Play interactive tour

Edit tour

Analysis Report Coopera.exe

Overview

General Information

Sample Name:	Coopera.exe
Analysis ID:	338151
MD5:	e6ed395de0f1e8a1ce346506452609f1
SHA1:	0029721036587ca7aa3657749e63e94e47ed76d4
SHA256:	78789f0a216d91b67b3dc6a2d0c3da7219f6eb30968c3761437367a143ab0a81
Most interesting Screenshot:

Detection

Score:	6
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to query locales information (e.g. system language)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Found potential string decryption / allocating functions

PE file contains sections with non-standard names

Program does not show much activity (idle)

Tries to load missing DLLs

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Classification

Startup

System is w10x64

Coopera.exe (PID: 5276 cmdline: 'C:\Users\user\Desktop\Coopera.exe' MD5: E6ED395DE0F1E8A1CE346506452609F1)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Users\user\Desktop\Coopera.exe

Code function: 0_2_008915E0 CertOpenStore,CertFindCertificateInStore,CryptBinaryToStringA,CryptBinaryToStringA,CertFreeCertificateContext,CertCloseStore,

0_2_008915E0

Source: Coopera.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: Coopera.exe

Static PE information: certificate valid

Source: Coopera.exe

Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:

Binary string: I:\buildagent\workspace\2771\_tmp\ffcertmanager\msvc-12.0\production\address-model-32\debug-symbols-on\link-static\runtime-link-static\threadapi-win32\threading-multi\user-interface-gui\ffcertmanager.pdb source: Coopera.exe

Source: Coopera.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: Coopera.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: Coopera.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceCodeSigningCA-1.crt0
Source: Coopera.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: Coopera.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceCodeSigningCA.crt0
Source: Coopera.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: Coopera.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: Coopera.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: Coopera.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0O
Source: Coopera.exe	String found in binary or memory: http://crl3.digicert.com/ha-cs-2011a.crl0.
Source: Coopera.exe	String found in binary or memory: http://crl3.digicert.com/sha2-ha-cs-g1.crl00
Source: Coopera.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: Coopera.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Coopera.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: Coopera.exe	String found in binary or memory: http://crl4.digicert.com/ha-cs-2011a.crl0L
Source: Coopera.exe	String found in binary or memory: http://crl4.digicert.com/sha2-ha-cs-g1.crl0L
Source: Coopera.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: Coopera.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: Coopera.exe	String found in binary or memory: http://ocsp.digicert.com0I
Source: Coopera.exe	String found in binary or memory: http://ocsp.digicert.com0P
Source: Coopera.exe	String found in binary or memory: http://ocsp.digicert.com0R
Source: Coopera.exe	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: Coopera.exe	String found in binary or memory: https://www.digicert.com/CPS0

Source: C:\Users\user\Desktop\Coopera.exe	Code function: 0_2_008DB1BD	0_2_008DB1BD
Source: C:\Users\user\Desktop\Coopera.exe	Code function: 0_2_008C510D	0_2_008C510D
Source: C:\Users\user\Desktop\Coopera.exe	Code function: 0_2_008C6342	0_2_008C6342
Source: C:\Users\user\Desktop\Coopera.exe	Code function: 0_2_008DC449	0_2_008DC449
Source: C:\Users\user\Desktop\Coopera.exe	Code function: 0_2_008D45AC	0_2_008D45AC
Source: C:\Users\user\Desktop\Coopera.exe	Code function: 0_2_008C86E6	0_2_008C86E6
Source: C:\Users\user\Desktop\Coopera.exe	Code function: 0_2_008AB7E1	0_2_008AB7E1
Source: C:\Users\user\Desktop\Coopera.exe	Code function: 0_2_008DB72F	0_2_008DB72F
Source: C:\Users\user\Desktop\Coopera.exe	Code function: 0_2_00891770	0_2_00891770
Source: C:\Users\user\Desktop\Coopera.exe	Code function: 0_2_008C6777	0_2_008C6777
Source: C:\Users\user\Desktop\Coopera.exe	Code function: 0_2_008C0870	0_2_008C0870
Source: C:\Users\user\Desktop\Coopera.exe	Code function: 0_2_008C5A36	0_2_008C5A36
Source: C:\Users\user\Desktop\Coopera.exe	Code function: 0_2_008ABA34	0_2_008ABA34
Source: C:\Users\user\Desktop\Coopera.exe	Code function: 0_2_008C6BAC	0_2_008C6BAC
Source: C:\Users\user\Desktop\Coopera.exe	Code function: 0_2_008C4BE2	0_2_008C4BE2
Source: C:\Users\user\Desktop\Coopera.exe	Code function: 0_2_008DBCA1	0_2_008DBCA1
Source: C:\Users\user\Desktop\Coopera.exe	Code function: 0_2_008DDC6E	0_2_008DDC6E
Source: C:\Users\user\Desktop\Coopera.exe	Code function: 0_2_008CAEC0	0_2_008CAEC0
Source: C:\Users\user\Desktop\Coopera.exe	Code function: 0_2_008D2ED5	0_2_008D2ED5
Source: C:\Users\user\Desktop\Coopera.exe	Code function: 0_2_008C7F10	0_2_008C7F10
Source: C:\Users\user\Desktop\Coopera.exe	Code function: 0_2_008C5F2A	0_2_008C5F2A

Source: C:\Users\user\Desktop\Coopera.exe	Code function: String function: 008BED53 appears 34 times
Source: C:\Users\user\Desktop\Coopera.exe	Code function: String function: 008C1E90 appears 51 times
Source: C:\Users\user\Desktop\Coopera.exe	Code function: String function: 008A9BFA appears 43 times
Source: C:\Users\user\Desktop\Coopera.exe	Code function: String function: 008C7EB0 appears 47 times
Source: C:\Users\user\Desktop\Coopera.exe	Code function: String function: 008C1E5D appears 84 times
Source: C:\Users\user\Desktop\Coopera.exe	Code function: String function: 008C0981 appears 39 times

Source: C:\Users\user\Desktop\Coopera.exe

Section loaded: nss3.dll

Jump to behavior

Source: Coopera.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: classification engine

Classification label: clean6.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\Coopera.exe

Code function: 0_2_008A6AA0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,

0_2_008A6AA0

Source: C:\Users\user\Desktop\Coopera.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Coopera.exe

Static PE information: certificate valid

Source: Coopera.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: Coopera.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: Coopera.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: Coopera.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Coopera.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: Coopera.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: Coopera.exe

Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source: Coopera.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Source: Coopera.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: Coopera.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: Coopera.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: Coopera.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: Coopera.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: Coopera.exe

Static PE information: section name: .dbld0

Source: C:\Users\user\Desktop\Coopera.exe	Code function: 0_2_008B60C8 push 8BFFFFFFh; iretd	0_2_008B60CD
Source: C:\Users\user\Desktop\Coopera.exe	Code function: 0_2_008F75F5 pushfd ; ret	0_2_008F7608
Source: C:\Users\user\Desktop\Coopera.exe	Code function: 0_2_008F7B05 pushfd ; retf	0_2_008F7B04
Source: C:\Users\user\Desktop\Coopera.exe	Code function: 0_2_008B5B63 push 8BFFFFFFh; iretd	0_2_008B5B68
Source: C:\Users\user\Desktop\Coopera.exe	Code function: 0_2_008C7EF5 push ecx; ret	0_2_008C7F08
Source: C:\Users\user\Desktop\Coopera.exe	Code function: 0_2_008C1E2B push ecx; ret	0_2_008C1E3E

Source: initial sample

Static PE information: section name: .dbld0 entropy: 7.10695931514

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\Coopera.exe

Code function: 0_2_008D075F EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

0_2_008D075F

Source: C:\Users\user\Desktop\Coopera.exe

0_2_008D075F

Source: C:\Users\user\Desktop\Coopera.exe

Code function: 0_2_008DD864 __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,

0_2_008DD864

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\Coopera.exe	Code function: 0_2_008C4116 SetUnhandledExceptionFilter,		0_2_008C4116
Source: C:\Users\user\Desktop\Coopera.exe	Code function: 0_2_008C4147 SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_008C4147

Source: C:\Users\user\Desktop\Coopera.exe	Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,_free,_free,	0_2_008D82CF
Source: C:\Users\user\Desktop\Coopera.exe	Code function: GetLocaleInfoW,	0_2_008C76A4
Source: C:\Users\user\Desktop\Coopera.exe	Code function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,__invoke_watson,_LcidFromHexString,GetLocaleInfoW,	0_2_008D96E2
Source: C:\Users\user\Desktop\Coopera.exe	Code function: EnumSystemLocalesW,	0_2_008C761E
Source: C:\Users\user\Desktop\Coopera.exe	Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson,	0_2_008C78AB
Source: C:\Users\user\Desktop\Coopera.exe	Code function: _LcidFromHexString,GetLocaleInfoW,	0_2_008D98A6
Source: C:\Users\user\Desktop\Coopera.exe	Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,	0_2_008D88D1
Source: C:\Users\user\Desktop\Coopera.exe	Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeA,_memmove,_memmove,_memmove,_free,_free,_free,_free,_free,_free,_free,_free,_free,	0_2_008C183C
Source: C:\Users\user\Desktop\Coopera.exe	Code function: _GetPrimaryLen,EnumSystemLocalesW,	0_2_008D9996
Source: C:\Users\user\Desktop\Coopera.exe	Code function: EnumSystemLocalesW,	0_2_008D9956
Source: C:\Users\user\Desktop\Coopera.exe	Code function: _LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,_TestDefaultLanguage,	0_2_008D9A96
Source: C:\Users\user\Desktop\Coopera.exe	Code function: _GetPrimaryLen,EnumSystemLocalesW,	0_2_008D9A13
Source: C:\Users\user\Desktop\Coopera.exe	Code function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage,	0_2_008D9C8B
Source: C:\Users\user\Desktop\Coopera.exe	Code function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_008D9DB5
Source: C:\Users\user\Desktop\Coopera.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	0_2_008CFD49
Source: C:\Users\user\Desktop\Coopera.exe	Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,_free,_free,	0_2_008D7EC7
Source: C:\Users\user\Desktop\Coopera.exe	Code function: GetLocaleInfoW,_GetPrimaryLen,	0_2_008D9E62
Source: C:\Users\user\Desktop\Coopera.exe	Code function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s,	0_2_008D9F38

Source: C:\Users\user\Desktop\Coopera.exe

Code function: 0_2_008CA742 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_008CA742

Source: C:\Users\user\Desktop\Coopera.exe

Code function: 0_2_008CF822 ____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,

0_2_008CF822

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	DLL Side-Loading1	Access Token Manipulation1	Access Token Manipulation1	OS Credential Dumping	System Time Discovery2	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	DLL Side-Loading1	Software Packing1	LSASS Memory	Security Software Discovery3	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Deobfuscate/Decode Files or Information1	Security Account Manager	System Information Discovery12	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	DLL Side-Loading1	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Obfuscated Files or Information3	LSA Secrets	Remote System Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Link
Coopera.exe	0%	Virustotal	Browse
Coopera.exe	3%	Metadefender	Browse
Coopera.exe	3%	ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:	31.0.0 Red Diamond
Analysis ID:	338151
Start date:	11.01.2021
Start time:	18:11:01
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 43s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	Coopera.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	26
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean6.winEXE@1/0@0/0
EGA Information:	Failed
HDC Information:	Successful, ratio: 37.3% (good quality ratio 35.9%) Quality average: 75.5% Quality standard deviation: 25.8%
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 114
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe, wuapihost.exe Execution Graph export aborted for target Coopera.exe, PID 5276 because there are no executed function

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.6327217713226005
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Coopera.exe
File size:	444256
MD5:	e6ed395de0f1e8a1ce346506452609f1
SHA1:	0029721036587ca7aa3657749e63e94e47ed76d4
SHA256:	78789f0a216d91b67b3dc6a2d0c3da7219f6eb30968c3761437367a143ab0a81
SHA512:	7d538882873d34e6ed04abf189dbfb17047a6868e2ad39c9fb580f27795a1964c0bf0e13f383f388d8bcd79667554e571a0787085294bc46e820638af8297360
SSDEEP:	6144:URRuqQDnkNX+DDhjOGxOfat7tfpkmwloEaAR7hXEJGskMEwBi5EZWHo:U2LkNOncGxOSptfEloErBS03wleo
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....s...s...s.......s.....@.s.......s..)....s...r...s...r.s.s..H....s.......s..H....s.Rich..s.........................PE..L..

File Icon


Icon Hash:	00828e8e8686b000

Static PE Info

General
Entrypoint:	0x430447
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE
DLL Characteristics:	TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x5DBB4157 [Thu Oct 31 20:17:27 2019 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	a2f71f2284892c973494e91fbe1a6543

Authenticode Signature

Signature Valid:	true
Signature Issuer:	CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	9/14/2017 5:00:00 PM 11/15/2019 4:00:00 AM
Subject Chain	CN=Gas Informatica Ltda, O=Gas Informatica Ltda, L=BrasÃlia, C=BR
Version:	3
Thumbprint MD5:	864DE7C1DF11A46E1D194902B4FF381E
Thumbprint SHA-1:	5BF49ACAA112EEC09AED8B78AF6783C2F4877A71
Thumbprint SHA-256:	EE2F6AC114F5725761066FDC0163CF6D17E0A8645463D0BD320C7ED5C1F1016F
Serial:	024E4DBC3CE7F612E666A167EE4A1299

Entrypoint Preview

Instruction
call 00007FA8E0EE8B1Bh
jmp 00007FA8E0EDE825h
push 00000014h
push 004606C8h
call 00007FA8E0EE6278h
call 00007FA8E0EE21BDh
movzx esi, ax
push 00000002h
call 00007FA8E0EE8AAEh
pop ecx
mov eax, 00005A4Dh
cmp word ptr [00400000h], ax
je 00007FA8E0EDE826h
xor ebx, ebx
jmp 00007FA8E0EDE855h
mov eax, dword ptr [0040003Ch]
cmp dword ptr [eax+00400000h], 00004550h
jne 00007FA8E0EDE80Dh
mov ecx, 0000010Bh
cmp word ptr [eax+00400018h], cx
jne 00007FA8E0EDE7FFh
xor ebx, ebx
cmp dword ptr [eax+00400074h], 0Eh
jbe 00007FA8E0EDE82Bh
cmp dword ptr [eax+004000E8h], ebx
setne bl
mov dword ptr [ebp-1Ch], ebx
call 00007FA8E0EE826Dh
test eax, eax
jne 00007FA8E0EDE82Ah
push 0000001Ch
call 00007FA8E0EDE901h
pop ecx
call 00007FA8E0EE738Fh
test eax, eax
jne 00007FA8E0EDE82Ah
push 00000010h
call 00007FA8E0EDE8F0h
pop ecx
call 00007FA8E0EE8B27h
and dword ptr [ebp-04h], 00000000h
call 00007FA8E0EE8257h
test eax, eax
jns 00007FA8E0EDE82Ah
push 0000001Bh
call 00007FA8E0EDE8D6h
pop ecx
call dword ptr [004520CCh]
mov dword ptr [00466C48h], eax
call 00007FA8E0EE8B42h
mov dword ptr [00464CA8h], eax
call 00007FA8E0EE84E5h
test eax, eax
jns 00007FA8E0EDE82Ah

Rich Headers

Programming Language:

[C++] VS2013 UPD5 build 40629
[ C ] VS2013 build 21005
[IMP] VS2015 UPD3.1 build 24215
[LNK] VS2013 UPD5 build 40629
[C++] VS2013 build 21005
[ASM] VS2013 build 21005
[RES] VS2013 build 21005

