02985ae8
0x02985aed
0x02985af3
0x02985afa
0x02985b01
0x02985b04
0x02985b0c
0x02985b0f
0x02985b14
0x02985b1f
0x02985b1f
0x02985b29
0x02985b2e
0x02985b3c
0x02985b43
0x02985b45
0x02985b52
0x02985b57
0x02985b5c
0x02985b5e
0x02985b8d
0x02985b95
0x02985b95
0x00000000
0x02985b60
0x02985b60
0x02985b60
0x02985b64
0x02985b64
0x02985b67
0x02985b67
0x02985b71
0x02985b71
0x02985b78
0x02985b80
0x02985b85
0x02985b87
0x02985bbd
0x02985bc0
0x02985bc5
0x02985bcc
0x02985bd1
0x02985bd2
0x02985bd3
0x02985bd4
0x02985bd9
0x02985bde
0x02985be5
0x02985be8
0x02985beb
0x02985bee
0x02985c92
0x02985c92
0x00000000
0x02985bf4
0x02985bf4
0x02985bf7
0x00000000
0x02985bfd
0x02985c09
0x02985c0b
0x00000000
0x02985c11
0x02985c1b
0x02985c20
0x02985c22
0x02985c73
0x02985c73
0x02985c24
0x02985c2e
0x02985c33
0x02985c35
0x00000000
0x02985c37
0x02985c46
0x02985c48
0x02985c8b
0x02985c4a
0x02985c4a
0x02985c4f
0x02985c4f
0x02985c61
0x02985c66
0x02985c68
0x02985c99
0x02985c6a
0x02985c6a
0x02985c6e
0x02985c71
0x00000000
0x00000000
0x02985c71
0x02985c68
0x02985c48
0x02985c35
0x02985c22
0x02985c0b
0x02985bf7
0x02985c87
0x02985b89
0x02985b89
0x02985b89
0x02985b89
0x00000000
0x02985b89
0x02985b87
0x02985b47
0x02985b47
0x02985b4a
0x02985b4a
0x02985b98
0x02985ba0
0x02985bbc
0x02985bbc
0x00000000
0x00000000
0x00000000
0x0298592c
0x029858c3
0x029858af
0x0298585e
0x0298585e
0x0298585e
0x02985861
0x02985aa9
0x02985ad0
0x02985ad0

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: ErrorLast$CurrentFeatureInfoLocalePresentProcessProcessortry_get_function
String ID:
API String ID: 959782435-0
Opcode ID: bf7023f060f26f0ef901fbf00dcf4707487eb58e11c426184b626b1352d851af
Instruction ID: 8e8ba27b37f9dcf37abadbe35e0f5b1f81f7867551b93408ae99622cd39983f7
Opcode Fuzzy Hash: bf7023f060f26f0ef901fbf00dcf4707487eb58e11c426184b626b1352d851af
Instruction Fuzzy Hash: 1AA1027261078886DB24FF21D590BAA3366F784B98FCB4226CF5687788DF38C159CB40

Uniqueness

Uniqueness Score: -1.00%

Function 029615EC Relevance: .2, Instructions: 221
COMMONCrypto

Download Yara Rule

C-Code - Quality: 61%

			E029615EC(void* __ebx, unsigned int __ecx, void* __esp, long long __rbx, long long __rcx, void* __rdx, long long __rbp, void* __r8, void* __r9, void* __r10, void* __r12, long long _a16, long long _a24) {
				void* _v40;
				signed int _v48;
				short _v52;
				short _v56;
				long long _v72;
				void* __rdi;
				void* __rsi;
				void* __r13;
				signed int _t76;
				void* _t77;
				signed int _t78;
				signed int _t86;
				short _t100;
				unsigned int _t105;
				void* _t109;
				signed short _t110;
				intOrPtr _t115;
				signed int _t118;
				void* _t121;
				signed short _t122;
				void* _t123;
				void* _t124;
				signed long long _t136;
				long long _t140;
				void* _t150;
				signed long long _t152;
				long long _t153;
				intOrPtr* _t156;
				void* _t157;
				signed long long _t158;
				void* _t160;
				void* _t167;
				void* _t169;
				void* _t170;
				intOrPtr* _t171;
				signed long long _t172;

				_t169 = __r12;
				_t166 = __r10;
				_t161 = __r9;
				_t160 = __r8;
				_t154 = __rbp;
				_t150 = __rdx;
				_t142 = __rcx;
				_t123 = __esp;
				_t104 = __ecx;
				_a16 = __rbx;
				_a24 = __rbp;
				_t158 = _t157 - 0x40;
				_t136 =  *0x29a61e8; // 0xc99624406909
				_t137 = _t136 ^ _t158;
				_v48 = _t136 ^ _t158;
				_t76 =  *(__rcx + 0x42) & 0x0000ffff;
				_t118 = 0x78;
				_t140 = __rcx;
				_t5 = _t153 - 0x20; // 0x58
				_t122 = _t5;
				_t6 = _t153 - 0x77; // 0x1
				r15d = _t6;
				_t124 = _t76 - 0x64;
				if(_t124 > 0) {
					if(_t76 <= 0x67) {
						L33:
						_t77 = L02963E90(_t104, _t109, _t122, _t123, _t140, _t142, _t152, _t153, _t154, _t160, _t161, _t166, _t169, _t170);
						L34:
						if(_t77 != 0) {
							if( *((intOrPtr*)(_t140 + 0x47c)) != 2 ||  *((intOrPtr*)(_t140 + 0x478)) != r15d) {
								if( *((char*)(_t140 + 0x40)) != 0) {
									goto L70;
								}
								_t105 =  *(_t140 + 0x30);
								_v56 = 0;
								_v52 = 0;
								_t21 = _t152 + 0x20; // 0x20
								r13d = _t21;
								if((r15b & _t105 >> 0x00000004) == 0) {
									L48:
									_t110 =  *(_t140 + 0x42) & 0x0000ffff;
									r9d = 0xffdf;
									if((r9w & (_t110 & 0x0000ffff) - _t122) != 0 || (r15b & _t105 >> 0x00000005) == 0) {
										r8b = 0;
									} else {
										r8b = r15b;
									}
									r9d = 0x30;
									_t86 = _t150 - 0x00000041 & 0xffffff00 | (r9w & _t150 - 0x00000041) == 0x00000000;
									if(r8b != 0 || _t86 != 0) {
										 *(_t158 + 0x30 + _t152 * 2) = r9w;
										if(_t110 == _t122 || _t110 == 0x41) {
											_t118 = _t122 & 0x0000ffff;
										}
										 *(_t158 + 0x32 + _t152 * 2) = _t118;
										_t152 = _t152 + 2;
									}
									_t121 =  *((intOrPtr*)(_t140 + 0x34)) -  *((intOrPtr*)(_t140 + 0x50));
									if((_t105 & 0x0000000c) == 0) {
										r8d = _t121;
										E02958F14(r13b, _t140, _t140 + 0x468, _t152, _t153, _t154, _t140 + 0x28);
									}
									_t171 = _t140 + 0x468;
									_t156 = _t140 + 0x28;
									if((r15b &  *( *_t171 + 0x14) >> 0x0000000c) == 0) {
										L63:
										_t137 = _t140 + 0x10;
										r8d = 0;
										_v72 = _t140 + 0x10;
										_t63 =  &_v56; // 0x20
										E0296A940(_t140, _t171, _t63, _t152, _t153, _t156, _t156);
										goto L64;
									} else {
										_t137 =  *_t171;
										if( *((long long*)( *_t171 + 8)) != 0) {
											goto L63;
										}
										 *_t156 =  *_t156;
										L64:
										_t104 =  *(_t140 + 0x30);
										if((r15b & _t104 >> 0x00000003) != 0 && (r15b & _t104) == 0) {
											r8d = _t121;
											E02958F14(0x30, _t140, _t171, _t152, _t153, _t156, _t156);
										}
										E0296A1E0(_t104, 0, _t140, _t140, _t156);
										if( *_t156 >= 0) {
											_t104 =  *(_t140 + 0x30) >> 2;
											if((r15b &  *(_t140 + 0x30) >> 0x00000002) != 0) {
												r8d = _t121;
												E02958F14(r13b, _t140, _t171, _t152, _t153, _t156, _t156);
											}
										}
										goto L70;
									}
								}
								if((r15b & _t105 >> 0x00000006) == 0) {
									if((r15b & _t105) == 0) {
										if((r15b & _t105 >> 0x00000001) == 0) {
											goto L48;
										}
										_v56 = r13w;
										L47:
										_t152 = _t172;
										goto L48;
									}
									_t100 = 0x2b;
									L42:
									_v56 = _t100;
									goto L47;
								}
								_t26 = _t152 + 0x2d; // 0x2d
								_t100 = _t26;
								goto L42;
							} else {
								L70:
								_t78 = r15b;
								L71:
								return L029438C0(_t78, _t104, _t137, _v48 ^ _t158);
							}
						}
						L35:
						_t78 = 0;
						goto L71;
					}
					if(_t76 == 0x69) {
						L29:
						 *(_t142 + 0x30) =  *(_t142 + 0x30) | 0x00000010;
						L30:
						_t115 = 0xa;
						L31:
						r8d = 0;
						L32:
						_t77 = L02965F9C(_t115, _t118, _t140, _t142, _t150, _t154);
						goto L34;
					}
					if(_t76 == 0x6e) {
						_t77 = E02966F64(__ecx, _t109, _t137, __rcx, __rcx, _t153, __r9, __r10);
						goto L34;
					}
					if(_t76 == 0x6f) {
						_t104 =  *(__rcx + 0x30);
						if((r15b & _t104 >> 0x00000005) != 0) {
							asm("bts ecx, 0x7");
							 *(__rcx + 0x30) = _t104;
						}
						_t115 = 8;
						_t142 = _t140;
						goto L31;
					}
					if(_t76 == 0x70) {
						 *((intOrPtr*)(__rcx + 0x38)) = 0x10;
						 *((intOrPtr*)(__rcx + 0x3c)) = 0xb;
						L24:
						r8b = r15b;
						_t115 = 0x10;
						goto L32;
					}
					if(_t76 == 0x73) {
						L22:
						_t77 = L02967B38(_t104, _t109, _t137, _t140, _t142, _t153, _t154, _t161, _t166, _t167);
						goto L34;
					}
					if(_t76 == 0x75) {
						goto L30;
					}
					if(_t76 != 0x78) {
						goto L35;
					}
					_t115 = 0x10;
					goto L31;
				}
				if(_t124 == 0) {
					goto L29;
				}
				if(_t76 == 0x41) {
					goto L33;
				}
				if(_t76 == 0x43) {
					L11:
					_t77 = E02964E58(0, _t122, _t140, _t142, _t153, _t154, _t161, _t166);
					goto L34;
				}
				if(_t76 <= 0x44) {
					goto L35;
				}
				if(_t76 <= 0x47) {
					goto L33;
				}
				if(_t76 == 0x53) {
					goto L22;
				}
				if(_t76 == _t122) {
					goto L24;
				}
				if(_t76 == 0x5a) {
					_t77 = E02962DDC(__ecx, __rcx, __rcx, _t153, __r9, __r10);
					goto L34;
				}
				if(_t76 == 0x61) {
					goto L33;
				}
				if(_t76 != 0x63) {
					goto L35;
				}
				goto L11;
			}

0x029615ec
0x029615ec
0x029615ec
0x029615ec
0x029615ec
0x029615ec
0x029615ec
0x029615ec
0x029615ec
0x029615ec
0x029615f1
0x029615fe
0x02961602
0x02961609
0x0296160c
0x02961611
0x02961615
0x0296161a
0x0296161d
0x0296161d
0x02961620
0x02961620
0x02961624
0x02961628
0x02961693
0x02961720
0x02961720
0x02961725
0x02961727
0x02961737
0x0296174a
0x00000000
0x00000000
0x02961750
0x02961755
0x0296175b
0x02961765
0x02961765
0x0296176c
0x029617a0
0x029617a0
0x029617a4
0x029617b4
0x029617c5
0x029617c0
0x029617c0
0x029617c0
0x029617cf
0x029617d5
0x029617db
0x029617e1
0x029617ea
0x029617f2
0x029617f2
0x029617f5
0x029617fa
0x029617fa
0x02961804
0x02961809
0x0296180f
0x0296181c
0x0296181c
0x02961821
0x0296182b
0x02961838
0x02961849
0x02961849
0x02961850
0x02961853
0x02961858
0x02961860
0x00000000
0x0296183a
0x0296183a
0x02961842
0x00000000
0x00000000
0x02961844
0x02961865
0x02961865
0x02961870
0x0296187d
0x02961885
0x02961885
0x0296188f
0x02961898
0x0296189d
0x029618a3
0x029618a8
0x029618b1
0x029618b1
0x029618a3
0x00000000
0x02961898
0x02961838
0x02961776
0x02961785
0x02961795
0x00000000
0x00000000
0x02961797
0x0296179d
0x0296179d
0x00000000
0x0296179d
0x02961787
0x0296177b
0x0296177b
0x00000000
0x0296177b
0x02961778
0x02961778
0x00000000
0x029618b6
0x029618b6
0x029618b6
0x029618b9
0x029618de
0x029618de
0x02961737
0x02961729
0x02961729
0x00000000
0x02961729
0x0296169d
0x0296170d
0x0296170d
0x02961711
0x02961711
0x02961716
0x02961716
0x02961719
0x02961719
0x00000000
0x02961719
0x029616a3
0x02961706
0x00000000
0x02961706
0x029616a9
0x029616e8
0x029616f3
0x029616f5
0x029616f9
0x029616f9
0x029616fc
0x02961701
0x00000000
0x02961701
0x029616af
0x029616d0
0x029616d7
0x029616de
0x029616de
0x029616e1
0x00000000
0x029616e1
0x029616b5
0x029616c9
0x029616c9
0x00000000
0x029616c9
0x029616bb
0x00000000
0x00000000
0x029616c0
0x00000000
0x00000000
0x029616c2
0x00000000
0x029616c2
0x0296162a
0x00000000
0x00000000
0x02961634
0x00000000
0x00000000
0x0296163e
0x02961679
0x0296167b
0x00000000
0x0296167b
0x02961644
0x00000000
0x00000000
0x0296164e
0x00000000
0x00000000
0x02961658
0x00000000
0x00000000
0x0296165d
0x00000000
0x00000000
0x02961663
0x02961685
0x00000000
0x02961685
0x02961669
0x00000000
0x00000000
0x02961673
0x00000000
0x00000000
0x00000000

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e1a1316b2d70b2affc6e9866e08d50e2a8cf4b6a74b295e3aea0f5fc3938ced
Instruction ID: 34ab913843db74bce7f35fb5337ca23731a20e8b913b332aab63063e90c214de
Opcode Fuzzy Hash: 7e1a1316b2d70b2affc6e9866e08d50e2a8cf4b6a74b295e3aea0f5fc3938ced
Instruction Fuzzy Hash: A271462A71034086DB78DF2A901C7BA27EAF784B8CF886526DE4E47358DB35C487CB45

Uniqueness

Uniqueness Score: -1.00%

Function 0296130C Relevance: .2, Instructions: 217
COMMONCrypto

Download Yara Rule

C-Code - Quality: 59%

			E0296130C(void* __ebx, unsigned int __ecx, void* __esp, long long __rbx, void* __rcx, void* __rdx, long long __rbp, void* __r8, void* __r10, void* __r12, long long _a16, long long _a24) {
				void* _v40;
				signed int _v48;
				short _v52;
				short _v56;
				long long _v72;
				void* __rdi;
				void* __rsi;
				void* __r13;
				void* __r15;
				signed int _t74;
				void* _t75;
				signed int _t76;
				signed char _t80;
				signed short _t82;
				signed short _t83;
				signed int _t84;
				signed char _t87;
				signed char _t93;
				signed char _t95;
				signed char _t97;
				short _t98;
				signed char _t100;
				unsigned int _t103;
				signed char _t105;
				void* _t107;
				signed short _t108;
				intOrPtr _t113;
				void* _t115;
				signed int _t117;
				signed int _t120;
				signed short _t121;
				void* _t122;
				void* _t123;
				signed long long _t135;
				void* _t139;
				void* _t149;
				signed int _t151;
				void* _t152;
				signed int* _t155;
				void* _t156;
				signed long long _t157;
				void* _t159;
				void* _t164;
				void* _t165;
				void* _t167;
				void* _t168;
				intOrPtr* _t169;
				signed int _t170;

				_t167 = __r12;
				_t164 = __r10;
				_t159 = __r8;
				_t153 = __rbp;
				_t149 = __rdx;
				_t141 = __rcx;
				_t122 = __esp;
				_t102 = __ecx;
				_a16 = __rbx;
				_a24 = __rbp;
				_t157 = _t156 - 0x40;
				_t135 =  *0x29a61e8; // 0xc99624406909
				_t136 = _t135 ^ _t157;
				_v48 = _t135 ^ _t157;
				_t74 =  *(__rcx + 0x42) & 0x0000ffff;
				_t117 = 0x78;
				_t139 = __rcx;
				_t5 = _t152 - 0x20; // 0x58
				_t121 = _t5;
				_t6 = _t152 - 0x77; // 0x1
				r15d = _t6;
				_t123 = _t74 - 0x64;
				if(_t123 > 0) {
					__eflags = _t74 - 0x67;
					if(_t74 <= 0x67) {
						L33:
						_t75 = L02963CB0(_t102, _t107, _t115, _t121, _t122, _t139, _t141, _t151, _t152, _t153, _t159, _t164, _t167, _t168, _t170);
						L34:
						if(_t75 != 0) {
							__eflags =  *((char*)(_t139 + 0x40));
							if( *((char*)(_t139 + 0x40)) != 0) {
								L68:
								_t76 = r15b;
								L69:
								return L029438C0(_t76, _t102, _t136, _v48 ^ _t157);
							}
							_t103 =  *(_t139 + 0x30);
							_v56 = 0;
							_v52 = 0;
							_t80 = _t103 >> 4;
							_t19 = _t151 + 0x20; // 0x20
							r13d = _t19;
							__eflags = r15b & _t80;
							if((r15b & _t80) == 0) {
								L46:
								_t108 =  *(_t139 + 0x42) & 0x0000ffff;
								r9d = 0xffdf;
								_t82 = (_t108 & 0x0000ffff) - _t121;
								__eflags = r9w & _t82;
								if((r9w & _t82) != 0) {
									L49:
									r8b = 0;
									__eflags = r8b;
									L50:
									_t83 = _t149 - 0x41;
									__eflags = r9w & _t83;
									r9d = 0x30;
									_t84 = _t83 & 0xffffff00 | (r9w & _t83) == 0x00000000;
									__eflags = r8b;
									if(r8b != 0) {
										L52:
										 *(_t157 + 0x30 + _t151 * 2) = r9w;
										__eflags = _t108 - _t121;
										if(_t108 == _t121) {
											L54:
											_t117 = _t121 & 0x0000ffff;
											L55:
											 *(_t157 + 0x32 + _t151 * 2) = _t117;
											__eflags = _t151;
											L56:
											_t120 =  *((intOrPtr*)(_t139 + 0x34)) -  *((intOrPtr*)(_t139 + 0x50));
											__eflags = _t103 & 0x0000000c;
											if((_t103 & 0x0000000c) == 0) {
												r8d = _t120;
												E02958F14(r13b, _t139, _t139 + 0x468, _t151, _t152, _t153, _t139 + 0x28);
											}
											_t169 = _t139 + 0x468;
											_t155 = _t139 + 0x28;
											_t105 =  *( *_t169 + 0x14) >> 0xc;
											__eflags = r15b & _t105;
											if((r15b & _t105) == 0) {
												L61:
												_t136 = _t139 + 0x10;
												r8d = 0;
												_v72 = _t139 + 0x10;
												E0296A940(_t139, _t169,  &_v56, _t151, _t152, _t155, _t155);
												goto L62;
											} else {
												_t136 =  *_t169;
												__eflags =  *((long long*)(_t136 + 8));
												if( *((long long*)(_t136 + 8)) != 0) {
													goto L61;
												}
												 *_t155 =  *_t155;
												L62:
												_t102 =  *(_t139 + 0x30);
												_t87 = _t102 >> 3;
												__eflags = r15b & _t87;
												if((r15b & _t87) != 0) {
													_t102 = _t102 >> 2;
													__eflags = r15b & _t102;
													if((r15b & _t102) == 0) {
														r8d = _t120;
														E02958F14(0x30, _t139, _t169, _t151, _t152, _t155, _t155);
													}
												}
												E0296A0D8(_t102, 0, _t139, _t139, _t155);
												__eflags =  *_t155;
												if( *_t155 >= 0) {
													_t102 =  *(_t139 + 0x30) >> 2;
													__eflags = r15b & _t102;
													if((r15b & _t102) != 0) {
														r8d = _t120;
														E02958F14(r13b, _t139, _t169, _t151, _t152, _t155, _t155);
													}
												}
												goto L68;
											}
										}
										__eflags = _t108 - 0x41;
										if(_t108 != 0x41) {
											goto L55;
										}
										goto L54;
									}
									__eflags = _t84;
									if(_t84 == 0) {
										goto L56;
									}
									goto L52;
								}
								_t93 = _t103 >> 5;
								__eflags = r15b & _t93;
								if((r15b & _t93) == 0) {
									goto L49;
								}
								r8b = r15b;
								goto L50;
							}
							_t95 = _t103 >> 6;
							__eflags = r15b & _t95;
							if((r15b & _t95) == 0) {
								__eflags = r15b & _t103;
								if((r15b & _t103) == 0) {
									_t97 = _t103 >> 1;
									__eflags = r15b & _t97;
									if((r15b & _t97) == 0) {
										goto L46;
									}
									_v56 = r13w;
									L45:
									_t151 = _t170;
									goto L46;
								}
								_t98 = 0x2b;
								L40:
								_v56 = _t98;
								goto L45;
							}
							_t24 = _t151 + 0x2d; // 0x2d
							_t98 = _t24;
							goto L40;
						}
						L35:
						_t76 = 0;
						goto L69;
					}
					__eflags = _t74 - 0x69;
					if(_t74 == 0x69) {
						L29:
						_t13 = _t141 + 0x30;
						 *_t13 =  *(_t141 + 0x30) | 0x00000010;
						__eflags =  *_t13;
						L30:
						_t113 = 0xa;
						L31:
						r8d = 0;
						__eflags = r8d;
						L32:
						_t75 = L02965DD0(_t113, _t117, _t139, _t141, _t149, _t152, _t153);
						goto L34;
					}
					__eflags = _t74 - 0x6e;
					if(_t74 == 0x6e) {
						_t75 = E02966E88(_t107, __rcx, __rcx, __rdx, _t152);
						goto L34;
					}
					__eflags = _t74 - 0x6f;
					if(_t74 == 0x6f) {
						_t102 =  *(__rcx + 0x30);
						_t100 = _t102 >> 5;
						__eflags = r15b & _t100;
						if((r15b & _t100) != 0) {
							asm("bts ecx, 0x7");
							 *(__rcx + 0x30) = _t102;
						}
						_t113 = 8;
						_t141 = _t139;
						goto L31;
					}
					__eflags = _t74 - 0x70;
					if(_t74 == 0x70) {
						 *((intOrPtr*)(__rcx + 0x38)) = 0x10;
						 *((intOrPtr*)(__rcx + 0x3c)) = 0xb;
						L24:
						r8b = r15b;
						_t113 = 0x10;
						goto L32;
					}
					__eflags = _t74 - 0x73;
					if(_t74 == 0x73) {
						L22:
						_t75 = L02967A70(_t121, _t139, _t141, _t152, _t153, _t165);
						goto L34;
					}
					__eflags = _t74 - 0x75;
					if(_t74 == 0x75) {
						goto L30;
					}
					__eflags = _t74 - 0x78;
					if(_t74 != 0x78) {
						goto L35;
					} else {
						_t113 = 0x10;
						goto L31;
					}
				}
				if(_t123 == 0) {
					goto L29;
				}
				if(_t74 == 0x41) {
					goto L33;
				}
				if(_t74 == 0x43) {
					L11:
					_t75 = E02964DB0(_t121, _t132, _t139, _t141, _t152, _t153);
					goto L34;
				}
				if(_t74 <= 0x44) {
					goto L35;
				}
				if(_t74 <= 0x47) {
					goto L33;
				}
				if(_t74 == 0x53) {
					goto L22;
				}
				if(_t74 == _t121) {
					goto L24;
				}
				if(_t74 == 0x5a) {
					_t75 = E02962D60(__ecx, __rcx, __rcx, _t152);
					goto L34;
				}
				if(_t74 == 0x61) {
					goto L33;
				}
				_t132 = _t74 - 0x63;
				if(_t74 != 0x63) {
					goto L35;
				}
				goto L11;
			}

0x0296130c
0x0296130c
0x0296130c
0x0296130c
0x0296130c
0x0296130c
0x0296130c
0x0296130c
0x0296130c
0x02961311
0x0296131e
0x02961322
0x02961329
0x0296132c
0x02961331
0x02961335
0x0296133a
0x0296133d
0x0296133d
0x02961340
0x02961340
0x02961344
0x02961348
0x029613af
0x029613b3
0x02961440
0x02961440
0x02961445
0x02961447
0x02961450
0x02961454
0x029615c0
0x029615c0
0x029615c3
0x029615e8
0x029615e8
0x0296145a
0x0296145f
0x02961465
0x0296146c
0x0296146f
0x0296146f
0x02961473
0x02961476
0x029614aa
0x029614aa
0x029614ae
0x029614b7
0x029614ba
0x029614be
0x029614cf
0x029614cf
0x029614cf
0x029614d2
0x029614d2
0x029614d5
0x029614d9
0x029614df
0x029614e2
0x029614e5
0x029614eb
0x029614eb
0x029614f1
0x029614f4
0x029614fc
0x029614fc
0x029614ff
0x029614ff
0x02961504
0x02961508
0x0296150e
0x02961510
0x02961513
0x02961519
0x02961526
0x02961526
0x0296152b
0x02961535
0x0296153c
0x0296153f
0x02961542
0x02961553
0x02961553
0x0296155a
0x0296155d
0x0296156a
0x00000000
0x02961544
0x02961544
0x02961547
0x0296154c
0x00000000
0x00000000
0x0296154e
0x0296156f
0x0296156f
0x02961574
0x02961577
0x0296157a
0x0296157c
0x0296157f
0x02961582
0x02961587
0x0296158f
0x0296158f
0x02961582
0x02961599
0x0296159e
0x029615a2
0x029615a7
0x029615aa
0x029615ad
0x029615b2
0x029615bb
0x029615bb
0x029615ad
0x00000000
0x029615a2
0x02961542
0x029614f6
0x029614fa
0x00000000
0x00000000
0x00000000
0x029614fa
0x029614e7
0x029614e9
0x00000000
0x00000000
0x00000000
0x029614e9
0x029614c2
0x029614c5
0x029614c8
0x00000000
0x00000000
0x029614ca
0x00000000
0x029614ca
0x0296147a
0x0296147d
0x02961480
0x0296148c
0x0296148f
0x0296149a
0x0296149c
0x0296149f
0x00000000
0x00000000
0x029614a1
0x029614a7
0x029614a7
0x00000000
0x029614a7
0x02961491
0x02961485
0x02961485
0x00000000
0x02961485
0x02961482
0x02961482
0x00000000
0x02961482
0x02961449
0x02961449
0x00000000
0x02961449
0x029613b9
0x029613bd
0x0296142d
0x0296142d
0x0296142d
0x0296142d
0x02961431
0x02961431
0x02961436
0x02961436
0x02961436
0x02961439
0x02961439
0x00000000
0x02961439
0x029613bf
0x029613c3
0x02961426
0x00000000
0x02961426
0x029613c5
0x029613c9
0x02961408
0x0296140d
0x02961410
0x02961413
0x02961415
0x02961419
0x02961419
0x0296141c
0x02961421
0x00000000
0x02961421
0x029613cb
0x029613cf
0x029613f0
0x029613f7
0x029613fe
0x029613fe
0x02961401
0x00000000
0x02961401
0x029613d1
0x029613d5
0x029613e9
0x029613e9
0x00000000
0x029613e9
0x029613d7
0x029613db
0x00000000
0x00000000
0x029613dd
0x029613e0
0x00000000
0x029613e2
0x029613e2
0x00000000
0x029613e2
0x029613e0
0x0296134a
0x00000000
0x00000000
0x02961354
0x00000000
0x00000000
0x0296135e
0x02961399
0x0296139b
0x00000000
0x0296139b
0x02961364
0x00000000
0x00000000
0x0296136e
0x00000000
0x00000000
0x02961378
0x00000000
0x00000000
0x0296137d
0x00000000
0x00000000
0x02961383
0x029613a5
0x00000000
0x029613a5
0x02961389
0x00000000
0x00000000
0x0296138f
0x02961393
0x00000000
0x00000000
0x00000000

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: d147bda85f63eac67d884d36eaf6efedc3cdb0c093dabe15d3b9c79d8896413d
Instruction ID: 6adc7f7e27f5cb7e5fba066257473ce009bb7663d5f0d0aa64e4f3edbe2e98f7
Opcode Fuzzy Hash: d147bda85f63eac67d884d36eaf6efedc3cdb0c093dabe15d3b9c79d8896413d
Instruction Fuzzy Hash: BA61372671020186CF78DF2AD01CBBA67EAF784B88FC45526DE4E57B58C739C486C745

Uniqueness

Uniqueness Score: -1.00%

Function 0296D410 Relevance: .1, Instructions: 126
COMMONLIBRARYCODECrypto

Download Yara Rule

C-Code - Quality: 67%

			E0296D410(signed int __edx, void* __edi, void* __esp, long long __rbx, signed long long*** __rcx, long long __rsi) {
				int _t21;
				signed int _t22;
				void* _t32;
				signed int _t37;
				signed int _t46;
				signed int _t48;
				void* _t49;
				void* _t52;
				signed long long _t62;
				signed int* _t69;
				signed long long _t72;
				signed long long _t75;
				signed long long _t88;
				signed long long _t89;
				signed long long _t91;
				signed long long _t101;
				signed long long _t106;
				long long _t108;
				void* _t110;
				void* _t113;
				signed long long _t115;
				signed long long _t116;
				signed long long _t119;
				signed long long*** _t121;

				_t52 = __esp;
				_t49 = __edi;
				_t48 = __edx;
				 *((long long*)(_t110 + 0x10)) = __rbx;
				 *((long long*)(_t110 + 0x18)) = _t108;
				 *((long long*)(_t110 + 0x20)) = __rsi;
				_t62 =  *((intOrPtr*)(__rcx));
				_t121 = __rcx;
				_t69 =  *_t62;
				if(_t69 == 0) {
					L8:
					_t22 = _t21 | 0xffffffff;
					L9:
					return _t22;
				}
				_t116 =  *0x29a61e8; // 0xc99624406909
				_t106 = _t116 ^  *_t69;
				_t115 = _t69[2] ^ _t116;
				_t37 = r10d & 0x0000003f;
				_t72 = _t69[4] ^ _t116;
				asm("dec eax");
				asm("dec eax");
				asm("dec ecx");
				if(_t115 != _t72) {
					L7:
					r8d = 0x40;
					_t14 = _t115 + 8; // 0x2944959
					asm("dec eax");
					 *_t115 =  *(_t121[1]) ^ _t116;
					_t88 =  *0x29a61e8; // 0xc99624406909
					asm("dec eax");
					 *( *( *_t121)) = _t106 ^ _t88;
					_t89 =  *0x29a61e8; // 0xc99624406909
					asm("dec eax");
					( *( *_t121))[1] = _t14 ^ _t89;
					_t91 =  *0x29a61e8; // 0xc99624406909
					r8d = r8d - (_t48 & 0x0000003f);
					asm("dec eax");
					_t22 = 0;
					( *( *_t121))[2] = _t72 ^ _t91;
					goto L9;
				}
				_t75 = _t72 - _t106 >> 3;
				_t99 =  >  ? _t62 : _t75;
				_t6 = _t108 + 0x20; // 0x20
				_t32 = _t6;
				_t100 = ( >  ? _t62 : _t75) + _t75;
				_t101 =  ==  ? _t62 : ( >  ? _t62 : _t75) + _t75;
				if(_t101 < _t75) {
					L4:
					_t101 = _t75 + 4;
					r8d = 8;
					L0297D880(_t32, _t37, _t49, _t52, _t75, _t106, _t101, _t106, _t108, _t113, _t115);
					_t46 = 0;
					_t119 = _t62;
					_t21 = E02971650(_t62, _t106);
					if(_t119 == 0) {
						goto L8;
					}
					L5:
					_t116 =  *0x29a61e8; // 0xc99624406909
					_t115 = _t119 + _t75 * 8;
					_t72 = _t119 + _t101 * 8;
					_t106 = _t119;
					_t84 =  >  ? _t108 : _t72 - _t115 + 7 >> 3;
					_t61 =  >  ? _t108 : _t72 - _t115 + 7 >> 3;
					if(( >  ? _t108 : _t72 - _t115 + 7 >> 3) != 0) {
						memset(_t49, _t21, _t46 << 0);
						_t116 =  *0x29a61e8; // 0xc99624406909
					}
					goto L7;
				}
				_t7 = _t108 + 8; // 0x8
				r8d = _t7;
				L0297D880(_t32, _t37, __edi, __esp, _t75, _t106, _t101, _t106, _t108, _t113, _t115);
				_t46 = 0;
				_t119 = _t62;
				_t21 = E02971650(_t62, _t106);
				if(_t119 != 0) {
					goto L5;
				}
				goto L4;
			}

0x0296d410
0x0296d410
0x0296d410
0x0296d410
0x0296d415
0x0296d41a
0x0296d428
0x0296d42d
0x0296d430
0x0296d436
0x0296d5a4
0x0296d5a4
0x0296d5a7
0x0296d5bf
0x0296d5bf
0x0296d43c
0x0296d44a
0x0296d44d
0x0296d457
0x0296d45a
0x0296d45d
0x0296d460
0x0296d463
0x0296d469
0x0296d516
0x0296d516
0x0296d51c
0x0296d535
0x0296d53b
0x0296d53e
0x0296d551
0x0296d55a
0x0296d560
0x0296d571
0x0296d57a
0x0296d57e
0x0296d58a
0x0296d593
0x0296d59c
0x0296d59e
0x00000000
0x0296d59e
0x0296d477
0x0296d481
0x0296d485
0x0296d485
0x0296d488
0x0296d48b
0x0296d492
0x0296d4b2
0x0296d4b2
0x0296d4b6
0x0296d4c2
0x0296d4c7
0x0296d4c9
0x0296d4cc
0x0296d4d4
0x00000000
0x00000000
0x0296d4da
0x0296d4da
0x0296d4e1
0x0296d4e5
0x0296d4e9
0x0296d4fd
0x0296d501
0x0296d504
0x0296d50c
0x0296d50f
0x0296d50f
0x00000000
0x0296d504
0x0296d494
0x0296d494
0x0296d49e
0x0296d4a3
0x0296d4a5
0x0296d4a8
0x0296d4b0
0x00000000
0x00000000
0x00000000

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: e1daadd36a4e3a88873eb1957b71dc93fb39e470cbcfbe2c52fbcb93724d0126
Instruction ID: 1231c4802022709adf914f0bb51eceb32e21514391c469e48bf69c6e02c4dbab
Opcode Fuzzy Hash: e1daadd36a4e3a88873eb1957b71dc93fb39e470cbcfbe2c52fbcb93724d0126
Instruction Fuzzy Hash: B941D232310A5486EF48CF6AD918369B7A5E788FD8F099027DE5D87B18EF3CC1428340

Uniqueness

Uniqueness Score: -1.00%

Function 0298E000 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbc65771badfdac3d0807931a2b83f74aca51e23ccee24e6315d7700b3be9650
Instruction ID: 3a8ce371eeb09c4a62b1c42413e66e5be1fd7038826566f7c559e9a1dc80e0dc
Opcode Fuzzy Hash: bbc65771badfdac3d0807931a2b83f74aca51e23ccee24e6315d7700b3be9650
Instruction Fuzzy Hash: FDF096717143948BDBE8DF2CE85272D7BD0F7183C4F948029E68983B14D63C80A08F44

Uniqueness

Uniqueness Score: -1.00%

Function 02944B58 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33382b1709f30304308afcaefe891048c6bc7e5cd2028736e5cd4be644d65bac
Instruction ID: 78020987489f30d27ce35b25491f127b120ef25d9643756f9b3f85327c0a2efc
Opcode Fuzzy Hash: 33382b1709f30304308afcaefe891048c6bc7e5cd2028736e5cd4be644d65bac
Instruction Fuzzy Hash: 52A00225104C81D0E7059F46E959B142330F390310F40501AC40D550A09B39C485C305

Uniqueness

Uniqueness Score: -1.00%

Function 0293AB90 Relevance: 51.0, APIs: 20, Strings: 9, Instructions: 242
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 17%

			E0293AB90(void* __edx, void* __edi, void* __esi, void* __esp, long long __rax, long long __rcx, long long __rdx, void* __r8, long long _a8, long long _a16) {
				void* _v32;
				void* _v40;
				void* _v52;
				void* _v80;
				void* _v92;
				long _v104;
				long _v108;
				long _v112;
				long _v116;
				char _v120;
				void* _v132;
				long _v144;
				long _v148;
				void* _v160;
				void* _v172;
				long _v188;
				void* _v292;
				void* _v340;
				long long _v344;
				char _v352;
				char _v356;
				long long _v360;
				char _v368;
				char _v376;
				char _v384;
				char _v392;
				char _v400;
				void* _v404;
				long long _v408;
				void* _v416;
				char _v424;
				long long _v432;
				long long _v440;
				long long _v448;
				long long _v456;
				long long _v464;
				long long _v472;
				long long _v480;
				void* _v488;
				long long _v504;
				long long _v512;
				long long _v520;
				long long _v560;
				long long _v568;
				intOrPtr _t92;
				long long _t102;
				void* _t159;
				void* _t167;
				void* _t176;
				long long _t191;
				long long _t197;
				long long _t199;
				long long _t200;

				_t191 = __rax;
				_t176 = __esi;
				_t159 = __edi;
				_a16 = __rdx;
				_a8 = __rcx;
				_v376 = 0;
				_v368 = 0;
				_v384 = 0;
				_v392 = 0;
				_v408 = 0;
				_v344 = 0;
				_v360 = 0;
				SetLastError(??);
				if(E0293B100(__rax, _a8) != 0) {
					__eflags =  *0x29aa9b0;
					if(__eflags == 0) {
						E02939370(0, __edi, __eflags, L"crypt32.dll");
						 *0x29aa9b0 = _t191;
						__eflags =  *0x29aa9b0;
						if( *0x29aa9b0 != 0) {
							GetProcAddress();
							 *0x29aa9b8 = _t191;
							GetProcAddress(??, ??);
							 *0x29aa9c0 = _t191;
							GetProcAddress(??, ??);
							 *0x29aa9c8 = _t191;
							GetProcAddress(??, ??);
							 *0x29aa9d0 = _t191;
							GetProcAddress(??, ??);
							 *0x29aa9d8 = _t191;
							GetProcAddress(??, ??);
							 *0x29aa9e0 = _t191;
							GetProcAddress(??, ??);
							 *0x29aa9e8 = _t191;
							GetProcAddress(??, ??);
							 *0x29aa9f0 = _t191;
						}
					}
					__eflags =  *0x29aa9b8;
					if( *0x29aa9b8 == 0) {
						L13:
						_t92 = 0;
						goto L39;
					}
					__eflags =  *0x29aa9c0;
					if( *0x29aa9c0 == 0) {
						goto L13;
					}
					__eflags =  *0x29aa9c8;
					if( *0x29aa9c8 == 0) {
						goto L13;
					}
					__eflags =  *0x29aa9d0;
					if( *0x29aa9d0 == 0) {
						goto L13;
					}
					__eflags =  *0x29aa9d8;
					if( *0x29aa9d8 == 0) {
						goto L13;
					}
					__eflags =  *0x29aa9e0;
					if( *0x29aa9e0 == 0) {
						goto L13;
					}
					__eflags =  *0x29aa9e8;
					if( *0x29aa9e8 == 0) {
						goto L13;
					}
					__eflags =  *0x29aa9f0;
					if( *0x29aa9f0 != 0) {
						_v424 = 0;
						_v432 =  &_v384;
						_v440 =  &_v368;
						_v448 =  &_v356;
						_v456 =  &_v120;
						_v464 =  &_v352;
						_v472 = 0;
						r9d = 2;
						r8d = 0x400;
						_v360 =  *0x29aa9e0();
						__eflags = _v360;
						if(_v360 != 0) {
							_t197 =  &_v400;
							_v472 = _t197;
							r9d = 0;
							r8d = 0;
							_v360 =  *0x29aa9d8();
							__eflags = _v360;
							if(_v360 != 0) {
								LocalAlloc();
								_v392 = _t197;
								__eflags = _v392;
								if(_v392 != 0) {
									_v472 =  &_v400;
									r8d = 0;
									_v360 =  *0x29aa9d8();
									__eflags = _v360;
									if(_v360 != 0) {
										memcpy(_t159, _t176, 0x10);
										memcpy(_t176 + 0x20, _t176, 0x10);
										memcpy(_t176 + 0x20, _t176, 0x10);
										memcpy(_t176 + 0x20, _t176, 0x10);
										_t167 = _t176 + 0x20;
										_v512 = 0;
										_t199 =  &_v376;
										_v520 = _t199;
										r9d = 0xb0000;
										r8d = 0;
										 *0x29aa9d0();
										_v456 = _t199;
										__eflags = _v456;
										if(_v456 != 0) {
											__eflags = _v32;
											if(_v32 == 0) {
												L27:
												_t102 = E0293B5D0(_v440,  &_v392);
												__eflags = _t102;
												if(_t102 != 0) {
													memcpy(_t167, _t176, 0x10);
													memcpy(_t176 + 0x20, _t176, 0x10);
													memcpy(_t176 + 0x20, _t176, 0x10);
													memcpy(_t176 + 0x20, _t176, 0x10);
													_v560 = 0;
													_t200 =  &_v424;
													_v568 = _t200;
													r9d = 0xb0000;
													r8d = 0;
													 *0x29aa9d0();
													_v504 = _t200;
													__eflags = _v504;
													if(_v504 != 0) {
														_v456 = 1;
													} else {
														_v188 = GetLastError();
													}
												}
												goto L32;
											}
											 *_v32 = E0293B370(_v456);
											_v144 = GetLastError();
											__eflags = _v144;
											if(_v144 == 0) {
												goto L27;
											}
											goto L32;
										}
										_v148 = GetLastError();
										goto L32;
									}
									_v104 = GetLastError();
									goto L32;
								}
								_v108 = GetLastError();
								goto L32;
							}
							_v112 = GetLastError();
							goto L32;
						}
						_v116 = GetLastError();
						goto L32;
					}
					goto L13;
				} else {
					SetLastError();
					L32:
					LocalFree();
					LocalFree(??);
					if(_v504 != 0) {
						 *0x29aa9c8();
					}
					if(_v464 != 0) {
						 *0x29aa9c0();
					}
					if(_v480 != 0) {
						 *0x29aa9b8();
					}
					_t92 = _v456;
					L39:
					return _t92;
				}
			}

0x0293ab90
0x0293ab90
0x0293ab90
0x0293ab90
0x0293ab95
0x0293aba3
0x0293abaf
0x0293abbb
0x0293abc4
0x0293abcd
0x0293abd6
0x0293abe2
0x0293abef
0x0293ac04
0x0293ac16
0x0293ac1e
0x0293ac2d
0x0293ac32
0x0293ac39
0x0293ac41
0x0293ac55
0x0293ac5b
0x0293ac70
0x0293ac76
0x0293ac8b
0x0293ac91
0x0293aca6
0x0293acac
0x0293acc1
0x0293acc7
0x0293acdc
0x0293ace2
0x0293acf7
0x0293acfd
0x0293ad12
0x0293ad18
0x0293ad18
0x0293ac41
0x0293ad1f
0x0293ad27
0x0293ad6f
0x0293ad6f
0x00000000
0x0293ad6f
0x0293ad29
0x0293ad31
0x00000000
0x00000000
0x0293ad33
0x0293ad3b
0x00000000
0x00000000
0x0293ad3d
0x0293ad45
0x00000000
0x00000000
0x0293ad47
0x0293ad4f
0x00000000
0x00000000
0x0293ad51
0x0293ad59
0x00000000
0x00000000
0x0293ad5b
0x0293ad63
0x00000000
0x00000000
0x0293ad65
0x0293ad6d
0x0293ad76
0x0293ad84
0x0293ad91
0x0293ad9e
0x0293adab
0x0293adb8
0x0293adbd
0x0293adc5
0x0293adcb
0x0293ade4
0x0293adeb
0x0293adf3
0x0293ae07
0x0293ae0c
0x0293ae11
0x0293ae14
0x0293ae27
0x0293ae2e
0x0293ae36
0x0293ae53
0x0293ae59
0x0293ae5e
0x0293ae64
0x0293ae7d
0x0293ae87
0x0293ae9a
0x0293aea1
0x0293aea9
0x0293aed3
0x0293aeea
0x0293af02
0x0293af19
0x0293af19
0x0293af1b
0x0293af24
0x0293af2c
0x0293af31
0x0293af37
0x0293af47
0x0293af4d
0x0293af52
0x0293af58
0x0293af6c
0x0293af75
0x0293afa9
0x0293afb6
0x0293afbb
0x0293afbd
0x0293afdd
0x0293aff4
0x0293b00f
0x0293b026
0x0293b028
0x0293b031
0x0293b039
0x0293b03e
0x0293b044
0x0293b054
0x0293b05a
0x0293b05f
0x0293b065
0x0293b076
0x0293b067
0x0293b06d
0x0293b06d
0x0293b065
0x00000000
0x0293afbd
0x0293af8b
0x0293af93
0x0293af9a
0x0293afa2
0x00000000
0x00000000
0x00000000
0x0293afa4
0x0293af60
0x00000000
0x0293af60
0x0293aeb1
0x00000000
0x0293aeb1
0x0293ae6c
0x00000000
0x0293ae6c
0x0293ae3e
0x00000000
0x0293ae3e
0x0293adfb
0x00000000
0x0293adfb
0x00000000
0x0293ac06
0x0293ac0b
0x0293b081
0x0293b086
0x0293b094
0x0293b0a0
0x0293b0a7
0x0293b0a7
0x0293b0b6
0x0293b0c2
0x0293b0c2
0x0293b0ce
0x0293b0d5
0x0293b0d5
0x0293b0db
0x0293b0e2
0x0293b0eb
0x0293b0eb

APIs

SetLastError.KERNEL32 ref: 0293ABEF

Part of subcall function 0293B100: CreateFileW.KERNEL32 ref: 0293B132
Part of subcall function 0293B100: CloseHandle.KERNEL32 ref: 0293B16B

SetLastError.KERNEL32 ref: 0293AC0B
GetProcAddress.KERNEL32 ref: 0293AC55
GetProcAddress.KERNEL32 ref: 0293AC70
GetProcAddress.KERNEL32 ref: 0293AC8B
GetProcAddress.KERNEL32 ref: 0293ACA6
GetProcAddress.KERNEL32 ref: 0293ACC1
GetProcAddress.KERNEL32 ref: 0293ACDC
GetProcAddress.KERNEL32 ref: 0293ACF7
GetProcAddress.KERNEL32 ref: 0293AD12
LocalFree.KERNEL32 ref: 0293B086
LocalFree.KERNEL32 ref: 0293B094

Strings

CryptQueryObject, xrefs: 0293ACCE
CertCloseStore, xrefs: 0293AC62
CertFindCertificateInStore, xrefs: 0293AC98
CertFreeCertificateContext, xrefs: 0293AC7D
CryptMsgGetParam, xrefs: 0293ACB3
CryptDecodeObject, xrefs: 0293AD04
crypt32.dll, xrefs: 0293AC26
CryptMsgClose, xrefs: 0293AC47
CertGetNameStringA, xrefs: 0293ACE9

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: AddressProc$ErrorFreeLastLocal$CloseCreateFileHandle
String ID: CertCloseStore$CertFindCertificateInStore$CertFreeCertificateContext$CertGetNameStringA$CryptDecodeObject$CryptMsgClose$CryptMsgGetParam$CryptQueryObject$crypt32.dll
API String ID: 3231561310-1618435154
Opcode ID: 209bac3fde10d1096d26a090452b1c6a6fbbd609f68356aad8eb450ea5056b75
Instruction ID: 8844e0bfb85e5c5069f34d53369c10f704751898ca177c2608e9ecf7f1e80c0e
Opcode Fuzzy Hash: 209bac3fde10d1096d26a090452b1c6a6fbbd609f68356aad8eb450ea5056b75
Instruction Fuzzy Hash: 1AD10636609B808AE7619B24F85C39A73B5F7C8784F40412ADACE53B68DF7CC589CB41

Uniqueness

Uniqueness Score: -1.00%

Function 0293B7A0 Relevance: 45.8, APIs: 11, Strings: 15, Instructions: 257libraryloaderCOMMON

Download Yara Rule

APIs

OutputDebugStringW.KERNEL32 ref: 0293B7E8
OutputDebugStringW.KERNEL32 ref: 0293B7F6
OutputDebugStringW.KERNEL32 ref: 0293B803
OutputDebugStringW.KERNEL32 ref: 0293B8A8
GetProcAddress.KERNEL32 ref: 0293B966
GetProcAddress.KERNEL32 ref: 0293B981
GetProcAddress.KERNEL32 ref: 0293B99C
GetProcAddress.KERNEL32 ref: 0293BA05

Strings

>, xrefs: 0293B902
u, xrefs: 0293B916
7, xrefs: 0293B870
RegEnumValueW, xrefs: 0293B973
StringFromGUID2, xrefs: 0293B9F7
*** Signature override detected..., xrefs: 0293BCA6
}, xrefs: 0293B907
RegOpenKeyExW, xrefs: 0293B958
Advapi32.dll, xrefs: 0293B93B
Ole32.dll, xrefs: 0293B9DA
*** Error: , xrefs: 0293B7FC
RegCloseKey, xrefs: 0293B98E
SOFTWARE\NVIDIA Corporation\Global, xrefs: 0293BABC
0x00000000, xrefs: 0293B7D3
*** WARNING - PE SIGNATURE VERIFICATION FAILED !!!*** Filename: , xrefs: 0293B7E1

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: AddressDebugOutputProcString
String ID: *** Error: $*** Signature override detected...$*** WARNING - PE SIGNATURE VERIFICATION FAILED !!!*** Filename: $0x00000000$7$>$Advapi32.dll$Ole32.dll$RegCloseKey$RegEnumValueW$RegOpenKeyExW$SOFTWARE\NVIDIA Corporation\Global$StringFromGUID2$u$}
API String ID: 4071758832-2383858399
Opcode ID: 84d26ad224d389e31f7b4fb01b8bb4749416ccbac4982114587ea7afc4ddfab2
Instruction ID: de6370bd823476cf906a90ed93abf5732859013a95f1cec8eae36a07b867653b
Opcode Fuzzy Hash: 84d26ad224d389e31f7b4fb01b8bb4749416ccbac4982114587ea7afc4ddfab2
Instruction Fuzzy Hash: 4AD14E72208BC1C7E771CF28E8583AAB3B1F784358F504519D69A97AA8DB7DC489CF41

Uniqueness

Uniqueness Score: -1.00%

Function 0297872C Relevance: 36.8, APIs: 10, Strings: 11, Instructions: 57
COMMON

Download Yara Rule

C-Code - Quality: 18%

			E0297872C(signed long long __rbx, signed long long __rsi) {
				_Unknown_base(*)()* _t36;
				void* _t47;
				signed long long _t72;
				signed long long _t76;
				signed long long _t97;
				signed long long _t104;
				signed long long _t105;
				signed long long _t109;
				long long _t111;
				void* _t112;
				void* _t114;
				void* _t116;
				signed long long _t130;
				signed long long _t142;
				char* _t144;
				void* _t150;
				intOrPtr _t152;
				signed long long _t153;

				_t109 = __rsi;
				_t76 = __rbx;
				L1();
				L1();
				L1();
				L1();
				L1();
				L1();
				L1();
				L1();
				L1();
				L1();
				_t116 = _t114 - 0x28 + 0x28;
				 *((long long*)(_t116 + 8)) = __rbx;
				 *((long long*)(_t116 + 0x10)) = _t111;
				 *((long long*)(_t116 + 0x18)) = __rsi;
				_push(_t104);
				_push(_t153);
				r15d = 0x16;
				_t150 = 0x2900000;
				_t144 = "LocaleNameToLCID";
				_t112 = 0x2995470;
				_t142 =  *0x29a61e8; // 0xc99624406909
				_t105 = _t104 | 0xffffffff;
				_t97 = _t142 ^  *(0x2900000 + 0xab570 + _t153 * 8);
				_t36 = r10d & 0x0000003f;
				asm("dec eax");
				if(_t97 == _t105) {
					L28:
					_t36 = 0;
				} else {
					if(_t97 == 0) {
						if(0x2995470 != _t144) {
							do {
								_t76 =  *((intOrPtr*)(_t150 + 0xab4d0 + _t109 * 8));
								if(_t76 == 0) {
									_t152 =  *((intOrPtr*)(_t150 + 0x94c40 + _t109 * 8));
									r8d = 0x800;
									LoadLibraryExW(??, ??, ??);
									_t76 = _t72;
									if(_t72 == 0) {
										if(GetLastError() != 0x57) {
											L13:
										} else {
											_t14 = _t72 - 0x50; // -80
											_t47 = _t14;
											r8d = _t47;
											if(E02970A20(_t152, L"api-ms-", 0x2995470) == 0) {
												goto L13;
											} else {
												r8d = _t47;
												if(E02970A20(_t152, L"ext-ms-", 0x2995470) == 0) {
													goto L13;
												} else {
													r8d = 0;
													LoadLibraryExW(??, ??, ??);
													_t76 = _t72;
												}
											}
										}
									}
									_t150 = 0x2900000;
									if(_t76 != 0) {
										_t20 = 0x2900000 + 0xab4d0 + _t109 * 8;
										_t72 =  *_t20;
										 *_t20 = _t76;
										if(_t72 != 0) {
											FreeLibrary();
										}
										goto L18;
									} else {
										_t16 = 0x2900000 + 0xab4d0 + _t109 * 8;
										_t72 =  *_t16;
										 *_t16 = _t105;
										goto L19;
									}
								} else {
									if(_t76 == _t105) {
										goto L19;
									} else {
										L18:
										if(_t76 != 0) {
											_t142 =  *0x29a61e8; // 0xc99624406909
										} else {
											goto L19;
										}
									}
								}
								goto L22;
								L19:
								_t112 = _t112 + 4;
							} while (_t112 != _t144);
							_t142 =  *0x29a61e8; // 0xc99624406909
							goto L21;
						}
						L22:
						if(_t76 == 0) {
							L27:
							asm("dec eax");
							 *((intOrPtr*)(_t150 + 0xab570 + _t153 * 8)) = _t105 ^ _t142;
							goto L28;
						} else {
							_t36 = GetProcAddress();
							if(_t72 == 0) {
								_t142 =  *0x29a61e8; // 0xc99624406909
								goto L27;
							} else {
								_t130 =  *0x29a61e8; // 0xc99624406909
								asm("dec eax");
								 *((intOrPtr*)(_t150 + 0xab570 + _t153 * 8)) = _t72 ^ _t130;
							}
						}
					} else {
					}
				}
				return _t36;
			}

0x0297872c
0x0297872c
0x02978747
0x02978766
0x02978785
0x029787a4
0x029787c3
0x029787e2
0x02978801
0x02978820
0x0297883f
0x0297885e
0x0297887d
0x029775e8
0x029775ed
0x029775f2
0x029775f7
0x029775fe
0x02977604
0x02977607
0x0297760e
0x02977611
0x0297761f
0x02977626
0x02977630
0x02977633
0x02977638
0x0297763e
0x0297779f
0x0297779f
0x02977644
0x02977647
0x02977654
0x0297765a
0x0297765d
0x02977668
0x02977678
0x02977685
0x0297768b
0x02977691
0x02977697
0x029776a2
0x029776e6
0x029776a4
0x029776a4
0x029776a4
0x029776aa
0x029776bb
0x00000000
0x029776bd
0x029776bd
0x029776d1
0x00000000
0x029776d3
0x029776d3
0x029776db
0x029776e1
0x029776e1
0x029776d1
0x029776bb
0x029776a2
0x029776e8
0x029776f2
0x02977704
0x02977704
0x02977704
0x0297770f
0x02977714
0x02977714
0x00000000
0x029776f4
0x029776f7
0x029776f7
0x029776f7
0x00000000
0x029776f7
0x0297766a
0x0297766d
0x00000000
0x02977673
0x0297771a
0x0297771d
0x02977774
0x00000000
0x00000000
0x00000000
0x0297771d
0x0297766d
0x00000000
0x0297771f
0x0297771f
0x02977723
0x0297772c
0x00000000
0x0297772c
0x02977735
0x02977738
0x02977784
0x02977791
0x02977797
0x00000000
0x0297773a
0x02977740
0x02977749
0x0297777d
0x00000000
0x0297774b
0x0297774b
0x02977764
0x0297776a
0x0297776a
0x02977749
0x02977649
0x02977649
0x02977647
0x029777bd

APIs

try_get_function.LIBVCRUNTIME ref: 02978747
try_get_function.LIBVCRUNTIME ref: 02978766

Part of subcall function 029775E8: GetProcAddress.KERNEL32(?,?,FFFFFFFF,02977E6A,?,?,?,02973956,?,?,?,029599FF,?,?,?,0296DD17), ref: 02977740

try_get_function.LIBVCRUNTIME ref: 02978785

Part of subcall function 029775E8: LoadLibraryExW.KERNEL32(?,?,FFFFFFFF,02977E6A,?,?,?,02973956,?,?,?,029599FF,?,?,?,0296DD17), ref: 0297768B
Part of subcall function 029775E8: GetLastError.KERNEL32(?,?,FFFFFFFF,02977E6A,?,?,?,02973956,?,?,?,029599FF,?,?,?,0296DD17), ref: 02977699
Part of subcall function 029775E8: LoadLibraryExW.KERNEL32(?,?,FFFFFFFF,02977E6A,?,?,?,02973956,?,?,?,029599FF,?,?,?,0296DD17), ref: 029776DB

try_get_function.LIBVCRUNTIME ref: 029787A4

Part of subcall function 029775E8: FreeLibrary.KERNEL32(?,?,FFFFFFFF,02977E6A,?,?,?,02973956,?,?,?,029599FF,?,?,?,0296DD17), ref: 02977714

try_get_function.LIBVCRUNTIME ref: 029787C3
try_get_function.LIBVCRUNTIME ref: 029787E2
try_get_function.LIBVCRUNTIME ref: 02978801
try_get_function.LIBVCRUNTIME ref: 02978820
try_get_function.LIBVCRUNTIME ref: 0297883F
try_get_function.LIBVCRUNTIME ref: 0297885E

Strings

LCIDToLocaleName, xrefs: 02978844, 02978857
LocaleNameToLCID, xrefs: 02978863, 02978876
GetDateFormatEx, xrefs: 0297878A, 0297879D
EnumSystemLocalesEx, xrefs: 0297876B, 0297877E
IsValidLocaleName, xrefs: 02978806, 02978819
GetUserDefaultLocaleName, xrefs: 029787E7, 029787FA
CompareStringEx, xrefs: 0297874C, 0297875F
AreFileApisANSI, xrefs: 02978740
LCMapStringEx, xrefs: 02978825, 02978838
GetTimeFormatEx, xrefs: 029787C8, 029787DB
GetLocaleInfoEx, xrefs: 029787A9, 029787BC

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: try_get_function$Library$Load$AddressErrorFreeLastProc
String ID: AreFileApisANSI$CompareStringEx$EnumSystemLocalesEx$GetDateFormatEx$GetLocaleInfoEx$GetTimeFormatEx$GetUserDefaultLocaleName$IsValidLocaleName$LCIDToLocaleName$LCMapStringEx$LocaleNameToLCID
API String ID: 3255926029-3252031757
Opcode ID: 1ede7b3efbd2dbb7b31ed55abc7c77d678c7cb1a07c1e1c4136898d0660b8084
Instruction ID: c2b4d14ac53012390b8ee09a26cc7c64c20202e4207b702bbf0203e48dbb3c72
Opcode Fuzzy Hash: 1ede7b3efbd2dbb7b31ed55abc7c77d678c7cb1a07c1e1c4136898d0660b8084
Instruction Fuzzy Hash: 8931C4A0105A8AE1FB06DFA8EC497D66322F345724FC2542BD10D2B1B49FB8D6CAD741

Uniqueness

Uniqueness Score: -1.00%

Function 001CA2A4 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 198
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 66%

			E001CA2A4(void* __ebx, long __ecx, void* __edi, void* __esi, long long __rbx, signed long long* __rcx, long long __rdi, long long __rsi, signed int __r8, void* __r9, void* __r10, void* __r12) {
				signed char _t60;
				void* _t80;
				long _t81;
				void* _t84;
				void* _t85;
				void* _t94;
				signed long long _t95;
				signed long long _t96;
				signed long long* _t104;
				signed int _t109;
				void* _t119;
				intOrPtr* _t120;
				signed int _t125;
				intOrPtr _t128;
				signed long long _t129;
				signed int _t138;
				void* _t142;
				void* _t144;
				signed long long _t145;
				void* _t150;
				void* _t151;
				void* _t153;
				signed long long _t156;

				_t153 = __r12;
				_t151 = __r10;
				_t150 = __r9;
				_t147 = __r8;
				_t139 = __rsi;
				_t85 = __esi;
				_t84 = __edi;
				_t81 = __ecx;
				_t80 = __ebx;
				_t94 = _t144;
				 *((long long*)(_t94 + 0x10)) = __rbx;
				 *((long long*)(_t94 + 0x18)) = __rsi;
				 *((long long*)(_t94 + 0x20)) = __rdi;
				_push(_t156);
				_t142 = _t94 - 0x5f;
				_t145 = _t144 - 0x100;
				_t95 =  *0x1d1028; // 0x1784370754d3
				_t96 = _t95 ^ _t145;
				 *(_t142 + 0x37) = _t96;
				r15d = 0;
				sil = 1;
				__rcx[1] = r15d;
				_t104 = __rcx;
				 *__rcx = _t156;
				 *0x1d1365 = sil;
				if(__rcx[1] != r15b) {
					L48:
					 *0x1d1365 = r15b;
					return E001CC520(_t81, _t104,  *(_t142 + 0x37) ^ _t145);
				} else {
					_t109 =  *0x1d1350; // 0x0
					while(( *_t109 & 0x000000bf) != 0) {
						r14b = r15b;
						 *(_t145 + 0x20) = _t156;
						 *(_t145 + 0x28) = r15d;
						_t12 = _t96 - 0x30; // 0x1784370754a3
						r8d = _t12;
						if(r8d > 9) {
							__eflags =  *_t109 - 0x24;
							_t138 = _t109;
							_t147 = _t109;
							if( *_t109 != 0x24) {
								L18:
								_t60 =  *_t109;
								__eflags = _t60 - 0x58;
								if(_t60 != 0x58) {
									__eflags = _t60 - 0x24;
									if(_t60 != 0x24) {
										L24:
										__eflags = _t60 - 0x3f;
										if(_t60 != 0x3f) {
											_t130 = _t142 - 0x79;
											 *(_t142 - 0x79) = _t156;
											 *(_t142 - 0x71) = r15d;
											E001C9350(_t80, _t82, _t84, _t96, _t104, _t142 + 0x17, _t142 - 0x79, _t138, _t139, _t147, _t151, _t153);
											L36:
											 *(_t145 + 0x20) =  *_t96;
											 *(_t145 + 0x28) =  *(_t96 + 8);
											L37:
											_t109 =  *0x1d1350; // 0x0
											_t96 = _t109 - _t138;
											__eflags = _t96 - 1;
											if(_t96 <= 1) {
												L41:
												if( *(_t145 + 0x20) != _t156) {
													if(sil == 0) {
														_t82 = 0x2c;
														E001C5634(0x2c, _t104, _t104, _t147);
													}
													_t130 = _t145 + 0x20;
													E001C55F0(_t104, _t145 + 0x20);
													if(r14b != 0) {
														_t130 = "...";
														E001C56B4(_t84, _t96, _t104, _t104, "...", _t139, _t147);
													}
													_t109 =  *0x1d1350; // 0x0
												}
												L47:
												sil = r15b;
												if( *((intOrPtr*)(_t104 + 8)) == r15b) {
													continue;
												}
												goto L48;
											}
											_t96 =  *0x1d1348; // 0x0
											__eflags =  *_t96 - 9;
											if( *_t96 == 9) {
												goto L41;
											}
											_t130 = _t145 + 0x20;
											E001C57AC(_t96, _t104, _t96, _t145 + 0x20, _t147);
											L40:
											_t109 =  *0x1d1350; // 0x0
											goto L41;
										}
										E001C9F2C(_t85, _t104, _t145 + 0x30, _t130, _t139, _t147, _t151);
										__eflags =  *0x1d1360 & 0x00004000;
										if(( *0x1d1360 & 0x00004000) == 0) {
											L34:
											E001C52C8(_t142 - 9, "`template-parameter");
											E001C5540(_t96, _t142 - 0x59, _t145 + 0x30);
											_t130 = _t142 + 7;
											_t119 = _t142 - 0x59;
											L33:
											_t147 = "\'";
											E001C5598(_t119, _t130, "\'");
											goto L36;
										}
										__eflags =  *0x1d1368 - _t156; // 0x0
										if(__eflags == 0) {
											goto L34;
										}
										_t120 =  *((intOrPtr*)(_t145 + 0x30));
										__eflags = _t120;
										if(_t120 == 0) {
											 *(_t142 + 0x27) = r15b;
										} else {
											_t147 = _t142 + 0x36;
											 *0x1cd190();
											 *( *( *_t120 + 0x10)) = r15b;
										}
										_t81 = atol();
										_t96 =  *0x1d1368; // 0x0
										 *0x1cd190();
										__eflags = _t96;
										if(_t96 == 0) {
											E001C52C8(_t142 - 0x29, "`template-parameter");
											E001C5540(_t96, _t142 - 0x69, _t145 + 0x30);
											_t130 = _t142 - 0x19;
											_t119 = _t142 - 0x69;
											goto L33;
										} else {
											_t130 = _t96;
											L20:
											E001C54C8(_t145 + 0x20, _t130);
											goto L37;
										}
									}
									_t125 = _t109 + 1;
									__eflags =  *_t125 - _t60;
									if( *_t125 == _t60) {
										goto L24;
									}
									 *0x1d1350 = _t125;
									E001CA5C0(_t81, _t82, _t85, _t104, _t142 - 0x39, _t130, _t138, _t139, _t147, _t150, _t151, _t153);
									goto L36;
								}
								_t20 = _t147 + 1; // 0x1
								 *0x1d1350 = _t20;
								_t130 = "void";
								goto L20;
							}
							__eflags =  *(_t109 + 1) - 0x24;
							if( *(_t109 + 1) != 0x24) {
								goto L18;
							}
							r9b = r15b;
							_t82 =  *((char*)(_t109 + 2)) - 0x24;
							__eflags = _t82;
							if(_t82 == 0) {
								__eflags =  *(_t109 + 3) - 0x56;
								if( *(_t109 + 3) == 0x56) {
									_t109 = _t109 + 4;
									__eflags = _t109;
									r9b = 1;
									 *0x1d1350 = _t109;
									_t147 = _t109;
								}
								L17:
								__eflags = r9b;
								if(r9b != 0) {
									goto L47;
								}
								goto L18;
							}
							_t82 = _t82 - 0x31;
							__eflags = _t82;
							if(_t82 == 0) {
								L14:
								_t109 = _t109 + 3;
								 *0x1d1350 = _t109;
								_t147 = _t109;
								goto L18;
							}
							_t82 = _t82 - 1;
							__eflags = _t82;
							if(_t82 == 0) {
								L12:
								_t109 = _t109 + 3;
								 *0x1d1350 = _t109;
								goto L47;
							}
							_t82 = _t82 - 1;
							__eflags = _t82;
							if(_t82 == 0) {
								r14b = 1;
								goto L14;
							}
							__eflags = _t82 - 3;
							if(_t82 != 3) {
								goto L17;
							}
							goto L12;
						}
						_t130 = _t142 - 0x49;
						 *0x1d1350 = _t109 + 1;
						_t128 =  *0x1d1348; // 0x0
						E001C5500(_t128, _t142 - 0x49);
						_t129 = _t96;
						_t96 =  *_t96;
						 *(_t145 + 0x20) = _t96;
						 *(_t145 + 0x28) =  *(_t129 + 8);
						goto L40;
					}
					goto L48;
				}
			}