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x60ddc	0x64	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x6d000	0x4c2	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x68c00	0x3b60
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x68000	0x4050	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x52230	0x38	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x5b068	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x52000	0x1c8	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x50bce	0x50c00	False	0.495186726006	data	6.63716411727	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x52000	0xf87c	0xfa00	False	0.3491875	data	4.79187748188	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x62000	0x4c4c	0x2a00	False	0.252232142857	data	4.47952514089	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.dbld0	0x67000	0xe70	0x1000	False	0.793701171875	data	7.10695931514	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.reloc	0x68000	0x4050	0x4200	False	0.723011363636	data	6.57580097283	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x6d000	0x4c2	0x600	False	0.356770833333	data	3.58182395838	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_VERSION	0x6d0a0	0x2c8	data	Portuguese	Brazil
RT_MANIFEST	0x6d368	0x15a	ASCII text, with CRLF line terminators	English	United States

Imports

DLL	Import
nss3.dll	PK11_ImportCert, PK11_GetInternalKeySlot, PK11_FreeSlot, CERT_DecodeTrustString, CERT_ChangeCertTrust, CERT_DecodeCertFromPackage, CERT_GetDefaultCertDB, CERT_DestroyCertificate, PR_GetOpenFileInfo, PR_Read, PR_Close, PR_Open, SECITEM_FreeItem_Util, SECITEM_AllocItem_Util, ATOB_ConvertAsciiToItem_Util, NSS_Shutdown, NSS_Initialize, PORT_Free_Util, PORT_ZAlloc_Util
CRYPT32.dll	CryptBinaryToStringA, CertFreeCertificateContext, CertFindCertificateInStore, CertCloseStore, CertOpenStore
KERNEL32.dll	IsValidCodePage, SetFilePointerEx, GetACP, LoadLibraryExW, GetOEMCP, HeapReAlloc, GetTimeZoneInformation, ReadFile, CreateFileA, CloseHandle, OutputDebugStringW, SetStdHandle, WriteConsoleW, ReadConsoleW, CreateFileW, SetEndOfFile, SetEnvironmentVariableA, FlushFileBuffers, GetConsoleMode, SetLastError, ExpandEnvironmentStringsA, GetFileAttributesA, GetLastError, GetCurrentProcess, AreFileApisANSI, MultiByteToWideChar, WideCharToMultiByte, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, EncodePointer, DecodePointer, GetStringTypeW, RaiseException, RtlUnwind, GetCommandLineA, HeapFree, GetCPInfo, HeapAlloc, UnhandledExceptionFilter, SetUnhandledExceptionFilter, FreeEnvironmentStringsW, InitializeCriticalSectionAndSpinCount, Sleep, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetModuleHandleW, GetProcAddress, IsProcessorFeaturePresent, GetDateFormatW, GetTimeFormatW, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, ExitProcess, GetModuleHandleExW, HeapSize, IsDebuggerPresent, GetCurrentThreadId, GetProcessHeap, GetStdHandle, GetFileType, GetModuleFileNameA, WriteFile, GetModuleFileNameW, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, GetEnvironmentStringsW, GetConsoleCP
ADVAPI32.dll	LookupPrivilegeValueW, AdjustTokenPrivileges, OpenProcessToken, RegUnLoadKeyA, RegOpenKeyExA, RegLoadKeyA, RegEnumKeyA, RegCloseKey, RegQueryValueExA

Version Infos

Description	Data
LegalCopyright	Copyright 2019 - Diebold Nixdorf
FileVersion	1.2.1.27501
CompanyName	Diebold Nixdorf
ProductName	Diebold Nixdorf - Protection
ProductVersion	1.2.1.27501
FileDescription	Diebold Nixdorf - Protection Module
Translation	0x0416 0x04b0

Possible Origin

Language of compilation system	Country where language is spoken	Map
Portuguese	Brazil
English	United States

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

System Behavior

Analysis Process: Coopera.exe PID: 5276 Parent PID: 5704

General

Start time:	18:11:49
Start date:	11/01/2021
Path:	C:\Users\user\Desktop\Coopera.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\Coopera.exe'
Imagebase:	0x890000
File size:	444256 bytes
MD5 hash:	E6ED395DE0F1E8A1CE346506452609F1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: Coopera.exe PID: 5276 Parent PID: 5704 Coopera.exeCOMMON

Executed Functions

Non-executed Functions

Function 008CF822, Relevance: 16.8, APIs: 11, Instructions: 250
timeCOMMON

Download Yara Rule

C-Code - Quality: 96%

			E008CF822(int __ebx, void* __edx, void* __esi, void* __eflags) {
				int _t53;
				long _t54;
				void* _t60;
				void* _t62;
				int _t65;
				void* _t68;
				void* _t70;
				int _t73;
				int _t78;
				int _t85;
				void* _t91;
				int _t97;
				int _t100;
				int _t104;
				signed int _t107;
				signed int _t109;
				int _t115;
				int _t125;
				char** _t132;
				void* _t135;
				void* _t136;

				_t124 = __edx;
				_t104 = __ebx;
				if(E008CFB24(_t135 - 0x24) != 0) {
					L11:
					_push(_t104);
					_push(_t104);
					_push(_t104);
					_push(_t104);
					_push(_t104);
					E008CAA9F(_t104, _t124);
					L12:
					_t53 =  *0x8f5a10;
					__eflags = _t53;
					if(_t53 != 0) {
						E008C05C8(_t53);
						 *0x8f5a10 = _t104;
					}
					_t54 = GetTimeZoneInformation(0x8f5a20);
					__eflags = _t54 - 0xffffffff;
					if(_t54 == 0xffffffff) {
						L29:
						 *(_t135 - 0x2c) = 1;
						L30:
						 *(L008CFB18()) =  *(_t135 - 0x1c);
						 *(E008CFB0C()) =  *(_t135 - 0x24);
						 *(E008CFB12()) =  *(_t135 - 0x28);
						 *((intOrPtr*)(_t135 - 4)) = 0xfffffffe;
						_t58 = E008CFA6A();
						if( *(_t135 - 0x2c) != 0) {
							L56:
							return E008C7EF5(_t58);
						}
						_t132 =  *(_t135 - 0x20);
						_t60 = E008CFBC1( *_t132, 0x40, _t125, 3);
						_t136 = _t136 + 0x10;
						if(_t60 != 0) {
							goto L11;
						}
						_t125 = _t125 + 3;
						if( *_t125 == 0x2d) {
							 *(_t135 - 0x34) = 1;
							_t125 = _t125 + 1;
						}
						_t109 = E008DB125(_t125) * 0xe10;
						 *(_t135 - 0x1c) = _t109;
						while(1) {
							_t62 =  *_t125;
							if(_t62 != 0x2b && (_t62 < 0x30 || _t62 > 0x39)) {
								break;
							}
							_t125 = _t125 + 1;
						}
						__eflags =  *_t125 - 0x3a;
						if( *_t125 != 0x3a) {
							L49:
							__eflags =  *(_t135 - 0x34);
							if( *(_t135 - 0x34) != 0) {
								 *(_t135 - 0x1c) =  ~_t109;
							}
							__eflags =  *_t125;
							if( *_t125 == 0) {
								 *(_t135 - 0x24) = _t104;
								 *(_t132[1]) = _t104;
								goto L55;
							} else {
								 *(_t135 - 0x24) = 1;
								_t65 = E008CFBC1(_t132[1], 0x40, _t125, 3);
								_t136 = _t136 + 0x10;
								__eflags = _t65;
								if(_t65 == 0) {
									L55:
									 *(L008CFB18()) =  *(_t135 - 0x1c);
									 *(E008CFB0C()) =  *(_t135 - 0x24);
									goto L56;
								}
								goto L11;
							}
						}
						_t125 = _t125 + 1;
						_t109 =  *(_t135 - 0x1c) + E008DB125(_t125) * 0x3c;
						 *(_t135 - 0x1c) = _t109;
						while(1) {
							_t68 =  *_t125;
							__eflags = _t68 - 0x30;
							if(_t68 < 0x30) {
								break;
							}
							__eflags = _t68 - 0x39;
							if(_t68 > 0x39) {
								break;
							}
							_t125 = _t125 + 1;
							__eflags = _t125;
						}
						__eflags =  *_t125 - 0x3a;
						if( *_t125 != 0x3a) {
							goto L49;
						}
						_t125 = _t125 + 1;
						_t109 =  *(_t135 - 0x1c) + E008DB125(_t125);
						 *(_t135 - 0x1c) = _t109;
						while(1) {
							_t70 =  *_t125;
							__eflags = _t70 - 0x30;
							if(_t70 < 0x30) {
								goto L49;
							}
							__eflags = _t70 - 0x39;
							if(_t70 > 0x39) {
								goto L49;
							}
							_t125 = _t125 + 1;
							__eflags = _t125;
						}
						goto L49;
					} else {
						 *0x8f5a18 = 1;
						_t107 = 0x8f5a20->Bias * 0x3c;
						 *(_t135 - 0x1c) = _t107;
						__eflags =  *0x8f5a66;
						if( *0x8f5a66 != 0) {
							_t115 = _t107 +  *0x8f5a74 * 0x3c;
							__eflags = _t115;
							 *(_t135 - 0x1c) = _t115;
						}
						__eflags =  *0x8f5aba;
						if( *0x8f5aba == 0) {
							L20:
							 *(_t135 - 0x24) = _t104;
							 *(_t135 - 0x28) = _t104;
							goto L21;
						} else {
							_t85 =  *0x8f5ac8;
							__eflags = _t85;
							if(_t85 == 0) {
								goto L20;
							}
							 *(_t135 - 0x24) = 1;
							 *(_t135 - 0x28) = (_t85 -  *0x8f5a74) * 0x3c;
							L21:
							_t73 = WideCharToMultiByte( *(_t135 - 0x38), _t104, 0x8f5a24, 0xffffffff,  *( *(_t135 - 0x20)), 0x3f, _t104, _t135 - 0x30);
							__eflags = _t73;
							if(_t73 == 0) {
								L24:
								 *( *( *(_t135 - 0x20))) = _t104;
								L25:
								_t78 = WideCharToMultiByte( *(_t135 - 0x38), _t104, 0x8f5a78, 0xffffffff, ( *(_t135 - 0x20))[1], 0x3f, _t104, _t135 - 0x30);
								__eflags = _t78;
								if(_t78 == 0) {
									L28:
									 *(( *(_t135 - 0x20))[1]) = _t104;
									goto L29;
								}
								__eflags =  *(_t135 - 0x30);
								if( *(_t135 - 0x30) != 0) {
									goto L28;
								}
								( *(_t135 - 0x20))[1][0x3f] = _t104;
								goto L29;
							}
							__eflags =  *(_t135 - 0x30);
							if( *(_t135 - 0x30) != 0) {
								goto L24;
							}
							( *( *(_t135 - 0x20)))[0x3f] = _t104;
							goto L25;
						}
					}
				}
				_t91 = E008CFB4E(_t135 - 0x28);
				_t139 = _t91;
				if(_t91 != 0) {
					goto L11;
				}
				 *(_t135 - 0x38) = E008C17A2(__ebx, __edx, __esi, _t139);
				 *0x8f5a18 = __ebx;
				 *0x8f309c =  *0x8f309c | 0xffffffff;
				 *0x8f3090 =  *0x8f3090 | 0xffffffff;
				_t125 = E008DB139(0x8e9654);
				 *(_t135 - 0x3c) = _t125;
				if(_t125 == 0 ||  *_t125 == __ebx) {
					goto L12;
				} else {
					_t94 =  *0x8f5a10;
					if( *0x8f5a10 == 0) {
						L8:
						_t97 = E008C3540(_t124, E008C1DA0(_t125) + 1);
						 *0x8f5a10 = _t97;
						if(_t97 != 0) {
							_t100 = E008CAACA( *0x8f5a10, E008C1DA0(_t125) + 1, _t125);
							_t136 = _t136 + 0xc;
							__eflags = _t100;
							if(_t100 == 0) {
								goto L30;
							}
							goto L11;
						}
						L9:
						 *(_t135 - 0x2c) = 1;
						goto L30;
					}
					if(E008C3CF0(_t125, _t94) == 0) {
						goto L9;
					}
					_t102 =  *0x8f5a10;
					if( *0x8f5a10 != 0) {
						E008C05C8(_t102);
					}
					goto L8;
				}
			}

0x008cf822
0x008cf822
0x008cf82e
0x008cf8e4
0x008cf8e4
0x008cf8e5
0x008cf8e6
0x008cf8e7
0x008cf8e8
0x008cf8e9
0x008cf8ee
0x008cf8ee
0x008cf8f3
0x008cf8f5
0x008cf8f8
0x008cf8fe
0x008cf8fe
0x008cf909
0x008cf912
0x008cf915
0x008cf9de
0x008cf9de
0x008cf9e1
0x008cf9e9
0x008cf9f3
0x008cf9fd
0x008cf9ff
0x008cfa06
0x008cfa0f
0x008cfb06
0x008cfb0b
0x008cfb0b
0x008cfa1a
0x008cfa1f
0x008cfa24
0x008cfa29
0x00000000
0x00000000
0x008cfa2f
0x008cfa35
0x008cfa37
0x008cfa3e
0x008cfa3e
0x008cfa46
0x008cfa4c
0x008cfa4f
0x008cfa4f
0x008cfa53
0x00000000
0x00000000
0x008cfa5d
0x008cfa5d
0x008cfa73
0x008cfa76
0x008cfaba
0x008cfaba
0x008cfabe
0x008cfac2
0x008cfac2
0x008cfac5
0x008cfac8
0x008cfaea
0x008cfaf0
0x00000000
0x008cfaca
0x008cfaca
0x008cfad9
0x008cfade
0x008cfae1
0x008cfae3
0x008cfaf2
0x008cfafa
0x008cfb04
0x00000000
0x008cfb04
0x00000000
0x008cfae5
0x008cfac8
0x008cfa78
0x008cfa86
0x008cfa88
0x008cfa92
0x008cfa92
0x008cfa94
0x008cfa96
0x00000000
0x00000000
0x008cfa8d
0x008cfa8f
0x00000000
0x00000000
0x008cfa91
0x008cfa91
0x008cfa91
0x008cfa98
0x008cfa9b
0x00000000
0x00000000
0x008cfa9d
0x008cfaa8
0x008cfaaa
0x008cfab4
0x008cfab4
0x008cfab6
0x008cfab8
0x00000000
0x00000000
0x008cfaaf
0x008cfab1
0x00000000
0x00000000
0x008cfab3
0x008cfab3
0x008cfab3
0x00000000
0x008cf91b
0x008cf91b
0x008cf921
0x008cf928
0x008cf92b
0x008cf933
0x008cf93c
0x008cf93c
0x008cf93e
0x008cf93e
0x008cf941
0x008cf949
0x008cf965
0x008cf965
0x008cf968
0x00000000
0x008cf94b
0x008cf94b
0x008cf950
0x008cf952
0x00000000
0x00000000
0x008cf954
0x008cf960
0x008cf96b
0x008cf982
0x008cf988
0x008cf98a
0x008cf99c
0x008cf9a1
0x008cf9a3
0x008cf9bb
0x008cf9c1
0x008cf9c3
0x008cf9d6
0x008cf9dc
0x00000000
0x008cf9dc
0x008cf9c5
0x008cf9c9
0x00000000
0x00000000
0x008cf9d1
0x00000000
0x008cf9d1
0x008cf98c
0x008cf990
0x00000000
0x00000000
0x008cf997
0x00000000
0x008cf997
0x008cf949
0x008cf915
0x008cf838
0x008cf83e
0x008cf840
0x00000000
0x00000000
0x008cf84b
0x008cf84e
0x008cf854
0x008cf85b
0x008cf86d
0x008cf86f
0x008cf874
0x00000000
0x008cf87a
0x008cf87a
0x008cf881
0x008cf8a0
0x008cf8a8
0x008cf8af
0x008cf8b6
0x008cf8d4
0x008cf8d9
0x008cf8dc
0x008cf8de
0x00000000
0x00000000
0x00000000
0x008cf8de
0x008cf8b8
0x008cf8b8
0x00000000
0x008cf8b8
0x008cf88e
0x00000000
0x00000000
0x008cf890
0x008cf897
0x008cf89a
0x008cf89f
0x00000000
0x008cf897

APIs

____lc_codepage_func.LIBCMT ref: 008CF846
__getenv_helper_nolock.LIBCMT ref: 008CF867
_free.LIBCMT ref: 008CF89A

Part of subcall function 008C05C8: HeapFree.KERNEL32(00000000,00000000,?,008C8F73,00000000,008C3658,008CDFEC,00000000,?,008C350C,?,?,00000000), ref: 008C05DC
Part of subcall function 008C05C8: GetLastError.KERNEL32(00000000,?,008C8F73,00000000,008C3658,008CDFEC,00000000,?,008C350C,?,?,00000000,?,?,?,008C906D), ref: 008C05EE

_strlen.LIBCMT ref: 008CF8A1
__malloc_crt.LIBCMT ref: 008CF8A8
_strlen.LIBCMT ref: 008CF8C6
__invoke_watson.LIBCMT ref: 008CF8E9
_free.LIBCMT ref: 008CF8F8
GetTimeZoneInformation.KERNEL32(008F5A20,00000000,00000000,00000000,00000000,00000000,008F0CF8,00000030,008CF7B9,008F0CD8,00000008,008C49C9,-00000002,00000000,00000000), ref: 008CF909
WideCharToMultiByte.KERNEL32(?,?,008F5A24,000000FF,?,0000003F,?,?), ref: 008CF982
WideCharToMultiByte.KERNEL32(?,?,008F5A78,000000FF,?,0000003F,?,?,?,008F5A24,000000FF,?,0000003F,?,?), ref: 008CF9BB

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: ByteCharMultiWide_free_strlen$ErrorFreeHeapInformationLastTimeZone____lc_codepage_func__getenv_helper_nolock__invoke_watson__malloc_crt
String ID:
API String ID: 2363014112-0
Opcode ID: 9c008f470a48ebac03aafb27c07858fa396e7d02a37c6e81514b3eeb8a0c5098
Instruction ID: 568262aa0d1d13fbe8881fa46021d0b17e756a926922025a2254d9cb401ba7c6
Opcode Fuzzy Hash: 9c008f470a48ebac03aafb27c07858fa396e7d02a37c6e81514b3eeb8a0c5098
Instruction Fuzzy Hash: A6919C709002199FEF149B68D881FADBBBAFB09714F14016EE614EB2A2D734CD41CF21

Uniqueness

Uniqueness Score: -1.00%

Function 008915E0, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 87
encryptionCOMMON

Download Yara Rule

C-Code - Quality: 46%

			E008915E0(void* __edx, void* __ebp, signed int _a4, intOrPtr _a8, signed int _a12) {
				signed int _v4;
				signed int _v24;
				intOrPtr _v32;
				int _v80;
				int _v96;
				char _v104;
				char _v112;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t19;
				signed int _t23;
				int _t28;
				char* _t29;
				void* _t36;
				void* _t42;
				signed int _t43;
				signed int _t44;
				void* _t45;
				signed int _t48;
				void* _t49;

				_t45 = __ebp;
				_t42 = __edx;
				_t19 =  *0x8f21d0; // 0x28a5f8b6
				_v4 = _t19 ^ _t48;
				_t44 = _a4;
				_t36 = 0;
				_v32 = _a8;
				_t23 = _a12 | 0x00004000;
				__imp__CertOpenStore(0xa, 0, 0, _t23, L"ROOT");
				_t43 = _t23;
				if(_t43 != 0) {
					if( *((intOrPtr*)(_t44 + 0x14)) >= 0x10) {
						_t44 =  *_t44;
					}
					__imp__CertFindCertificateInStore(_t43, 0x10001, 0, 0x70007, _t44, 0);
					_t44 = _t23;
					if(_t44 != 0) {
						_v80 = 0;
						CryptBinaryToStringA( *(_t44 + 4),  *(_t44 + 8), 0, 0,  &_v80);
						_t28 = _v96;
						_t53 = _t28;
						if(_t28 != 0) {
							_push(_t45);
							_push(_t28);
							_t29 = E008A9AFF(_t36, _t43, _t53);
							_t49 = _t48 + 4;
							_t46 = _t29;
							if(CryptBinaryToStringA( *(_t44 + 4),  *(_t44 + 8), 0, _t29,  &_v96) == 1) {
								E00891310(_v112, E00891210( &_v104, _t43, _t46));
								E00891290( &_v112);
								_t36 = 1;
							}
							L008BF883(_t46);
							_t48 = _t49 + 4;
						}
						__imp__CertFreeCertificateContext(_t44);
					}
					__imp__CertCloseStore(_t43, 0);
				}
				return E008BF888(_t36, _v24 ^ _t48, _t42, _t43, _t44);
			}

0x008915e0
0x008915e0
0x008915e3
0x008915ea
0x008915f4
0x008915f8
0x008915fb
0x00891608
0x00891614
0x0089161a
0x0089161e
0x00891628
0x0089162a
0x0089162a
0x0089163c
0x00891642
0x00891646
0x0089164c
0x0089165f
0x00891665
0x00891669
0x0089166b
0x0089166d
0x0089166e
0x0089166f
0x00891674
0x00891677
0x00891690
0x008916a1
0x008916aa
0x008916af
0x008916af
0x008916b2
0x008916b7
0x008916ba
0x008916bc
0x008916bc
0x008916c5
0x008916c5
0x008916de

APIs

CertOpenStore.CRYPT32(0000000A,00000000,00000000,?,ROOT), ref: 00891614
CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,00070007,?,00000000), ref: 0089163C
CryptBinaryToStringA.CRYPT32(?,?,00000000,00000000,?), ref: 0089165F
CryptBinaryToStringA.CRYPT32(?,?,00000000,00000000,?), ref: 00891687
CertFreeCertificateContext.CRYPT32(00000000), ref: 008916BC
CertCloseStore.CRYPT32(00000000,00000000), ref: 008916C5

Strings

ROOT, xrefs: 00891603

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: Cert$Store$BinaryCertificateCryptString$CloseContextFindFreeOpen
String ID: ROOT
API String ID: 1054535886-543233263
Opcode ID: ca8774abef348d46f44ac6225bb93262ccb2e125e11abf1c4dbebf291137c59d
Instruction ID: 9e2c95a85e46f4654cb9a2d86a03e595179a239b10ddeae0824ae5c5f0d0a9ad
Opcode Fuzzy Hash: ca8774abef348d46f44ac6225bb93262ccb2e125e11abf1c4dbebf291137c59d
Instruction Fuzzy Hash: B321B471A48301AFDA21EB64DC49F5BB7E8FB88710F044829FA45D7291D771E844CB56

Uniqueness

Uniqueness Score: -1.00%

Function 008A6AA0, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 76
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E008A6AA0() {
				int _v8;
				char _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				struct _TOKEN_PRIVILEGES _v40;
				char _v41;
				void* _v48;
				struct _LUID _v56;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t22;
				signed int _t23;
				void* _t40;
				void* _t46;
				void* _t48;
				void* _t50;
				signed int _t51;
				void* _t52;

				_push(0xffffffff);
				_push(E008E0690);
				_push( *[fs:0x0]);
				_t22 =  *0x8f21d0; // 0x28a5f8b6
				_t23 = _t22 ^ _t51;
				_v24 = _t23;
				_push(_t23);
				 *[fs:0x0] =  &_v16;
				_v20 = _t52 - 0x28;
				if( *0x8f4a0c == 0) {
					_v8 = 0;
					_v41 = 0;
					_v48 = 0;
					if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v48) != 0) {
						if(LookupPrivilegeValueW(0, L"SeRestorePrivilege",  &_v56) != 0) {
							_v40.Privileges = _v56.LowPart;
							_v32 = _v56.HighPart;
							_v40.PrivilegeCount = 1;
							_v28 = 2;
							AdjustTokenPrivileges(_v48, 0,  &_v40, 0x10, 0, 0);
							if(GetLastError() == 0) {
								_v41 = 1;
								 *0x8f4a0c = 1;
							}
						}
						CloseHandle(_v48);
					}
				}
				 *[fs:0x0] = _v16;
				_pop(_t48);
				_pop(_t50);
				_pop(_t40);
				return E008BF888(_t40, _v24 ^ _t51, _t46, _t48, _t50);
			}

0x008a6aa3
0x008a6aa5
0x008a6ab0
0x008a6ab4
0x008a6ab9
0x008a6abb
0x008a6ac1
0x008a6ac5
0x008a6acb
0x008a6ad5
0x008a6ae0
0x008a6ae7
0x008a6aea
0x008a6b06
0x008a6b1b
0x008a6b24
0x008a6b2c
0x008a6b38
0x008a6b3f
0x008a6b46
0x008a6b54
0x008a6b58
0x008a6b5b
0x008a6b5b
0x008a6b54
0x008a6b64
0x008a6b64
0x008a6b75
0x008a6b7a
0x008a6b82
0x008a6b83
0x008a6b84
0x008a6b92

APIs

GetCurrentProcess.KERNEL32(28A5F8B6,?,0089C28A), ref: 008A6AF1
OpenProcessToken.ADVAPI32(00000000,00000028,00000000), ref: 008A6AFE
LookupPrivilegeValueW.ADVAPI32(00000000,SeRestorePrivilege,?), ref: 008A6B13
AdjustTokenPrivileges.ADVAPI32(00000000,00000000,0089C28A,00000010,00000000,00000000), ref: 008A6B46
GetLastError.KERNEL32 ref: 008A6B4C
CloseHandle.KERNEL32(00000000), ref: 008A6B64

Strings

SeRestorePrivilege, xrefs: 008A6B0C

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: ProcessToken$AdjustCloseCurrentErrorHandleLastLookupOpenPrivilegePrivilegesValue
String ID: SeRestorePrivilege
API String ID: 3398352648-1684392131
Opcode ID: 4f419abd25f44a8b9c5a96446705398355978d0aa40d2d9f9f423022067c737c
Instruction ID: c04712484a96477a3031fcf50e5c43d42e0a47c0d942cfa29d6b293d118645b8
Opcode Fuzzy Hash: 4f419abd25f44a8b9c5a96446705398355978d0aa40d2d9f9f423022067c737c
Instruction Fuzzy Hash: CE219F71A41248AFEB00CFA5DC49FEEBBB8FB09710F04401AE511E76D0DB755904CB64

Uniqueness

Uniqueness Score: -1.00%

Function 008D9DB5, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E008D9DB5(short _a4, intOrPtr _a8) {
				short _t13;
				short _t28;

				_t28 = _a4;
				if(_t28 != 0 &&  *_t28 != 0 && E008D90C4(_t28, ?str?) != 0) {
					if(E008D90C4(_t28, ?str?) != 0) {
						return E008DD601(_t28);
					}
					if(GetLocaleInfoW( *(_a8 + 8), 0x2000000b,  &_a4, 2) == 0) {
						L9:
						return 0;
					}
					return _a4;
				}
				if(GetLocaleInfoW( *(_a8 + 8), 0x20001004,  &_a4, 2) == 0) {
					goto L9;
				}
				_t13 = _a4;
				if(_t13 == 0) {
					return GetACP();
				}
				return _t13;
			}

0x008d9db9
0x008d9dbe
0x008d9de6
0x00000000
0x008d9e0f
0x008d9e01
0x008d9e2d
0x00000000
0x008d9e2d
0x00000000
0x008d9e03
0x008d9e2b
0x00000000
0x00000000
0x008d9e31
0x008d9e36
0x008d9e3a
0x008d9e3a
0x008d9e08

APIs

_wcscmp.LIBCMT ref: 008D9DCC
_wcscmp.LIBCMT ref: 008D9DDD
GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,?,?,008DA07D,?,00000000), ref: 008D9DF9
GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,?,?,008DA07D,?,00000000), ref: 008D9E23

Strings

ACP, xrefs: 008D9DC6
OCP, xrefs: 008D9DD7

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: InfoLocale_wcscmp
String ID: ACP$OCP
API String ID: 1351282208-711371036
Opcode ID: 688b241fd30e848cb47033fec932d795350ceef7be2623a171dedfd6a49f9ce1
Instruction ID: be674ee0b86ce8ed8f986ec4944c15b0f59b35e9698c9436e7df82099b62b6b1
Opcode Fuzzy Hash: 688b241fd30e848cb47033fec932d795350ceef7be2623a171dedfd6a49f9ce1
Instruction Fuzzy Hash: 2F018C32200609AADB21DE19EC41F9A3798FB05760B048216FA88DA291E7A0EA8097D0

Uniqueness

Uniqueness Score: -1.00%

Function 008C4147, Relevance: 3.0, APIs: 2, Instructions: 8
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E008C4147(struct _EXCEPTION_POINTERS* _a4) {

				SetUnhandledExceptionFilter(0);
				return UnhandledExceptionFilter(_a4);
			}

0x008c414c
0x008c415c

APIs

SetUnhandledExceptionFilter.KERNEL32(00000000,?,008CAA30,?,?,?,00000000), ref: 008C414C
UnhandledExceptionFilter.KERNEL32(?,?,?,00000000), ref: 008C4155

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 9261623563ca0374579ec10dc47f409c7138a4756dce78c72da711b761853368
Instruction ID: 7fd45adfd04bd7eb52017bf8011797cd89f2b8c14689564893adbc26feff0aa6
Opcode Fuzzy Hash: 9261623563ca0374579ec10dc47f409c7138a4756dce78c72da711b761853368
Instruction Fuzzy Hash: 66B09231044688EBCB402B91EC49B587F2DFB04692F008010F60E480A1CBB25690CAA1

Uniqueness

Uniqueness Score: -1.00%

Function 00891770, Relevance: 2.7, Strings: 2, Instructions: 160
COMMONCrypto

Download Yara Rule

C-Code - Quality: 31%

			E00891770(void* __ebx, signed int __edi, void* __esi, intOrPtr* _a4) {
				signed int _v4;
				char _v12;
				signed int _v16;
				signed char _v17;
				signed char _v25;
				intOrPtr* _v36;
				signed int _v44;
				char _v52;
				signed int _v56;
				signed char _v57;
				signed char _v65;
				intOrPtr* _v76;
				signed int _v84;
				char _v92;
				signed int _v96;
				signed char _v97;
				signed char _v105;
				intOrPtr* _v116;
				signed int _v124;
				char _v132;
				signed int _v136;
				signed char _v137;
				signed char _v145;
				intOrPtr* _v156;
				signed int _v164;
				char _v172;
				signed int _v176;
				signed char _v177;
				signed char _v185;
				char _v188;
				intOrPtr _v192;
				intOrPtr _v196;
				signed int _v208;
				char _v212;
				signed int _t139;
				signed int _t142;
				signed int _t147;
				signed int _t150;
				signed int _t155;
				signed int _t158;
				signed int _t163;
				signed int _t166;
				signed int _t171;
				signed int _t174;
				signed int _t180;
				signed int _t181;
				intOrPtr _t186;
				intOrPtr* _t187;
				intOrPtr* _t188;
				intOrPtr _t202;
				intOrPtr* _t203;
				intOrPtr* _t204;
				intOrPtr _t218;
				intOrPtr* _t219;
				intOrPtr* _t220;
				intOrPtr _t242;
				intOrPtr* _t243;
				intOrPtr* _t244;
				intOrPtr _t266;
				intOrPtr* _t267;
				intOrPtr* _t268;
				signed char _t278;
				signed char _t279;
				signed char _t280;
				signed int* _t295;
				signed int* _t296;
				signed int* _t297;
				signed int* _t298;
				signed int* _t299;
				void* _t302;
				signed char _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t322;
				signed char _t327;
				signed char _t328;
				signed int _t329;
				signed char _t334;
				signed int _t335;
				signed int _t336;
				signed char _t341;
				signed int _t342;
				signed int _t343;
				signed char _t348;
				signed int _t349;
				signed int _t350;
				signed char _t355;
				signed char _t356;
				signed char _t357;
				signed char _t359;
				signed char _t361;
				signed char _t363;
				signed char _t365;
				signed char _t367;
				signed int _t380;
				signed int _t381;
				intOrPtr* _t389;
				intOrPtr* _t390;
				intOrPtr* _t391;
				intOrPtr* _t392;
				intOrPtr* _t393;
				signed int _t394;
				signed int _t396;
				void* _t403;
				signed int _t404;
				signed int _t405;
				signed int _t406;
				signed int _t407;