0x001ca2a4
0x001ca2a4
0x001ca2a4
0x001ca2a4
0x001ca2a4
0x001ca2a4
0x001ca2a4
0x001ca2a4
0x001ca2a4
0x001ca2a4
0x001ca2a7
0x001ca2ab
0x001ca2af
0x001ca2b6
0x001ca2b8
0x001ca2bc
0x001ca2c3
0x001ca2ca
0x001ca2cd
0x001ca2d1
0x001ca2d4
0x001ca2d7
0x001ca2db
0x001ca2de
0x001ca2e1
0x001ca2ec
0x001ca58c
0x001ca58c
0x001ca5be
0x001ca2f2
0x001ca2f2
0x001ca2f9
0x001ca305
0x001ca308
0x001ca30d
0x001ca312
0x001ca312
0x001ca31a
0x001ca34d
0x001ca350
0x001ca353
0x001ca356
0x001ca3c1
0x001ca3c1
0x001ca3c3
0x001ca3c5
0x001ca3e8
0x001ca3ea
0x001ca408
0x001ca408
0x001ca40a
0x001ca4e7
0x001ca4eb
0x001ca4f3
0x001ca4f7
0x001ca4fc
0x001ca502
0x001ca50a
0x001ca50e
0x001ca50e
0x001ca518
0x001ca51b
0x001ca51f
0x001ca541
0x001ca546
0x001ca54b
0x001ca54d
0x001ca552
0x001ca552
0x001ca557
0x001ca55f
0x001ca567
0x001ca569
0x001ca573
0x001ca573
0x001ca578
0x001ca578
0x001ca57f
0x001ca57f
0x001ca586
0x00000000
0x00000000
0x00000000
0x001ca586
0x001ca521
0x001ca528
0x001ca52b
0x00000000
0x00000000
0x001ca52d
0x001ca535
0x001ca53a
0x001ca53a
0x00000000
0x001ca53a
0x001ca415
0x001ca41a
0x001ca424
0x001ca4bc
0x001ca4c7
0x001ca4d8
0x001ca4dd
0x001ca4e1
0x001ca4ae
0x001ca4ae
0x001ca4b5
0x00000000
0x001ca4b5
0x001ca42a
0x001ca431
0x00000000
0x00000000
0x001ca437
0x001ca43c
0x001ca43f
0x001ca45b
0x001ca441
0x001ca444
0x001ca450
0x001ca456
0x001ca456
0x001ca469
0x001ca46b
0x001ca472
0x001ca478
0x001ca47b
0x001ca490
0x001ca4a1
0x001ca4a6
0x001ca4aa
0x00000000
0x001ca47d
0x001ca47d
0x001ca3d9
0x001ca3de
0x00000000
0x001ca3de
0x001ca47b
0x001ca3ec
0x001ca3ef
0x001ca3f1
0x00000000
0x00000000
0x001ca3f3
0x001ca3fe
0x00000000
0x001ca3fe
0x001ca3c7
0x001ca3cb
0x001ca3d2
0x00000000
0x001ca3d2
0x001ca358
0x001ca35c
0x00000000
0x00000000
0x001ca362
0x001ca365
0x001ca365
0x001ca368
0x001ca3a1
0x001ca3a5
0x001ca3a7
0x001ca3a7
0x001ca3ab
0x001ca3ae
0x001ca3b5
0x001ca3b5
0x001ca3b8
0x001ca3b8
0x001ca3bb
0x00000000
0x00000000
0x00000000
0x001ca3bb
0x001ca36a
0x001ca36a
0x001ca36d
0x001ca391
0x001ca391
0x001ca395
0x001ca39c
0x00000000
0x001ca39c
0x001ca36f
0x001ca36f
0x001ca372
0x001ca37e
0x001ca37e
0x001ca382
0x00000000
0x001ca382
0x001ca374
0x001ca374
0x001ca377
0x001ca38e
0x00000000
0x001ca38e
0x001ca379
0x001ca37c
0x00000000
0x00000000
0x00000000
0x001ca37c
0x001ca31f
0x001ca323
0x001ca32a
0x001ca331
0x001ca336
0x001ca339
0x001ca33c
0x001ca344
0x00000000
0x001ca344
0x00000000
0x001ca2f9

APIs

Replicator::operator[].LIBVCRUNTIME ref: 001CA331
DName::operator+=.LIBVCRUNTIME ref: 001CA552

Part of subcall function 001C5634: DName::doPchar.LIBVCRUNTIME ref: 001C566B

DName::operator+=.LIBVCRUNTIME ref: 001CA55F
DName::operator+=.LIBCMT ref: 001CA573

Strings

void, xrefs: 001CA3D2
`template-parameter, xrefs: 001CA485, 001CA4BC
..., xrefs: 001CA569

Memory Dump Source

Source File: 00000000.00000002.368460727.00000000001C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000000.00000002.368456644.00000000001C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.368470033.00000000001CD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.368475414.00000000001D1000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.368479501.00000000001D2000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1c0000_dp687checkversion_amd.jbxd

Similarity

API ID: Name::operator+=$Name::doPcharReplicator::operator[]
String ID: ...$`template-parameter$void
API String ID: 1221187619-2152273162
Opcode ID: 278fcfa71d38e529015f3f785dc64d8e2510ef2d39a074e72a021b6f3f917e60
Instruction ID: ba900d9749e16105d4b3e603195e95c39f156b979ced8f2e27dcc71afdfd869b
Opcode Fuzzy Hash: 278fcfa71d38e529015f3f785dc64d8e2510ef2d39a074e72a021b6f3f917e60
Instruction Fuzzy Hash: E881D332301B88A5EB12CF65E854BAC37B1FB68B9CF88551AEA4D47B28DF39C545C341

Uniqueness

Uniqueness Score: -1.00%

Function 001C26F0 Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 296
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 65%

			E001C26F0(signed int __ecx, void* __edx, signed int __esi, void* __esp, long long __rbx, signed long long __rcx, long long __rdx, void* __rdi, void* __rsi, signed long long __r8, long long __r9, void* __r11, void* __r12, signed long long __r13, void* __r15) {
				void* __r14;
				signed char _t227;
				void* _t241;
				signed int _t243;
				signed int _t246;
				signed int _t252;
				signed int _t261;
				signed int _t263;
				signed int _t274;
				signed int _t276;
				signed int _t277;
				signed int _t279;
				signed int _t282;
				signed int _t283;
				signed int _t284;
				void* _t285;
				signed long long _t300;
				long long _t303;
				signed char _t307;
				signed char _t308;
				signed char* _t309;
				signed long long _t313;
				long long _t318;
				signed char* _t342;
				signed long long _t343;
				signed long long _t344;
				signed long long _t349;
				signed long long _t355;
				signed long long _t358;
				signed long long _t361;
				long long _t363;
				signed char* _t369;
				signed long long _t371;
				signed long long _t375;
				long long _t378;
				signed char* _t379;
				long long _t382;
				signed char* _t384;
				signed long long _t387;
				signed long long _t388;
				signed char _t389;
				signed char _t390;
				void* _t394;
				signed int* _t396;
				signed char* _t398;
				signed long long _t400;
				void* _t401;
				signed char _t403;
				signed int* _t408;
				long long _t412;
				signed int _t418;
				long long _t419;
				void* _t426;
				long long _t428;
				signed long long _t432;
				void* _t435;
				signed long long _t436;
				signed long long _t439;
				signed char* _t440;
				signed int* _t442;
				signed char* _t446;
				void* _t447;
				long long _t449;

				_t447 = __r15;
				_t432 = __r13;
				_t426 = __r11;
				_t421 = __r9;
				_t285 = __esp;
				_t283 = __esi;
				_t280 = __edx;
				_t275 = __ecx;
				_t300 = _t400;
				 *((long long*)(_t300 + 8)) = __rbx;
				 *((long long*)(_t300 + 0x18)) = __r8;
				 *((long long*)(_t300 + 0x10)) = __rdx;
				_push(__rsi);
				_push(__rdi);
				_push(__r12);
				_push(__r13);
				_t394 = _t300 - 0x3f;
				_t401 = _t400 - 0xe0;
				_t375 =  *((intOrPtr*)(_t394 + 0x67));
				_t428 = __rdx;
				_t436 = __r8;
				 *((char*)(_t394 - 0x78)) = 0;
				_t313 = __rcx;
				r13b = 0;
				_t408 = _t375;
				 *(_t394 - 0x79) = r13b;
				_t382 = __r9;
				_t227 = E001C360C(__ecx, __edx, __rcx, __rdx, __r9, __r9, _t394, _t408, __r9, __r15, _t435);
				r15d = _t227;
				if(_t227 < 0xffffffff || _t227 >=  *((intOrPtr*)(_t375 + 4))) {
					L53:
					__imp__terminate();
					asm("int3");
					goto L54;
				} else {
					if( *_t313 != 0xe06d7363 ||  *((intOrPtr*)(_t313 + 0x18)) != 4) {
						L16:
						 *(_t394 - 0x29) = _t375;
						 *((long long*)(_t394 - 0x21)) = _t382;
						__eflags =  *_t313 - 0xe06d7363;
						if( *_t313 != 0xe06d7363) {
							L49:
							__eflags =  *(_t375 + 0xc);
							if(__eflags <= 0) {
								goto L52;
							} else {
								__eflags =  *((char*)(_t394 + 0x6f));
								if(__eflags != 0) {
									goto L53;
								} else {
									_t300 =  *((intOrPtr*)(_t394 + 0x7f));
									 *(_t401 + 0x38) = _t300;
									 *(_t401 + 0x30) =  *(_t394 + 0x77);
									 *(_t401 + 0x28) = r15d;
									 *(_t401 + 0x20) = _t375;
									L56();
									goto L52;
								}
							}
						} else {
							__eflags =  *((intOrPtr*)(_t313 + 0x18)) - 4;
							if( *((intOrPtr*)(_t313 + 0x18)) != 4) {
								goto L49;
							} else {
								_t227 =  *((intOrPtr*)(_t313 + 0x20)) - 0x19930520;
								__eflags = _t227 - 2;
								if(_t227 > 2) {
									goto L49;
								} else {
									r14d = 0;
									__eflags =  *(_t375 + 0xc) - r14d;
									if( *(_t375 + 0xc) <= r14d) {
										L36:
										__eflags = ( *_t375 & 0x1fffffff) - 0x19930521;
										if(__eflags < 0) {
											goto L52;
										} else {
											__eflags =  *((intOrPtr*)(_t375 + 0x20)) - r14d;
											if( *((intOrPtr*)(_t375 + 0x20)) == r14d) {
												_t300 = _t436;
											} else {
												E001CC084(_t300);
												_t300 = _t300 +  *((intOrPtr*)(_t375 + 0x20));
											}
											__eflags = _t300;
											if(_t300 != 0) {
												L43:
												_t227 =  *(_t375 + 0x24) >> 2;
												__eflags = _t227 & 0x00000001;
												if((_t227 & 0x00000001) != 0) {
													goto L53;
												} else {
													__eflags =  *((intOrPtr*)(_t375 + 0x20)) - r14d;
													if( *((intOrPtr*)(_t375 + 0x20)) == r14d) {
														_t355 = _t436;
													} else {
														E001CC084(_t300);
														_t358 = _t300;
														_t300 =  *((intOrPtr*)(_t375 + 0x20));
														_t355 = _t358 + _t300;
													}
													__eflags = E001C36A4(_t283, _t300, _t313, _t313, _t355, _t382, _t394, _t428, _t432, _t436, _t447);
													if(__eflags == 0) {
														E001CBCA4(_t275, _t300, _t313, _t428, _t382, _t394, _t375, _t394 - 0x51);
														_t276 =  *((intOrPtr*)(_t394 + 0x6f));
														 *(_t401 + 0x50) = _t276;
														_t277 = _t276 | 0xffffffff;
														 *((long long*)(_t401 + 0x48)) = _t382;
														 *(_t401 + 0x40) = _t436;
														 *(_t401 + 0x38) = _t277;
														 *(_t401 + 0x30) = _t277;
														 *(_t401 + 0x28) = _t375;
														 *(_t401 + 0x20) = _t436;
														E001CBECC(_t428, _t313,  *(_t394 + 0x57), _t300);
													}
													goto L52;
												}
											} else {
												__eflags =  *(_t375 + 0x24) >> 0x00000002 & 0x00000001;
												if(__eflags == 0) {
													goto L52;
												} else {
													__eflags = E001CBC14(_t275, _t280, __eflags, _t300, _t382, _t375, _t382, _t421);
													if(__eflags != 0) {
														goto L52;
													} else {
														goto L43;
													}
												}
											}
										}
									} else {
										r9d =  *(_t394 + 0x77);
										r8d = r15d;
										_t241 = E001CBD70(_t280, _t300, _t313, _t394 - 0x19, _t394 - 0x29, _t375, _t382, _t408, _t421, _t426, _t428, _t432, _t436, _t447);
										asm("movups xmm0, [ebp-0x19]");
										asm("movdqu [ebp-0x41], xmm0");
										asm("psrldq xmm0, 0x8");
										asm("movd eax, xmm0");
										__eflags = _t241 -  *((intOrPtr*)(_t394 - 1));
										if(_t241 >=  *((intOrPtr*)(_t394 - 1))) {
											goto L36;
										} else {
											_t412 =  *((intOrPtr*)(_t394 - 0x19));
											r12d =  *(_t394 - 0x39);
											 *((long long*)(_t394 - 0x59)) = _t412;
											do {
												_t361 = _t300 + _t300 * 4;
												_t300 =  *((intOrPtr*)(_t412 + 8));
												_t436 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t394 - 0x41)))) + 0x10)) + _t361 * 4 +  *((intOrPtr*)(_t300 + 8));
												__eflags =  *_t436 - r15d;
												if( *_t436 <= r15d) {
													__eflags = r15d -  *((intOrPtr*)(_t436 + 4));
													if(r15d <=  *((intOrPtr*)(_t436 + 4))) {
														_t243 =  *(_t436 + 0xc);
														r13d = 0;
														_t363 =  *((intOrPtr*)(_t436 + 0x10)) +  *((intOrPtr*)(_t382 + 8));
														 *((long long*)(_t394 - 0x49)) = _t363;
														 *(_t394 - 0x71) = _t243;
														__eflags = _t243;
														if(_t243 == 0) {
															L32:
															r13b =  *(_t394 - 0x79);
														} else {
															while(1) {
																_t303 = _t363 + (_t432 * 4 + _t432) * 4;
																 *((long long*)(_t394 - 0x61)) = _t303;
																E001CC098(_t303);
																_t300 = _t303 + 4 +  *((intOrPtr*)( *((intOrPtr*)(_t313 + 0x30)) + 0xc));
																 *(_t394 - 0x69) = _t300;
																E001CC098(_t300);
																_t275 =  *(_t300 +  *((intOrPtr*)( *((intOrPtr*)(_t313 + 0x30)) + 0xc)));
																 *(_t394 - 0x75) = _t275;
																__eflags = _t275;
																if(_t275 <= 0) {
																	goto L28;
																} else {
																	goto L26;
																}
																while(1) {
																	L26:
																	_t246 = E001CC098(_t300);
																	_t300 = _t300 +  *( *(_t394 - 0x69));
																	 *(_t394 - 0x51) = _t300;
																	L81();
																	__eflags = _t246;
																	if(_t246 != 0) {
																		break;
																	}
																	 *(_t394 - 0x69) =  *(_t394 - 0x69) + 4;
																	_t252 =  *(_t394 - 0x75) - 1;
																	 *(_t394 - 0x75) = _t252;
																	__eflags = _t252;
																	if(_t252 > 0) {
																		continue;
																	} else {
																		goto L28;
																	}
																	goto L33;
																}
																r13b = 1;
																_t421 = _t382;
																 *((char*)(_t401 + 0x58)) =  *((intOrPtr*)(_t394 + 0x6f));
																 *(_t401 + 0x50) =  *((intOrPtr*)(_t394 - 0x78));
																 *((long long*)(_t401 + 0x48)) =  *((intOrPtr*)(_t394 + 0x7f));
																 *(_t401 + 0x40) =  *(_t394 + 0x77);
																 *(_t401 + 0x38) = _t436;
																 *(_t401 + 0x30) =  *(_t394 - 0x51);
																_t300 =  *((intOrPtr*)(_t394 - 0x61));
																 *(_t401 + 0x28) = _t300;
																 *(_t401 + 0x20) = _t375;
																 *(_t394 - 0x79) = r13b;
																E001C2620(_t275, _t283, _t285, _t313, _t313,  *((intOrPtr*)(_t394 + 0x4f)), _t394,  *(_t394 + 0x57), _t382);
																_t412 =  *((intOrPtr*)(_t394 - 0x59));
																goto L33;
																L28:
																r13d =  &(r13d[1]);
																__eflags = r13d -  *(_t394 - 0x71);
																if(r13d ==  *(_t394 - 0x71)) {
																	_t412 =  *((intOrPtr*)(_t394 - 0x59));
																	goto L32;
																} else {
																	_t363 =  *((intOrPtr*)(_t394 - 0x49));
																	_t303 = _t363 + (_t432 * 4 + _t432) * 4;
																	 *((long long*)(_t394 - 0x61)) = _t303;
																	E001CC098(_t303);
																	_t300 = _t303 + 4 +  *((intOrPtr*)( *((intOrPtr*)(_t313 + 0x30)) + 0xc));
																	 *(_t394 - 0x69) = _t300;
																	E001CC098(_t300);
																	_t275 =  *(_t300 +  *((intOrPtr*)( *((intOrPtr*)(_t313 + 0x30)) + 0xc)));
																	 *(_t394 - 0x75) = _t275;
																	__eflags = _t275;
																	if(_t275 <= 0) {
																		goto L28;
																	} else {
																		goto L26;
																	}
																}
																goto L33;
															}
														}
													}
												}
												L33:
												r12d = r12d + 1;
												__eflags = r12d -  *((intOrPtr*)(_t394 - 1));
											} while (r12d <  *((intOrPtr*)(_t394 - 1)));
											r14d = 0;
											__eflags = r13b;
											if(__eflags != 0) {
												L52:
												_t227 = E001C4B10(__eflags, _t300);
												__eflags =  *(_t300 + 0x38);
												if( *(_t300 + 0x38) != 0) {
													goto L53;
												}
											} else {
												_t428 =  *((intOrPtr*)(_t394 + 0x4f));
												goto L36;
											}
										}
									}
								}
							}
						}
						goto L54;
					} else {
						_t227 =  *((intOrPtr*)(_t313 + 0x20)) - 0x19930520;
						if(_t227 > 2) {
							goto L16;
						} else {
							_t291 =  *((long long*)(_t313 + 0x30));
							if( *((long long*)(_t313 + 0x30)) != 0) {
								goto L16;
							} else {
								_t227 = E001C4B10(_t291, _t300);
								_t292 =  *((long long*)(_t300 + 0x20));
								if( *((long long*)(_t300 + 0x20)) == 0) {
									L54:
									return _t227;
								} else {
									E001C4B10(_t292, _t300);
									_t313 =  *((intOrPtr*)(_t300 + 0x20));
									E001C4B10(_t292, _t300);
									 *((char*)(_t394 - 0x78)) = 1;
									_t436 =  *((intOrPtr*)(_t300 + 0x28));
									 *(_t394 + 0x57) = _t436;
									E001CC0C4(_t300,  *((intOrPtr*)(_t313 + 0x38)));
									if( *_t313 != 0xe06d7363 ||  *((intOrPtr*)(_t313 + 0x18)) != 4) {
										L11:
										_t227 = E001C4B10(_t296, _t300);
										_t297 =  *(_t300 + 0x38);
										if( *(_t300 + 0x38) == 0) {
											goto L16;
										} else {
											E001C4B10(_t297, _t300);
											_t439 =  *(_t300 + 0x38);
											E001C4B10(_t297, _t300);
											 *(_t300 + 0x38) =  *(_t300 + 0x38) & 0x00000000;
											_t227 = E001C36A4(_t283, _t300, _t313, _t313, _t439, _t382, _t394, _t428, _t432, _t439, _t447);
											if(_t227 != 0) {
												_t436 =  *(_t394 + 0x57);
												goto L16;
											} else {
												_t227 = E001C377C(_t300, _t313, _t439, _t382, _t394);
												if(_t227 != 0) {
													E001C3140(E001C20C0(1, _t313), _t394 - 0x41);
													_t369 = 0x1cf700;
													_t342 = _t394 - 0x41;
													_t261 = E001C47B0(_t313, _t342, 0x1cf700, _t375);
													asm("int3");
													asm("int3");
													asm("int3");
													 *(_t401 + 0x20) = _t313;
													 *(_t401 + 0x18) = _t408;
													 *((long long*)(_t401 + 0x10)) = 0x1cf700;
													_push(_t394);
													_push(_t382);
													_push(_t375);
													_push(_t428);
													_push(_t432);
													_push(_t439);
													_push(_t447);
													_t403 = _t401 - 0xa0;
													__eflags =  *_t342 - 0x80000003;
													_t449 = _t421;
													_t396 = _t408;
													_t440 = 0x1cf700;
													_t384 = _t342;
													if(__eflags == 0) {
														L79:
														return _t261;
													} else {
														E001C4B10(__eflags, _t300);
														r13d =  *(_t403 + 0x110);
														_t378 =  *((intOrPtr*)(_t403 + 0x100));
														__eflags =  *((long long*)(_t300 + 0x10));
														if(__eflags == 0) {
															L62:
															 *((long long*)(_t403 + 0x60)) = _t378;
															 *((long long*)(_t403 + 0x68)) = _t449;
															__eflags =  *(_t378 + 0xc);
															if( *(_t378 + 0xc) <= 0) {
																__imp__terminate();
																asm("int3");
																asm("int3");
																_t307 = _t403;
																 *(_t307 + 8) = _t313;
																 *(_t307 + 0x10) = _t396;
																 *(_t307 + 0x18) = _t384;
																 *((long long*)(_t307 + 0x20)) = _t378;
																_push(_t440);
																_t274 = 0;
																_t442 = _t408;
																_t398 = _t369;
																_t379 = _t342;
																__eflags = _t342[4];
																if(_t342[4] == 0) {
																	_t343 = _t313;
																	_t283 = 0;
																} else {
																	E001CC084(_t307);
																	_t343 = _t342[4] + _t307;
																}
																__eflags = _t343;
																if(_t343 == 0) {
																	L113:
																	_t263 = 1;
																} else {
																	__eflags = _t283;
																	if(_t283 == 0) {
																		_t344 = _t313;
																		_t283 = _t274;
																	} else {
																		E001CC084(_t307);
																		_t344 = _t379[4] + _t307;
																	}
																	__eflags =  *((intOrPtr*)(_t344 + 0x10)) - _t274;
																	if( *((intOrPtr*)(_t344 + 0x10)) == _t274) {
																		goto L113;
																	} else {
																		__eflags =  *_t379 & 0x00000080;
																		if(( *_t379 & 0x00000080) == 0) {
																			L91:
																			__eflags = _t283;
																			if(_t283 == 0) {
																				_t387 = _t313;
																			} else {
																				E001CC084(_t307);
																				_t390 = _t307;
																				_t307 = _t379[4];
																				_t387 = _t390 + _t307;
																			}
																			E001CC098(_t307);
																			_t308 = _t398[4];
																			__eflags = _t387 - _t307 + _t308;
																			if(_t387 == _t307 + _t308) {
																				L103:
																				__eflags =  *_t398 & 0x00000002;
																				if(( *_t398 & 0x00000002) == 0) {
																					L105:
																					__eflags =  *_t442 & 0x00000001;
																					if(( *_t442 & 0x00000001) == 0) {
																						L107:
																						__eflags =  *_t442 & 0x00000004;
																						if(( *_t442 & 0x00000004) == 0) {
																							L109:
																							__eflags =  *_t442 & 0x00000002;
																							if(( *_t442 & 0x00000002) == 0) {
																								L111:
																								_t274 = 1;
																							} else {
																								__eflags =  *_t379 & 0x00000002;
																								if(( *_t379 & 0x00000002) != 0) {
																									goto L111;
																								}
																							}
																						} else {
																							__eflags =  *_t379 & 0x00000004;
																							if(( *_t379 & 0x00000004) != 0) {
																								goto L109;
																							}
																						}
																					} else {
																						__eflags =  *_t379 & 0x00000001;
																						if(( *_t379 & 0x00000001) != 0) {
																							goto L107;
																						}
																					}
																				} else {
																					__eflags =  *_t379 & 0x00000008;
																					if(( *_t379 & 0x00000008) != 0) {
																						goto L105;
																					}
																				}
																				_t263 = _t274;
																			} else {
																				__eflags = _t379[4] - _t274;
																				if(_t379[4] == _t274) {
																					_t388 = _t313;
																				} else {
																					E001CC084(_t308);
																					_t389 = _t308;
																					_t308 = _t379[4];
																					_t388 = _t389 + _t308;
																				}
																				E001CC098(_t308);
																				_t205 = _t388 + 0x10; // 0x10
																				_t309 = _t205;
																				_t418 = _t398[4] + 0x10 + _t308 - _t309;
																				__eflags = _t418;
																				while(1) {
																					_t282 = _t309[_t418] & 0x000000ff;
																					_t279 = ( *_t309 & 0x000000ff) - _t282;
																					__eflags = _t279;
																					if(_t279 != 0) {
																						break;
																					}
																					_t309 =  &(_t309[1]);
																					__eflags = _t282;
																					if(_t282 != 0) {
																						continue;
																					}
																					break;
																				}
																				__eflags = _t279;
																				if(_t279 == 0) {
																					goto L103;
																				} else {
																					_t263 = 0;
																				}
																			}
																		} else {
																			__eflags =  *_t398 & 0x00000010;
																			if(( *_t398 & 0x00000010) != 0) {
																				goto L113;
																			} else {
																				goto L91;
																			}
																		}
																	}
																}
																return _t263;
															} else {
																r14d =  *(_t403 + 0x108);
																r8d = r14d;
																r9d = r13d;
																_t261 = E001CBD70(1, _t300, _t313, _t403 + 0x80, _t403 + 0x60, _t378, _t384, _t408, _t421, _t426, _t428, _t432, _t440, _t449);
																asm("movups xmm0, [esp+0x80]");
																asm("movdqu [esp+0x70], xmm0");
																asm("psrldq xmm0, 0x8");
																asm("movd eax, xmm0");
																__eflags = _t261 -  *((intOrPtr*)(_t403 + 0x98));
																if(_t261 <  *((intOrPtr*)(_t403 + 0x98))) {
																	_t419 =  *((intOrPtr*)(_t403 + 0x80));
																	_t284 =  *(_t403 + 0x78);
																	 *((long long*)(_t403 + 0xe0)) = _t419;
																	do {
																		_t261 = _t284;
																		_t371 = _t300 + _t300 * 4;
																		_t300 =  *((intOrPtr*)(_t419 + 8));
																		_t318 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t403 + 0x70)))) + 0x10)) + _t371 * 4 +  *((intOrPtr*)(_t300 + 8));
																		__eflags =  *_t318 - r14d;
																		if( *_t318 <= r14d) {
																			__eflags = r14d -  *((intOrPtr*)(_t318 + 4));
																			if(r14d <=  *((intOrPtr*)(_t318 + 4))) {
																				_t349 = _t300 + _t300 * 4;
																				_t300 =  *((intOrPtr*)(_t318 + 0x10));
																				_t446 =  *((intOrPtr*)(_t449 + 8)) + 0xffffffec + _t300 + _t349 * 4;
																				__eflags = _t446[4];
																				if(_t446[4] == 0) {
																					_t261 = 0;
																					r12d = 0;
																					__eflags = r12d;
																				} else {
																					_t261 = E001CC084(_t300);
																					_t300 = _t300 + _t446[4];
																				}
																				__eflags = _t300;
																				if(_t300 == 0) {
																					L75:
																					__eflags =  *_t446 & 0x00000040;
																					if(( *_t446 & 0x00000040) == 0) {
																						_t300 =  *((intOrPtr*)(_t403 + 0x118));
																						 *((char*)(_t403 + 0x58)) = 0;
																						 *((char*)(_t403 + 0x50)) = 1;
																						 *(_t403 + 0x48) = _t300;
																						 *(_t403 + 0x40) = r13d;
																						 *((long long*)(_t403 + 0x38)) = _t318;
																						_t178 = _t403 + 0x30;
																						 *_t178 =  *(_t403 + 0x30) & 0x00000000;
																						__eflags =  *_t178;
																						 *(_t403 + 0x28) = _t446;
																						 *((long long*)(_t403 + 0x20)) = _t378;
																						_t261 = E001C2620(_t275, _t283, _t285, _t318, _t384,  *((intOrPtr*)(_t403 + 0xe8)), _t396,  *((intOrPtr*)(_t403 + 0xf0)), _t449);
																					}
																				} else {
																					__eflags = r12d;
																					if(r12d == 0) {
																						_t261 = 0;
																						__eflags = 0;
																					} else {
																						_t261 = E001CC084(_t300);
																						_t300 = _t300 + _t446[4];
																					}
																					__eflags =  *((char*)(_t300 + 0x10));
																					if( *((char*)(_t300 + 0x10)) == 0) {
																						goto L75;
																					}
																				}
																				r14d =  *(_t403 + 0x108);
																				_t419 =  *((intOrPtr*)(_t403 + 0xe0));
																			}
																		}
																		_t284 = _t284 + 1;
																		__eflags = _t284 -  *((intOrPtr*)(_t403 + 0x98));
																	} while (_t284 <  *((intOrPtr*)(_t403 + 0x98)));
																}
																goto L79;
															}
														} else {
															_t275 = 0;
															__imp__EncodePointer();
															_t313 = _t300;
															E001C4B10(__eflags, _t300);
															__eflags =  *((intOrPtr*)(_t300 + 0x10)) - _t313;
															if( *((intOrPtr*)(_t300 + 0x10)) == _t313) {
																goto L62;
															} else {
																__eflags =  *_t384 - 0xe0434f4d;
																if( *_t384 == 0xe0434f4d) {
																	goto L62;
																} else {
																	__eflags =  *_t384 - 0xe0434352;
																	if( *_t384 == 0xe0434352) {
																		goto L62;
																	} else {
																		_t300 =  *((intOrPtr*)(_t403 + 0x118));
																		_t421 = _t449;
																		 *(_t403 + 0x30) = _t300;
																		_t408 = _t396;
																		 *(_t403 + 0x28) = r13d;
																		_t369 = 0x1cf700;
																		_t342 = _t384;
																		 *((long long*)(_t403 + 0x20)) = _t378;
																		_t261 = E001CBB68(_t342, 0x1cf700, _t408, _t449);
																		__eflags = _t261;
																		if(_t261 != 0) {
																			goto L79;
																		} else {
																			goto L62;
																		}
																	}
																}
															}
														}
													}
												} else {
													goto L53;
												}
											}
										}
									} else {
										_t227 =  *((intOrPtr*)(_t313 + 0x20)) - 0x19930520;
										if(_t227 > 2) {
											goto L11;
										} else {
											_t296 =  *((long long*)(_t313 + 0x30));
											if( *((long long*)(_t313 + 0x30)) == 0) {
												goto L53;
											} else {
												goto L11;
											}
										}
									}
								}
							}
						}
					}
				}
			}

0x001c26f0
0x001c26f0
0x001c26f0
0x001c26f0
0x001c26f0
0x001c26f0
0x001c26f0
0x001c26f0
0x001c26f0
0x001c26f3
0x001c26f7
0x001c26fb
0x001c2700
0x001c2701
0x001c2702
0x001c2704
0x001c270a
0x001c270e
0x001c2715
0x001c2719
0x001c271c
0x001c271f
0x001c2723
0x001c2726
0x001c2729
0x001c272c
0x001c2736
0x001c2739
0x001c273e
0x001c2744
0x001c2b0c
0x001c2b0c
0x001c2b12
0x00000000
0x001c2753
0x001c2759
0x001c2825
0x001c2825
0x001c2829
0x001c282d
0x001c2833
0x001c2ac9
0x001c2ac9
0x001c2acd
0x00000000
0x001c2acf
0x001c2acf
0x001c2ad3
0x00000000
0x001c2ad5
0x001c2ad5
0x001c2adc
0x001c2aea
0x001c2af1
0x001c2af6
0x001c2afb
0x00000000
0x001c2afb
0x001c2ad3
0x001c2839
0x001c2839
0x001c283d
0x00000000
0x001c2843
0x001c2846
0x001c284b
0x001c284e
0x00000000
0x001c2854
0x001c2854
0x001c2857
0x001c285b
0x001c29f6
0x001c29fd
0x001c2a02
0x00000000
0x001c2a08
0x001c2a08
0x001c2a0c
0x001c2a1c
0x001c2a0e
0x001c2a0e
0x001c2a17
0x001c2a17
0x001c2a1f
0x001c2a22
0x001c2a45
0x001c2a48
0x001c2a4b
0x001c2a4d
0x00000000
0x001c2a53
0x001c2a53
0x001c2a57
0x001c2a6a
0x001c2a59
0x001c2a59
0x001c2a5e
0x001c2a61
0x001c2a65
0x001c2a65
0x001c2a75
0x001c2a77
0x001c2a8a
0x001c2a8f
0x001c2a9c
0x001c2aa0
0x001c2aa3
0x001c2aa8
0x001c2aad
0x001c2ab1
0x001c2ab8
0x001c2abd
0x001c2ac2
0x001c2ac2
0x00000000
0x001c2a77
0x001c2a24
0x001c2a2a
0x001c2a2c
0x00000000
0x001c2a32
0x001c2a3d
0x001c2a3f
0x00000000
0x00000000
0x00000000
0x00000000
0x001c2a3f
0x001c2a2c
0x001c2a22
0x001c2861
0x001c2861
0x001c2869
0x001c2870
0x001c2875
0x001c2879
0x001c287e
0x001c2883
0x001c2887
0x001c288a
0x00000000
0x001c2890
0x001c2890
0x001c2894
0x001c2898
0x001c289c
0x001c289f
0x001c28ae
0x001c28b6
0x001c28ba
0x001c28bd
0x001c28c3
0x001c28c7
0x001c28cd
0x001c28d1
0x001c28d8
0x001c28dc
0x001c28e0
0x001c28e3
0x001c28e5
0x001c29d5
0x001c29d5
0x00000000
0x001c28eb
0x001c28f6
0x001c28fa
0x001c28fe
0x001c290f
0x001c2912
0x001c2916
0x001c2923
0x001c2926
0x001c2929
0x001c292b
0x00000000
0x00000000
0x00000000
0x00000000
0x001c292d
0x001c292d
0x001c292d
0x001c293d
0x001c2947
0x001c294b
0x001c2950
0x001c2952
0x00000000
0x00000000
0x001c2957
0x001c295c
0x001c295e
0x001c2961
0x001c2963
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x001c2963
0x001c297a
0x001c2981
0x001c298b
0x001c2992
0x001c299a
0x001c29a2
0x001c29aa
0x001c29af
0x001c29b4
0x001c29b8
0x001c29bd
0x001c29c2
0x001c29c6
0x001c29cb
0x00000000
0x001c2965
0x001c2965
0x001c2968
0x001c296c
0x001c29d1
0x00000000
0x001c296e
0x001c296e
0x001c28f6
0x001c28fa
0x001c28fe
0x001c290f
0x001c2912
0x001c2916
0x001c2923
0x001c2926
0x001c2929
0x001c292b
0x00000000
0x00000000
0x00000000
0x00000000
0x001c292b
0x00000000
0x001c296c
0x001c28eb
0x001c28e5
0x001c28c7
0x001c29d9
0x001c29d9
0x001c29dc
0x001c29dc
0x001c29e6
0x001c29e9
0x001c29ec
0x001c2b00
0x001c2b00
0x001c2b05
0x001c2b0a
0x00000000
0x00000000
0x001c29f2
0x001c29f2
0x00000000
0x001c29f2
0x001c29ec
0x001c288a
0x001c285b
0x001c284e
0x001c283d
0x00000000
0x001c2769
0x001c276c
0x001c2774
0x00000000
0x001c277a
0x001c277a
0x001c277f
0x00000000
0x001c2785
0x001c2785
0x001c278a
0x001c278f
0x001c2b13
0x001c2b2d
0x001c2795
0x001c2795
0x001c279a
0x001c279e
0x001c27a7
0x001c27ab
0x001c27af
0x001c27b3
0x001c27be
0x001c27de
0x001c27de
0x001c27e3
0x001c27e8
0x00000000
0x001c27ea
0x001c27ea
0x001c27ef
0x001c27f3
0x001c27fe
0x001c2803
0x001c280a
0x001c2821
0x00000000
0x001c280c
0x001c280f
0x001c2816
0x001c2b3c
0x001c2b41
0x001c2b48
0x001c2b4c
0x001c2b51
0x001c2b52
0x001c2b53
0x001c2b54
0x001c2b59
0x001c2b5e
0x001c2b63
0x001c2b64
0x001c2b65
0x001c2b66
0x001c2b68
0x001c2b6a
0x001c2b6c
0x001c2b6e
0x001c2b75
0x001c2b7b
0x001c2b7e
0x001c2b81
0x001c2b84
0x001c2b87
0x001c2d61
0x001c2d7b
0x001c2b8d
0x001c2b8d
0x001c2b92
0x001c2b9a
0x001c2ba2
0x001c2ba7
0x001c2bff
0x001c2bff
0x001c2c04
0x001c2c09
0x001c2c0d
0x001c2d7c
0x001c2d82
0x001c2d83
0x001c2d84
0x001c2d87
0x001c2d8b
0x001c2d8f
0x001c2d93
0x001c2d97
0x001c2d9d
0x001c2d9f
0x001c2da2
0x001c2da5
0x001c2da8
0x001c2dab
0x001c2dbc
0x001c2dbf
0x001c2dad
0x001c2db1
0x001c2db6
0x001c2db6
0x001c2dc1
0x001c2dc4
0x001c2ea5
0x001c2ea5
0x001c2dca
0x001c2dca
0x001c2dcc
0x001c2ddd
0x001c2de0
0x001c2dce
0x001c2dd2
0x001c2dd7
0x001c2dd7
0x001c2de2
0x001c2de5
0x00000000
0x001c2deb
0x001c2deb
0x001c2dee
0x001c2dfa
0x001c2dfa
0x001c2dfc
0x001c2e0f
0x001c2dfe
0x001c2dfe
0x001c2e03
0x001c2e06
0x001c2e0a
0x001c2e0a
0x001c2e12
0x001c2e1a
0x001c2e21
0x001c2e24
0x001c2e71
0x001c2e73
0x001c2e76
0x001c2e7d
0x001c2e7d
0x001c2e81
0x001c2e88
0x001c2e88
0x001c2e8c
0x001c2e93
0x001c2e93
0x001c2e96
0x001c2e9c
0x001c2e9c
0x001c2e98
0x001c2e98
0x001c2e9a
0x00000000
0x00000000
0x001c2e9a
0x001c2e8e
0x001c2e8e
0x001c2e91
0x00000000
0x00000000
0x001c2e91
0x001c2e83
0x001c2e83
0x001c2e86
0x00000000
0x00000000
0x001c2e86
0x001c2e78
0x001c2e78
0x001c2e7b
0x00000000
0x00000000
0x001c2e7b
0x001c2ea1
0x001c2e26
0x001c2e26
0x001c2e29
0x001c2e3c
0x001c2e2b
0x001c2e2b
0x001c2e30
0x001c2e33
0x001c2e37
0x001c2e37
0x001c2e3f
0x001c2e4f
0x001c2e4f
0x001c2e53
0x001c2e53
0x001c2e56
0x001c2e59
0x001c2e5e
0x001c2e5e
0x001c2e60
0x00000000
0x00000000
0x001c2e62
0x001c2e65
0x001c2e67
0x00000000
0x00000000
0x00000000
0x001c2e67
0x001c2e69
0x001c2e6b
0x00000000
0x001c2e6d
0x001c2e6d
0x001c2e6d
0x001c2e6b
0x001c2df0
0x001c2df0
0x001c2df4
0x00000000
0x00000000
0x00000000
0x00000000
0x001c2df4
0x001c2dee
0x001c2de5
0x001c2ec4
0x001c2c13
0x001c2c13
0x001c2c20
0x001c2c2b
0x001c2c2e
0x001c2c33
0x001c2c3b
0x001c2c41
0x001c2c46
0x001c2c4a
0x001c2c51
0x001c2c57
0x001c2c5f
0x001c2c63
0x001c2c6b
0x001c2c6b
0x001c2c6d
0x001c2c7d
0x001c2c85
0x001c2c89
0x001c2c8c
0x001c2c92
0x001c2c96
0x001c2ca7
0x001c2cab
0x001c2cb3
0x001c2cb6
0x001c2cbb
0x001c2ccb
0x001c2ccd
0x001c2ccd
0x001c2cbd
0x001c2cc1
0x001c2cc6
0x001c2cc6
0x001c2cd0
0x001c2cd3
0x001c2cf0
0x001c2cf0
0x001c2cf4
0x001c2cf6
0x001c2d14
0x001c2d19
0x001c2d1e
0x001c2d23
0x001c2d28
0x001c2d2d
0x001c2d2d
0x001c2d2d
0x001c2d33
0x001c2d38
0x001c2d3d
0x001c2d3d
0x001c2cd5
0x001c2cd5
0x001c2cd8
0x001c2ce8
0x001c2ce8
0x001c2cda
0x001c2cda
0x001c2ce3
0x001c2ce3
0x001c2cea
0x001c2cee
0x00000000
0x00000000
0x001c2cee
0x001c2d42
0x001c2d4a
0x001c2d4a
0x001c2c96
0x001c2d52
0x001c2d54
0x001c2d54
0x001c2c6b
0x00000000
0x001c2c51
0x001c2ba9
0x001c2ba9
0x001c2bab
0x001c2bb1
0x001c2bb4
0x001c2bb9
0x001c2bbd
0x00000000
0x001c2bbf
0x001c2bbf
0x001c2bc5
0x00000000
0x001c2bc7
0x001c2bc7
0x001c2bcd
0x00000000
0x001c2bcf
0x001c2bcf
0x001c2bd7
0x001c2bda
0x001c2bdf
0x001c2be2
0x001c2be7
0x001c2bea
0x001c2bed
0x001c2bf2
0x001c2bf7
0x001c2bf9
0x00000000
0x00000000
0x00000000
0x00000000
0x001c2bf9
0x001c2bcd
0x001c2bc5
0x001c2bbd
0x001c2ba7
0x001c281c
0x00000000
0x001c281c
0x001c2816
0x001c280a
0x001c27c6
0x001c27c9
0x001c27d1
0x00000000
0x001c27d3
0x001c27d3
0x001c27d8
0x00000000
0x00000000
0x00000000
0x00000000
0x001c27d8
0x001c27d1
0x001c27be
0x001c278f
0x001c277f
0x001c2774
0x001c2759

APIs

__FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 001C2739

Part of subcall function 001C360C: _GetEstablisherFrame.LIBVCRUNTIME ref: 001C3641
Part of subcall function 001C360C: __GetUnwindTryBlock.LIBCMT ref: 001C364F
Part of subcall function 001C360C: __SetUnwindTryBlock.LIBVCRUNTIME ref: 001C3674

IsInExceptionSpec.LIBVCRUNTIME ref: 001C2803
Is_bad_exception_allowed.LIBVCRUNTIME ref: 001C280F
pair.LIBVCRUNTIME ref: 001C2870
TypeMatchHelper.LIBVCRUNTIME ref: 001C294B
CatchIt.LIBVCRUNTIME ref: 001C29C6
__FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 001C2A38
IsInExceptionSpec.LIBVCRUNTIME ref: 001C2A70
_GetEstablisherFrame.LIBVCRUNTIME ref: 001C2A8A
__FrameHandler3::UnwindNestedFrames.LIBVCRUNTIME ref: 001C2AC2
FindHandlerForForeignException.LIBVCRUNTIME ref: 001C2AFB

Part of subcall function 001C4B10: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,001C214E), ref: 001C4B1E

terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 001C2B0C
std::bad_alloc::bad_alloc.LIBCMT ref: 001C2B3C
_CxxThrowException.LIBVCRUNTIME ref: 001C2B4C

Strings

csm, xrefs: 001C2753
csm, xrefs: 001C282D
csm, xrefs: 001C27B8

Memory Dump Source

Source File: 00000000.00000002.368460727.00000000001C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000000.00000002.368456644.00000000001C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.368470033.00000000001CD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.368475414.00000000001D1000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.368479501.00000000001D2000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1c0000_dp687checkversion_amd.jbxd

Similarity

API ID: Frame$Exception$Handler3::Unwind$BlockCatchEstablisherHandlerSpec$ExecutionFindForeignFramesHelperIs_bad_exception_allowedMatchNestedSearchStateThrowTypeabortpairstd::bad_alloc::bad_allocterminate
String ID: csm$csm$csm
API String ID: 936637562-393685449
Opcode ID: d76b670b27c887d5cc407461949c7751ad277912157a421ba399b99f10bf9e07
Instruction ID: 06b2da73e066d8305ec70eed75d6fd24eaecb60712746c40854b26c0d4269633
Opcode Fuzzy Hash: d76b670b27c887d5cc407461949c7751ad277912157a421ba399b99f10bf9e07
Instruction Fuzzy Hash: A2C19A72A04B808BEB25DFB9D090BAD37B5F769B88F10411AEF4967B19CB38D855C740

Uniqueness

Uniqueness Score: -1.00%

Function 001CB1F0 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 192
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 69%

			E001CB1F0(void* __ecx, signed int __edx, void* __edi, void* __esi, long long __rbx, long long* __rcx, long long __rsi, char* __r8, void* __r10) {
				void* __rdi;
				signed int _t77;
				signed int _t78;
				signed long long _t85;
				signed long long _t86;
				signed char* _t87;
				intOrPtr* _t92;
				signed int* _t93;
				long long* _t96;
				signed char* _t99;
				signed char* _t100;
				intOrPtr* _t105;
				intOrPtr* _t112;
				void* _t114;
				intOrPtr _t119;
				void* _t120;
				void* _t126;
				void* _t134;
				void* _t140;
				void* _t142;
				signed char* _t148;
				signed int _t150;
				long long _t154;

				_t152 = __r10;
				_t145 = __r8;
				_t137 = __rsi;
				_t82 = __esi;
				 *((long long*)(_t142 + 0x10)) = __rbx;
				 *((long long*)(_t142 + 0x18)) = __rsi;
				_push(_t134);
				_push(_t154);
				_t140 = _t142 - 0x47;
				_t143 = _t142 - 0x90;
				_t85 =  *0x1d1028; // 0x1784370754d3
				_t86 = _t85 ^ _t142 - 0x00000090;
				 *(_t140 + 0x3f) = _t86;
				_t148 =  *0x1d1350; // 0x0
				r10b = r8b;
				sil = __edx;
				_t96 = __rcx;
				r8d =  *_t148;
				r8d = r8d + 0xffffffd0;
				if(r8d > 9) {
					r14d = 0;
					__eflags =  *_t148 - 0x3f;
					 *((long long*)(_t140 - 0x29)) = _t154;
					 *(_t140 - 0x21) = r14d;
					if( *_t148 != 0x3f) {
						_t135 = "template-parameter-";
						_t99 = _t148;
						_t87 = "template-parameter-";
						r8d = 0x12;
						r11d = r11d | 0xffffffff;
						__eflags = r11d;
						while(1) {
							_t77 =  *_t99;
							__eflags = _t77;
							if(_t77 == 0) {
								break;
							}
							__eflags = _t77 -  *_t87;
							if(_t77 !=  *_t87) {
								break;
							}
							_t99 =  &(_t99[1]);
							_t87 =  &(_t87[1]);
							r8d = r8d + r11d;
							__eflags = r8d;
							if(r8d != 0) {
								continue;
							}
							break;
						}
						_t74 =  *_t99 & 0x000000ff;
						__eflags = ( *_t99 & 0x000000ff) - ( *_t87 & 0x000000ff);
						if(( *_t99 & 0x000000ff) != ( *_t87 & 0x000000ff)) {
							_t135 = "generic-type-";
							_t100 = _t148;
							_t87 = "generic-type-";
							r8d = 0xc;
							while(1) {
								_t78 =  *_t100;
								__eflags = _t78;
								if(_t78 == 0) {
									break;
								}
								__eflags = _t78 -  *_t87;
								if(_t78 !=  *_t87) {
									break;
								}
								_t100 =  &(_t100[1]);
								_t87 =  &(_t87[1]);
								r8d = r8d + r11d;
								__eflags = r8d;
								if(r8d != 0) {
									continue;
								}
								break;
							}
							_t74 =  *_t100 & 0x000000ff;
							__eflags = ( *_t100 & 0x000000ff) - ( *_t87 & 0x000000ff);
							if(( *_t100 & 0x000000ff) != ( *_t87 & 0x000000ff)) {
								__eflags = r10b;
								if(r10b == 0) {
									L30:
									r8b = 0x40;
									E001C5178(_t96, _t140 + 0xf, 0x1d1350, _t137);
									 *((long long*)(_t140 - 0x29)) =  *_t87;
									 *(_t140 - 0x21) = _t87[8];
									L31:
									__eflags = sil;
									if(sil != 0) {
										_t105 =  *0x1d1340; // 0x0
										__eflags =  *_t105 - 9;
										if( *_t105 != 9) {
											E001C57AC(_t87, _t96, _t105, _t140 - 0x29, _t145);
										}
									}
									 *_t96 =  *((intOrPtr*)(_t140 - 0x29));
									 *(_t96 + 8) =  *(_t140 - 0x21);
									goto L35;
								}
								__eflags =  *_t148 - 0x40;
								if( *_t148 != 0x40) {
									goto L30;
								}
								 *((long long*)(_t140 - 0x29)) = _t154;
								 *0x1d1350 =  &(_t148[1]);
								 *(_t140 - 0x21) = r14d;
								goto L31;
							}
							_t150 =  &(_t148[0xd]);
							__eflags = _t150;
							L17:
							 *0x1d1350 = _t150;
							E001C9F2C(_t82, _t96, _t140 - 1, _t120, _t137, _t145, _t152);
							__eflags =  *0x1d1360 & 0x00004000;
							if(( *0x1d1360 & 0x00004000) == 0) {
								L25:
								E001C54C8(_t140 - 0x29, "`");
								E001C52C8(_t140 + 0xf, _t135);
								E001C5540(_t87, _t140 - 0x11, _t140 - 1);
								_t126 = _t140 + 0x1f;
								L26:
								_t145 = "\'";
								E001C5598(_t140 - 0x11, _t126, "\'");
								E001C55F0(_t140 - 0x29, _t87);
								goto L31;
							}
							__eflags =  *0x1d1368 - _t154; // 0x0
							if(__eflags == 0) {
								goto L25;
							}
							_t112 =  *((intOrPtr*)(_t140 - 1));
							__eflags = _t112;
							if(_t112 == 0) {
								 *((intOrPtr*)(_t140 + 0x2f)) = r14b;
							} else {
								_t145 = _t140 + 0x3e;
								 *0x1cd190();
								 *((intOrPtr*)( *((intOrPtr*)( *_t112 + 0x10)))) = r14b;
							}
							_t74 = atol();
							_t87 =  *0x1d1368; // 0x0
							 *0x1cd190();
							_t114 = _t140 - 0x29;
							__eflags = _t87;
							if(_t87 == 0) {
								E001C54C8(_t114, "`");
								E001C52C8(_t140 + 0x1f, _t135);
								E001C5540(_t87, _t140 - 0x11, _t140 - 1);
								_t126 = _t140 + 0xf;
								goto L26;
							} else {
								E001C54C8(_t114, _t87);
								goto L31;
							}
						}
						_t150 =  &(_t148[0x13]);
						goto L17;
					}
					E001CA964(__ecx, 0, __edi, __esi, __rcx, _t140 - 0x11, _t120, _t134, __rsi, _t148, __r10);
					 *(_t140 - 0x21) =  *(_t86 + 8);
					_t92 =  *0x1d1350; // 0x0
					 *((long long*)(_t140 - 0x29)) =  *_t86;
					_t74 =  *_t92;
					_t87 = _t92 + 1;
					 *0x1d1350 = _t87;
					__eflags = _t74 - 0x40;
					if(_t74 != 0x40) {
						_t93 = _t87 - 1;
						 *0x1d1350 = _t93;
						asm("sbb ecx, ecx");
						_t74 =  ~_t74 + 1;
						__eflags =  *_t93;
						 *(_t140 - 0x21) = _t74;
						_t87 =  !=  ? _t154 : 0x1ce560;
						 *((long long*)(_t140 - 0x29)) = 0x1ce560;
					}
					goto L31;
				} else {
					_t119 =  *0x1d1340; // 0x0
					 *0x1d1350 =  &(_t148[1]);
					E001C5500(_t119, __rcx);
					L35:
					return E001CC520(_t74, _t96,  *(_t140 + 0x3f) ^ _t143);
				}
			}

0x001cb1f0
0x001cb1f0
0x001cb1f0
0x001cb1f0
0x001cb1f0
0x001cb1f5
0x001cb1fb
0x001cb1fc
0x001cb1fe
0x001cb203
0x001cb20a
0x001cb211
0x001cb214
0x001cb218
0x001cb21f
0x001cb222
0x001cb225
0x001cb228
0x001cb22c
0x001cb234
0x001cb254
0x001cb257
0x001cb25b
0x001cb25f
0x001cb263
0x001cb2c8
0x001cb2cf
0x001cb2d2
0x001cb2d5
0x001cb2db
0x001cb2db
0x001cb2df
0x001cb2df
0x001cb2e1
0x001cb2e3
0x00000000
0x00000000
0x001cb2e5
0x001cb2e7
0x00000000
0x00000000
0x001cb2e9
0x001cb2ec
0x001cb2ef
0x001cb2ef
0x001cb2f2
0x00000000
0x00000000
0x00000000
0x001cb2f2
0x001cb2f4
0x001cb2fa
0x001cb2fc
0x001cb304
0x001cb30b
0x001cb30e
0x001cb311
0x001cb317
0x001cb317
0x001cb319
0x001cb31b
0x00000000
0x00000000
0x001cb31d
0x001cb31f
0x00000000
0x00000000
0x001cb321
0x001cb324
0x001cb327
0x001cb327
0x001cb32a
0x00000000
0x00000000
0x00000000
0x001cb32a
0x001cb32c
0x001cb332
0x001cb334
0x001cb43d
0x001cb440
0x001cb45c
0x001cb45c
0x001cb46a
0x001cb475
0x001cb479
0x001cb47c
0x001cb47c
0x001cb47f
0x001cb481
0x001cb488
0x001cb48b
0x001cb491
0x001cb491
0x001cb48b
0x001cb49a
0x001cb4a0
0x00000000
0x001cb4a0
0x001cb442
0x001cb446
0x00000000
0x00000000
0x001cb44b
0x001cb44f
0x001cb456
0x00000000
0x001cb456
0x001cb33a
0x001cb33a
0x001cb33e
0x001cb342
0x001cb349
0x001cb34e
0x001cb358
0x001cb3ef
0x001cb3fa
0x001cb406
0x001cb416
0x001cb41b
0x001cb41f
0x001cb41f
0x001cb42a
0x001cb436
0x00000000
0x001cb436
0x001cb35e
0x001cb365
0x00000000
0x00000000
0x001cb36b
0x001cb36f
0x001cb372
0x001cb38e
0x001cb374
0x001cb377
0x001cb383
0x001cb389
0x001cb389
0x001cb39c
0x001cb39e
0x001cb3a5
0x001cb3ab
0x001cb3af
0x001cb3b2
0x001cb3c8
0x001cb3d4
0x001cb3e4
0x001cb3e9
0x00000000
0x001cb3b4
0x001cb3b7
0x00000000
0x001cb3b7
0x001cb3b2
0x001cb2fe
0x00000000
0x001cb2fe
0x001cb26b
0x001cb276
0x001cb279
0x001cb280
0x001cb284
0x001cb286
0x001cb289
0x001cb290
0x001cb293
0x001cb299
0x001cb29c
0x001cb2b0
0x001cb2b4
0x001cb2b6
0x001cb2b8
0x001cb2bb
0x001cb2bf
0x001cb2bf
0x00000000
0x001cb236
0x001cb23c
0x001cb243
0x001cb24a
0x001cb4a3
0x001cb4c9
0x001cb4c9

APIs

Replicator::operator[].LIBVCRUNTIME ref: 001CB24A
UnDecorator::getTemplateName.LIBVCRUNTIME ref: 001CB26B
Replicator::operator+=.LIBVCRUNTIME ref: 001CB491

Strings

template-parameter-, xrefs: 001CB2C8
generic-type-, xrefs: 001CB304

Memory Dump Source

Source File: 00000000.00000002.368460727.00000000001C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000000.00000002.368456644.00000000001C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.368470033.00000000001CD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.368475414.00000000001D1000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.368479501.00000000001D2000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1c0000_dp687checkversion_amd.jbxd

Similarity

API ID: Decorator::getNameReplicator::operator+=Replicator::operator[]Template
String ID: generic-type-$template-parameter-
API String ID: 2508803971-13229604
Opcode ID: fc5fc02a2b2a7f523d34ceeea66521749eadb68659c43c2de903e21b4837528a
Instruction ID: d637028fdaefa1d3a1a33fe2d39341c5b46131d3748ae6bdccd48ed26e506648
Opcode Fuzzy Hash: fc5fc02a2b2a7f523d34ceeea66521749eadb68659c43c2de903e21b4837528a
Instruction Fuzzy Hash: 5E81B032708B84A9EB14CF64D491BEC37B2B768B88F84501AEE4E97B65DF39D549C340

Uniqueness

Uniqueness Score: -1.00%

Function 001C42CA Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 162COMMON

Download Yara Rule

APIs

_CxxThrowException.LIBVCRUNTIME ref: 001C42E7

Part of subcall function 001C47B0: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,001C2B51), ref: 001C4825
Part of subcall function 001C47B0: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,001C2B51), ref: 001C4857

RtlPcToFileHeader.KERNEL32 ref: 001C4367
FindSITargetTypeInstance.LIBVCRUNTIME ref: 001C439B
FindMITargetTypeInstance.LIBVCRUNTIME ref: 001C43C3
FindVITargetTypeInstance.LIBVCRUNTIME ref: 001C43CA

Strings

Attempted a typeid of nullptr pointer!, xrefs: 001C44A5
Bad read pointer - no RTTI data!, xrefs: 001C44C8
Bad dynamic_cast!, xrefs: 001C4432
Access violation - no RTTI data!, xrefs: 001C42CA, 001C44EB

Memory Dump Source

Source File: 00000000.00000002.368460727.00000000001C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000000.00000002.368456644.00000000001C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.368470033.00000000001CD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.368475414.00000000001D1000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.368479501.00000000001D2000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1c0000_dp687checkversion_amd.jbxd

Similarity

API ID: FindInstanceTargetType$ExceptionFileHeader$RaiseThrow
String ID: Access violation - no RTTI data!$Attempted a typeid of nullptr pointer!$Bad dynamic_cast!$Bad read pointer - no RTTI data!
API String ID: 3612141105-928371585
Opcode ID: 9cb7c45a22ad7d1bde4ffead68d9dde7fb12edb2095f4aa00e7992c7fd4aeba8
Instruction ID: e37fb0b265f87b461378017ec18e238b2b68b67d1ce98bf2f767c0d381f35b0c
Opcode Fuzzy Hash: 9cb7c45a22ad7d1bde4ffead68d9dde7fb12edb2095f4aa00e7992c7fd4aeba8
Instruction Fuzzy Hash: CD519272319A8593DF24DF65F8A1BA97360F7A4B84F40952AEB8E47B24EB38C545C700

Uniqueness

Uniqueness Score: -1.00%

Function 02901370 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 124
sleepCOMMON

Download Yara Rule

C-Code - Quality: 31%

			E02901370(void* __edi, long long __rax, long long __rcx, void* __rdx, void* _a8) {
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t67;
				long long _t70;
				long long _t72;

				_t70 = __rax;
				_t67 = __edi;
				_a8 = __rcx;
				E02901050();
				_v24 = 0;
				while(( *0x29a8630 & 0x000000ff) != 0) {
					Sleep();
					_v24 = _v24 + 1;
					if(_v24 < 0xa) {
						continue;
					}
					return 0xffffffff;
				}
				 *0x29a8658 =  *0x29a8658 + 1;
				GetModuleHandleA(??);
				 *_a8 = _t70;
				_t72 = _a8;
				if( *_t72 != 0) {
					L13:
					if((E02901100(0,  *_a8) & 0x000000ff) == 0) {
						return 0;
					}
					E02939410(0, _t67, _t72, "nvapi64.dll");
					 *_a8 = _t72;
					_v20 = E02901200(0, _a8,  *_a8);
					if(_v20 == 0) {
						 *0x29a8600 =  *_a8;
						E02901080(0,  *_a8);
						return 0xfffffff2;
					}
					 *0x29a8658 =  *0x29a8658 - 1;
					FreeLibrary(??);
					return _v20;
				}
				EnterCriticalSection();
				GetModuleHandleA(??);
				 *_a8 = _t72;
				_t72 = _a8;
				if( *_t72 != 0) {
					LeaveCriticalSection();
					goto L13;
				}
				E02939410(0, _t67, _t72, "nvapi64.dll");
				 *_a8 = _t72;
				_t78 = _a8;
				if( *_a8 != 0) {
					_v20 = E02901200(0, _t78,  *_a8);
					if(_v20 == 0) {
						 *0x29a8600 =  *_a8;
						E02901080(0,  *_a8);
						LeaveCriticalSection(??);
						return 0xfffffff2;
					}
					 *0x29a8658 =  *0x29a8658 - 1;
					FreeLibrary(??);
					LeaveCriticalSection(??);
					return _v20;
				}
				 *0x29a8658 =  *0x29a8658 - 1;
				LeaveCriticalSection(??);
				return 0xfffffffe;
			}

0x02901370
0x02901370
0x02901370
0x02901379
0x0290137e
0x02901386
0x02901396
0x029013a3
0x029013ac
0x00000000
0x029013b8
0x00000000
0x029013ae
0x029013c3
0x029013d0
0x029013de
0x029013e1
0x029013ea
0x029014fd
0x02901511
0x00000000
0x0290158e
0x0290151c
0x02901529
0x0290153b
0x02901544
0x02901571
0x02901582
0x00000000
0x02901587
0x0290154f
0x0290155d
0x00000000
0x02901563
0x029013f7
0x02901404
0x02901412
0x02901415
0x0290141e
0x029014f7
0x00000000
0x029014f7
0x0290142d
0x0290143a
0x0290143d
0x02901446
0x0290147d
0x02901486
0x029014c3
0x029014d4
0x029014e0
0x00000000
0x029014e6
0x02901491
0x0290149f
0x029014ac
0x00000000
0x029014b2
0x02901451
0x0290145e
0x00000000

APIs

Part of subcall function 02901050: InitializeCriticalSection.KERNEL32(?,?,?,?,0290137E,?,?,?,?,?,?,0290100E), ref: 02901066

FreeLibrary.KERNEL32 ref: 0290149F
LeaveCriticalSection.KERNEL32 ref: 029014AC
LeaveCriticalSection.KERNEL32 ref: 029014E0
Sleep.KERNEL32 ref: 02901396

Part of subcall function 02901200: GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0290153B), ref: 0290122D

GetModuleHandleA.KERNEL32 ref: 029013D0
EnterCriticalSection.KERNEL32 ref: 029013F7
GetModuleHandleA.KERNEL32 ref: 02901404
LeaveCriticalSection.KERNEL32 ref: 0290145E

Strings

nvapi64.dll, xrefs: 02901426
nvapi64.dll, xrefs: 029013C9
nvapi64.dll, xrefs: 02901515
nvapi64.dll, xrefs: 029013FD

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: CriticalSection$Leave$HandleModule$AddressEnterFreeInitializeLibraryProcSleep
String ID: nvapi64.dll$nvapi64.dll$nvapi64.dll$nvapi64.dll
API String ID: 1337527680-1326913234
Opcode ID: 18a707bfccd6ca645f69d520c80875165d5420b6e9674e4a64b7b4457425c3cb
Instruction ID: 1afcab70b3a03d9d85285cf7776d38d38c187662df6c58d6848b57b914555cd1
Opcode Fuzzy Hash: 18a707bfccd6ca645f69d520c80875165d5420b6e9674e4a64b7b4457425c3cb
Instruction Fuzzy Hash: 9F511B36604B44CAE714DF2AE89831A73B1F7C8B94F504516EA4E87BA8DF3DC855CB41

Uniqueness

Uniqueness Score: -1.00%

Function 02942FE0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 163
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E02942FE0(signed int __ecx, void* __esp, long long __rbx, void* __rdx, long long __rdi, void* __r8) {
				int _t66;
				signed int _t80;
				signed long long _t100;
				long long _t102;
				signed int _t108;
				signed int _t111;
				intOrPtr* _t117;
				intOrPtr* _t119;
				intOrPtr* _t120;
				void* _t139;
				void* _t141;
				signed long long _t142;
				void* _t145;
				void* _t150;

				_t144 = __r8;
				_t104 = __rbx;
				_t79 = __ecx;
				 *((long long*)(_t141 + 0x10)) = __rbx;
				_t139 = _t141 - 0x180;
				_t142 = _t141 - 0x280;
				_t100 =  *0x29a61e8; // 0xc99624406909
				_t101 = _t100 ^ _t142;
				 *(_t139 + 0x170) = _t101;
				_t62 =  *0x29a6001 & 0x000000ff;
				if(_t62 != 0) {
					__eflags = _t62 - 1;
					if(_t62 == 1) {
						_t108 =  *0x29a7ff0; // 0x0
						_t62 = 0;
						 *(_t142 + 0x48) = _t101;
						 *(_t142 + 0x50) = _t101;
						 *(_t142 + 0x58) = _t101;
						 *(_t142 + 0x48) = 0x2c;
						 *((intOrPtr*)(_t142 + 0x54)) = 2;
						 *(_t142 + 0x58) = 0;
						 *((long long*)(_t142 + 0x3c)) = 0;
						 *(_t142 + 0x60) = _t101;
						 *(_t142 + 0x68) = _t101;
						 *((intOrPtr*)(_t142 + 0x70)) = 0;
						 *((intOrPtr*)(_t142 + 0x38)) = 0xc;
						__eflags = _t108;
						if(_t108 != 0) {
							_t129 = _t142 + 0x38;
							__eflags = E0293CAD0(_t101, __rbx, _t108, _t142 + 0x38);
							if(__eflags == 0) {
								_t62 = E02943770(__eflags, _t101, "ctlGetPowerOptimizationCaps(PSR) returned success\n", _t129, __r8, _t145);
								__eflags =  *(_t142 + 0x40) & 0x00000002;
								if(__eflags != 0) {
									_t62 = E02943770(__eflags, _t101, "GetPowerOptimizationCaps.SupportedFeature = CTL_POWER_OPTIMIZATION_FLAG_PSR \n", _t129, _t144, _t145);
									__eflags =  *(_t142 + 0x40) & 0x00000002;
									if(( *(_t142 + 0x40) & 0x00000002) != 0) {
										_t111 =  *0x29a7ff0; // 0x0
										__eflags = _t111;
										if(_t111 != 0) {
											_t130 = _t142 + 0x48;
											__eflags = L0293DC20(_t101, _t104, _t111, _t142 + 0x48);
											if(__eflags == 0) {
												_t62 = E02943770(__eflags, _t101, "ctlSetPowerOptimizationSetting returned success\n", _t130, _t144, _t145);
											} else {
												_t62 = E02943770(__eflags, _t101, "ctlSetPowerOptimizationSetting(PSR) returned failure code: 0x%X\n", _t130, _t144, _t145);
											}
										}
									}
								}
							} else {
								_t62 = E02943770(__eflags, _t101, "ctlGetPowerOptimizationCaps returned failure code: 0x%X\n", _t129, __r8, _t145);
							}
						}
					}
				} else {
					if( *0x29a6000 <= 1) {
						 *((long long*)(_t142 + 0x290)) = __rdi;
						_t66 = GetSystemPowerStatus(??);
						r8d = 0xa8;
						_t78 =  !=  ? 1 : 2;
						E02947430(_t66, __ecx, 0, 1, __esp, _t139 + 0x4c, __rdx, __r8);
						_t117 =  *0x29a7f90; // 0x0
						 *((intOrPtr*)(_t139 + 0x40)) =  !=  ? 1 : 2;
						 *((long long*)(_t139 + 0x44)) = 3;
						r8d = 0xb4;
						 *((long long*)(_t142 + 0x20)) = _t142 + 0x30;
						_t102 =  *_t117;
						 *((intOrPtr*)(_t102 + 0x158))();
						 *((long long*)(_t139 - 0x74)) = _t102;
						r8d = 0x98;
						E02947430(0, _t79, 0, 1, __esp, _t139 - 0x64, 0x2991cd8, __r8);
						_t80 =  *(_t139 + 0x58);
						 *((intOrPtr*)(_t139 - 0x80)) =  *((intOrPtr*)(_t139 + 0x40));
						r8d = 0xb4;
						 *((intOrPtr*)(_t139 - 0x78)) =  *((intOrPtr*)(_t139 + 0x48));
						_t79 = _t80 & 0xffffffdf;
						 *((intOrPtr*)(_t139 - 0x7c)) = 1;
						 *(_t139 - 0x68) = _t80 & 0xffffffdf;
						_t119 =  *0x29a7f90; // 0x0
						 *(_t139 - 0x6c) = _t80 | 0x00000020;
						 *((long long*)(_t142 + 0x20)) = _t142 + 0x30;
						 *((intOrPtr*)( *_t119 + 0x160))();
						_t120 =  *0x29a7f90; // 0x0
						 *((long long*)(_t142 + 0x20)) = _t142 + 0x30;
						_t150 = _t139 - 0x80;
						r8d = 0xb4;
						_t101 =  *_t120;
						_t62 =  *((intOrPtr*)( *_t120 + 0x160))();
						r8d =  *((intOrPtr*)(_t142 + 0x30));
						if(_t62 < 0 || r8d != 0) {
							if(r8d != 0x43) {
								__eflags = r8d - 0x44;
								if(r8d != 0x44) {
									__eflags = r8d - 0x45;
									if(r8d != 0x45) {
										__eflags = r8d - 0x46;
										if(r8d != 0x46) {
											__eflags = r8d - 0x47;
											if(r8d != 0x47) {
												_t62 = E029422D0(_t101, _t139 + 0x100, "Write FAILED, Error code: 0x%x", _t144, _t150);
												E029423A0();
											} else {
												E029423A0();
											}
										} else {
											E029423A0();
										}
									} else {
										E029423A0();
									}
								} else {
									E029423A0();
								}
							} else {
								E029423A0();
							}
						}
					}
				}
				return L029438C0(_t62, _t79, _t101,  *(_t139 + 0x170) ^ _t142);
			}

0x02942fe0
0x02942fe0
0x02942fe0
0x02942fe0
0x02942fe6
0x02942fee
0x02942ff5
0x02942ffc
0x02942fff
0x02943006
0x0294300f
0x029431e5
0x029431e7
0x029431ed
0x029431f4
0x029431f6
0x02943200
0x02943205
0x0294320a
0x02943212
0x02943216
0x0294321a
0x02943223
0x02943228
0x0294322d
0x02943231
0x02943239
0x0294323c
0x0294323e
0x02943248
0x0294324a
0x02943263
0x02943268
0x0294326c
0x02943275
0x0294327a
0x0294327e
0x02943280
0x02943287
0x0294328a
0x0294328c
0x02943296
0x02943298
0x029432b1
0x0294329a
0x029432a3
0x029432a3
0x02943298
0x0294328a
0x0294327e
0x0294324c
0x02943255
0x02943255
0x0294324a
0x0294323c
0x02943015
0x02943021
0x0294302c
0x02943034
0x02943048
0x0294304e
0x02943053
0x02943058
0x02943064
0x0294306b
0x02943073
0x02943079
0x02943085
0x02943088
0x02943096
0x0294309a
0x029430a0
0x029430ad
0x029430b7
0x029430ba
0x029430c3
0x029430c8
0x029430cb
0x029430ce
0x029430d4
0x029430db
0x029430de
0x029430ea
0x029430f0
0x029430fc
0x02943108
0x0294310c
0x02943112
0x02943115
0x0294311b
0x0294312a
0x02943139
0x02943150
0x02943154
0x0294316b
0x0294316f
0x02943186
0x0294318a
0x029431a1
0x029431a5
0x029431ca
0x029431db
0x029431a7
0x029431b2
0x029431b2
0x0294318c
0x02943197
0x02943197
0x02943171
0x0294317c
0x0294317c
0x02943156
0x02943161
0x02943161
0x0294313b
0x02943146
0x02943146
0x02943139
0x0294312a
0x02943021
0x029432d5

APIs

GetSystemPowerStatus.KERNEL32 ref: 02943034

Strings

ctlGetPowerOptimizationCaps(PSR) returned success, xrefs: 0294325C
ctlSetPowerOptimizationSetting(PSR) returned failure code: 0x%X, xrefs: 0294329C
,, xrefs: 0294320A
ctlSetPowerOptimizationSetting returned success, xrefs: 029432AA
ctlGetPowerOptimizationCaps returned failure code: 0x%X, xrefs: 0294324E
AUX timeout, xrefs: 029431AB
Write FAILED, Error code: 0x%x, xrefs: 029431BC
Invalid AUX address, xrefs: 0294315A
AUX defer, xrefs: 02943190
GetPowerOptimizationCaps.SupportedFeature = CTL_POWER_OPTIMIZATION_FLAG_PSR , xrefs: 0294326E
Invalid AUX device, xrefs: 0294313F
Invalid AUX data size, xrefs: 02943175

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: PowerStatusSystem
String ID: ,$AUX defer$AUX timeout$GetPowerOptimizationCaps.SupportedFeature = CTL_POWER_OPTIMIZATION_FLAG_PSR $Invalid AUX address$Invalid AUX data size$Invalid AUX device$Write FAILED, Error code: 0x%x$ctlGetPowerOptimizationCaps returned failure code: 0x%X$ctlGetPowerOptimizationCaps(PSR) returned success$ctlSetPowerOptimizationSetting returned success$ctlSetPowerOptimizationSetting(PSR) returned failure code: 0x%X
API String ID: 2881466098-1131157559
Opcode ID: 158aa12b9c0f62e3ff44e3643e7f34ea8dd25979cb911edcbcdfaa18fb8c3a87
Instruction ID: 5e286e6291036706c6e69ff8f53ed593fcc179e16f72fe432cead9fe41e777df
Opcode Fuzzy Hash: 158aa12b9c0f62e3ff44e3643e7f34ea8dd25979cb911edcbcdfaa18fb8c3a87
Instruction Fuzzy Hash: C471E132A15B809AEB20CF74E844B9D77B1F788388FA00126DE4D47A68DF39C648CB41

Uniqueness

Uniqueness Score: -1.00%

Function 029432E0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 161
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E029432E0(void* __ecx, void* __esp, long long __rbx, void* __rdx, long long __rdi, void* __r8) {
				signed int _t62;
				int _t66;
				signed int _t74;
				signed long long _t99;
				long long _t101;
				signed int _t107;
				signed int _t110;
				intOrPtr* _t116;
				intOrPtr* _t118;
				intOrPtr* _t119;
				void* _t138;
				void* _t140;
				signed long long _t141;
				void* _t144;
				void* _t149;

				_t143 = __r8;
				_t103 = __rbx;
				_t79 = __ecx;
				 *((long long*)(_t140 + 0x10)) = __rbx;
				_t138 = _t140 - 0x180;
				_t141 = _t140 - 0x280;
				_t99 =  *0x29a61e8; // 0xc99624406909
				_t100 = _t99 ^ _t141;
				 *(_t138 + 0x170) = _t100;
				_t62 =  *0x29a6001 & 0x000000ff;
				if(_t62 != 0) {
					__eflags = _t62 - 1;
					if(_t62 == 1) {
						_t107 =  *0x29a7ff0; // 0x0
						_t62 = 0;
						 *(_t141 + 0x48) = _t100;
						 *(_t141 + 0x50) = _t100;
						 *(_t141 + 0x58) = _t100;
						 *(_t141 + 0x48) = 0x2c;
						 *((intOrPtr*)(_t141 + 0x54)) = 2;
						 *(_t141 + 0x58) = 1;
						 *((long long*)(_t141 + 0x3c)) = 0;
						 *(_t141 + 0x60) = _t100;
						 *(_t141 + 0x68) = _t100;
						 *((intOrPtr*)(_t141 + 0x70)) = 0;
						 *((intOrPtr*)(_t141 + 0x38)) = 0xc;
						__eflags = _t107;
						if(_t107 != 0) {
							_t128 = _t141 + 0x38;
							__eflags = E0293CAD0(_t100, __rbx, _t107, _t141 + 0x38);
							if(__eflags == 0) {
								_t62 = E02943770(__eflags, _t100, "ctlGetPowerOptimizationCaps(PSR) returned success\n", _t128, __r8, _t144);
								__eflags =  *(_t141 + 0x40) & 0x00000002;
								if(__eflags != 0) {
									_t62 = E02943770(__eflags, _t100, "GetPowerOptimizationCaps.SupportedFeature = CTL_POWER_OPTIMIZATION_FLAG_PSR \n", _t128, _t143, _t144);
									__eflags =  *(_t141 + 0x40) & 0x00000002;
									if(( *(_t141 + 0x40) & 0x00000002) != 0) {
										_t110 =  *0x29a7ff0; // 0x0
										__eflags = _t110;
										if(_t110 != 0) {
											_t129 = _t141 + 0x48;
											__eflags = L0293DC20(_t100, _t103, _t110, _t141 + 0x48);
											if(__eflags == 0) {
												_t62 = E02943770(__eflags, _t100, "ctlSetPowerOptimizationSetting returned success\n", _t129, _t143, _t144);
											} else {
												_t62 = E02943770(__eflags, _t100, "ctlSetPowerOptimizationSetting(PSR) returned failure code: 0x%X\n", _t129, _t143, _t144);
											}
										}
									}
								}
							} else {
								_t62 = E02943770(__eflags, _t100, "ctlGetPowerOptimizationCaps returned failure code: 0x%X\n", _t128, __r8, _t144);
							}
						}
					}
				} else {
					if( *0x29a6000 <= 1) {
						 *((long long*)(_t141 + 0x290)) = __rdi;
						_t66 = GetSystemPowerStatus(??);
						r8d = 0xa8;
						_t78 =  !=  ? 1 : 2;
						E02947430(_t66, __ecx, 0, 1, __esp, _t138 + 0x4c, __rdx, __r8);
						_t116 =  *0x29a7f90; // 0x0
						 *((intOrPtr*)(_t138 + 0x40)) =  !=  ? 1 : 2;
						 *((long long*)(_t138 + 0x44)) = 3;
						r8d = 0xb4;
						 *((long long*)(_t141 + 0x20)) = _t141 + 0x30;
						_t101 =  *_t116;
						 *((intOrPtr*)(_t101 + 0x158))();
						 *((long long*)(_t138 - 0x74)) = _t101;
						r8d = 0x98;
						E02947430(0, _t79, 0, 1, __esp, _t138 - 0x64, 0x2991cd8, __r8);
						_t118 =  *0x29a7f90; // 0x0
						 *((intOrPtr*)(_t138 - 0x80)) =  *((intOrPtr*)(_t138 + 0x40));
						r8d = 0xb4;
						 *((intOrPtr*)(_t138 - 0x78)) =  *((intOrPtr*)(_t138 + 0x48));
						_t74 =  *(_t138 + 0x58) | 0x00000020;
						 *((intOrPtr*)(_t138 - 0x7c)) = 1;
						 *(_t138 - 0x6c) = _t74;
						 *(_t138 - 0x68) = _t74;
						 *((long long*)(_t141 + 0x20)) = _t141 + 0x30;
						 *((intOrPtr*)( *_t118 + 0x160))();
						_t119 =  *0x29a7f90; // 0x0
						 *((long long*)(_t141 + 0x20)) = _t141 + 0x30;
						_t149 = _t138 - 0x80;
						r8d = 0xb4;
						_t100 =  *_t119;
						_t62 =  *((intOrPtr*)( *_t119 + 0x160))();
						r8d =  *((intOrPtr*)(_t141 + 0x30));
						if(_t62 < 0 || r8d != 0) {
							if(r8d != 0x43) {
								__eflags = r8d - 0x44;
								if(r8d != 0x44) {
									__eflags = r8d - 0x45;
									if(r8d != 0x45) {
										__eflags = r8d - 0x46;
										if(r8d != 0x46) {
											__eflags = r8d - 0x47;
											if(r8d != 0x47) {
												_t62 = E029422D0(_t100, _t138 + 0x100, "Write FAILED, Error code: 0x%x", _t143, _t149);
												E029423A0();
											} else {
												E029423A0();
											}
										} else {
											E029423A0();
										}
									} else {
										E029423A0();
									}
								} else {
									E029423A0();
								}
							} else {
								E029423A0();
							}
						}
					}
				}
				return L029438C0(_t62, _t79, _t100,  *(_t138 + 0x170) ^ _t141);
			}

0x029432e0
0x029432e0
0x029432e0
0x029432e0
0x029432e6
0x029432ee
0x029432f5
0x029432fc
0x029432ff
0x02943306
0x0294330f
0x029434e0
0x029434e2
0x029434e8
0x029434ef
0x029434f1
0x029434fb
0x02943500
0x02943505
0x0294350d
0x02943511
0x02943516
0x0294351f
0x02943524
0x02943529
0x0294352d
0x02943535
0x02943538
0x0294353a
0x02943544
0x02943546
0x0294355f
0x02943564
0x02943568
0x02943571
0x02943576
0x0294357a
0x0294357c
0x02943583
0x02943586
0x02943588
0x02943592
0x02943594
0x029435ad
0x02943596
0x0294359f
0x0294359f
0x02943594
0x02943586
0x0294357a
0x02943548
0x02943551
0x02943551
0x02943546
0x02943538
0x02943315
0x02943321
0x0294332c
0x02943334
0x02943348
0x0294334e
0x02943353
0x02943358
0x02943364
0x0294336b
0x02943373
0x02943379
0x02943385
0x02943388
0x02943396
0x0294339a
0x029433a0
0x029433ad
0x029433bb
0x029433be
0x029433c7
0x029433cd
0x029433d0
0x029433d3
0x029433d6
0x029433dc
0x029433e5
0x029433eb
0x029433f7
0x02943403
0x02943407
0x0294340d
0x02943410
0x02943416
0x02943425
0x02943434
0x0294344b
0x0294344f
0x02943466
0x0294346a
0x02943481
0x02943485
0x0294349c
0x029434a0
0x029434c5
0x029434d6
0x029434a2
0x029434ad
0x029434ad
0x02943487
0x02943492
0x02943492
0x0294346c
0x02943477
0x02943477
0x02943451
0x0294345c
0x0294345c
0x02943436
0x02943441
0x02943441
0x02943434
0x02943425
0x02943321
0x029435d1

APIs

GetSystemPowerStatus.KERNEL32 ref: 02943334

Strings

ctlGetPowerOptimizationCaps(PSR) returned success, xrefs: 02943558
ctlSetPowerOptimizationSetting(PSR) returned failure code: 0x%X, xrefs: 02943598
ctlSetPowerOptimizationSetting returned success, xrefs: 029435A6
ctlGetPowerOptimizationCaps returned failure code: 0x%X, xrefs: 0294354A
AUX timeout, xrefs: 029434A6
Write FAILED, Error code: 0x%x, xrefs: 029434B7
Invalid AUX address, xrefs: 02943455
AUX defer, xrefs: 0294348B
GetPowerOptimizationCaps.SupportedFeature = CTL_POWER_OPTIMIZATION_FLAG_PSR , xrefs: 0294356A
Invalid AUX device, xrefs: 0294343A
Invalid AUX data size, xrefs: 02943470
,, xrefs: 02943505

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: PowerStatusSystem
String ID: ,$AUX defer$AUX timeout$GetPowerOptimizationCaps.SupportedFeature = CTL_POWER_OPTIMIZATION_FLAG_PSR $Invalid AUX address$Invalid AUX data size$Invalid AUX device$Write FAILED, Error code: 0x%x$ctlGetPowerOptimizationCaps returned failure code: 0x%X$ctlGetPowerOptimizationCaps(PSR) returned success$ctlSetPowerOptimizationSetting returned success$ctlSetPowerOptimizationSetting(PSR) returned failure code: 0x%X
API String ID: 2881466098-1131157559
Opcode ID: 0d5196045d988b570f95bafb6014930d6666876ccd874c0b904c9b3d090d3e84
Instruction ID: 9f344cea956866f159b8cbea43295c1321a3a0509f0b0a92cc430b0ae96bb124
Opcode Fuzzy Hash: 0d5196045d988b570f95bafb6014930d6666876ccd874c0b904c9b3d090d3e84
Instruction Fuzzy Hash: 1D71D332615B8099EB20CF75E844BDD77B1F784388FA00566DA4E47A28DF79C689CB41

Uniqueness

Uniqueness Score: -1.00%

Function 0293A340 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 126memoryCOMMON

Download Yara Rule

APIs

VerSetConditionMask.KERNEL32 ref: 0293A3B3
VerSetConditionMask.KERNEL32 ref: 0293A3C4
VerSetConditionMask.KERNEL32 ref: 0293A3D5
VerifyVersionInfoW.KERNEL32 ref: 0293A418
GetFullPathNameW.KERNEL32 ref: 0293A471
LocalAlloc.KERNEL32 ref: 0293A493
LocalFree.KERNEL32 ref: 0293A58E
LocalFree.KERNEL32 ref: 0293A599

Strings

&, xrefs: 0293A37C
$, xrefs: 0293A374
*, xrefs: 0293A384

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: ConditionLocalMask$Free$AllocFullInfoNamePathVerifyVersion
String ID: $$&$*
API String ID: 856127322-3416282258
Opcode ID: e0da58462cb51087ade55be93915c65c19b3bd1b8afaf481543ff6da75db29c7
Instruction ID: 1e2943e06def04b768e777e61c26a74cd0848128ba153a6ad3f6193533c778d7
Opcode Fuzzy Hash: e0da58462cb51087ade55be93915c65c19b3bd1b8afaf481543ff6da75db29c7
Instruction Fuzzy Hash: F551D676618780CBE721DF55F54C31AB7B1F384768F10411AEA9A47AA8DBBDC884CF41

Uniqueness

Uniqueness Score: -1.00%

Function 0293A9D0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 87libraryloadermemoryCOMMON

Download Yara Rule

APIs

Part of subcall function 02939370: SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,02901521), ref: 02939388
Part of subcall function 02939370: SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,02901521), ref: 029393A1

GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,029395AA), ref: 0293AA2F
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,029395AA), ref: 0293AA4A
LoadLibraryExW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,029395AA), ref: 0293AAA0
LocalAlloc.KERNEL32 ref: 0293AAF3
GetModuleFileNameW.KERNEL32 ref: 0293AB17
GetLastError.KERNEL32 ref: 0293AB2B
SetLastError.KERNEL32 ref: 0293AB38
LocalFree.KERNEL32 ref: 0293AB43
FreeLibrary.KERNEL32 ref: 0293AB5C

Strings

LdrUnlockLoaderLock, xrefs: 0293AA3C
LdrLockLoaderLock, xrefs: 0293AA21
ntdll.dll, xrefs: 0293AA04

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: ErrorLast$AddressFreeLibraryLocalProc$AllocFileLoadModuleName
String ID: LdrLockLoaderLock$LdrUnlockLoaderLock$ntdll.dll
API String ID: 1314605384-42217302
Opcode ID: 6b4d4eeb16ac347abc7ea60d4b2a9f58348a8154a44715a394c532fa0c5e055a
Instruction ID: c039c823dddb0070f42cf41fe5c7edf7d96471367bab352156bdfb31ef456a78
Opcode Fuzzy Hash: 6b4d4eeb16ac347abc7ea60d4b2a9f58348a8154a44715a394c532fa0c5e055a
Instruction Fuzzy Hash: E3410636608B80C7E721DB19F84835A77B2F3C9795F50552AE6CE82A68CF3DC588CB41

Uniqueness

Uniqueness Score: -1.00%

Function 0293B370 Relevance: 19.6, APIs: 10, Strings: 3, Instructions: 129memoryCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 0293B3E6
LocalAlloc.KERNEL32 ref: 0293B3FE
GetLastError.KERNEL32 ref: 0293B411
LocalFree.KERNEL32 ref: 0293B5AF

Strings

VeriSign Class 3 Code Signing 2010 CA, xrefs: 0293B388
NVIDIA Subordinate CA, xrefs: 0293B37C
NVIDIA Corporation, xrefs: 0293B57B

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: ErrorLastLocal$AllocFree
String ID: NVIDIA Corporation$NVIDIA Subordinate CA$VeriSign Class 3 Code Signing 2010 CA
API String ID: 1353762364-3488921654
Opcode ID: 8d19297e148f30f7d5f131b36dcd121a51473fb8fd34218010c9d64c939fb25a
Instruction ID: a430fadb5625ea6a29e9d458ca999734960f6a2767cab4f17e01200214ea902c
Opcode Fuzzy Hash: 8d19297e148f30f7d5f131b36dcd121a51473fb8fd34218010c9d64c939fb25a
Instruction Fuzzy Hash: 2551E876628B81CBE7618F24F46971AB7A1F7C4798F105519EB8A43B68DB3EC444CF01

Uniqueness

Uniqueness Score: -1.00%

Function 02942460 Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 150
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E02942460(signed int __ecx, void* __esp, long long __rbx, void* __rdx, long long __rdi, void* __r8) {
				int _t61;
				signed int _t74;
				signed long long _t94;
				long long _t96;
				intOrPtr _t102;
				signed int _t103;
				intOrPtr* _t109;
				intOrPtr* _t111;
				intOrPtr* _t112;
				void* _t130;
				void* _t131;
				signed long long _t132;
				void* _t135;
				void* _t140;
				void* _t141;

				_t134 = __r8;
				_t98 = __rbx;
				_t73 = __ecx;
				_t141 = _t131;
				_t130 = _t141 - 0x188;
				_t132 = _t131 - 0x280;
				_t94 =  *0x29a61e8; // 0xc99624406909
				_t95 = _t94 ^ _t132;
				 *(_t130 + 0x170) = _t95;
				_t57 =  *0x29a6001 & 0x000000ff;
				if(_t57 != 0) {
					__eflags = _t57 - 1;
					if(_t57 == 1) {
						_t102 =  *0x29a7ff0; // 0x0
						_t121 = _t132 + 0x38;
						 *((intOrPtr*)(_t132 + 0x38)) = 0xc;
						asm("xorps xmm0, xmm0");
						 *(_t132 + 0x4c) = _t95;
						 *(_t132 + 0x59) = _t95;
						 *((short*)(_t132 + 0x61)) = 0;
						asm("movdqu [esp+0x64], xmm0");
						 *(_t132 + 0x3c) = _t95;
						 *((char*)(_t132 + 0x58)) = 0;
						 *((intOrPtr*)(_t132 + 0x48)) = 0x2c;
						 *((intOrPtr*)(_t132 + 0x54)) = 4;
						 *((char*)(_t132 + 0x63)) = 4;
						__eflags = E0293CAD0(_t95, __rbx, _t102, _t132 + 0x38);
						if(__eflags == 0) {
							__eflags =  *(_t132 + 0x40) & 0x00000004;
							if(( *(_t132 + 0x40) & 0x00000004) != 0) {
								_t103 =  *0x29a7ff0; // 0x0
								__eflags = _t103;
								if(_t103 != 0) {
									_t122 = _t132 + 0x48;
									__eflags = L0293DC20(_t95, _t98, _t103, _t132 + 0x48);
									if(__eflags == 0) {
										_t57 = E02943770(__eflags, _t95, "ctlSetPowerOptimizationSetting returned success(DPST)\n", _t122, __r8, _t135);
									} else {
										_t57 = E02943770(__eflags, _t95, "ctlSetPowerOptimizationSetting returned failure code: 0x%X\n", _t122, __r8, _t135);
									}
								}
							}
						} else {
							_t57 = E02943770(__eflags, _t95, "ctlGetPowerOptimizationCaps returned failure code: 0x%X\n", _t121, __r8, _t135);
						}
					}
					L8:
					return L029438C0(_t57, _t73, _t95,  *(_t130 + 0x170) ^ _t132);
				}
				 *((long long*)(_t141 + 8)) = __rbx;
				if( *0x29a6000 > 1) {
					L7:
					goto L8;
				}
				 *((long long*)(_t141 + 0x10)) = __rdi;
				_t61 = GetSystemPowerStatus(??);
				r8d = 0xa8;
				_t72 =  !=  ? 1 : 2;
				E02947430(_t61, __ecx, 0, 1, __esp, _t130 + 0x4c, __rdx, __r8);
				_t109 =  *0x29a7f90; // 0x0
				 *((intOrPtr*)(_t130 + 0x40)) =  !=  ? 1 : 2;
				 *((long long*)(_t130 + 0x44)) = 3;
				r8d = 0xb4;
				 *((long long*)(_t132 + 0x20)) = _t132 + 0x30;
				_t96 =  *_t109;
				 *((intOrPtr*)(_t96 + 0x158))();
				 *((long long*)(_t130 - 0x74)) = _t96;
				r8d = 0x98;
				E02947430(0, _t73, 0, 1, __esp, _t130 - 0x64, 0x2991cd8, __r8);
				_t74 =  *(_t130 + 0x58);
				 *((intOrPtr*)(_t130 - 0x80)) =  *((intOrPtr*)(_t130 + 0x40));
				r8d = 0xb4;
				 *((intOrPtr*)(_t130 - 0x78)) =  *((intOrPtr*)(_t130 + 0x48));
				_t73 = _t74 & 0xfffffff7;
				 *((intOrPtr*)(_t130 - 0x7c)) = 1;
				 *(_t130 - 0x68) = _t74 & 0xfffffff7;
				_t111 =  *0x29a7f90; // 0x0
				 *(_t130 - 0x6c) = _t74 | 0x00000008;
				 *((long long*)(_t132 + 0x20)) = _t132 + 0x30;
				 *((intOrPtr*)( *_t111 + 0x160))();
				_t112 =  *0x29a7f90; // 0x0
				 *((long long*)(_t132 + 0x20)) = _t132 + 0x30;
				_t140 = _t130 - 0x80;
				r8d = 0xb4;
				_t95 =  *_t112;
				_t57 =  *((intOrPtr*)( *_t112 + 0x160))();
				r8d =  *((intOrPtr*)(_t132 + 0x30));
				if(_t57 < 0 || r8d != 0) {
					if(r8d != 0x43) {
						__eflags = r8d - 0x44;
						if(r8d != 0x44) {
							__eflags = r8d - 0x45;
							if(r8d != 0x45) {
								__eflags = r8d - 0x46;
								if(r8d != 0x46) {
									__eflags = r8d - 0x47;
									if(r8d != 0x47) {
										_t57 = E029422D0(_t95, _t130 + 0x100, "Write FAILED, Error code: 0x%x", _t134, _t140);
									}
								}
							}
						}
					}
					E029423A0();
				}
			}

0x02942460
0x02942460
0x02942460
0x02942460
0x02942464
0x0294246b
0x02942472
0x02942479
0x0294247c
0x02942483
0x0294248c
0x02942654
0x02942656
0x0294265c
0x02942663
0x0294266a
0x02942672
0x02942675
0x0294267a
0x0294267f
0x02942684
0x0294268a
0x0294268f
0x02942693
0x0294269b
0x029426a3
0x029426ad
0x029426af
0x029426c4
0x029426c9
0x029426cf
0x029426d6
0x029426d9
0x029426df
0x029426e9
0x029426eb
0x02942707
0x029426ed
0x029426f6
0x029426f6
0x029426eb
0x029426d9
0x029426b1
0x029426ba
0x029426ba
0x029426af
0x029425cc
0x029425e3
0x029425e3
0x02942499
0x029424a2
0x029425c4
0x00000000
0x029425c4
0x029424ad
0x029424b1
0x029424c5
0x029424cb
0x029424d0
0x029424d5
0x029424e1
0x029424e8
0x029424f0
0x029424f6
0x02942502
0x02942505
0x02942513
0x02942517
0x0294251d
0x0294252a
0x02942534
0x02942537
0x02942540
0x02942545
0x02942548
0x0294254b
0x02942551
0x02942558
0x0294255b
0x02942567
0x0294256d
0x02942579
0x02942585
0x02942589
0x0294258f
0x02942592
0x02942598
0x029425a7
0x029425b2
0x029425e4
0x029425e8
0x029425f7
0x029425fb
0x0294260a
0x0294260e
0x0294261d
0x02942621
0x0294263e
0x02942648
0x02942621
0x0294260e
0x029425fb
0x029425e8
0x029425bf
0x029425bf

APIs

GetSystemPowerStatus.KERNEL32 ref: 029424B1

Strings

ctlSetPowerOptimizationSetting returned success(DPST), xrefs: 02942700
ctlGetPowerOptimizationCaps returned failure code: 0x%X, xrefs: 029426B3
AUX timeout, xrefs: 02942627
Write FAILED, Error code: 0x%x, xrefs: 02942630
Invalid AUX address, xrefs: 029425EE
AUX defer, xrefs: 02942614
ctlSetPowerOptimizationSetting returned failure code: 0x%X, xrefs: 029426EF
Invalid AUX device, xrefs: 029425B8
Invalid AUX data size, xrefs: 02942601
,, xrefs: 02942693

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: PowerStatusSystem
String ID: ,$AUX defer$AUX timeout$Invalid AUX address$Invalid AUX data size$Invalid AUX device$Write FAILED, Error code: 0x%x$ctlGetPowerOptimizationCaps returned failure code: 0x%X$ctlSetPowerOptimizationSetting returned failure code: 0x%X$ctlSetPowerOptimizationSetting returned success(DPST)
API String ID: 2881466098-2430296271
Opcode ID: ca2309c46f02331b9855b0a780bf61b80be78a80c5f0e7b3053d75953d46b594
Instruction ID: b8595ac8267f138268eb239da82e1110775a22184a7664a96c1a117148ebb9d6
Opcode Fuzzy Hash: ca2309c46f02331b9855b0a780bf61b80be78a80c5f0e7b3053d75953d46b594
Instruction Fuzzy Hash: A661AD32B14B81D9EB20CF65E464B9D77B1F784788F904116EE4D47A68EF79C688CB40

Uniqueness

Uniqueness Score: -1.00%

Function 02942720 Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 148
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E02942720(void* __ecx, void* __esp, long long __rbx, void* __rdx, long long __rdi, void* __r8) {
				int _t61;
				signed int _t69;
				signed long long _t93;
				long long _t95;
				intOrPtr _t101;
				signed int _t102;
				intOrPtr* _t108;
				intOrPtr* _t110;
				intOrPtr* _t111;
				void* _t129;
				void* _t130;
				signed long long _t131;
				void* _t134;
				void* _t139;
				void* _t140;

				_t133 = __r8;
				_t97 = __rbx;
				_t73 = __ecx;
				_t140 = _t130;
				_t129 = _t140 - 0x188;
				_t131 = _t130 - 0x280;
				_t93 =  *0x29a61e8; // 0xc99624406909
				_t94 = _t93 ^ _t131;
				 *(_t129 + 0x170) = _t94;
				_t57 =  *0x29a6001 & 0x000000ff;
				if(_t57 != 0) {
					__eflags = _t57 - 1;
					if(_t57 == 1) {
						_t101 =  *0x29a7ff0; // 0x0
						_t120 = _t131 + 0x38;
						 *((intOrPtr*)(_t131 + 0x38)) = 0xc;
						asm("xorps xmm0, xmm0");
						 *(_t131 + 0x4c) = _t94;
						 *(_t131 + 0x59) = _t94;
						 *((short*)(_t131 + 0x61)) = 0;
						asm("movdqu [esp+0x64], xmm0");
						 *(_t131 + 0x3c) = _t94;
						 *((intOrPtr*)(_t131 + 0x48)) = 0x2c;
						 *((intOrPtr*)(_t131 + 0x54)) = 4;
						 *((char*)(_t131 + 0x58)) = 1;
						 *((char*)(_t131 + 0x63)) = 4;
						__eflags = E0293CAD0(_t94, __rbx, _t101, _t131 + 0x38);
						if(__eflags == 0) {
							__eflags =  *(_t131 + 0x40) & 0x00000004;
							if(( *(_t131 + 0x40) & 0x00000004) != 0) {
								_t102 =  *0x29a7ff0; // 0x0
								__eflags = _t102;
								if(_t102 != 0) {
									_t121 = _t131 + 0x48;
									__eflags = L0293DC20(_t94, _t97, _t102, _t131 + 0x48);
									if(__eflags == 0) {
										_t57 = E02943770(__eflags, _t94, "ctlSetPowerOptimizationSetting returned success(DPST)\n", _t121, __r8, _t134);
									} else {
										_t57 = E02943770(__eflags, _t94, "ctlSetPowerOptimizationSetting returned failure code: 0x%X\n", _t121, __r8, _t134);
									}
								}
							}
						} else {
							_t57 = E02943770(__eflags, _t94, "ctlGetPowerOptimizationCaps returned failure code: 0x%X\n", _t120, __r8, _t134);
						}
					}
					L8:
					return L029438C0(_t57, _t73, _t94,  *(_t129 + 0x170) ^ _t131);
				}
				 *((long long*)(_t140 + 8)) = __rbx;
				if( *0x29a6000 > 1) {
					L7:
					goto L8;
				}
				 *((long long*)(_t140 + 0x10)) = __rdi;
				_t61 = GetSystemPowerStatus(??);
				r8d = 0xa8;
				_t72 =  !=  ? 1 : 2;
				E02947430(_t61, __ecx, 0, 1, __esp, _t129 + 0x4c, __rdx, __r8);
				_t108 =  *0x29a7f90; // 0x0
				 *((intOrPtr*)(_t129 + 0x40)) =  !=  ? 1 : 2;
				 *((long long*)(_t129 + 0x44)) = 3;
				r8d = 0xb4;
				 *((long long*)(_t131 + 0x20)) = _t131 + 0x30;
				_t95 =  *_t108;
				 *((intOrPtr*)(_t95 + 0x158))();
				 *((long long*)(_t129 - 0x74)) = _t95;
				r8d = 0x98;
				E02947430(0, _t73, 0, 1, __esp, _t129 - 0x64, 0x2991cd8, __r8);
				_t110 =  *0x29a7f90; // 0x0
				 *((intOrPtr*)(_t129 - 0x80)) =  *((intOrPtr*)(_t129 + 0x40));
				r8d = 0xb4;
				 *((intOrPtr*)(_t129 - 0x78)) =  *((intOrPtr*)(_t129 + 0x48));
				_t69 =  *(_t129 + 0x58) | 0x00000008;
				 *((intOrPtr*)(_t129 - 0x7c)) = 1;
				 *(_t129 - 0x6c) = _t69;
				 *(_t129 - 0x68) = _t69;
				 *((long long*)(_t131 + 0x20)) = _t131 + 0x30;
				 *((intOrPtr*)( *_t110 + 0x160))();
				_t111 =  *0x29a7f90; // 0x0
				 *((long long*)(_t131 + 0x20)) = _t131 + 0x30;
				_t139 = _t129 - 0x80;
				r8d = 0xb4;
				_t94 =  *_t111;
				_t57 =  *((intOrPtr*)( *_t111 + 0x160))();
				r8d =  *((intOrPtr*)(_t131 + 0x30));
				if(_t57 < 0 || r8d != 0) {
					if(r8d != 0x43) {
						__eflags = r8d - 0x44;
						if(r8d != 0x44) {
							__eflags = r8d - 0x45;
							if(r8d != 0x45) {
								__eflags = r8d - 0x46;
								if(r8d != 0x46) {
									__eflags = r8d - 0x47;
									if(r8d != 0x47) {
										_t57 = E029422D0(_t94, _t129 + 0x100, "Write FAILED, Error code: 0x%x", _t133, _t139);
									}
								}
							}
						}
					}
					E029423A0();
				}
			}

0x02942720
0x02942720
0x02942720
0x02942720
0x02942724
0x0294272b
0x02942732
0x02942739
0x0294273c
0x02942743
0x0294274c
0x0294290f
0x02942911
0x02942917
0x0294291e
0x02942925
0x0294292d
0x02942930
0x02942935
0x0294293a
0x0294293f
0x02942945
0x0294294a
0x02942952
0x0294295a
0x0294295f
0x02942969
0x0294296b
0x02942980
0x02942985
0x0294298b
0x02942992
0x02942995
0x0294299b
0x029429a5
0x029429a7
0x029429c3
0x029429a9
0x029429b2
0x029429b2
0x029429a7
0x02942995
0x0294296d
0x02942976
0x02942976
0x0294296b
0x02942887
0x0294289e
0x0294289e
0x02942759
0x02942762
0x0294287f
0x00000000
0x0294287f
0x0294276d
0x02942771
0x02942785
0x0294278b
0x02942790
0x02942795
0x029427a1
0x029427a8
0x029427b0
0x029427b6
0x029427c2
0x029427c5
0x029427d3
0x029427d7
0x029427dd
0x029427ea
0x029427f8
0x029427fb
0x02942804
0x0294280a
0x0294280d
0x02942810
0x02942813
0x02942819
0x02942822
0x02942828
0x02942834
0x02942840
0x02942844
0x0294284a
0x0294284d
0x02942853
0x02942862
0x0294286d
0x0294289f
0x029428a3
0x029428b2
0x029428b6
0x029428c5
0x029428c9
0x029428d8
0x029428dc
0x029428f9
0x02942903
0x029428dc
0x029428c9
0x029428b6
0x029428a3
0x0294287a
0x0294287a

APIs

GetSystemPowerStatus.KERNEL32 ref: 02942771

Strings

,, xrefs: 0294294A
ctlSetPowerOptimizationSetting returned success(DPST), xrefs: 029429BC
ctlGetPowerOptimizationCaps returned failure code: 0x%X, xrefs: 0294296F
AUX timeout, xrefs: 029428E2
Write FAILED, Error code: 0x%x, xrefs: 029428EB
Invalid AUX address, xrefs: 029428A9
AUX defer, xrefs: 029428CF
ctlSetPowerOptimizationSetting returned failure code: 0x%X, xrefs: 029429AB
Invalid AUX device, xrefs: 02942873
Invalid AUX data size, xrefs: 029428BC

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: PowerStatusSystem
String ID: ,$AUX defer$AUX timeout$Invalid AUX address$Invalid AUX data size$Invalid AUX device$Write FAILED, Error code: 0x%x$ctlGetPowerOptimizationCaps returned failure code: 0x%X$ctlSetPowerOptimizationSetting returned failure code: 0x%X$ctlSetPowerOptimizationSetting returned success(DPST)
API String ID: 2881466098-2430296271
Opcode ID: b570eb6b06c0d6497d86076239c93c91a298eb2ef2218a9c599a88dcc7d06d76
Instruction ID: 728747d465c3a8b4361bbc92b8e971538298832abca97430dd59c8b6313d7463
Opcode Fuzzy Hash: b570eb6b06c0d6497d86076239c93c91a298eb2ef2218a9c599a88dcc7d06d76
Instruction Fuzzy Hash: 15619D32A24B81D9EB20CF65E884B9D77B1F784788F904116EE4D47B68DF79C688CB41

Uniqueness

Uniqueness Score: -1.00%

Function 029015A0 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 72
sleepCOMMON

Download Yara Rule

C-Code - Quality: 21%

			E029015A0(void* __edi, long long __rax, long long __rcx, void* __rdx, void* _a8) {
				intOrPtr _v24;
				void* _t32;
				long long _t34;
				long long _t36;
				long long _t38;

				_t34 = __rax;
				_t32 = __edi;
				_a8 = __rcx;
				E02901050();
				while(( *0x29a8631 & 0x000000ff) != 0) {
					Sleep();
				}
				 *0x29a865c =  *0x29a865c + 1;
				GetModuleHandleA(??);
				 *_a8 = _t34;
				_t36 = _a8;
				if( *_t36 != 0) {
					L11:
					return 0;
				}
				EnterCriticalSection();
				GetModuleHandleA(??);
				 *_a8 = _t36;
				_t38 = _a8;
				if( *_t38 != 0) {
					LeaveCriticalSection();
					goto L11;
				}
				E02939410(0, _t32, _t38, "nvpowerapi.dll");
				 *_a8 = _t38;
				_t40 = _a8;
				if( *_a8 != 0) {
					_v24 = E02901200(1, _t40,  *_a8);
					if(_v24 == 0) {
						 *0x29a8608 =  *_a8;
						LeaveCriticalSection(??);
						return 0xfffffff2;
					}
					 *0x29a865c =  *0x29a865c - 1;
					LeaveCriticalSection(??);
					return _v24;
				}
				 *0x29a865c =  *0x29a865c - 1;
				LeaveCriticalSection(??);
				return 0xfffffffe;
			}

0x029015a0
0x029015a0
0x029015a0
0x029015a9
0x029015ae
0x029015be
0x029015be
0x029015cf
0x029015dc
0x029015ea
0x029015ed
0x029015f6
0x029016e6
0x00000000
0x029016e6
0x02901603
0x02901610
0x0290161e
0x02901621
0x0290162a
0x029016e0
0x00000000
0x029016e0
0x02901639
0x02901646
0x02901649
0x02901652
0x02901689
0x02901692
0x029016be
0x029016cc
0x00000000
0x029016d2
0x0290169d
0x029016aa
0x00000000
0x029016b0
0x0290165d
0x0290166a
0x00000000

APIs

Part of subcall function 02901050: InitializeCriticalSection.KERNEL32(?,?,?,?,0290137E,?,?,?,?,?,?,0290100E), ref: 02901066

Sleep.KERNEL32 ref: 029015BE

Part of subcall function 02901200: GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0290153B), ref: 0290122D

GetModuleHandleA.KERNEL32 ref: 029015DC
EnterCriticalSection.KERNEL32 ref: 02901603
GetModuleHandleA.KERNEL32 ref: 02901610
LeaveCriticalSection.KERNEL32 ref: 0290166A
LeaveCriticalSection.KERNEL32 ref: 029016AA
LeaveCriticalSection.KERNEL32 ref: 029016CC

Strings

nvpowerapi.dll, xrefs: 02901609
nvpowerapi.dll, xrefs: 029015D5
nvpowerapi.dll, xrefs: 02901632

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: CriticalSection$Leave$HandleModule$AddressEnterInitializeProcSleep
String ID: nvpowerapi.dll$nvpowerapi.dll$nvpowerapi.dll
API String ID: 2241877140-3257083979
Opcode ID: 10e8eafe055d0c4fa789601c53f584e7bd3b104ce482734b5af79d0588cab8a5
Instruction ID: 9da6eb4f9b90876d33756650956c60bd2d8155624a966c23b156970f4f2088a6
Opcode Fuzzy Hash: 10e8eafe055d0c4fa789601c53f584e7bd3b104ce482734b5af79d0588cab8a5
Instruction Fuzzy Hash: 12311435604B84CAE704DF69EC8835A33B1F385B54F404626EA4E877A4DF3EC895CB41

Uniqueness

Uniqueness Score: -1.00%

Function 001C4CC4 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 127libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetProcAddress.KERNEL32(?,?,?,001C4F0B,?,?,00000000,001C4CB4,?,?,?,?,001C49CD), ref: 001C4E1E

Strings

ext-ms-, xrefs: 001C4D9D
api-ms-, xrefs: 001C4D89

Memory Dump Source

Source File: 00000000.00000002.368460727.00000000001C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000000.00000002.368456644.00000000001C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.368470033.00000000001CD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.368475414.00000000001D1000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.368479501.00000000001D2000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1c0000_dp687checkversion_amd.jbxd

Similarity

API ID: AddressProc
String ID: api-ms-$ext-ms-
API String ID: 190572456-537541572
Opcode ID: 28046739eb48f761849722ebe00dd8e64e8efb5e3179ccf37f38bb3829bf9516
Instruction ID: f0a2bada5e01ad252fc1251391b88188f0769493b9c295df5c30e5130922778a
Opcode Fuzzy Hash: 28046739eb48f761849722ebe00dd8e64e8efb5e3179ccf37f38bb3829bf9516
Instruction Fuzzy Hash: A441D671319A4093FB15EF56A854FE56391BB68BE0F0A4539DE1A8B754EF3CC4458340

Uniqueness

Uniqueness Score: -1.00%

Function 02942D10 Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 91
COMMON

Download Yara Rule

C-Code - Quality: 55%

			E02942D10(signed int __ecx, void* __esp, long long __rbx, void* __rdx, void* __r8, long long _a8) {
				signed int _v24;
				signed char _v192;
				char _v204;
				long long _v212;
				intOrPtr _v216;
				signed int _v232;
				long long _v240;
				signed char _v256;
				intOrPtr _v260;
				long long _v268;
				char _v272;
				signed char _v280;
				long long _v284;
				char _v288;
				char _v296;
				long long _v312;
				signed int _t34;
				signed int _t35;
				signed char _t41;
				int _t46;
				signed long long _t64;
				long long _t68;
				signed int _t71;
				intOrPtr _t74;
				char* _t77;
				intOrPtr* _t80;
				void* _t85;
				signed long long _t86;
				void* _t89;

				_t88 = __r8;
				_t66 = __rbx;
				_t52 = __ecx;
				_a8 = __rbx;
				_t86 = _t85 - 0x150;
				_t64 =  *0x29a61e8; // 0xc99624406909
				_t65 = _t64 ^ _t86;
				_v24 = _t64 ^ _t86;
				_t34 =  *0x29a6001 & 0x000000ff;
				if(_t34 != 0) {
					__eflags = _t34 - 1;
					if(_t34 != 1) {
						goto L9;
					} else {
						_t52 = 0;
						_v288 = 0xc;
						_v284 = _t68;
						asm("xorps xmm0, xmm0");
						_v268 = _t68;
						_v240 = _t68;
						_v232 = 0;
						_t71 =  *0x29a7ff0; // 0x0
						_v272 = 0x2c;
						_v260 = 2;
						asm("movdqu [esp+0x58], xmm0");
						__eflags = _t71;
						if(_t71 == 0) {
							goto L9;
						} else {
							_t82 =  &_v288;
							__eflags = E0293CAD0(_t65, __rbx, _t71,  &_v288);
							if(__eflags == 0) {
								E02943770(__eflags, _t65, "ctlGetPowerOptimizationCaps(PSR) returned success\n",  &_v288, __r8, _t89);
								__eflags = 0x00000002 & _v280;
								if(__eflags == 0) {
									goto L9;
								} else {
									E02943770(__eflags, _t65, "GetPowerOptimizationCaps.SupportedFeature = CTL_POWER_OPTIMIZATION_FLAG_PSR \n",  &_v288, _t88, _t89);
									_t41 = _v280;
									__eflags = 0x00000002 & _t41;
									if((0x00000002 & _t41) == 0) {
										goto L9;
									} else {
										_t74 =  *0x29a7ff0; // 0x0
										_t82 =  &_v272;
										__eflags = E0293CB30(_t65, _t66, _t74,  &_v272);
										if(__eflags == 0) {
											E02943770(__eflags, _t65, "ctlGetPowerOptimizationSetting returned success(PSR)\n",  &_v272, _t88, _t89);
											E02943770(__eflags, _t65, "GetPowerSettings.Enable = %d\n",  &_v272, _t88, _t89);
											_t35 = _v256 & 0x000000ff;
										} else {
											_t77 = "ctlGetPowerOptimizationSetting(PSR) returned failure code: 0x%X\n";
											goto L8;
										}
									}
								}
							} else {
								_t77 = "ctlGetPowerOptimizationCaps returned failure code: 0x%X\n";
								L8:
								E02943770(__eflags, _t65, _t77, _t82, _t88, _t89);
								goto L9;
							}
						}
					}
				} else {
					if( *0x29a6000 > 1) {
						L9:
						_t35 = 0;
						__eflags = 0;
					} else {
						_t46 = GetSystemPowerStatus();
						r8d = 0xa8;
						_t51 =  !=  ? 1 : 2;
						E02947430(_t46, __ecx, 0, 1, __esp,  &_v204, __rdx, __r8);
						_t80 =  *0x29a7f90; // 0x0
						_v216 =  !=  ? 1 : 2;
						_v212 = 3;
						r8d = 0xb4;
						_v312 =  &_v296;
						 *((intOrPtr*)( *_t80 + 0x158))();
						if((_v192 & 0x00000020) == 0) {
							goto L9;
						} else {
							_t35 = 1;
						}
					}
				}
				return L029438C0(_t35, _t52, _t65, _v24 ^ _t86);
			}

0x02942d10
0x02942d10
0x02942d10
0x02942d10
0x02942d16
0x02942d1d
0x02942d24
0x02942d27
0x02942d2f
0x02942d38
0x02942dce
0x02942dd0
0x00000000
0x02942dd2
0x02942dd2
0x02942dd4
0x02942ddc
0x02942de1
0x02942de4
0x02942dee
0x02942df3
0x02942df7
0x02942dfe
0x02942e06
0x02942e0a
0x02942e10
0x02942e13
0x00000000
0x02942e15
0x02942e15
0x02942e1f
0x02942e21
0x02942e5b
0x02942e64
0x02942e66
0x00000000
0x02942e68
0x02942e6f
0x02942e74
0x02942e78
0x02942e7a
0x00000000
0x02942e7c
0x02942e7c
0x02942e83
0x02942e8d
0x02942e8f
0x02942ea3
0x02942eb4
0x02942eb9
0x02942e91
0x02942e93
0x00000000
0x02942e93
0x02942e8f
0x02942e7a
0x02942e23
0x02942e25
0x02942e2c
0x02942e2c
0x00000000
0x02942e2c
0x02942e21
0x02942e13
0x02942d3e
0x02942d4a
0x02942e31
0x02942e31
0x02942e31
0x02942d50
0x02942d55
0x02942d6d
0x02942d73
0x02942d78
0x02942d7d
0x02942d89
0x02942d98
0x02942da4
0x02942daa
0x02942db9
0x02942dc8
0x00000000
0x02942dca
0x02942dca
0x02942dca
0x02942dc8
0x02942d4a
0x02942e53

APIs

GetSystemPowerStatus.KERNEL32 ref: 02942D55

Strings

ctlGetPowerOptimizationCaps(PSR) returned success, xrefs: 02942E54
, xrefs: 02942DC0
ctlGetPowerOptimizationSetting(PSR) returned failure code: 0x%X, xrefs: 02942E93
ctlGetPowerOptimizationCaps returned failure code: 0x%X, xrefs: 02942E25
ctlGetPowerOptimizationSetting returned success(PSR), xrefs: 02942E9C
GetPowerOptimizationCaps.SupportedFeature = CTL_POWER_OPTIMIZATION_FLAG_PSR , xrefs: 02942E68
GetPowerSettings.Enable = %d, xrefs: 02942EAD
,, xrefs: 02942DFE

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: PowerStatusSystem
String ID: $,$GetPowerOptimizationCaps.SupportedFeature = CTL_POWER_OPTIMIZATION_FLAG_PSR $GetPowerSettings.Enable = %d$ctlGetPowerOptimizationCaps returned failure code: 0x%X$ctlGetPowerOptimizationCaps(PSR) returned success$ctlGetPowerOptimizationSetting returned success(PSR)$ctlGetPowerOptimizationSetting(PSR) returned failure code: 0x%X
API String ID: 2881466098-1340665191
Opcode ID: d2e1367abcc50f4b137de95b0ae6ff561015d0bf3c026aae26adebfeec586c3a
Instruction ID: 480705bdb00134bd4c8c002d222f2b3d1bb8a6321059b717c1e5a9287055a2b4
Opcode Fuzzy Hash: d2e1367abcc50f4b137de95b0ae6ff561015d0bf3c026aae26adebfeec586c3a
Instruction Fuzzy Hash: 66416172A0878085EB11CB65F854BABB7A5F7C4384F54402AEECA47668DF7DC585CF40

Uniqueness

Uniqueness Score: -1.00%

Function 02940F20 Relevance: 13.7, APIs: 2, Strings: 7, Instructions: 208
sleepCOMMON

Download Yara Rule

C-Code - Quality: 73%

			E02940F20(signed int __ecx, signed int __edx, void* __esp, long long __rbx, void* __rcx, void* __rdx, void* __r8, long long __r9) {
				signed int _t54;
				void* _t55;
				signed int _t60;
				signed int _t61;
				signed short _t67;
				signed int _t71;
				signed int _t74;
				signed char _t83;
				signed int _t89;
				void* _t104;
				signed int _t106;
				signed int _t108;
				signed char _t109;
				signed int _t110;
				signed long long _t121;
				void* _t128;
				intOrPtr _t129;
				intOrPtr* _t133;
				void* _t150;
				void* _t157;
				signed long long _t158;
				void* _t162;
				long long _t171;

				_t161 = __r9;
				_t160 = __r8;
				_t142 = __rdx;
				_t123 = __rbx;
				_t111 = __esp;
				_t85 = __ecx;
				 *((long long*)(_t157 + 0x10)) = __rbx;
				_push(_t150);
				_t155 = _t157 - 0x70;
				_t158 = _t157 - 0x170;
				_t121 =  *0x29a61e8; // 0xc99624406909
				_t122 = _t121 ^ _t158;
				 *(_t157 - 0x70 + 0x60) = _t121 ^ _t158;
				_t54 =  *0x29a6001 & 0x000000ff;
				r14d = r8d;
				 *((long long*)(_t158 + 0x38)) = __r9;
				r13d = __edx & 0x0000ffff;
				r15d = __ecx & 0x000000ff;
				if(_t54 != 0) {
					__eflags = _t54 - 1;
					if(_t54 != 1) {
						_t55 = 0xff;
						L32:
						return L029438C0(_t55, _t85, _t122,  *(_t155 + 0x60) ^ _t158);
					}
					_t128 = _t158 + 0x40;
					r8d = 0xb0;
					E02947430(_t54, __ecx, 0, _t104, __esp, _t128, __rdx, __r8);
					__eflags = r14d - 8;
					_t106 =  >  ? 8 : r14d;
					asm("cdq");
					_t83 = 0;
					_t60 = r14d / _t106;
					r14d = _t60;
					__eflags = _t60;
					if(_t60 <= 0) {
						L8:
						_t55 = 1;
						goto L32;
					}
					r12d = _t150 + 2;
					_t61 = r13w & 0xffffffff;
					_t109 = 0;
					r15d = _t128 + _t128;
					asm("o16 nop [eax+eax]");
					while(1) {
						 *((char*)(_t158 + 0x68)) = _t61 + _t109 >> 8;
						 *(_t158 + 0x40) = 0xb0;
						 *((intOrPtr*)(_t158 + 0x48)) = 2;
						 *(_t158 + 0x50) = r15d;
						 *(_t158 + 0x64) = r12d;
						_t85 = (_t83 & 0x000000ff) * (dil & 0xffffffff) + r13b;
						 *((intOrPtr*)(_t158 + 0x4c)) = 2;
						 *(_t158 + 0x69) = (_t83 & 0x000000ff) * (dil & 0xffffffff) + r13b;
						__eflags = _t106;
						if(_t106 > 0) {
							__eflags = _t109 +  *((intOrPtr*)(_t158 + 0x38));
							r8d = _t106;
							E02946FD0(_t85, _t106, _t109, _t111, _t158 + 0x6a, _t109 +  *((intOrPtr*)(_t158 + 0x38)), _t160);
						}
						_t129 =  *0x29a7ff0; // 0x0
						_t143 = _t158 + 0x40;
						__eflags = L0293BF10(_t122, _t123, _t129, _t158 + 0x40);
						if(__eflags != 0) {
							break;
						}
						_t67 =  *0x29a7ff8 & 0x0000ffff;
						__eflags = _t67;
						if(_t67 != 0) {
							_t85 = _t67 & 0x0000ffff;
							Sleep(??);
						}
						_t83 = _t83 + 1;
						_t61 = r13w & 0xffffffff;
						_t109 = _t109 + _t106;
						__eflags = _t83 - r14d;
						if(_t83 < r14d) {
							continue;
						} else {
							_t55 = 1;
							goto L32;
						}
					}
					E02943770(__eflags, _t122, "ctlAUXAccess for I2C write returned failure code: 0x%X\n", _t143, _t160, _t161);
					_t55 = 0;
					goto L32;
				}
				 *(_t158 + 0x30) = 0;
				_t110 = 0;
				_t108 =  >=  ? 8 : r8d;
				asm("cdq");
				_t71 = r8d / _t108;
				r12d = _t71;
				if(_t71 > 0) {
					_t89 = __ecx & 0x000000ff;
					r14d = 0;
					_t171 = __r9;
					_t72 = __rcx + __rcx;
					 *((intOrPtr*)(_t158 + 0x34)) = __rcx + __rcx;
					do {
						r8d = 0x82;
						E02947430(_t72, _t89, 0, _t108, _t111, _t158 + 0x52, _t142, _t160);
						_t74 =  *0x29a7f88; // 0x0
						 *(_t158 + 0x40) = _t74;
						 *((intOrPtr*)(_t158 + 0x48)) = _t150 + 2;
						 *((intOrPtr*)(_t158 + 0x4c)) =  *((intOrPtr*)(_t158 + 0x34));
						 *(_t158 + 0x50) = (r13w & 0xffffffff) + r14d >> 8;
						 *((intOrPtr*)(_t158 + 0x44)) = 0;
						_t85 = (sil & 0xffffffff) * (dil & 0xffffffff) + r13b;
						 *(_t158 + 0x51) = (sil & 0xffffffff) * (dil & 0xffffffff) + r13b;
						if(_t108 > 0) {
							r8d = _t108;
							E02946FD0(_t85, _t108, _t110, _t111, _t158 + 0x52, r14d + _t171, _t160);
						}
						_t133 =  *0x29a7f90; // 0x0
						 *((long long*)(_t158 + 0x20)) = _t158 + 0x30;
						_t162 = _t158 + 0x40;
						r8d = 0x94;
						_t142 = 0x2991ce8;
						_t122 =  *_t133;
						_t72 =  *((intOrPtr*)( *_t133 + 0x160))();
						r8d =  *(_t158 + 0x30);
						if(_t72 < 0 || r8d != 0) {
							__eflags = r8d - 0x43;
							if(r8d != 0x43) {
								__eflags = r8d - 0x44;
								if(r8d != 0x44) {
									__eflags = r8d - 0x45;
									if(r8d != 0x45) {
										__eflags = r8d - 0x46;
										if(r8d != 0x46) {
											__eflags = r8d - 0x47;
											if(r8d != 0x47) {
												E029422D0(_t122, _t155 - 0x10, "Write FAILED, Error code: 0x%x", _t160, _t162);
												E029423A0();
												_t55 = 0;
											} else {
												E029423A0();
												_t55 = 0;
											}
										} else {
											E029423A0();
											_t55 = 0;
										}
									} else {
										E029423A0();
										_t55 = 0;
									}
								} else {
									E029423A0();
									_t55 = 0;
								}
							} else {
								E029423A0();
								_t55 = 0;
							}
							goto L32;
						}
						_t89 = _t160 + 0x14;
						Sleep(??);
						_t110 = _t110 + 1;
						r14d = r14d + _t108;
					} while (_t110 < r12d);
				}
			}

0x02940f20
0x02940f20
0x02940f20
0x02940f20
0x02940f20
0x02940f20
0x02940f20
0x02940f27
0x02940f30
0x02940f35
0x02940f3c
0x02940f43
0x02940f46
0x02940f4a
0x02940f51
0x02940f54
0x02940f59
0x02940f5d
0x02940f63
0x02941118
0x0294111a
0x02941219
0x0294121e
0x02941244
0x02941244
0x02941122
0x02941127
0x0294112d
0x0294113a
0x0294113d
0x02941143
0x02941144
0x02941146
0x02941148
0x0294114b
0x0294114d
0x02941058
0x02941058
0x00000000
0x02941058
0x02941157
0x0294115b
0x0294115f
0x02941161
0x02941165
0x02941170
0x02941178
0x02941183
0x0294118b
0x02941193
0x02941198
0x0294119d
0x029411a0
0x029411a8
0x029411ac
0x029411ae
0x029411b8
0x029411bd
0x029411c0
0x029411c0
0x029411c5
0x029411cc
0x029411d6
0x029411d8
0x00000000
0x00000000
0x029411da
0x029411e1
0x029411e4
0x029411e6
0x029411e9
0x029411e9
0x029411ef
0x029411f1
0x029411f5
0x029411f7
0x029411fa
0x00000000
0x02941200
0x02941200
0x00000000
0x02941200
0x029411fa
0x02941210
0x02941215
0x00000000
0x02941215
0x02940f73
0x02940f7a
0x02940f7c
0x02940f82
0x02940f83
0x02940f85
0x02940f8a
0x02940f90
0x02940f93
0x02940f96
0x02940f99
0x02940f9c
0x02940fa0
0x02940fa7
0x02940fad
0x02940fb2
0x02940fb8
0x02940fbf
0x02940fc7
0x02940fd9
0x02940fe4
0x02940fe8
0x02940feb
0x02940ff1
0x02940ffe
0x02941001
0x02941001
0x02941006
0x02941012
0x02941017
0x0294101c
0x02941022
0x02941029
0x0294102c
0x02941032
0x02941039
0x02941062
0x02941066
0x0294107f
0x02941083
0x0294109c
0x029410a0
0x029410b9
0x029410bd
0x029410d6
0x029410da
0x029410fe
0x0294110c
0x02941111
0x029410dc
0x029410e7
0x029410ec
0x029410ec
0x029410bf
0x029410ca
0x029410cf
0x029410cf
0x029410a2
0x029410ad
0x029410b2
0x029410b2
0x02941085
0x02941090
0x02941095
0x02941095
0x02941068
0x02941073
0x02941078
0x02941078
0x00000000
0x02941066
0x02941040
0x02941044
0x0294104a
0x0294104c
0x0294104f
0x02940fa0

APIs

Sleep.KERNEL32 ref: 02941044
Sleep.KERNEL32 ref: 029411E9

Strings

ctlAUXAccess for I2C write returned failure code: 0x%X, xrefs: 02941209
Write FAILED, Error code: 0x%x, xrefs: 029410F3
AUX timeout, xrefs: 029410E0
Invalid AUX address, xrefs: 02941089
AUX defer, xrefs: 029410C3
Invalid AUX device, xrefs: 0294106C
Invalid AUX data size, xrefs: 029410A6

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: Sleep
String ID: AUX defer$AUX timeout$Invalid AUX address$Invalid AUX data size$Invalid AUX device$Write FAILED, Error code: 0x%x$ctlAUXAccess for I2C write returned failure code: 0x%X
API String ID: 3472027048-1937117783
Opcode ID: d0783d7fc21835d8fe0e2dd813c3d5aa71f2e1f7d4e7c39c985fd37e20505781
Instruction ID: 0a72d32b28e0978a24d5dc34c0b43f0ccb5b10b92b522a285db9f5e833e3fc14
Opcode Fuzzy Hash: d0783d7fc21835d8fe0e2dd813c3d5aa71f2e1f7d4e7c39c985fd37e20505781
Instruction Fuzzy Hash: A471E13271425197DB20DB29E880BAAB7A1F7C5784F400426EE8EC7664EF3DD589CF10

Uniqueness

Uniqueness Score: -1.00%

Function 02942B60 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 87
COMMON

Download Yara Rule

C-Code - Quality: 57%

			E02942B60(signed int __ecx, void* __esp, long long __rbx, void* __rdx, void* __r8, long long _a8) {
				signed int _v24;
				signed char _v192;
				char _v204;
				long long _v212;
				intOrPtr _v216;
				signed int _v232;
				long long _v240;
				void* _v245;
				signed char _v256;
				intOrPtr _v260;
				long long _v268;
				char _v272;
				signed int _v280;
				long long _v284;
				char _v288;
				char _v296;
				long long _v312;
				signed int _t32;
				signed int _t33;
				int _t41;
				signed long long _t59;
				long long _t63;
				signed int _t66;
				signed int _t67;
				char* _t71;
				intOrPtr* _t74;
				void* _t79;
				signed long long _t80;
				void* _t83;

				_t82 = __r8;
				_t61 = __rbx;
				_t46 = __ecx;
				_a8 = __rbx;
				_t80 = _t79 - 0x150;
				_t59 =  *0x29a61e8; // 0xc99624406909
				_t60 = _t59 ^ _t80;
				_v24 = _t59 ^ _t80;
				_t32 =  *0x29a6001 & 0x000000ff;
				if(_t32 != 0) {
					__eflags = _t32 - 1;
					if(_t32 != 1) {
						goto L9;
					} else {
						_t46 = 0;
						_v288 = 0xc;
						_v268 = _t63;
						asm("xorps xmm0, xmm0");
						_v240 = _t63;
						_v232 = 0;
						_v284 = _t63;
						_t66 =  *0x29a7ff0; // 0x0
						_v272 = 0x2c;
						_v260 = 4;
						asm("movdqu [esp+0x58], xmm0");
						__eflags = _t66;
						if(_t66 == 0) {
							goto L9;
						} else {
							_t76 =  &_v288;
							__eflags = E0293CAD0(_t60, __rbx, _t66,  &_v288);
							if(__eflags == 0) {
								__eflags = _v280 & 0x00000004;
								if((_v280 & 0x00000004) == 0) {
									goto L9;
								} else {
									_t67 =  *0x29a7ff0; // 0x0
									__eflags = _t67;
									if(_t67 == 0) {
										goto L9;
									} else {
										_t76 =  &_v272;
										__eflags = E0293CB30(_t60, _t61, _t67,  &_v272);
										if(__eflags == 0) {
											E02943770(__eflags, _t60, "ctlGetPowerOptimizationSetting returned success(DPST)\n",  &_v272, __r8, _t83);
											E02943770(__eflags, _t60, "GetPowerSettings.Enable = %d\n",  &_v272, _t82, _t83);
											E02943770(__eflags, _t60, "GetPowerSettings.Level = %d\n", _t76, _t82, _t83);
											_t33 = _v256 & 0x000000ff;
										} else {
											_t71 = "ctlGetPowerOptimizationSetting returned failure code: 0x%X\n";
											goto L8;
										}
									}
								}
							} else {
								_t71 = "ctlGetPowerOptimizationCaps returned failure code: 0x%X\n";
								L8:
								E02943770(__eflags, _t60, _t71, _t76, _t82, _t83);
								goto L9;
							}
						}
					}
				} else {
					if( *0x29a6000 > 1) {
						L9:
						_t33 = 0;
						__eflags = 0;
					} else {
						_t41 = GetSystemPowerStatus();
						r8d = 0xa8;
						_t45 =  !=  ? 1 : 2;
						E02947430(_t41, __ecx, 0, 1, __esp,  &_v204, __rdx, __r8);
						_t74 =  *0x29a7f90; // 0x0
						_v216 =  !=  ? 1 : 2;
						_v212 = 3;
						r8d = 0xb4;
						_v312 =  &_v296;
						 *((intOrPtr*)( *_t74 + 0x158))();
						if((_v192 & 0x00000008) == 0) {
							goto L9;
						} else {
							_t33 = 1;
						}
					}
				}
				return L029438C0(_t33, _t46, _t60, _v24 ^ _t80);
			}

0x02942b60
0x02942b60
0x02942b60
0x02942b60
0x02942b66
0x02942b6d
0x02942b74
0x02942b77
0x02942b7f
0x02942b88
0x02942c1e
0x02942c20
0x00000000
0x02942c22
0x02942c22
0x02942c24
0x02942c2c
0x02942c31
0x02942c34
0x02942c39
0x02942c3d
0x02942c42
0x02942c49
0x02942c51
0x02942c59
0x02942c5f
0x02942c62
0x00000000
0x02942c64
0x02942c64
0x02942c6e
0x02942c70
0x02942ca3
0x02942ca8
0x00000000
0x02942caa
0x02942caa
0x02942cb1
0x02942cb4
0x00000000
0x02942cb6
0x02942cb6
0x02942cc0
0x02942cc2
0x02942cd6
0x02942ce7
0x02942cf8
0x02942cfd
0x02942cc4
0x02942cc6
0x00000000
0x02942cc6
0x02942cc2
0x02942cb4
0x02942c72
0x02942c74
0x02942c7b
0x02942c7b
0x00000000
0x02942c7b
0x02942c70
0x02942c62
0x02942b8e
0x02942b9a
0x02942c80
0x02942c80
0x02942c80
0x02942ba0
0x02942ba5
0x02942bbd
0x02942bc3
0x02942bc8
0x02942bcd
0x02942bd9
0x02942be8
0x02942bf4
0x02942bfa
0x02942c09
0x02942c18
0x00000000
0x02942c1a
0x02942c1a
0x02942c1a
0x02942c18
0x02942b9a
0x02942ca2

APIs

GetSystemPowerStatus.KERNEL32 ref: 02942BA5

Strings

,, xrefs: 02942C49
ctlGetPowerOptimizationCaps returned failure code: 0x%X, xrefs: 02942C74
ctlGetPowerOptimizationSetting returned success(DPST), xrefs: 02942CCF
GetPowerSettings.Level = %d, xrefs: 02942CF1
GetPowerSettings.Enable = %d, xrefs: 02942CE0
ctlGetPowerOptimizationSetting returned failure code: 0x%X, xrefs: 02942CC6

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: PowerStatusSystem
String ID: ,$GetPowerSettings.Enable = %d$GetPowerSettings.Level = %d$ctlGetPowerOptimizationCaps returned failure code: 0x%X$ctlGetPowerOptimizationSetting returned failure code: 0x%X$ctlGetPowerOptimizationSetting returned success(DPST)
API String ID: 2881466098-3540192170
Opcode ID: 94f14b370ee43048a4d2d39ba808fcc004d9c7015239431ebde0f45a999e924e
Instruction ID: d53bcacf6f0be82a2cf2a6cc4c3652fa5ffe16c8bbeade3be252b9d6281e031b
Opcode Fuzzy Hash: 94f14b370ee43048a4d2d39ba808fcc004d9c7015239431ebde0f45a999e924e
Instruction Fuzzy Hash: 63410972A087C181EB21CB65F8547AABBA5F7C4385F548056FACE46668DF3CC684CF40

Uniqueness

Uniqueness Score: -1.00%

Function 001C4690 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 82stringCOMMON

Download Yara Rule

APIs

__unDName.LIBVCRUNTIME ref: 001C46E5
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 001C4722
strcpy_s.API-MS-WIN-CRT-STRING-L1-1-0 ref: 001C4757
InterlockedPushEntrySList.KERNEL32 ref: 001C4774
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 001C4780
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 001C4789

Strings

, xrefs: 001C4708

Memory Dump Source

Source File: 00000000.00000002.368460727.00000000001C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000000.00000002.368456644.00000000001C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.368470033.00000000001CD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.368475414.00000000001D1000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.368479501.00000000001D2000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1c0000_dp687checkversion_amd.jbxd

Similarity

API ID: free$EntryInterlockedListNamePush__unmallocstrcpy_s
String ID:
API String ID: 3741236498-3916222277
Opcode ID: 0ab38cecf78bff6f6954968786a459b80e7fd719337a2e73ef23b46534179fa2
Instruction ID: 5af52bcfbc981117faa38058213d1ddc797dada446b5fc7d386f605d095f2335
Opcode Fuzzy Hash: 0ab38cecf78bff6f6954968786a459b80e7fd719337a2e73ef23b46534179fa2
Instruction Fuzzy Hash: BE31E336319B9086EB15CF25A818B9977A4FB19FE4F594639DE6E43754EF38C442C300

Uniqueness

Uniqueness Score: -1.00%

Function 001C2378 Relevance: 12.1, APIs: 8, Instructions: 148
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 40%

			E001C2378(intOrPtr __ebx, signed int __ecx, void* __esi, void* __esp, long long __rax, long long __rbx, void* __rcx, long long* __rdx, long long __rdi, long long __rsi, signed char* __r8, signed char* __r9, long long _a8, long long _a16, long long _a24) {
				intOrPtr _v40;
				void* _t36;
				intOrPtr _t37;
				intOrPtr _t45;
				signed int _t46;
				intOrPtr _t48;
				intOrPtr _t49;
				void* _t50;
				void* _t51;
				long long _t65;
				signed char* _t69;
				long long _t74;
				long long _t75;
				long long _t76;
				long long _t81;
				long long _t82;
				long long _t84;
				long long _t89;
				long long* _t92;
				void* _t101;
				signed char* _t102;