				_t380 = __edi;
				_push(0xffffffff);
				_push(E008DEAD9);
				_push( *[fs:0x0]);
				_t404 = _t403 - 8;
				_push(__edi);
				_t139 =  *0x8f21d0; // 0x28a5f8b6
				_push(_t139 ^ _t404);
				 *[fs:0x0] =  &_v12;
				_v16 = 0;
				_t311 =  *0x8f4970; // 0x0
				if((_t311 & 0x00000001) != 0) {
					_t359 =  *0x8f496c; // 0x0
				} else {
					_t311 = _t311 | 0x00000001;
					 *0x8f4970 = _t311;
					_t359 = "Thu Oct 31 17:14:23 2019" + ("Thu Oct 31 17:14:23 2019" << 2);
					 *0x8f496c = _t359;
				}
				if((_t311 & 0x00000002) == 0) {
					 *0x8f4970 = _t311 | 0x00000002;
					_t355 =  *((intOrPtr*)((_t359 & 0x000000ff) + 0x8e2268));
					 *0x8f4974 = _t355 ^ 0x36;
					_t278 = _t355;
					 *0x8f4975 = _t278;
					_t279 = _t278 ^ 0x00000077;
					 *0x8f4978 = _t279;
					 *0x8f4979 = _t279;
					_t356 = _t355;
					_t280 = _t356;
					 *0x8f4981 = _t280;
					 *0x8f497b = _t280 ^ 0x00000050;
					_t359 = _t355 ^ 0x00000072;
					 *0x8f4976 = _t359;
					 *0x8f497d = _t359;
					 *0x8f497c = _t356 ^ 0x00000065;
					_t357 = _t356 ^ 0x00000073;
					 *0x8f4977 = _t357;
					 *0x8f497e = _t357;
					 *0x8f497f = _t357 ^ 0x0000006f;
					_t310 = _t356 ^ 0x00000020;
					 *0x8f497a = _t310;
					 *0x8f4983 = _t310;
					 *0x8f4980 = _t357 ^ 0x0000006e;
					 *0x8f4982 = _t357 ^ 0x0000006c;
					 *0x8f4984 = _t357 ^ 0x00000043;
					 *0x8f4985 = _t357 ^ 0x00000041;
				}
				_t389 = _a4;
				 *((intOrPtr*)(_t389 + 0x14)) = 0xf;
				 *(_t389 + 0x10) = 0;
				 *_t389 = 0;
				_v4 = 0;
				_t295 = 0x8f4974;
				_v16 = 1;
				while(1) {
					_t312 =  *(_t389 + 0x10);
					_t142 = _t359 & 0x000000ff;
					_t359 =  *(_t142 + 0x8e2268) ^  *_t295;
					_v17 = _t359;
					if((_t142 | 0xffffffff) - _t312 <= 1) {
						break;
					}
					_t16 = _t312 + 1; // 0x1
					_t380 = _t16;
					if(_t380 > 0xfffffffe) {
						break;
					} else {
						_t266 =  *((intOrPtr*)(_t389 + 0x14));
						if(_t266 >= _t380) {
							__eflags = _t380;
							if(__eflags != 0) {
								goto L10;
							} else {
								 *(_t389 + 0x10) = _t380;
								__eflags = _t266 - 0x10;
								if(__eflags < 0) {
									 *_t389 = 0;
								} else {
									 *((char*)( *_t389)) = 0;
								}
							}
						} else {
							E00892150(_t389, _t380, _t312);
							_t359 = _v25;
							if(_t380 != 0) {
								L10:
								_t350 =  *(_t389 + 0x10);
								if( *((intOrPtr*)(_t389 + 0x14)) < 0x10) {
									_t267 = _t389;
								} else {
									_t267 =  *_t389;
								}
								 *(_t267 + _t350) = _t359;
								 *(_t389 + 0x10) = _t380;
								if( *((intOrPtr*)(_t389 + 0x14)) < 0x10) {
									_t268 = _t389;
								} else {
									_t268 =  *_t389;
								}
								 *((char*)(_t268 + _t380)) = 0;
							}
						}
						_t295 =  &(_t295[0]);
						if(_t295 != 0x8f4986) {
							continue;
						} else {
							 *[fs:0x0] = _v12;
							return _t389;
						}
					}
					L134:
				}
				_push("string too long");
				E008A9BFA(__eflags);
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_push(0xffffffff);
				_push(E008DEAD9);
				_push( *[fs:0x0]);
				_t405 = _t404 - 8;
				_push(_t295);
				_push(_t389);
				_push(_t380);
				_t147 =  *0x8f21d0; // 0x28a5f8b6
				_push(_t147 ^ _t405);
				 *[fs:0x0] =  &_v52;
				_v56 = 0;
				_t313 =  *0x8f4994; // 0x0
				__eflags = _t313 & 0x00000001;
				if((_t313 & 0x00000001) != 0) {
					_t361 =  *0x8f4990; // 0x0
				} else {
					_t313 = _t313 | 0x00000001;
					 *0x8f4994 = _t313;
					_t361 = "Thu Oct 31 17:14:23 2019" + ("Thu Oct 31 17:14:23 2019" << 2);
					 *0x8f4990 = _t361;
				}
				__eflags = _t313 & 0x00000002;
				if((_t313 & 0x00000002) == 0) {
					 *0x8f4994 = _t313 | 0x00000002;
					_t348 =  *((intOrPtr*)((_t361 & 0x000000ff) + 0x8e2268));
					 *0x8f4998 = _t348 ^ 0x00000063;
					 *0x8f4999 = _t348 ^ 0x00000065;
					 *0x8f499a = _t348 ^ 0x00000072;
					 *0x8f499b = _t348 ^ 0x00000074;
					 *0x8f499c = _t348 ^ 0x00000038;
					 *0x8f499d = _t348 ^ 0x0000002e;
					_t349 = _t348 ^ 0x00000062;
					__eflags = _t349;
					 *0x8f499e = _t348 ^ 0x00000064;
					 *0x8f499f = _t349;
				}
				_t390 = _v36;
				 *((intOrPtr*)(_t390 + 0x14)) = 0xf;
				 *(_t390 + 0x10) = 0;
				 *_t390 = 0;
				_v44 = 0;
				_t296 = 0x8f4998;
				_v56 = 1;
				while(1) {
					_t314 =  *(_t390 + 0x10);
					_t150 = _t361 & 0x000000ff;
					_t361 =  *(_t150 + 0x8e2268) ^  *_t296;
					_v57 = _t361;
					__eflags = (_t150 | 0xffffffff) - _t314 - 1;
					if(__eflags <= 0) {
						break;
					}
					_t42 = _t314 + 1; // 0x1
					_t380 = _t42;
					__eflags = _t380 - 0xfffffffe;
					if(__eflags > 0) {
						break;
					} else {
						_t242 =  *((intOrPtr*)(_t390 + 0x14));
						__eflags = _t242 - _t380;
						if(_t242 >= _t380) {
							__eflags = _t380;
							if(_t380 != 0) {
								goto L34;
							} else {
								 *(_t390 + 0x10) = _t380;
								__eflags = _t242 - 0x10;
								if(_t242 < 0x10) {
									 *_t390 = 0;
								} else {
									 *((char*)( *_t390)) = 0;
								}
							}
						} else {
							E00892150(_t390, _t380, _t314);
							_t361 = _v65;
							__eflags = _t380;
							if(_t380 != 0) {
								L34:
								__eflags =  *((intOrPtr*)(_t390 + 0x14)) - 0x10;
								_t343 =  *(_t390 + 0x10);
								if( *((intOrPtr*)(_t390 + 0x14)) < 0x10) {
									_t243 = _t390;
								} else {
									_t243 =  *_t390;
								}
								 *(_t243 + _t343) = _t361;
								__eflags =  *((intOrPtr*)(_t390 + 0x14)) - 0x10;
								 *(_t390 + 0x10) = _t380;
								if( *((intOrPtr*)(_t390 + 0x14)) < 0x10) {
									_t244 = _t390;
								} else {
									_t244 =  *_t390;
								}
								 *((char*)(_t244 + _t380)) = 0;
							}
						}
						_t296 =  &(_t296[0]);
						__eflags = _t296 - 0x8f49a0;
						if(_t296 != 0x8f49a0) {
							continue;
						} else {
							 *[fs:0x0] = _v52;
							return _t390;
						}
					}
					goto L134;
				}
				_push("string too long");
				E008A9BFA(__eflags);
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_push(0xffffffff);
				_push(E008DEAD9);
				_push( *[fs:0x0]);
				_t406 = _t405 - 8;
				_push(_t296);
				_push(_t390);
				_push(_t380);
				_t155 =  *0x8f21d0; // 0x28a5f8b6
				_push(_t155 ^ _t406);
				 *[fs:0x0] =  &_v92;
				_v96 = 0;
				_t315 =  *0x8f49b0; // 0x0
				__eflags = _t315 & 0x00000001;
				if((_t315 & 0x00000001) != 0) {
					_t363 =  *0x8f49ac; // 0x0
				} else {
					_t315 = _t315 | 0x00000001;
					 *0x8f49b0 = _t315;
					_t363 = "Thu Oct 31 17:14:23 2019" + ("Thu Oct 31 17:14:23 2019" << 2);
					 *0x8f49ac = _t363;
				}
				__eflags = _t315 & 0x00000002;
				if((_t315 & 0x00000002) == 0) {
					 *0x8f49b0 = _t315 | 0x00000002;
					_t341 =  *((intOrPtr*)((_t363 & 0x000000ff) + 0x8e2268));
					 *0x8f49b4 = _t341 ^ 0x00000063;
					 *0x8f49b5 = _t341 ^ 0x00000065;
					 *0x8f49b6 = _t341 ^ 0x00000072;
					 *0x8f49b7 = _t341 ^ 0x00000074;
					 *0x8f49b8 = _t341 ^ 0x00000039;
					 *0x8f49b9 = _t341 ^ 0x0000002e;
					_t342 = _t341 ^ 0x00000062;
					__eflags = _t342;
					 *0x8f49ba = _t341 ^ 0x00000064;
					 *0x8f49bb = _t342;
				}
				_t391 = _v76;
				 *((intOrPtr*)(_t391 + 0x14)) = 0xf;
				 *(_t391 + 0x10) = 0;
				 *_t391 = 0;
				_v84 = 0;
				_t297 = 0x8f49b4;
				_v96 = 1;
				while(1) {
					_t316 =  *(_t391 + 0x10);
					_t158 = _t363 & 0x000000ff;
					_t363 =  *(_t158 + 0x8e2268) ^  *_t297;
					_v97 = _t363;
					__eflags = (_t158 | 0xffffffff) - _t316 - 1;
					if(__eflags <= 0) {
						break;
					}
					_t68 = _t316 + 1; // 0x1
					_t380 = _t68;
					__eflags = _t380 - 0xfffffffe;
					if(__eflags > 0) {
						break;
					} else {
						_t218 =  *((intOrPtr*)(_t391 + 0x14));
						__eflags = _t218 - _t380;
						if(_t218 >= _t380) {
							__eflags = _t380;
							if(_t380 != 0) {
								goto L58;
							} else {
								 *(_t391 + 0x10) = _t380;
								__eflags = _t218 - 0x10;
								if(_t218 < 0x10) {
									 *_t391 = 0;
								} else {
									 *((char*)( *_t391)) = 0;
								}
							}
						} else {
							E00892150(_t391, _t380, _t316);
							_t363 = _v105;
							__eflags = _t380;
							if(_t380 != 0) {
								L58:
								__eflags =  *((intOrPtr*)(_t391 + 0x14)) - 0x10;
								_t336 =  *(_t391 + 0x10);
								if( *((intOrPtr*)(_t391 + 0x14)) < 0x10) {
									_t219 = _t391;
								} else {
									_t219 =  *_t391;
								}
								 *(_t219 + _t336) = _t363;
								__eflags =  *((intOrPtr*)(_t391 + 0x14)) - 0x10;
								 *(_t391 + 0x10) = _t380;
								if( *((intOrPtr*)(_t391 + 0x14)) < 0x10) {
									_t220 = _t391;
								} else {
									_t220 =  *_t391;
								}
								 *((char*)(_t220 + _t380)) = 0;
							}
						}
						_t297 =  &(_t297[0]);
						__eflags = _t297 - 0x8f49bc;
						if(_t297 != 0x8f49bc) {
							continue;
						} else {
							 *[fs:0x0] = _v92;
							return _t391;
						}
					}
					goto L134;
				}
				_push("string too long");
				E008A9BFA(__eflags);
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_push(0xffffffff);
				_push(E008DEAD9);
				_push( *[fs:0x0]);
				_t407 = _t406 - 8;
				_push(_t297);
				_push(_t391);
				_push(_t380);
				_t163 =  *0x8f21d0; // 0x28a5f8b6
				_push(_t163 ^ _t407);
				 *[fs:0x0] =  &_v132;
				_v136 = 0;
				_t317 =  *0x8f4988; // 0x0
				__eflags = _t317 & 0x00000001;
				if((_t317 & 0x00000001) != 0) {
					_t365 =  *0x8f4986; // 0x0
				} else {
					_t317 = _t317 | 0x00000001;
					 *0x8f4988 = _t317;
					_t365 = "Thu Oct 31 17:14:23 2019" + ("Thu Oct 31 17:14:23 2019" << 2);
					 *0x8f4986 = _t365;
				}
				__eflags = _t317 & 0x00000002;
				if((_t317 & 0x00000002) == 0) {
					 *0x8f4988 = _t317 | 0x00000002;
					_t334 =  *((intOrPtr*)((_t365 & 0x000000ff) + 0x8e2268));
					 *0x8f498c = _t334 ^ 0x00000064;
					 *0x8f498d = _t334 ^ 0x00000062;
					_t335 = _t334 ^ 0x0000003a;
					__eflags = _t335;
					 *0x8f498e = _t334 ^ 0x0000006d;
					 *0x8f498f = _t335;
				}
				_t392 = _v116;
				 *((intOrPtr*)(_t392 + 0x14)) = 0xf;
				 *(_t392 + 0x10) = 0;
				 *_t392 = 0;
				_v124 = 0;
				_t298 = 0x8f498c;
				_v136 = 1;
				while(1) {
					_t318 =  *(_t392 + 0x10);
					_t166 = _t365 & 0x000000ff;
					_t365 =  *(_t166 + 0x8e2268) ^  *_t298;
					_v137 = _t365;
					__eflags = (_t166 | 0xffffffff) - _t318 - 1;
					if(__eflags <= 0) {
						break;
					}
					_t94 = _t318 + 1; // 0x1
					_t380 = _t94;
					__eflags = _t380 - 0xfffffffe;
					if(__eflags > 0) {
						break;
					} else {
						_t202 =  *((intOrPtr*)(_t392 + 0x14));
						__eflags = _t202 - _t380;
						if(_t202 >= _t380) {
							__eflags = _t380;
							if(_t380 != 0) {
								goto L82;
							} else {
								 *(_t392 + 0x10) = _t380;
								__eflags = _t202 - 0x10;
								if(_t202 < 0x10) {
									 *_t392 = 0;
								} else {
									 *((char*)( *_t392)) = 0;
								}
							}
						} else {
							E00892150(_t392, _t380, _t318);
							_t365 = _v145;
							__eflags = _t380;
							if(_t380 != 0) {
								L82:
								__eflags =  *((intOrPtr*)(_t392 + 0x14)) - 0x10;
								_t329 =  *(_t392 + 0x10);
								if( *((intOrPtr*)(_t392 + 0x14)) < 0x10) {
									_t203 = _t392;
								} else {
									_t203 =  *_t392;
								}
								 *(_t203 + _t329) = _t365;
								__eflags =  *((intOrPtr*)(_t392 + 0x14)) - 0x10;
								 *(_t392 + 0x10) = _t380;
								if( *((intOrPtr*)(_t392 + 0x14)) < 0x10) {
									_t204 = _t392;
								} else {
									_t204 =  *_t392;
								}
								 *((char*)(_t204 + _t380)) = 0;
							}
						}
						_t298 =  &(_t298[0]);
						__eflags = _t298 - 0x8f4990;
						if(_t298 != 0x8f4990) {
							continue;
						} else {
							 *[fs:0x0] = _v132;
							return _t392;
						}
					}
					goto L134;
				}
				_push("string too long");
				E008A9BFA(__eflags);
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_push(0xffffffff);
				_push(E008DEAD9);
				_push( *[fs:0x0]);
				_push(_t298);
				_push(_t392);
				_push(_t380);
				_t171 =  *0x8f21d0; // 0x28a5f8b6
				_push(_t171 ^ _t407 - 0x00000008);
				 *[fs:0x0] =  &_v172;
				_v176 = 0;
				_t319 =  *0x8f49a4; // 0x0
				__eflags = _t319 & 0x00000001;
				if((_t319 & 0x00000001) != 0) {
					_t367 =  *0x8f49a0; // 0x0
				} else {
					_t319 = _t319 | 0x00000001;
					 *0x8f49a4 = _t319;
					_t367 = "Thu Oct 31 17:14:23 2019" + ("Thu Oct 31 17:14:23 2019" << 2);
					 *0x8f49a0 = _t367;
				}
				__eflags = _t319 & 0x00000002;
				if((_t319 & 0x00000002) == 0) {
					 *0x8f49a4 = _t319 | 0x00000002;
					_t327 =  *((intOrPtr*)((_t367 & 0x000000ff) + 0x8e2268));
					 *0x8f49a8 = _t327 ^ 0x00000073;
					 *0x8f49a9 = _t327 ^ 0x00000071;
					_t328 = _t327 ^ 0x0000003a;
					__eflags = _t328;
					 *0x8f49aa = _t327 ^ 0x0000006c;
					 *0x8f49ab = _t328;
				}
				_t393 = _v156;
				 *((intOrPtr*)(_t393 + 0x14)) = 0xf;
				 *(_t393 + 0x10) = 0;
				 *_t393 = 0;
				_v164 = 0;
				_t299 = 0x8f49a8;
				_v176 = 1;
				while(1) {
					_t320 =  *(_t393 + 0x10);
					_t174 = _t367 & 0x000000ff;
					_t367 =  *(_t174 + 0x8e2268) ^  *_t299;
					_v177 = _t367;
					__eflags = (_t174 | 0xffffffff) - _t320 - 1;
					if(__eflags <= 0) {
						break;
					}
					_t120 = _t320 + 1; // 0x1
					_t380 = _t120;
					__eflags = _t380 - 0xfffffffe;
					if(__eflags > 0) {
						break;
					} else {
						_t186 =  *((intOrPtr*)(_t393 + 0x14));
						__eflags = _t186 - _t380;
						if(_t186 >= _t380) {
							__eflags = _t380;
							if(_t380 != 0) {
								goto L106;
							} else {
								 *(_t393 + 0x10) = _t380;
								__eflags = _t186 - 0x10;
								if(_t186 < 0x10) {
									 *_t393 = 0;
								} else {
									 *((char*)( *_t393)) = 0;
								}
							}
						} else {
							E00892150(_t393, _t380, _t320);
							_t367 = _v185;
							__eflags = _t380;
							if(_t380 != 0) {
								L106:
								__eflags =  *((intOrPtr*)(_t393 + 0x14)) - 0x10;
								_t322 =  *(_t393 + 0x10);
								if( *((intOrPtr*)(_t393 + 0x14)) < 0x10) {
									_t187 = _t393;
								} else {
									_t187 =  *_t393;
								}
								 *(_t187 + _t322) = _t367;
								__eflags =  *((intOrPtr*)(_t393 + 0x14)) - 0x10;
								 *(_t393 + 0x10) = _t380;
								if( *((intOrPtr*)(_t393 + 0x14)) < 0x10) {
									_t188 = _t393;
								} else {
									_t188 =  *_t393;
								}
								 *((char*)(_t188 + _t380)) = 0;
							}
						}
						_t299 =  &(_t299[0]);
						__eflags = _t299 - 0x8f49ac;
						if(_t299 != 0x8f49ac) {
							continue;
						} else {
							 *[fs:0x0] = _v172;
							return _t393;
						}
					}
					goto L134;
				}
				_push("string too long");
				E008A9BFA(__eflags);
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				__eflags = _v188;
				_push(_v192);
				if(_v188 == 0) {
					_push(_v196);
					return E008916E0();
				} else {
					_push( &_v212);
					_t180 = E008916E0();
					__eflags = _t180;
					if(_t180 != 0) {
						_push(_t393);
						_t394 = _v208;
						__eflags = _t394;
						if(_t394 != 0) {
							_push(_t299);
							_push(_t380);
							_t181 = E008BF620(_t394, "-----BEGIN");
							_t381 = _t181;
							__eflags = _t381;
							if(_t381 == 0) {
								L130:
								_push(_t394);
								_push(_v196);
								L00894022();
								__eflags = _t181;
								_t302 =  !=  ? 0 : 1;
							} else {
								_t396 = E008BF4F0(_t381, 0xa);
								__eflags = _t396;
								if(_t396 != 0) {
									L128:
									_t394 = _t396 + 1;
									_t181 = E008BF620(_t394, "-----END");
									__eflags = _t181;
									if(_t181 == 0) {
										goto L132;
									} else {
										 *_t181 = 0;
										goto L130;
									}
								} else {
									_t396 = E008BF4F0(_t381, 0xd);
									__eflags = _t396;
									if(_t396 == 0) {
										L132:
										_t302 = 0;
									} else {
										goto L128;
									}
								}
							}
							_push(_v208);
							L00894010();
							return _t302;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						return _t180;
					}
				}
				goto L134;
			}

0x00891770
0x00891770
0x00891772
0x0089177d
0x0089177e
0x00891783
0x00891784
0x0089178b
0x00891790
0x00891796
0x0089179e
0x008917a7
0x008917c6
0x008917a9
0x008917ae
0x008917b3
0x008917bc
0x008917be
0x008917be
0x008917cf
0x008917db
0x008917e1
0x008917f0
0x008917f7
0x008917f9
0x008917ff
0x00891801
0x00891807
0x0089180c
0x0089180e
0x00891810
0x0089181a
0x0089181f
0x00891824
0x0089182c
0x00891832
0x00891837
0x0089183c
0x00891844
0x0089184a
0x0089184f
0x00891854
0x0089185c
0x00891862
0x0089186b
0x00891877
0x0089187c
0x0089187c
0x00891882
0x00891886
0x0089188d
0x00891894
0x00891897
0x0089189f
0x008918a4
0x008918b0
0x008918b0
0x008918b3
0x008918bf
0x008918c3
0x008918ca
0x00000000
0x00000000
0x008918d0
0x008918d0
0x008918d6
0x00000000
0x008918d8
0x008918d8
0x008918dd
0x00891903
0x00891905
0x00000000
0x00891907
0x00891907
0x0089190a
0x0089190d
0x00891918
0x0089190f
0x00891911
0x00891911
0x0089190d
0x008918df
0x008918e3
0x008918ee
0x008918f4
0x008918f6
0x008918fa
0x008918fd
0x0089191d
0x008918ff
0x008918ff
0x008918ff
0x0089191f
0x00891926
0x00891929
0x0089192f
0x0089192b
0x0089192b
0x0089192b
0x00891931
0x00891931
0x008918f4
0x00891935
0x0089193c
0x00000000
0x00891942
0x00891948
0x00891956
0x00891956
0x0089193c
0x00000000
0x008918d6
0x00891957
0x0089195c
0x00891961
0x00891962
0x00891963
0x00891964
0x00891965
0x00891966
0x00891967
0x00891968
0x00891969
0x0089196a
0x0089196b
0x0089196c
0x0089196d
0x0089196e
0x0089196f
0x00891970
0x00891972
0x0089197d
0x0089197e
0x00891981
0x00891982
0x00891983
0x00891984
0x0089198b
0x00891990
0x00891996
0x0089199e
0x008919a4
0x008919a7
0x008919c6
0x008919a9
0x008919ae
0x008919b3
0x008919bc
0x008919be
0x008919be
0x008919cc
0x008919cf
0x008919d7
0x008919dd
0x008919e7
0x008919f0
0x008919f9
0x00891a02
0x00891a0b
0x00891a14
0x00891a1d
0x00891a1d
0x00891a20
0x00891a25
0x00891a25
0x00891a2b
0x00891a2f
0x00891a36
0x00891a3d
0x00891a40
0x00891a48
0x00891a4d
0x00891a60
0x00891a60
0x00891a63
0x00891a6f
0x00891a73
0x00891a77
0x00891a7a
0x00000000
0x00000000
0x00891a80
0x00891a80
0x00891a83
0x00891a86
0x00000000
0x00891a88
0x00891a88
0x00891a8b
0x00891a8d
0x00891ab3
0x00891ab5
0x00000000
0x00891ab7
0x00891ab7
0x00891aba
0x00891abd
0x00891ac8
0x00891abf
0x00891ac1
0x00891ac1
0x00891abd
0x00891a8f
0x00891a93
0x00891a9e
0x00891aa2
0x00891aa4
0x00891aa6
0x00891aa6
0x00891aaa
0x00891aad
0x00891acd
0x00891aaf
0x00891aaf
0x00891aaf
0x00891acf
0x00891ad2
0x00891ad6
0x00891ad9
0x00891adf
0x00891adb
0x00891adb
0x00891adb
0x00891ae1
0x00891ae1
0x00891aa4
0x00891ae5
0x00891ae6
0x00891aec
0x00000000
0x00891af2
0x00891af8
0x00891b06
0x00891b06
0x00891aec
0x00000000
0x00891a86
0x00891b07
0x00891b0c
0x00891b11
0x00891b12
0x00891b13
0x00891b14
0x00891b15
0x00891b16
0x00891b17
0x00891b18
0x00891b19
0x00891b1a
0x00891b1b
0x00891b1c
0x00891b1d
0x00891b1e
0x00891b1f
0x00891b20
0x00891b22
0x00891b2d
0x00891b2e
0x00891b31
0x00891b32
0x00891b33
0x00891b34
0x00891b3b
0x00891b40
0x00891b46
0x00891b4e
0x00891b54
0x00891b57
0x00891b76
0x00891b59
0x00891b5e
0x00891b63
0x00891b6c
0x00891b6e
0x00891b6e
0x00891b7c
0x00891b7f
0x00891b87
0x00891b8d
0x00891b97
0x00891ba0
0x00891ba9
0x00891bb2
0x00891bbb
0x00891bc4
0x00891bcd
0x00891bcd
0x00891bd0
0x00891bd5
0x00891bd5
0x00891bdb
0x00891bdf
0x00891be6
0x00891bed
0x00891bf0
0x00891bf8
0x00891bfd
0x00891c10
0x00891c10
0x00891c13
0x00891c1f
0x00891c23
0x00891c27
0x00891c2a
0x00000000
0x00000000
0x00891c30
0x00891c30
0x00891c33
0x00891c36
0x00000000
0x00891c38
0x00891c38
0x00891c3b
0x00891c3d
0x00891c63
0x00891c65
0x00000000
0x00891c67
0x00891c67
0x00891c6a
0x00891c6d
0x00891c78
0x00891c6f
0x00891c71
0x00891c71
0x00891c6d
0x00891c3f
0x00891c43
0x00891c4e
0x00891c52
0x00891c54
0x00891c56
0x00891c56
0x00891c5a
0x00891c5d
0x00891c7d
0x00891c5f
0x00891c5f
0x00891c5f
0x00891c7f
0x00891c82
0x00891c86
0x00891c89
0x00891c8f
0x00891c8b
0x00891c8b
0x00891c8b
0x00891c91
0x00891c91
0x00891c54
0x00891c95
0x00891c96
0x00891c9c
0x00000000
0x00891ca2
0x00891ca8
0x00891cb6
0x00891cb6
0x00891c9c
0x00000000
0x00891c36
0x00891cb7
0x00891cbc
0x00891cc1
0x00891cc2
0x00891cc3
0x00891cc4
0x00891cc5
0x00891cc6
0x00891cc7
0x00891cc8
0x00891cc9
0x00891cca
0x00891ccb
0x00891ccc
0x00891ccd
0x00891cce
0x00891ccf
0x00891cd0
0x00891cd2
0x00891cdd
0x00891cde
0x00891ce1
0x00891ce2
0x00891ce3
0x00891ce4
0x00891ceb
0x00891cf0
0x00891cf6
0x00891cfe
0x00891d04
0x00891d07
0x00891d26
0x00891d09
0x00891d0e
0x00891d13
0x00891d1c
0x00891d1e
0x00891d1e
0x00891d2c
0x00891d2f
0x00891d37
0x00891d3d
0x00891d47
0x00891d50
0x00891d59
0x00891d59
0x00891d5c
0x00891d61
0x00891d61
0x00891d67
0x00891d6b
0x00891d72
0x00891d79
0x00891d7c
0x00891d84
0x00891d89
0x00891d91
0x00891d91
0x00891d94
0x00891da0
0x00891da4
0x00891da8
0x00891dab
0x00000000
0x00000000
0x00891db1
0x00891db1
0x00891db4
0x00891db7
0x00000000
0x00891db9
0x00891db9
0x00891dbc
0x00891dbe
0x00891de4
0x00891de6
0x00000000
0x00891de8
0x00891de8
0x00891deb
0x00891dee
0x00891df9
0x00891df0
0x00891df2
0x00891df2
0x00891dee
0x00891dc0
0x00891dc4
0x00891dcf
0x00891dd3
0x00891dd5
0x00891dd7
0x00891dd7
0x00891ddb
0x00891dde
0x00891dfe
0x00891de0
0x00891de0
0x00891de0
0x00891e00
0x00891e03
0x00891e07
0x00891e0a
0x00891e10
0x00891e0c
0x00891e0c
0x00891e0c
0x00891e12
0x00891e12
0x00891dd5
0x00891e16
0x00891e17
0x00891e1d
0x00000000
0x00891e23
0x00891e29
0x00891e37
0x00891e37
0x00891e1d
0x00000000
0x00891db7
0x00891e38
0x00891e3d
0x00891e42
0x00891e43
0x00891e44
0x00891e45
0x00891e46
0x00891e47
0x00891e48
0x00891e49
0x00891e4a
0x00891e4b
0x00891e4c
0x00891e4d
0x00891e4e
0x00891e4f
0x00891e50
0x00891e52
0x00891e5d
0x00891e61
0x00891e62
0x00891e63
0x00891e64
0x00891e6b
0x00891e70
0x00891e76
0x00891e7e
0x00891e84
0x00891e87
0x00891ea6
0x00891e89
0x00891e8e
0x00891e93
0x00891e9c
0x00891e9e
0x00891e9e
0x00891eac
0x00891eaf
0x00891eb7
0x00891ebd
0x00891ec7
0x00891ed0
0x00891ed9
0x00891ed9
0x00891edc
0x00891ee1
0x00891ee1
0x00891ee7
0x00891eeb
0x00891ef2
0x00891ef9
0x00891efc
0x00891f04
0x00891f09
0x00891f11
0x00891f11
0x00891f14
0x00891f20
0x00891f24
0x00891f28
0x00891f2b
0x00000000
0x00000000
0x00891f31
0x00891f31
0x00891f34
0x00891f37
0x00000000
0x00891f39
0x00891f39
0x00891f3c
0x00891f3e
0x00891f64
0x00891f66
0x00000000
0x00891f68
0x00891f68
0x00891f6b
0x00891f6e
0x00891f79
0x00891f70
0x00891f72
0x00891f72
0x00891f6e
0x00891f40
0x00891f44
0x00891f4f
0x00891f53
0x00891f55
0x00891f57
0x00891f57
0x00891f5b
0x00891f5e
0x00891f7e
0x00891f60
0x00891f60
0x00891f60
0x00891f80
0x00891f83
0x00891f87
0x00891f8a
0x00891f90
0x00891f8c
0x00891f8c
0x00891f8c
0x00891f92
0x00891f92
0x00891f55
0x00891f96
0x00891f97
0x00891f9d
0x00000000
0x00891fa3
0x00891fa9
0x00891fb7
0x00891fb7
0x00891f9d
0x00000000
0x00891f37
0x00891fb8
0x00891fbd
0x00891fc2
0x00891fc3
0x00891fc4
0x00891fc5
0x00891fc6
0x00891fc7
0x00891fc8
0x00891fc9
0x00891fca
0x00891fcb
0x00891fcc
0x00891fcd
0x00891fce
0x00891fcf
0x00891fd3
0x00891fd8
0x00891fdc
0x00892087
0x00892096
0x00891fe2
0x00891fe6
0x00891fe7
0x00891fef
0x00891ff1
0x00891ff7
0x00891ff8
0x00891ffc
0x00891ffe
0x00892007
0x00892008
0x00892011
0x00892016
0x0089201b
0x0089201d
0x00892057
0x00892057
0x00892058
0x0089205c
0x00892069
0x0089206b
0x0089201f
0x00892027
0x0089202c
0x0089202e
0x00892041
0x00892041
0x00892048
0x00892050
0x00892052
0x00000000
0x00892054
0x00892054
0x00000000
0x00892054
0x00892030
0x00892038
0x0089203d
0x0089203f
0x00892083
0x00892083
0x00000000
0x00000000
0x00000000
0x0089203f
0x0089202e
0x0089206e
0x00892072
0x00892082
0x00892000
0x00892000
0x00892006
0x00892006
0x00891ff3
0x00891ff6
0x00891ff6
0x00891ff1
0x00000000