				_t89 = __rdi;
				_t65 = __rax;
				_t51 = __esp;
				_t50 = __esi;
				_t46 = __ecx;
				_t45 = __ebx;
				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				_t102 = __r9;
				_t69 = __r8;
				_t92 = __rdx;
				_t101 = __rcx;
				_t49 = 0;
				if( *((intOrPtr*)(__r8 + 4)) == 0) {
					_t84 = __rdi;
					r15d = 0;
				} else {
					_t36 = E001CC084(__rax);
					_t84 =  *((intOrPtr*)(__r8 + 4)) + _t65;
				}
				if(_t84 == 0) {
					L49:
					_t37 = 0;
				} else {
					if(r15d == 0) {
						_t74 = _t89;
					} else {
						_t36 = E001CC084(_t65);
						_t82 = _t65;
						_t65 = _t69[4];
						_t74 = _t82 + _t65;
					}
					if( *((intOrPtr*)(_t74 + 0x10)) == dil || _t69[8] == _t49 &&  *_t69 >= _t49) {
						goto L49;
					} else {
						if( *_t69 >= _t49) {
							_t65 = _t69[8] +  *_t92;
							_t92 = _t65;
						}
						if(( *_t69 & 0x00000080) == 0 || ( *_t102 & 0x00000010) == 0) {
							L19:
							if(( *_t69 & 0x00000008) == 0) {
								L24:
								if(( *_t102 & 0x00000001) == 0) {
									L32:
									if(_t102[0x18] == _t49) {
										_t75 = _t89;
										_t45 = _t49;
									} else {
										_t36 = E001CC098(_t65);
										_t75 = _t102[0x18] + _t65;
									}
									if(_t75 != 0) {
										L40:
										if( *((intOrPtr*)(_t101 + 0x28)) == _t89 || _t92 == 0) {
											L48:
											__imp__terminate();
											__imp__terminate();
											goto L49;
										} else {
											if(_t45 == 0) {
												_t76 = _t89;
											} else {
												E001CC098(_t65);
												_t76 = _t65 + _t102[0x18];
											}
											if(_t76 == 0) {
												goto L48;
											} else {
												asm("sbb ecx, ecx");
												_t48 =  ~_t46 + 1;
												_t49 = _t48;
												_v40 = _t48;
												goto L47;
											}
										}
									} else {
										_t78 =  *((intOrPtr*)(_t101 + 0x28));
										if( *((intOrPtr*)(_t101 + 0x28)) == 0 || _t92 == 0) {
											__imp__terminate();
											goto L40;
										} else {
											E001C2180(_t36, _t78,  &(_t102[8]));
											E001C1240(_t46, _t49, _t50, _t51, _t92, _t65, _t102[0x14]);
											goto L47;
										}
									}
								} else {
									_t87 =  *((intOrPtr*)(_t101 + 0x28));
									if( *((intOrPtr*)(_t101 + 0x28)) == 0 || _t92 == 0) {
										__imp__terminate();
										goto L32;
									} else {
										_t36 = E001C1240(_t46, _t49, _t50, _t51, _t92, _t87, _t102[0x14]);
										if(_t102[0x14] == 8 &&  *_t92 != _t89) {
											_t81 =  *_t92;
											goto L30;
										}
										goto L47;
									}
								}
							} else {
								_t81 =  *((intOrPtr*)(_t101 + 0x28));
								if(_t81 == 0 || _t92 == 0) {
									__imp__terminate();
									goto L24;
								} else {
									 *_t92 = _t81;
									goto L30;
								}
							}
						} else {
							_t65 =  *0x1d1220; // 0x0
							if(_t65 == 0) {
								goto L19;
							} else {
								_t36 =  *0x1cd190();
								if(_t65 == 0 || _t92 == 0) {
									__imp__terminate();
									goto L19;
								} else {
									 *_t92 = _t65;
									_t81 = _t65;
									L30:
									E001C2180(_t36, _t81,  &(_t102[8]));
									 *_t92 = _t65;
									L47:
									_t37 = _t49;
								}
							}
						}
					}
				}
				return _t37;
			}

0x001c2378
0x001c2378
0x001c2378
0x001c2378
0x001c2378
0x001c2378
0x001c2378
0x001c237d
0x001c2382
0x001c2391
0x001c2394
0x001c2397
0x001c239a
0x001c239d
0x001c23a3
0x001c23b4
0x001c23b7
0x001c23a5
0x001c23a9
0x001c23ae
0x001c23ae
0x001c23bd
0x001c253f
0x001c253f
0x001c23c3
0x001c23c6
0x001c23d9
0x001c23c8
0x001c23c8
0x001c23cd
0x001c23d0
0x001c23d4
0x001c23d4
0x001c23e0
0x00000000
0x001c23f3
0x001c23f5
0x001c23fb
0x001c23fe
0x001c23fe
0x001c2404
0x001c2436
0x001c2439
0x001c2454
0x001c2458
0x001c24a2
0x001c24a6
0x001c24b7
0x001c24ba
0x001c24a8
0x001c24ac
0x001c24b1
0x001c24b1
0x001c24bf
0x001c24f2
0x001c24f6
0x001c2531
0x001c2531
0x001c2538
0x00000000
0x001c24fd
0x001c24ff
0x001c2512
0x001c2501
0x001c2501
0x001c250d
0x001c250d
0x001c2518
0x00000000
0x001c251a
0x001c2521
0x001c2525
0x001c2527
0x001c2529
0x00000000
0x001c2529
0x001c2518
0x001c24c1
0x001c24c1
0x001c24c8
0x001c24ec
0x00000000
0x001c24cf
0x001c24d7
0x001c24e5
0x00000000
0x001c24e5
0x001c24c8
0x001c245a
0x001c245a
0x001c2461
0x001c249c
0x00000000
0x001c2468
0x001c246f
0x001c2479
0x001c2488
0x00000000
0x001c2488
0x00000000
0x001c2479
0x001c2461
0x001c243b
0x001c243b
0x001c2442
0x001c244e
0x00000000
0x001c2449
0x001c2449
0x00000000
0x001c2449
0x001c2442
0x001c240c
0x001c240c
0x001c2416
0x00000000
0x001c2418
0x001c2418
0x001c2421
0x001c2430
0x00000000
0x001c2428
0x001c2428
0x001c242b
0x001c248b
0x001c248f
0x001c2494
0x001c252d
0x001c252d
0x001c252d
0x001c2421
0x001c2416
0x001c2404
0x001c23e0
0x001c255a

APIs

terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 001C2430
terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 001C244E
__AdjustPointer.LIBCMT ref: 001C248F
terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 001C249C
__AdjustPointer.LIBCMT ref: 001C24D7
terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 001C24EC
terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 001C2531
terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 001C2538

Memory Dump Source

Source File: 00000000.00000002.368460727.00000000001C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000000.00000002.368456644.00000000001C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.368470033.00000000001CD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.368475414.00000000001D1000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.368479501.00000000001D2000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1c0000_dp687checkversion_amd.jbxd

Similarity

API ID: terminate$AdjustPointer
String ID:
API String ID: 1364991670-0
Opcode ID: 9169a32f2c73a49571e9184a56cfbdfada7bc206d54ce01189ba9b97926fdaa3
Instruction ID: bda06fe16779b10641b4066501e900e9f38cd98b934220de074822288880c82c
Opcode Fuzzy Hash: 9169a32f2c73a49571e9184a56cfbdfada7bc206d54ce01189ba9b97926fdaa3
Instruction Fuzzy Hash: AD518E72202B8087DE2EDF55E494F6A6364BB74F84F5A852DDE4A47B19DF38C842C341

Uniqueness

Uniqueness Score: -1.00%

Function 02940800 Relevance: 12.1, APIs: 1, Strings: 7, Instructions: 116
sleepCOMMON

Download Yara Rule

C-Code - Quality: 72%

			E02940800(signed int __ecx, signed int __edx, void* __esp, long long __rbx, void* __rdx, void* __r8, long long _a16) {
				signed int _v24;
				char _v136;
				signed int _v272;
				intOrPtr _v276;
				char _v295;
				signed int _v296;
				intOrPtr _v300;
				intOrPtr _v304;
				intOrPtr _v308;
				char _v312;
				char _v328;
				long long _v344;
				signed int _t33;
				intOrPtr _t34;
				intOrPtr _t42;
				void* _t45;
				signed int _t47;
				signed int _t59;
				signed long long _t65;
				intOrPtr _t72;
				intOrPtr* _t75;
				void* _t87;
				signed long long _t88;
				void* _t91;
				char* _t92;

				_t90 = __r8;
				_t48 = __ecx;
				_a16 = __rbx;
				_t88 = _t87 - 0x170;
				_t65 =  *0x29a61e8; // 0xc99624406909
				_t66 = _t65 ^ _t88;
				_v24 = _t65 ^ _t88;
				_t33 =  *0x29a6001 & 0x000000ff;
				_t47 = __edx & 0x000000ff;
				_t59 = __ecx & 0x000000ff;
				if(_t33 != 0) {
					__eflags = _t33 - 1;
					if(_t33 != 1) {
						_t34 = 0xff;
						L20:
						return L029438C0(_t34, _t48, _t66, _v24 ^ _t88);
					}
					r8d = 0xb0;
					E02947430(_t33, __ecx, 0, _t59, __esp,  &_v312, __rdx, __r8);
					_t72 =  *0x29a7ff0; // 0x0
					_v312 = 0xb0;
					_v296 = (dil & 0xffffffff) + (dil & 0xffffffff);
					_v304 = 2;
					_v276 = 1;
					_v300 = 2;
					_v272 = _t47;
					__eflags = L0293BF10(_t66, __rbx, _t72,  &_v312);
					if(__eflags == 0) {
						L4:
						_t34 = 1;
						goto L20;
					}
					E02943770(__eflags, _t66, "ctlAUXAccess for I2C write returned failure code: 0x%X\n",  &_v312, __r8, _t91);
					_t34 = 0;
					goto L20;
				}
				_v328 = 0;
				r8d = 0x83;
				E02947430(_t33, __ecx, 0, _t59, __esp,  &_v295, __rdx, __r8);
				_t42 =  *0x29a7f88; // 0x0
				_t92 =  &_v312;
				_t75 =  *0x29a7f90; // 0x0
				_v312 = _t42;
				r8d = 0x94;
				_v308 = 0;
				_v300 = (dil & 0xffffffff) + (dil & 0xffffffff);
				_t66 =  &_v328;
				_v304 = 1;
				_v296 = _t47;
				_v344 =  &_v328;
				_t45 =  *((intOrPtr*)( *_t75 + 0x160))();
				r8d = _v328;
				if(_t45 < 0 || r8d != 0) {
					__eflags = r8d - 0x43;
					if(r8d != 0x43) {
						__eflags = r8d - 0x44;
						if(r8d != 0x44) {
							__eflags = r8d - 0x45;
							if(r8d != 0x45) {
								__eflags = r8d - 0x46;
								if(r8d != 0x46) {
									__eflags = r8d - 0x47;
									if(r8d != 0x47) {
										E029422D0(_t66,  &_v136, "Write FAILED. Error code: 0x%x", _t90, _t92);
										E029423A0();
										_t34 = 0;
									} else {
										E029423A0();
										_t34 = 0;
									}
								} else {
									E029423A0();
									_t34 = 0;
								}
							} else {
								E029423A0();
								_t34 = 0;
							}
						} else {
							E029423A0();
							_t34 = 0;
						}
					} else {
						E029423A0();
						_t34 = 0;
					}
					goto L20;
				} else {
					_t15 = _t90 + 0x14; // 0x14
					_t48 = _t15;
					Sleep(??);
					goto L4;
				}
			}

0x02940800
0x02940800
0x02940800
0x02940806
0x0294080d
0x02940814
0x02940817
0x0294081f
0x02940826
0x02940829
0x0294082e
0x02940980
0x02940982
0x029409ef
0x029409f4
0x02940a14
0x02940a14
0x0294098b
0x02940991
0x02940996
0x029409a8
0x029409b0
0x029409b4
0x029409bc
0x029409c4
0x029409cc
0x029409d5
0x029409d7
0x029408bb
0x029408bb
0x00000000
0x029408bb
0x029409e6
0x029409eb
0x00000000
0x029409eb
0x02940836
0x0294083e
0x02940849
0x0294084e
0x02940854
0x02940859
0x02940867
0x0294086b
0x02940877
0x0294087f
0x02940883
0x02940888
0x02940890
0x02940897
0x0294089c
0x029408a3
0x029408aa
0x029408c5
0x029408c9
0x029408e2
0x029408e6
0x029408ff
0x02940903
0x0294091c
0x02940920
0x02940939
0x0294093d
0x02940965
0x02940977
0x0294097c
0x0294093f
0x0294094a
0x0294094f
0x0294094f
0x02940922
0x0294092d
0x02940932
0x02940932
0x02940905
0x02940910
0x02940915
0x02940915
0x029408e8
0x029408f3
0x029408f8
0x029408f8
0x029408cb
0x029408d6
0x029408db
0x029408db
0x00000000
0x029408b1
0x029408b1
0x029408b1
0x029408b5
0x00000000
0x029408b5

APIs

Sleep.KERNEL32 ref: 029408B5

Strings

Write FAILED. Error code: 0x%x, xrefs: 02940956
ctlAUXAccess for I2C write returned failure code: 0x%X, xrefs: 029409DF
AUX timeout, xrefs: 02940943
Invalid AUX address, xrefs: 029408EC
AUX defer, xrefs: 02940926
Invalid AUX device, xrefs: 029408CF
Invalid AUX data size, xrefs: 02940909

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: Sleep
String ID: AUX defer$AUX timeout$Invalid AUX address$Invalid AUX data size$Invalid AUX device$Write FAILED. Error code: 0x%x$ctlAUXAccess for I2C write returned failure code: 0x%X
API String ID: 3472027048-1721292448
Opcode ID: 3641aa59001378e3b2512e0d6d1cbe7d3e47ab8033109c7c5cc09505cbd06039
Instruction ID: 0be183ba405035135a0d9367276c2531256789901bcf9eb19e20d7036a5f7cd5
Opcode Fuzzy Hash: 3641aa59001378e3b2512e0d6d1cbe7d3e47ab8033109c7c5cc09505cbd06039
Instruction Fuzzy Hash: B841E432618641DAEB20DB24E850BAE73B1F3D5344F900526DB8983668EF7EC189CF81

Uniqueness

Uniqueness Score: -1.00%

Function 0298C234 Relevance: 10.8, APIs: 7, Instructions: 291
COMMON

Download Yara Rule

C-Code - Quality: 65%

			E0298C234(void* __ebx, signed int __ecx, void* __edx, intOrPtr* __rax, long long __rbx, signed int __rdx, long long __r9, signed int _a8, long long _a16, long long _a24, signed int _a32) {
				signed long long _v72;
				long long _v80;
				signed int _v88;
				signed long long _v96;
				void* _v104;
				signed long long _v120;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				signed int _t124;
				signed int _t125;
				signed char _t127;
				signed int _t140;
				signed int _t141;
				long _t142;
				signed int _t146;
				signed int _t147;
				intOrPtr _t149;
				signed int _t164;
				intOrPtr _t166;
				intOrPtr _t167;
				signed int _t171;
				signed int _t172;
				unsigned int _t177;
				signed int _t178;
				signed long long _t182;
				signed long long _t187;
				intOrPtr _t189;
				void* _t197;
				signed long long _t199;
				void* _t204;
				signed long long _t205;
				signed long long _t208;
				void* _t209;
				signed long long _t214;
				unsigned long long _t215;
				signed long long _t216;
				long long _t217;
				void* _t219;
				signed long long _t222;
				signed long long _t223;
				unsigned long long _t226;
				signed long long _t227;
				signed long long _t228;

				_t217 = __r9;
				_t196 = __rdx;
				_t181 = __rax;
				_t155 = __ebx;
				_a24 = __rbx;
				_a16 = __rdx;
				_t222 = __rdx;
				r13d = r8d;
				_t179 = r12d - 0xfffffffe;
				if(r12d != 0xfffffffe) {
					__eflags = __ecx;
					if(__eflags < 0) {
						L66:
						E02971518(__eflags, _t181);
						 *_t181 = 0;
						E02971538(__eflags, _t181);
						 *_t181 = 9;
						L67:
						_t124 = E02970D4C();
						goto L68;
					}
					__eflags = r12d -  *0x29ab4c0; // 0x40
					if(__eflags >= 0) {
						goto L66;
					}
					_t181 = __ecx;
					_t3 = _t208 + 1; // 0x1
					r9d = _t3;
					_v80 = __r9;
					_t214 = __ecx >> 6;
					_v88 = _t214;
					_t227 = __ecx + __ecx * 8;
					_t189 =  *((intOrPtr*)(0x29ab0c0 + _t214 * 8));
					_t127 =  *((intOrPtr*)(0x29ab0c0 + 0x38 + _t227 * 8));
					__eflags = r9b & _t127;
					if(__eflags == 0) {
						goto L66;
					}
					__eflags = r13d - 0x7fffffff;
					if(__eflags <= 0) {
						__eflags = r13d;
						if(r13d == 0) {
							L65:
							_t125 = 0;
							goto L69;
						}
						__eflags = _t127 & 0x00000002;
						if((_t127 & 0x00000002) != 0) {
							goto L65;
						}
						__eflags = __rdx;
						if(__eflags == 0) {
							goto L6;
						}
						r11d =  *((char*)(0x29ab0c0 + 0x39 + _t227 * 8));
						_t187 = _t208;
						_t182 =  *((intOrPtr*)(0x29ab0c0 + 0x28 + _t227 * 8));
						_v96 = _t182;
						_t171 = 4;
						_a8 = r11b;
						_t170 = r11d - r9d;
						__eflags = _t170;
						if(_t170 == 0) {
							__eflags = r9b &  !r13d;
							if(__eflags == 0) {
								L13:
								E02971518(__eflags, _t182);
								 *_t182 = 0;
								E02971538(__eflags, _t182);
								 *_t182 = 0x16;
								E02970D4C();
								L36:
								_t172 = _t171 | 0xffffffff;
								__eflags = _t172;
								L37:
								E02971650(_t182, _t187);
								_t125 = _t172;
								goto L69;
							}
							_t177 = r13d >> 1;
							__eflags = _t177 - 4;
							_t178 =  <  ? 4 : _t177;
							E02971690(_t182, _t189);
							_t187 = _t182;
							E02971650(_t182, _t189);
							E02971650(_t182, _t189);
							_t228 = _t187;
							__eflags = _t187;
							if(__eflags != 0) {
								_t170 = 0;
								__eflags = 0;
								_t29 = _t196 + 1; // 0x1
								r8d = _t29;
								L0298A9A4(__ebx, r12d, 0, _t182, _t187, __rdx, _t208);
								_t214 = _v88;
								_t197 = 0x29ab0c0;
								r11b = _a8;
								r9d = 1;
								 *( *((intOrPtr*)(0x29ab0c0 + _t214 * 8)) + 0x30 + _t227 * 8) = _t182;
								_t189 =  *((intOrPtr*)(0x29ab0c0 + _t214 * 8));
								L19:
								__eflags =  *(_t189 + 0x38 + _t227 * 8) & 0x00000048;
								_t171 = 0;
								_v72 = _t228;
								r10d = 0xa;
								if(( *(_t189 + 0x38 + _t227 * 8) & 0x00000048) != 0) {
									_t149 =  *((intOrPtr*)(_t189 + 0x3a + _t227 * 8));
									__eflags = _t149 - r10b;
									if(_t149 != r10b) {
										__eflags = _t178;
										if(_t178 != 0) {
											 *_t228 = _t149;
											_t178 = _t178 - 1;
											_t182 =  *((intOrPtr*)(_t197 + _t214 * 8));
											_t228 = _t228 + _t217;
											_t171 = r9d;
											 *((intOrPtr*)(_t182 + 0x3a + _t227 * 8)) = r10b;
											__eflags = r11b;
											if(r11b != 0) {
												_t182 =  *((intOrPtr*)(_t197 + _t214 * 8));
												_t166 =  *((intOrPtr*)(_t182 + 0x3b + _t227 * 8));
												__eflags = _t166 - r10b;
												if(_t166 != r10b) {
													__eflags = _t178;
													if(_t178 != 0) {
														 *_t228 = _t166;
														_t171 = _t222 - 8;
														_t182 =  *((intOrPtr*)(_t197 + _t214 * 8));
														_t228 = _t228 + _t217;
														_t178 = _t178 - 1;
														 *((intOrPtr*)(_t182 + 0x3b + _t227 * 8)) = r10b;
														__eflags = r11b - r9b;
														if(r11b == r9b) {
															_t182 =  *((intOrPtr*)(_t197 + _t214 * 8));
															_t167 =  *((intOrPtr*)(_t182 + 0x3c + _t227 * 8));
															__eflags = _t167 - r10b;
															if(_t167 != r10b) {
																__eflags = _t178;
																if(_t178 != 0) {
																	 *_t228 = _t167;
																	_t171 = _t222 - 7;
																	_t182 =  *((intOrPtr*)(_t197 + _t214 * 8));
																	_t228 = _t228 + _t217;
																	_t178 = _t178 - 1;
																	__eflags = _t178;
																	 *((intOrPtr*)(_t182 + 0x3c + _t227 * 8)) = r10b;
																}
															}
														}
													}
												}
											}
										}
									}
								}
								_t140 = L02983E4C(r12d, _t170, _t182);
								__eflags = _t140;
								if(_t140 == 0) {
									L39:
									_v80 = sil;
									L40:
									r8d = _t178;
									_v120 = _t208;
									_t141 = ReadFile(??, ??, ??, ??, ??);
									__eflags = _t141;
									if(_t141 == 0) {
										L61:
										_t142 = GetLastError();
										__eflags = _t142 - 5;
										if(__eflags != 0) {
											__eflags = _t142 - 0x6d;
											if(__eflags != 0) {
												L35:
												E029714C8(_t142, _t170, __eflags, _t182, _t187, _t208, _t214);
												goto L36;
											}
											_t172 = 0;
											goto L37;
										}
										E02971538(__eflags, _t182);
										 *_t182 = 9;
										E02971518(__eflags, _t182);
										 *_t182 = 5;
										goto L36;
									}
									__eflags = _a32 - r13d;
									if(_a32 > r13d) {
										goto L61;
									}
									_t172 = _t171 + _a32;
									__eflags = _t172;
									L43:
									_t199 = _v88;
									_t182 =  *((intOrPtr*)(0x29ab0c0 + _t199 * 8));
									__eflags =  *(_t182 + 0x38 + _t227 * 8) - sil;
									if( *(_t182 + 0x38 + _t227 * 8) >= sil) {
										goto L37;
									}
									__eflags = _a8 - 2;
									_t215 = _t172;
									if(_a8 == 2) {
										_t216 = _t215 >> 1;
										__eflags = _v80 - sil;
										if(_v80 == sil) {
											_t146 = L0298BC18(_t141, r12d, _v72, _t216);
											L46:
											_t172 = _t146;
											goto L37;
										}
										_t223 = _v72;
										_t182 = _t223;
										_t205 = _t223;
										_t219 = _t223 + _t216 * 2;
										__eflags = _t223 - _t219;
										if(_t223 >= _t219) {
											L59:
											_t172 = _t172 + _t172;
											goto L37;
										}
										while(1) {
											_t164 =  *_t182 & 0x0000ffff;
											__eflags = _t164 - 0x1a;
											if(_t164 == 0x1a) {
												break;
											}
											__eflags = _t164 - 0xd;
											if(_t164 != 0xd) {
												L55:
												r8d = 2;
												L56:
												_t182 = _t182 + _t216;
												 *_t205 = _t164;
												_t216 = _t205 + 2;
												_t205 = _t216;
												__eflags = _t182 - _t219;
												if(_t182 < _t219) {
													continue;
												}
												goto L59;
											}
											_t216 = _t182 + 2;
											__eflags = _t216 - _t219;
											if(_t216 >= _t219) {
												goto L55;
											}
											__eflags =  *_t216 - 0xa;
											if( *_t216 != 0xa) {
												goto L55;
											}
											_t164 = 0xa;
											r8d = 4;
											goto L56;
										}
										_t182 =  *((intOrPtr*)(0x29ab0c0 + _t199 * 8));
										_t113 = _t182 + 0x38 + _t227 * 8;
										 *_t113 =  *(_t182 + 0x38 + _t227 * 8) | 0x00000002;
										__eflags =  *_t113;
										goto L59;
									}
									_t182 = _t226 >> 1;
									__eflags = _t182;
									_v120 = _t182;
									_t146 = L0298BEEC(_t155, r12d, _t172, _t178, _t182, _t187, _t228, _t204, _t208, _t209, _t215, _a16);
									goto L46;
								}
								_t182 =  *((intOrPtr*)(0x29ab0c0 + _v88 * 8));
								__eflags =  *(_t182 + 0x38 + _t227 * 8) - sil;
								if( *(_t182 + 0x38 + _t227 * 8) >= sil) {
									goto L39;
								}
								_t147 = GetConsoleMode();
								__eflags = _t147;
								if(_t147 == 0) {
									goto L39;
								}
								__eflags = _a8 - 2;
								if(_a8 != 2) {
									goto L40;
								}
								r8d = _t178;
								_v120 = _t208;
								__eflags = ReadConsoleW(??, ??, ??, ??, ??);
								if(__eflags != 0) {
									_t141 = _a32;
									_t172 = _t204 + _t182 * 2;
									goto L43;
								} else {
									_t142 = GetLastError();
									goto L35;
								}
							} else {
								E02971538(__eflags, _t182);
								 *_t182 = 0xc;
								E02971518(__eflags, _t182);
								 *_t182 = 8;
								goto L36;
							}
						}
						__eflags = _t170 - r9d;
						if(_t170 != r9d) {
							L14:
							_t178 = r13d;
							_t197 = 0x29ab0c0;
							_t228 = _t222;
							goto L19;
						}
						__eflags = r9b &  !r13d;
						if(__eflags != 0) {
							goto L14;
						}
						goto L13;
					}
					L6:
					E02971518(__eflags, _t181);
					 *_t181 = 0;
					E02971538(__eflags, _t181);
					 *_t181 = 0x16;
					goto L67;
				} else {
					E02971518(_t179, __rax);
					 *__rax = 0;
					_t124 = E02971538(_t179, __rax);
					 *__rax = 9;
					L68:
					_t125 = _t124 | 0xffffffff;
					L69:
					return _t125;
				}
			}

0x0298c234
0x0298c234
0x0298c234
0x0298c234
0x0298c234
0x0298c239
0x0298c250
0x0298c253
0x0298c256
0x0298c25a
0x0298c277
0x0298c279
0x0298c658
0x0298c658
0x0298c65d
0x0298c65f
0x0298c664
0x0298c66a
0x0298c66a
0x00000000
0x0298c66a
0x0298c27f
0x0298c286
0x00000000
0x00000000
0x0298c28c
0x0298c28f
0x0298c28f
0x0298c296
0x0298c2a5
0x0298c2a9
0x0298c2ae
0x0298c2b2
0x0298c2b6
0x0298c2bb
0x0298c2be
0x00000000
0x00000000
0x0298c2c4
0x0298c2cb
0x0298c2e4
0x0298c2e7
0x0298c654
0x0298c654
0x00000000
0x0298c654
0x0298c2ed
0x0298c2ef
0x00000000
0x00000000
0x0298c2f5
0x0298c2f8
0x00000000
0x00000000
0x0298c2fa
0x0298c300
0x0298c303
0x0298c30b
0x0298c310
0x0298c315
0x0298c31d
0x0298c31d
0x0298c320
0x0298c364
0x0298c367
0x0298c331
0x0298c331
0x0298c336
0x0298c338
0x0298c33d
0x0298c343
0x0298c4e8
0x0298c4e8
0x0298c4e8
0x0298c4eb
0x0298c4ee
0x0298c4f3
0x00000000
0x0298c4f3
0x0298c36c
0x0298c36e
0x0298c370
0x0298c375
0x0298c37c
0x0298c37f
0x0298c386
0x0298c38b
0x0298c38e
0x0298c391
0x0298c3ae
0x0298c3ae
0x0298c3b3
0x0298c3b3
0x0298c3b7
0x0298c3bc
0x0298c3c1
0x0298c3c8
0x0298c3d0
0x0298c3da
0x0298c3df
0x0298c3e3
0x0298c3e3
0x0298c3e9
0x0298c3eb
0x0298c3f0
0x0298c3f6
0x0298c3f8
0x0298c3fd
0x0298c400
0x0298c402
0x0298c404
0x0298c406
0x0298c409
0x0298c40b
0x0298c40f
0x0298c412
0x0298c415
0x0298c41a
0x0298c41d
0x0298c41f
0x0298c423
0x0298c428
0x0298c42b
0x0298c42d
0x0298c42f
0x0298c431
0x0298c434
0x0298c438
0x0298c43c
0x0298c43f
0x0298c441
0x0298c446
0x0298c449
0x0298c44b
0x0298c44f
0x0298c454
0x0298c457
0x0298c459
0x0298c45b
0x0298c45d
0x0298c460
0x0298c464
0x0298c468
0x0298c46b
0x0298c46b
0x0298c46d
0x0298c46d
0x0298c45b
0x0298c457
0x0298c449
0x0298c42f
0x0298c42b
0x0298c41d
0x0298c404
0x0298c400
0x0298c475
0x0298c47a
0x0298c47c
0x0298c506
0x0298c506
0x0298c50b
0x0298c518
0x0298c51b
0x0298c523
0x0298c529
0x0298c52b
0x0298c61e
0x0298c61e
0x0298c624
0x0298c627
0x0298c644
0x0298c647
0x0298c4e1
0x0298c4e3
0x00000000
0x0298c4e3
0x0298c64d
0x00000000
0x0298c64d
0x0298c629
0x0298c62e
0x0298c634
0x0298c639
0x00000000
0x0298c639
0x0298c531
0x0298c539
0x00000000
0x00000000
0x0298c53f
0x0298c53f
0x0298c546
0x0298c546
0x0298c552
0x0298c556
0x0298c55b
0x00000000
0x00000000
0x0298c55d
0x0298c565
0x0298c568
0x0298c58f
0x0298c592
0x0298c597
0x0298c614
0x0298c588
0x0298c588
0x00000000
0x0298c588
0x0298c599
0x0298c59e
0x0298c5a1
0x0298c5a4
0x0298c5a8
0x0298c5ab
0x0298c5ff
0x0298c605
0x00000000
0x0298c605
0x0298c5b2
0x0298c5b2
0x0298c5b5
0x0298c5b9
0x00000000
0x00000000
0x0298c5bb
0x0298c5bf
0x0298c5db
0x0298c5db
0x0298c5e1
0x0298c5e1
0x0298c5e4
0x0298c5e7
0x0298c5eb
0x0298c5ee
0x0298c5f1
0x00000000
0x00000000
0x00000000
0x0298c5f3
0x0298c5c1
0x0298c5c5
0x0298c5c8
0x00000000
0x00000000
0x0298c5ca
0x0298c5ce
0x00000000
0x00000000
0x0298c5d0
0x0298c5d3
0x00000000
0x0298c5d3
0x0298c5f5
0x0298c5f9
0x0298c5f9
0x0298c5f9
0x00000000
0x0298c5f9
0x0298c575
0x0298c575
0x0298c57e
0x0298c583
0x00000000
0x0298c583
0x0298c48e
0x0298c492
0x0298c497
0x00000000
0x00000000
0x0298c4a3
0x0298c4a9
0x0298c4ab
0x00000000
0x00000000
0x0298c4ad
0x0298c4b5
0x00000000
0x00000000
0x0298c4c9
0x0298c4cc
0x0298c4d7
0x0298c4d9
0x0298c4fa
0x0298c501
0x00000000
0x0298c4db
0x0298c4db
0x00000000
0x0298c4db
0x0298c393
0x0298c393
0x0298c398
0x0298c39e
0x0298c3a3
0x00000000
0x0298c3a3
0x0298c391
0x0298c322
0x0298c325
0x0298c34d
0x0298c34d
0x0298c350
0x0298c357
0x00000000
0x0298c357
0x0298c32c
0x0298c32f
0x00000000
0x00000000
0x00000000
0x0298c32f
0x0298c2cd
0x0298c2cd
0x0298c2d2
0x0298c2d4
0x0298c2d9
0x00000000
0x0298c25c
0x0298c25c
0x0298c263
0x0298c265
0x0298c26a
0x0298c66f
0x0298c66f
0x0298c672
0x0298c689
0x0298c689

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0298C66A

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 24bd0d932be47d64361c78a770c98397fe3e5bf381a77b2f51eca0b054320bd9
Instruction ID: aa3d6af119cafa96d9b50e1a424ea88ff2556c22a775ea50c61183ca4ef37e91
Opcode Fuzzy Hash: 24bd0d932be47d64361c78a770c98397fe3e5bf381a77b2f51eca0b054320bd9
Instruction Fuzzy Hash: 9BB12372208B8592CB29AF25D44436E7BA6F782BD8F8D0213DE8E47750DF78C495CB61

Uniqueness

Uniqueness Score: -1.00%

Function 02941610 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 128
sleepCOMMON

Download Yara Rule

C-Code - Quality: 67%

			E02941610(signed int __ecx, signed int __edx, void* __edi, void* __esp, long long __rbx, void* __rdx, long long __rsi, long long __rbp, void* __r8, long long __r9, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				signed int _v56;
				char _v120;
				char _v232;
				signed int _v308;
				intOrPtr _v312;
				char _v326;
				signed int _v327;
				char _v328;
				signed int _v332;
				intOrPtr _v336;
				intOrPtr _v340;
				char _v344;
				long long _v360;
				signed int _t40;
				signed int _t41;
				void* _t42;
				intOrPtr _t44;
				signed int _t48;
				signed char _t49;
				void* _t55;
				signed int _t61;
				void* _t66;
				signed int _t68;
				void* _t70;
				intOrPtr _t71;
				void* _t77;
				signed long long _t82;
				signed long long _t83;
				long long _t84;
				intOrPtr _t89;
				void* _t108;
				void* _t115;

				_t112 = __r9;
				_t111 = __r8;
				_t84 = __rbx;
				_t72 = __esp;
				_t56 = __ecx;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t109 = _t108 - 0x160;
				_t82 =  *0x29a61e8; // 0xc99624406909
				_t83 = _t82 ^ _t108 - 0x00000160;
				_v56 = _t83;
				_v360 = __r9;
				r12d = __edx & 0x0000ffff;
				r14d = __ecx & 0x000000ff;
				_t68 =  >=  ? 8 : 1;
				_t6 = _t83 + 0x67; // 0x68
				r8d = _t6;
				_t70 =  <  ? 1 : 8;
				E02947430(1, __ecx, 0, __edi, __esp,  &_v344, __rdx, __r8);
				_t40 = r8d;
				_t66 = 0;
				asm("cdq");
				_t41 = _t40 / 8;
				_t61 = _t40 % 8;
				r15d = _t41;
				if(_t41 <= 0) {
					L9:
					_t42 = 1;
				} else {
					r14d = r14b & 0xffffffff;
					_t71 = _t70 + 1;
					r13d = r12w & 0xffffffff;
					_t55 = 0;
					do {
						_t44 =  *0x29a7ed4; // 0x0
						_v340 = _t44;
						_v328 = _t84 + _t115 >> 8;
						_v344 = 0x10028;
						_v336 = 2;
						_v332 = r14d;
						_v312 = _t71;
						_t56 = (dil & 0xffffffff) * (sil & 0xffffffff) + r12b;
						_v327 = (dil & 0xffffffff) * (sil & 0xffffffff) + r12b;
						if(_t68 > 0) {
							_t77 = _t55 + _v360;
							r8d = _t68;
							E02946FD0(_t56, _t66, _t68, _t72,  &_v326, _t55 + _v360, _t111);
						}
						_t89 =  *0x29a7ee8; // 0x0
						r8d = 0x68;
						_t48 = E02918570(_t61, _t77, _t83, _t89,  &_v344);
						if(_t48 == 0) {
							_t49 = _v308;
							__eflags = _t49;
							if(__eflags != 0) {
								__eflags = _t49 - 1;
								if(_t49 != 1) {
									__eflags = _t49 - 2;
									if(_t49 != 2) {
										r8d = _v308 & 0x000000ff;
										E029422D0(_t83,  &_v232, "IICWriteWord unknow error : %x\n", _t111, _t112);
										goto L12;
									} else {
										E029423A0();
										_t42 = 0;
									}
								} else {
									E029423A0();
									_t42 = 0;
								}
							} else {
								goto L8;
							}
						} else {
							if(_v308 != 0xff) {
								_t56 = _t48;
								L029018E0(_t48, _t61, __eflags, _t83,  &_v120);
								r8d =  *0x29a7ee4; // 0x0
								E029422D0(_t83,  &_v232, "NvAPI_Disp_DpAuxChannelControl(displayId: %x) read failed: %s\n", _t111,  &_v120);
								L12:
								E029423A0();
								_t42 = 0;
							} else {
								_t61 = 0x10;
								E029423A0();
								goto L8;
							}
						}
						goto L10;
						L8:
						_t56 = 0x14;
						Sleep(??);
						_t66 = _t66 + 1;
						_t55 = _t55 + _t68;
					} while (_t66 < r15d);
					goto L9;
				}
				L10:
				return L029438C0(_t42, _t56, _t83, _v56 ^ _t109);
			}

0x02941610
0x02941610
0x02941610
0x02941610
0x02941610
0x02941610
0x02941615
0x0294161a
0x02941628
0x0294162f
0x02941636
0x02941639
0x02941646
0x02941658
0x0294165c
0x02941660
0x02941663
0x02941663
0x02941667
0x02941671
0x02941676
0x02941678
0x0294167a
0x0294167b
0x0294167b
0x0294167d
0x02941682
0x02941755
0x02941755
0x02941688
0x02941688
0x0294168c
0x0294168e
0x02941692
0x029416a0
0x029416a0
0x029416a6
0x029416b1
0x029416c0
0x029416c8
0x029416d0
0x029416d5
0x029416d9
0x029416dc
0x029416e2
0x029416ec
0x029416f1
0x029416f4
0x029416f4
0x029416f9
0x02941705
0x0294170b
0x02941712
0x02941731
0x02941735
0x02941737
0x029417d3
0x029417d6
0x029417ee
0x029417f1
0x02941809
0x0294181e
0x00000000
0x029417f3
0x029417fd
0x02941802
0x02941802
0x029417d8
0x029417e2
0x029417e7
0x029417e7
0x00000000
0x00000000
0x00000000
0x02941714
0x0294171c
0x02941793
0x02941795
0x0294179a
0x029417b8
0x029417bd
0x029417ca
0x029417cf
0x0294171e
0x0294171e
0x0294172a
0x00000000
0x0294172a
0x0294171c
0x00000000
0x0294173d
0x0294173d
0x02941742
0x02941748
0x0294174a
0x0294174c
0x00000000
0x029416a0
0x0294175a
0x0294178a

APIs

Sleep.KERNEL32 ref: 02941742

Strings

IICWriteWord unknow error : %x, xrefs: 0294180F
NvAPI_Disp_DpAuxChannelControl(displayId: %x) read failed: %s, xrefs: 029417A9
Operation timed out, xrefs: 02941723
(, xrefs: 029416C0
Requested data not found, xrefs: 029417DB
Defer received, xrefs: 029417F6

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: Sleep
String ID: ($Defer received$IICWriteWord unknow error : %x$NvAPI_Disp_DpAuxChannelControl(displayId: %x) read failed: %s$Operation timed out$Requested data not found
API String ID: 3472027048-3915870373
Opcode ID: 32e163391cd41b5235137a371c698844609ffd48625001484de1a1055998f3eb
Instruction ID: 44fe1e2f288d0e579856e1815813ae4802c41a6f8678ba188ecbcf3475c6caf5
Opcode Fuzzy Hash: 32e163391cd41b5235137a371c698844609ffd48625001484de1a1055998f3eb
Instruction Fuzzy Hash: 7A51C53271468996D720DF25E844BAAB7A1F3C8748F804526EE8E87A54DF7DC985CB40

Uniqueness

Uniqueness Score: -1.00%

Function 0298B2E0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 94
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E0298B2E0(void* __ebx, void* __edx, void* __rax, long long __rbx, void* __rcx, void* __rdx, void* __rdi, long long __rsi, void* __r9, void* __r14, void* __r15) {
				void* _t16;
				void* _t17;
				intOrPtr _t19;
				long _t20;
				void* _t25;
				void* _t30;
				void* _t32;
				void* _t49;
				signed long long _t53;
				signed long long _t54;
				void* _t60;
				void* _t66;
				long long _t69;
				long long _t71;
				void* _t74;
				void* _t75;
				void* _t77;
				void* _t83;
				void* _t84;

				_t84 = __r14;
				_t83 = __r9;
				_t69 = __rsi;
				_t66 = __rdi;
				_t60 = __rdx;
				_t46 = __rax;
				_t29 = __edx;
				_t25 = __ebx;
				 *((long long*)(_t74 + 8)) = __rbx;
				 *((long long*)(_t74 + 0x10)) = _t71;
				 *((long long*)(_t74 + 0x18)) = __rsi;
				_push(__rdi);
				_push(__r14);
				_t75 = _t74 - 0x30;
				_t49 = __rcx;
				_t16 = E0298E244(3, __edx, __rax);
				if(_t16 == 1 || _t16 == 0 &&  *0x29ab990 == 1) {
					_t17 = E0298B238(_t29, _t49, _t77);
					goto L14;
				} else {
					r14d = 0x314;
					_t30 = r14d;
					_t53 = 0x29ab9a0;
					if(E0297C99C(_t46, 0x29ab9a0, _t60, L"Runtime Error!\n\nProgram: ") != 0) {
						L15:
						r9d = 0;
						 *((long long*)(_t75 + 0x20)) = _t69;
						r8d = 0;
						E02970D9C();
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_t19 =  *0x29ab990; // 0x0
						return _t19;
					} else {
						 *0x29abbda = 0;
						r8d = 0x104;
						_t20 = GetModuleFileNameW(??, ??, ??);
						_t32 = _t84 - 0x19;
						if(_t20 != 0) {
							L6:
							_t54 = _t53 | 0xffffffff;
							do {
								_t54 = _t54 + 1;
							} while ( *((intOrPtr*)(0x29ab9d2 + _t54 * 2)) != 0);
							_t47 = _t54 + 1;
							if(_t54 + 1 <= 0x3c) {
								L10:
								if(E02984FE0(_t30, _t47, 0x29ab9a0, _t84, L"\n\n") != 0) {
									goto L15;
								} else {
									_t80 = _t49;
									if(E02984FE0(_t30, _t47, 0x29ab9a0, _t84, _t49) != 0) {
										goto L15;
									} else {
										r8d = 0x12010;
										_t17 = E0298E4D4(_t25, 0, _t47, _t49, 0x29ab9a0, L"Microsoft Visual C++ Runtime Library", _t69, 0x29ab9a0, _t80, _t83);
										L14:
										return _t17;
									}
								}
							} else {
								_t47 = _t54 - 0x3b;
								r9d = 3;
								if(E0298513C(_t30, _t54 - 0x3b, _t49, 0x29ab9d2 + (_t54 - 0x3b) * 2, _t66 - _t47, L"...", _t83) != 0) {
									goto L15;
								} else {
									goto L10;
								}
							}
						} else {
							_t30 = _t32;
							_t53 = 0x29ab9d2;
							if(E0297C99C(_t46, 0x29ab9d2, 0x29ab9d2, L"<program name unknown>") != 0) {
								goto L15;
							} else {
								goto L6;
							}
						}
					}
				}
			}

0x0298b2e0
0x0298b2e0
0x0298b2e0
0x0298b2e0
0x0298b2e0
0x0298b2e0
0x0298b2e0
0x0298b2e0
0x0298b2e0
0x0298b2e5
0x0298b2ea
0x0298b2ef
0x0298b2f0
0x0298b2f4
0x0298b2f8
0x0298b300
0x0298b308
0x0298b40a
0x00000000
0x0298b321
0x0298b321
0x0298b32e
0x0298b338
0x0298b342
0x0298b428
0x0298b428
0x0298b42b
0x0298b430
0x0298b437
0x0298b43c
0x0298b43d
0x0298b43e
0x0298b43f
0x0298b440
0x0298b446
0x0298b348
0x0298b34f
0x0298b359
0x0298b361
0x0298b367
0x0298b36d
0x0298b388
0x0298b388
0x0298b38c
0x0298b38c
0x0298b38f
0x0298b396
0x0298b39e
0x0298b3c8
0x0298b3dc
0x00000000
0x0298b3de
0x0298b3de
0x0298b3ee
0x00000000
0x0298b3f0
0x0298b3f0
0x0298b400
0x0298b40f
0x0298b427
0x0298b427
0x0298b3ee
0x0298b3a0
0x0298b3a0
0x0298b3a4
0x0298b3c6
0x00000000
0x00000000
0x00000000
0x00000000
0x0298b3c6
0x0298b36f
0x0298b376
0x0298b378
0x0298b382
0x00000000
0x00000000
0x00000000
0x00000000
0x0298b382
0x0298b36d
0x0298b342

APIs

_set_error_mode.LIBCMT ref: 0298B300
GetModuleFileNameW.KERNEL32 ref: 0298B361

Strings

..., xrefs: 0298B3B8
Microsoft Visual C++ Runtime Library, xrefs: 0298B3F6
<program name unknown>, xrefs: 0298B36F
Runtime Error!Program: , xrefs: 0298B331

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: FileModuleName_set_error_mode
String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
API String ID: 3581924421-4022980321
Opcode ID: 790b18ab9e32d8f8dcd274203f3430a38cfb7e0dbef5c7d1261d76da7cf259aa
Instruction ID: 058b795e274822c3c3450caa687993bc28cad1fb3fe6b811494332e6ba3b8361
Opcode Fuzzy Hash: 790b18ab9e32d8f8dcd274203f3430a38cfb7e0dbef5c7d1261d76da7cf259aa
Instruction Fuzzy Hash: E131B32530075085EB24EB66E8243AE631AFB94BECF8C0526CE1997B65EF3CC146C741

Uniqueness

Uniqueness Score: -1.00%

Function 02940570 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 65
sleepCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E02940570(signed int __ecx, char __edx, void* __eflags) {
				signed int _v24;
				char _v88;
				char _v200;
				signed int _v276;
				intOrPtr _v280;
				char _v296;
				signed int _v300;
				intOrPtr _v304;
				intOrPtr _v308;
				char _v312;
				intOrPtr _t19;
				signed int _t21;
				signed long long _t22;
				signed long long _t39;
				intOrPtr _t41;
				signed long long _t56;
				void* _t57;
				void* _t58;

				_t30 = __ecx;
				_t39 =  *0x29a61e8; // 0xc99624406909
				_t40 = _t39 ^ _t56;
				_v24 = _t39 ^ _t56;
				_t19 =  *0x29a7ed4; // 0x0
				r8d = 0x68;
				_v308 = _t19;
				_t41 =  *0x29a7ee8; // 0x0
				_v296 = __edx;
				_v300 = __ecx & 0x000000ff;
				_v312 = 0x10028;
				_v304 = 2;
				_v280 = 0;
				_t21 = E02918570(__edx, __eflags, _t39 ^ _t56, _t41,  &_v312);
				if(_t21 == 0) {
					_t22 = _v276;
					__eflags = _t22;
					if(_t22 != 0) {
						__eflags = _t22 - 1;
						if(_t22 != 1) {
							__eflags = _t22 - 2;
							if(_t22 != 2) {
								r8d = _v276 & 0x000000ff;
								E029422D0(_t40,  &_v200, "IICWrite unknow error : %x\n", _t57, _t58);
								goto L11;
							} else {
							}
						} else {
						}
						goto L12;
					} else {
						goto L5;
					}
				} else {
					if(_v276 != 0xff) {
						_t30 = _t21;
						L029018E0(_t21, __edx, __eflags, _t40,  &_v88);
						r8d =  *0x29a7ee4; // 0x0
						E029422D0(_t40,  &_v200, "NvAPI_Disp_DpAuxChannelControl(displayId: %x) read failed: %s\n", _t57,  &_v88);
						L11:
						L12:
						E029423A0();
						__eflags = _v24 ^ _t56;
						return L029438C0(0, _t30, _t40, _v24 ^ _t56);
					} else {
						E029423A0();
						L5:
						Sleep();
						return L029438C0(1, 0x14, _t40, _v24 ^ _t56);
					}
				}
			}

0x02940570
0x02940577
0x0294057e
0x02940581
0x02940589
0x0294058f
0x02940595
0x0294059c
0x029405a3
0x029405ac
0x029405b0
0x029405b8
0x029405c0
0x029405c8
0x029405cf
0x02940622
0x02940626
0x02940628
0x02940652
0x02940655
0x02940660
0x02940663
0x0294066e
0x02940683
0x00000000
0x02940665
0x02940665
0x02940657
0x02940657
0x00000000
0x00000000
0x00000000
0x00000000
0x029405d1
0x029405d9
0x029405f6
0x029405f8
0x029405fd
0x0294061b
0x02940688
0x02940690
0x02940695
0x029406a4
0x029406b3
0x029405db
0x029405e7
0x0294062a
0x0294062f
0x02940651
0x02940651
0x029405d9

APIs

Sleep.KERNEL32 ref: 0294062F

Strings

NvAPI_Disp_DpAuxChannelControl(displayId: %x) read failed: %s, xrefs: 0294060C
(, xrefs: 029405B0
IICWrite unknow error : %x, xrefs: 02940674
Operation timed out, xrefs: 029405E0
Requested data not found, xrefs: 02940657
Defer received, xrefs: 02940665

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: Sleep
String ID: ($Defer received$IICWrite unknow error : %x$NvAPI_Disp_DpAuxChannelControl(displayId: %x) read failed: %s$Operation timed out$Requested data not found
API String ID: 3472027048-997979376
Opcode ID: 9773fd1c24b3140e9407e60be4741e8b798fb71a71047d020dd10ce4bde9b831
Instruction ID: 0f9a6f3376c16a0a56030c44dbfa9e55d38aa8bbf1fcd45dd0433da72afa9ca2
Opcode Fuzzy Hash: 9773fd1c24b3140e9407e60be4741e8b798fb71a71047d020dd10ce4bde9b831
Instruction Fuzzy Hash: 94318031A146819AEB74DB25E4547AE73A1F3C9348F800526EA8E86A58EF7DC944CF00

Uniqueness

Uniqueness Score: -1.00%

Function 029396F0 Relevance: 10.6, APIs: 7, Instructions: 63
COMMON

Download Yara Rule

C-Code - Quality: 44%

			E029396F0(intOrPtr __edx, void* __edi, void* __esi, void* __esp, void* __eflags, long long __rax, long long __rcx, void* __rdx, long long _a8, intOrPtr _a16, intOrPtr _a24) {
				long long _v16;
				char _v20;
				intOrPtr _v24;
				long long _v32;
				long long _v40;
				void* _t31;
				void* _t46;
				void* _t47;
				void* _t48;
				long long _t51;
				void* _t61;
				void* _t63;

				_t61 = __rdx;
				_t51 = __rax;
				_t48 = __esp;
				_t47 = __esi;
				_t46 = __edi;
				_a24 = r8d;
				_a16 = __edx;
				_a8 = __rcx;
				_v32 = 0;
				_v40 = 0;
				SetLastError(??);
				_t43 = _a16;
				_t31 = E0293A9D0(0, _a16, __rax, _a8);
				_v32 = _t51;
				if(_v32 != 0) {
					if(E0293A340(_t51, _v32, _t61) != 0) {
						L13:
						r8d = _a16;
						LoadLibraryExW(??, ??, ??);
						_v40 = _t51;
						_t31 = LocalFree(??);
						L14:
						return _t31;
					}
					_v20 = 0;
					if(_a24 == 0) {
						_v16 = 0;
					} else {
						_t51 =  &_v20;
						_v16 = _t51;
					}
					_v24 = E0293AB90(_t43, _t46, _t47, _t48, _t51, _v32, _v16, _t63);
					if(_v24 != 0 && _a24 != 0 && _v20 == 0) {
						SetLastError();
						_v24 = 0;
					}
					if(_v24 != 0 || E0293B7A0(GetLastError(), _t46, _t47, _t48, _v32) != 0) {
						goto L13;
					} else {
						LocalFree();
						return 0;
					}
				}
				SetLastError();
				goto L14;
			}

0x029396f0
0x029396f0
0x029396f0
0x029396f0
0x029396f0
0x029396f0
0x029396f5
0x029396f9
0x02939702
0x0293970b
0x02939716
0x0293971c
0x02939725
0x0293972a
0x02939735
0x02939753
0x029397e4
0x029397e4
0x029397f0
0x029397f6
0x02939800
0x02939806
0x00000000
0x02939806
0x02939759
0x02939766
0x02939774
0x02939768
0x02939768
0x0293976d
0x0293976d
0x0293978c
0x02939795
0x029397aa
0x029397b0
0x029397b0
0x029397bd
0x00000000
0x029397d5
0x029397da
0x00000000
0x029397e0
0x029397bd
0x0293973c
0x00000000

APIs

SetLastError.KERNEL32 ref: 02939716

Part of subcall function 0293A9D0: GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,029395AA), ref: 0293AA2F
Part of subcall function 0293A9D0: GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,029395AA), ref: 0293AA4A

SetLastError.KERNEL32 ref: 0293973C
SetLastError.KERNEL32 ref: 029397AA
GetLastError.KERNEL32 ref: 029397BF
LocalFree.KERNEL32 ref: 029397DA

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: ErrorLast$AddressProc$FreeLocal
String ID:
API String ID: 4059038558-0
Opcode ID: 08346c8c9f64eccc4ee49ed1d8037254e3a425b9d35cb3745c7c78dc864e1462
Instruction ID: 5d98c67b33fe5bbe6d3586687599a203fcb8e9476f774fc68496f15a1dbbcd13
Opcode Fuzzy Hash: 08346c8c9f64eccc4ee49ed1d8037254e3a425b9d35cb3745c7c78dc864e1462
Instruction Fuzzy Hash: 1131D936618A81C6E761DF15E44831AB7A5F7C87A8F00151AE68F46BA8DFBCC584CF00

Uniqueness

Uniqueness Score: -1.00%

Function 0298E710 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 0298E741
GetLastError.KERNEL32 ref: 0298E74D
CloseHandle.KERNEL32 ref: 0298E765
CreateFileW.KERNEL32 ref: 0298E790
WriteConsoleW.KERNEL32 ref: 0298E7AF

Strings

CONOUT$, xrefs: 0298E771

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: f09999d6ff7264605f3391656bdabb100c38e7faadb8a76ba01183c9fa9e955e
Instruction ID: f86c320870f9edd2e682590325a4e8b3f1c91da06c430325a603639bdaa5eef8
Opcode Fuzzy Hash: f09999d6ff7264605f3391656bdabb100c38e7faadb8a76ba01183c9fa9e955e
Instruction Fuzzy Hash: 54119E32310B908AE7208B56E859319B3A4F788FF4F444229EE5E877A4DF3CC494CB80

Uniqueness

Uniqueness Score: -1.00%

Function 0298E578 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 41fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 0298E59D
GetLastError.KERNEL32 ref: 0298E5A9
CloseHandle.KERNEL32 ref: 0298E5C1
CreateFileW.KERNEL32 ref: 0298E5EC
WriteConsoleW.KERNEL32 ref: 0298E60D

Strings

CONOUT$, xrefs: 0298E5CD

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: f41e81416a363902655814b97c8999044abba8eedfa27bcb486b71abcf7d1319
Instruction ID: be5f3232246fac1c34253ad5e23f0e558a2d9c402684cdb5ee3ad391bd9b1f09
Opcode Fuzzy Hash: f41e81416a363902655814b97c8999044abba8eedfa27bcb486b71abcf7d1319
Instruction Fuzzy Hash: DA118E32210B4586E7208F6AE81935DB364F388FF8F544209EA5E477A8DF3CC494CB04

Uniqueness

Uniqueness Score: -1.00%

Function 0293B5D0 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 96memorystringCOMMON

Download Yara Rule

APIs

lstrcmpA.KERNEL32 ref: 0293B643
GetLastError.KERNEL32 ref: 0293B6BE
LocalAlloc.KERNEL32 ref: 0293B6D6
GetLastError.KERNEL32 ref: 0293B6F2
GetLastError.KERNEL32 ref: 0293B774

Strings

1.2.840.113549.1.9.6, xrefs: 0293B638

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: ErrorLast$AllocLocallstrcmp
String ID: 1.2.840.113549.1.9.6
API String ID: 3358297420-2921522063
Opcode ID: 9eb3d8c7fb390a5d73073edbe7c5ab5452560bdad78ea0897b670986ad1ac377
Instruction ID: 3f275da9a8245c92acdc5bc6f241e737daf3dea0e29bbcfb97553f551cf728c2
Opcode Fuzzy Hash: 9eb3d8c7fb390a5d73073edbe7c5ab5452560bdad78ea0897b670986ad1ac377
Instruction Fuzzy Hash: FD51B576208B41CBDB108F19E49535AB7B0F3C9B88F60451AEB8997B68DB7DC845CF41

Uniqueness

Uniqueness Score: -1.00%

Function 02939570 Relevance: 9.1, APIs: 6, Instructions: 56
libraryCOMMON

Download Yara Rule

C-Code - Quality: 43%

			E02939570(signed int __edx, void* __edi, void* __esi, void* __esp, void* __eflags, long long __rax, long long __rcx, void* __rdx, long long _a8, signed int _a16, signed int _a24) {
				long long _v16;
				char _v20;
				intOrPtr _v24;
				long long _v32;
				long long _v40;
				void* _t29;
				void* _t41;
				void* _t42;
				void* _t43;
				long long _t46;
				void* _t56;

				_t46 = __rax;
				_t43 = __esp;
				_t42 = __esi;
				_t41 = __edi;
				_a24 = r8d;
				_a16 = __edx;
				_a8 = __rcx;
				_v32 = 0;
				_v40 = 0;
				SetLastError(??);
				_t38 = _a16;
				_t29 = E0293A9D0(0, _a16, __rax, _a8);
				_v32 = _t46;
				if(_v32 != 0) {
					_v20 = 0;
					if(_a24 == 0) {
						_v16 = 0;
					} else {
						_t46 =  &_v20;
						_v16 = _t46;
					}
					_v24 = E0293AB90(_t38, _t41, _t42, _t43, _t46, _v32, _v16, _t56);
					if(_v24 != 0 && _a24 != 0 && _v20 == 0) {
						SetLastError();
						_v24 = 0;
					}
					if(_v24 != 0 || E0293B7A0(GetLastError(), _t41, _t42, _t43, _v32) != 0) {
						r8d = _a16;
						r8d = r8d & 0xffffe0f7;
						LoadLibraryExW(??, ??, ??);
						_v40 = _t46;
					}
					_t29 = LocalFree();
				} else {
					SetLastError();
				}
				return _t29;
			}

0x02939570
0x02939570
0x02939570
0x02939570
0x02939570
0x02939575
0x02939579
0x02939582
0x0293958b
0x02939596
0x0293959c
0x029395a5
0x029395aa
0x029395b5
0x029395c7
0x029395d4
0x029395e2
0x029395d6
0x029395d6
0x029395db
0x029395db
0x029395fa
0x02939603
0x02939618
0x0293961e
0x0293961e
0x0293962b
0x02939643
0x02939648
0x02939656
0x0293965c
0x0293965c
0x02939666
0x029395b7
0x029395bc
0x029395bc
0x02939675

APIs

SetLastError.KERNEL32 ref: 02939596

Part of subcall function 0293A9D0: GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,029395AA), ref: 0293AA2F
Part of subcall function 0293A9D0: GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,029395AA), ref: 0293AA4A

SetLastError.KERNEL32 ref: 029395BC
SetLastError.KERNEL32 ref: 02939618
GetLastError.KERNEL32 ref: 0293962D
LoadLibraryExW.KERNEL32 ref: 02939656
LocalFree.KERNEL32 ref: 02939666

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: ErrorLast$AddressProc$FreeLibraryLoadLocal
String ID:
API String ID: 2285275253-0
Opcode ID: 978fe29aabd1f3a6a3677bc26152f1973a3ba0b5fd918b3f2a971c772629174c
Instruction ID: 682994eb8eefbeb97caf8785c3aba83408dfd8524248db3fa651275c602339ab
Opcode Fuzzy Hash: 978fe29aabd1f3a6a3677bc26152f1973a3ba0b5fd918b3f2a971c772629174c
Instruction Fuzzy Hash: 6021E932519B80C6E7619B16F48831AB7A5F3C87A8F04151AEACF42B68DFBCC594CF00

Uniqueness

Uniqueness Score: -1.00%

Function 029740E0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 180
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 79%

			E029740E0(signed long long __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __ebp, void* __esp, long long __rbx, signed long long __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, signed int __r8, void* __r9, void* __r12, void* __r13, void* __r14, void* __r15, void* _a8, void* _a16, void* _a24, void* _a32, intOrPtr _a40, long long _a48, signed char _a56, intOrPtr _a64) {
				char _v16;
				long long _v32;
				signed long long _v40;
				long long _v48;
				signed long long _v56;
				void* _v72;
				void* _v80;
				signed long long _v108;
				char _v112;
				long long _v120;
				char _v128;
				void* _t70;
				intOrPtr* _t71;
				signed long long _t76;
				intOrPtr _t77;
				signed long long _t93;
				signed int _t96;
				signed int _t106;
				signed int _t109;
				signed long long _t114;
				void* _t115;
				intOrPtr* _t119;
				signed long long _t123;
				signed long long _t126;
				char* _t128;
				char* _t129;
				signed long long _t133;
				intOrPtr* _t135;
				intOrPtr _t136;
				char* _t139;
				intOrPtr _t141;
				signed long long _t142;
				char* _t144;
				void* _t150;
				signed long long _t152;
				void* _t153;
				void* _t154;
				long long _t158;
				void* _t162;
				intOrPtr* _t164;
				void* _t165;
				void* _t170;
				signed long long _t172;
				void* _t174;
				void* _t177;
				void* _t178;
				void* _t179;
				void* _t180;

				_t181 = __r15;
				_t180 = __r14;
				_t179 = __r13;
				_t178 = __r12;
				_t174 = __r9;
				_t116 = __esp;
				_t115 = __ebp;
				_t113 = __esi;
				_t112 = __edi;
				_t93 = __ebx;
				_t119 = _t164;
				 *((long long*)(_t119 + 8)) = __rbx;
				 *((long long*)(_t119 + 0x10)) = __rbp;
				 *((long long*)(_t119 + 0x18)) = __rsi;
				 *((long long*)(_t119 + 0x20)) = __rdi;
				_push(__r15);
				_t165 = _t164 - 0x50;
				_t126 = r8d;
				r15b = r9b;
				_t162 = __rdx;
				_t152 = __rcx;
				_t69 =  >  ? __ebx : 0;
				_t70 = ( >  ? __ebx : 0) + 9;
				_t71 = _t119;
				_t118 = __rdx - _t119;
				if(__rdx > _t119) {
					_t141 = _a64;
					_t133 =  &_v40;
					L029599C0(_t71, _t126, _t133, _t141, __rsi);
					__eflags = _a56;
					_t158 = _a48;
					if(_a56 != 0) {
						__eflags =  *_t158 - 0x2d;
						_t150 = _t141 + __rcx;
						__eflags = __ebx;
						if(__ebx > 0) {
							_t172 = __r8 | 0xffffffff;
							__eflags = _t172;
							do {
								_t172 = _t172 + 1;
								__eflags =  *((char*)(_t150 + _t172));
							} while ( *((char*)(_t150 + _t172)) != 0);
							__eflags = _t172 + 1;
							_t16 = _t150 + 1; // 0x1
							_t133 = _t16;
							E02946FD0(__ecx, __edi, __esi, __esp, _t133, _t150, _t172 + 1);
						}
					}
					__eflags =  *_t158 - 0x2d;
					_t142 = _t152;
					if( *_t158 == 0x2d) {
						 *_t152 = 0x2d;
						_t142 = _t152 + 1;
					}
					__eflags = _t93;
					if(_t93 > 0) {
						 *_t142 =  *(_t142 + 1);
						_t142 = _t142 + 1;
						__eflags = _t142;
						_t133 =  *((intOrPtr*)(_v32 + 0xf8));
						_t119 =  *_t133;
						 *_t142 =  *_t119;
					}
					_t96 = _a56 & 0x000000ff;
					_t170 = "e+000";
					_t128 = _t126 + _t142 + (_t133 ^ 0x00000001);
					_t153 = _t152 - _t128;
					_t135 = _t128;
					__eflags = _t162 - 0xffffffff;
					_t144 =  ==  ? _t162 : _t153 + _t162;
					__eflags = E0296EAB8(_t119, _t135, _t144, _t170);
					if(__eflags != 0) {
						_v56 = _v56 & 0x00000000;
						r9d = 0;
						r8d = 0;
						E02970D9C();
						asm("int3");
						asm("int3");
						asm("int3");
						_t177 = _t165;
						 *((long long*)(_t177 + 8)) = _t128;
						 *((long long*)(_t177 + 0x10)) = _t158;
						_push(_t153);
						_t114 = _v40;
						_t136 =  *_t135;
						_t154 = _t170;
						 *((long long*)(_t177 - 0x18)) = _t119;
						 *((long long*)(_t177 - 0x10)) = _t119;
						_t129 = _t144;
						 *((long long*)(_t177 - 0x28)) = _v48;
						E02982590(_t114, _t114, _t115, _t116, __eflags, _t129, _t136, _t158, _t177 - 0x18, _t174, _t178, _t179, _t180, _t181);
						r8d = _v108;
						__eflags = _v112 - 0x2d;
						_t99 = 0 | _v112 == 0x0000002d;
						r8d = r8d + _t114;
						__eflags = _t154 - 0xffffffff;
						_t147 =  ==  ? _t154 : _t154 - _t136;
						_t76 = E029800DC(_v112 == 0x2d, _t114, _t112, _t114, _t116, _v48, _t129, _t136 + _t129,  ==  ? _t154 : _t154 - _t136,  &_v112);
						__eflags = _t76;
						if(__eflags == 0) {
							_v120 = _v32;
							r8d = _t114;
							_v128 = 0;
							_t76 = E0297435C(_t99, _t112, _t116, __eflags, _t129, _t129, _t154, _t158, _t162,  &_v112);
						} else {
							 *_t129 = 0;
						}
						return _t76;
					} else {
						_t139 = _t128 + 2;
						__eflags = r15b;
						if(r15b != 0) {
							 *_t128 = 0x45;
						}
						__eflags =  *((char*)( *((intOrPtr*)(_t158 + 8)))) - 0x30;
						if( *((char*)( *((intOrPtr*)(_t158 + 8)))) != 0x30) {
							r8d =  *(_t158 + 4);
							r8d = r8d - 1;
							__eflags = r8d;
							if(r8d < 0) {
								r8d =  ~r8d;
								 *((char*)(_t128 + 1)) = 0x2d;
							}
							__eflags = r8d - 0x64;
							if(r8d >= 0x64) {
								_t109 = (0x51eb851f * r8d >> 0x20 >> 5) + (0x51eb851f * r8d >> 0x20 >> 5 >> 0x1f);
								 *((intOrPtr*)(_t128 + 2)) =  *((intOrPtr*)(_t128 + 2)) + _t109;
								r8d = r8d + _t109 * 0xffffff9c;
								__eflags = r8d;
							}
							__eflags = r8d - 0xa;
							if(r8d >= 0xa) {
								_t106 = (0x66666667 * r8d >> 0x20 >> 2) + (0x66666667 * r8d >> 0x20 >> 2 >> 0x1f);
								 *((intOrPtr*)(_t128 + 3)) =  *((intOrPtr*)(_t128 + 3)) + _t106;
								r8d = r8d + _t106 * 0xfffffff6;
								__eflags = r8d;
							}
							_t39 = _t128 + 4;
							 *_t39 =  *(_t128 + 4) + r8b;
							__eflags =  *_t39;
						}
						__eflags = _a40 - 2;
						if(_a40 == 2) {
							__eflags =  *_t139 - 0x30;
							if( *_t139 == 0x30) {
								r8d = 3;
								E02946FD0(_t96, _t112, _t113, _t116, _t139, _t139 + 1, _t170);
							}
						}
						__eflags = _v16;
						if(_v16 != 0) {
							_t123 = _v40;
							_t45 = _t123 + 0x3a8;
							 *_t45 =  *(_t123 + 0x3a8) & 0xfffffffd;
							__eflags =  *_t45;
						}
						_t77 = 0;
						goto L2;
					}
				} else {
					E02971538(_t118, _t119);
					 *_t119 = 0x22;
					E02970D4C();
					_t77 = 0x22;
					L2:
					return _t77;
				}
			}

0x029740e0
0x029740e0
0x029740e0
0x029740e0
0x029740e0
0x029740e0
0x029740e0
0x029740e0
0x029740e0
0x029740e0
0x029740e0
0x029740e3
0x029740e7
0x029740eb
0x029740ef
0x029740f3
0x029740f5
0x029740fb
0x02974101
0x02974104
0x02974107
0x0297410a
0x0297410d
0x02974110
0x02974112
0x02974115
0x02974145
0x0297414d
0x02974152
0x02974157
0x0297415f
0x02974167
0x0297416b
0x02974171
0x02974174
0x02974176
0x02974178
0x02974178
0x0297417c
0x0297417c
0x0297417f
0x0297417f
0x02974186
0x02974189
0x02974189
0x0297418d
0x0297418d
0x02974176
0x02974192
0x02974195
0x02974198
0x0297419a
0x0297419d
0x0297419d
0x029741a1
0x029741a3
0x029741a8
0x029741aa
0x029741aa
0x029741b2
0x029741b9
0x029741be
0x029741be
0x029741c0
0x029741c8
0x029741d6
0x029741d9
0x029741dc
0x029741df
0x029741e7
0x029741f0
0x029741f2
0x0297429c
0x029742a2
0x029742a5
0x029742ac
0x029742b1
0x029742b2
0x029742b3
0x029742b4
0x029742b7
0x029742bb
0x029742bf
0x029742c4
0x029742ca
0x029742cd
0x029742d0
0x029742d8
0x029742dc
0x029742e6
0x029742ea
0x029742ef
0x029742fe
0x02974303
0x02974306
0x0297430c
0x02974310
0x02974317
0x0297431c
0x0297431e
0x02974332
0x02974337
0x0297433d
0x02974345
0x02974320
0x02974320
0x02974320
0x02974359
0x029741f8
0x029741f8
0x029741fc
0x029741ff
0x02974201
0x02974201
0x02974208
0x0297420b
0x0297420d
0x02974211
0x02974211
0x02974215
0x02974217
0x0297421a
0x0297421a
0x0297421e
0x02974222
0x02974234
0x02974236
0x0297423c
0x0297423c
0x0297423c
0x0297423f
0x02974243
0x02974255
0x02974257
0x0297425d
0x0297425d
0x0297425d
0x02974260
0x02974260
0x02974260
0x02974260
0x02974264
0x0297426c
0x0297426e
0x02974271
0x02974277
0x0297427d
0x0297427d
0x02974271
0x02974282
0x02974287
0x02974289
0x0297428e
0x0297428e
0x0297428e
0x0297428e
0x02974295
0x00000000
0x02974295
0x02974117
0x02974117
0x02974121
0x02974123
0x02974128
0x0297412a
0x02974144
0x02974144

APIs

_invalid_parameter_noinfo.LIBCMT ref: 02974123

Strings

-, xrefs: 029742FE
-, xrefs: 0297421A
gfff, xrefs: 02974245
e+000, xrefs: 029741C8

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: -$-$e+000$gfff
API String ID: 3215553584-1058778380
Opcode ID: c620b2b297c052650658886b454550a59268015018ae7c75136e501bea7e7564
Instruction ID: 0ddd8770a46f0abb40b4ffefb972ec402a1a8e49de10f25fc9a394e0b114378a
Opcode Fuzzy Hash: c620b2b297c052650658886b454550a59268015018ae7c75136e501bea7e7564
Instruction Fuzzy Hash: 9C6118627147C486DB248F39E94035DBBA6F395BE4F48A325DBA84BB99DB3DC054CB00

Uniqueness

Uniqueness Score: -1.00%

Function 02901200 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 68libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0290153B), ref: 0290122D
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0290153B), ref: 02901315
FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0290153B), ref: 02901333

Strings

nvapi_QueryInterface, xrefs: 02901221
nvapi_pepQueryInterface, xrefs: 02901309

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: AddressProc$FreeLibrary
String ID: nvapi_QueryInterface$nvapi_pepQueryInterface
API String ID: 1649943339-3399614524
Opcode ID: 84d1fde3d4e606a862f68229d0a6936bf19bd9c75a1dbed663b6660616e683ba
Instruction ID: 1e6ce7e3b44c03e8cc1140fd2d7e6531a58b16cc795c03371e0541917cb7aea8
Opcode Fuzzy Hash: 84d1fde3d4e606a862f68229d0a6936bf19bd9c75a1dbed663b6660616e683ba
Instruction Fuzzy Hash: 84410631905B04CAFB249F18F89C31973A4F7897A9F140619D69E876B4DF7CC198CB86

Uniqueness

Uniqueness Score: -1.00%

Function 029784E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 43%

			E029784E0(void* __eflags, void* __rax, long long __rbx, void* __rcx, void* __rdx, void* __rdi, long long __rsi, long long __rbp, void* __r8, long long _a8, long long _a16, long long _a24) {
				void* _t9;
				void* _t11;
				void* _t16;
				void* _t19;
				long long _t20;
				void* _t34;
				void* _t39;
				void* _t40;
				void* _t41;

				_t24 = __rcx;
				_t20 = __rbx;
				_t19 = __rax;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t40 = _t39 - 0x30;
				_t11 = r9d;
				_t34 = __rdx;
				E029775E8(0x19, __rbx, "MessageBoxW", __rdx, "\r", "MessageBoxW");
				if(_t19 == 0) {
					E0296EB34(_t16, _t19, _t20, _t24, "MessageBoxW", _t34, "\r", "MessageBoxW");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t20);
					_t41 = _t40 - 0x20;
					_t9 = E029775E8(0x1a, _t20, "RoInitialize", _t34, "\t", "RoInitialize");
					if(_t19 != 0) {
						_t41 = _t41 + 0x20;
						goto ( *0x29913c0);
					}
					return _t9;
				} else {
					r9d = _t11;
					return  *0x29913c0();
				}
			}

0x029784e0
0x029784e0
0x029784e0
0x029784e0
0x029784e5
0x029784ea
0x029784f0
0x029784f4
0x029784fa
0x0297851a
0x02978522
0x0297854b
0x02978550
0x02978551
0x02978552
0x02978553
0x02978554
0x02978556
0x02978576
0x0297857e
0x02978582
0x02978587
0x02978587
0x02978593
0x02978524
0x02978524
0x0297854a
0x0297854a

APIs

try_get_function.LIBVCRUNTIME ref: 0297851A
try_get_function.LIBVCRUNTIME ref: 02978576

Strings

MessageBoxW, xrefs: 029784FD, 0297850E
MessageBoxA, xrefs: 02978554
RoInitialize, xrefs: 0297855C, 0297856F

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: try_get_function
String ID: MessageBoxA$MessageBoxW$RoInitialize
API String ID: 2742660187-2080375181
Opcode ID: bbd3e0b16bf926b96cfbe01ee62097925a3dbe6de91324b15160193f4ec8d9b0
Instruction ID: 2e0e6569264aac2ceef65407a0ac5c858dc541e1ac0a6fe508d9c99a822e2b4a
Opcode Fuzzy Hash: bbd3e0b16bf926b96cfbe01ee62097925a3dbe6de91324b15160193f4ec8d9b0
Instruction Fuzzy Hash: BF01F525300B8492EB159B85F4483D66361FB89BE4FD8442ADF1C1BB54CF3CD586C700

Uniqueness

Uniqueness Score: -1.00%

Function 001C440F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45COMMON

Download Yara Rule

APIs

_CxxThrowException.LIBVCRUNTIME ref: 001C442C

Part of subcall function 001C47B0: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,001C2B51), ref: 001C4825
Part of subcall function 001C47B0: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,001C2B51), ref: 001C4857

_CxxThrowException.LIBVCRUNTIME ref: 001C444F
RtlPcToFileHeader.KERNEL32 ref: 001C447F
_CxxThrowException.LIBVCRUNTIME ref: 001C44C2
_CxxThrowException.LIBVCRUNTIME ref: 001C44E5
_CxxThrowException.LIBVCRUNTIME ref: 001C4508

Strings

Bad dynamic_cast!, xrefs: 001C4432
Access violation - no RTTI data!, xrefs: 001C440F

Memory Dump Source

Source File: 00000000.00000002.368460727.00000000001C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000000.00000002.368456644.00000000001C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.368470033.00000000001CD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.368475414.00000000001D1000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.368479501.00000000001D2000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1c0000_dp687checkversion_amd.jbxd

Similarity

API ID: Exception$Throw$FileHeader$Raise
String ID: Access violation - no RTTI data!$Bad dynamic_cast!
API String ID: 2819531018-3176238549
Opcode ID: 90cb39e335b400c16a10e85bcf0cced7481b2ddd4c165254aafbaafa962d782f
Instruction ID: 176bb6d03a6c8a760e1e98faacc8bdeadcd52f0c5062b3ac9e8db42388f34813
Opcode Fuzzy Hash: 90cb39e335b400c16a10e85bcf0cced7481b2ddd4c165254aafbaafa962d782f
Instruction Fuzzy Hash: 340181B2269A8593EF04DF14F461BA87361FBB0B94F846029E74E07B28EF78C549C700

Uniqueness

Uniqueness Score: -1.00%

Function 0296BAE8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 0296BB04
GetProcAddress.KERNEL32 ref: 0296BB1A
FreeLibrary.KERNEL32 ref: 0296BB37

Strings

mscoree.dll, xrefs: 0296BAFB
CorExitProcess, xrefs: 0296BB13

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 37df53c240a4786331925e83cb9e1827e5869b4cd0afca5ef579cde9e18cb9ad
Instruction ID: f092e8e539c34ad354d270443bea6c50343efb89ae5c5ae5da36ef6c110412ca
Opcode Fuzzy Hash: 37df53c240a4786331925e83cb9e1827e5869b4cd0afca5ef579cde9e18cb9ad
Instruction Fuzzy Hash: 44F030A1321A4681EF159B64F8AD3792364FF98BA9F44201E994F96678DF3CC0D9C710

Uniqueness

Uniqueness Score: -1.00%

Function 029882E0 Relevance: 7.7, APIs: 5, Instructions: 203
COMMON

Download Yara Rule

C-Code - Quality: 64%

			E029882E0(void* __ebx, signed int __ecx, void* __edx, void* __edi, void* __ebp, void* __esp, signed int* __rax, signed int __rbx, signed short* __rdx, signed short* __r8, void* __r9, void* __r10, void* __r11, long long _a32) {
				signed short _v72;
				intOrPtr _v84;
				unsigned int _v88;
				signed int _v96;
				intOrPtr _v100;
				long _v104;
				signed int _v120;
				void* __rsi;
				void* __rbp;
				signed int _t77;
				long _t80;
				signed int _t84;
				void* _t92;
				signed int _t93;
				intOrPtr _t94;
				signed int _t97;
				signed int _t98;
				signed int _t99;
				signed int _t101;
				void* _t106;
				void* _t107;
				signed int _t108;
				void* _t109;
				void* _t110;
				signed int* _t114;
				unsigned long long _t117;
				signed int* _t119;
				intOrPtr _t121;
				intOrPtr _t123;
				signed int _t124;
				intOrPtr _t127;
				intOrPtr _t128;
				intOrPtr _t133;
				intOrPtr _t135;
				signed short* _t139;
				long _t140;
				void* _t141;
				void* _t142;
				void* _t146;
				void* _t148;
				void* _t149;
				void* _t151;
				signed long long _t153;
				void* _t154;
				signed short* _t155;
				signed long long _t156;

				_t149 = __r11;
				_t148 = __r10;
				_t146 = __r9;
				_t145 = __r8;
				_t137 = __rdx;
				_t124 = __rbx;
				_t114 = __rax;
				_t110 = __esp;
				_t109 = __ebp;
				_t106 = __edi;
				_t105 = __edx;
				_t92 = __ebx;
				_a32 = __rbx;
				_t141 = _t142;
				r14d = r8d;
				_t139 = __rdx;
				if(r8d == 0) {
					L48:
					_t77 = 0;
					__eflags = 0;
					L49:
					return _t77;
				}
				_t112 = __rdx;
				if(__rdx != 0) {
					_t114 = __ecx;
					_t153 = __ecx >> 6;
					_t156 = __ecx + __ecx * 8;
					_t127 =  *((intOrPtr*)(0x29ab0c0 + _t153 * 8));
					sil =  *(0x29ab0c0 + 0x39 + _t156 * 8);
					__eflags = _t140 - 1 - 1;
					if(_t140 - 1 > 1) {
						L6:
						__eflags =  *(_t127 + 0x38 + _t156 * 8) & 0x00000020;
						if(( *(_t127 + 0x38 + _t156 * 8) & 0x00000020) != 0) {
							_t105 = 0;
							__eflags = 0;
							_t17 = _t137 + 2; // 0x2
							r8d = _t17;
							L0298A9A4(_t92, r12d, 0, _t114, _t124, _t137, _t140);
						}
						_t93 = 0;
						_v88 = _t124;
						_t80 = L02983E4C(r12d, _t105, _t114);
						__eflags = _t80;
						if(_t80 == 0) {
							L27:
							_t115 = 0x29ab0c0;
							_t128 =  *((intOrPtr*)(0x29ab0c0 + _t153 * 8));
							__eflags =  *((intOrPtr*)(_t128 + 0x38 + _t156 * 8)) - _t93;
							if( *((intOrPtr*)(_t128 + 0x38 + _t156 * 8)) >= _t93) {
								r8d = r14d;
								_v120 = _v120 & 0x029ab0c0;
								_v104 = 0x29ab0c0;
								_v96 = 0;
								_t80 = WriteFile(??, ??, ??, ??, ??);
								__eflags = _t80;
								if(_t80 == 0) {
									_t80 = GetLastError();
									_v104 = _t80;
								}
								_t93 = _v96;
								goto L37;
							}
							_t98 = sil;
							__eflags = sil;
							if(__eflags == 0) {
								r9d = r14d;
								_t145 = _t139;
								_t105 = r12d;
								_t80 = L02987E54(_t93, r12d, __eflags, 0x29ab0c0, _t124,  &_v104, _t137, _t141, _t139, _t148, _t149);
								goto L26;
							}
							_t99 = _t98 - 1;
							__eflags = _t99;
							if(__eflags == 0) {
								r9d = r14d;
								_t145 = _t139;
								_t105 = r12d;
								_t80 = E02988074(r12d, _t106, __eflags, 0x29ab0c0, _t124,  &_v104, _t137, _t141, _t139, _t148, _t149);
								goto L26;
							}
							__eflags = _t99 - 1;
							if(__eflags != 0) {
								goto L39;
							}
							r9d = r14d;
							_t145 = _t139;
							_t105 = r12d;
							_t80 = L02987F58(_t93, r12d, __eflags, 0x29ab0c0, _t124,  &_v104, _t137, _t141, _t139, _t148, _t149);
							goto L26;
						} else {
							_t121 =  *((intOrPtr*)(0x29ab0c0 + _t153 * 8));
							__eflags =  *(0x29ab0c0 + 0x38 + _t156 * 8);
							if( *(0x29ab0c0 + 0x38 + _t156 * 8) >= 0) {
								goto L27;
							}
							_t80 = L0297390C(_t110, _t121, _t124, _t127, _t137, _t140, _t141, _t146);
							_t133 =  *((intOrPtr*)(_t121 + 0x90));
							__eflags =  *((intOrPtr*)(_t133 + 0x138)) - _t124;
							if( *((intOrPtr*)(_t133 + 0x138)) != _t124) {
								L12:
								_t115 = 0x29ab0c0;
								_t137 =  &_v72;
								_t135 =  *((intOrPtr*)( *((intOrPtr*)(0x29ab0c0 + _t153 * 8)) + 0x28 + _t156 * 8));
								_t80 = GetConsoleMode(??, ??);
								__eflags = _t80;
								if(_t80 == 0) {
									goto L27;
								}
								__eflags = sil;
								if(__eflags == 0) {
									r9d = r14d;
									_t145 = _t139;
									_t105 = r12d;
									_t80 = L02987850(_t80, r12d, _t106, _t107, _t109, _t110, __eflags, _t124,  &_v104,  &_v72, _t139, _t148);
									L26:
									asm("movsd xmm0, [eax]");
									_t93 =  *(_t115 + 8);
									L38:
									asm("movsd [ebp-0x20], xmm0");
									L39:
									_t117 = _v88 >> 0x20;
									__eflags = _t80;
									if(_t80 != 0) {
										_t77 = _v84 - _t93;
										goto L49;
									}
									_t97 = _v88;
									__eflags = _t97;
									if(_t97 == 0) {
										_t119 =  *((intOrPtr*)(0x29ab0c0 + _t153 * 8));
										__eflags =  *(0x29ab0c0 + 0x38 + _t156 * 8) & 0x00000040;
										if(__eflags == 0) {
											L46:
											E02971538(__eflags, _t119);
											 *_t119 = 0x1c;
											_t84 = E02971518(__eflags, _t119);
											 *_t119 =  *_t119 & 0x00000000;
											L3:
											_t77 = _t84 | 0xffffffff;
											goto L49;
										}
										__eflags =  *_t139 - 0x1a;
										if(__eflags == 0) {
											goto L48;
										}
										goto L46;
									}
									__eflags = _t97 - 5;
									if(__eflags != 0) {
										_t84 = E029714C8(_t97, _t105, __eflags, _t117, _t124, _t140, _t145);
									} else {
										E02971538(__eflags, _t117);
										 *_t117 = 9;
										_t84 = E02971518(__eflags, _t117);
										 *_t117 = 5;
									}
									goto L3;
								}
								sil = sil - 1;
								__eflags = sil - 1;
								if(sil > 1) {
									goto L39;
								}
								_t108 = 0;
								_t151 = _t139 + _t154;
								_v104 = _t140;
								_t155 = _t139;
								__eflags = _t139 - _t151;
								if(__eflags >= 0) {
									L24:
									_t93 = _t108;
									L37:
									asm("movsd xmm0, [ebp-0x30]");
									goto L38;
								}
								_t94 = _v100;
								while(1) {
									_v72 =  *_t155 & 0x0000ffff;
									_t80 = L0298BA10( *_t155 & 0xffff, _t105, __eflags, _t124, _t135, _t137, _t140, _t141, _t146);
									_t101 = _v72 & 0x0000ffff;
									__eflags = _t80 - _t101;
									if(_t80 != _t101) {
										break;
									}
									_t94 = _t94 + 2;
									_v100 = _t94;
									__eflags = _t101 - 0xa;
									if(__eflags != 0) {
										L21:
										_t155 =  &(_t155[1]);
										__eflags = _t155 - _t151;
										if(__eflags >= 0) {
											goto L24;
										}
										continue;
									}
									_t80 = L0298BA10(0xd, _t105, __eflags, _t124, _t135, _t137, _t140, _t141, _t146);
									__eflags = _t80 - 0xd;
									if(_t80 != 0xd) {
										break;
									}
									_t94 = _t94 + 1;
									_v100 = _t94;
									_t108 = _t108 + 1;
									__eflags = _t108;
									goto L21;
								}
								_t80 = GetLastError();
								_v104 = _t80;
								goto L24;
							}
							_t123 =  *((intOrPtr*)(0x29ab0c0 + _t153 * 8));
							__eflags =  *(_t123 + 0x39 + _t156 * 8);
							if( *(_t123 + 0x39 + _t156 * 8) == 0) {
								goto L27;
							}
							goto L12;
						}
					}
					__eflags =  !r14d & 0x00000001;
					if(__eflags == 0) {
						goto L2;
					}
					goto L6;
				}
				L2:
				E02971518(_t112, _t114);
				 *_t114 =  *_t114 & 0x00000000;
				E02971538( *_t114, _t114);
				 *_t114 = 0x16;
				_t84 = E02970D4C();
				goto L3;
			}

0x029882e0
0x029882e0
0x029882e0
0x029882e0
0x029882e0
0x029882e0
0x029882e0
0x029882e0
0x029882e0
0x029882e0
0x029882e0
0x029882e0
0x029882e0
0x029882f0
0x029882f7
0x029882fa
0x02988303
0x029885a0
0x029885a0
0x029885a0
0x029885a2
0x029885b9
0x029885b9
0x02988309
0x0298830c
0x0298832e
0x0298833e
0x02988342
0x02988346
0x0298834a
0x02988352
0x02988354
0x0298835f
0x0298835f
0x02988365
0x02988367
0x02988367
0x0298836c
0x0298836c
0x02988370
0x02988370
0x02988375
0x0298837a
0x0298837e
0x02988383
0x02988385
0x0298848e
0x0298848e
0x02988495
0x02988499
0x0298849e
0x029884fa
0x029884fd
0x02988505
0x02988509
0x0298850c
0x02988512
0x02988514
0x02988516
0x0298851c
0x0298851c
0x0298851f
0x00000000
0x0298851f
0x029884a0
0x029884a4
0x029884a7
0x029884db
0x029884e2
0x029884e5
0x029884e8
0x00000000
0x029884e8
0x029884a9
0x029884a9
0x029884ac
0x029884c7
0x029884ce
0x029884d1
0x029884d4
0x00000000
0x029884d4
0x029884ae
0x029884b1
0x00000000
0x00000000
0x029884b3
0x029884ba
0x029884bd
0x029884c0
0x00000000
0x0298838b
0x02988392
0x02988396
0x0298839b
0x00000000
0x00000000
0x029883a1
0x029883a6
0x029883ad
0x029883b4
0x029883cc
0x029883cc
0x029883d7
0x029883db
0x029883e0
0x029883e6
0x029883e8
0x00000000
0x00000000
0x029883ee
0x029883f1
0x02988470
0x02988477
0x0298847a
0x0298847d
0x02988482
0x02988482
0x02988486
0x02988527
0x02988527
0x0298852c
0x02988530
0x02988534
0x02988536
0x0298859c
0x00000000
0x0298859c
0x02988538
0x0298853b
0x0298853d
0x02988570
0x02988574
0x0298857a
0x02988581
0x02988581
0x02988586
0x0298858c
0x02988591
0x02988326
0x02988326
0x00000000
0x02988326
0x0298857c
0x0298857f
0x00000000
0x00000000
0x00000000
0x0298857f
0x0298853f
0x02988542
0x0298855f
0x02988544
0x02988544
0x02988549
0x0298854f
0x02988554
0x02988554
0x00000000
0x02988542
0x029883f3
0x029883f6
0x029883fa
0x00000000
0x00000000
0x02988400
0x02988402
0x02988406
0x0298840a
0x0298840d
0x02988410
0x02988469
0x02988469
0x02988522
0x02988522
0x00000000
0x02988522
0x02988412
0x02988415
0x0298841c
0x02988420
0x02988425
0x02988429
0x0298842c
0x00000000
0x00000000
0x0298842e
0x02988431
0x02988434
0x02988438
0x02988455
0x02988455
0x02988459
0x0298845c
0x00000000
0x00000000
0x00000000
0x0298845e
0x0298843f
0x02988449
0x0298844c
0x00000000
0x00000000
0x0298844e
0x02988450
0x02988453
0x02988453
0x00000000
0x02988453
0x02988460
0x02988466
0x00000000
0x02988466
0x029883bd
0x029883c1
0x029883c6
0x00000000
0x00000000
0x00000000
0x029883c6
0x02988385
0x0298835b
0x0298835d
0x00000000
0x00000000
0x00000000
0x0298835d
0x0298830e
0x0298830e
0x02988313
0x02988316
0x0298831b
0x02988321
0x00000000

APIs

_invalid_parameter_noinfo.LIBCMT ref: 02988321
GetConsoleMode.KERNEL32(?,?,?,?,?,894C1024548948CC,?,?,?,029437BB,?,0298829F,?,?,?,02983AEE), ref: 029883E0
GetLastError.KERNEL32(?,?,?,?,?,894C1024548948CC,?,?,?,029437BB,?,0298829F,?,?,?,02983AEE), ref: 02988460

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
String ID:
API String ID: 2210144848-0
Opcode ID: d324fccc2a91bbe24feec08cfee79381bde55cff7f83f2035cb9ebb98457d6e9
Instruction ID: 45c06c5b07ebcb4fd4b9caebcbe81dd2d677e5ec70452e45344a6ab8efb8dd2e
Opcode Fuzzy Hash: d324fccc2a91bbe24feec08cfee79381bde55cff7f83f2035cb9ebb98457d6e9
Instruction Fuzzy Hash: EE71AD33710A189AEB14FF65D8907AD77A6FB84B98F884216DE0E67B54EB34C446C720

Uniqueness

Uniqueness Score: -1.00%

Function 0298EAA4 Relevance: 7.7, APIs: 5, Instructions: 158
COMMON

Download Yara Rule

C-Code - Quality: 18%

			E0298EAA4(signed int __ecx, void* __edx, long long __rbx, signed long long __rcx, void* __rdx, signed long long __r8, char _a8, long long _a16, unsigned int _a32, unsigned int _a36, signed short _a38) {
				void* _t29;
				signed short _t32;
				unsigned int _t36;
				signed int _t41;
				void* _t46;
				unsigned int _t47;
				void* _t51;
				signed int _t56;
				signed int _t60;
				signed long long _t67;
				signed int _t72;
				void* _t73;
				signed long long _t79;
				signed long long _t80;
				void* _t81;

				_t70 = __rcx;
				_t51 = __edx;
				_a16 = __rbx;
				r14d = 0;
				asm("movaps [esp+0x20], xmm6");
				_t79 = __r8;
				_t41 = __ecx & 0x0000001f;
				r15d = __ecx;
				_t2 = _t81 + 0x10; // 0x10
				r13d = _t2;
				if((__ecx & 0x00000008) == 0 || r12b >= 0) {
					__eflags = 0x00000004 & r15b;
					if(__eflags == 0) {
						L6:
						__eflags = sil & r15b;
						if(__eflags == 0) {
							L24:
							__eflags = r15b & 0x00000002;
							if(__eflags == 0) {
								goto L45;
							}
							asm("dec ecx");
							if(__eflags >= 0) {
								goto L45;
							}
							asm("movsd xmm0, [edx]");
							asm("xorps xmm6, xmm6");
							_t56 = r15d >> 0x00000004 & 0x00000001;
							__eflags = _t56;
							asm("ucomisd xmm0, xmm6");
							if(__eflags != 0 || __eflags != 0) {
								_t72 =  &_a8;
								_t32 = E0298F338(_t29, _t51, __eflags, _t72);
								_t46 = _a8 + 0xfffffa00;
								asm("movsd [esp+0x88], xmm0");
								__eflags = _t46 - 0xfffffbce;
								if(__eflags >= 0) {
									r8d = r14d;
									asm("comisd xmm6, xmm0");
									r8b = __eflags > 0;
									_a38 = _t32 & 0x0000000f | r13w;
									__eflags = _t46 - 0xfffffc03;
									if(_t46 >= 0xfffffc03) {
										L39:
										asm("movsd xmm0, [esp+0x88]");
										__eflags = r8d;
										if(r8d != 0) {
											asm("xorps xmm0, [0xdca5]");
										}
										L41:
										asm("movsd [ebp], xmm0");
										goto L42;
									}
									_t36 = _a32;
									__eflags = 0xfffffc03 - _t46;
									_t47 = _a36;
									do {
										__eflags = sil & _t36;
										if((sil & _t36) != 0) {
											__eflags = _t56;
											_t56 =  ==  ? 1 : _t56;
										}
										_t36 = _t36 >> 1;
										_a32 = _t36;
										__eflags = sil & _t47;
										if((sil & _t47) != 0) {
											asm("bts eax, 0x1f");
											_a32 = _t36;
										}
										_t47 = _t47 >> 1;
										_t72 = _t72 - _t73;
										__eflags = _t72;
									} while (_t72 != 0);
									_a36 = _t47;
									goto L39;
								}
								asm("mulsd xmm0, xmm6");
								_t56 = 1;
								goto L41;
							} else {
								_t56 = 1;
								L42:
								__eflags = _t56;
								if(_t56 != 0) {
									_t70 = _t80;
									E0298F218(_t41, _t80);
								}
								_t41 = _t41 & 0xfffffffd;
								__eflags = _t41;
								goto L45;
							}
						}
						asm("dec ecx");
						if(__eflags >= 0) {
							goto L24;
						}
						E0298F218(_t41, _t70);
						_t67 = _t79 & _t70;
						__eflags = _t67;
						if(__eflags == 0) {
							asm("movsd xmm0, [ebp]");
							asm("comisd xmm0, [0xddaa]");
							if(__eflags <= 0) {
								L20:
								asm("movsd xmm0, [0xddb6]");
								L21:
								asm("xorps xmm0, [0xdd9f]");
								L22:
								asm("movsd [ebp], xmm0");
								L23:
								_t41 = _t41 & 0xfffffffe;
								goto L45;
							}
							L19:
							asm("movsd xmm0, [0xddc0]");
							goto L22;
						}
						__eflags = _t67 - 0x2000;
						if(__eflags == 0) {
							asm("movsd xmm0, [ebp]");
							asm("comisd xmm0, [0xddc3]");
							if(__eflags <= 0) {
								goto L20;
							}
							asm("movsd xmm0, [0xdde9]");
							goto L22;
						}
						__eflags = _t67 - 0x4000;
						if(__eflags == 0) {
							asm("movsd xmm0, [ebp]");
							asm("comisd xmm0, [0xdddc]");
							if(__eflags > 0) {
								goto L19;
							}
							asm("movsd xmm0, [0xde02]");
							goto L21;
						}
						__eflags = _t67 - _t70;
						if(__eflags != 0) {
							goto L23;
						}
						asm("movsd xmm0, [ebp]");
						asm("comisd xmm0, [0xddf5]");
						asm("movsd xmm0, [0xde1d]");
						if(__eflags > 0) {
							goto L22;
						}
						goto L21;
					}
					asm("dec ecx");
					if(__eflags >= 0) {
						goto L6;
					}
					E0298F218(_t41, _t70);
					_t41 = _t41 & 0xfffffffb;
					goto L45;
				} else {
					E0298F218(_t41, __rcx);
					_t41 = _t41 & 0xfffffff7;
					L45:
					_t60 = r13b & r15b;
					if(_t60 != 0) {
						asm("dec ecx");
						if(_t60 < 0) {
							E0298F218(_t41, _t70);
							_t41 = _t41 & 0xffffffef;
						}
					}
					asm("movaps xmm6, [esp+0x20]");
					r14b = _t41 == 0;
					return r14d;
				}
			}

0x0298eaa4
0x0298eaa4
0x0298eaa4
0x0298eab8
0x0298eabb
0x0298eac2
0x0298eac5
0x0298eacb
0x0298eace
0x0298eace
0x0298ead5
0x0298eaf2
0x0298eaf5
0x0298eb0b
0x0298eb10
0x0298eb13
0x0298ebce
0x0298ebce
0x0298ebd2
0x00000000
0x00000000
0x0298ebd8
0x0298ebdd
0x00000000
0x00000000
0x0298ebe3
0x0298ebed
0x0298ebf0
0x0298ebf0
0x0298ebf2
0x0298ebf6
0x0298ec01
0x0298ec06
0x0298ec0f
0x0298ec15
0x0298ec1e
0x0298ec24
0x0298ec39
0x0298ec3c
0x0298ec40
0x0298ec50
0x0298ec58
0x0298ec5e
0x0298eca6
0x0298eca6
0x0298ecaf
0x0298ecb2
0x0298ecb4
0x0298ecb4
0x0298ecbb
0x0298ecbb
0x00000000
0x0298ecbb
0x0298ec60
0x0298ec6c
0x0298ec6e
0x0298ec75
0x0298ec75
0x0298ec78
0x0298ec7a
0x0298ec7c
0x0298ec7c
0x0298ec7f
0x0298ec81
0x0298ec88
0x0298ec8b
0x0298ec8d
0x0298ec91
0x0298ec91
0x0298ec98
0x0298ec9a
0x0298ec9a
0x0298ec9a
0x0298ec9f
0x00000000
0x0298ec9f
0x0298ec26
0x0298ec2a
0x00000000
0x0298ebfa
0x0298ebfa
0x0298ecc0
0x0298ecc0
0x0298ecc2
0x0298ecc4
0x0298ecc7
0x0298ecc7
0x0298eccc
0x0298eccc
0x00000000
0x0298eccc
0x0298ebf6
0x0298eb19
0x0298eb1e
0x00000000
0x00000000
0x0298eb27
0x0298eb34
0x0298eb34
0x0298eb37
0x0298eb99
0x0298eb9e
0x0298eba6
0x0298ebb2
0x0298ebb2
0x0298ebba
0x0298ebba
0x0298ebc1
0x0298ebc1
0x0298ebc6
0x0298ebc6
0x00000000
0x0298ebc6
0x0298eba8
0x0298eba8
0x00000000
0x0298eba8
0x0298eb39
0x0298eb3f
0x0298eb80
0x0298eb85
0x0298eb8d
0x00000000
0x00000000
0x0298eb8f
0x00000000
0x0298eb8f
0x0298eb41
0x0298eb47
0x0298eb67
0x0298eb6c
0x0298eb74
0x00000000
0x00000000
0x0298eb76
0x00000000
0x0298eb76
0x0298eb49
0x0298eb4c
0x00000000
0x00000000
0x0298eb4e
0x0298eb53
0x0298eb5b
0x0298eb63
0x00000000
0x00000000
0x00000000
0x0298eb65
0x0298eaf7
0x0298eafc
0x00000000
0x00000000
0x0298eafe
0x0298eb03
0x00000000
0x0298eadc
0x0298eae0
0x0298eae5
0x0298eccf
0x0298eccf
0x0298ecd2
0x0298ecd4
0x0298ecd9
0x0298ece0
0x0298ece5
0x0298ece5
0x0298ecd9
0x0298ece8
0x0298ecf4
0x0298ed0a
0x0298ed0a

APIs

_set_statfp.LIBCMT ref: 0298EAE0
_set_statfp.LIBCMT ref: 0298EAFE
_set_statfp.LIBCMT ref: 0298EB27
_set_statfp.LIBCMT ref: 0298ECE0

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: fb47ecbfadf9b21a5a09af4e8e819f30b4bdc7b5ccd66e7853b09d3ec71c8ce8
Instruction ID: cf27044e61e3d0cfdcc3950669f3a6b5f6ef39ce5da0840bbb64d4342a39d4c8
Opcode Fuzzy Hash: fb47ecbfadf9b21a5a09af4e8e819f30b4bdc7b5ccd66e7853b09d3ec71c8ce8
Instruction Fuzzy Hash: 8451C627504E8486D723FF39E86476AA365FB85764F4C9719FED727690DB34C081C640

Uniqueness

Uniqueness Score: -1.00%

Function 0293B1F0 Relevance: 7.5, APIs: 5, Instructions: 45COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32 ref: 0293B210
FreeLibrary.KERNEL32 ref: 0293B248
FreeLibrary.KERNEL32 ref: 0293B2A1
FreeLibrary.KERNEL32 ref: 0293B2CE
FreeLibrary.KERNEL32 ref: 0293B348

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: 4136380ed7cdb6e47a92f14c2ceaf9604cd99ed726abdcd18b8d1c58831fc1de
Instruction ID: 6d9b1b035c7892c7da544c81dde4159dc0c633dc29ad7cae8ffabb27a9dca7d1
Opcode Fuzzy Hash: 4136380ed7cdb6e47a92f14c2ceaf9604cd99ed726abdcd18b8d1c58831fc1de
Instruction Fuzzy Hash: E031F434502F4192F7919B55F9AC32633B1F398799F22821AC49A5A6B0CFBE4499C3C3

Uniqueness

Uniqueness Score: -1.00%

Function 0295C0D0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 191
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E0295C0D0(void* __ebx, signed int __edx, signed int __edi, void* __esi, void* __esp, signed int __rax, long long __rbx, intOrPtr __rcx, signed int* __rdx, long long __rsi, long long __rbp, void* __r8, void* __r9, void* __r10, void* __r11, void* __r12, void* __r13, long long _a16, long long _a24, long long _a32) {
				signed int _t64;
				signed int _t65;
				intOrPtr _t66;
				signed int _t67;
				signed int _t68;
				signed int _t71;
				signed int _t72;
				signed int _t75;
				signed int _t76;
				signed int _t77;
				intOrPtr _t78;
				signed int _t79;
				signed int _t80;
				signed int _t81;
				signed int _t83;
				signed int _t84;
				signed int _t85;
				signed int _t86;
				void* _t89;
				signed int _t90;
				signed int _t95;
				signed int _t99;
				void* _t100;
				void* _t102;
				intOrPtr _t106;
				intOrPtr _t109;
				signed int* _t110;
				signed int* _t113;
				void* _t119;
				void* _t120;
				void* _t121;
				void* _t122;
				void* _t123;
				void* _t124;
				signed int* _t125;

				_t124 = __r13;
				_t123 = __r12;
				_t122 = __r11;
				_t121 = __r10;
				_t120 = __r9;
				_t119 = __r8;
				_t114 = __rbp;
				_t110 = __rdx;
				_t104 = __rax;
				_t102 = __esp;
				_t100 = __esi;
				_t97 = __edx;
				_t89 = __ebx;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t106 = __rcx;
				_t99 = __edi | 0xffffffff;
				_t109 =  *((intOrPtr*)(__rcx + 0x468));
				_t103 = _t109;
				if(_t109 != 0) {
					_t64 = L0296983C(__edx, __rax, _t109);
					__eflags = _t64;
					if(_t64 == 0) {
						L2:
						_t65 = _t99;
						L3:
						return _t65;
					}
					__eflags =  *((intOrPtr*)(__rcx + 0x18)) - __rbp;
					if(__eflags != 0) {
						while(1) {
							 *((intOrPtr*)(_t106 + 0x478)) =  *((intOrPtr*)(_t106 + 0x478)) + 1;
							_t66 =  *((intOrPtr*)(_t106 + 0x478));
							__eflags = _t66 - 3;
							if(_t66 == 3) {
								break;
							}
							__eflags = _t66 - 2;
							if(_t66 != 2) {
								L11:
								_t104 =  *((intOrPtr*)(_t106 + 0x480));
								_t125 = _t106 + 0x34;
								_t113 = _t106 + 0x38;
								 *((intOrPtr*)(_t106 + 0x47c)) = 0;
								 *(_t106 + 0xde8) = _t99;
								 *(_t106 + 0xdec) = _t99;
								 *_t125 = 0;
								 *_t113 = 0;
								 *(_t106 + 0x18) = _t104;
								 *((intOrPtr*)(_t106 + 0x50)) = 0;
								 *(_t106 + 0x2c) = 0;
								_t67 =  *_t104;
								 *((char*)(_t106 + 0x41)) = _t67;
								__eflags = _t67;
								if(_t67 == 0) {
									L59:
									_t61 = _t106 + 0x18;
									 *_t61 =  *(_t106 + 0x18) + 1;
									__eflags =  *_t61;
									L60:
									_t109 = _t106;
									_t68 = E02969334(_t97, _t104, _t109);
									__eflags = _t68;
									if(_t68 == 0) {
										goto L2;
									}
									continue;
								} else {
									goto L12;
								}
								while(1) {
									L12:
									 *(_t106 + 0x18) =  *(_t106 + 0x18) + 1;
									__eflags =  *(_t106 + 0x28);
									if( *(_t106 + 0x28) < 0) {
										goto L60;
									}
									_t90 =  *((intOrPtr*)(_t106 + 0x41));
									_t97 =  *(_t106 + 0x2c);
									__eflags = _t109 - 0x20 - 0x5a;
									if(_t109 - 0x20 <= 0x5a) {
										asm("lfence");
										_t104 = _t90;
									}
									_t94 = ( *(_t109 + 0x2993f40) & 0x000000ff) >> 4;
									 *(_t106 + 0x2c) = ( *(_t109 + 0x2993f40) & 0x000000ff) >> 4;
									_t109 = _t106;
									_t71 = E02968E34(_t94, _t99, _t102, _t109, _t110, _t119);
									__eflags = _t71;
									if(_t71 == 0) {
										goto L2;
									} else {
										_t72 =  *(_t106 + 0x2c);
										__eflags = _t72 - 8;
										if(__eflags == 0) {
											goto L1;
										}
										__eflags = _t72;
										if(_t72 == 0) {
											_t109 = _t106;
											_t75 = E0295E128(_t109, _t110, _t113);
											L57:
											__eflags = _t75;
											if(_t75 == 0) {
												goto L2;
											}
											L58:
											_t104 =  *(_t106 + 0x18);
											_t95 =  *_t104;
											 *((char*)(_t106 + 0x41)) = _t95;
											__eflags = _t95;
											if(_t95 != 0) {
												continue;
											}
											goto L59;
										}
										_t76 = _t72 - 1;
										__eflags = _t76;
										if(_t76 == 0) {
											 *_t125 = 0;
											 *((intOrPtr*)(_t106 + 0x40)) = bpl;
											 *(_t106 + 0x30) = 0;
											 *_t113 = _t99;
											 *((intOrPtr*)(_t106 + 0x3c)) = 0;
											 *((intOrPtr*)(_t106 + 0x54)) = bpl;
											goto L58;
										}
										_t77 = _t76 - 1;
										__eflags = _t77;
										if(_t77 == 0) {
											_t78 =  *((intOrPtr*)(_t106 + 0x41));
											__eflags = _t78 - 0x20;
											if(_t78 == 0x20) {
												 *(_t106 + 0x30) =  *(_t106 + 0x30) | 0x00000002;
											} else {
												__eflags = _t78 - 0x23;
												if(_t78 == 0x23) {
													 *(_t106 + 0x30) =  *(_t106 + 0x30) | 0x00000020;
												} else {
													__eflags = _t78 - 0x2b;
													if(_t78 == 0x2b) {
														 *(_t106 + 0x30) =  *(_t106 + 0x30) | 0x00000001;
													} else {
														__eflags = _t78 - 0x2d;
														if(_t78 == 0x2d) {
															 *(_t106 + 0x30) =  *(_t106 + 0x30) | 0x00000004;
														} else {
															__eflags = _t78 - 0x30;
															if(_t78 == 0x30) {
																 *(_t106 + 0x30) =  *(_t106 + 0x30) | 0x00000008;
															}
														}
													}
												}
											}
											goto L58;
										}
										_t79 = _t77 - 1;
										__eflags = _t79;
										if(_t79 == 0) {
											__eflags =  *((char*)(_t106 + 0x41)) - 0x2a;
											_t109 = _t106;
											if( *((char*)(_t106 + 0x41)) == 0x2a) {
												_t80 = E02968328(_t89, _t104, _t106, _t109, _t119, _t120, _t121);
												__eflags = _t80;
												if(_t80 == 0) {
													goto L2;
												}
												__eflags =  *((intOrPtr*)(_t106 + 0x478)) - 1;
												if( *((intOrPtr*)(_t106 + 0x478)) != 1) {
													L42:
													_t81 =  *_t125;
													__eflags = _t81;
													if(_t81 < 0) {
														_t42 = _t106 + 0x30;
														 *_t42 =  *(_t106 + 0x30) | 0x00000004;
														__eflags =  *_t42;
														 *_t125 =  ~_t81;
													}
													L44:
													_t75 = 1;
													goto L57;
												}
												__eflags =  *((intOrPtr*)(_t106 + 0x47c)) - 1;
												if( *((intOrPtr*)(_t106 + 0x47c)) != 1) {
													goto L58;
												}
												goto L42;
											}
											_t110 = _t125;
											L30:
											_t75 = E0295B79C(_t104, _t106, _t109, _t110, _t114);
											goto L57;
										}
										_t83 = _t79 - 1;
										__eflags = _t83;
										if(_t83 == 0) {
											 *_t113 = 0;
											goto L58;
										}
										_t84 = _t83 - 1;
										__eflags = _t84;
										if(_t84 == 0) {
											__eflags =  *((char*)(_t106 + 0x41)) - 0x2a;
											_t109 = _t106;
											if( *((char*)(_t106 + 0x41)) == 0x2a) {
												_t85 = E029687D8(_t89, _t104, _t106, _t109, _t119, _t120, _t121);
												__eflags = _t85;
												if(_t85 == 0) {
													goto L2;
												}
												__eflags =  *((intOrPtr*)(_t106 + 0x478)) - 1;
												if( *((intOrPtr*)(_t106 + 0x478)) != 1) {
													L34:
													__eflags =  *_t113;
													if( *_t113 < 0) {
														 *_t113 = _t99;
													}
													goto L44;
												}
												__eflags =  *((intOrPtr*)(_t106 + 0x47c)) - 1;
												if( *((intOrPtr*)(_t106 + 0x47c)) != 1) {
													goto L58;
												}
												goto L34;
											} else {
												_t110 = _t113;
												goto L30;
											}
										}
										_t86 = _t84 - 1;
										__eflags = _t86;
										if(_t86 == 0) {
											_t109 = _t106;
											_t75 = E0295F348(_t100, _t106, _t109, _t110, _t113, _t114);
											goto L57;
										}
										__eflags = _t86 - 1;
										if(_t86 != 1) {
											goto L2;
										} else {
											_t109 = _t106;
											_t75 = E029606A0(_t89, _t99, _t100, _t102, _t106, _t109, _t110, _t113, _t114, _t119, _t120, _t121, _t122, _t123, _t124);
											goto L57;
										}
									}
								}
								goto L60;
							}
							__eflags =  *((intOrPtr*)(_t106 + 0x47c)) - 1;
							if( *((intOrPtr*)(_t106 + 0x47c)) == 1) {
								break;
							}
							goto L11;
						}
						_t65 =  *(_t106 + 0x28);
					} else {
						E02971538(__eflags, __rax);
						 *__rax = 0x16;
						_t65 = E02970D4C() | 0xffffffff;
					}
					goto L3;
				}
				L1:
				E02971538(_t103, _t104);
				 *_t104 = 0x16;
				E02970D4C();
				goto L2;
			}

0x0295c0d0
0x0295c0d0
0x0295c0d0
0x0295c0d0
0x0295c0d0
0x0295c0d0
0x0295c0d0
0x0295c0d0
0x0295c0d0
0x0295c0d0
0x0295c0d0
0x0295c0d0
0x0295c0d0
0x0295c0d0
0x0295c0d5
0x0295c0da
0x0295c0e8
0x0295c0eb
0x0295c0ee
0x0295c0f7
0x0295c0fa
0x0295c127
0x0295c12c
0x0295c12e
0x0295c10c
0x0295c10c
0x0295c10e
0x0295c126
0x0295c126
0x0295c130
0x0295c134
0x0295c152
0x0295c152
0x0295c158
0x0295c15e
0x0295c161
0x00000000
0x00000000
0x0295c167
0x0295c16a
0x0295c179
0x0295c179
0x0295c180
0x0295c184
0x0295c188
0x0295c18e
0x0295c194
0x0295c19a
0x0295c19d
0x0295c19f
0x0295c1a3
0x0295c1a6
0x0295c1a9
0x0295c1ab
0x0295c1ae
0x0295c1b0
0x0295c355
0x0295c355
0x0295c355
0x0295c355
0x0295c359
0x0295c359
0x0295c35c
0x0295c361
0x0295c363
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0295c1b6
0x0295c1b6
0x0295c1b6
0x0295c1ba
0x0295c1bd
0x00000000
0x00000000
0x0295c1c3
0x0295c1c6
0x0295c1cc
0x0295c1ce
0x0295c1d0
0x0295c1d3
0x0295c1dd
0x0295c1ee
0x0295c1f1
0x0295c1f4
0x0295c1f7
0x0295c1fc
0x0295c1fe
0x00000000
0x0295c204
0x0295c204
0x0295c207
0x0295c20a
0x00000000
0x00000000
0x0295c210
0x0295c212
0x0295c334
0x0295c337
0x0295c33c
0x0295c33c
0x0295c33e
0x00000000
0x00000000
0x0295c344
0x0295c344
0x0295c348
0x0295c34a
0x0295c34d
0x0295c34f
0x00000000
0x00000000
0x00000000
0x0295c34f
0x0295c218
0x0295c218
0x0295c21b
0x0295c31f
0x0295c322
0x0295c326
0x0295c329
0x0295c32b
0x0295c32e
0x00000000
0x0295c32e
0x0295c221
0x0295c221
0x0295c224
0x0295c2ea
0x0295c2ed
0x0295c2ef
0x0295c319
0x0295c2f1
0x0295c2f1
0x0295c2f3
0x0295c313
0x0295c2f5
0x0295c2f5
0x0295c2f7
0x0295c30d
0x0295c2f9
0x0295c2f9
0x0295c2fb
0x0295c307
0x0295c2fd
0x0295c2fd
0x0295c2ff
0x0295c301
0x0295c301
0x0295c2ff
0x0295c2fb
0x0295c2f7
0x0295c2f3
0x00000000
0x0295c2ef
0x0295c22a
0x0295c22a
0x0295c22d
0x0295c2a9
0x0295c2ad
0x0295c2b0
0x0295c2b7
0x0295c2bc
0x0295c2be
0x00000000
0x00000000
0x0295c2c4
0x0295c2cb
0x0295c2d6
0x0295c2d6
0x0295c2d9
0x0295c2db
0x0295c2dd
0x0295c2dd
0x0295c2dd
0x0295c2e3
0x0295c2e3
0x0295c2e6
0x0295c2e6
0x00000000
0x0295c2e6
0x0295c2cd
0x0295c2d4
0x00000000
0x00000000
0x00000000
0x0295c2d4
0x0295c2b2
0x0295c26d
0x0295c26d
0x00000000
0x0295c26d
0x0295c22f
0x0295c22f
0x0295c232
0x0295c2a2
0x00000000
0x0295c2a2
0x0295c234
0x0295c234
0x0295c237
0x0295c261
0x0295c265
0x0295c268
0x0295c277
0x0295c27c
0x0295c27e
0x00000000
0x00000000
0x0295c284
0x0295c28b
0x0295c29a
0x0295c29a
0x0295c29c
0x0295c29e
0x0295c29e
0x00000000
0x0295c29c
0x0295c28d
0x0295c294
0x00000000
0x00000000
0x00000000
0x0295c26a
0x0295c26a
0x00000000
0x0295c26a
0x0295c268
0x0295c239
0x0295c239
0x0295c23c
0x0295c254
0x0295c257
0x00000000
0x0295c257
0x0295c23e
0x0295c241
0x00000000
0x0295c247
0x0295c247
0x0295c24a
0x00000000
0x0295c24a
0x0295c241
0x0295c1fe
0x00000000
0x0295c1b6
0x0295c16c
0x0295c173
0x00000000
0x00000000
0x00000000
0x0295c173
0x0295c36e
0x0295c136
0x0295c136
0x0295c13b
0x0295c146
0x0295c146
0x00000000
0x0295c134
0x0295c0fc
0x0295c0fc
0x0295c101
0x0295c107
0x00000000

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0295C107
_invalid_parameter_noinfo.LIBCMT ref: 0295C141

Strings

*, xrefs: 0295C2A9
, xrefs: 0295C313

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: $*
API String ID: 3215553584-3982473090
Opcode ID: 244e462f22e01fa694cdcd4a1200f341e37ae328136e13584e64fc6fb17e06a5
Instruction ID: b5834d40dad705757604e0edf7a342e9b562734164f97386ca28514f0404341e
Opcode Fuzzy Hash: 244e462f22e01fa694cdcd4a1200f341e37ae328136e13584e64fc6fb17e06a5
Instruction Fuzzy Hash: 976181723083A8CADF28DF79909827C7BA5F756F5CB58412BCE8657218DB35C086CB19

Uniqueness

Uniqueness Score: -1.00%

Function 0295D66C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 191
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E0295D66C(void* __ebx, signed int __edx, signed int __edi, void* __esp, signed short* __rax, long long __rbx, void* __rcx, signed int* __rdx, long long __rbp, void* __r8, void* __r9, void* __r10, long long _a16, long long _a24) {
				void* __rdi;
				void* __rsi;
				signed int _t63;
				intOrPtr _t64;
				signed int _t65;
				signed int _t66;
				signed int _t70;
				signed int _t71;
				signed int _t72;
				signed int _t73;
				signed int _t74;
				signed int _t75;
				signed int _t76;
				signed int _t77;
				signed int _t78;
				signed int _t80;
				signed int _t81;
				signed int _t82;
				signed int _t83;
				void* _t87;
				signed short _t88;
				signed int _t93;
				signed int _t95;
				signed int _t97;
				void* _t99;
				void* _t104;
				void* _t106;
				signed int* _t107;
				void* _t108;
				signed int* _t109;
				void* _t115;
				void* _t116;
				void* _t117;
				signed int* _t119;

				_t117 = __r10;
				_t116 = __r9;
				_t115 = __r8;
				_t110 = __rbp;
				_t107 = __rdx;
				_t106 = __rcx;
				_t102 = __rax;
				_t99 = __esp;
				_t95 = __edx;
				_t87 = __ebx;
				_a16 = __rbx;
				_a24 = __rbp;
				_t97 = __edi | 0xffffffff;
				_t104 = __rcx;
				if( *((intOrPtr*)(__rcx + 0x468)) == __rbp) {
					L58:
					E02971538(__eflags, _t102);
					 *_t102 = 0x16;
					E02970D4C();
					L59:
					_t63 = _t97;
					L61:
					return _t63;
				}
				_t101 =  *((intOrPtr*)(__rcx + 0x18)) - __rbp;
				if( *((intOrPtr*)(__rcx + 0x18)) != __rbp) {
					r12d = 0x20;
					while(1) {
						 *((intOrPtr*)(_t104 + 0x478)) =  *((intOrPtr*)(_t104 + 0x478)) + 1;
						_t64 =  *((intOrPtr*)(_t104 + 0x478));
						__eflags = _t64 - 3;
						if(_t64 == 3) {
							break;
						}
						__eflags = _t64 - 2;
						if(_t64 != 2) {
							L7:
							_t102 =  *((intOrPtr*)(_t104 + 0x480));
							_t119 = _t104 + 0x34;
							_t109 = _t104 + 0x38;
							 *((intOrPtr*)(_t104 + 0x47c)) = 0;
							 *(_t104 + 0xde8) = _t97;
							 *(_t104 + 0xdec) = _t97;
							 *_t119 = 0;
							 *_t109 = 0;
							 *(_t104 + 0x18) = _t102;
							 *((intOrPtr*)(_t104 + 0x50)) = 0;
							 *(_t104 + 0x2c) = 0;
							_t65 =  *_t102 & 0x0000ffff;
							 *(_t104 + 0x42) = _t65;
							__eflags = _t65;
							if(_t65 == 0) {
								L55:
								_t56 = _t104 + 0x18;
								 *_t56 =  *(_t104 + 0x18) + 2;
								__eflags =  *_t56;
								L56:
								_t106 = _t104;
								_t66 = E02969508(_t95, _t102, _t106);
								__eflags = _t66;
								if(_t66 == 0) {
									goto L59;
								}
								continue;
							} else {
								goto L8;
							}
							while(1) {
								L8:
								 *(_t104 + 0x18) =  *(_t104 + 0x18) + 2;
								__eflags =  *(_t104 + 0x28);
								if( *(_t104 + 0x28) < 0) {
									goto L56;
								}
								_t88 =  *(_t104 + 0x42) & 0x0000ffff;
								_t95 =  *(_t104 + 0x2c);
								__eflags = (_t88 & 0x0000ffff) - r12w - 0x5a;
								if((_t88 & 0x0000ffff) - r12w <= 0x5a) {
									asm("lfence");
								}
								_t92 = ( *(_t106 + 0x2993f40) & 0x000000ff) >> 4;
								 *(_t104 + 0x2c) = ( *(_t106 + 0x2993f40) & 0x000000ff) >> 4;
								_t106 = _t104;
								_t70 = E02969160(_t92, _t97, _t99, _t106, _t107, _t115);
								__eflags = _t70;
								if(_t70 == 0) {
									goto L59;
								} else {
									_t71 =  *(_t104 + 0x2c);
									__eflags = _t71 - 8;
									if(__eflags == 0) {
										goto L58;
									}
									__eflags = _t71;
									if(_t71 == 0) {
										_t106 = _t104;
										_t72 = E0295E52C(_t106);
										L53:
										__eflags = _t72;
										if(_t72 == 0) {
											goto L59;
										}
										L54:
										_t102 =  *(_t104 + 0x18);
										_t93 =  *_t102 & 0x0000ffff;
										 *(_t104 + 0x42) = _t93;
										__eflags = _t93;
										if(_t93 != 0) {
											continue;
										}
										goto L55;
									}
									_t73 = _t71 - 1;
									__eflags = _t73;
									if(_t73 == 0) {
										 *_t119 = 0;
										 *((intOrPtr*)(_t104 + 0x40)) = bpl;
										 *(_t104 + 0x30) = 0;
										 *_t109 = _t97;
										 *((intOrPtr*)(_t104 + 0x3c)) = 0;
										 *((intOrPtr*)(_t104 + 0x54)) = bpl;
										goto L54;
									}
									_t74 = _t73 - 1;
									__eflags = _t74;
									if(_t74 == 0) {
										_t75 =  *(_t104 + 0x42) & 0x0000ffff;
										__eflags = _t75 - r12w;
										if(_t75 == r12w) {
											 *(_t104 + 0x30) =  *(_t104 + 0x30) | 0x00000002;
										} else {
											__eflags = _t75 - 0x23;
											if(_t75 == 0x23) {
												 *(_t104 + 0x30) =  *(_t104 + 0x30) | r12d;
											} else {
												__eflags = _t75 - 0x2b;
												if(_t75 == 0x2b) {
													 *(_t104 + 0x30) =  *(_t104 + 0x30) | 0x00000001;
												} else {
													__eflags = _t75 - 0x2d;
													if(_t75 == 0x2d) {
														 *(_t104 + 0x30) =  *(_t104 + 0x30) | 0x00000004;
													} else {
														__eflags = _t75 - 0x30;
														if(_t75 == 0x30) {
															 *(_t104 + 0x30) =  *(_t104 + 0x30) | 0x00000008;
														}
													}
												}
											}
										}
										goto L54;
									}
									_t76 = _t74 - 1;
									__eflags = _t76;
									if(_t76 == 0) {
										__eflags =  *(_t104 + 0x42) - 0x2a;
										_t106 = _t104;
										if( *(_t104 + 0x42) == 0x2a) {
											_t77 = E02968670(_t102, _t104, _t106, _t109, _t116, _t117);
											__eflags = _t77;
											if(_t77 == 0) {
												goto L59;
											}
											__eflags =  *((intOrPtr*)(_t104 + 0x478)) - 1;
											if( *((intOrPtr*)(_t104 + 0x478)) != 1) {
												L38:
												_t78 =  *_t119;
												__eflags = _t78;
												if(_t78 < 0) {
													_t37 = _t104 + 0x30;
													 *_t37 =  *(_t104 + 0x30) | 0x00000004;
													__eflags =  *_t37;
													 *_t119 =  ~_t78;
												}
												L40:
												_t72 = 1;
												goto L53;
											}
											__eflags =  *((intOrPtr*)(_t104 + 0x47c)) - 1;
											if( *((intOrPtr*)(_t104 + 0x47c)) != 1) {
												goto L54;
											}
											goto L38;
										}
										_t107 = _t119;
										L26:
										_t72 = L0295BD60(_t102, _t104, _t106, _t107, _t108, _t109);
										goto L53;
									}
									_t80 = _t76 - 1;
									__eflags = _t80;
									if(_t80 == 0) {
										 *_t109 = 0;
										goto L54;
									}
									_t81 = _t80 - 1;
									__eflags = _t81;
									if(_t81 == 0) {
										__eflags =  *(_t104 + 0x42) - 0x2a;
										_t106 = _t104;
										if( *(_t104 + 0x42) == 0x2a) {
											_t82 = E02968B20(_t102, _t104, _t106, _t109, _t116, _t117);
											__eflags = _t82;
											if(_t82 == 0) {
												goto L59;
											}
											__eflags =  *((intOrPtr*)(_t104 + 0x478)) - 1;
											if( *((intOrPtr*)(_t104 + 0x478)) != 1) {
												L30:
												__eflags =  *_t109;
												if( *_t109 < 0) {
													 *_t109 = _t97;
												}
												goto L40;
											}
											__eflags =  *((intOrPtr*)(_t104 + 0x47c)) - 1;
											if( *((intOrPtr*)(_t104 + 0x47c)) != 1) {
												goto L54;
											}
											goto L30;
										} else {
											_t107 = _t109;
											goto L26;
										}
									}
									_t83 = _t81 - 1;
									__eflags = _t83;
									if(_t83 == 0) {
										_t106 = _t104;
										_t72 = E029600EC(_t92, _t104, _t106, _t107, _t109, _t110, _t115, _t117);
										goto L53;
									}
									__eflags = _t83 - 1;
									if(_t83 != 1) {
										goto L59;
									} else {
										_t106 = _t104;
										_t72 = L02961E8C(_t87, _t92, _t99, _t104, _t106, _t107, _t109, _t110, _t115, _t116, _t117);
										goto L53;
									}
								}
							}
							goto L56;
						}
						__eflags =  *((intOrPtr*)(_t104 + 0x47c)) - 1;
						if( *((intOrPtr*)(_t104 + 0x47c)) == 1) {
							break;
						}
						goto L7;
					}
					_t63 =  *(_t104 + 0x28);
				} else {
					E02971538(_t101, __rax);
					 *__rax = 0x16;
					_t63 = E02970D4C() | _t97;
				}
			}

0x0295d66c
0x0295d66c
0x0295d66c
0x0295d66c
0x0295d66c
0x0295d66c
0x0295d66c
0x0295d66c
0x0295d66c
0x0295d66c
0x0295d66c
0x0295d671
0x0295d682
0x0295d687
0x0295d691
0x0295d8f0
0x0295d8f0
0x0295d8f5
0x0295d8fb
0x0295d900
0x0295d900
0x0295d907
0x0295d91d
0x0295d91d
0x0295d697
0x0295d69b
0x0295d6bb
0x0295d6c1
0x0295d6c1
0x0295d6c7
0x0295d6cd
0x0295d6d0
0x00000000
0x00000000
0x0295d6d6
0x0295d6d9
0x0295d6e8
0x0295d6e8
0x0295d6ef
0x0295d6f3
0x0295d6f7
0x0295d6fd
0x0295d703
0x0295d709
0x0295d70c
0x0295d70e
0x0295d712
0x0295d715
0x0295d718
0x0295d71b
0x0295d71f
0x0295d722
0x0295d8da
0x0295d8da
0x0295d8da
0x0295d8da
0x0295d8df
0x0295d8df
0x0295d8e2
0x0295d8e7
0x0295d8e9
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0295d728
0x0295d728
0x0295d728
0x0295d72d
0x0295d730
0x00000000
0x00000000
0x0295d736
0x0295d73a
0x0295d744
0x0295d748
0x0295d74a
0x0295d756
0x0295d767
0x0295d76a
0x0295d76d
0x0295d770
0x0295d775
0x0295d777
0x00000000
0x0295d77d
0x0295d77d
0x0295d780
0x0295d783
0x00000000
0x00000000
0x0295d789
0x0295d78b
0x0295d8ba
0x0295d8bd
0x0295d8c2
0x0295d8c2
0x0295d8c4
0x00000000
0x00000000
0x0295d8c6
0x0295d8c6
0x0295d8ca
0x0295d8cd
0x0295d8d1
0x0295d8d4
0x00000000
0x00000000
0x00000000
0x0295d8d4
0x0295d791
0x0295d791
0x0295d794
0x0295d8a5
0x0295d8a8
0x0295d8ac
0x0295d8af
0x0295d8b1
0x0295d8b4
0x00000000
0x0295d8b4
0x0295d79a
0x0295d79a
0x0295d79d
0x0295d865
0x0295d869
0x0295d86d
0x0295d89f
0x0295d86f
0x0295d86f
0x0295d873
0x0295d899
0x0295d875
0x0295d875
0x0295d879
0x0295d893
0x0295d87b
0x0295d87b
0x0295d87f
0x0295d88d
0x0295d881
0x0295d881
0x0295d885
0x0295d887
0x0295d887
0x0295d885
0x0295d87f
0x0295d879
0x0295d873
0x00000000
0x0295d86d
0x0295d7a3
0x0295d7a3
0x0295d7a6
0x0295d823
0x0295d828
0x0295d82b
0x0295d832
0x0295d837
0x0295d839
0x00000000
0x00000000
0x0295d83f
0x0295d846
0x0295d851
0x0295d851
0x0295d854
0x0295d856
0x0295d858
0x0295d858
0x0295d858
0x0295d85e
0x0295d85e
0x0295d861
0x0295d861
0x00000000
0x0295d861
0x0295d848
0x0295d84f
0x00000000
0x00000000
0x00000000
0x0295d84f
0x0295d82d
0x0295d7e7
0x0295d7e7
0x00000000
0x0295d7e7
0x0295d7a8
0x0295d7a8
0x0295d7ab
0x0295d81c
0x00000000
0x0295d81c
0x0295d7ad
0x0295d7ad
0x0295d7b0
0x0295d7da
0x0295d7df
0x0295d7e2
0x0295d7f1
0x0295d7f6
0x0295d7f8
0x00000000
0x00000000
0x0295d7fe
0x0295d805
0x0295d814
0x0295d814
0x0295d816
0x0295d818
0x0295d818
0x00000000
0x0295d816
0x0295d807
0x0295d80e
0x00000000
0x00000000
0x00000000
0x0295d7e4
0x0295d7e4
0x00000000
0x0295d7e4
0x0295d7e2
0x0295d7b2
0x0295d7b2
0x0295d7b5
0x0295d7cd
0x0295d7d0
0x00000000
0x0295d7d0
0x0295d7b7
0x0295d7ba
0x00000000
0x0295d7c0
0x0295d7c0
0x0295d7c3
0x00000000
0x0295d7c3
0x0295d7ba
0x0295d777
0x00000000
0x0295d728
0x0295d6db
0x0295d6e2
0x00000000
0x00000000
0x00000000
0x0295d6e2
0x0295d904
0x0295d69d
0x0295d69d
0x0295d6a2
0x0295d6ad
0x0295d6ad

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0295D6A8
_invalid_parameter_noinfo.LIBCMT ref: 0295D8FB

Strings

, xrefs: 0295D6BB
*, xrefs: 0295D823

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: $*
API String ID: 3215553584-3982473090
Opcode ID: f9e5e4e9e4fa1c1d0010280c0a3969c736ce73a4010f4bd4fa0620c0e0182747
Instruction ID: 23256d0401b3adb74f63d57af2866ce8a0f7561b63f9c51f0522479bca1f195a
Opcode Fuzzy Hash: f9e5e4e9e4fa1c1d0010280c0a3969c736ce73a4010f4bd4fa0620c0e0182747
Instruction Fuzzy Hash: 6F618DB2704365C6CB28DF3A905827D7BA8F741F5CB58452ACF864B268DB39C086CB75

Uniqueness

Uniqueness Score: -1.00%

Function 0295CEC4 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 191
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E0295CEC4(signed int __edx, signed int __edi, void* __esp, signed short* __rax, long long __rbx, void* __rcx, signed int* __rdx, long long __rbp, void* __r8, void* __r9, void* __r10, long long _a16, long long _a24) {
				void* __rdi;
				void* __rsi;
				void* __r12;
				signed int _t63;
				intOrPtr _t64;
				signed int _t65;
				signed int _t66;
				signed int _t70;
				signed int _t71;
				signed int _t72;
				signed int _t73;
				signed int _t74;
				signed int _t75;
				signed int _t76;
				signed int _t77;
				signed int _t78;
				signed int _t80;
				signed int _t81;
				signed int _t82;
				signed int _t83;
				void* _t87;
				signed short _t88;
				signed int _t93;
				signed int _t95;
				signed int _t97;
				void* _t99;
				void* _t104;
				void* _t106;
				signed int* _t107;
				void* _t108;
				signed int* _t109;
				void* _t115;
				void* _t116;
				void* _t117;
				void* _t118;
				signed int* _t120;