Strings

string too long, xrefs: 00891957
Thu Oct 31 17:14:23 2019, xrefs: 008917A9

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: Exception@8Throwstd::exception::exception
String ID: Thu Oct 31 17:14:23 2019$string too long
API String ID: 3728558374-561291225
Opcode ID: 0176c27fb8a3f6447042711ab50dfed45fb50c04f59aebf491b982c28c2baf6c
Instruction ID: 9daad9b80abf56f8f30481f3085bb2ea1a49fb718fcede87890f56bb604c22b9
Opcode Fuzzy Hash: 0176c27fb8a3f6447042711ab50dfed45fb50c04f59aebf491b982c28c2baf6c
Instruction Fuzzy Hash: 5851BE3030E3C19EDB118F3CA818BA37FA1B766710F68255FD4918B3A2C7A5550AD762

Uniqueness

Uniqueness Score: -1.00%

Function 008C761E, Relevance: 1.5, APIs: 1, Instructions: 20
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E008C761E(signed int _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _t6;
				int _t8;

				_t6 =  *0x8f5bf8 ^  *0x8f21d0;
				if(_t6 == 0) {
					 *0x8f4e20 = _a4;
					_t8 = EnumSystemLocalesW(E008C760A, 1);
					 *0x8f4e20 =  *0x8f4e20 & 0x00000000;
					return _t8;
				} else {
					return  *_t6(_a4, _a8, _a12, 0);
				}
			}

0x008c7626
0x008c762c
0x008c7647
0x008c764c
0x008c7652
0x008c765a
0x008c762e
0x008c763c
0x008c763c

APIs

EnumSystemLocalesW.KERNEL32(008C760A,00000001,?,008D9290,008D932E,00000003,00000000,?,?,00000000,00000000,00000000,00000000,00000000), ref: 008C764C

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: c21fb4aeb798af18a4be11a0a3a497c0843de11f59122af1e1a6693cbbe571b7
Instruction ID: 8a486725eea2e9590958186f8dc544aaf299e873ae50afdeed166d6b0873a164
Opcode Fuzzy Hash: c21fb4aeb798af18a4be11a0a3a497c0843de11f59122af1e1a6693cbbe571b7
Instruction Fuzzy Hash: F7E0B632554208ABDB119FA4FC46F693BB6FB08721F014005F6188A5A0C3B2E6A0DB58

Uniqueness

Uniqueness Score: -1.00%

Function 008C76A4, Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,20001004,?,008CD36B,?,008CD36B,?,20001004,?,00000002,?,00000004,?,00000000), ref: 008C76CB

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: fb7edcdf88bdeb818d4f21cec3ff6ba5175287238597dd12a80fcf4bc030ca76
Instruction ID: 45e83eb2d80688200bcbc129de02bee868bde9e6b96512da01d835e98bc1857e
Opcode Fuzzy Hash: fb7edcdf88bdeb818d4f21cec3ff6ba5175287238597dd12a80fcf4bc030ca76
Instruction Fuzzy Hash: 3ED06732004509FF8F02AFE4EC46C6A3FA9FB48354B454445FA1885520DA36F5609F65

Uniqueness

Uniqueness Score: -1.00%

Function 008C4116, Relevance: 1.5, APIs: 1, Instructions: 6
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E008C4116(_Unknown_base(*)()* _a4) {

				return SetUnhandledExceptionFilter(_a4);
			}

0x008c4123

APIs

SetUnhandledExceptionFilter.KERNEL32(?), ref: 008C411C

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 27e36e03ad8b11c9d7cc092f27a6dd67cff6c9b3a8dc22d4e2acd895c1842cb7
Instruction ID: 1ec3968f8ce49432999fa8bd522613e08c4c8a3fbe626479d55921bddeffe7ac
Opcode Fuzzy Hash: 27e36e03ad8b11c9d7cc092f27a6dd67cff6c9b3a8dc22d4e2acd895c1842cb7
Instruction Fuzzy Hash: 80A0113000020CAB8F002B82EC088883F2EFA002A0B008020F80E080208BA2AAA08A80

Uniqueness

Uniqueness Score: -1.00%

Function 008C6777, Relevance: .3, Instructions: 345
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E008C6777(void* __edx, void* __esi) {
				signed int _t192;
				signed char _t193;
				signed char _t194;
				signed char _t195;
				signed char _t196;
				signed char _t198;
				signed int _t241;
				void* _t287;
				void* _t292;
				void* _t294;
				void* _t296;
				void* _t298;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t306;
				void* _t308;
				void* _t310;
				void* _t312;
				void* _t314;
				void* _t316;
				void* _t318;
				void* _t320;
				void* _t322;
				void* _t324;
				void* _t326;
				void* _t327;

				_t327 = __esi;
				_t287 = __edx;
				if( *((intOrPtr*)(__esi - 0x1e)) ==  *((intOrPtr*)(__edx - 0x1e))) {
					_t241 = 0;
					L15:
					if(_t241 != 0) {
						goto L2;
					}
					_t193 =  *(_t327 - 0x1a);
					if(_t193 ==  *(_t287 - 0x1a)) {
						_t241 = 0;
						L26:
						if(_t241 != 0) {
							goto L2;
						}
						_t194 =  *(_t327 - 0x16);
						if(_t194 ==  *(_t287 - 0x16)) {
							_t241 = 0;
							L37:
							if(_t241 != 0) {
								goto L2;
							}
							_t195 =  *(_t327 - 0x12);
							if(_t195 ==  *(_t287 - 0x12)) {
								_t241 = 0;
								L48:
								if(_t241 != 0) {
									goto L2;
								}
								_t196 =  *(_t327 - 0xe);
								if(_t196 ==  *(_t287 - 0xe)) {
									_t241 = 0;
									L59:
									if(_t241 != 0) {
										goto L2;
									}
									if( *(_t327 - 0xa) ==  *(_t287 - 0xa)) {
										_t241 = 0;
										L70:
										if(_t241 != 0) {
											goto L2;
										}
										_t198 =  *(_t327 - 6);
										if(_t198 ==  *(_t287 - 6)) {
											_t241 = 0;
											L81:
											if(_t241 == 0 &&  *((intOrPtr*)(_t327 - 2)) ==  *((intOrPtr*)(_t287 - 2))) {
											}
											goto L2;
										}
										_t292 = (_t198 & 0x000000ff) - ( *(_t287 - 6) & 0x000000ff);
										if(_t292 == 0) {
											L74:
											_t294 = ( *(_t327 - 5) & 0x000000ff) - ( *(_t287 - 5) & 0x000000ff);
											if(_t294 == 0) {
												L76:
												_t296 = ( *(_t327 - 4) & 0x000000ff) - ( *(_t287 - 4) & 0x000000ff);
												if(_t296 == 0) {
													L78:
													_t241 = ( *(_t327 - 3) & 0x000000ff) - ( *(_t287 - 3) & 0x000000ff);
													if(_t241 != 0) {
														_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
													}
													goto L81;
												}
												_t241 = (0 | _t296 > 0x00000000) * 2 - 1;
												if(_t241 != 0) {
													goto L2;
												}
												goto L78;
											}
											_t241 = (0 | _t294 > 0x00000000) * 2 - 1;
											if(_t241 != 0) {
												goto L2;
											}
											goto L76;
										}
										_t241 = (0 | _t292 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L74;
									}
									_t298 = ( *(_t327 - 0xa) & 0x000000ff) - ( *(_t287 - 0xa) & 0x000000ff);
									if(_t298 == 0) {
										L63:
										_t300 = ( *(_t327 - 9) & 0x000000ff) - ( *(_t287 - 9) & 0x000000ff);
										if(_t300 == 0) {
											L65:
											_t302 = ( *(_t327 - 8) & 0x000000ff) - ( *(_t287 - 8) & 0x000000ff);
											if(_t302 == 0) {
												L67:
												_t241 = ( *(_t327 - 7) & 0x000000ff) - ( *(_t287 - 7) & 0x000000ff);
												if(_t241 != 0) {
													_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
												}
												goto L70;
											}
											_t241 = (0 | _t302 > 0x00000000) * 2 - 1;
											if(_t241 != 0) {
												goto L2;
											}
											goto L67;
										}
										_t241 = (0 | _t300 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L65;
									}
									_t241 = (0 | _t298 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L63;
								}
								_t304 = (_t196 & 0x000000ff) - ( *(_t287 - 0xe) & 0x000000ff);
								if(_t304 == 0) {
									L52:
									_t306 = ( *(_t327 - 0xd) & 0x000000ff) - ( *(_t287 - 0xd) & 0x000000ff);
									if(_t306 == 0) {
										L54:
										_t308 = ( *(_t327 - 0xc) & 0x000000ff) - ( *(_t287 - 0xc) & 0x000000ff);
										if(_t308 == 0) {
											L56:
											_t241 = ( *(_t327 - 0xb) & 0x000000ff) - ( *(_t287 - 0xb) & 0x000000ff);
											if(_t241 != 0) {
												_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
											}
											goto L59;
										}
										_t241 = (0 | _t308 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L56;
									}
									_t241 = (0 | _t306 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L54;
								}
								_t241 = (0 | _t304 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L52;
							}
							_t310 = (_t195 & 0x000000ff) - ( *(_t287 - 0x12) & 0x000000ff);
							if(_t310 == 0) {
								L41:
								_t312 = ( *(_t327 - 0x11) & 0x000000ff) - ( *(_t287 - 0x11) & 0x000000ff);
								if(_t312 == 0) {
									L43:
									_t314 = ( *(_t327 - 0x10) & 0x000000ff) - ( *(_t287 - 0x10) & 0x000000ff);
									if(_t314 == 0) {
										L45:
										_t241 = ( *(_t327 - 0xf) & 0x000000ff) - ( *(_t287 - 0xf) & 0x000000ff);
										if(_t241 != 0) {
											_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
										}
										goto L48;
									}
									_t241 = (0 | _t314 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L45;
								}
								_t241 = (0 | _t312 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L43;
							}
							_t241 = (0 | _t310 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L41;
						}
						_t316 = (_t194 & 0x000000ff) - ( *(_t287 - 0x16) & 0x000000ff);
						if(_t316 == 0) {
							L30:
							_t318 = ( *(_t327 - 0x15) & 0x000000ff) - ( *(_t287 - 0x15) & 0x000000ff);
							if(_t318 == 0) {
								L32:
								_t320 = ( *(_t327 - 0x14) & 0x000000ff) - ( *(_t287 - 0x14) & 0x000000ff);
								if(_t320 == 0) {
									L34:
									_t241 = ( *(_t327 - 0x13) & 0x000000ff) - ( *(_t287 - 0x13) & 0x000000ff);
									if(_t241 != 0) {
										_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
									}
									goto L37;
								}
								_t241 = (0 | _t320 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L34;
							}
							_t241 = (0 | _t318 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L32;
						}
						_t241 = (0 | _t316 > 0x00000000) * 2 - 1;
						if(_t241 != 0) {
							goto L2;
						}
						goto L30;
					}
					_t322 = (_t193 & 0x000000ff) - ( *(_t287 - 0x1a) & 0x000000ff);
					if(_t322 == 0) {
						L19:
						_t324 = ( *(_t327 - 0x19) & 0x000000ff) - ( *(_t287 - 0x19) & 0x000000ff);
						if(_t324 == 0) {
							L21:
							_t326 = ( *(_t327 - 0x18) & 0x000000ff) - ( *(_t287 - 0x18) & 0x000000ff);
							if(_t326 == 0) {
								L23:
								_t241 = ( *(_t327 - 0x17) & 0x000000ff) - ( *(_t287 - 0x17) & 0x000000ff);
								if(_t241 != 0) {
									_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
								}
								goto L26;
							}
							_t241 = (0 | _t326 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L23;
						}
						_t241 = (0 | _t324 > 0x00000000) * 2 - 1;
						if(_t241 != 0) {
							goto L2;
						}
						goto L21;
					}
					_t241 = (0 | _t322 > 0x00000000) * 2 - 1;
					if(_t241 != 0) {
						goto L2;
					}
					goto L19;
				} else {
					__edi = __al & 0x000000ff;
					__edi = (__al & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
					if(__edi == 0) {
						L8:
						__edi =  *(__esi - 0x1d) & 0x000000ff;
						__edi = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
						if(__edi == 0) {
							L10:
							__edi =  *(__esi - 0x1c) & 0x000000ff;
							__edi = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
							if(__edi == 0) {
								L12:
								__ecx =  *(__esi - 0x1b) & 0x000000ff;
								__ecx = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L15;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								L2:
								_t192 = _t241;
								return _t192;
							}
							goto L12;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L2;
						}
						goto L10;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L2;
					}
					goto L8;
				}
			}