				_t117 = __r10;
				_t116 = __r9;
				_t115 = __r8;
				_t110 = __rbp;
				_t107 = __rdx;
				_t106 = __rcx;
				_t102 = __rax;
				_t99 = __esp;
				_t95 = __edx;
				_a16 = __rbx;
				_a24 = __rbp;
				_t97 = __edi | 0xffffffff;
				_t104 = __rcx;
				if( *((intOrPtr*)(__rcx + 0x468)) == __rbp) {
					L58:
					E02971538(__eflags, _t102);
					 *_t102 = 0x16;
					E02970D4C();
					L59:
					_t63 = _t97;
					L61:
					return _t63;
				}
				_t101 =  *((intOrPtr*)(__rcx + 0x18)) - __rbp;
				if( *((intOrPtr*)(__rcx + 0x18)) != __rbp) {
					r12d = 0x20;
					while(1) {
						 *((intOrPtr*)(_t104 + 0x478)) =  *((intOrPtr*)(_t104 + 0x478)) + 1;
						_t64 =  *((intOrPtr*)(_t104 + 0x478));
						__eflags = _t64 - 3;
						if(_t64 == 3) {
							break;
						}
						__eflags = _t64 - 2;
						if(_t64 != 2) {
							L7:
							_t102 =  *((intOrPtr*)(_t104 + 0x480));
							_t120 = _t104 + 0x34;
							_t109 = _t104 + 0x38;
							 *((intOrPtr*)(_t104 + 0x47c)) = 0;
							 *(_t104 + 0xde8) = _t97;
							 *(_t104 + 0xdec) = _t97;
							 *_t120 = 0;
							 *_t109 = 0;
							 *(_t104 + 0x18) = _t102;
							 *((intOrPtr*)(_t104 + 0x50)) = 0;
							 *(_t104 + 0x2c) = 0;
							_t65 =  *_t102 & 0x0000ffff;
							 *(_t104 + 0x42) = _t65;
							__eflags = _t65;
							if(_t65 == 0) {
								L55:
								_t56 = _t104 + 0x18;
								 *_t56 =  *(_t104 + 0x18) + 2;
								__eflags =  *_t56;
								L56:
								_t106 = _t104;
								_t66 = E0296946C(_t95, _t102, _t106);
								__eflags = _t66;
								if(_t66 == 0) {
									goto L59;
								}
								continue;
							} else {
								goto L8;
							}
							while(1) {
								L8:
								 *(_t104 + 0x18) =  *(_t104 + 0x18) + 2;
								__eflags =  *(_t104 + 0x28);
								if( *(_t104 + 0x28) < 0) {
									goto L56;
								}
								_t88 =  *(_t104 + 0x42) & 0x0000ffff;
								_t95 =  *(_t104 + 0x2c);
								__eflags = (_t88 & 0x0000ffff) - r12w - 0x5a;
								if((_t88 & 0x0000ffff) - r12w <= 0x5a) {
									asm("lfence");
								}
								_t92 = ( *(_t106 + 0x2993f40) & 0x000000ff) >> 4;
								 *(_t104 + 0x2c) = ( *(_t106 + 0x2993f40) & 0x000000ff) >> 4;
								_t106 = _t104;
								_t70 = E0296904C(_t92, _t97, _t99, _t106, _t107, _t115);
								__eflags = _t70;
								if(_t70 == 0) {
									goto L59;
								} else {
									_t71 =  *(_t104 + 0x2c);
									__eflags = _t71 - 8;
									if(__eflags == 0) {
										goto L58;
									}
									__eflags = _t71;
									if(_t71 == 0) {
										_t106 = _t104;
										_t72 = E0295E404(_t106);
										L53:
										__eflags = _t72;
										if(_t72 == 0) {
											goto L59;
										}
										L54:
										_t102 =  *(_t104 + 0x18);
										_t93 =  *_t102 & 0x0000ffff;
										 *(_t104 + 0x42) = _t93;
										__eflags = _t93;
										if(_t93 != 0) {
											continue;
										}
										goto L55;
									}
									_t73 = _t71 - 1;
									__eflags = _t73;
									if(_t73 == 0) {
										 *_t120 = 0;
										 *((intOrPtr*)(_t104 + 0x40)) = bpl;
										 *(_t104 + 0x30) = 0;
										 *_t109 = _t97;
										 *((intOrPtr*)(_t104 + 0x3c)) = 0;
										 *((intOrPtr*)(_t104 + 0x54)) = bpl;
										goto L54;
									}
									_t74 = _t73 - 1;
									__eflags = _t74;
									if(_t74 == 0) {
										_t75 =  *(_t104 + 0x42) & 0x0000ffff;
										__eflags = _t75 - r12w;
										if(_t75 == r12w) {
											 *(_t104 + 0x30) =  *(_t104 + 0x30) | 0x00000002;
										} else {
											__eflags = _t75 - 0x23;
											if(_t75 == 0x23) {
												 *(_t104 + 0x30) =  *(_t104 + 0x30) | r12d;
											} else {
												__eflags = _t75 - 0x2b;
												if(_t75 == 0x2b) {
													 *(_t104 + 0x30) =  *(_t104 + 0x30) | 0x00000001;
												} else {
													__eflags = _t75 - 0x2d;
													if(_t75 == 0x2d) {
														 *(_t104 + 0x30) =  *(_t104 + 0x30) | 0x00000004;
													} else {
														__eflags = _t75 - 0x30;
														if(_t75 == 0x30) {
															 *(_t104 + 0x30) =  *(_t104 + 0x30) | 0x00000008;
														}
													}
												}
											}
										}
										goto L54;
									}
									_t76 = _t74 - 1;
									__eflags = _t76;
									if(_t76 == 0) {
										__eflags =  *(_t104 + 0x42) - 0x2a;
										_t106 = _t104;
										if( *(_t104 + 0x42) == 0x2a) {
											_t77 = E02968558(_t102, _t104, _t106, _t109, _t116, _t117);
											__eflags = _t77;
											if(_t77 == 0) {
												goto L59;
											}
											__eflags =  *((intOrPtr*)(_t104 + 0x478)) - 1;
											if( *((intOrPtr*)(_t104 + 0x478)) != 1) {
												L38:
												_t78 =  *_t120;
												__eflags = _t78;
												if(_t78 < 0) {
													_t37 = _t104 + 0x30;
													 *_t37 =  *(_t104 + 0x30) | 0x00000004;
													__eflags =  *_t37;
													 *_t120 =  ~_t78;
												}
												L40:
												_t72 = 1;
												goto L53;
											}
											__eflags =  *((intOrPtr*)(_t104 + 0x47c)) - 1;
											if( *((intOrPtr*)(_t104 + 0x47c)) != 1) {
												goto L54;
											}
											goto L38;
										}
										_t107 = _t120;
										L26:
										_t72 = L0295BB74(_t102, _t104, _t106, _t107, _t108, _t109);
										goto L53;
									}
									_t80 = _t76 - 1;
									__eflags = _t80;
									if(_t80 == 0) {
										 *_t109 = 0;
										goto L54;
									}
									_t81 = _t80 - 1;
									__eflags = _t81;
									if(_t81 == 0) {
										__eflags =  *(_t104 + 0x42) - 0x2a;
										_t106 = _t104;
										if( *(_t104 + 0x42) == 0x2a) {
											_t82 = E02968A08(_t102, _t104, _t106, _t109, _t116, _t117);
											__eflags = _t82;
											if(_t82 == 0) {
												goto L59;
											}
											__eflags =  *((intOrPtr*)(_t104 + 0x478)) - 1;
											if( *((intOrPtr*)(_t104 + 0x478)) != 1) {
												L30:
												__eflags =  *_t109;
												if( *_t109 < 0) {
													 *_t109 = _t97;
												}
												goto L40;
											}
											__eflags =  *((intOrPtr*)(_t104 + 0x47c)) - 1;
											if( *((intOrPtr*)(_t104 + 0x47c)) != 1) {
												goto L54;
											}
											goto L30;
										} else {
											_t107 = _t109;
											goto L26;
										}
									}
									_t83 = _t81 - 1;
									__eflags = _t83;
									if(_t83 == 0) {
										_t106 = _t104;
										_t72 = L0295FC24(_t92, _t104, _t106, _t107, _t110);
										goto L53;
									}
									__eflags = _t83 - 1;
									if(_t83 != 1) {
										goto L59;
									} else {
										_t106 = _t104;
										_t72 = E029615EC(_t87, _t92, _t99, _t104, _t106, _t107, _t110, _t115, _t116, _t117, _t118);
										goto L53;
									}
								}
							}
							goto L56;
						}
						__eflags =  *((intOrPtr*)(_t104 + 0x47c)) - 1;
						if( *((intOrPtr*)(_t104 + 0x47c)) == 1) {
							break;
						}
						goto L7;
					}
					_t63 =  *(_t104 + 0x28);
				} else {
					E02971538(_t101, __rax);
					 *__rax = 0x16;
					_t63 = E02970D4C() | _t97;
				}
			}

0x0295cec4
0x0295cec4
0x0295cec4
0x0295cec4
0x0295cec4
0x0295cec4
0x0295cec4
0x0295cec4
0x0295cec4
0x0295cec4
0x0295cec9
0x0295ceda
0x0295cedf
0x0295cee9
0x0295d148
0x0295d148
0x0295d14d
0x0295d153
0x0295d158
0x0295d158
0x0295d15f
0x0295d175
0x0295d175
0x0295ceef
0x0295cef3
0x0295cf13
0x0295cf19
0x0295cf19
0x0295cf1f
0x0295cf25
0x0295cf28
0x00000000
0x00000000
0x0295cf2e
0x0295cf31
0x0295cf40
0x0295cf40
0x0295cf47
0x0295cf4b
0x0295cf4f
0x0295cf55
0x0295cf5b
0x0295cf61
0x0295cf64
0x0295cf66
0x0295cf6a
0x0295cf6d
0x0295cf70
0x0295cf73
0x0295cf77
0x0295cf7a
0x0295d132
0x0295d132
0x0295d132
0x0295d132
0x0295d137
0x0295d137
0x0295d13a
0x0295d13f
0x0295d141
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0295cf80
0x0295cf80
0x0295cf80
0x0295cf85
0x0295cf88
0x00000000
0x00000000
0x0295cf8e
0x0295cf92
0x0295cf9c
0x0295cfa0
0x0295cfa2
0x0295cfae
0x0295cfbf
0x0295cfc2
0x0295cfc5
0x0295cfc8
0x0295cfcd
0x0295cfcf
0x00000000
0x0295cfd5
0x0295cfd5
0x0295cfd8
0x0295cfdb
0x00000000
0x00000000
0x0295cfe1
0x0295cfe3
0x0295d112
0x0295d115
0x0295d11a
0x0295d11a
0x0295d11c
0x00000000
0x00000000
0x0295d11e
0x0295d11e
0x0295d122
0x0295d125
0x0295d129
0x0295d12c
0x00000000
0x00000000
0x00000000
0x0295d12c
0x0295cfe9
0x0295cfe9
0x0295cfec
0x0295d0fd
0x0295d100
0x0295d104
0x0295d107
0x0295d109
0x0295d10c
0x00000000
0x0295d10c
0x0295cff2
0x0295cff2
0x0295cff5
0x0295d0bd
0x0295d0c1
0x0295d0c5
0x0295d0f7
0x0295d0c7
0x0295d0c7
0x0295d0cb
0x0295d0f1
0x0295d0cd
0x0295d0cd
0x0295d0d1
0x0295d0eb
0x0295d0d3
0x0295d0d3
0x0295d0d7
0x0295d0e5
0x0295d0d9
0x0295d0d9
0x0295d0dd
0x0295d0df
0x0295d0df
0x0295d0dd
0x0295d0d7
0x0295d0d1
0x0295d0cb
0x00000000
0x0295d0c5
0x0295cffb
0x0295cffb
0x0295cffe
0x0295d07b
0x0295d080
0x0295d083
0x0295d08a
0x0295d08f
0x0295d091
0x00000000
0x00000000
0x0295d097
0x0295d09e
0x0295d0a9
0x0295d0a9
0x0295d0ac
0x0295d0ae
0x0295d0b0
0x0295d0b0
0x0295d0b0
0x0295d0b6
0x0295d0b6
0x0295d0b9
0x0295d0b9
0x00000000
0x0295d0b9
0x0295d0a0
0x0295d0a7
0x00000000
0x00000000
0x00000000
0x0295d0a7
0x0295d085
0x0295d03f
0x0295d03f
0x00000000
0x0295d03f
0x0295d000
0x0295d000
0x0295d003
0x0295d074
0x00000000
0x0295d074
0x0295d005
0x0295d005
0x0295d008
0x0295d032
0x0295d037
0x0295d03a
0x0295d049
0x0295d04e
0x0295d050
0x00000000
0x00000000
0x0295d056
0x0295d05d
0x0295d06c
0x0295d06c
0x0295d06e
0x0295d070
0x0295d070
0x00000000
0x0295d06e
0x0295d05f
0x0295d066
0x00000000
0x00000000
0x00000000
0x0295d03c
0x0295d03c
0x00000000
0x0295d03c
0x0295d03a
0x0295d00a
0x0295d00a
0x0295d00d
0x0295d025
0x0295d028
0x00000000
0x0295d028
0x0295d00f
0x0295d012
0x00000000
0x0295d018
0x0295d018
0x0295d01b
0x00000000
0x0295d01b
0x0295d012
0x0295cfcf
0x00000000
0x0295cf80
0x0295cf33
0x0295cf3a
0x00000000
0x00000000
0x00000000
0x0295cf3a
0x0295d15c
0x0295cef5
0x0295cef5
0x0295cefa
0x0295cf05
0x0295cf05

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0295CF00
_invalid_parameter_noinfo.LIBCMT ref: 0295D153

Strings

*, xrefs: 0295D07B
, xrefs: 0295CF13

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: $*
API String ID: 3215553584-3982473090
Opcode ID: 26f3cfdfe0bc1c5921a09521f3086d110c53c458b1f4eadbb54ad0439963aea7
Instruction ID: 61d5943c0fbb9c208252807edd290cef2fe5476ba92b2b4025d4a2ce76e0aa1c
Opcode Fuzzy Hash: 26f3cfdfe0bc1c5921a09521f3086d110c53c458b1f4eadbb54ad0439963aea7
Instruction Fuzzy Hash: 24619E72204365C6DB28DF7A944527C7BA9FB49B5CF48412ACE8687308DB35C086CB7A

Uniqueness

Uniqueness Score: -1.00%

Function 0295C7A8 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 187
COMMON

Download Yara Rule

C-Code - Quality: 66%

			E0295C7A8(void* __ebx, signed int __edx, signed int __edi, void* __esi, void* __esp, signed int __rax, long long __rbx, void* __rcx, signed int* __rdx, long long __rsi, long long __rbp, void* __r8, void* __r9, void* __r10, void* __r11, void* __r12, void* __r13, long long _a16, long long _a24, long long _a32) {
				signed int _t66;
				intOrPtr _t67;
				signed int _t68;
				signed int _t69;
				signed int _t72;
				signed int _t73;
				signed int _t74;
				signed int _t75;
				signed int _t76;
				intOrPtr _t77;
				signed int _t78;
				signed int _t79;
				signed int _t80;
				signed int _t82;
				signed int _t83;
				signed int _t84;
				signed int _t85;
				void* _t88;
				signed int _t89;
				signed int _t94;
				signed int _t96;
				signed int _t98;
				void* _t101;
				void* _t106;
				void* _t108;
				signed int* _t109;
				signed int* _t112;
				void* _t118;
				void* _t119;
				void* _t120;
				void* _t121;
				void* _t122;
				void* _t123;
				signed int* _t124;

				_t123 = __r13;
				_t122 = __r12;
				_t121 = __r11;
				_t120 = __r10;
				_t119 = __r9;
				_t118 = __r8;
				_t113 = __rbp;
				_t109 = __rdx;
				_t108 = __rcx;
				_t104 = __rax;
				_t101 = __esp;
				_t96 = __edx;
				_t88 = __ebx;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t98 = __edi | 0xffffffff;
				_t106 = __rcx;
				if( *((intOrPtr*)(__rcx + 0x468)) == __rbp) {
					L58:
					E02971538(__eflags, _t104);
					 *_t104 = 0x16;
					E02970D4C();
					L59:
					_t66 = _t98;
					L61:
					return _t66;
				}
				_t103 =  *((intOrPtr*)(__rcx + 0x18)) - __rbp;
				if( *((intOrPtr*)(__rcx + 0x18)) != __rbp) {
					while(1) {
						 *((intOrPtr*)(_t106 + 0x478)) =  *((intOrPtr*)(_t106 + 0x478)) + 1;
						_t67 =  *((intOrPtr*)(_t106 + 0x478));
						__eflags = _t67 - 3;
						if(_t67 == 3) {
							break;
						}
						__eflags = _t67 - 2;
						if(_t67 != 2) {
							L7:
							_t104 =  *((intOrPtr*)(_t106 + 0x480));
							_t124 = _t106 + 0x34;
							_t112 = _t106 + 0x38;
							 *((intOrPtr*)(_t106 + 0x47c)) = 0;
							 *(_t106 + 0xde8) = _t98;
							 *(_t106 + 0xdec) = _t98;
							 *_t124 = 0;
							 *_t112 = 0;
							 *(_t106 + 0x18) = _t104;
							 *((intOrPtr*)(_t106 + 0x50)) = 0;
							 *(_t106 + 0x2c) = 0;
							_t68 =  *_t104;
							 *((char*)(_t106 + 0x41)) = _t68;
							__eflags = _t68;
							if(_t68 == 0) {
								L55:
								_t58 = _t106 + 0x18;
								 *_t58 =  *(_t106 + 0x18) + 1;
								__eflags =  *_t58;
								L56:
								_t108 = _t106;
								_t69 = E029693D0(_t96, _t104, _t108);
								__eflags = _t69;
								if(_t69 == 0) {
									goto L59;
								}
								continue;
							} else {
								goto L8;
							}
							while(1) {
								L8:
								 *(_t106 + 0x18) =  *(_t106 + 0x18) + 1;
								__eflags =  *(_t106 + 0x28);
								if( *(_t106 + 0x28) < 0) {
									goto L56;
								}
								_t89 =  *((intOrPtr*)(_t106 + 0x41));
								_t96 =  *(_t106 + 0x2c);
								__eflags = _t108 - 0x20 - 0x5a;
								if(_t108 - 0x20 <= 0x5a) {
									asm("lfence");
									_t104 = _t89;
								}
								_t93 = ( *(_t108 + 0x2993f40) & 0x000000ff) >> 4;
								 *(_t106 + 0x2c) = ( *(_t108 + 0x2993f40) & 0x000000ff) >> 4;
								_t108 = _t106;
								_t72 = E02968F40(_t93, _t98, _t101, _t108, _t109, _t118);
								__eflags = _t72;
								if(_t72 == 0) {
									goto L59;
								} else {
									_t73 =  *(_t106 + 0x2c);
									__eflags = _t73 - 8;
									if(__eflags == 0) {
										goto L58;
									}
									__eflags = _t73;
									if(_t73 == 0) {
										_t108 = _t106;
										_t74 = E0295E2A0(_t108);
										L53:
										__eflags = _t74;
										if(_t74 == 0) {
											goto L59;
										}
										L54:
										_t104 =  *(_t106 + 0x18);
										_t94 =  *_t104;
										 *((char*)(_t106 + 0x41)) = _t94;
										__eflags = _t94;
										if(_t94 != 0) {
											continue;
										}
										goto L55;
									}
									_t75 = _t73 - 1;
									__eflags = _t75;
									if(_t75 == 0) {
										 *_t124 = 0;
										 *((intOrPtr*)(_t106 + 0x40)) = bpl;
										 *(_t106 + 0x30) = 0;
										 *_t112 = _t98;
										 *((intOrPtr*)(_t106 + 0x3c)) = 0;
										 *((intOrPtr*)(_t106 + 0x54)) = bpl;
										goto L54;
									}
									_t76 = _t75 - 1;
									__eflags = _t76;
									if(_t76 == 0) {
										_t77 =  *((intOrPtr*)(_t106 + 0x41));
										__eflags = _t77 - 0x20;
										if(_t77 == 0x20) {
											 *(_t106 + 0x30) =  *(_t106 + 0x30) | 0x00000002;
										} else {
											__eflags = _t77 - 0x23;
											if(_t77 == 0x23) {
												 *(_t106 + 0x30) =  *(_t106 + 0x30) | 0x00000020;
											} else {
												__eflags = _t77 - 0x2b;
												if(_t77 == 0x2b) {
													 *(_t106 + 0x30) =  *(_t106 + 0x30) | 0x00000001;
												} else {
													__eflags = _t77 - 0x2d;
													if(_t77 == 0x2d) {
														 *(_t106 + 0x30) =  *(_t106 + 0x30) | 0x00000004;
													} else {
														__eflags = _t77 - 0x30;
														if(_t77 == 0x30) {
															 *(_t106 + 0x30) =  *(_t106 + 0x30) | 0x00000008;
														}
													}
												}
											}
										}
										goto L54;
									}
									_t78 = _t76 - 1;
									__eflags = _t78;
									if(_t78 == 0) {
										__eflags =  *((char*)(_t106 + 0x41)) - 0x2a;
										_t108 = _t106;
										if( *((char*)(_t106 + 0x41)) == 0x2a) {
											_t79 = E02968440(_t88, _t104, _t106, _t108, _t118, _t119, _t120);
											__eflags = _t79;
											if(_t79 == 0) {
												goto L59;
											}
											__eflags =  *((intOrPtr*)(_t106 + 0x478)) - 1;
											if( *((intOrPtr*)(_t106 + 0x478)) != 1) {
												L38:
												_t80 =  *_t124;
												__eflags = _t80;
												if(_t80 < 0) {
													_t39 = _t106 + 0x30;
													 *_t39 =  *(_t106 + 0x30) | 0x00000004;
													__eflags =  *_t39;
													 *_t124 =  ~_t80;
												}
												L40:
												_t74 = 1;
												goto L53;
											}
											__eflags =  *((intOrPtr*)(_t106 + 0x47c)) - 1;
											if( *((intOrPtr*)(_t106 + 0x47c)) != 1) {
												goto L54;
											}
											goto L38;
										}
										_t109 = _t124;
										L26:
										_t74 = L0295B988(_t104, _t106, _t108, _t109, _t113);
										goto L53;
									}
									_t82 = _t78 - 1;
									__eflags = _t82;
									if(_t82 == 0) {
										 *_t112 = 0;
										goto L54;
									}
									_t83 = _t82 - 1;
									__eflags = _t83;
									if(_t83 == 0) {
										__eflags =  *((char*)(_t106 + 0x41)) - 0x2a;
										_t108 = _t106;
										if( *((char*)(_t106 + 0x41)) == 0x2a) {
											_t84 = E029688F0(_t88, _t104, _t106, _t108, _t118, _t119, _t120);
											__eflags = _t84;
											if(_t84 == 0) {
												goto L59;
											}
											__eflags =  *((intOrPtr*)(_t106 + 0x478)) - 1;
											if( *((intOrPtr*)(_t106 + 0x478)) != 1) {
												L30:
												__eflags =  *_t112;
												if( *_t112 < 0) {
													 *_t112 = _t98;
												}
												goto L40;
											}
											__eflags =  *((intOrPtr*)(_t106 + 0x47c)) - 1;
											if( *((intOrPtr*)(_t106 + 0x47c)) != 1) {
												goto L54;
											}
											goto L30;
										} else {
											_t109 = _t112;
											goto L26;
										}
									}
									_t85 = _t83 - 1;
									__eflags = _t85;
									if(_t85 == 0) {
										_t108 = _t106;
										_t74 = E0295F7A4(_t106, _t108, _t112, _t113, _t118, _t120);
										goto L53;
									}
									__eflags = _t85 - 1;
									if(_t85 != 1) {
										goto L59;
									} else {
										_t108 = _t106;
										_t74 = E02960E28(_t88, _t98, 0, _t101, _t106, _t108, _t112, _t113, _t118, _t119, _t120, _t121, _t122, _t123);
										goto L53;
									}
								}
							}
							goto L56;
						}
						__eflags =  *((intOrPtr*)(_t106 + 0x47c)) - 1;
						if( *((intOrPtr*)(_t106 + 0x47c)) == 1) {
							break;
						}
						goto L7;
					}
					_t66 =  *(_t106 + 0x28);
				} else {
					E02971538(_t103, __rax);
					 *__rax = 0x16;
					_t66 = E02970D4C() | _t98;
				}
			}

0x0295c7a8
0x0295c7a8
0x0295c7a8
0x0295c7a8
0x0295c7a8
0x0295c7a8
0x0295c7a8
0x0295c7a8
0x0295c7a8
0x0295c7a8
0x0295c7a8
0x0295c7a8
0x0295c7a8
0x0295c7a8
0x0295c7ad
0x0295c7b2
0x0295c7c0
0x0295c7c5
0x0295c7cf
0x0295ca0d
0x0295ca0d
0x0295ca12
0x0295ca18
0x0295ca1d
0x0295ca1d
0x0295ca24
0x0295ca3c
0x0295ca3c
0x0295c7d5
0x0295c7d9
0x0295c7f9
0x0295c7f9
0x0295c7ff
0x0295c805
0x0295c808
0x00000000
0x00000000
0x0295c80e
0x0295c811
0x0295c820
0x0295c820
0x0295c827
0x0295c82b
0x0295c82f
0x0295c835
0x0295c83b
0x0295c841
0x0295c844
0x0295c846
0x0295c84a
0x0295c84d
0x0295c850
0x0295c852
0x0295c855
0x0295c857
0x0295c9f8
0x0295c9f8
0x0295c9f8
0x0295c9f8
0x0295c9fc
0x0295c9fc
0x0295c9ff
0x0295ca04
0x0295ca06
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0295c85d
0x0295c85d
0x0295c85d
0x0295c861
0x0295c864
0x00000000
0x00000000
0x0295c86a
0x0295c86d
0x0295c873
0x0295c875
0x0295c877
0x0295c87a
0x0295c884
0x0295c895
0x0295c898
0x0295c89b
0x0295c89e
0x0295c8a3
0x0295c8a5
0x00000000
0x0295c8ab
0x0295c8ab
0x0295c8ae
0x0295c8b1
0x00000000
0x00000000
0x0295c8b7
0x0295c8b9
0x0295c9db
0x0295c9de
0x0295c9e3
0x0295c9e3
0x0295c9e5
0x00000000
0x00000000
0x0295c9e7
0x0295c9e7
0x0295c9eb
0x0295c9ed
0x0295c9f0
0x0295c9f2
0x00000000
0x00000000
0x00000000
0x0295c9f2
0x0295c8bf
0x0295c8bf
0x0295c8c2
0x0295c9c6
0x0295c9c9
0x0295c9cd
0x0295c9d0
0x0295c9d2
0x0295c9d5
0x00000000
0x0295c9d5
0x0295c8c8
0x0295c8c8
0x0295c8cb
0x0295c991
0x0295c994
0x0295c996
0x0295c9c0
0x0295c998
0x0295c998
0x0295c99a
0x0295c9ba
0x0295c99c
0x0295c99c
0x0295c99e
0x0295c9b4
0x0295c9a0
0x0295c9a0
0x0295c9a2
0x0295c9ae
0x0295c9a4
0x0295c9a4
0x0295c9a6
0x0295c9a8
0x0295c9a8
0x0295c9a6
0x0295c9a2
0x0295c99e
0x0295c99a
0x00000000
0x0295c996
0x0295c8d1
0x0295c8d1
0x0295c8d4
0x0295c950
0x0295c954
0x0295c957
0x0295c95e
0x0295c963
0x0295c965
0x00000000
0x00000000
0x0295c96b
0x0295c972
0x0295c97d
0x0295c97d
0x0295c980
0x0295c982
0x0295c984
0x0295c984
0x0295c984
0x0295c98a
0x0295c98a
0x0295c98d
0x0295c98d
0x00000000
0x0295c98d
0x0295c974
0x0295c97b
0x00000000
0x00000000
0x00000000
0x0295c97b
0x0295c959
0x0295c914
0x0295c914
0x00000000
0x0295c914
0x0295c8d6
0x0295c8d6
0x0295c8d9
0x0295c949
0x00000000
0x0295c949
0x0295c8db
0x0295c8db
0x0295c8de
0x0295c908
0x0295c90c
0x0295c90f
0x0295c91e
0x0295c923
0x0295c925
0x00000000
0x00000000
0x0295c92b
0x0295c932
0x0295c941
0x0295c941
0x0295c943
0x0295c945
0x0295c945
0x00000000
0x0295c943
0x0295c934
0x0295c93b
0x00000000
0x00000000
0x00000000
0x0295c911
0x0295c911
0x00000000
0x0295c911
0x0295c90f
0x0295c8e0
0x0295c8e0
0x0295c8e3
0x0295c8fb
0x0295c8fe
0x00000000
0x0295c8fe
0x0295c8e5
0x0295c8e8
0x00000000
0x0295c8ee
0x0295c8ee
0x0295c8f1
0x00000000
0x0295c8f1
0x0295c8e8
0x0295c8a5
0x00000000
0x0295c85d
0x0295c813
0x0295c81a
0x00000000
0x00000000
0x00000000
0x0295c81a
0x0295ca21
0x0295c7db
0x0295c7db
0x0295c7e0
0x0295c7eb
0x0295c7eb

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0295C7E6
_invalid_parameter_noinfo.LIBCMT ref: 0295CA18

Strings

, xrefs: 0295C9BA
*, xrefs: 0295C950

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: $*
API String ID: 3215553584-3982473090
Opcode ID: f6476e5a2c035afb550804896817ba4753d2b5b2c58a65035ae4afa88a380e88
Instruction ID: 0b48d622033711ede51514a16939c027e847071756def134f926f4cc025a3c52
Opcode Fuzzy Hash: f6476e5a2c035afb550804896817ba4753d2b5b2c58a65035ae4afa88a380e88
Instruction Fuzzy Hash: 1C617F726087A48ACB29CF39D0A536C7BA9F356B4CF58112BCF8697318DB35C086CB55

Uniqueness

Uniqueness Score: -1.00%

Function 0295C378 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 151
COMMON

Download Yara Rule

C-Code - Quality: 65%

			E0295C378(void* __ebx, void* __edx, signed int __edi, void* __esi, void* __esp, intOrPtr* __rax, long long __rbx, intOrPtr __rcx, void* __rdx, void* __rsi, void* __r8, void* __r9, void* __r10, void* __r11, void* __r12, void* __r13) {
				signed int _t73;
				signed int _t74;
				signed int _t78;
				signed int _t81;
				signed int _t82;
				signed int _t83;
				intOrPtr _t84;
				signed int _t85;
				signed int _t86;
				signed int _t87;
				signed int _t88;
				void* _t91;
				signed int _t92;
				intOrPtr* _t93;
				signed int _t96;
				signed int _t98;
				signed int _t105;
				void* _t106;
				void* _t107;
				intOrPtr _t113;
				intOrPtr _t116;
				void* _t117;
				void* _t120;
				long long _t121;
				void* _t124;
				void* _t127;
				void* _t129;
				void* _t130;
				void* _t131;
				void* _t132;

				_t132 = __r13;
				_t131 = __r12;
				_t130 = __r11;
				_t129 = __r10;
				_t127 = __r8;
				_t120 = __rsi;
				_t117 = __rdx;
				_t109 = __rax;
				_t107 = __esp;
				_t106 = __esi;
				_t91 = __ebx;
				 *((long long*)(_t124 + 0x10)) = __rbx;
				 *((long long*)(_t124 + 0x18)) = _t121;
				_t113 = __rcx;
				_t105 = __edi | 0xffffffff;
				_t116 =  *((intOrPtr*)(__rcx + 0x468));
				_t108 = _t116;
				if(_t116 != 0) {
					_t73 = L0296983C(__edx, __rax, _t116);
					__eflags = _t73;
					if(_t73 == 0) {
						L2:
						_t74 = _t105;
						L3:
						return _t74;
					}
					__eflags =  *((long long*)(__rcx + 0x18));
					if(__eflags != 0) {
						 *((intOrPtr*)(__rcx + 0x470)) =  *((intOrPtr*)(__rcx + 0x470)) + 1;
						__eflags =  *((intOrPtr*)(__rcx + 0x470)) - 2;
						if( *((intOrPtr*)(__rcx + 0x470)) == 2) {
							L51:
							_t74 =  *(_t113 + 0x28);
							goto L3;
						} else {
							do {
								 *(_t113 + 0x50) =  *(_t113 + 0x50) & 0x00000000;
								 *(_t113 + 0x2c) =  *(_t113 + 0x2c) & 0x00000000;
								while(1) {
									_t109 =  *(_t113 + 0x18);
									_t92 =  *_t109;
									 *((char*)(_t113 + 0x41)) = _t92;
									__eflags = _t92;
									if(_t92 == 0) {
										break;
									}
									 *(_t113 + 0x18) =  *(_t113 + 0x18) + 1;
									__eflags =  *(_t113 + 0x28);
									if( *(_t113 + 0x28) < 0) {
										goto L50;
									}
									_t93 =  *((intOrPtr*)(_t113 + 0x41));
									__eflags = _t116 - 0x20 - 0x5a;
									if(_t116 - 0x20 > 0x5a) {
										__eflags = 0;
									} else {
										asm("lfence");
										_t109 = _t93;
									}
									_t78 = ( *(_t109 + 0x2993ee0) & 0x000000ff) >> 4;
									 *(_t113 + 0x2c) = _t78;
									__eflags = _t78 - 8;
									if(__eflags == 0) {
										goto L1;
									} else {
										__eflags = _t78;
										if(_t78 == 0) {
											_t116 = _t113;
											_t81 = E0295E1BC(_t116, _t117, _t120);
											L47:
											__eflags = _t81;
											if(_t81 == 0) {
												goto L2;
											}
											continue;
										}
										_t82 = _t78 - 1;
										__eflags = _t82;
										if(_t82 == 0) {
											 *(_t113 + 0x34) =  *(_t113 + 0x34) & 0x00000000;
											 *(_t113 + 0x30) =  *(_t113 + 0x30) & 0x00000000;
											 *(_t113 + 0x3c) =  *(_t113 + 0x3c) & 0x00000000;
											 *((char*)(_t113 + 0x40)) = 0;
											 *(_t113 + 0x38) = _t105;
											 *((char*)(_t113 + 0x54)) = 0;
											continue;
										}
										_t83 = _t82 - 1;
										__eflags = _t83;
										if(_t83 == 0) {
											_t84 =  *((intOrPtr*)(_t113 + 0x41));
											__eflags = _t84 - 0x20;
											if(_t84 == 0x20) {
												 *(_t113 + 0x30) =  *(_t113 + 0x30) | 0x00000002;
											} else {
												__eflags = _t84 - 0x23;
												if(_t84 == 0x23) {
													 *(_t113 + 0x30) =  *(_t113 + 0x30) | 0x00000020;
												} else {
													__eflags = _t84 - 0x2b;
													if(_t84 == 0x2b) {
														 *(_t113 + 0x30) =  *(_t113 + 0x30) | 0x00000001;
													} else {
														__eflags = _t84 - 0x2d;
														if(_t84 == 0x2d) {
															 *(_t113 + 0x30) =  *(_t113 + 0x30) | 0x00000004;
														} else {
															__eflags = _t84 - 0x30;
															if(_t84 == 0x30) {
																 *(_t113 + 0x30) =  *(_t113 + 0x30) | 0x00000008;
															}
														}
													}
												}
											}
											continue;
										}
										_t85 = _t83 - 1;
										__eflags = _t85;
										if(_t85 == 0) {
											__eflags =  *((char*)(_t113 + 0x41)) - 0x2a;
											if( *((char*)(_t113 + 0x41)) == 0x2a) {
												 *((long long*)(_t113 + 0x20)) =  *((long long*)(_t113 + 0x20)) + 8;
												_t96 =  *( *((intOrPtr*)(_t113 + 0x20)) - 8);
												 *(_t113 + 0x34) = _t96;
												__eflags = _t96;
												if(_t96 < 0) {
													_t42 = _t113 + 0x30;
													 *_t42 =  *(_t113 + 0x30) | 0x00000004;
													__eflags =  *_t42;
													 *(_t113 + 0x34) =  ~_t96;
												}
												L34:
												_t81 = 1;
												goto L47;
											}
											_t117 = _t113 + 0x34;
											L27:
											_t116 = _t113;
											_t81 = L0295B840(_t109, _t113, _t116, _t117, 0x2993ee0);
											goto L47;
										}
										_t86 = _t85 - 1;
										__eflags = _t86;
										if(_t86 == 0) {
											 *(_t113 + 0x38) =  *(_t113 + 0x38) & 0x00000000;
											continue;
										}
										_t87 = _t86 - 1;
										__eflags = _t87;
										if(_t87 == 0) {
											__eflags =  *((char*)(_t113 + 0x41)) - 0x2a;
											if( *((char*)(_t113 + 0x41)) == 0x2a) {
												 *((long long*)(_t113 + 0x20)) =  *((long long*)(_t113 + 0x20)) + 8;
												_t98 =  *( *((intOrPtr*)(_t113 + 0x20)) - 8);
												__eflags = _t98;
												_t99 =  <  ? _t105 : _t98;
												 *(_t113 + 0x38) =  <  ? _t105 : _t98;
												goto L34;
											} else {
												_t117 = _t113 + 0x38;
												goto L27;
											}
										}
										_t88 = _t87 - 1;
										__eflags = _t88;
										if(_t88 == 0) {
											_t116 = _t113;
											_t81 = E0295F4BC(_t106, _t113, _t116, _t117, _t120, 0x2993ee0, _t130);
											goto L47;
										}
										__eflags = _t88 - 1;
										if(_t88 != 1) {
											goto L2;
										} else {
											_t116 = _t113;
											_t81 = E0296093C(_t91, _t106, _t107, _t113, _t116, _t117, _t120, 0x2993ee0, _t127, _t129, _t130, _t131, _t132);
											goto L47;
										}
									}
								}
								_t67 = _t113 + 0x18;
								 *_t67 =  *(_t113 + 0x18) + 1;
								__eflags =  *_t67;
								L50:
								 *((intOrPtr*)(_t113 + 0x470)) =  *((intOrPtr*)(_t113 + 0x470)) + 1;
								__eflags =  *((intOrPtr*)(_t113 + 0x470)) - 2;
							} while ( *((intOrPtr*)(_t113 + 0x470)) != 2);
							goto L51;
						}
					} else {
						E02971538(__eflags, __rax);
						 *__rax = 0x16;
						_t74 = E02970D4C() | 0xffffffff;
						goto L3;
					}
				}
				L1:
				E02971538(_t108, _t109);
				 *_t109 = 0x16;
				E02970D4C();
				goto L2;
			}

0x0295c378
0x0295c378
0x0295c378
0x0295c378
0x0295c378
0x0295c378
0x0295c378
0x0295c378
0x0295c378
0x0295c378
0x0295c378
0x0295c378
0x0295c37d
0x0295c387
0x0295c38a
0x0295c38d
0x0295c394
0x0295c397
0x0295c3bb
0x0295c3c0
0x0295c3c2
0x0295c3a9
0x0295c3a9
0x0295c3ab
0x0295c3ba
0x0295c3ba
0x0295c3c4
0x0295c3c9
0x0295c3e0
0x0295c3e6
0x0295c3ed
0x0295c586
0x0295c586
0x00000000
0x0295c3f3
0x0295c3fa
0x0295c3fa
0x0295c3fe
0x0295c55e
0x0295c55e
0x0295c562
0x0295c564
0x0295c567
0x0295c569
0x00000000
0x00000000
0x0295c407
0x0295c40b
0x0295c40f
0x00000000
0x00000000
0x0295c415
0x0295c41e
0x0295c420
0x0295c433
0x0295c422
0x0295c422
0x0295c425
0x0295c42e
0x0295c43e
0x0295c441
0x0295c444
0x0295c447
0x00000000
0x0295c44d
0x0295c44d
0x0295c44f
0x0295c54e
0x0295c551
0x0295c556
0x0295c556
0x0295c558
0x00000000
0x00000000
0x00000000
0x0295c558
0x0295c455
0x0295c455
0x0295c458
0x0295c535
0x0295c539
0x0295c53d
0x0295c541
0x0295c545
0x0295c548
0x00000000
0x0295c548
0x0295c45e
0x0295c45e
0x0295c461
0x0295c500
0x0295c503
0x0295c505
0x0295c52f
0x0295c507
0x0295c507
0x0295c509
0x0295c529
0x0295c50b
0x0295c50b
0x0295c50d
0x0295c523
0x0295c50f
0x0295c50f
0x0295c511
0x0295c51d
0x0295c513
0x0295c513
0x0295c515
0x0295c517
0x0295c517
0x0295c515
0x0295c511
0x0295c50d
0x0295c509
0x00000000
0x0295c505
0x0295c467
0x0295c467
0x0295c46a
0x0295c4d4
0x0295c4d8
0x0295c4e0
0x0295c4e9
0x0295c4ec
0x0295c4ef
0x0295c4f1
0x0295c4f3
0x0295c4f3
0x0295c4f3
0x0295c4f9
0x0295c4f9
0x0295c4fc
0x0295c4fc
0x00000000
0x0295c4fc
0x0295c4da
0x0295c4a8
0x0295c4a8
0x0295c4ab
0x00000000
0x0295c4ab
0x0295c46c
0x0295c46c
0x0295c46f
0x0295c4cb
0x00000000
0x0295c4cb
0x0295c471
0x0295c471
0x0295c474
0x0295c49e
0x0295c4a2
0x0295c4b5
0x0295c4be
0x0295c4c1
0x0295c4c3
0x0295c4c6
0x00000000
0x0295c4a4
0x0295c4a4
0x00000000
0x0295c4a4
0x0295c4a2
0x0295c476
0x0295c476
0x0295c479
0x0295c491
0x0295c494
0x00000000
0x0295c494
0x0295c47b
0x0295c47e
0x00000000
0x0295c484
0x0295c484
0x0295c487
0x00000000
0x0295c487
0x0295c47e
0x0295c447
0x0295c56f
0x0295c56f
0x0295c56f
0x0295c573
0x0295c573
0x0295c579
0x0295c579
0x00000000
0x0295c3fa
0x0295c3cb
0x0295c3cb
0x0295c3d0
0x0295c3db
0x00000000
0x0295c3db
0x0295c3c9
0x0295c399
0x0295c399
0x0295c39e
0x0295c3a4
0x00000000

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0295C3A4
_invalid_parameter_noinfo.LIBCMT ref: 0295C3D6

Strings

*, xrefs: 0295C4D4
, xrefs: 0295C529

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: $*
API String ID: 3215553584-3982473090
Opcode ID: 96232fbb1294a2b6d23d0007b476476fec0492bd185ac9dd94bf57ff7d152c1f
Instruction ID: 5b22c954fa04e69b0f2638574f91475c70b95f986754df091537db63bf437ea5
Opcode Fuzzy Hash: 96232fbb1294a2b6d23d0007b476476fec0492bd185ac9dd94bf57ff7d152c1f
Instruction Fuzzy Hash: 745171723083648BDB28CF79C49433C3BA5F346B5DF44262BCE4646258CB79C086CB45

Uniqueness

Uniqueness Score: -1.00%

Function 0295CA40 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E0295CA40(void* __ebx, void* __edx, signed int __edi, void* __esi, void* __ebp, void* __esp, intOrPtr* __rax, long long __rbx, void* __rcx, void* __rdx, void* __rsi, void* __r8, void* __r9, void* __r10, void* __r11, void* __r12, void* __r13) {
				signed int _t75;
				signed int _t79;
				signed int _t80;
				signed int _t81;
				signed int _t82;
				intOrPtr _t83;
				signed int _t84;
				signed int _t85;
				signed int _t86;
				signed int _t87;
				void* _t90;
				signed int _t91;
				intOrPtr* _t92;
				signed int _t95;
				signed int _t97;
				signed int _t104;
				void* _t106;
				void* _t107;
				void* _t114;
				void* _t116;
				void* _t117;
				void* _t120;
				long long _t121;
				void* _t124;
				void* _t127;
				void* _t129;
				void* _t130;
				void* _t131;
				void* _t132;

				_t132 = __r13;
				_t131 = __r12;
				_t130 = __r11;
				_t129 = __r10;
				_t127 = __r8;
				_t120 = __rsi;
				_t117 = __rdx;
				_t116 = __rcx;
				_t110 = __rax;
				_t107 = __esp;
				_t106 = __ebp;
				_t90 = __ebx;
				 *((long long*)(_t124 + 0x10)) = __rbx;
				 *((long long*)(_t124 + 0x18)) = _t121;
				_t104 = __edi | 0xffffffff;
				_t114 = __rcx;
				if( *((long long*)(__rcx + 0x468)) == 0) {
					L49:
					E02971538(__eflags, _t110);
					 *_t110 = 0x16;
					E02970D4C();
					L50:
					_t75 = _t104;
					L48:
					return _t75;
				}
				_t109 =  *((long long*)(__rcx + 0x18));
				if( *((long long*)(__rcx + 0x18)) != 0) {
					 *((intOrPtr*)(__rcx + 0x470)) =  *((intOrPtr*)(__rcx + 0x470)) + 1;
					__eflags =  *((intOrPtr*)(__rcx + 0x470)) - 2;
					if( *((intOrPtr*)(__rcx + 0x470)) == 2) {
						L47:
						_t75 =  *(_t114 + 0x28);
						goto L48;
					} else {
						do {
							 *(_t114 + 0x50) =  *(_t114 + 0x50) & 0x00000000;
							 *(_t114 + 0x2c) =  *(_t114 + 0x2c) & 0x00000000;
							while(1) {
								_t110 =  *(_t114 + 0x18);
								_t91 =  *_t110;
								 *((char*)(_t114 + 0x41)) = _t91;
								__eflags = _t91;
								if(_t91 == 0) {
									break;
								}
								 *(_t114 + 0x18) =  *(_t114 + 0x18) + 1;
								__eflags =  *(_t114 + 0x28);
								if( *(_t114 + 0x28) < 0) {
									goto L46;
								}
								_t92 =  *((intOrPtr*)(_t114 + 0x41));
								__eflags = _t116 - 0x20 - 0x5a;
								if(_t116 - 0x20 > 0x5a) {
									__eflags = 0;
								} else {
									asm("lfence");
									_t110 = _t92;
								}
								_t79 = ( *(_t110 + 0x2993ee0) & 0x000000ff) >> 4;
								 *(_t114 + 0x2c) = _t79;
								__eflags = _t79 - 8;
								if(__eflags == 0) {
									goto L49;
								} else {
									__eflags = _t79;
									if(_t79 == 0) {
										_t116 = _t114;
										_t80 = E0295E338(_t116);
										L43:
										__eflags = _t80;
										if(_t80 == 0) {
											goto L50;
										}
										continue;
									}
									_t81 = _t79 - 1;
									__eflags = _t81;
									if(_t81 == 0) {
										 *(_t114 + 0x34) =  *(_t114 + 0x34) & 0x00000000;
										 *(_t114 + 0x30) =  *(_t114 + 0x30) & 0x00000000;
										 *(_t114 + 0x3c) =  *(_t114 + 0x3c) & 0x00000000;
										 *((char*)(_t114 + 0x40)) = 0;
										 *(_t114 + 0x38) = _t104;
										 *((char*)(_t114 + 0x54)) = 0;
										continue;
									}
									_t82 = _t81 - 1;
									__eflags = _t82;
									if(_t82 == 0) {
										_t83 =  *((intOrPtr*)(_t114 + 0x41));
										__eflags = _t83 - 0x20;
										if(_t83 == 0x20) {
											 *(_t114 + 0x30) =  *(_t114 + 0x30) | 0x00000002;
										} else {
											__eflags = _t83 - 0x23;
											if(_t83 == 0x23) {
												 *(_t114 + 0x30) =  *(_t114 + 0x30) | 0x00000020;
											} else {
												__eflags = _t83 - 0x2b;
												if(_t83 == 0x2b) {
													 *(_t114 + 0x30) =  *(_t114 + 0x30) | 0x00000001;
												} else {
													__eflags = _t83 - 0x2d;
													if(_t83 == 0x2d) {
														 *(_t114 + 0x30) =  *(_t114 + 0x30) | 0x00000004;
													} else {
														__eflags = _t83 - 0x30;
														if(_t83 == 0x30) {
															 *(_t114 + 0x30) =  *(_t114 + 0x30) | 0x00000008;
														}
													}
												}
											}
										}
										continue;
									}
									_t84 = _t82 - 1;
									__eflags = _t84;
									if(_t84 == 0) {
										__eflags =  *((char*)(_t114 + 0x41)) - 0x2a;
										if( *((char*)(_t114 + 0x41)) == 0x2a) {
											 *((long long*)(_t114 + 0x20)) =  *((long long*)(_t114 + 0x20)) + 8;
											_t95 =  *( *((intOrPtr*)(_t114 + 0x20)) - 8);
											 *(_t114 + 0x34) = _t95;
											__eflags = _t95;
											if(_t95 < 0) {
												_t40 = _t114 + 0x30;
												 *_t40 =  *(_t114 + 0x30) | 0x00000004;
												__eflags =  *_t40;
												 *(_t114 + 0x34) =  ~_t95;
											}
											L30:
											_t80 = 1;
											goto L43;
										}
										_t117 = _t114 + 0x34;
										L23:
										_t116 = _t114;
										_t80 = L0295BA2C(_t110, _t114, _t116, _t117, 0x2993ee0);
										goto L43;
									}
									_t85 = _t84 - 1;
									__eflags = _t85;
									if(_t85 == 0) {
										 *(_t114 + 0x38) =  *(_t114 + 0x38) & 0x00000000;
										continue;
									}
									_t86 = _t85 - 1;
									__eflags = _t86;
									if(_t86 == 0) {
										__eflags =  *((char*)(_t114 + 0x41)) - 0x2a;
										if( *((char*)(_t114 + 0x41)) == 0x2a) {
											 *((long long*)(_t114 + 0x20)) =  *((long long*)(_t114 + 0x20)) + 8;
											_t97 =  *( *((intOrPtr*)(_t114 + 0x20)) - 8);
											__eflags = _t97;
											_t98 =  <  ? _t104 : _t97;
											 *(_t114 + 0x38) =  <  ? _t104 : _t97;
											goto L30;
										} else {
											_t117 = _t114 + 0x38;
											goto L23;
										}
									}
									_t87 = _t86 - 1;
									__eflags = _t87;
									if(_t87 == 0) {
										_t116 = _t114;
										_t80 = L0295F918(_t106, _t114, _t116, _t120, 0x2993ee0, _t127, _t129, _t130);
										goto L43;
									}
									__eflags = _t87 - 1;
									if(_t87 != 1) {
										goto L50;
									} else {
										_t116 = _t114;
										_t80 = E029610A4(_t90, _t106, _t107, _t114, _t116, _t120, 0x2993ee0, _t127, _t129, _t130, _t131, _t132);
										goto L43;
									}
								}
							}
							_t65 = _t114 + 0x18;
							 *_t65 =  *(_t114 + 0x18) + 1;
							__eflags =  *_t65;
							L46:
							 *((intOrPtr*)(_t114 + 0x470)) =  *((intOrPtr*)(_t114 + 0x470)) + 1;
							__eflags =  *((intOrPtr*)(_t114 + 0x470)) - 2;
						} while ( *((intOrPtr*)(_t114 + 0x470)) != 2);
						goto L47;
					}
				} else {
					E02971538(_t109, __rax);
					 *__rax = 0x16;
					_t75 = E02970D4C() | _t104;
					goto L48;
				}
			}

0x0295ca40
0x0295ca40
0x0295ca40
0x0295ca40
0x0295ca40
0x0295ca40
0x0295ca40
0x0295ca40
0x0295ca40
0x0295ca40
0x0295ca40
0x0295ca40
0x0295ca40
0x0295ca45
0x0295ca4f
0x0295ca52
0x0295ca5d
0x0295cc36
0x0295cc36
0x0295cc3b
0x0295cc41
0x0295cc46
0x0295cc46
0x0295cc26
0x0295cc35
0x0295cc35
0x0295ca63
0x0295ca68
0x0295ca81
0x0295ca87
0x0295ca8e
0x0295cc23
0x0295cc23
0x00000000
0x0295ca94
0x0295ca9b
0x0295ca9b
0x0295ca9f
0x0295cbfb
0x0295cbfb
0x0295cbff
0x0295cc01
0x0295cc04
0x0295cc06
0x00000000
0x00000000
0x0295caa8
0x0295caac
0x0295cab0
0x00000000
0x00000000
0x0295cab6
0x0295cabf
0x0295cac1
0x0295cad4
0x0295cac3
0x0295cac3
0x0295cac6
0x0295cacf
0x0295cadf
0x0295cae2
0x0295cae5
0x0295cae8
0x00000000
0x0295caee
0x0295caee
0x0295caf0
0x0295cbef
0x0295cbf2
0x0295cbf7
0x0295cbf7
0x0295cbf9
0x00000000
0x00000000
0x00000000
0x0295cbf9
0x0295caf6
0x0295caf6
0x0295caf9
0x0295cbd6
0x0295cbda
0x0295cbde
0x0295cbe2
0x0295cbe6
0x0295cbe9
0x00000000
0x0295cbe9
0x0295caff
0x0295caff
0x0295cb02
0x0295cba1
0x0295cba4
0x0295cba6
0x0295cbd0
0x0295cba8
0x0295cba8
0x0295cbaa
0x0295cbca
0x0295cbac
0x0295cbac
0x0295cbae
0x0295cbc4
0x0295cbb0
0x0295cbb0
0x0295cbb2
0x0295cbbe
0x0295cbb4
0x0295cbb4
0x0295cbb6
0x0295cbb8
0x0295cbb8
0x0295cbb6
0x0295cbb2
0x0295cbae
0x0295cbaa
0x00000000
0x0295cba6
0x0295cb08
0x0295cb08
0x0295cb0b
0x0295cb75
0x0295cb79
0x0295cb81
0x0295cb8a
0x0295cb8d
0x0295cb90
0x0295cb92
0x0295cb94
0x0295cb94
0x0295cb94
0x0295cb9a
0x0295cb9a
0x0295cb9d
0x0295cb9d
0x00000000
0x0295cb9d
0x0295cb7b
0x0295cb49
0x0295cb49
0x0295cb4c
0x00000000
0x0295cb4c
0x0295cb0d
0x0295cb0d
0x0295cb10
0x0295cb6c
0x00000000
0x0295cb6c
0x0295cb12
0x0295cb12
0x0295cb15
0x0295cb3f
0x0295cb43
0x0295cb56
0x0295cb5f
0x0295cb62
0x0295cb64
0x0295cb67
0x00000000
0x0295cb45
0x0295cb45
0x00000000
0x0295cb45
0x0295cb43
0x0295cb17
0x0295cb17
0x0295cb1a
0x0295cb32
0x0295cb35
0x00000000
0x0295cb35
0x0295cb1c
0x0295cb1f
0x00000000
0x0295cb25
0x0295cb25
0x0295cb28
0x00000000
0x0295cb28
0x0295cb1f
0x0295cae8
0x0295cc0c
0x0295cc0c
0x0295cc0c
0x0295cc10
0x0295cc10
0x0295cc16
0x0295cc16
0x00000000
0x0295ca9b
0x0295ca6a
0x0295ca6a
0x0295ca6f
0x0295ca7a
0x00000000
0x0295ca7a

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0295CA75
_invalid_parameter_noinfo.LIBCMT ref: 0295CC41

Strings

, xrefs: 0295CBCA
*, xrefs: 0295CB75

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: $*
API String ID: 3215553584-3982473090
Opcode ID: 26754b0da5293f5719ddfdeaa0d310addd7a6e79f0643a1f81f55369126a2b98
Instruction ID: b23c4ceb33a72e900eeb8b00af4db4211481b46ec9371b81949f51aed6a36164
Opcode Fuzzy Hash: 26754b0da5293f5719ddfdeaa0d310addd7a6e79f0643a1f81f55369126a2b98
Instruction Fuzzy Hash: BE5158B2708B648ADB68CF38D0983683BB9F346B1DF58161BCE8666368C775C185CB05

Uniqueness

Uniqueness Score: -1.00%

Function 0293A5B0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 83
librarymemoryloaderCOMMON

Download Yara Rule

C-Code - Quality: 28%

			E0293A5B0(long long __ecx, void* __edi, void* __esp, long long __rdx, void* __r9, intOrPtr _a4, long long _a8, long long _a16) {
				void* _v4;
				signed int _v16;
				long long _v36;
				void* _v552;
				char _v564;
				void* _v584;
				long long _v588;
				long long _v596;
				long long _v612;
				void* _t47;
				signed long long _t55;
				void* _t82;
				void* _t88;

				_t88 = __r9;
				_t42 = __ecx;
				_a16 = __rdx;
				_a8 = __ecx;
				_t83 = _t82 - 0x270;
				_t55 =  *0x29a61e8; // 0xc99624406909
				_t56 = _t55 ^ _t82 - 0x00000270;
				_v16 = _t56;
				_v584 = 0;
				if(_a16 == 0) {
					L10:
					_t56 = _v584;
					L11:
					return L029438C0(_t31, _t42, _t56, _v16 ^ _t83);
				}
				memset(__edi, 0, 0x20a << 0);
				_t47 = __edi + 0x20a;
				_t42 = 0;
				_t51 =  *0x29aa988;
				if( *0x29aa988 == 0) {
					E02939370(0, _t47, _t51, L"Shell32.dll");
					 *0x29aa988 = _t56;
					if( *0x29aa988 != 0) {
						GetProcAddress();
						 *0x29aa990 = _t56;
					}
				}
				if( *0x29aa990 != 0) {
					_v612 =  &_v564;
					r9d = 0;
					r8d = 0;
					_t42 = 0;
					_v588 =  *0x29aa990();
					__eflags = _v588;
					if(_v588 != 0) {
						goto L10;
					}
					asm("repne scasw");
					asm("repne scasw");
					_t56 = 0x175b75a;
					_v36 = 0x175b75a;
					_t42 = 0x40;
					LocalAlloc(??, ??);
					_v596 = 0x175b75a;
					__eflags = _v596;
					if(_v596 != 0) {
						L0293BD00(_v596, _v36,  &_v564);
						L0293BD60(_v596, _v36, "\\", _t88);
						_t31 = L0293BD60(_v596, _v36, _a4, _t88);
						goto L10;
					}
					_t31 = 0;
				} else {
					_t31 = 0;
				}
			}

0x0293a5b0
0x0293a5b0
0x0293a5b0
0x0293a5b5
0x0293a5ba
0x0293a5c1
0x0293a5c8
0x0293a5cb
0x0293a5d3
0x0293a5e5
0x0293a730
0x0293a730
0x0293a735
0x0293a74d
0x0293a74d
0x0293a5f7
0x0293a5f7
0x0293a5f7
0x0293a5f9
0x0293a601
0x0293a60c
0x0293a611
0x0293a620
0x0293a630
0x0293a636
0x0293a636
0x0293a620
0x0293a645
0x0293a653
0x0293a658
0x0293a65b
0x0293a665
0x0293a66d
0x0293a671
0x0293a676
0x00000000
0x00000000
0x0293a68a
0x0293a6a8
0x0293a6b2
0x0293a6b7
0x0293a6ca
0x0293a6cf
0x0293a6d5
0x0293a6da
0x0293a6e0
0x0293a6f8
0x0293a711
0x0293a72b
0x00000000
0x0293a72b
0x0293a6e2
0x0293a647
0x0293a647
0x0293a647

APIs

Part of subcall function 02939370: SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,02901521), ref: 02939388
Part of subcall function 02939370: SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,02901521), ref: 029393A1

GetProcAddress.KERNEL32 ref: 0293A630
LocalAlloc.KERNEL32 ref: 0293A6CF

Strings

SHGetFolderPathW, xrefs: 0293A622
Shell32.dll, xrefs: 0293A605

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: ErrorLast$AddressAllocLocalProc
String ID: SHGetFolderPathW$Shell32.dll
API String ID: 3050229539-1831903832
Opcode ID: 9b7a603492bf8b960ae1d13582f71318299a27e13739dbb7d5cf6b1108851521
Instruction ID: 6648aea2998c2c03cb775c6174b25aa7ff116084047e4b904bbd3a7a0fdc81f4
Opcode Fuzzy Hash: 9b7a603492bf8b960ae1d13582f71318299a27e13739dbb7d5cf6b1108851521
Instruction Fuzzy Hash: D4415275628BC486EBA0DB24F49875AB3A5F7C87A4F405615DAAE437A8DF7CC044CB40

Uniqueness

Uniqueness Score: -1.00%

Function 0294A4AB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E0294A4AB(void* __ecx, void* __eflags, intOrPtr __rax, void* __rbx, void* __rcx, void* __rsi, void* __r9, intOrPtr _a32, intOrPtr _a40, intOrPtr _a48, intOrPtr* _a56, long long _a64, long long _a72, long long _a224, intOrPtr _a232, intOrPtr* _a248) {
				void* _t27;
				void* _t30;
				void* _t31;
				void* _t32;
				void* _t33;
				void* _t34;
				intOrPtr _t51;
				intOrPtr* _t54;
				long long _t55;
				void* _t60;
				intOrPtr _t61;
				intOrPtr* _t64;
				void* _t69;
				long long _t70;
				long long _t72;

				_t51 = __rax;
				_a32 = 1;
				L02947E18(_t27, __rax, __rbx, __rcx, _t60, __rsi, __r9);
				 *(_t51 + 0x40) =  *(_t51 + 0x40) & 0x00000000;
				_t64 = _a248;
				if(_a232 == 0) {
					_t69 = _t64 + 0x20;
					r8d =  *((intOrPtr*)(_t64 + 0x18));
				} else {
					E0294B380(1, _t64);
					_t51 = _a48;
					_t69 = _t51 + 0x20;
					r8d =  *((intOrPtr*)(_t51 + 0x18));
				}
				RaiseException();
				r15d = _a32;
				_t61 = _a40;
				_t70 = _a72;
				_t72 = _a64;
				_t54 = _a56;
				_t58 = _t54;
				_t29 = E02946DB8(_t51, _t54, _t54, _t61);
				if(r15d == 0 &&  *_t64 == 0xe06d7363 &&  *((intOrPtr*)(_t64 + 0x18)) == 4) {
					_t29 =  *((intOrPtr*)(_t64 + 0x20)) - 0x19930520;
					_t49 =  *((intOrPtr*)(_t64 + 0x20)) - 0x19930520 - 2;
					if( *((intOrPtr*)(_t64 + 0x20)) - 0x19930520 <= 2) {
						_t58 =  *((intOrPtr*)(_t64 + 0x28));
						if(E0294B400(_t49, _t51,  *((intOrPtr*)(_t64 + 0x28)), _t60) != 0) {
							_t58 = _t64;
							_t29 = E0294B380(1, _t64);
						}
					}
				}
				_t30 = L02947E18(_t29, _t51, _t54, _t58, _t60, _t64, _t69);
				 *((long long*)(_t51 + 0x20)) = _t72;
				_t31 = L02947E18(_t30, _t51, _t54, _t58, _t60, _t64, _t69);
				 *((long long*)(_t51 + 0x28)) = _t70;
				_t55 = _a224;
				_t32 = L02947E18(_t31, _t51, _t55, _t58, _t60, _t64, _t69);
				 *((long long*)(_t51 + 0x80)) = _t55;
				_t33 = L02947E18(_t32, _t51, _t55, _t58, _t60, _t64, _t69);
				 *((char*)(_t51 + 0x88)) = 0;
				_t34 = L02947E18(_t33, _t51, _t55, _t58, _t60, _t64, _t69);
				 *((long long*)(_t51 + 0x80)) = 0xfffffffe;
				return _t34;
			}

0x0294a4ab
0x0294a4ab
0x0294a4b3
0x0294a4b8
0x0294a4bc
0x0294a4cc
0x0294a4ec
0x0294a4f0
0x0294a4ce
0x0294a4d3
0x0294a4d8
0x0294a4dd
0x0294a4e1
0x0294a4e8
0x0294a4f9
0x0294a4ff
0x0294a504
0x0294a509
0x0294a50e
0x0294a513
0x0294a518
0x0294a51b
0x0294a523
0x0294a536
0x0294a53b
0x0294a53e
0x0294a540
0x0294a54b
0x0294a54f
0x0294a552
0x0294a552
0x0294a54b
0x0294a53e
0x0294a557
0x0294a55c
0x0294a560
0x0294a565
0x0294a569
0x0294a571
0x0294a576
0x0294a57d
0x0294a582
0x0294a589
0x0294a58e
0x0294a5ac

APIs

Part of subcall function 02947E18: __vcrt_getptd_noexit.LIBVCRUNTIME ref: 02947E1C

__DestructExceptionObject.LIBVCRUNTIME ref: 0294A4D3
RaiseException.KERNEL32 ref: 0294A4F9
__DestructExceptionObject.LIBVCRUNTIME ref: 0294A552

Strings

csm, xrefs: 0294A525

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: Exception$DestructObject$Raise__vcrt_getptd_noexit
String ID: csm
API String ID: 2280078643-1018135373
Opcode ID: 85f193c31d54c6709b6abd0e0363a7057bd09cad3d2617098f4694564755311f
Instruction ID: 76148f1a65d56e310a2312547d4b91bfd3fd02eecb18995681395732d9cc612d
Opcode Fuzzy Hash: 85f193c31d54c6709b6abd0e0363a7057bd09cad3d2617098f4694564755311f
Instruction Fuzzy Hash: 6921697720068486C730EF26E450B9EB7A5F7C9BA8F444625DF9A0BB54CF38D886CB41

Uniqueness

Uniqueness Score: -1.00%

Function 0294A282 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E0294A282(void* __ecx, void* __eflags, intOrPtr __rax, void* __rbx, void* __rcx, void* __rsi, void* __r9, intOrPtr _a32, intOrPtr _a40, intOrPtr _a48, intOrPtr* _a56, long long _a64, intOrPtr* _a80, intOrPtr _a176, intOrPtr* _a184, long long _a192, intOrPtr _a200) {
				void* _t27;
				void* _t30;
				void* _t31;
				intOrPtr _t48;
				intOrPtr _t53;
				void* _t59;
				long long _t60;
				intOrPtr* _t63;
				void* _t68;
				intOrPtr* _t69;
				long long _t71;
				intOrPtr* _t73;

				_t48 = __rax;
				_a32 = 1;
				L02947E18(_t27, __rax, __rbx, __rcx, _t59, __rsi, __r9);
				 *(_t48 + 0x40) =  *(_t48 + 0x40) & 0x00000000;
				_t63 = _a184;
				if(_a176 == 0) {
					_t68 = _t63 + 0x20;
					r8d =  *((intOrPtr*)(_t63 + 0x18));
				} else {
					E0294B380(1, _t63);
					_t48 = _a200;
					_t68 = _t48 + 0x20;
					r8d =  *((intOrPtr*)(_t48 + 0x18));
				}
				RaiseException();
				r15d = _a32;
				_t53 = _a40;
				_t71 = _a64;
				_t60 = _a192;
				_t73 = _a80;
				_t69 = _a56;
				_t56 = _t69;
				_t29 = E02946DB8(_t48, _t53, _t69, _t60);
				if(r15d == 0 &&  *_t63 == 0xe06d7363 &&  *((intOrPtr*)(_t63 + 0x18)) == 4) {
					_t29 =  *((intOrPtr*)(_t63 + 0x20)) - 0x19930520;
					_t46 =  *((intOrPtr*)(_t63 + 0x20)) - 0x19930520 - 2;
					if( *((intOrPtr*)(_t63 + 0x20)) - 0x19930520 <= 2) {
						_t56 =  *((intOrPtr*)(_t63 + 0x28));
						if(E0294B400(_t46, _t48,  *((intOrPtr*)(_t63 + 0x28)), _t59) != 0) {
							_t56 = _t63;
							_t29 = E0294B380(1, _t63);
						}
					}
				}
				_t30 = L02947E18(_t29, _t48, _t53, _t56, _t59, _t63, _t68);
				 *((long long*)(_t48 + 0x20)) = _t60;
				_t31 = L02947E18(_t30, _t48, _t53, _t56, _t59, _t63, _t68);
				 *((long long*)(_t48 + 0x28)) = _t71;
				 *((long long*)( *((intOrPtr*)(_a48 + 0x1c)) +  *_t73)) = 0xfffffffe;
				return _t31;
			}

0x0294a282
0x0294a282
0x0294a28a
0x0294a28f
0x0294a293
0x0294a2a3
0x0294a2c6
0x0294a2ca
0x0294a2a5
0x0294a2aa
0x0294a2af
0x0294a2b7
0x0294a2bb
0x0294a2c2
0x0294a2d3
0x0294a2d9
0x0294a2de
0x0294a2e3
0x0294a2e8
0x0294a2f0
0x0294a2f5
0x0294a2fa
0x0294a2fd
0x0294a305
0x0294a318
0x0294a31d
0x0294a320
0x0294a322
0x0294a32d
0x0294a331
0x0294a334
0x0294a334
0x0294a32d
0x0294a320
0x0294a339
0x0294a33e
0x0294a342
0x0294a347
0x0294a357
0x0294a371

APIs

Part of subcall function 02947E18: __vcrt_getptd_noexit.LIBVCRUNTIME ref: 02947E1C

__DestructExceptionObject.LIBVCRUNTIME ref: 0294A2AA
RaiseException.KERNEL32 ref: 0294A2D3
__DestructExceptionObject.LIBVCRUNTIME ref: 0294A334

Strings

csm, xrefs: 0294A307

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: Exception$DestructObject$Raise__vcrt_getptd_noexit
String ID: csm
API String ID: 2280078643-1018135373
Opcode ID: d3dfcbf52c64c067342ca17abf4cecd85ba392b5cdebdea8c81231f25448b71f
Instruction ID: 42e7a866586eb0e26b7c87f22a3767d50f2c4361dd83a35ceab778ecb250e872
Opcode Fuzzy Hash: d3dfcbf52c64c067342ca17abf4cecd85ba392b5cdebdea8c81231f25448b71f
Instruction Fuzzy Hash: 6921577B204644C3D730DF56E060A5EB7A1F388BA9F404216DF9A47BA4DF39D886CB01

Uniqueness

Uniqueness Score: -1.00%

Function 02943640 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63
windowCOMMON

Download Yara Rule

C-Code - Quality: 64%

			E02943640(void* __ecx, void* __edi, void* __esp, void* __rdx, void* __r8) {
				signed int _v16;
				char _v72;
				char _v152;
				char _v232;
				intOrPtr _v244;
				intOrPtr _v248;
				char _v256;
				char _v264;
				long long _v280;
				long long _v288;
				long long _v296;
				void* _t32;
				char _t34;
				void* _t35;
				void* _t39;
				signed long long _t52;
				signed long long _t53;
				intOrPtr* _t57;
				signed long long _t68;
				void* _t72;
				signed long long _t73;

				_t61 = __rdx;
				_t40 = __ecx;
				_t73 = _t68;
				_t52 =  *0x29a61e8; // 0xc99624406909
				_t53 = _t52 ^ _t68;
				_v16 = _t53;
				_v264 = 0;
				asm("xorps xmm0, xmm0");
				 *(_t73 - 0x48) = _t53;
				 *(_t73 - 0x40) = _t53;
				 *(_t73 - 0x38) = _t53;
				_t7 = _t53 + 0x50; // 0x50
				r8d = _t7;
				 *(_t73 - 0x30) = _t53;
				asm("movdqu [esp+0x4c], xmm0");
				 *(_t73 - 0x28) = _t53;
				 *(_t73 - 0x20) = _t53;
				 *((short*)(_t73 - 0x18)) = 0;
				_t32 = E02947430(0, __ecx, 0, __edi, __esp, _t73 - 0x98, __rdx, __r8);
				_t13 = _t61 + 0x50; // 0x50
				r8d = _t13;
				E02947430(_t32, _t40, 0, __edi, __esp,  &_v232, __rdx, __r8);
				_t34 =  *0x29a7f88; // 0x0
				_t57 =  *0x29a7f90; // 0x0
				_v280 =  &_v264;
				r9d = 0x14;
				_v256 = _t34;
				_v288 =  &_v232;
				_t54 =  *_t57;
				_v296 =  &_v152;
				_t35 =  *((intOrPtr*)( *_t57 + 0x108))();
				if(_t35 >= 0 && _v264 == 0) {
					_v288 = _v244;
					r9d = 0;
					r8d = _t35;
					_v296 = _v248;
					E029437D0(_t39, _t54,  &_v72, "hr=0x%x dwError=0x%x XResolution=%d YResolution=%d",  &_v256, _t72);
				}
				r9d = 0x10;
				return L029438C0(MessageBoxA(??, ??, ??, ??), 0, _t54, _v16 ^ _t68);
			}

0x02943640
0x02943640
0x02943640
0x0294364a
0x02943651
0x02943654
0x0294365e
0x02943666
0x02943669
0x0294366f
0x0294367a
0x0294367e
0x0294367e
0x02943682
0x02943686
0x0294368c
0x02943690
0x02943694
0x02943699
0x029436a5
0x029436a5
0x029436a9
0x029436ae
0x029436b9
0x029436c5
0x029436ca
0x029436d5
0x029436d9
0x029436e6
0x029436e9
0x029436f1
0x029436f9
0x0294370d
0x02943711
0x02943718
0x0294371b
0x02943727
0x0294372c
0x0294373d
0x02943769

APIs

MessageBoxA.USER32 ref: 0294374C

Strings

Intellib, xrefs: 02943743
hr=0x%x dwError=0x%x XResolution=%d YResolution=%d, xrefs: 02943706
getdisplayconfig error, xrefs: 02943736

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: Message
String ID: Intellib$getdisplayconfig error$hr=0x%x dwError=0x%x XResolution=%d YResolution=%d
API String ID: 2030045667-3941904653
Opcode ID: 1af3683bd3f3ad5b2f95bb171c2a44742268dbb40f72fa691b2a91f5a4ed3a0e
Instruction ID: 594dde4463d8d45dfbe3e6742cd7800ccfe3151ad03bf7f968ad4b37bd208e9e
Opcode Fuzzy Hash: 1af3683bd3f3ad5b2f95bb171c2a44742268dbb40f72fa691b2a91f5a4ed3a0e
Instruction Fuzzy Hash: 5B317F72718B8086EB60CF24E48479EB7B6F7C8754F90412ADA8D43B18EF39C685CB40