0x008c6777
0x008c6777
0x008c677d
0x008c6804
0x008c6806
0x008c6808
0x00000000
0x00000000
0x008c680e
0x008c6814
0x008c689b
0x008c689d
0x008c689f
0x00000000
0x00000000
0x008c68a5
0x008c68ab
0x008c6932
0x008c6934
0x008c6936
0x00000000
0x00000000
0x008c693c
0x008c6942
0x008c69c9
0x008c69cb
0x008c69cd
0x00000000
0x00000000
0x008c69d3
0x008c69d9
0x008c6a60
0x008c6a62
0x008c6a64
0x00000000
0x00000000
0x008c6a70
0x008c6af8
0x008c6afa
0x008c6afc
0x00000000
0x00000000
0x008c6b02
0x008c6b08
0x008c6b8f
0x008c6b91
0x008c6b93
0x008c6b93
0x00000000
0x008c6b93
0x008c6b15
0x008c6b17
0x008c6b2f
0x008c6b37
0x008c6b39
0x008c6b51
0x008c6b59
0x008c6b5b
0x008c6b73
0x008c6b7b
0x008c6b7d
0x008c6b86
0x008c6b86
0x00000000
0x008c6b7d
0x008c6b64
0x008c6b6d
0x00000000
0x00000000
0x00000000
0x008c6b6d
0x008c6b42
0x008c6b4b
0x00000000
0x00000000
0x00000000
0x008c6b4b
0x008c6b20
0x008c6b29
0x00000000
0x00000000
0x00000000
0x008c6b29
0x008c6a7e
0x008c6a80
0x008c6a98
0x008c6aa0
0x008c6aa2
0x008c6aba
0x008c6ac2
0x008c6ac4
0x008c6adc
0x008c6ae4
0x008c6ae6
0x008c6aef
0x008c6aef
0x00000000
0x008c6ae6
0x008c6acd
0x008c6ad6
0x00000000
0x00000000
0x00000000
0x008c6ad6
0x008c6aab
0x008c6ab4
0x00000000
0x00000000
0x00000000
0x008c6ab4
0x008c6a89
0x008c6a92
0x00000000
0x00000000
0x00000000
0x008c6a92
0x008c69e6
0x008c69e8
0x008c6a00
0x008c6a08
0x008c6a0a
0x008c6a22
0x008c6a2a
0x008c6a2c
0x008c6a44
0x008c6a4c
0x008c6a4e
0x008c6a57
0x008c6a57
0x00000000
0x008c6a4e
0x008c6a35
0x008c6a3e
0x00000000
0x00000000
0x00000000
0x008c6a3e
0x008c6a13
0x008c6a1c
0x00000000
0x00000000
0x00000000
0x008c6a1c
0x008c69f1
0x008c69fa
0x00000000
0x00000000
0x00000000
0x008c69fa
0x008c694f
0x008c6951
0x008c6969
0x008c6971
0x008c6973
0x008c698b
0x008c6993
0x008c6995
0x008c69ad
0x008c69b5
0x008c69b7
0x008c69c0
0x008c69c0
0x00000000
0x008c69b7
0x008c699e
0x008c69a7
0x00000000
0x00000000
0x00000000
0x008c69a7
0x008c697c
0x008c6985
0x00000000
0x00000000
0x00000000
0x008c6985
0x008c695a
0x008c6963
0x00000000
0x00000000
0x00000000
0x008c6963
0x008c68b8
0x008c68ba
0x008c68d2
0x008c68da
0x008c68dc
0x008c68f4
0x008c68fc
0x008c68fe
0x008c6916
0x008c691e
0x008c6920
0x008c6929
0x008c6929
0x00000000
0x008c6920
0x008c6907
0x008c6910
0x00000000
0x00000000
0x00000000
0x008c6910
0x008c68e5
0x008c68ee
0x00000000
0x00000000
0x00000000
0x008c68ee
0x008c68c3
0x008c68cc
0x00000000
0x00000000
0x00000000
0x008c68cc
0x008c6821
0x008c6823
0x008c683b
0x008c6843
0x008c6845
0x008c685d
0x008c6865
0x008c6867
0x008c687f
0x008c6887
0x008c6889
0x008c6892
0x008c6892
0x00000000
0x008c6889
0x008c6870
0x008c6879
0x00000000
0x00000000
0x00000000
0x008c6879
0x008c684e
0x008c6857
0x00000000
0x00000000
0x00000000
0x008c6857
0x008c682c
0x008c6835
0x00000000
0x00000000
0x00000000
0x008c6783
0x008c6783
0x008c678a
0x008c678c
0x008c67a4
0x008c67a4
0x008c67ac
0x008c67ae
0x008c67c6
0x008c67c6
0x008c67ce
0x008c67d0
0x008c67e8
0x008c67e8
0x008c67f0
0x008c67f2
0x008c67fb
0x008c67fb
0x00000000
0x008c67f2
0x008c67d6
0x008c67d9
0x008c67e2
0x008c633a
0x008c633a
0x008c712b
0x008c712b
0x00000000
0x008c67e2
0x008c67b4
0x008c67b7
0x008c67c0
0x00000000
0x00000000
0x00000000
0x008c67c0
0x008c6792
0x008c6795
0x008c679e
0x00000000
0x00000000
0x00000000
0x008c679e

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
Instruction ID: 5880a483a4fc0ea43620cde33b7fabf2126df9d798a611e40351ba747001008b
Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
Instruction Fuzzy Hash: 35C1713220519309DB2E463A8474A3EBAB1EE927B531A477DD4B2CB1C4FF30D576D620

Uniqueness

Uniqueness Score: -1.00%

Function 008C6BAC, Relevance: .3, Instructions: 341
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E008C6BAC(void* __edx, void* __esi) {
				signed int _t197;
				signed char _t198;
				signed char _t199;
				signed char _t200;
				signed char _t202;
				signed char _t203;
				signed int _t246;
				void* _t294;
				void* _t297;
				void* _t299;
				void* _t301;
				void* _t303;
				void* _t305;
				void* _t307;
				void* _t309;
				void* _t311;
				void* _t313;
				void* _t315;
				void* _t317;
				void* _t319;
				void* _t321;
				void* _t323;
				void* _t325;
				void* _t327;
				void* _t329;
				void* _t331;
				void* _t333;
				void* _t335;
				void* _t336;

				_t336 = __esi;
				_t294 = __edx;
				if( *((intOrPtr*)(__esi - 0x1f)) ==  *((intOrPtr*)(__edx - 0x1f))) {
					_t246 = 0;
					L14:
					if(_t246 != 0) {
						goto L1;
					}
					_t198 =  *(_t336 - 0x1b);
					if(_t198 ==  *(_t294 - 0x1b)) {
						_t246 = 0;
						L25:
						if(_t246 != 0) {
							goto L1;
						}
						_t199 =  *(_t336 - 0x17);
						if(_t199 ==  *(_t294 - 0x17)) {
							_t246 = 0;
							L36:
							if(_t246 != 0) {
								goto L1;
							}
							_t200 =  *(_t336 - 0x13);
							if(_t200 ==  *(_t294 - 0x13)) {
								_t246 = 0;
								L47:
								if(_t246 != 0) {
									goto L1;
								}
								if( *(_t336 - 0xf) ==  *(_t294 - 0xf)) {
									_t246 = 0;
									L58:
									if(_t246 != 0) {
										goto L1;
									}
									_t202 =  *(_t336 - 0xb);
									if(_t202 ==  *(_t294 - 0xb)) {
										_t246 = 0;
										L69:
										if(_t246 != 0) {
											goto L1;
										}
										_t203 =  *(_t336 - 7);
										if(_t203 ==  *(_t294 - 7)) {
											_t246 = 0;
											L80:
											if(_t246 != 0) {
												goto L1;
											}
											_t297 = ( *(_t336 - 3) & 0x000000ff) - ( *(_t294 - 3) & 0x000000ff);
											if(_t297 == 0) {
												L83:
												_t299 = ( *(_t336 - 2) & 0x000000ff) - ( *(_t294 - 2) & 0x000000ff);
												if(_t299 == 0) {
													L3:
													_t246 = ( *(_t336 - 1) & 0x000000ff) - ( *(_t294 - 1) & 0x000000ff);
													if(_t246 != 0) {
														_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
													}
													goto L1;
												}
												_t246 = (0 | _t299 > 0x00000000) * 2 - 1;
												if(_t246 != 0) {
													goto L1;
												} else {
													goto L3;
												}
											}
											_t246 = (0 | _t297 > 0x00000000) * 2 - 1;
											if(_t246 != 0) {
												goto L1;
											}
											goto L83;
										}
										_t301 = (_t203 & 0x000000ff) - ( *(_t294 - 7) & 0x000000ff);
										if(_t301 == 0) {
											L73:
											_t303 = ( *(_t336 - 6) & 0x000000ff) - ( *(_t294 - 6) & 0x000000ff);
											if(_t303 == 0) {
												L75:
												_t305 = ( *(_t336 - 5) & 0x000000ff) - ( *(_t294 - 5) & 0x000000ff);
												if(_t305 == 0) {
													L77:
													_t246 = ( *(_t336 - 4) & 0x000000ff) - ( *(_t294 - 4) & 0x000000ff);
													if(_t246 != 0) {
														_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
													}
													goto L80;
												}
												_t246 = (0 | _t305 > 0x00000000) * 2 - 1;
												if(_t246 != 0) {
													goto L1;
												}
												goto L77;
											}
											_t246 = (0 | _t303 > 0x00000000) * 2 - 1;
											if(_t246 != 0) {
												goto L1;
											}
											goto L75;
										}
										_t246 = (0 | _t301 > 0x00000000) * 2 - 1;
										if(_t246 != 0) {
											goto L1;
										}
										goto L73;
									}
									_t307 = (_t202 & 0x000000ff) - ( *(_t294 - 0xb) & 0x000000ff);
									if(_t307 == 0) {
										L62:
										_t309 = ( *(_t336 - 0xa) & 0x000000ff) - ( *(_t294 - 0xa) & 0x000000ff);
										if(_t309 == 0) {
											L64:
											_t311 = ( *(_t336 - 9) & 0x000000ff) - ( *(_t294 - 9) & 0x000000ff);
											if(_t311 == 0) {
												L66:
												_t246 = ( *(_t336 - 8) & 0x000000ff) - ( *(_t294 - 8) & 0x000000ff);
												if(_t246 != 0) {
													_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
												}
												goto L69;
											}
											_t246 = (0 | _t311 > 0x00000000) * 2 - 1;
											if(_t246 != 0) {
												goto L1;
											}
											goto L66;
										}
										_t246 = (0 | _t309 > 0x00000000) * 2 - 1;
										if(_t246 != 0) {
											goto L1;
										}
										goto L64;
									}
									_t246 = (0 | _t307 > 0x00000000) * 2 - 1;
									if(_t246 != 0) {
										goto L1;
									}
									goto L62;
								}
								_t313 = ( *(_t336 - 0xf) & 0x000000ff) - ( *(_t294 - 0xf) & 0x000000ff);
								if(_t313 == 0) {
									L51:
									_t315 = ( *(_t336 - 0xe) & 0x000000ff) - ( *(_t294 - 0xe) & 0x000000ff);
									if(_t315 == 0) {
										L53:
										_t317 = ( *(_t336 - 0xd) & 0x000000ff) - ( *(_t294 - 0xd) & 0x000000ff);
										if(_t317 == 0) {
											L55:
											_t246 = ( *(_t336 - 0xc) & 0x000000ff) - ( *(_t294 - 0xc) & 0x000000ff);
											if(_t246 != 0) {
												_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
											}
											goto L58;
										}
										_t246 = (0 | _t317 > 0x00000000) * 2 - 1;
										if(_t246 != 0) {
											goto L1;
										}
										goto L55;
									}
									_t246 = (0 | _t315 > 0x00000000) * 2 - 1;
									if(_t246 != 0) {
										goto L1;
									}
									goto L53;
								}
								_t246 = (0 | _t313 > 0x00000000) * 2 - 1;
								if(_t246 != 0) {
									goto L1;
								}
								goto L51;
							}
							_t319 = (_t200 & 0x000000ff) - ( *(_t294 - 0x13) & 0x000000ff);
							if(_t319 == 0) {
								L40:
								_t321 = ( *(_t336 - 0x12) & 0x000000ff) - ( *(_t294 - 0x12) & 0x000000ff);
								if(_t321 == 0) {
									L42:
									_t323 = ( *(_t336 - 0x11) & 0x000000ff) - ( *(_t294 - 0x11) & 0x000000ff);
									if(_t323 == 0) {
										L44:
										_t246 = ( *(_t336 - 0x10) & 0x000000ff) - ( *(_t294 - 0x10) & 0x000000ff);
										if(_t246 != 0) {
											_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
										}
										goto L47;
									}
									_t246 = (0 | _t323 > 0x00000000) * 2 - 1;
									if(_t246 != 0) {
										goto L1;
									}
									goto L44;
								}
								_t246 = (0 | _t321 > 0x00000000) * 2 - 1;
								if(_t246 != 0) {
									goto L1;
								}
								goto L42;
							}
							_t246 = (0 | _t319 > 0x00000000) * 2 - 1;
							if(_t246 != 0) {
								goto L1;
							}
							goto L40;
						}
						_t325 = (_t199 & 0x000000ff) - ( *(_t294 - 0x17) & 0x000000ff);
						if(_t325 == 0) {
							L29:
							_t327 = ( *(_t336 - 0x16) & 0x000000ff) - ( *(_t294 - 0x16) & 0x000000ff);
							if(_t327 == 0) {
								L31:
								_t329 = ( *(_t336 - 0x15) & 0x000000ff) - ( *(_t294 - 0x15) & 0x000000ff);
								if(_t329 == 0) {
									L33:
									_t246 = ( *(_t336 - 0x14) & 0x000000ff) - ( *(_t294 - 0x14) & 0x000000ff);
									if(_t246 != 0) {
										_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
									}
									goto L36;
								}
								_t246 = (0 | _t329 > 0x00000000) * 2 - 1;
								if(_t246 != 0) {
									goto L1;
								}
								goto L33;
							}
							_t246 = (0 | _t327 > 0x00000000) * 2 - 1;
							if(_t246 != 0) {
								goto L1;
							}
							goto L31;
						}
						_t246 = (0 | _t325 > 0x00000000) * 2 - 1;
						if(_t246 != 0) {
							goto L1;
						}
						goto L29;
					}
					_t331 = (_t198 & 0x000000ff) - ( *(_t294 - 0x1b) & 0x000000ff);
					if(_t331 == 0) {
						L18:
						_t333 = ( *(_t336 - 0x1a) & 0x000000ff) - ( *(_t294 - 0x1a) & 0x000000ff);
						if(_t333 == 0) {
							L20:
							_t335 = ( *(_t336 - 0x19) & 0x000000ff) - ( *(_t294 - 0x19) & 0x000000ff);
							if(_t335 == 0) {
								L22:
								_t246 = ( *(_t336 - 0x18) & 0x000000ff) - ( *(_t294 - 0x18) & 0x000000ff);
								if(_t246 != 0) {
									_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
								}
								goto L25;
							}
							_t246 = (0 | _t335 > 0x00000000) * 2 - 1;
							if(_t246 != 0) {
								goto L1;
							}
							goto L22;
						}
						_t246 = (0 | _t333 > 0x00000000) * 2 - 1;
						if(_t246 != 0) {
							goto L1;
						}
						goto L20;
					}
					_t246 = (0 | _t331 > 0x00000000) * 2 - 1;
					if(_t246 != 0) {
						goto L1;
					}
					goto L18;
				} else {
					__edi =  *(__esi - 0x1f) & 0x000000ff;
					__edi = ( *(__esi - 0x1f) & 0x000000ff) - ( *(__edx - 0x1f) & 0x000000ff);
					if(__edi == 0) {
						L7:
						__edi =  *(__esi - 0x1e) & 0x000000ff;
						__edi = ( *(__esi - 0x1e) & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
						if(__edi == 0) {
							L9:
							__edi =  *(__esi - 0x1d) & 0x000000ff;
							__edi = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
							if(__edi == 0) {
								L11:
								__ecx =  *(__esi - 0x1c) & 0x000000ff;
								__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L14;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								goto L1;
							}
							goto L11;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L1;
						}
						goto L9;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L1;
					}
					goto L7;
				}
				L1:
				_t197 = _t246;
				return _t197;
			}