Uniqueness

Uniqueness Score: -1.00%

Function 02978934 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 42%

			E02978934(void* __eflags, long long __rbx, signed long long __rcx, void* __rsi, void* __rbp, long long _a8) {
				signed int _v24;
				signed char _v32;
				signed long long _v40;
				signed int _v56;
				signed char _t16;
				signed long long _t30;
				signed long long _t33;
				signed long long _t35;
				signed long long _t41;
				void* _t44;

				_t42 = __rsi;
				_t35 = __rcx;
				_a8 = __rbx;
				_t45 = _t44 - 0x50;
				_t30 =  *0x29a61e8; // 0xc99624406909
				_t31 = _t30 ^ _t44 - 0x00000050;
				_v24 = _t31;
				_t21 = 0xc;
				E029775E8(0xc, __rbx, "GetProcessWindowStation", __rsi, 0x2995320, "GetProcessWindowStation");
				_t33 = _t31;
				if(_t31 == 0) {
					L6:
					_t16 = 1;
				} else {
					_t21 = 0x10;
					E029775E8(0x10, _t33, "GetUserObjectInformationW", _t42, 0x29953a8, "GetUserObjectInformationW");
					_t41 = _t31;
					if(_t31 == 0) {
						goto L6;
					} else {
						_t31 = _t33;
						 *0x29913c0();
						if(_t33 == 0) {
							L5:
							_t16 = 0;
						} else {
							_t21 = 0;
							_v56 = _v56 & _t35;
							_v40 = _t35;
							_v32 = 0;
							_t8 = _t35 + 0xc; // 0xc
							r9d = _t8;
							_t31 = _t41;
							if( *0x29913c0() == 0 || (_v32 & 0x00000001) == 0) {
								goto L5;
							} else {
								goto L6;
							}
						}
					}
				}
				return L029438C0(_t16, _t21, _t31, _v24 ^ _t45);
			}

0x02978934
0x02978934
0x02978934
0x0297893a
0x0297893e
0x02978945
0x02978948
0x02978954
0x02978967
0x0297896c
0x02978972
0x029789e0
0x029789e0
0x02978974
0x0297897b
0x0297898e
0x02978993
0x02978999
0x00000000
0x0297899b
0x0297899b
0x0297899e
0x029789a7
0x029789dc
0x029789dc
0x029789a9
0x029789a9
0x029789b0
0x029789b5
0x029789ba
0x029789be
0x029789be
0x029789c8
0x029789d3
0x00000000
0x00000000
0x00000000
0x00000000
0x029789d3
0x029789a7
0x02978999
0x029789f9

APIs

try_get_function.LIBVCRUNTIME ref: 02978967
try_get_function.LIBVCRUNTIME ref: 0297898E

Part of subcall function 029775E8: GetProcAddress.KERNEL32(?,?,FFFFFFFF,02977E6A,?,?,?,02973956,?,?,?,029599FF,?,?,?,0296DD17), ref: 02977740

Strings

GetUserObjectInformationW, xrefs: 02978974, 02978987
GetProcessWindowStation, xrefs: 0297894D, 02978960

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: try_get_function$AddressProc
String ID: GetProcessWindowStation$GetUserObjectInformationW
API String ID: 1640347226-2732317663
Opcode ID: 59ac903b011f9b36db4abde648c1dee5360349f08976c43913981dce97d6b17c
Instruction ID: 59abfb5d1ce26a664d4d63d70b48ae9c168d559b151b17691699bf5864a9ba72
Opcode Fuzzy Hash: 59ac903b011f9b36db4abde648c1dee5360349f08976c43913981dce97d6b17c
Instruction Fuzzy Hash: 07119132215B8592EF418F14F44A3AA73A5FB48BA8FD4112AE94D07B54DF7CD189DB40

Uniqueness

Uniqueness Score: -1.00%

Function 029785C8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E029785C8(void* __edx, void* __esp, void* __eflags, void* __rax, long long __rbx, void* __rcx, void* __rdi, long long _a8) {
				void* _t5;
				void* _t15;
				long long _t16;
				void* _t20;
				void* _t25;
				void* _t27;
				void* _t28;
				void* _t29;
				void* _t30;

				_t20 = __rcx;
				_t16 = __rbx;
				_t15 = __rax;
				_a8 = __rbx;
				_t29 = _t28 - 0x20;
				_t25 = __rcx;
				E029775E8(0x21, __rbx, "SystemFunction036", _t27, 0x29955d8, "SystemFunction036");
				if(_t15 != 0) {
					_t20 = _t25;
					_t16 = _a8;
					_t29 = _t29 + 0x20;
					goto ( *0x29913c0);
				}
				E0296EB34(__esp, _t15, _t16, _t20, "SystemFunction036", _t27, 0x29955d8, "SystemFunction036");
				asm("int3");
				asm("int3");
				_push(_t16);
				_t30 = _t29 - 0x20;
				_t5 = E029775E8(0x20, _t20, "SetThreadStackGuarantee", _t27, 0x29955b8, "SetThreadStackGuarantee");
				if(_t15 != 0) {
					_t30 = _t30 + 0x20;
					goto ( *0x29913c0);
				}
				return _t5;
			}

0x029785c8
0x029785c8
0x029785c8
0x029785c8
0x029785ce
0x029785db
0x029785f1
0x029785f9
0x029785fd
0x02978600
0x02978605
0x0297860a
0x0297860a
0x02978611
0x02978616
0x02978617
0x02978618
0x0297861a
0x0297863b
0x02978643
0x02978648
0x0297864d
0x0297864d
0x02978659

APIs

try_get_function.LIBVCRUNTIME ref: 029785F1
try_get_function.LIBVCRUNTIME ref: 0297863B

Strings

SetThreadStackGuarantee, xrefs: 02978621, 02978634
SystemFunction036, xrefs: 029785D4, 029785DE

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: try_get_function
String ID: SetThreadStackGuarantee$SystemFunction036
API String ID: 2742660187-2910880125
Opcode ID: 0b3709edcf0b15eb7334471e341b77771c08edf917defb525afba4228f55ca1a
Instruction ID: c250c31e3b2c1db127f25a3d06aadb1d1efaa5f6fcfa77589fea0f24535b51e9
Opcode Fuzzy Hash: 0b3709edcf0b15eb7334471e341b77771c08edf917defb525afba4228f55ca1a
Instruction Fuzzy Hash: C901C851711644A2EF0A9B99E84C3E56363FB487A0FC8603ADE1C07761DE38C5D9C701

Uniqueness

Uniqueness Score: -1.00%

Function 02978888 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E02978888(void* __eflags, void* __rax) {
				void* __rbx;
				void* _t4;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t19;

				_t11 = __rax;
				E029775E8(7, _t13, "GetActiveWindow", _t19, 0x2995290, "GetActiveWindow");
				if(_t11 == 0) {
					L5:
					return 0;
				}
				 *0x29913c0();
				_t14 = _t11;
				if(_t11 == 0) {
					goto L5;
				}
				_t4 = E029775E8(0xa, _t14, "GetLastActivePopup", _t19, "\r", "GetLastActivePopup");
				if(_t11 != 0) {
					goto ( *0x29913c0);
				}
				return _t4;
			}

0x02978888
0x029788a8
0x029788b0
0x029788f8
0x00000000
0x029788f8
0x029788b2
0x029788b8
0x029788be
0x00000000
0x00000000
0x029788da
0x029788e2
0x029788f1
0x029788f1
0x00000000

APIs

try_get_function.LIBVCRUNTIME ref: 029788A8
try_get_function.LIBVCRUNTIME ref: 029788DA

Part of subcall function 029775E8: GetProcAddress.KERNEL32(?,?,FFFFFFFF,02977E6A,?,?,?,02973956,?,?,?,029599FF,?,?,?,0296DD17), ref: 02977740

Strings

GetLastActivePopup, xrefs: 029788C0, 029788D3
GetActiveWindow, xrefs: 0297888E, 029788A1

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: try_get_function$AddressProc
String ID: GetActiveWindow$GetLastActivePopup
API String ID: 1640347226-3742175580
Opcode ID: c4f793c1c1e6c6166b6a206fc4f7a69a043163cd5bf79f601e734033c59bd4f6
Instruction ID: 207b0295508bcab5500f301a3a97bc75a7563a086de9c2e57ea0c536acf5955b
Opcode Fuzzy Hash: c4f793c1c1e6c6166b6a206fc4f7a69a043163cd5bf79f601e734033c59bd4f6
Instruction Fuzzy Hash: 5DF05810702B4AD0FE069B99A8283E913A1FB48769FC9142ECD1D0A360EF3C91CAD340

Uniqueness

Uniqueness Score: -1.00%

Function 0297865C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 28
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E0297865C(void* __ecx, void* __rax, long long __rbx, void* __rsi, void* __rbp, long long _a8) {
				void* _t6;
				void* _t15;
				void* _t19;
				long long _t20;

				_t24 = __rsi;
				_t20 = __rbx;
				_t19 = __rax;
				_a8 = __rbx;
				_t10 = 0;
				_t6 = E029794F0(__ecx);
				_t2 = _t20 + 1; // 0x1
				_t15 = _t2;
				if(_t6 == _t15) {
					_t3 = _t20 + 0x18; // 0x18
					E029775E8(_t3, __rbx, "MessageBoxA", __rsi, "\r", "MessageBoxA");
					if(_t19 != 0) {
						_t4 = _t20 + 0x19; // 0x19
						E029775E8(_t4, _t20, "MessageBoxW", _t24, "\r", "MessageBoxW");
						_t10 =  !=  ? _t15 : 0;
					}
				}
				return _t10;
			}

0x0297865c
0x0297865c
0x0297865c
0x0297865c
0x02978666
0x02978668
0x0297866d
0x0297866d
0x02978672
0x02978689
0x0297868c
0x02978694
0x029786ab
0x029786ae
0x029786b9
0x029786b9
0x02978694
0x029786c8

APIs

try_get_function.LIBVCRUNTIME ref: 0297868C
try_get_function.LIBVCRUNTIME ref: 029786AE

Part of subcall function 029775E8: GetProcAddress.KERNEL32(?,?,FFFFFFFF,02977E6A,?,?,?,02973956,?,?,?,029599FF,?,?,?,0296DD17), ref: 02977740

Strings

MessageBoxW, xrefs: 02978696, 029786A4
MessageBoxA, xrefs: 02978674, 02978682

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: try_get_function$AddressProc
String ID: MessageBoxA$MessageBoxW
API String ID: 1640347226-1053882329
Opcode ID: 211f04d2635a6d8121a0c031edb25bf9da5ed1e5c515b3355e853dc0a673808a
Instruction ID: 0c1832251854d4f7810e27e80160346419462c0d3abc7537235058f27b5ecdd3
Opcode Fuzzy Hash: 211f04d2635a6d8121a0c031edb25bf9da5ed1e5c515b3355e853dc0a673808a
Instruction Fuzzy Hash: 55F09031200746A2DB85DFA4E8847E92365E78136DFD9102AC10C13124EB78D68AC750

Uniqueness

Uniqueness Score: -1.00%

Function 001C21B0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 20
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E001C21B0(intOrPtr* __rcx) {
				intOrPtr* _t16;

				_t16 =  *((intOrPtr*)(__rcx));
				if( *_t16 == 0xe0434352 ||  *_t16 == 0xe0434f4d) {
					L4:
					E001C4B10(_t12, _t16);
					_t13 =  *(_t16 + 0x30);
					if( *(_t16 + 0x30) > 0) {
						E001C4B10(_t13, _t16);
						 *(_t16 + 0x30) =  *(_t16 + 0x30) - 1;
					}
					goto L6;
				} else {
					_t12 =  *_t16 - 0xe06d7363;
					if( *_t16 != 0xe06d7363) {
						L6:
						return 0;
					}
					E001C4B10(_t12, _t16);
					 *(_t16 + 0x30) =  *(_t16 + 0x30) & 0x00000000;
					__imp__terminate();
					asm("int3");
					goto L4;
				}
			}

0x001c21b4
0x001c21bd
0x001c21df
0x001c21df
0x001c21e4
0x001c21e8
0x001c21ea
0x001c21ef
0x001c21ef
0x00000000
0x001c21c7
0x001c21c7
0x001c21cd
0x001c21f2
0x001c21f8
0x001c21f8
0x001c21cf
0x001c21d4
0x001c21d8
0x001c21de
0x00000000
0x001c21de

APIs

Part of subcall function 001C4B10: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,001C214E), ref: 001C4B1E

terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 001C21D8

Strings

csm, xrefs: 001C21C7
MOC, xrefs: 001C21BF
RCC, xrefs: 001C21B7

Memory Dump Source

Source File: 00000000.00000002.368460727.00000000001C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000000.00000002.368456644.00000000001C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.368470033.00000000001CD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.368475414.00000000001D1000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.368479501.00000000001D2000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1c0000_dp687checkversion_amd.jbxd

Similarity

API ID: abortterminate
String ID: MOC$RCC$csm
API String ID: 661698970-2671469338
Opcode ID: 2032ee78bb98908be33bc98ec57f0184f02416d3a6a2d9d4ef717c693c7c64ad
Instruction ID: 7034fd0f2397bc900f6ad92da0e9c7030e610ad749fa2449c3f17fa99cc13ac7
Opcode Fuzzy Hash: 2032ee78bb98908be33bc98ec57f0184f02416d3a6a2d9d4ef717c693c7c64ad
Instruction Fuzzy Hash: EBE01A36614104CBD7256FA5A09AB1C3674F7B4B16F8A6959CB0442311DB7CCD81DB13

Uniqueness

Uniqueness Score: -1.00%

Function 001CC170 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15
COMMON

Download Yara Rule

C-Code - Quality: 16%

			E001CC170(intOrPtr* __rcx) {
				void* __rbx;
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t11;
				void* _t12;
				void* _t13;
				void* _t14;

				_t3 = E001CB850(_t4, _t8, __rcx, __rcx, _t11, _t12, _t13, _t14);
				if(( *(__rcx + 4) & 0x00000066) == 0 &&  *__rcx == 0xe06d7363 && _t3 == 1) {
					__imp__terminate();
					asm("int3");
					return _t3;
				}
				return _t3;
			}

0x001cc179
0x001cc182
0x001cc191
0x001cc197
0x00000000
0x001cc197
0x001cc19d

APIs

__C_specific_handler.LIBVCRUNTIME ref: 001CC179

Part of subcall function 001CB850: _IsNonwritableInCurrentImage.LIBCMT ref: 001CB910
Part of subcall function 001CB850: RtlUnwindEx.KERNEL32 ref: 001CB95F

terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 001CC191

Strings

f, xrefs: 001CC17E
csm, xrefs: 001CC184

Memory Dump Source

Source File: 00000000.00000002.368460727.00000000001C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000000.00000002.368456644.00000000001C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.368470033.00000000001CD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.368475414.00000000001D1000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.368479501.00000000001D2000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1c0000_dp687checkversion_amd.jbxd

Similarity

API ID: C_specific_handlerCurrentImageNonwritableUnwindterminate
String ID: csm$f
API String ID: 2215565074-629598281
Opcode ID: 5b1df027ad24a3acdf7e3c873366a75012bb79f642449c1b4f57e05d3fd8023e
Instruction ID: e4ebd28d8a7dc3c7fa59348b3c260b6dd85711b25e380e12b782330403d3da84
Opcode Fuzzy Hash: 5b1df027ad24a3acdf7e3c873366a75012bb79f642449c1b4f57e05d3fd8023e
Instruction Fuzzy Hash: 97D0C935914289C5FF392BB2A186BAC1658A739769F0C801CCA4649246D72ACDE98692

Uniqueness

Uniqueness Score: -1.00%

Function 029451D0 Relevance: 6.1, APIs: 4, Instructions: 89COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 0294524D
WideCharToMultiByte.KERNEL32 ref: 02945289
GetLastError.KERNEL32 ref: 029452A6
GetLastError.KERNEL32 ref: 029452C8

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: ByteCharErrorLastMultiWide
String ID:
API String ID: 203985260-0
Opcode ID: 6c23722e523fc2851475f33ee715bf3a715c161a8f3f7db00f4690005144e938
Instruction ID: c90696030afc840c80b4e97f8cd46c77ead316810684734de8ccb659b22a761e
Opcode Fuzzy Hash: 6c23722e523fc2851475f33ee715bf3a715c161a8f3f7db00f4690005144e938
Instruction Fuzzy Hash: 3A218D32204B8183E7109BB5A45072A72A9F780BA0FA44719EEA997FE8DF39C0418B00

Uniqueness

Uniqueness Score: -1.00%

Function 0293EEA0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 66
sleepCOMMON

Download Yara Rule

C-Code - Quality: 52%

			E0293EEA0(intOrPtr __ecx, signed long long __edx, void* __esp, long long __rbx, long long __rdi, void* __r8, long long _a32) {
				long long _v24;
				signed int _v40;
				char _v152;
				signed long long _v168;
				signed long long _v176;
				char _v180;
				signed long long _v184;
				intOrPtr _v188;
				signed long long _v192;
				signed long long _v200;
				void* _t22;
				void* _t23;
				signed long long _t27;
				void* _t33;
				signed long long _t34;
				void* _t35;
				signed long long _t38;
				signed long long _t39;
				void* _t52;
				void* _t53;
				signed long long _t54;
				void* _t58;

				_t35 = __esp;
				_t28 = __ecx;
				_t38 =  *0x29a61e8; // 0xc99624406909
				_t39 = _t38 ^ _t54;
				_v40 = _t39;
				_t34 = __edx;
				_v200 = _t39;
				_t53 = __r8;
				_v192 = _t39;
				_v184 = _t39;
				_v176 = _t39;
				_v168 = 0;
				if(__edx <= 0x10) {
					_a32 = __rbx;
					_t27 = 0;
					_v192 = 0;
					_v24 = __rdi;
					_v200 = 0x24;
					_v188 = __ecx;
					_v184 = __edx;
					while(1) {
						_t28 =  *0x29a7f40; // 0x0
						_t22 =  *0x29a7f80();
						_t33 = _t22;
						if(_t22 == 0) {
							break;
						}
						_t28 = 0xa;
						Sleep(??);
						_t27 = _t27 + 1;
						if(_t27 < 0xa) {
							continue;
						} else {
							r8d = _t33;
							E029422D0(_t39,  &_v152, "DPCD read error! ADL error code: %d",  &_v200, _t58);
							E029423A0();
							_t23 = 0xff;
						}
						L9:
						goto L10;
					}
					if(_t34 != 0) {
						E02946FD0(_t28, _t33, _t34, _t35, _t53,  &_v180, _t52);
					}
					_t23 = 1;
					goto L9;
				} else {
					E029423A0();
					_t23 = 0xff;
				}
				L10:
				return L029438C0(_t23, _t28, _t39, _v40 ^ _t54);
			}

0x0293eea0
0x0293eea0
0x0293eeaa
0x0293eeb1
0x0293eeb4
0x0293eebe
0x0293eec0
0x0293eec5
0x0293eec8
0x0293eecd
0x0293eed2
0x0293eed7
0x0293eede
0x0293eef6
0x0293eefe
0x0293ef00
0x0293ef04
0x0293ef0c
0x0293ef14
0x0293ef18
0x0293ef20
0x0293ef2b
0x0293ef31
0x0293ef37
0x0293ef3b
0x00000000
0x00000000
0x0293ef3d
0x0293ef42
0x0293ef48
0x0293ef4d
0x00000000
0x0293ef4f
0x0293ef4f
0x0293ef5e
0x0293ef6d
0x0293ef72
0x0293ef72
0x0293ef8c
0x00000000
0x0293ef94
0x0293ef78
0x0293ef85
0x0293ef85
0x0293ef8a
0x00000000
0x0293eee0
0x0293eeea
0x0293eeef
0x0293eeef
0x0293ef9c
0x0293efb5

APIs

Sleep.KERNEL32 ref: 0293EF42

Strings

The max data length is 16!, xrefs: 0293EEE3
DPCD read error! ADL error code: %d, xrefs: 0293EF52
$, xrefs: 0293EF0C

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: Sleep
String ID: $$DPCD read error! ADL error code: %d$The max data length is 16!
API String ID: 3472027048-3131151814
Opcode ID: 8b2127348c1fb980f4884e067834b38a8598192363d7a98cdb4c4bc2dd08871e
Instruction ID: f81077f28366375088f30e8b08b471d6b1984c4ae1234d408f8decaeab90de71
Opcode Fuzzy Hash: 8b2127348c1fb980f4884e067834b38a8598192363d7a98cdb4c4bc2dd08871e
Instruction Fuzzy Hash: CF217A72618B848AD7709B60F88039EB3A5F7C9748F44522AEACE87B18DF78C541CF40

Uniqueness

Uniqueness Score: -1.00%

Function 0298A728 Relevance: 6.1, APIs: 4, Instructions: 64
COMMON

Download Yara Rule

C-Code - Quality: 39%

			E0298A728(signed int __ecx, void* __edx, void* __edi, intOrPtr* __rax, long long __rbx, void* __rdx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24, void* _a32) {
				char _v24;
				signed int _t26;
				void* _t36;
				intOrPtr* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				intOrPtr _t47;
				void* _t49;
				signed long long _t52;
				char* _t63;

				_t55 = __rsi;
				_t49 = __rdx;
				_t38 = __rax;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t36 = r8d;
				E029870E0(__edi, __edx, __rax);
				_t41 = _t38;
				_t37 = _t38 - 0xffffffff;
				if(_t38 != 0xffffffff) {
					_t63 =  &_v24;
					_t5 = _t49 + 1; // 0x1
					r9d = _t5;
					__eflags = SetFilePointerEx(??, ??, ??, ??);
					if(__eflags != 0) {
						_t63 =  &_a32;
						_a32 = _t38;
						r9d = _t36;
						_t26 = SetFilePointerEx(??, ??, ??, ??);
						__eflags = _t26;
						if(__eflags == 0) {
							goto L4;
						} else {
							_t39 = _a32;
							__eflags = _t39 - 0x7fffffff;
							if(__eflags <= 0) {
								__eflags = _t26 - 0xffffffff;
								if(_t26 == 0xffffffff) {
									goto L2;
								} else {
									_t52 = __ecx + __ecx * 8;
									_t47 =  *((intOrPtr*)(0x29ab0c0 + (__ecx >> 6) * 8));
									_t14 = _t47 + 0x38 + _t52 * 8;
									 *_t14 =  *(_t47 + 0x38 + _t52 * 8) & 0x000000fd;
									__eflags =  *_t14;
								}
							} else {
								r9d = 0;
								r8d = 0;
								SetFilePointerEx(??, ??, ??, ??);
								_t26 = E02971538(__eflags, _t39);
								 *_t39 = 0x16;
								goto L2;
							}
						}
					} else {
						L4:
						_t26 = E029714C8(GetLastError(), 0, __eflags, _t38, _t41, _t55, _t63);
						goto L2;
					}
				} else {
					_t26 = E02971538(_t37, _t38);
					 *_t38 = 9;
					L2:
					_t26 = _t26 | 0xffffffff;
				}
				return _t26;
			}

0x0298a728
0x0298a728
0x0298a728
0x0298a728
0x0298a72d
0x0298a732
0x0298a73f
0x0298a747
0x0298a74c
0x0298a74f
0x0298a753
0x0298a76a
0x0298a772
0x0298a772
0x0298a77c
0x0298a77e
0x0298a791
0x0298a799
0x0298a79e
0x0298a7a4
0x0298a7aa
0x0298a7ac
0x00000000
0x0298a7ae
0x0298a7ae
0x0298a7b3
0x0298a7b9
0x0298a7dc
0x0298a7df
0x00000000
0x0298a7e5
0x0298a7f9
0x0298a7fd
0x0298a801
0x0298a801
0x0298a801
0x0298a801
0x0298a7bb
0x0298a7c0
0x0298a7c3
0x0298a7c9
0x0298a7cf
0x0298a7d4
0x00000000
0x0298a7d4
0x0298a7b9
0x0298a780
0x0298a780
0x0298a788
0x00000000
0x0298a788
0x0298a755
0x0298a755
0x0298a75a
0x0298a760
0x0298a760
0x0298a760
0x0298a81a

APIs

SetFilePointerEx.KERNEL32 ref: 0298A776
GetLastError.KERNEL32 ref: 0298A780
SetFilePointerEx.KERNEL32 ref: 0298A7A4
SetFilePointerEx.KERNEL32 ref: 0298A7C9

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: FilePointer$ErrorLast
String ID:
API String ID: 142388799-0
Opcode ID: a4188f1678ac6a405939338572095808b1e0ce92e966b5943cefca28070513d8
Instruction ID: 078f1d2b2be53387f05f82f9bbdfc4d10d2bdbfb5e643398b76bd2d1abc1f950
Opcode Fuzzy Hash: a4188f1678ac6a405939338572095808b1e0ce92e966b5943cefca28070513d8
Instruction Fuzzy Hash: F0218032614A8185DB20AB25F95436AB762F784BF4F584722DA6A87BE8DF78C051CB40

Uniqueness

Uniqueness Score: -1.00%

Function 0298A8B8 Relevance: 6.0, APIs: 4, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 26%

			E0298A8B8(void* __edx, signed int __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, long long _a8, long long _a16, signed int _a32) {
				char _v24;
				int _t12;
				signed int _t16;
				signed int _t17;
				void* _t22;
				void* _t31;
				signed int* _t40;

				_t31 = __rdx;
				_t24 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				_t35 = __edx;
				_t22 = r8d;
				_t40 =  &_v24;
				_t26 = __rcx;
				_t4 = _t31 + 1; // 0x1
				r9d = _t4;
				_t12 = SetFilePointerEx(??, ??, ??, ??);
				_t23 = _t12;
				if(_t12 != 0) {
					_t40 =  &_a32;
					_a32 = __rax;
					r9d = _t22;
					__eflags = SetFilePointerEx(??, ??, ??, ??);
					if(__eflags == 0) {
						goto L1;
					} else {
						__eflags = _a32 - 0x7fffffff;
						if(__eflags <= 0) {
							_t17 = _a32;
						} else {
							r9d = 0;
							r8d = 0;
							SetFilePointerEx(??, ??, ??, ??);
							_t16 = E02971538(__eflags, __rax);
							 *((intOrPtr*)(__rax)) = 0x16;
							goto L2;
						}
					}
				} else {
					L1:
					_t16 = E029714C8(GetLastError(), 0, _t23, _t24, _t26, _t35, _t40);
					L2:
					_t17 = _t16 | 0xffffffff;
				}
				return _t17;
			}

0x0298a8b8
0x0298a8b8
0x0298a8b8
0x0298a8bd
0x0298a8c7
0x0298a8ca
0x0298a8cf
0x0298a8d4
0x0298a8d7
0x0298a8d7
0x0298a8db
0x0298a8e1
0x0298a8e3
0x0298a8f9
0x0298a901
0x0298a906
0x0298a912
0x0298a914
0x00000000
0x0298a916
0x0298a916
0x0298a91f
0x0298a942
0x0298a921
0x0298a926
0x0298a929
0x0298a92f
0x0298a935
0x0298a93a
0x00000000
0x0298a93a
0x0298a91f
0x0298a8e5
0x0298a8e5
0x0298a8ed
0x0298a8f2
0x0298a8f2
0x0298a8f2
0x0298a955

APIs

SetFilePointerEx.KERNEL32 ref: 0298A8DB
GetLastError.KERNEL32 ref: 0298A8E5
SetFilePointerEx.KERNEL32 ref: 0298A90C
SetFilePointerEx.KERNEL32 ref: 0298A92F

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: FilePointer$ErrorLast
String ID:
API String ID: 142388799-0
Opcode ID: 3b4d0bfcfe761435f6db364da4d0776bafb75da0537aa542c5c43cd1cd6ec28e
Instruction ID: 2b30507966d105102b29d542158638855cc9e9ccbbfc5b837fddf3e00c25efea
Opcode Fuzzy Hash: 3b4d0bfcfe761435f6db364da4d0776bafb75da0537aa542c5c43cd1cd6ec28e
Instruction Fuzzy Hash: 22015232718A9182E7209F65F84475AB7A5FB84BE4F584226DA9943B68DF3CC495CB00

Uniqueness

Uniqueness Score: -1.00%

Function 02939370 Relevance: 6.0, APIs: 4, Instructions: 31
libraryCOMMON

Download Yara Rule

C-Code - Quality: 23%

			E02939370(signed int __edx, void* __edi, void* __eflags, long long __rcx, long long _a8, signed int _a16) {
				long long _v16;
				long long _v24;
				void* _t14;
				long long _t24;
				void* _t31;

				_a16 = __edx;
				_a8 = __rcx;
				_v24 = 0;
				SetLastError(??);
				_t14 = E0293A1F0(_a8, _t31);
				if(_t14 == 0) {
					E0293A000(_t24, _a8, _t31);
					_v16 = _t24;
					if(_a8 == 0 || _v16 != 0) {
						r8d = _a16;
						r8d = r8d & 0xffffe0f7;
						LoadLibraryExW(??, ??, ??);
						_v24 = _t24;
					}
					_t14 = LocalFree();
				} else {
					SetLastError();
				}
				return _t14;
			}

0x02939370
0x02939374
0x0293937d
0x02939388
0x02939393
0x0293939a
0x029393ae
0x029393b3
0x029393be
0x029393c8
0x029393cd
0x029393db
0x029393e1
0x029393e1
0x029393eb
0x0293939c
0x029393a1
0x029393a1
0x029393fa

APIs

SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,02901521), ref: 02939388
SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,02901521), ref: 029393A1
LoadLibraryExW.KERNEL32 ref: 029393DB
LocalFree.KERNEL32 ref: 029393EB

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: ErrorLast$FreeLibraryLoadLocal
String ID:
API String ID: 3560775600-0
Opcode ID: 94d739d6d1704a753e2f559854cd6b73a5cffcf972dac10c38a5357f222919c4
Instruction ID: 0ba4432af974bd0c0f09a99e2c6881937e8476963237f97920729df09b6fff83
Opcode Fuzzy Hash: 94d739d6d1704a753e2f559854cd6b73a5cffcf972dac10c38a5357f222919c4
Instruction Fuzzy Hash: 9701EC32218A80C2D7259B56F85831EA770F7C9798F544119EA8E43AA8DF7DC594CB00

Uniqueness

Uniqueness Score: -1.00%

Function 02939480 Relevance: 6.0, APIs: 4, Instructions: 28
COMMON

Download Yara Rule

C-Code - Quality: 16%

			E02939480(signed int __edx, long long __rcx, long long _a8, signed int _a16) {
				long long _t18;
				void* _t23;

				_a16 = __edx;
				_a8 = __rcx;
				SetLastError(??);
				if(E0293A270(_a8) != 0) {
					if(E0293A340(_t18, _a8, _t23) != 0) {
						r8d = _a16;
						r8d = r8d & 0xffffe0f7;
						return LoadLibraryExW(??, ??, ??);
					}
					SetLastError();
					return 0;
				}
				SetLastError();
				return 0;
			}

0x02939480
0x02939484
0x0293948f
0x029394a1
0x029394be
0x029394cf
0x029394d4
0x00000000
0x029394e2
0x029394c5
0x00000000
0x029394cb
0x029394a8
0x00000000

APIs

SetLastError.KERNEL32 ref: 0293948F
SetLastError.KERNEL32 ref: 029394A8
SetLastError.KERNEL32 ref: 029394C5

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: 3ad2eb239a5453731c5225eac8dc28b49fbfbb4bd4ad46cda86fcedd3c555afc
Instruction ID: 5256f03be2c81876379fb3353c12cb1f2e7a147dea36518b8eff67980c8b591b
Opcode Fuzzy Hash: 3ad2eb239a5453731c5225eac8dc28b49fbfbb4bd4ad46cda86fcedd3c555afc
Instruction Fuzzy Hash: 68F08931734A9182EB55AB77E85831E6261FFC47D0F404425D68F85628DF2DC4548B40

Uniqueness

Uniqueness Score: -1.00%

Function 02939290 Relevance: 6.0, APIs: 4, Instructions: 27
COMMON

Download Yara Rule

C-Code - Quality: 31%

			E02939290(void* __edi, void* __eflags, long long __rcx, long long _a8) {
				long long _v16;
				long long _v24;
				void* _t12;
				long long _t20;
				void* _t27;

				_a8 = __rcx;
				_v24 = 0;
				SetLastError(??);
				_t12 = E0293A1F0(_a8, _t27);
				if(_t12 == 0) {
					E0293A000(_t20, _a8, _t27);
					_v16 = _t20;
					if(_a8 == 0 || _v16 != 0) {
						GetModuleHandleW();
						_v24 = _t20;
					}
					_t12 = LocalFree();
				} else {
					SetLastError();
				}
				return _t12;
			}

0x02939290
0x02939299
0x029392a4
0x029392af
0x029392b6
0x029392ca
0x029392cf
0x029392da
0x029392e9
0x029392ef
0x029392ef
0x029392f9
0x029392b8
0x029392bd
0x029392bd
0x02939308

APIs

SetLastError.KERNEL32 ref: 029392A4
SetLastError.KERNEL32 ref: 029392BD
GetModuleHandleW.KERNEL32 ref: 029392E9
LocalFree.KERNEL32 ref: 029392F9

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: ErrorLast$FreeHandleLocalModule
String ID:
API String ID: 2775970868-0
Opcode ID: bd698df0a1614615212561a52279120a90d3ed603465d00aaced0872fa7500e2
Instruction ID: e418e0d042ef3c5edf7844ed625c81b03056ccd864571be45280a44e61e44a1c
Opcode Fuzzy Hash: bd698df0a1614615212561a52279120a90d3ed603465d00aaced0872fa7500e2
Instruction Fuzzy Hash: 2BF0F932208E8082EB31AB55F89831E7774F7C9798F54022AEACE42668CF7DC594CB04

Uniqueness

Uniqueness Score: -1.00%

Function 0295D3E4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 176
COMMON

Download Yara Rule

C-Code - Quality: 66%

			E0295D3E4(void* __ebx, void* __edx, signed int __edi, void* __esp, signed short* __rax, long long __rbx, signed int* __rcx, signed int* __rdx, long long __rbp, void* __r8, void* __r10, long long _a16, long long _a24) {
				void* __rdi;
				void* __rsi;
				signed int _t85;
				signed int _t90;
				signed int _t91;
				void* _t95;
				signed int _t96;
				signed short _t97;
				signed int _t101;
				signed int _t102;
				signed int _t103;
				signed int _t104;
				signed int _t105;
				signed int _t107;
				signed int _t108;
				signed int _t109;
				signed int _t111;
				signed int _t115;
				signed int _t117;
				void* _t120;
				signed int* _t127;
				signed int* _t131;
				signed int* _t133;
				signed int* _t134;
				void* _t135;
				signed int _t136;
				void* _t142;
				void* _t143;

				_t143 = __r10;
				_t142 = __r8;
				_t137 = __rbp;
				_t134 = __rdx;
				_t133 = __rcx;
				_t123 = __rax;
				_t120 = __esp;
				_t95 = __ebx;
				_a16 = __rbx;
				_a24 = __rbp;
				_t117 = __edi | 0xffffffff;
				_t131 = __rcx;
				if(__rcx[0x11a] == _t136) {
					L55:
					E02971538(__eflags, _t123);
					 *_t123 = 0x16;
					E02970D4C();
					L56:
					_t85 = _t117;
					L54:
					return _t85;
				}
				_t122 = __rcx[6] - _t136;
				if(__rcx[6] != _t136) {
					__rcx[0x11c] = __rcx[0x11c] + 1;
					__eflags = __rcx[0x11c] - 2;
					if(__rcx[0x11c] == 2) {
						L53:
						_t85 = _t131[0xa];
						goto L54;
					} else {
						do {
							_t131[0x14] = 0;
							_t131[0xb] = 0;
							while(1) {
								_t123 = _t131[6];
								_t96 =  *_t123 & 0x0000ffff;
								_t131[0x10] = _t96;
								__eflags = _t96;
								if(_t96 == 0) {
									break;
								}
								_t131[6] = _t131[6] + 2;
								__eflags = _t131[0xa];
								if(_t131[0xa] < 0) {
									L50:
									__eflags = _t131[0xb];
									if(_t131[0xb] == 0) {
										goto L52;
									}
									__eflags = _t131[0xb] - 7;
									if(__eflags != 0) {
										goto L55;
									}
									goto L52;
								} else {
									_t97 = _t131[0x10] & 0x0000ffff;
									__eflags = (_t97 & 0x0000ffff) - 0x20 - 0x5a;
									if((_t97 & 0x0000ffff) - 0x20 <= 0x5a) {
										asm("lfence");
									}
									_t101 = (_t133[0xa64fd0] & 0x000000ff) >> 4;
									_t131[0xb] = _t101;
									__eflags = _t101 - 8;
									if(__eflags == 0) {
										goto L55;
									}
									__eflags = _t101;
									if(_t101 == 0) {
										_t115 = _t131[0x10] & 0x0000ffff;
										_t131[0x15] = 1;
										_t133 = _t131[0x11a];
										__eflags = _t133[4] - _t133[2];
										if(_t133[4] != _t133[2]) {
											_t131[0xa] = _t131[0xa] + 1;
											 *((long long*)(_t131[0x11a] + 0x10)) =  *((long long*)(_t131[0x11a] + 0x10)) + 1;
											_t133 =  *(_t131[0x11a]);
											 *_t133 = _t115;
											_t127 = _t131[0x11a];
											 *_t127 =  *_t127 + 2;
											__eflags =  *_t127;
										} else {
											__eflags = _t133[6] - sil;
											if(_t133[6] == sil) {
												_t131[0xa] = _t117;
											} else {
												_t131[0xa] = _t131[0xa] + 1;
											}
										}
										L46:
										_t90 = 1;
										L47:
										__eflags = _t90;
										if(_t90 == 0) {
											goto L56;
										}
										continue;
									}
									_t102 = _t101 - 1;
									__eflags = _t102;
									if(_t102 == 0) {
										_t131[0xc] = _t136;
										_t131[0x10] = sil;
										_t131[0xe] = _t117;
										_t131[0xf] = 0;
										_t131[0x15] = sil;
										continue;
									}
									_t103 = _t102 - 1;
									__eflags = _t103;
									if(_t103 == 0) {
										_t91 = _t131[0x10] & 0x0000ffff;
										__eflags = _t91 - 0x20;
										if(_t91 == 0x20) {
											_t131[0xc] = _t131[0xc] | 0x00000002;
										} else {
											__eflags = _t91 - 0x23;
											if(_t91 == 0x23) {
												_t131[0xc] = _t131[0xc] | 0x00000020;
											} else {
												__eflags = _t91 - 0x2b;
												if(_t91 == 0x2b) {
													_t131[0xc] = _t131[0xc] | 0x00000001;
												} else {
													__eflags = _t91 - 0x2d;
													if(_t91 == 0x2d) {
														_t131[0xc] = _t131[0xc] | 0x00000004;
													} else {
														__eflags = _t91 - 0x30;
														if(_t91 == 0x30) {
															_t131[0xc] = _t131[0xc] | 0x00000008;
														}
													}
												}
											}
										}
										continue;
									}
									_t104 = _t103 - 1;
									__eflags = _t104;
									if(_t104 == 0) {
										__eflags = _t131[0x10] - 0x2a;
										if(_t131[0x10] == 0x2a) {
											_t131[8] = _t131[8] + 8;
											_t105 =  *(_t131[8] - 8);
											_t131[0xd] = _t105;
											__eflags = _t105;
											if(_t105 < 0) {
												_t131[0xc] = _t131[0xc] | 0x00000004;
												_t131[0xd] =  ~_t105;
											}
											goto L46;
										}
										_t134 =  &(_t131[0xd]);
										L23:
										_t133 = _t131;
										_t90 = L0295BCBC(_t123, _t131, _t133, _t134, _t135, _t136);
										goto L47;
									}
									_t107 = _t104 - 1;
									__eflags = _t107;
									if(_t107 == 0) {
										_t131[0xe] = 0;
										continue;
									}
									_t108 = _t107 - 1;
									__eflags = _t108;
									if(_t108 == 0) {
										__eflags = _t131[0x10] - 0x2a;
										if(_t131[0x10] == 0x2a) {
											_t131[8] = _t131[8] + 8;
											_t109 =  *(_t131[8] - 8);
											__eflags = _t109;
											_t110 =  <  ? _t117 : _t109;
											_t131[0xe] =  <  ? _t117 : _t109;
											goto L46;
										}
										_t134 =  &(_t131[0xe]);
										goto L23;
									}
									_t111 = _t108 - 1;
									__eflags = _t111;
									if(_t111 == 0) {
										_t133 = _t131;
										_t90 = L0295FF54(_t111, _t131, _t133, _t134, _t136, _t137, _t142, _t143);
										goto L47;
									}
									__eflags = _t111 - 1;
									if(_t111 != 1) {
										goto L56;
									} else {
										_t133 = _t131;
										_t90 = L02961BC0(_t95, _t111, _t120, _t131, _t133, _t134, _t136, _t137, _t142, _t143);
										goto L47;
									}
								}
							}
							_t73 =  &(_t131[6]);
							 *_t73 = _t131[6] + 2;
							__eflags =  *_t73;
							goto L50;
							L52:
							_t131[0x11c] = _t131[0x11c] + 1;
							__eflags = _t131[0x11c] - 2;
						} while (_t131[0x11c] != 2);
						goto L53;
					}
				} else {
					E02971538(_t122, __rax);
					 *__rax = 0x16;
					_t85 = E02970D4C() | _t117;
					goto L54;
				}
			}

0x0295d3e4
0x0295d3e4
0x0295d3e4
0x0295d3e4
0x0295d3e4
0x0295d3e4
0x0295d3e4
0x0295d3e4
0x0295d3e4
0x0295d3e9
0x0295d3f6
0x0295d3fb
0x0295d405
0x0295d658
0x0295d658
0x0295d65d
0x0295d663
0x0295d668
0x0295d668
0x0295d645
0x0295d657
0x0295d657
0x0295d40b
0x0295d40f
0x0295d428
0x0295d42e
0x0295d435
0x0295d642
0x0295d642
0x00000000
0x0295d43b
0x0295d447
0x0295d447
0x0295d44a
0x0295d60b
0x0295d60b
0x0295d60f
0x0295d612
0x0295d616
0x0295d619
0x00000000
0x00000000
0x0295d452
0x0295d457
0x0295d45a
0x0295d624
0x0295d624
0x0295d627
0x00000000
0x00000000
0x0295d629
0x0295d62d
0x00000000
0x00000000
0x00000000
0x0295d460
0x0295d460
0x0295d46d
0x0295d471
0x0295d473
0x0295d47f
0x0295d492
0x0295d495
0x0295d498
0x0295d49b
0x00000000
0x00000000
0x0295d4a1
0x0295d4a3
0x0295d5b6
0x0295d5ba
0x0295d5be
0x0295d5c9
0x0295d5cd
0x0295d5df
0x0295d5e9
0x0295d5f4
0x0295d5f7
0x0295d5fa
0x0295d601
0x0295d601
0x0295d5cf
0x0295d5cf
0x0295d5d3
0x0295d5da
0x0295d5d5
0x0295d5d5
0x0295d5d5
0x0295d5d3
0x0295d605
0x0295d605
0x0295d607
0x0295d607
0x0295d609
0x00000000
0x00000000
0x00000000
0x0295d609
0x0295d4a9
0x0295d4a9
0x0295d4ac
0x0295d5a2
0x0295d5a6
0x0295d5aa
0x0295d5ad
0x0295d5b0
0x00000000
0x0295d5b0
0x0295d4b2
0x0295d4b2
0x0295d4b5
0x0295d55d
0x0295d561
0x0295d564
0x0295d59c
0x0295d566
0x0295d566
0x0295d56a
0x0295d597
0x0295d56c
0x0295d56c
0x0295d570
0x0295d591
0x0295d572
0x0295d572
0x0295d576
0x0295d58b
0x0295d578
0x0295d578
0x0295d57c
0x0295d582
0x0295d582
0x0295d57c
0x0295d576
0x0295d570
0x0295d56a
0x00000000
0x0295d564
0x0295d4bb
0x0295d4bb
0x0295d4be
0x0295d52b
0x0295d530
0x0295d538
0x0295d541
0x0295d544
0x0295d547
0x0295d549
0x0295d54f
0x0295d555
0x0295d555
0x00000000
0x0295d549
0x0295d532
0x0295d4fd
0x0295d4fd
0x0295d500
0x00000000
0x0295d500
0x0295d4c0
0x0295d4c0
0x0295d4c3
0x0295d523
0x00000000
0x0295d523
0x0295d4c5
0x0295d4c5
0x0295d4c8
0x0295d4f2
0x0295d4f7
0x0295d50a
0x0295d513
0x0295d516
0x0295d518
0x0295d51b
0x00000000
0x0295d51b
0x0295d4f9
0x00000000
0x0295d4f9
0x0295d4ca
0x0295d4ca
0x0295d4cd
0x0295d4e5
0x0295d4e8
0x00000000
0x0295d4e8
0x0295d4cf
0x0295d4d2
0x00000000
0x0295d4d8
0x0295d4d8
0x0295d4db
0x00000000
0x0295d4db
0x0295d4d2
0x0295d45a
0x0295d61f
0x0295d61f
0x0295d61f
0x00000000
0x0295d62f
0x0295d62f
0x0295d635
0x0295d635
0x00000000
0x0295d447
0x0295d411
0x0295d411
0x0295d416
0x0295d421
0x00000000
0x0295d421

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0295D41C
_invalid_parameter_noinfo.LIBCMT ref: 0295D663

Strings

*, xrefs: 0295D52B

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: *
API String ID: 3215553584-163128923
Opcode ID: 3ba0a5cd61a4ba5fd76b4f5b515c1acac008ac5bac300f300b8183749d4983b8
Instruction ID: 1e825ba0f46bd915a1e5241e89f8bf665cd4726c4cc33381b80dd9aedab0e820
Opcode Fuzzy Hash: 3ba0a5cd61a4ba5fd76b4f5b515c1acac008ac5bac300f300b8183749d4983b8
Instruction Fuzzy Hash: 156178B2206670CACB29DF29C19813D3BB4F34AF5DB55522ACF4A4625CDB35C483CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0295CC4C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 174
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E0295CC4C(void* __edx, signed int __edi, signed short* __rax, long long __rbx, void* __rcx, intOrPtr __rdx, long long __rbp, long long _a16, long long _a24) {
				void* __rdi;
				void* __rsi;
				signed int _t81;
				void* _t86;
				signed int _t87;
				signed int _t88;
				void* _t92;
				signed int _t93;
				signed short _t94;
				signed int _t98;
				signed int _t99;
				signed int _t101;
				signed int _t102;
				signed int _t103;
				signed int _t104;
				signed int _t106;
				signed int _t107;
				signed int _t108;
				signed int _t110;
				signed char _t115;
				signed int _t117;
				void* _t120;
				intOrPtr _t125;
				void* _t129;
				void* _t131;
				void* _t133;
				signed int _t134;
				void* _t140;
				void* _t141;
				void* _t142;
				void* _t143;

				_t135 = __rbp;
				_t132 = __rdx;
				_t131 = __rcx;
				_t123 = __rax;
				_a16 = __rbx;
				_a24 = __rbp;
				_t117 = __edi | 0xffffffff;
				_t129 = __rcx;
				if( *((intOrPtr*)(__rcx + 0x468)) == _t134) {
					L55:
					E02971538(__eflags, _t123);
					 *_t123 = 0x16;
					E02970D4C();
					L56:
					_t81 = _t117;
					L54:
					return _t81;
				}
				_t122 =  *((intOrPtr*)(__rcx + 0x18)) - _t134;
				if( *((intOrPtr*)(__rcx + 0x18)) != _t134) {
					 *((intOrPtr*)(__rcx + 0x470)) =  *((intOrPtr*)(__rcx + 0x470)) + 1;
					__eflags =  *((intOrPtr*)(__rcx + 0x470)) - 2;
					if( *((intOrPtr*)(__rcx + 0x470)) == 2) {
						L53:
						_t81 =  *(_t129 + 0x28);
						goto L54;
					} else {
						do {
							 *((intOrPtr*)(_t129 + 0x50)) = 0;
							 *(_t129 + 0x2c) = 0;
							while(1) {
								_t123 =  *(_t129 + 0x18);
								_t93 =  *_t123 & 0x0000ffff;
								 *(_t129 + 0x42) = _t93;
								__eflags = _t93;
								if(_t93 == 0) {
									break;
								}
								 *(_t129 + 0x18) =  *(_t129 + 0x18) + 2;
								__eflags =  *(_t129 + 0x28);
								if( *(_t129 + 0x28) < 0) {
									L50:
									__eflags =  *(_t129 + 0x2c);
									if( *(_t129 + 0x2c) == 0) {
										goto L52;
									}
									__eflags =  *(_t129 + 0x2c) - 7;
									if(__eflags != 0) {
										goto L55;
									}
									goto L52;
								}
								_t94 =  *(_t129 + 0x42) & 0x0000ffff;
								__eflags = (_t94 & 0x0000ffff) - 0x20 - 0x5a;
								if((_t94 & 0x0000ffff) - 0x20 <= 0x5a) {
									asm("lfence");
								}
								_t98 = ( *(_t131 + 0x2993f40) & 0x000000ff) >> 4;
								 *(_t129 + 0x2c) = _t98;
								__eflags = _t98 - 8;
								if(__eflags == 0) {
									goto L55;
								} else {
									__eflags = _t98;
									if(_t98 == 0) {
										_t99 =  *(_t129 + 0x42) & 0x0000ffff;
										 *((char*)(_t129 + 0x54)) = 1;
										_t115 =  *( *((intOrPtr*)(_t129 + 0x468)) + 0x14) >> 0xc;
										__eflags = _t115 & 0x00000001;
										if((_t115 & 0x00000001) == 0) {
											L43:
											_t132 =  *((intOrPtr*)(_t129 + 0x468));
											_t86 = E029749EC(_t92, _t99, _t115, 0x20, _t120, _t129,  *((intOrPtr*)(_t129 + 0x468)), _t140, _t141, _t142);
											__eflags = _t86 - 0xffff;
											if(_t86 == 0xffff) {
												 *(_t129 + 0x28) = _t117;
												L46:
												_t87 = 1;
												L47:
												__eflags = _t87;
												if(_t87 == 0) {
													goto L56;
												}
												continue;
											}
											L44:
											 *(_t129 + 0x28) =  *(_t129 + 0x28) + 1;
											goto L46;
										}
										_t125 =  *((intOrPtr*)(_t129 + 0x468));
										__eflags =  *((intOrPtr*)(_t125 + 8)) - _t134;
										if( *((intOrPtr*)(_t125 + 8)) == _t134) {
											goto L44;
										}
										goto L43;
									}
									_t101 = _t98 - 1;
									__eflags = _t101;
									if(_t101 == 0) {
										 *(_t129 + 0x30) = _t134;
										 *((intOrPtr*)(_t129 + 0x40)) = sil;
										 *(_t129 + 0x38) = _t117;
										 *((intOrPtr*)(_t129 + 0x3c)) = 0;
										 *((intOrPtr*)(_t129 + 0x54)) = sil;
										continue;
									}
									_t102 = _t101 - 1;
									__eflags = _t102;
									if(_t102 == 0) {
										_t88 =  *(_t129 + 0x42) & 0x0000ffff;
										__eflags = _t88 - 0x20;
										if(_t88 == 0x20) {
											 *(_t129 + 0x30) =  *(_t129 + 0x30) | 0x00000002;
										} else {
											__eflags = _t88 - 0x23;
											if(_t88 == 0x23) {
												 *(_t129 + 0x30) =  *(_t129 + 0x30) | 0x00000020;
											} else {
												__eflags = _t88 - 0x2b;
												if(_t88 == 0x2b) {
													 *(_t129 + 0x30) =  *(_t129 + 0x30) | 0x00000001;
												} else {
													__eflags = _t88 - 0x2d;
													if(_t88 == 0x2d) {
														 *(_t129 + 0x30) =  *(_t129 + 0x30) | 0x00000004;
													} else {
														__eflags = _t88 - 0x30;
														if(_t88 == 0x30) {
															 *(_t129 + 0x30) =  *(_t129 + 0x30) | 0x00000008;
														}
													}
												}
											}
										}
										continue;
									}
									_t103 = _t102 - 1;
									__eflags = _t103;
									if(_t103 == 0) {
										__eflags =  *(_t129 + 0x42) - 0x2a;
										if( *(_t129 + 0x42) == 0x2a) {
											 *((long long*)(_t129 + 0x20)) =  *((long long*)(_t129 + 0x20)) + 8;
											_t104 =  *( *((intOrPtr*)(_t129 + 0x20)) - 8);
											 *(_t129 + 0x34) = _t104;
											__eflags = _t104;
											if(_t104 < 0) {
												 *(_t129 + 0x30) =  *(_t129 + 0x30) | 0x00000004;
												 *(_t129 + 0x34) =  ~_t104;
											}
											goto L46;
										}
										_t132 = _t129 + 0x34;
										L23:
										_t131 = _t129;
										_t87 = E0295BAD0(_t123, _t129, _t131, _t132, _t133, _t134);
										goto L47;
									}
									_t106 = _t103 - 1;
									__eflags = _t106;
									if(_t106 == 0) {
										 *(_t129 + 0x38) = 0;
										continue;
									}
									_t107 = _t106 - 1;
									__eflags = _t107;
									if(_t107 == 0) {
										__eflags =  *(_t129 + 0x42) - 0x2a;
										if( *(_t129 + 0x42) == 0x2a) {
											 *((long long*)(_t129 + 0x20)) =  *((long long*)(_t129 + 0x20)) + 8;
											_t108 =  *( *((intOrPtr*)(_t129 + 0x20)) - 8);
											__eflags = _t108;
											_t109 =  <  ? _t117 : _t108;
											 *(_t129 + 0x38) =  <  ? _t117 : _t108;
											goto L46;
										} else {
											_t132 = _t129 + 0x38;
											goto L23;
										}
									}
									_t110 = _t107 - 1;
									__eflags = _t110;
									if(_t110 == 0) {
										_t131 = _t129;
										_t87 = E0295FA8C(_t110, _t129, _t131, _t132, _t135);
										goto L47;
									}
									__eflags = _t110 - 1;
									if(_t110 != 1) {
										goto L56;
									} else {
										_t131 = _t129;
										_t87 = E0296130C(_t92, _t110, _t120, _t129, _t131, _t132, _t135, _t140, _t141, _t143);
										goto L47;
									}
								}
							}
							_t69 = _t129 + 0x18;
							 *_t69 =  *(_t129 + 0x18) + 2;
							__eflags =  *_t69;
							goto L50;
							L52:
							 *((intOrPtr*)(_t129 + 0x470)) =  *((intOrPtr*)(_t129 + 0x470)) + 1;
							__eflags =  *((intOrPtr*)(_t129 + 0x470)) - 2;
						} while ( *((intOrPtr*)(_t129 + 0x470)) != 2);
						goto L53;
					}
				} else {
					E02971538(_t122, __rax);
					 *__rax = 0x16;
					_t81 = E02970D4C() | _t117;
					goto L54;
				}
			}

0x0295cc4c
0x0295cc4c
0x0295cc4c
0x0295cc4c
0x0295cc4c
0x0295cc51
0x0295cc5e
0x0295cc63
0x0295cc6d
0x0295ceaf
0x0295ceaf
0x0295ceb4
0x0295ceba
0x0295cebf
0x0295cebf
0x0295ce9c
0x0295ceae
0x0295ceae
0x0295cc73
0x0295cc77
0x0295cc90
0x0295cc96
0x0295cc9d
0x0295ce99
0x0295ce99
0x00000000
0x0295cca3
0x0295ccaf
0x0295ccaf
0x0295ccb2
0x0295ce62
0x0295ce62
0x0295ce66
0x0295ce69
0x0295ce6d
0x0295ce70
0x00000000
0x00000000
0x0295ccba
0x0295ccbf
0x0295ccc2
0x0295ce7b
0x0295ce7b
0x0295ce7e
0x00000000
0x00000000
0x0295ce80
0x0295ce84
0x00000000
0x00000000
0x00000000
0x0295ce84
0x0295ccc8
0x0295ccd5
0x0295ccd9
0x0295ccdb
0x0295cce7
0x0295ccfa
0x0295ccfd
0x0295cd00
0x0295cd03
0x00000000
0x0295cd09
0x0295cd09
0x0295cd0b
0x0295ce17
0x0295ce1b
0x0295ce29
0x0295ce2c
0x0295ce2f
0x0295ce3e
0x0295ce3e
0x0295ce45
0x0295ce4f
0x0295ce52
0x0295ce59
0x0295ce5c
0x0295ce5c
0x0295ce5e
0x0295ce5e
0x0295ce60
0x00000000
0x00000000
0x00000000
0x0295ce60
0x0295ce54
0x0295ce54
0x00000000
0x0295ce54
0x0295ce31
0x0295ce38
0x0295ce3c
0x00000000
0x00000000
0x00000000
0x0295ce3c
0x0295cd11
0x0295cd11
0x0295cd14
0x0295ce03
0x0295ce07
0x0295ce0b
0x0295ce0e
0x0295ce11
0x00000000
0x0295ce11
0x0295cd1a
0x0295cd1a
0x0295cd1d
0x0295cdc5
0x0295cdc9
0x0295cdcc
0x0295cdfd
0x0295cdce
0x0295cdce
0x0295cdd2
0x0295cdf8
0x0295cdd4
0x0295cdd4
0x0295cdd8
0x0295cdf2
0x0295cdda
0x0295cdda
0x0295cdde
0x0295cdec
0x0295cde0
0x0295cde0
0x0295cde4
0x0295cde6
0x0295cde6
0x0295cde4
0x0295cdde
0x0295cdd8
0x0295cdd2
0x00000000
0x0295cdcc
0x0295cd23
0x0295cd23
0x0295cd26
0x0295cd93
0x0295cd98
0x0295cda0
0x0295cda9
0x0295cdac
0x0295cdaf
0x0295cdb1
0x0295cdb7
0x0295cdbd
0x0295cdbd
0x00000000
0x0295cdb1
0x0295cd9a
0x0295cd65
0x0295cd65
0x0295cd68
0x00000000
0x0295cd68
0x0295cd28
0x0295cd28
0x0295cd2b
0x0295cd8b
0x00000000
0x0295cd8b
0x0295cd2d
0x0295cd2d
0x0295cd30
0x0295cd5a
0x0295cd5f
0x0295cd72
0x0295cd7b
0x0295cd7e
0x0295cd80
0x0295cd83
0x00000000
0x0295cd61
0x0295cd61
0x00000000
0x0295cd61
0x0295cd5f
0x0295cd32
0x0295cd32
0x0295cd35
0x0295cd4d
0x0295cd50
0x00000000
0x0295cd50
0x0295cd37
0x0295cd3a
0x00000000
0x0295cd40
0x0295cd40
0x0295cd43
0x00000000
0x0295cd43
0x0295cd3a
0x0295cd03
0x0295ce76
0x0295ce76
0x0295ce76
0x00000000
0x0295ce86
0x0295ce86
0x0295ce8c
0x0295ce8c
0x00000000
0x0295ccaf
0x0295cc79
0x0295cc79
0x0295cc7e
0x0295cc89
0x00000000
0x0295cc89

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0295CC84
_invalid_parameter_noinfo.LIBCMT ref: 0295CEBA

Strings

*, xrefs: 0295CD93

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: *
API String ID: 3215553584-163128923
Opcode ID: 4a359dafc612e4930a3ea600be10aed7488a37b0dd439627624d47b539653f5d
Instruction ID: 7fd6d3daa7ff72d677e868c0828a252e904957e5bc35b286e61766db4dc96687
Opcode Fuzzy Hash: 4a359dafc612e4930a3ea600be10aed7488a37b0dd439627624d47b539653f5d
Instruction Fuzzy Hash: 7F619AB6211330CACB28DF29D09427D3BB9F749F5CB59122BDF4646228D735C88ACB95

Uniqueness

Uniqueness Score: -1.00%

Function 0295D178 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 169
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E0295D178(void* __edx, signed int __edi, signed short* __rax, long long __rbx, signed long long __rcx, intOrPtr __rdx, long long __rbp, long long _a16, long long _a24) {
				void* __rdi;
				void* __rsi;
				signed int _t79;
				signed int _t84;
				void* _t85;
				signed int _t86;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				signed int _t90;
				signed int _t91;
				signed int _t92;
				signed int _t93;
				void* _t97;
				signed int _t98;
				signed short _t99;
				void* _t101;
				signed int _t102;
				signed int _t104;
				signed int _t106;
				signed char _t113;
				signed int _t115;
				void* _t118;
				intOrPtr _t123;
				signed long long _t127;
				signed long long _t129;
				intOrPtr _t130;
				void* _t131;
				signed int _t132;
				void* _t138;
				void* _t139;
				void* _t140;
				void* _t141;

				_t133 = __rbp;
				_t130 = __rdx;
				_t129 = __rcx;
				_t121 = __rax;
				_a16 = __rbx;
				_a24 = __rbp;
				_t115 = __edi | 0xffffffff;
				_t127 = __rcx;
				if( *((intOrPtr*)(__rcx + 0x468)) == _t132) {
					L53:
					E02971538(__eflags, _t121);
					 *_t121 = 0x16;
					E02970D4C();
					L54:
					_t79 = _t115;
					L52:
					return _t79;
				}
				_t120 =  *((intOrPtr*)(__rcx + 0x18)) - _t132;
				if( *((intOrPtr*)(__rcx + 0x18)) != _t132) {
					 *((intOrPtr*)(__rcx + 0x470)) =  *((intOrPtr*)(__rcx + 0x470)) + 1;
					__eflags =  *((intOrPtr*)(__rcx + 0x470)) - 2;
					if( *((intOrPtr*)(__rcx + 0x470)) == 2) {
						L51:
						_t79 =  *(_t127 + 0x28);
						goto L52;
					} else {
						do {
							 *((intOrPtr*)(_t127 + 0x50)) = 0;
							 *(_t127 + 0x2c) = 0;
							while(1) {
								_t121 =  *(_t127 + 0x18);
								_t98 =  *_t121 & 0x0000ffff;
								 *(_t127 + 0x42) = _t98;
								__eflags = _t98;
								if(_t98 == 0) {
									break;
								}
								 *(_t127 + 0x18) =  *(_t127 + 0x18) + 2;
								__eflags =  *(_t127 + 0x28);
								if( *(_t127 + 0x28) < 0) {
									goto L50;
								}
								_t99 =  *(_t127 + 0x42) & 0x0000ffff;
								__eflags = (_t99 & 0x0000ffff) - 0x20 - 0x5a;
								if((_t99 & 0x0000ffff) - 0x20 <= 0x5a) {
									asm("lfence");
								}
								_t101 = _t130 + _t129 * 8;
								_t84 = (_t121[0x14c9f70] & 0x000000ff) >> 4;
								 *(_t127 + 0x2c) = _t84;
								__eflags = _t84 - 8;
								if(__eflags == 0) {
									goto L53;
								} else {
									__eflags = _t84;
									if(_t84 == 0) {
										_t102 =  *(_t127 + 0x42) & 0x0000ffff;
										 *((char*)(_t127 + 0x54)) = 1;
										_t113 =  *( *((intOrPtr*)(_t127 + 0x468)) + 0x14) >> 0xc;
										__eflags = _t113 & 0x00000001;
										if((_t113 & 0x00000001) == 0) {
											L43:
											_t130 =  *((intOrPtr*)(_t127 + 0x468));
											_t85 = E029749EC(_t97, _t102, _t113, 0x20, _t118, _t127, _t130, _t138, _t139, _t140);
											__eflags = _t85 - 0xffff;
											if(_t85 == 0xffff) {
												 *(_t127 + 0x28) = _t115;
												L46:
												_t86 = 1;
												L47:
												__eflags = _t86;
												if(_t86 == 0) {
													goto L54;
												}
												continue;
											}
											L44:
											 *(_t127 + 0x28) =  *(_t127 + 0x28) + 1;
											goto L46;
										}
										_t123 =  *((intOrPtr*)(_t127 + 0x468));
										__eflags =  *((intOrPtr*)(_t123 + 8)) - _t132;
										if( *((intOrPtr*)(_t123 + 8)) == _t132) {
											goto L44;
										}
										goto L43;
									}
									_t87 = _t84 - 1;
									__eflags = _t87;
									if(_t87 == 0) {
										 *(_t127 + 0x30) = _t132;
										 *((intOrPtr*)(_t127 + 0x40)) = sil;
										 *(_t127 + 0x38) = _t115;
										 *((intOrPtr*)(_t127 + 0x3c)) = 0;
										 *((intOrPtr*)(_t127 + 0x54)) = sil;
										continue;
									}
									_t88 = _t87 - 1;
									__eflags = _t88;
									if(_t88 == 0) {
										_t89 =  *(_t127 + 0x42) & 0x0000ffff;
										__eflags = _t89 - 0x20;
										if(_t89 == 0x20) {
											 *(_t127 + 0x30) =  *(_t127 + 0x30) | 0x00000002;
										} else {
											__eflags = _t89 - 0x23;
											if(_t89 == 0x23) {
												 *(_t127 + 0x30) =  *(_t127 + 0x30) | 0x00000020;
											} else {
												__eflags = _t89 - 0x2b;
												if(_t89 == 0x2b) {
													 *(_t127 + 0x30) =  *(_t127 + 0x30) | 0x00000001;
												} else {
													__eflags = _t89 - 0x2d;
													if(_t89 == 0x2d) {
														 *(_t127 + 0x30) =  *(_t127 + 0x30) | 0x00000004;
													} else {
														__eflags = _t89 - 0x30;
														if(_t89 == 0x30) {
															 *(_t127 + 0x30) =  *(_t127 + 0x30) | 0x00000008;
														}
													}
												}
											}
										}
										continue;
									}
									_t90 = _t88 - 1;
									__eflags = _t90;
									if(_t90 == 0) {
										__eflags =  *(_t127 + 0x42) - 0x2a;
										if( *(_t127 + 0x42) == 0x2a) {
											 *((long long*)(_t127 + 0x20)) =  *((long long*)(_t127 + 0x20)) + 8;
											_t104 =  *( *((intOrPtr*)(_t127 + 0x20)) - 8);
											 *(_t127 + 0x34) = _t104;
											__eflags = _t104;
											if(_t104 < 0) {
												 *(_t127 + 0x30) =  *(_t127 + 0x30) | 0x00000004;
												 *(_t127 + 0x34) =  ~_t104;
											}
											goto L46;
										}
										_t130 = _t127 + 0x34;
										L23:
										_t129 = _t127;
										_t86 = L0295BC18(_t121, _t127, _t129, _t130, _t131, _t132);
										goto L47;
									}
									_t91 = _t90 - 1;
									__eflags = _t91;
									if(_t91 == 0) {
										 *(_t127 + 0x38) = 0;
										continue;
									}
									_t92 = _t91 - 1;
									__eflags = _t92;
									if(_t92 == 0) {
										__eflags =  *(_t127 + 0x42) - 0x2a;
										if( *(_t127 + 0x42) == 0x2a) {
											 *((long long*)(_t127 + 0x20)) =  *((long long*)(_t127 + 0x20)) + 8;
											_t106 =  *( *((intOrPtr*)(_t127 + 0x20)) - 8);
											__eflags = _t106;
											_t107 =  <  ? _t115 : _t106;
											 *(_t127 + 0x38) =  <  ? _t115 : _t106;
											goto L46;
										} else {
											_t130 = _t127 + 0x38;
											goto L23;
										}
									}
									_t93 = _t92 - 1;
									__eflags = _t93;
									if(_t93 == 0) {
										_t129 = _t127;
										_t86 = L0295FDBC(_t101, _t127, _t129, _t130, _t133);
										goto L47;
									}
									__eflags = _t93 - 1;
									if(_t93 != 1) {
										goto L54;
									} else {
										_t129 = _t127;
										_t86 = L029618E0(_t97, _t101, _t118, _t127, _t129, _t130, _t133, _t138, _t139, _t141);
										goto L47;
									}
								}
							}
							_t69 = _t127 + 0x18;
							 *_t69 =  *(_t127 + 0x18) + 2;
							__eflags =  *_t69;
							L50:
							 *((intOrPtr*)(_t127 + 0x470)) =  *((intOrPtr*)(_t127 + 0x470)) + 1;
							__eflags =  *((intOrPtr*)(_t127 + 0x470)) - 2;
						} while ( *((intOrPtr*)(_t127 + 0x470)) != 2);
						goto L51;
					}
				} else {
					E02971538(_t120, __rax);
					 *__rax = 0x16;
					_t79 = E02970D4C() | _t115;
					goto L52;
				}
			}

0x0295d178
0x0295d178
0x0295d178
0x0295d178
0x0295d178
0x0295d17d
0x0295d18a
0x0295d18f
0x0295d199
0x0295d3ce
0x0295d3ce
0x0295d3d3
0x0295d3d9
0x0295d3de
0x0295d3de
0x0295d3bb
0x0295d3cd
0x0295d3cd
0x0295d19f
0x0295d1a3
0x0295d1bc
0x0295d1c2
0x0295d1c9
0x0295d3b8
0x0295d3b8
0x00000000
0x0295d1cf
0x0295d1db
0x0295d1db
0x0295d1de
0x0295d38c
0x0295d38c
0x0295d390
0x0295d393
0x0295d397
0x0295d39a
0x00000000
0x00000000
0x0295d1e6
0x0295d1eb
0x0295d1ee
0x00000000
0x00000000
0x0295d1f4
0x0295d201
0x0295d205
0x0295d207
0x0295d213
0x0295d21d
0x0295d224
0x0295d227
0x0295d22a
0x0295d22d
0x00000000
0x0295d233
0x0295d233
0x0295d235
0x0295d341
0x0295d345
0x0295d353
0x0295d356
0x0295d359
0x0295d368
0x0295d368
0x0295d36f
0x0295d379
0x0295d37c
0x0295d383
0x0295d386
0x0295d386
0x0295d388
0x0295d388
0x0295d38a
0x00000000
0x00000000
0x00000000
0x0295d38a
0x0295d37e
0x0295d37e
0x00000000
0x0295d37e
0x0295d35b
0x0295d362
0x0295d366
0x00000000
0x00000000
0x00000000
0x0295d366
0x0295d23b
0x0295d23b
0x0295d23e
0x0295d32d
0x0295d331
0x0295d335
0x0295d338
0x0295d33b
0x00000000
0x0295d33b
0x0295d244
0x0295d244
0x0295d247
0x0295d2ef
0x0295d2f3
0x0295d2f6
0x0295d327
0x0295d2f8
0x0295d2f8
0x0295d2fc
0x0295d322
0x0295d2fe
0x0295d2fe
0x0295d302
0x0295d31c
0x0295d304
0x0295d304
0x0295d308
0x0295d316
0x0295d30a
0x0295d30a
0x0295d30e
0x0295d310
0x0295d310
0x0295d30e
0x0295d308
0x0295d302
0x0295d2fc
0x00000000
0x0295d2f6
0x0295d24d
0x0295d24d
0x0295d250
0x0295d2bd
0x0295d2c2
0x0295d2ca
0x0295d2d3
0x0295d2d6
0x0295d2d9
0x0295d2db
0x0295d2e1
0x0295d2e7
0x0295d2e7
0x00000000
0x0295d2db
0x0295d2c4
0x0295d28f
0x0295d28f
0x0295d292
0x00000000
0x0295d292
0x0295d252
0x0295d252
0x0295d255
0x0295d2b5
0x00000000
0x0295d2b5
0x0295d257
0x0295d257
0x0295d25a
0x0295d284
0x0295d289
0x0295d29c
0x0295d2a5
0x0295d2a8
0x0295d2aa
0x0295d2ad
0x00000000
0x0295d28b
0x0295d28b
0x00000000
0x0295d28b
0x0295d289
0x0295d25c
0x0295d25c
0x0295d25f
0x0295d277
0x0295d27a
0x00000000
0x0295d27a
0x0295d261
0x0295d264
0x00000000
0x0295d26a
0x0295d26a
0x0295d26d
0x00000000
0x0295d26d
0x0295d264
0x0295d22d
0x0295d3a0
0x0295d3a0
0x0295d3a0
0x0295d3a5
0x0295d3a5
0x0295d3ab
0x0295d3ab
0x00000000
0x0295d1db
0x0295d1a5
0x0295d1a5
0x0295d1aa
0x0295d1b5
0x00000000
0x0295d1b5

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0295D1B0
_invalid_parameter_noinfo.LIBCMT ref: 0295D3D9

Strings

*, xrefs: 0295D2BD

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: *
API String ID: 3215553584-163128923
Opcode ID: 72c5c5bc2fe6694fc15827836e4a9748d0d8c8f0c5f0450e242212642414dd52
Instruction ID: d4cbc6b5c6e1e46247e0dc907daf2f649db63d1f40326ccb937fd693fb674b55
Opcode Fuzzy Hash: 72c5c5bc2fe6694fc15827836e4a9748d0d8c8f0c5f0450e242212642414dd52
Instruction Fuzzy Hash: 4C5198B2705630CACB68DF29C08427C3BB9F346F5CF58162ADE4687268DB71C582CB65

Uniqueness

Uniqueness Score: -1.00%

Function 0296C604 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E0296C604(void* __ecx, void* __edx, intOrPtr* __rax, long long __rbx, void* __rcx, void* __r8, void* __r12, long long _a8, long long _a16, char _a24, char _a32) {
				long long _v56;
				void* __rdi;
				void* __rsi;
				void* _t29;
				intOrPtr* _t32;
				intOrPtr _t43;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t56;
				long long _t61;
				long long _t67;
				long long _t74;
				long long _t75;
				long long _t76;
				void* _t81;
				void* _t85;
				signed long long _t86;

				_t85 = __r12;
				_t81 = __r8;
				_a8 = __rbx;
				_t51 = 0;
				r14d = __ecx;
				if(__ecx != 0) {
					_t54 = __rcx - 1 - 1;
					if(__rcx - 1 <= 1) {
						r8d = 0x104;
						GetModuleFileNameW(??, ??, ??);
						_t76 =  *0x29ab920; // 0x62225a
						 *0x29ab8f8 = 0x29aae20;
						__eflags = _t76;
						if(_t76 == 0) {
							L6:
							_t76 = 0x29aae20;
						} else {
							__eflags =  *_t76;
							if( *_t76 == 0) {
								goto L6;
							}
						}
						_t56 =  &_a32;
						_a24 = _t75;
						_v56 = _t56;
						r8d = 0;
						_a32 = _t75;
						_t29 = E0296C0C4(0x29aae20, _t76, 0x29aae20, _t75, _t76, _t81,  &_a24, _t85);
						_t86 = _a24;
						r8d = 2;
						_t64 = _t86;
						E0296C41C(_t29, _t86, _a32, _t81);
						_t61 = _t56;
						__eflags = _t56;
						if(__eflags != 0) {
							_t82 = _t56 + _t86 * 8;
							_t57 =  &_a32;
							_t65 = _t76;
							_v56 =  &_a32;
							E0296C0C4(_t61, _t76, _t61, _t75, _t76, _t56 + _t86 * 8,  &_a24, _t85);
							__eflags = r14d - 1;
							if(r14d != 1) {
								_a16 = _t75;
								_t32 = L0297B350(0, 0, _t61, _t61,  &_a16, _t82);
								_t52 = _t32;
								__eflags = _t32;
								if(_t32 == 0) {
									_t74 = _a16;
									_t67 = _t75;
									_t57 = _t74;
									__eflags =  *_t74 - _t75;
									if( *_t74 != _t75) {
										do {
											_t57 = _t57 + 8;
											_t67 = _t67 + 1;
											__eflags =  *_t57 - _t75;
										} while ( *_t57 != _t75);
									}
									 *0x29ab900 = 0;
									__eflags = 0;
									_a16 = _t75;
									 *0x29ab910 = _t74;
									E02971650(_t57, _t67);
									_t65 = _t61;
									_a16 = _t75;
									goto L16;
								} else {
									E02971650( &_a32, _a16);
									_a16 = _t75;
									E02971650( &_a32, _t61);
									_t51 = _t52;
								}
							} else {
								 *0x29ab910 = _t61;
								 *0x29ab900 = _a24 - 1;
								L16:
								E02971650(_t57, _t65);
							}
						} else {
							E02971538(__eflags, _t56);
							_t43 = 0xc;
							 *_t56 = 0xc;
							E02971650(_t56, _t64);
							goto L3;
						}
					} else {
						E02971538(_t54, __rax);
						_t3 = _t75 + 0x16; // 0x16
						_t43 = _t3;
						 *__rax = _t43;
						E02970D4C();
						L3:
						_t51 = _t43;
					}
				}
				return _t51;
			}

0x0296c604
0x0296c604
0x0296c604
0x0296c617
0x0296c619
0x0296c61e
0x0296c627
0x0296c62a
0x0296c649
0x0296c654
0x0296c65a
0x0296c661
0x0296c668
0x0296c66b
0x0296c672
0x0296c672
0x0296c66d
0x0296c66d
0x0296c670
0x00000000
0x00000000
0x0296c670
0x0296c675
0x0296c679
0x0296c681
0x0296c686
0x0296c689
0x0296c692
0x0296c697
0x0296c69b
0x0296c6a5
0x0296c6a8
0x0296c6ad
0x0296c6b0
0x0296c6b3
0x0296c6cd
0x0296c6d4
0x0296c6d8
0x0296c6df
0x0296c6e4
0x0296c6e9
0x0296c6ed
0x0296c709
0x0296c710
0x0296c715
0x0296c717
0x0296c719
0x0296c734
0x0296c738
0x0296c73b
0x0296c73e
0x0296c741
0x0296c743
0x0296c743
0x0296c747
0x0296c74a
0x0296c74a
0x0296c743
0x0296c74f
0x0296c755
0x0296c757
0x0296c75b
0x0296c762
0x0296c767
0x0296c76a
0x00000000
0x0296c71b
0x0296c71f
0x0296c727
0x0296c72b
0x0296c730
0x0296c730
0x0296c6ef
0x0296c6f4
0x0296c6fb
0x0296c76e
0x0296c76e
0x0296c76e
0x0296c6b5
0x0296c6b5
0x0296c6ba
0x0296c6c1
0x0296c6c3
0x00000000
0x0296c6c3
0x0296c62c
0x0296c62c
0x0296c631
0x0296c631
0x0296c634
0x0296c636
0x0296c63b
0x0296c63b
0x0296c63b
0x0296c62a
0x0296c785

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0296C636

Part of subcall function 02971650: HeapFree.KERNEL32(?,?,?,029849B8,?,?,?,02984DDB,?,?,00000000,0297FF24,?,?,?,0297FE57), ref: 02971666
Part of subcall function 02971650: GetLastError.KERNEL32(?,?,?,029849B8,?,?,?,02984DDB,?,?,00000000,0297FF24,?,?,?,0297FE57), ref: 02971678

GetModuleFileNameW.KERNEL32 ref: 0296C654

Strings

Z"b, xrefs: 0296C65A

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
String ID: Z"b
API String ID: 3580290477-2590258208
Opcode ID: 2ce5cdb3fa7207a7acc6e8ecdd9df5b17371252d023638d7e6691f4c634c98b8
Instruction ID: 627b0f8ec1f435f4cf1dd9de583cae600b90ba5bbb0e3508c13e249320254e74
Opcode Fuzzy Hash: 2ce5cdb3fa7207a7acc6e8ecdd9df5b17371252d023638d7e6691f4c634c98b8
Instruction Fuzzy Hash: 32418D36201B1486DB18EF26E8583AD77E9F784BD8F484026EE8A47B14EF39C481CB40

Uniqueness

Uniqueness Score: -1.00%

Function 02988074 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
fileCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E02988074(signed int __edx, void* __edi, void* __eflags, void* __rax, signed long long __rbx, intOrPtr* __rcx, void* __rdx, long long __rbp, signed short* __r8, void* __r10, void* __r11, signed long long _a8, signed long long _a16, long long _a24, char _a40, char _a1744, char _a1752, signed int _a5176, void* _a5192) {
				intOrPtr _v0;
				signed long long _v8;
				void* _t39;
				signed int _t40;
				signed int _t41;
				void* _t44;
				void* _t45;
				intOrPtr _t46;
				void* _t48;
				signed long long _t58;
				signed int* _t64;
				intOrPtr* _t68;
				signed short* _t81;
				void* _t84;
				signed short* _t87;
				void* _t95;
				void* _t96;

				_t87 = __r8;
				_t44 = __edi;
				_t41 = __edx;
				_a8 = __rbx;
				_a24 = __rbp;
				L0298F990(__rax, __rcx, __rdx, __r10, __r11);
				_t85 = _t84 - __rax;
				_t58 =  *0x29a61e8; // 0xc99624406909
				_a5176 = _t58 ^ _t84 - __rax;
				_t68 = __rcx;
				r14d = r9d;
				r10d = r10d & 0x0000003f;
				_t96 = _t95 + _t87;
				_t81 = _t87;
				_t35 = 0;
				 *((long long*)(__rcx)) =  *((intOrPtr*)(0x29ab0c0 + (_t41 >> 6) * 8));
				_t48 = _t87 - _t96;
				 *((intOrPtr*)(__rcx + 8)) = 0;
				while(_t48 < 0) {
					_t64 =  &_a40;
					while(_t81 < _t96) {
						_t40 =  *_t81 & 0x0000ffff;
						_t81 =  &(_t81[1]);
						if(_t40 == 0xa) {
							 *_t64 = 0xd;
							_t64 =  &(_t64[0]);
						}
						 *_t64 = _t40;
						_t64 =  &(_t64[0]);
						if(_t64 <  &_a1744) {
							continue;
						}
						break;
					}
					_a16 = _a16 & 0x00000000;
					_a8 = _a8 & 0x00000000;
					_v0 = 0xd55;
					_v8 =  &_a1752;
					r9d = _t35;
					_t39 = 0xfde9;
					E0297CAFC();
					_t46 = _t35;
					if(_t35 == 0) {
						L12:
						 *_t68 = GetLastError();
					} else {
						_t45 = 0;
						if(_t35 == 0) {
							L11:
							_t35 = _t44 - r15d;
							 *((intOrPtr*)(_t68 + 4)) = _t35;
							_t48 = _t81 - _t96;
							continue;
						} else {
							while(1) {
								_v8 = _v8 & 0x00000000;
								_t39 = _t45;
								r8d = _t46;
								r8d = r8d - _t45;
								if(WriteFile(??, ??, ??, ??, ??) == 0) {
									goto L12;
								}
								_t45 = _t45 + _a24;
								if(_t45 < _t46) {
									continue;
								} else {
									goto L11;
								}
								goto L13;
							}
							goto L12;
						}
					}
					break;
				}
				L13:
				return L029438C0(_t35, _t39, _t68, _a5176 ^ _t85);
			}

0x02988074
0x02988074
0x02988074
0x02988074
0x02988079
0x0298808b
0x02988090
0x02988093
0x0298809d
0x029880a8
0x029880ae
0x029880bc
0x029880c0
0x029880c6
0x029880d6
0x029880d8
0x029880db
0x029880de
0x029880e1
0x029880e7
0x029880ec
0x029880f1
0x029880f4
0x029880fc
0x02988103
0x02988106
0x02988106
0x0298810a
0x0298810d
0x0298811c
0x00000000
0x00000000
0x00000000
0x0298811c
0x0298811e
0x02988129
0x02988137
0x0298814a
0x0298814f
0x02988152
0x02988159
0x0298815e
0x02988162
0x029881ad
0x029881b3
0x02988164
0x02988164
0x02988168
0x0298819d
0x0298819f
0x029881a2
0x029881a5
0x00000000
0x0298816a
0x0298816a
0x0298816a
0x02988178
0x0298817f
0x02988188
0x02988193
0x00000000
0x00000000
0x02988195
0x0298819b
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0298819b
0x00000000
0x0298816a
0x02988168
0x00000000
0x02988162
0x029881b5
0x029881e3

APIs

WriteFile.KERNEL32 ref: 0298818B
GetLastError.KERNEL32 ref: 029881AD

Strings

U, xrefs: 02988137

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 38b54fa6d72ec429119b03b175c4d6930f20c75280fca059adc739d4d2b0160e
Instruction ID: 0a796298e291b290a5e25754d214cc5d63ab004af3246909ea27a26b0095047e
Opcode Fuzzy Hash: 38b54fa6d72ec429119b03b175c4d6930f20c75280fca059adc739d4d2b0160e
Instruction Fuzzy Hash: 1F31E472724B8596DB20DF25E8443AAB7A5F788BD4F894125EE8D87B58EF3CC041CB50

Uniqueness

Uniqueness Score: -1.00%

Function 02962B8C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 92
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E02962B8C(void* __ebx, void* __edx, long long __rbx, void* __rcx, void* __r8, void* __r9, void* __r10, long long _a8) {
				intOrPtr _v24;
				void* __rdi;
				void* _t38;
				char _t39;
				unsigned int _t40;
				char _t41;
				signed int _t42;
				void* _t52;
				void* _t54;
				intOrPtr _t56;
				signed long long _t71;
				signed long long _t72;
				void* _t77;
				long long _t81;
				intOrPtr* _t83;
				signed short* _t84;

				_a8 = __rbx;
				_t77 = __rcx;
				if( *((intOrPtr*)(__rcx + 0x47c)) != 1) {
					_t71 =  *((intOrPtr*)(__rcx + 0xdec));
					__eflags = _t38 - 0x63;
					if(__eflags <= 0) {
						__eflags =  *((intOrPtr*)(__rcx + 0x478)) - 1;
						_t72 = _t71 + _t71 * 2;
						if( *((intOrPtr*)(__rcx + 0x478)) != 1) {
							_t84 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x490 + _t72 * 8))));
							goto L19;
						} else {
							_t56 =  *((intOrPtr*)(__rcx + 0x3c));
							_t22 = _t77 + 0x488; // 0x4e0
							r9b =  *((intOrPtr*)(__rcx + 0x41));
							_t83 = _t22 + _t72 * 8;
							__eflags =  *_t83;
							if( *_t83 != 0) {
								_v24 = _t56;
								r8d = 3;
								__eflags = E0295B05C(__ebx, __rcx, __rcx, _t83, _t84, __r9, __r10);
								if(__eflags != 0) {
									goto L19;
								} else {
									E02971538(__eflags, _t72);
									 *_t72 = 0x16;
									E02970D4C();
									_t39 = 0;
								}
							} else {
								 *_t83 = 3;
								 *((intOrPtr*)(_t83 + 4)) = r9b;
								 *((intOrPtr*)(_t83 + 0x10)) = _t56;
								L19:
								_t39 = 1;
							}
						}
						__eflags = _t39;
						if(_t39 != 0) {
							goto L2;
						} else {
							goto L21;
						}
					} else {
						E02971538(__eflags, _t71);
						 *_t71 = 0x16;
						E02970D4C();
						L21:
						_t41 = 0;
					}
				} else {
					 *((long long*)(__rcx + 0x20)) =  *((long long*)(__rcx + 0x20)) + 8;
					_t84 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x20)) - 8));
					L2:
					if( *((intOrPtr*)(_t77 + 0x478)) != 1 ||  *((intOrPtr*)(_t77 + 0x47c)) == 1) {
						if(_t84 == 0) {
							L26:
							 *((long long*)(_t77 + 0x48)) = "(null)";
							_t40 = 6;
							goto L27;
						} else {
							_t81 = _t84[4];
							if(_t81 == 0) {
								goto L26;
							} else {
								_t52 =  *((intOrPtr*)(_t77 + 0x3c)) - 2;
								if(_t52 == 0) {
									L23:
									_t42 = 0;
									__eflags = 0;
								} else {
									_t54 = _t52 - 1;
									if(_t54 == 0 || _t54 == 9) {
										_t42 = 1;
									} else {
										if( *((intOrPtr*)(_t77 + 0x3c)) == 0xd) {
											goto L23;
										} else {
											_t42 =  *((intOrPtr*)(_t77 + 0x41)) - 0x00000063 & 0xffffff00 | ( *((intOrPtr*)(_t77 + 0x41)) - 0x00000063 & 0x000000ef) != 0x00000000;
										}
									}
								}
								 *((long long*)(_t77 + 0x48)) = _t81;
								_t40 =  *_t84 & 0xffff;
								if(_t42 == 0) {
									L27:
									 *((char*)(_t77 + 0x54)) = 0;
								} else {
									 *((char*)(_t77 + 0x54)) = 1;
									_t40 = _t40 >> 1;
								}
							}
						}
						 *(_t77 + 0x50) = _t40;
					}
					_t41 = 1;
				}
				return _t41;
			}

0x02962b8c
0x02962b98
0x02962ba2
0x02962c14
0x02962c1b
0x02962c1e
0x02962c32
0x02962c39
0x02962c3d
0x02962c96
0x00000000
0x02962c3f
0x02962c3f
0x02962c42
0x02962c49
0x02962c4d
0x02962c51
0x02962c53
0x02962c64
0x02962c68
0x02962c76
0x02962c78
0x00000000
0x02962c7a
0x02962c7a
0x02962c7f
0x02962c85
0x02962c8a
0x02962c8a
0x02962c55
0x02962c55
0x02962c5b
0x02962c5f
0x02962c99
0x02962c99
0x02962c99
0x02962c53
0x02962c9b
0x02962c9d
0x00000000
0x00000000
0x00000000
0x00000000
0x02962c20
0x02962c20
0x02962c25
0x02962c2b
0x02962ca3
0x02962ca3
0x02962ca3
0x02962ba4
0x02962ba4
0x02962bad
0x02962bb1
0x02962bb8
0x02962bca
0x02962cc3
0x02962cca
0x02962cce
0x00000000
0x02962bd0
0x02962bd0
0x02962bd7
0x00000000
0x02962bdd
0x02962be0
0x02962be3
0x02962cab
0x02962cab
0x02962cab
0x02962be9
0x02962be9
0x02962bec
0x02962ca7
0x02962bfb
0x02962bff
0x00000000
0x02962c05
0x02962c0c
0x02962c0c
0x02962bff
0x02962bec
0x02962cad
0x02962cb6
0x02962cb9
0x02962cd3
0x02962cd3
0x02962cbb
0x02962cbb
0x02962cbf
0x02962cbf
0x02962cb9
0x02962bd7
0x02962cd7
0x02962cd7
0x02962cda
0x02962cda
0x02962ce6

APIs

_invalid_parameter_noinfo.LIBCMT ref: 02962C2B
_invalid_parameter_noinfo.LIBCMT ref: 02962C85

Strings

(null), xrefs: 02962CC3

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: (null)
API String ID: 3215553584-3941151225
Opcode ID: b37b8c0adbe8744ca738b82aa2d9504431af60b7ceba45846a0237ef953e6804
Instruction ID: f03ab9fb0759e8b3feeae2e6a312972a611830c90edc2847f58ab35cce68c322
Opcode Fuzzy Hash: b37b8c0adbe8744ca738b82aa2d9504431af60b7ceba45846a0237ef953e6804
Instruction Fuzzy Hash: 2B319276904744CACB198F29D9483BC37EAE756B4CF14856ACF590B314DB3EC096DB10

Uniqueness

Uniqueness Score: -1.00%

Function 02962940 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 92
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E02962940(void* __ebx, void* __edx, long long __rbx, void* __rcx, void* __r8, void* __r9, void* __r10, long long _a8) {
				intOrPtr _v24;
				void* __rdi;
				void* _t38;
				char _t39;
				unsigned int _t40;
				char _t41;
				signed int _t42;
				void* _t52;
				void* _t54;
				intOrPtr _t56;
				signed long long _t71;
				signed long long _t72;
				void* _t77;
				long long _t81;
				intOrPtr* _t83;
				signed short* _t84;

				_a8 = __rbx;
				_t77 = __rcx;
				if( *((intOrPtr*)(__rcx + 0x47c)) != 1) {
					_t71 =  *((intOrPtr*)(__rcx + 0xdec));
					__eflags = _t38 - 0x63;
					if(__eflags <= 0) {
						__eflags =  *((intOrPtr*)(__rcx + 0x478)) - 1;
						_t72 = _t71 + _t71 * 2;
						if( *((intOrPtr*)(__rcx + 0x478)) != 1) {
							_t84 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x490 + _t72 * 8))));
							goto L19;
						} else {
							_t56 =  *((intOrPtr*)(__rcx + 0x3c));
							_t22 = _t77 + 0x488; // 0x4e0
							r9b =  *((intOrPtr*)(__rcx + 0x41));
							_t83 = _t22 + _t72 * 8;
							__eflags =  *_t83;
							if( *_t83 != 0) {
								_v24 = _t56;
								r8d = 3;
								__eflags = E0295AE2C(__ebx, __rcx, __rcx, _t83, _t84, __r9, __r10);
								if(__eflags != 0) {
									goto L19;
								} else {
									E02971538(__eflags, _t72);
									 *_t72 = 0x16;
									E02970D4C();
									_t39 = 0;
								}
							} else {
								 *_t83 = 3;
								 *((intOrPtr*)(_t83 + 4)) = r9b;
								 *((intOrPtr*)(_t83 + 0x10)) = _t56;
								L19:
								_t39 = 1;
							}
						}
						__eflags = _t39;
						if(_t39 != 0) {
							goto L2;
						} else {
							goto L21;
						}
					} else {
						E02971538(__eflags, _t71);
						 *_t71 = 0x16;
						E02970D4C();
						L21:
						_t41 = 0;
					}
				} else {
					 *((long long*)(__rcx + 0x20)) =  *((long long*)(__rcx + 0x20)) + 8;
					_t84 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x20)) - 8));
					L2:
					if( *((intOrPtr*)(_t77 + 0x478)) != 1 ||  *((intOrPtr*)(_t77 + 0x47c)) == 1) {
						if(_t84 == 0) {
							L26:
							 *((long long*)(_t77 + 0x48)) = "(null)";
							_t40 = 6;
							goto L27;
						} else {
							_t81 = _t84[4];
							if(_t81 == 0) {
								goto L26;
							} else {
								_t52 =  *((intOrPtr*)(_t77 + 0x3c)) - 2;
								if(_t52 == 0) {
									L23:
									_t42 = 0;
									__eflags = 0;
								} else {
									_t54 = _t52 - 1;
									if(_t54 == 0 || _t54 == 9) {
										_t42 = 1;
									} else {
										if( *((intOrPtr*)(_t77 + 0x3c)) == 0xd) {
											goto L23;
										} else {
											_t42 =  *((intOrPtr*)(_t77 + 0x41)) - 0x00000063 & 0xffffff00 | ( *((intOrPtr*)(_t77 + 0x41)) - 0x00000063 & 0x000000ef) != 0x00000000;
										}
									}
								}
								 *((long long*)(_t77 + 0x48)) = _t81;
								_t40 =  *_t84 & 0xffff;
								if(_t42 == 0) {
									L27:
									 *((char*)(_t77 + 0x54)) = 0;
								} else {
									 *((char*)(_t77 + 0x54)) = 1;
									_t40 = _t40 >> 1;
								}
							}
						}
						 *(_t77 + 0x50) = _t40;
					}
					_t41 = 1;
				}
				return _t41;
			}

0x02962940
0x0296294c
0x02962956
0x029629c8
0x029629cf
0x029629d2
0x029629e6
0x029629ed
0x029629f1
0x02962a4a
0x00000000
0x029629f3
0x029629f3
0x029629f6
0x029629fd
0x02962a01
0x02962a05
0x02962a07
0x02962a18
0x02962a1c
0x02962a2a
0x02962a2c
0x00000000
0x02962a2e
0x02962a2e
0x02962a33
0x02962a39
0x02962a3e
0x02962a3e
0x02962a09
0x02962a09
0x02962a0f
0x02962a13
0x02962a4d
0x02962a4d
0x02962a4d
0x02962a07
0x02962a4f
0x02962a51
0x00000000
0x00000000
0x00000000
0x00000000
0x029629d4
0x029629d4
0x029629d9
0x029629df
0x02962a57
0x02962a57
0x02962a57
0x02962958
0x02962958
0x02962961
0x02962965
0x0296296c
0x0296297e
0x02962a77
0x02962a7e
0x02962a82
0x00000000
0x02962984
0x02962984
0x0296298b
0x00000000
0x02962991
0x02962994
0x02962997
0x02962a5f
0x02962a5f
0x02962a5f
0x0296299d
0x0296299d
0x029629a0
0x02962a5b
0x029629af
0x029629b3
0x00000000
0x029629b9
0x029629c0
0x029629c0
0x029629b3
0x029629a0
0x02962a61
0x02962a6a
0x02962a6d
0x02962a87
0x02962a87
0x02962a6f
0x02962a6f
0x02962a73
0x02962a73
0x02962a6d
0x0296298b
0x02962a8b
0x02962a8b
0x02962a8e
0x02962a8e
0x02962a9a

APIs

_invalid_parameter_noinfo.LIBCMT ref: 029629DF
_invalid_parameter_noinfo.LIBCMT ref: 02962A39

Strings

(null), xrefs: 02962A77

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: (null)
API String ID: 3215553584-3941151225
Opcode ID: 5b27015c2c6490541f116adc7235e5fe7fc569d72bebe6fd96963ec027d7ae1d
Instruction ID: da3302baaf830b826da6bfc50a26c403bf4cc4def56068441c336fddb734a7c2
Opcode Fuzzy Hash: 5b27015c2c6490541f116adc7235e5fe7fc569d72bebe6fd96963ec027d7ae1d
Instruction Fuzzy Hash: 4E31AF76904780CAEB298F29C2483BC37E9E746B8CF585529CF491B359DBBBC056CB10

Uniqueness

Uniqueness Score: -1.00%

Function 02963018 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E02963018(intOrPtr __ecx, long long __rbx, intOrPtr* __rcx, long long __rsi, void* __r9, void* __r10, long long _a8, long long _a16) {
				intOrPtr _v24;
				char _t35;
				unsigned int _t36;
				char _t37;
				void* _t38;
				intOrPtr _t44;
				signed long long _t55;
				signed long long _t56;
				intOrPtr* _t61;
				intOrPtr* _t67;
				signed short* _t68;
				long long _t71;

				_t44 = __ecx;
				_a8 = __rbx;
				_a16 = __rsi;
				_t61 = __rcx;
				if( *((intOrPtr*)(__rcx + 0x47c)) != 1) {
					_t55 =  *((intOrPtr*)(__rcx + 0xdec));
					__eflags = _t35 - 0x63;
					if(__eflags <= 0) {
						__eflags =  *((intOrPtr*)(__rcx + 0x478)) - 1;
						_t56 = _t55 + _t55 * 2;
						if( *((intOrPtr*)(__rcx + 0x478)) != 1) {
							_t68 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x490 + _t56 * 8))));
							goto L16;
						} else {
							_t44 =  *((intOrPtr*)(__rcx + 0x3c));
							r9d =  *(__rcx + 0x42) & 0x0000ffff;
							_t67 = __rcx + 0x488 + _t56 * 8;
							__eflags =  *_t67;
							if( *_t67 != 0) {
								_v24 = _t44;
								r8d = 3;
								__eflags = E0295B48C(_t44, __rcx, __rcx, _t67, __rsi, __r10);
								if(__eflags != 0) {
									goto L16;
								} else {
									E02971538(__eflags, _t56);
									 *_t56 = 0x16;
									E02970D4C();
									_t35 = 0;
								}
							} else {
								 *_t67 = 3;
								 *((intOrPtr*)(_t67 + 4)) = r9w;
								 *((intOrPtr*)(_t67 + 0x10)) = _t44;
								L16:
								_t35 = 1;
							}
						}
						__eflags = _t35;
						if(_t35 != 0) {
							goto L2;
						} else {
							goto L18;
						}
					} else {
						E02971538(__eflags, _t55);
						 *_t55 = 0x16;
						E02970D4C();
						L18:
						_t37 = 0;
					}
				} else {
					 *((long long*)(__rcx + 0x20)) =  *((long long*)(__rcx + 0x20)) + 8;
					_t68 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x20)) - 8));
					L2:
					if( *((intOrPtr*)(_t61 + 0x478)) != 1 ||  *((intOrPtr*)(_t61 + 0x47c)) == 1) {
						if(_t68 == 0) {
							L19:
							 *((long long*)(_t61 + 0x48)) = "(null)";
							_t36 = 6;
							goto L20;
						} else {
							_t71 = _t68[4];
							if(_t71 == 0) {
								goto L19;
							} else {
								r8d =  *((intOrPtr*)(_t61 + 0x3c));
								_t38 = L02957DC8(_t35, _t44,  *(_t61 + 0x42) & 0x0000ffff,  *_t61);
								 *((long long*)(_t61 + 0x48)) = _t71;
								_t36 =  *_t68 & 0xffff;
								if(_t38 == 0) {
									L20:
									 *((char*)(_t61 + 0x54)) = 0;
								} else {
									 *((char*)(_t61 + 0x54)) = 1;
									_t36 = _t36 >> 1;
								}
							}
						}
						 *(_t61 + 0x50) = _t36;
					}
					_t37 = 1;
				}
				return _t37;
			}

0x02963018
0x02963018
0x0296301d
0x02963029
0x02963033
0x0296309b
0x029630a2
0x029630a5
0x029630b9
0x029630c0
0x029630c4
0x0296311f
0x00000000
0x029630c6
0x029630c6
0x029630d0
0x029630d5
0x029630d9
0x029630db
0x029630ed
0x029630f1
0x029630ff
0x02963101
0x00000000
0x02963103
0x02963103
0x02963108
0x0296310e
0x02963113
0x02963113
0x029630dd
0x029630dd
0x029630e3
0x029630e8
0x02963122
0x02963122
0x02963122
0x029630db
0x02963124
0x02963126
0x00000000
0x00000000
0x00000000
0x00000000
0x029630a7
0x029630a7
0x029630ac
0x029630b2
0x0296312c
0x0296312c
0x0296312c
0x02963035
0x02963035
0x0296303e
0x02963042
0x02963049
0x0296305b
0x02963130
0x02963137
0x0296313b
0x00000000
0x02963061
0x02963061
0x02963068
0x00000000
0x0296306e
0x0296306e
0x02963079
0x0296307e
0x02963087
0x0296308a
0x02963140
0x02963140
0x02963090
0x02963090
0x02963094
0x02963094
0x0296308a
0x02963068
0x02963144
0x02963144
0x02963147
0x02963147
0x02963158

APIs

_invalid_parameter_noinfo.LIBCMT ref: 029630B2
_invalid_parameter_noinfo.LIBCMT ref: 0296310E

Strings

(null), xrefs: 02963130

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: (null)
API String ID: 3215553584-3941151225
Opcode ID: 06ecacb17abbc9c0393f1956dd4d7a7ec68ecca6b0923f3cf983fa47178862b4
Instruction ID: cccd74304f8d5217f1823bd3c7d64a266f16d2440683f321e0321c5d5465919a
Opcode Fuzzy Hash: 06ecacb17abbc9c0393f1956dd4d7a7ec68ecca6b0923f3cf983fa47178862b4
Instruction Fuzzy Hash: A1318B72604790C6DB548F29D5483BC77E9F746F8CF55416ACB890B718DB3AC09ACB18

Uniqueness

Uniqueness Score: -1.00%

Function 02962DDC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E02962DDC(intOrPtr __ecx, long long __rbx, intOrPtr* __rcx, long long __rsi, void* __r9, void* __r10, long long _a8, long long _a16) {
				intOrPtr _v24;
				char _t35;
				unsigned int _t36;
				char _t37;
				void* _t38;
				intOrPtr _t44;
				signed long long _t55;
				signed long long _t56;
				intOrPtr* _t61;
				intOrPtr* _t67;
				signed short* _t68;
				long long _t71;

				_t44 = __ecx;
				_a8 = __rbx;
				_a16 = __rsi;
				_t61 = __rcx;
				if( *((intOrPtr*)(__rcx + 0x47c)) != 1) {
					_t55 =  *((intOrPtr*)(__rcx + 0xdec));
					__eflags = _t35 - 0x63;
					if(__eflags <= 0) {
						__eflags =  *((intOrPtr*)(__rcx + 0x478)) - 1;
						_t56 = _t55 + _t55 * 2;
						if( *((intOrPtr*)(__rcx + 0x478)) != 1) {
							_t68 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x490 + _t56 * 8))));
							goto L16;
						} else {
							_t44 =  *((intOrPtr*)(__rcx + 0x3c));
							r9d =  *(__rcx + 0x42) & 0x0000ffff;
							_t67 = __rcx + 0x488 + _t56 * 8;
							__eflags =  *_t67;
							if( *_t67 != 0) {
								_v24 = _t44;
								r8d = 3;
								__eflags = E0295B28C(_t44, __rcx, __rcx, _t67, __rsi, __r10);
								if(__eflags != 0) {
									goto L16;
								} else {
									E02971538(__eflags, _t56);
									 *_t56 = 0x16;
									E02970D4C();
									_t35 = 0;
								}
							} else {
								 *_t67 = 3;
								 *((intOrPtr*)(_t67 + 4)) = r9w;
								 *((intOrPtr*)(_t67 + 0x10)) = _t44;
								L16:
								_t35 = 1;
							}
						}
						__eflags = _t35;
						if(_t35 != 0) {
							goto L2;
						} else {
							goto L18;
						}
					} else {
						E02971538(__eflags, _t55);
						 *_t55 = 0x16;
						E02970D4C();
						L18:
						_t37 = 0;
					}
				} else {
					 *((long long*)(__rcx + 0x20)) =  *((long long*)(__rcx + 0x20)) + 8;
					_t68 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x20)) - 8));
					L2:
					if( *((intOrPtr*)(_t61 + 0x478)) != 1 ||  *((intOrPtr*)(_t61 + 0x47c)) == 1) {
						if(_t68 == 0) {
							L19:
							 *((long long*)(_t61 + 0x48)) = "(null)";
							_t36 = 6;
							goto L20;
						} else {
							_t71 = _t68[4];
							if(_t71 == 0) {
								goto L19;
							} else {
								r8d =  *((intOrPtr*)(_t61 + 0x3c));
								_t38 = L02957DC8(_t35, _t44,  *(_t61 + 0x42) & 0x0000ffff,  *_t61);
								 *((long long*)(_t61 + 0x48)) = _t71;
								_t36 =  *_t68 & 0xffff;
								if(_t38 == 0) {
									L20:
									 *((char*)(_t61 + 0x54)) = 0;
								} else {
									 *((char*)(_t61 + 0x54)) = 1;
									_t36 = _t36 >> 1;
								}
							}
						}
						 *(_t61 + 0x50) = _t36;
					}
					_t37 = 1;
				}
				return _t37;
			}

0x02962ddc
0x02962ddc
0x02962de1
0x02962ded
0x02962df7
0x02962e5f
0x02962e66
0x02962e69
0x02962e7d
0x02962e84
0x02962e88
0x02962ee3
0x00000000
0x02962e8a
0x02962e8a
0x02962e94
0x02962e99
0x02962e9d
0x02962e9f
0x02962eb1
0x02962eb5
0x02962ec3
0x02962ec5
0x00000000
0x02962ec7
0x02962ec7
0x02962ecc
0x02962ed2
0x02962ed7
0x02962ed7
0x02962ea1
0x02962ea1
0x02962ea7
0x02962eac
0x02962ee6
0x02962ee6
0x02962ee6
0x02962e9f
0x02962ee8
0x02962eea
0x00000000
0x00000000
0x00000000
0x00000000
0x02962e6b
0x02962e6b
0x02962e70
0x02962e76
0x02962ef0
0x02962ef0
0x02962ef0
0x02962df9
0x02962df9
0x02962e02
0x02962e06
0x02962e0d
0x02962e1f
0x02962ef4
0x02962efb
0x02962eff
0x00000000
0x02962e25
0x02962e25
0x02962e2c
0x00000000
0x02962e32
0x02962e32
0x02962e3d
0x02962e42
0x02962e4b
0x02962e4e
0x02962f04
0x02962f04
0x02962e54
0x02962e54
0x02962e58
0x02962e58
0x02962e4e
0x02962e2c
0x02962f08
0x02962f08
0x02962f0b
0x02962f0b
0x02962f1c

APIs

_invalid_parameter_noinfo.LIBCMT ref: 02962E76
_invalid_parameter_noinfo.LIBCMT ref: 02962ED2

Strings

(null), xrefs: 02962EF4

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: (null)
API String ID: 3215553584-3941151225
Opcode ID: 9f782088c571050d9e62132c3b8517e1b64019a12b3f3a43610177accad4661c
Instruction ID: 442654cf3705e5bf74401d17170fbd6ff7e63483605ad4609776b5b1d073cb66
Opcode Fuzzy Hash: 9f782088c571050d9e62132c3b8517e1b64019a12b3f3a43610177accad4661c
Instruction Fuzzy Hash: 97318A72A04B90CADB198F69D14837C77A9F745F88F54453ACF880B718DB3AC096CB20

Uniqueness

Uniqueness Score: -1.00%

Function 029429E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56
COMMON

Download Yara Rule

C-Code - Quality: 52%

			E029429E0(void* __ecx, void* __rbx, void* __r8, void* __r9) {
				signed int _v24;
				char _v136;
				signed int _t9;
				void* _t12;
				int _t14;
				void* _t16;
				signed long long _t25;
				void* _t28;
				intOrPtr* _t29;
				signed long long _t30;
				intOrPtr _t31;
				signed long long _t45;

				_t28 = __rbx;
				_t20 = __ecx;
				_t25 =  *0x29a61e8; // 0xc99624406909
				_t26 = _t25 ^ _t45;
				_v24 = _t25 ^ _t45;
				_t9 =  *0x29a6000 & 0x000000ff;
				if(_t9 != 2) {
					if(__eflags < 0) {
						_t29 =  *0x29a7f90; // 0x0
						__eflags = _t29;
						if(_t29 == 0) {
							_t30 =  *0x29a7fe8; // 0x0
							__eflags = _t30;
							if(_t30 != 0) {
								E0296B140(_t26, _t30);
							}
							_t31 =  *0x29a7fe0; // 0x0
							_t9 = L0293BFC0(_t26, _t28, _t31);
							goto L12;
						} else {
							_t12 =  *((intOrPtr*)( *_t29 + 0x10))();
							 *0x29a7f90 = 0;
							__eflags = _v24 ^ _t45;
							return L029438C0(_t12, __ecx,  *_t29, _v24 ^ _t45);
						}
					} else {
						__eflags = _t9 - 4;
						if(_t9 != 4) {
							L12:
							__eflags = _v24 ^ _t45;
							return L029438C0(_t9, _t20, _t26, _v24 ^ _t45);
						} else {
							_t14 = FreeLibrary();
							__eflags = _v24 ^ _t45;
							return L029438C0(_t14, __ecx, _t26, _v24 ^ _t45);
						}
					}
				} else {
					_t16 =  *0x29a7f50();
					if(_t16 != 0) {
						r8d = _t16;
						E029422D0(_t26,  &_v136, "ADL error code: %d", __r8, __r9);
						E029423A0();
					}
					return L029438C0(FreeLibrary(), _t20, _t26, _v24 ^ _t45);
				}
			}

0x029429e0
0x029429e0
0x029429e7
0x029429ee
0x029429f1
0x029429f9
0x02942a02
0x02942a56
0x02942a81
0x02942a88
0x02942a8b
0x02942ab6
0x02942abd
0x02942ac0
0x02942ac2
0x02942ac2
0x02942ac7
0x02942ace
0x00000000
0x02942a8d
0x02942a90
0x02942a93
0x02942aa6
0x02942ab5
0x02942ab5
0x02942a58
0x02942a58
0x02942a5a
0x02942ad3
0x02942adb
0x02942aea
0x02942a5c
0x02942a63
0x02942a71
0x02942a80
0x02942a80
0x02942a5a
0x02942a04
0x02942a04
0x02942a0c
0x02942a0e
0x02942a1d
0x02942a2c
0x02942a2c
0x02942a55
0x02942a55

APIs

FreeLibrary.KERNEL32 ref: 02942A38
FreeLibrary.KERNEL32 ref: 02942A63

Strings

ADL error code: %d, xrefs: 02942A11

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: FreeLibrary
String ID: ADL error code: %d
API String ID: 3664257935-1343215589
Opcode ID: 60d50c15bd51621ada85848a7430d7ed88648d1c9a0769becbdbe707767282c2
Instruction ID: 8b68083258c1f55dda699975559b1734da0b61f0d77bdcec3129fcea059781bb
Opcode Fuzzy Hash: 60d50c15bd51621ada85848a7430d7ed88648d1c9a0769becbdbe707767282c2
Instruction Fuzzy Hash: BB212E25B10A8085FE70EB71E86A77E6365FBC5B88F841026DD8E477A5DF2CC1468B81

Uniqueness

Uniqueness Score: -1.00%

Function 0298F0A8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 47%

			E0298F0A8(char __ecx, void* __edx, void* __edi, void* __rdx, void* __rsi, void* __r8, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40, intOrPtr _a44, intOrPtr _a48) {
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				long long _v48;
				char _v56;
				void* __rbx;
				void* _t21;
				char _t30;
				void* _t34;
				void* _t36;
				intOrPtr* _t42;
				long long _t45;
				void* _t46;
				intOrPtr _t48;
				void* _t51;
				void* _t52;

				_t52 = __rsi;
				_t51 = __rdx;
				_t36 = __edi;
				_t34 = __edx;
				asm("movsd [esp+0x20], xmm3");
				asm("movsd [esp+0x18], xmm2");
				_push(_t46);
				_t30 = __ecx;
				_t42 = 0x299c6c0;
				r8d = 0;
				while( *_t42 != _t34) {
					r8d = r8d + 1;
					_t42 = _t42 + 0x10;
					if(_t42 < 0x299c890) {
						continue;
					} else {
					}
					L5:
					_t48 = _a48;
					_v48 = _t45;
					if(_t45 == 0) {
						E0298F19C(_t30, _t36, _t46, _t48, _t51, _t52);
						_t21 = E0298F078(_t30, _t45, _t48);
						asm("movsd xmm0, [esp+0x80]");
					} else {
						_v40 = _a24;
						_v36 = _a28;
						_v32 = _a32;
						_v28 = _a36;
						_v24 = _a40;
						_v20 = _a44;
						_v56 = _t30;
						E0298F19C(_t30, _t36, _t46, _t48, _t51, _t52);
						_t21 = E0297E1B0(0xffc0,  &_v56);
						if(_t21 == 0) {
							_t21 = E0298F078(_t30, _t45,  &_v56);
						}
						asm("movsd xmm0, [esp+0x40]");
					}
					return _t21;
				}
				_t45 =  *((intOrPtr*)(0x299c6c0 + 8 + (r8d + r8d) * 8));
				goto L5;
			}

0x0298f0a8
0x0298f0a8
0x0298f0a8
0x0298f0a8
0x0298f0a8
0x0298f0ae
0x0298f0b4
0x0298f0c0
0x0298f0c2
0x0298f0c5
0x0298f0c8
0x0298f0cc
0x0298f0d6
0x0298f0dd
0x00000000
0x0298f0df
0x0298f0df
0x0298f0ee
0x0298f0ee
0x0298f0fb
0x0298f103
0x0298f161
0x0298f168
0x0298f16d
0x0298f105
0x0298f109
0x0298f111
0x0298f119
0x0298f121
0x0298f12c
0x0298f137
0x0298f13b
0x0298f13f
0x0298f149
0x0298f150
0x0298f154
0x0298f154
0x0298f159
0x0298f159
0x0298f17b
0x0298f17b
0x0298f0e9
0x00000000

APIs

_set_errno_from_matherr.LIBCMT ref: 0298F154
_set_errno_from_matherr.LIBCMT ref: 0298F168

Strings

exp, xrefs: 0298F0CF

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: _set_errno_from_matherr
String ID: exp
API String ID: 1187470696-113136155
Opcode ID: 706d48d6202cbfebf382244dee7d98a6e21f97c9050fe6dbb82540646eefde6a
Instruction ID: 12cb1363fc81247e1143f795cad13e6dc5640e64444beb565fe5c1168911a98b
Opcode Fuzzy Hash: 706d48d6202cbfebf382244dee7d98a6e21f97c9050fe6dbb82540646eefde6a
Instruction Fuzzy Hash: EE11ED36619644CBD760EF28E44072AB7B1F7D9744F946629EA8EC6B19EB3DC4448F00

Uniqueness

Uniqueness Score: -1.00%

Function 029782E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 25%

			E029782E0(void* __edx, void* __eflags, void* __rax, long long __rbx, void* __rcx, long long __rsi, long long __rbp, void* __r8, long long _a8, long long _a16, long long _a24, long long _a40, intOrPtr _a48, long long _a56, long long _a64, long long _a72) {
				long long _v24;
				long long _v32;
				long long _v40;
				intOrPtr _v48;
				long long _v56;
				int _t24;
				void* _t25;
				void* _t36;
				void* _t51;

				_t48 = __rsi;
				_t38 = __rbx;
				_t36 = __rax;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t25 = r9d;
				_t51 = __rcx;
				E029775E8(0x14, __rbx, "LCMapStringEx", __rsi, 0x2995438, "LCMapStringEx");
				if(_t36 == 0) {
					__eflags = 0;
					E029783BC(0, 0, _t36, _t38, _t51, _t48, _t51);
					r9d = _t25;
					_v48 = _a48;
					_v56 = _a40;
					_t24 = LCMapStringW(??, ??, ??, ??, ??, ??);
				} else {
					r9d = _t25;
					_v24 = _a72;
					_v32 = _a64;
					_v40 = _a56;
					_v48 = _a48;
					_v56 = _a40;
					_t24 =  *0x29913c0();
				}
				return _t24;
			}

0x029782e0
0x029782e0
0x029782e0
0x029782e0
0x029782e5
0x029782ea
0x029782f4
0x02978303
0x02978319
0x02978321
0x02978375
0x0297837a
0x02978381
0x0297838e
0x0297839c
0x029783a1
0x02978323
0x0297832b
0x02978338
0x02978340
0x0297834d
0x02978359
0x02978365
0x0297836d
0x0297836d
0x029783bb

APIs

try_get_function.LIBVCRUNTIME ref: 02978319
LCMapStringW.KERNEL32 ref: 029783A1

Strings

LCMapStringEx, xrefs: 029782FC, 0297830D

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: Stringtry_get_function
String ID: LCMapStringEx
API String ID: 2588686239-3893581201
Opcode ID: 4b443eceb193eec84ba218f84938029b98aa70bc9ee7f8882b3bbd79300926d0
Instruction ID: 67ce34448e64f84232ed2c61453e1ab979dabf4aba63183a88b9a27a6786e383
Opcode Fuzzy Hash: 4b443eceb193eec84ba218f84938029b98aa70bc9ee7f8882b3bbd79300926d0
Instruction Fuzzy Hash: 9811E436608BC086DB64CF5AF48439AB7A5F7C9B94F54412AEECD93B28DF38C5548B40

Uniqueness

Uniqueness Score: -1.00%

Function 02978050 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44
timeCOMMON

Download Yara Rule

C-Code - Quality: 25%

			E02978050(void* __edx, void* __eflags, void* __rax, long long __rbx, void* __rcx, long long __rsi, long long __rbp, void* __r8, void* __r9, long long _a8, long long _a16, long long _a24, long long _a40, intOrPtr _a48) {
				intOrPtr _v32;
				long long _v40;
				int _t18;
				void* _t28;
				void* _t42;

				_t39 = __rsi;
				_t28 = __rax;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t42 = __rcx;
				E029775E8(0xe, __r9, "GetTimeFormatEx", __rsi, 0x2995368, "GetTimeFormatEx");
				if(_t28 == 0) {
					__eflags = 0;
					E029783BC(0, 0, _t28, __r9, _t42, _t39, _t42);
					_v32 = _a48;
					_v40 = _a40;
					_t18 = GetTimeFormatW(??, ??, ??, ??, ??, ??);
				} else {
					r8d = _a48;
					_v32 = r8d;
					_v40 = _a40;
					_t18 =  *0x29913c0();
				}
				return _t18;
			}

0x02978050
0x02978050
0x02978050
0x02978055
0x0297805a
0x02978073
0x02978089
0x02978091
0x029780ba
0x029780bf
0x029780d0
0x029780db
0x029780e0
0x02978093
0x02978093
0x029780a2
0x029780aa
0x029780b2
0x029780b2
0x029780fa

APIs

try_get_function.LIBVCRUNTIME ref: 02978089
GetTimeFormatW.KERNEL32 ref: 029780E0

Strings

GetTimeFormatEx, xrefs: 0297806C, 0297807D

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: FormatTimetry_get_function
String ID: GetTimeFormatEx
API String ID: 3261793192-1692793031
Opcode ID: 1189b89d73539275f6a3fe87b15a692e14a8dd4a3b60e49b793d488d8a9e5315
Instruction ID: 95a04546f0c2c3f1f402078dde2785ce3e65cc4a22f83faebf4f2ff727b56710
Opcode Fuzzy Hash: 1189b89d73539275f6a3fe87b15a692e14a8dd4a3b60e49b793d488d8a9e5315
Instruction Fuzzy Hash: 9C112E75608B80C6DB10DB5AB40438AB7A5F788BE4F58422AEE8D53B28DE78C555CF40

Uniqueness

Uniqueness Score: -1.00%

Function 029780FC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26
COMMON

Download Yara Rule

C-Code - Quality: 47%

			E029780FC(void* __edx, void* __edi, void* __eflags, void* __rax, long long __rbx, void* __rcx, void* __r11, long long _a8) {
				int _t4;
				void* _t5;
				void* _t6;
				void* _t14;
				void* _t21;
				void* _t22;
				void* _t23;

				_t15 = __rbx;
				_t14 = __rax;
				_a8 = __rbx;
				_t6 = __edx;
				_t21 = __rcx;
				E029775E8(0xf, __rbx, "GetUserDefaultLocaleName", _t22, 0x2995380, "GetUserDefaultLocaleName");
				if(_t14 == 0) {
					_t4 = GetUserDefaultLCID();
					r9d = 0;
					__eflags = r9d;
					r8d = _t6;
					_t5 = E02978270(_t4, __edi, r9d, _t14, _t15, _t21, _t22, _t23, __r11);
				} else {
					_t5 =  *0x29913c0();
				}
				return _t5;
			}

0x029780fc
0x029780fc
0x029780fc
0x02978106
0x0297810f
0x02978125
0x0297812d
0x0297813c
0x02978142
0x02978142
0x02978145
0x0297814d
0x0297812f
0x02978134
0x02978134
0x0297815c

APIs

try_get_function.LIBVCRUNTIME ref: 02978125
GetUserDefaultLCID.KERNEL32(?,?,000000A0,029855F4), ref: 0297813C

Strings

GetUserDefaultLocaleName, xrefs: 02978108, 02978112

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: DefaultUsertry_get_function
String ID: GetUserDefaultLocaleName
API String ID: 3217810228-151340334
Opcode ID: b33addc8ee4fc38e33354a6aa35b8ddf9868e9be53edfa814e0b126f65e49a86
Instruction ID: 90c8a3cdc07f091bfcca7b63af579df55364b6cfafbec034fcc0a7c2663c845f
Opcode Fuzzy Hash: b33addc8ee4fc38e33354a6aa35b8ddf9868e9be53edfa814e0b126f65e49a86
Instruction Fuzzy Hash: 40F06511304640D2EF195B9AFA8D7BA6362BB88BE0FC4503DDA0947B54DE78C885D700

Uniqueness

Uniqueness Score: -1.00%

Function 029781B4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 27%

			E029781B4(void* __edx, void* __eflags, void* __rax, long long __rbx, void* __rcx, long long __rsi, long long _a8, long long _a16) {
				int _t6;
				void* _t11;
				void* _t14;

				_t14 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				_t11 = r8d;
				E029775E8(0x12, __rbx, "InitializeCriticalSectionEx", __rsi, 0x29953f0, "InitializeCriticalSectionEx");
				if(_t14 == 0) {
					_t6 = InitializeCriticalSectionAndSpinCount();
				} else {
					r8d = _t11;
					_t6 =  *0x29913c0();
				}
				return _t6;
			}

0x029781b4
0x029781b4
0x029781b9
0x029781c3
0x029781e5
0x029781f2
0x029781ff
0x029781f4
0x029781f4
0x029781f7
0x029781f7
0x02978214

APIs

try_get_function.LIBVCRUNTIME ref: 029781E5
InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00000003,0296B25D), ref: 029781FF

Strings

InitializeCriticalSectionEx, xrefs: 029781C6, 029781D9

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: CountCriticalInitializeSectionSpintry_get_function
String ID: InitializeCriticalSectionEx
API String ID: 539475747-3084827643
Opcode ID: 8cd27a2a662d9414d22546bf342ab99b21b02a19b8a053514789a2763844cfef
Instruction ID: ded5ab4004f3f6e5b7accf5b274a87fb28aa6f9172f98ef553454ef5650fa066
Opcode Fuzzy Hash: 8cd27a2a662d9414d22546bf342ab99b21b02a19b8a053514789a2763844cfef
Instruction Fuzzy Hash: 6FF0E525310B80D2FB099F89F94839A6321FB88FE0F895129EE2A13B14CF78C8C5C740

Uniqueness

Uniqueness Score: -1.00%

Function 029783BC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 58%

			E029783BC(void* __edx, void* __eflags, void* __rax, long long __rbx, void* __rcx, void* __rsi, void* __rbp, long long _a8) {
				void* _t4;
				void* _t11;
				void* _t13;
				void* _t16;

				_t11 = __rax;
				_a8 = __rbx;
				_t13 = __rcx;
				E029775E8(0x16, __rcx, "LocaleNameToLCID", __rsi, 0x2995470, "LocaleNameToLCID");
				_t16 = _t13;
				if(_t11 == 0) {
					_t4 = E029874EC(_t11, _t16);
				} else {
					_t4 =  *0x29913c0();
				}
				return _t4;
			}

0x029783bc
0x029783bc
0x029783cf
0x029783e5
0x029783ea
0x029783f0
0x029783fc
0x029783f2
0x029783f4
0x029783f4
0x0297840b

APIs

try_get_function.LIBVCRUNTIME ref: 029783E5
__crtDownlevelLocaleNameToLCID.LIBCPMT ref: 029783FC

Strings

LocaleNameToLCID, xrefs: 029783C8, 029783D2

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: DownlevelLocaleName__crttry_get_function
String ID: LocaleNameToLCID
API String ID: 404522899-2050040251
Opcode ID: a81231e4a9c723bc7faba2ba0eaabee01efe6e16f7c6ab4b89239478bb4a1974
Instruction ID: 6f1cd67c0040e8ab8d417d47bbdf98dedb63ebc88eb48d0d4a946ce7788c55c3
Opcode Fuzzy Hash: a81231e4a9c723bc7faba2ba0eaabee01efe6e16f7c6ab4b89239478bb4a1974
Instruction Fuzzy Hash: 9AE0DF21300680D2EF469BA8F8483EA3327BB887A0F995036994D0B320CE38C8C6D701

Uniqueness

Uniqueness Score: -1.00%

Function 02953088 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21
COMMON

Download Yara Rule

C-Code - Quality: 27%

			E02953088(void* __ecx, void* __eflags, void* __rax, long long __rbx, void* __rdx, long long _a8) {
				int _t4;
				void* _t11;
				void* _t18;

				_t11 = __rax;
				_a8 = __rbx;
				E02952B2C(3, __rdx, "FlsSetValue", _t18, 0x2993ea0, "FlsSetValue");
				if(_t11 == 0) {
					_t4 = TlsSetValue();
				} else {
					_t4 =  *0x29913c0();
				}
				return _t4;
			}

0x02953088
0x02953088
0x029530b1
0x029530be
0x029530c8
0x029530c0
0x029530c0
0x029530c0
0x029530d8

APIs

try_get_function.LIBVCRUNTIME ref: 029530B1
TlsSetValue.KERNEL32(?,?,?,02947F79,?,?,?,?,02947C78,?,?,?,?,029446D7), ref: 029530C8

Strings

FlsSetValue, xrefs: 02953095, 0295309E

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: Valuetry_get_function
String ID: FlsSetValue
API String ID: 738293619-3750699315
Opcode ID: 3456696790d4ce49e753ab20d431088d8986cadc6a8b6d28859679133dc7f108
Instruction ID: ceca079379cb5dcde100eec9e30ec65e4cfb8d79e96db0e3bf3f2418f9774112
Opcode Fuzzy Hash: 3456696790d4ce49e753ab20d431088d8986cadc6a8b6d28859679133dc7f108
Instruction Fuzzy Hash: 71E01262710B44A2EB099FB9F4487947366BB887E0F88516A9D1A47354CF78C9C4C718

Uniqueness

Uniqueness Score: -1.00%

Function 029442C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E029442C0(void* __eflags, void* __rax) {
				char _v40;
				void* _t5;
				void* _t7;
				void* _t12;
				void* _t13;
				char* _t15;
				void* _t17;

				E02944128(_t5,  &_v40);
				_t15 =  &_v40;
				_t7 = L029478E8(_t13, _t15, 0x29a4698, _t17);
				asm("int3");
				_t12 =  !=  ?  *((void*)(_t15 + 8)) : "Unknown exception";
				return _t7;
			}

0x029442c9
0x029442d5
0x029442da
0x029442df
0x029442ec
0x029442f1

APIs

std::bad_alloc::bad_alloc.LIBCMT ref: 029442C9
_CxxThrowException.LIBVCRUNTIME ref: 029442DA

Part of subcall function 029478E8: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,029442DF), ref: 0294795D
Part of subcall function 029478E8: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,029442DF), ref: 0294798F

Strings

Unknown exception, xrefs: 029442E5

Memory Dump Source

Source File: 00000000.00000002.368667110.0000000002901000.00000020.00000001.01000000.00000008.sdmp, Offset: 02900000, based on PE: true

Associated: 00000000.00000002.368655877.0000000002900000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368744352.0000000002991000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029A6000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368756810.00000000029AA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.368765722.00000000029AC000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2900000_dp687checkversion_amd.jbxd

Similarity

API ID: Exception$FileHeaderRaiseThrowstd::bad_alloc::bad_alloc
String ID: Unknown exception
API String ID: 3561508498-410509341
Opcode ID: a51b02a3677ddbdd41c06bfd42be06c2c5ad6f0fb691dc31737653a2f065c31c
Instruction ID: 266c550cda330aeb7567f3976f7a786835ef797668945383197a2dea83b27b8a
Opcode Fuzzy Hash: a51b02a3677ddbdd41c06bfd42be06c2c5ad6f0fb691dc31737653a2f065c31c
Instruction Fuzzy Hash: C3D09E22611A8895DF10EB04D8847996335F394308F945515814D81574DF69C68ADB50

Uniqueness

Uniqueness Score: -1.00%

Function 001C4B2C Relevance: 5.1, APIs: 4, Instructions: 55
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 60%

			E001C4B2C(signed long long __rax, long long __rbx, signed int __rdx, long long __rsi, long long _a8, long long _a16) {
				long _t7;
				intOrPtr _t11;
				intOrPtr _t13;

				_t19 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				if( *0x1d1000 != 0xffffffff) {
					_t7 = GetLastError();
					E001C4F2C();
					_t28 = __rdx | 0xffffffff;
					__eflags = __rax - (__rdx | 0xffffffff);
					if(__rax != (__rdx | 0xffffffff)) {
						__eflags = __rax;
						if(__eflags == 0) {
							_t11 =  *0x1d1000; // 0x5
							_t7 = E001C4F74(_t11, __eflags, __rax, __rbx, _t28);
							__eflags = _t7;
							if(_t7 != 0) {
								calloc();
								_t13 =  *0x1d1000; // 0x5
								_t25 = __rax;
								__eflags = __rax;
								if(__eflags == 0) {
									L10:
									__eflags = 0;
									_t7 = E001C4F74(_t13, 0, _t19, _t25, _t28);
								} else {
									_t28 = __rax;
									_t7 = E001C4F74(_t13, __eflags, __rax, __rax, __rax);
									__eflags = _t7;
									if(_t7 == 0) {
										_t13 =  *0x1d1000; // 0x5
										goto L10;
									} else {
										 *(__rax + 0x78) = _t7;
										 *((long long*)(__rax + 0x80)) = 0xfffffffe;
										_t25 = __rsi;
									}
								}
								free();
							}
						} else {
						}
					}
					SetLastError();
				} else {
					_t7 = 0;
				}
				return _t7;
			}

0x001c4b2c
0x001c4b2c
0x001c4b31
0x001c4b42
0x001c4b4b
0x001c4b59
0x001c4b5e
0x001c4b64
0x001c4b67
0x001c4b69
0x001c4b6c
0x001c4b73
0x001c4b79
0x001c4b7e
0x001c4b80
0x001c4b8c
0x001c4b92
0x001c4b98
0x001c4b9b
0x001c4b9e
0x001c4bce
0x001c4bce
0x001c4bd0
0x001c4ba0
0x001c4ba0
0x001c4ba3
0x001c4ba8
0x001c4baa
0x001c4bc8
0x00000000
0x001c4bac
0x001c4bb3
0x001c4bb6
0x001c4bc0
0x001c4bc3
0x001c4baa
0x001c4bd8
0x001c4bd8
0x001c4b6e
0x001c4b6e
0x001c4b6c
0x001c4be0
0x001c4b44
0x001c4b44
0x001c4b44
0x001c4bf8

APIs

GetLastError.KERNEL32(?,?,?,001C49A1,?,?,?,?,001CC1CA,?,?,?,?,?), ref: 001C4B4B
SetLastError.KERNEL32(?,?,?,001C49A1,?,?,?,?,001CC1CA,?,?,?,?,?), ref: 001C4BE0

Memory Dump Source

Source File: 00000000.00000002.368460727.00000000001C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000000.00000002.368456644.00000000001C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.368470033.00000000001CD000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.368475414.00000000001D1000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000000.00000002.368479501.00000000001D2000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1c0000_dp687checkversion_amd.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: fcfe9833dd76a316f190f28222a65531f483fd64bfdee3458903b8af21480ea4
Instruction ID: 72402d5a825cbaba94a3875f18165d078c674e4133b38e7e2d000beeea5f4601
Opcode Fuzzy Hash: fcfe9833dd76a316f190f28222a65531f483fd64bfdee3458903b8af21480ea4
Instruction Fuzzy Hash: 41118F30709B5493EA149B76A860B652291AB68BF0F18873CE97A473D8DF3CCC91C701

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report dp687checkversion_amd.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Initial Sample

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\evb4D99.tmp

C:\Users\user\AppData\Local\Temp\evb4DD9.tmp

C:\Users\user\AppData\Local\Temp\evb4DE9.tmp

C:\Users\user\AppData\Local\Temp\evb4E19.tmp

C:\Users\user\AppData\Local\Temp\evb4E2A.tmp

Static File Info

General

File Icon

Network Behavior

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Analysis Process: dp687checkversion_amd.exePID: 7132, Parent PID: 3524

General

Chronological Activities

Analysis Process: conhost.exePID: 7140, Parent PID: 7132

General

Chronological Activities

Disassembly

Windows Analysis Report
dp687checkversion_amd.exe

Function 02943930 Relevance: 19.7, APIs: 13, Instructions: 235
COMMON

Function 029446B0 Relevance: 3.0, APIs: 2, Instructions: 23
COMMON

Function 0293E400 Relevance: 47.8, APIs: 16, Strings: 11, Instructions: 572
comCOMMONCrypto

Function 02982590 Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1207
COMMONLIBRARYCODECrypto

Function 029801C0 Relevance: 16.9, APIs: 8, Strings: 1, Instructions: 1132
COMMONCrypto

Function 0298691C Relevance: 10.7, APIs: 7, Instructions: 171
COMMON

Function 02970B04 Relevance: 9.1, APIs: 6, Instructions: 83
COMMONLIBRARYCODE

Function 0297A78C Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 119
fileCOMMON

Function 0293CF60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47
libraryloaderCOMMON

Function 0297CDD8 Relevance: 4.9, APIs: 3, Instructions: 439
stringCOMMONCrypto

Function 029814C0 Relevance: 4.8, APIs: 3, Instructions: 317
COMMONLIBRARYCODECrypto

Function 02986378 Relevance: 4.7, APIs: 3, Instructions: 169
COMMON

Function 0297F594 Relevance: 1.9, APIs: 1, Instructions: 368
COMMONCrypto

Function 02984008 Relevance: 1.8, APIs: 1, Instructions: 336
COMMONCrypto

Function 0297A2F0 Relevance: 1.6, APIs: 1, Instructions: 148
COMMONCrypto

Function 029865C4 Relevance: 1.6, APIs: 1, Instructions: 70
COMMON

Function 029861E8 Relevance: 1.6, APIs: 1, Instructions: 61
COMMON

Function 029867F0 Relevance: 1.6, APIs: 1, Instructions: 50
COMMON

Function 0298E284 Relevance: 1.5, APIs: 1, Instructions: 49
COMMON

Function 029862B8 Relevance: 1.5, APIs: 1, Instructions: 41
COMMON

Function 02986164 Relevance: 1.5, APIs: 1, Instructions: 26
COMMON

Function 029606A0 Relevance: 1.5, Strings: 1, Instructions: 210
COMMONCrypto

Function 0296216C Relevance: 1.5, Strings: 1, Instructions: 209
COMMONCrypto

Function 0296041C Relevance: 1.5, Strings: 1, Instructions: 206
COMMONCrypto

Function 0296093C Relevance: 1.5, Strings: 1, Instructions: 206
COMMONCrypto

Function 02960E28 Relevance: 1.4, Strings: 1, Instructions: 200
COMMONCrypto

Function 029610A4 Relevance: 1.4, Strings: 1, Instructions: 196
COMMONCrypto

Function 02960BC0 Relevance: 1.4, Strings: 1, Instructions: 196
COMMONLIBRARYCODECrypto

Function 029857FC Relevance: .3, Instructions: 272
COMMONCrypto

Function 029615EC Relevance: .2, Instructions: 221
COMMONCrypto

Function 0296130C Relevance: .2, Instructions: 217
COMMONCrypto

Function 0296D410 Relevance: .1, Instructions: 126
COMMONLIBRARYCODECrypto

Function 0293AB90 Relevance: 51.0, APIs: 20, Strings: 9, Instructions: 242
libraryloaderCOMMON

Function 0297872C Relevance: 36.8, APIs: 10, Strings: 11, Instructions: 57
COMMON

Function 001CA2A4 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 198
COMMONLIBRARYCODE

Function 001C26F0 Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 296
COMMONLIBRARYCODE

Function 001CB1F0 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 192
COMMONLIBRARYCODE

Function 02901370 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 124
sleepCOMMON

Function 02942FE0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 163
COMMON

Function 029432E0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 161
COMMON

Function 02942460 Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 150
COMMON

Function 02942720 Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 148
COMMON

Function 029015A0 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 72
sleepCOMMON

Function 02942D10 Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 91
COMMON

Function 02940F20 Relevance: 13.7, APIs: 2, Strings: 7, Instructions: 208
sleepCOMMON

Function 02942B60 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 87
COMMON

Function 001C2378 Relevance: 12.1, APIs: 8, Instructions: 148
COMMONLIBRARYCODE

Function 02940800 Relevance: 12.1, APIs: 1, Strings: 7, Instructions: 116
sleepCOMMON

Function 0298C234 Relevance: 10.8, APIs: 7, Instructions: 291
COMMON

Function 02941610 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 128
sleepCOMMON

Function 0298B2E0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 94
COMMON

Function 02940570 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 65
sleepCOMMON

Function 029396F0 Relevance: 10.6, APIs: 7, Instructions: 63
COMMON