0x008c6bac
0x008c6bac
0x008c6bb2
0x008c6c3a
0x008c6c3c
0x008c6c3e
0x00000000
0x00000000
0x008c6c44
0x008c6c4a
0x008c6cd1
0x008c6cd3
0x008c6cd5
0x00000000
0x00000000
0x008c6cdb
0x008c6ce1
0x008c6d68
0x008c6d6a
0x008c6d6c
0x00000000
0x00000000
0x008c6d72
0x008c6d78
0x008c6dff
0x008c6e01
0x008c6e03
0x00000000
0x00000000
0x008c6e0f
0x008c6e97
0x008c6e99
0x008c6e9b
0x00000000
0x00000000
0x008c6ea1
0x008c6ea7
0x008c6f2e
0x008c6f30
0x008c6f32
0x00000000
0x00000000
0x008c6f38
0x008c6f3e
0x008c6fc5
0x008c6fc7
0x008c6fc9
0x00000000
0x00000000
0x008c6fd7
0x008c6fd9
0x008c6ff1
0x008c6ff9
0x008c6ffb
0x008c6754
0x008c675c
0x008c675e
0x008c676b
0x008c676b
0x00000000
0x008c675e
0x008c7008
0x008c674e
0x00000000
0x00000000
0x00000000
0x00000000
0x008c674e
0x008c6fe2
0x008c6feb
0x00000000
0x00000000
0x00000000
0x008c6feb
0x008c6f4b
0x008c6f4d
0x008c6f65
0x008c6f6d
0x008c6f6f
0x008c6f87
0x008c6f8f
0x008c6f91
0x008c6fa9
0x008c6fb1
0x008c6fb3
0x008c6fbc
0x008c6fbc
0x00000000
0x008c6fb3
0x008c6f9a
0x008c6fa3
0x00000000
0x00000000
0x00000000
0x008c6fa3
0x008c6f78
0x008c6f81
0x00000000
0x00000000
0x00000000
0x008c6f81
0x008c6f56
0x008c6f5f
0x00000000
0x00000000
0x00000000
0x008c6f5f
0x008c6eb4
0x008c6eb6
0x008c6ece
0x008c6ed6
0x008c6ed8
0x008c6ef0
0x008c6ef8
0x008c6efa
0x008c6f12
0x008c6f1a
0x008c6f1c
0x008c6f25
0x008c6f25
0x00000000
0x008c6f1c
0x008c6f03
0x008c6f0c
0x00000000
0x00000000
0x00000000
0x008c6f0c
0x008c6ee1
0x008c6eea
0x00000000
0x00000000
0x00000000
0x008c6eea
0x008c6ebf
0x008c6ec8
0x00000000
0x00000000
0x00000000
0x008c6ec8
0x008c6e1d
0x008c6e1f
0x008c6e37
0x008c6e3f
0x008c6e41
0x008c6e59
0x008c6e61
0x008c6e63
0x008c6e7b
0x008c6e83
0x008c6e85
0x008c6e8e
0x008c6e8e
0x00000000
0x008c6e85
0x008c6e6c
0x008c6e75
0x00000000
0x00000000
0x00000000
0x008c6e75
0x008c6e4a
0x008c6e53
0x00000000
0x00000000
0x00000000
0x008c6e53
0x008c6e28
0x008c6e31
0x00000000
0x00000000
0x00000000
0x008c6e31
0x008c6d85
0x008c6d87
0x008c6d9f
0x008c6da7
0x008c6da9
0x008c6dc1
0x008c6dc9
0x008c6dcb
0x008c6de3
0x008c6deb
0x008c6ded
0x008c6df6
0x008c6df6
0x00000000
0x008c6ded
0x008c6dd4
0x008c6ddd
0x00000000
0x00000000
0x00000000
0x008c6ddd
0x008c6db2
0x008c6dbb
0x00000000
0x00000000
0x00000000
0x008c6dbb
0x008c6d90
0x008c6d99
0x00000000
0x00000000
0x00000000
0x008c6d99
0x008c6cee
0x008c6cf0
0x008c6d08
0x008c6d10
0x008c6d12
0x008c6d2a
0x008c6d32
0x008c6d34
0x008c6d4c
0x008c6d54
0x008c6d56
0x008c6d5f
0x008c6d5f
0x00000000
0x008c6d56
0x008c6d3d
0x008c6d46
0x00000000
0x00000000
0x00000000
0x008c6d46
0x008c6d1b
0x008c6d24
0x00000000
0x00000000
0x00000000
0x008c6d24
0x008c6cf9
0x008c6d02
0x00000000
0x00000000
0x00000000
0x008c6d02
0x008c6c57
0x008c6c59
0x008c6c71
0x008c6c79
0x008c6c7b
0x008c6c93
0x008c6c9b
0x008c6c9d
0x008c6cb5
0x008c6cbd
0x008c6cbf
0x008c6cc8
0x008c6cc8
0x00000000
0x008c6cbf
0x008c6ca6
0x008c6caf
0x00000000
0x00000000
0x00000000
0x008c6caf
0x008c6c84
0x008c6c8d
0x00000000
0x00000000
0x00000000
0x008c6c8d
0x008c6c62
0x008c6c6b
0x00000000
0x00000000
0x00000000
0x008c6bb8
0x008c6bbc
0x008c6bc0
0x008c6bc2
0x008c6bda
0x008c6bda
0x008c6be2
0x008c6be4
0x008c6bfc
0x008c6bfc
0x008c6c04
0x008c6c06
0x008c6c1e
0x008c6c1e
0x008c6c26
0x008c6c28
0x008c6c31
0x008c6c31
0x00000000
0x008c6c28
0x008c6c0c
0x008c6c0f
0x008c6c18
0x00000000
0x00000000
0x00000000
0x008c6c18
0x008c6bea
0x008c6bed
0x008c6bf6
0x00000000
0x00000000
0x00000000
0x008c6bf6
0x008c6bc8
0x008c6bcb
0x008c6bd4
0x00000000
0x00000000
0x00000000
0x008c6bd4
0x008c633a
0x008c633a
0x008c712b

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
Instruction ID: a9ba82bab86670e1db83ca2339dd787c8de5e25765944c87bb98074a51a7bc6c
Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
Instruction Fuzzy Hash: 85C1513620519309DB2E463AC434A3EBAB1EAA27B531A477DD4B3CB1D4FF30D5369620

Uniqueness

Uniqueness Score: -1.00%

Function 008C6342, Relevance: .3, Instructions: 331
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E008C6342(void* __edx, void* __esi) {
				signed int _t184;
				signed char _t185;
				signed char _t186;
				signed char _t187;
				signed char _t188;
				signed char _t190;
				signed int _t231;
				void* _t275;
				void* _t278;
				void* _t280;
				void* _t282;
				void* _t284;
				void* _t286;
				void* _t288;
				void* _t290;
				void* _t292;
				void* _t294;
				void* _t296;
				void* _t298;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t306;
				void* _t308;
				void* _t310;
				void* _t312;
				void* _t313;

				_t313 = __esi;
				_t275 = __edx;
				if( *((intOrPtr*)(__esi - 0x1d)) ==  *((intOrPtr*)(__edx - 0x1d))) {
					_t231 = 0;
					L11:
					if(_t231 != 0) {
						goto L1;
					}
					_t185 =  *(_t313 - 0x19);
					if(_t185 ==  *(_t275 - 0x19)) {
						_t231 = 0;
						L22:
						if(_t231 != 0) {
							goto L1;
						}
						_t186 =  *(_t313 - 0x15);
						if(_t186 ==  *(_t275 - 0x15)) {
							_t231 = 0;
							L33:
							if(_t231 != 0) {
								goto L1;
							}
							_t187 =  *(_t313 - 0x11);
							if(_t187 ==  *(_t275 - 0x11)) {
								_t231 = 0;
								L44:
								if(_t231 != 0) {
									goto L1;
								}
								_t188 =  *(_t313 - 0xd);
								if(_t188 ==  *(_t275 - 0xd)) {
									_t231 = 0;
									L55:
									if(_t231 != 0) {
										goto L1;
									}
									if( *(_t313 - 9) ==  *(_t275 - 9)) {
										_t231 = 0;
										L66:
										if(_t231 != 0) {
											goto L1;
										}
										_t190 =  *(_t313 - 5);
										if(_t190 ==  *(_t275 - 5)) {
											_t231 = 0;
											L77:
											if(_t231 == 0) {
												_t231 = ( *(_t313 - 1) & 0x000000ff) - ( *(_t275 - 1) & 0x000000ff);
												if(_t231 != 0) {
													_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
												}
											}
											goto L1;
										}
										_t278 = (_t190 & 0x000000ff) - ( *(_t275 - 5) & 0x000000ff);
										if(_t278 == 0) {
											L70:
											_t280 = ( *(_t313 - 4) & 0x000000ff) - ( *(_t275 - 4) & 0x000000ff);
											if(_t280 == 0) {
												L72:
												_t282 = ( *(_t313 - 3) & 0x000000ff) - ( *(_t275 - 3) & 0x000000ff);
												if(_t282 == 0) {
													L74:
													_t231 = ( *(_t313 - 2) & 0x000000ff) - ( *(_t275 - 2) & 0x000000ff);
													if(_t231 != 0) {
														_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
													}
													goto L77;
												}
												_t231 = (0 | _t282 > 0x00000000) * 2 - 1;
												if(_t231 != 0) {
													goto L1;
												}
												goto L74;
											}
											_t231 = (0 | _t280 > 0x00000000) * 2 - 1;
											if(_t231 != 0) {
												goto L1;
											}
											goto L72;
										}
										_t231 = (0 | _t278 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L70;
									}
									_t284 = ( *(_t313 - 9) & 0x000000ff) - ( *(_t275 - 9) & 0x000000ff);
									if(_t284 == 0) {
										L59:
										_t286 = ( *(_t313 - 8) & 0x000000ff) - ( *(_t275 - 8) & 0x000000ff);
										if(_t286 == 0) {
											L61:
											_t288 = ( *(_t313 - 7) & 0x000000ff) - ( *(_t275 - 7) & 0x000000ff);
											if(_t288 == 0) {
												L63:
												_t231 = ( *(_t313 - 6) & 0x000000ff) - ( *(_t275 - 6) & 0x000000ff);
												if(_t231 != 0) {
													_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
												}
												goto L66;
											}
											_t231 = (0 | _t288 > 0x00000000) * 2 - 1;
											if(_t231 != 0) {
												goto L1;
											}
											goto L63;
										}
										_t231 = (0 | _t286 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L61;
									}
									_t231 = (0 | _t284 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L59;
								}
								_t290 = (_t188 & 0x000000ff) - ( *(_t275 - 0xd) & 0x000000ff);
								if(_t290 == 0) {
									L48:
									_t292 = ( *(_t313 - 0xc) & 0x000000ff) - ( *(_t275 - 0xc) & 0x000000ff);
									if(_t292 == 0) {
										L50:
										_t294 = ( *(_t313 - 0xb) & 0x000000ff) - ( *(_t275 - 0xb) & 0x000000ff);
										if(_t294 == 0) {
											L52:
											_t231 = ( *(_t313 - 0xa) & 0x000000ff) - ( *(_t275 - 0xa) & 0x000000ff);
											if(_t231 != 0) {
												_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
											}
											goto L55;
										}
										_t231 = (0 | _t294 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L52;
									}
									_t231 = (0 | _t292 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L50;
								}
								_t231 = (0 | _t290 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L48;
							}
							_t296 = (_t187 & 0x000000ff) - ( *(_t275 - 0x11) & 0x000000ff);
							if(_t296 == 0) {
								L37:
								_t298 = ( *(_t313 - 0x10) & 0x000000ff) - ( *(_t275 - 0x10) & 0x000000ff);
								if(_t298 == 0) {
									L39:
									_t300 = ( *(_t313 - 0xf) & 0x000000ff) - ( *(_t275 - 0xf) & 0x000000ff);
									if(_t300 == 0) {
										L41:
										_t231 = ( *(_t313 - 0xe) & 0x000000ff) - ( *(_t275 - 0xe) & 0x000000ff);
										if(_t231 != 0) {
											_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
										}
										goto L44;
									}
									_t231 = (0 | _t300 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L41;
								}
								_t231 = (0 | _t298 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L39;
							}
							_t231 = (0 | _t296 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L37;
						}
						_t302 = (_t186 & 0x000000ff) - ( *(_t275 - 0x15) & 0x000000ff);
						if(_t302 == 0) {
							L26:
							_t304 = ( *(_t313 - 0x14) & 0x000000ff) - ( *(_t275 - 0x14) & 0x000000ff);
							if(_t304 == 0) {
								L28:
								_t306 = ( *(_t313 - 0x13) & 0x000000ff) - ( *(_t275 - 0x13) & 0x000000ff);
								if(_t306 == 0) {
									L30:
									_t231 = ( *(_t313 - 0x12) & 0x000000ff) - ( *(_t275 - 0x12) & 0x000000ff);
									if(_t231 != 0) {
										_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
									}
									goto L33;
								}
								_t231 = (0 | _t306 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L30;
							}
							_t231 = (0 | _t304 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L28;
						}
						_t231 = (0 | _t302 > 0x00000000) * 2 - 1;
						if(_t231 != 0) {
							goto L1;
						}
						goto L26;
					}
					_t308 = (_t185 & 0x000000ff) - ( *(_t275 - 0x19) & 0x000000ff);
					if(_t308 == 0) {
						L15:
						_t310 = ( *(_t313 - 0x18) & 0x000000ff) - ( *(_t275 - 0x18) & 0x000000ff);
						if(_t310 == 0) {
							L17:
							_t312 = ( *(_t313 - 0x17) & 0x000000ff) - ( *(_t275 - 0x17) & 0x000000ff);
							if(_t312 == 0) {
								L19:
								_t231 = ( *(_t313 - 0x16) & 0x000000ff) - ( *(_t275 - 0x16) & 0x000000ff);
								if(_t231 != 0) {
									_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
								}
								goto L22;
							}
							_t231 = (0 | _t312 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L19;
						}
						_t231 = (0 | _t310 > 0x00000000) * 2 - 1;
						if(_t231 != 0) {
							goto L1;
						}
						goto L17;
					}
					_t231 = (0 | _t308 > 0x00000000) * 2 - 1;
					if(_t231 != 0) {
						goto L1;
					}
					goto L15;
				} else {
					__edi = __al & 0x000000ff;
					__edi = (__al & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
					if(__edi == 0) {
						L4:
						__edi =  *(__esi - 0x1c) & 0x000000ff;
						__edi = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
						if(__edi == 0) {
							L6:
							__edi =  *(__esi - 0x1b) & 0x000000ff;
							__edi = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
							if(__edi == 0) {
								L8:
								__ecx =  *(__esi - 0x1a) & 0x000000ff;
								__ecx = ( *(__esi - 0x1a) & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L11;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								goto L1;
							}
							goto L8;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L1;
						}
						goto L6;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L1;
					}
					goto L4;
				}
				L1:
				_t184 = _t231;
				return _t184;
			}

0x008c6342
0x008c6342
0x008c6348
0x008c63bf
0x008c63c1
0x008c63c3
0x00000000
0x00000000
0x008c63c9
0x008c63cf
0x008c6456
0x008c6458
0x008c645a
0x00000000
0x00000000
0x008c6460
0x008c6466
0x008c64ed
0x008c64ef
0x008c64f1
0x00000000
0x00000000
0x008c64f7
0x008c64fd
0x008c6584
0x008c6586
0x008c6588
0x00000000
0x00000000
0x008c658e
0x008c6594
0x008c661b
0x008c661d
0x008c661f
0x00000000
0x00000000
0x008c662b
0x008c66b3
0x008c66b5
0x008c66b7
0x00000000
0x00000000
0x008c66bd
0x008c66c3
0x008c674a
0x008c674c
0x008c674e
0x008c675c
0x008c675e
0x008c676b
0x008c676b
0x008c675e
0x00000000
0x008c674e
0x008c66d0
0x008c66d2
0x008c66ea
0x008c66f2
0x008c66f4
0x008c670c
0x008c6714
0x008c6716
0x008c672e
0x008c6736
0x008c6738
0x008c6741
0x008c6741
0x00000000
0x008c6738
0x008c671f
0x008c6728
0x00000000
0x00000000
0x00000000
0x008c6728
0x008c66fd
0x008c6706
0x00000000
0x00000000
0x00000000
0x008c6706
0x008c66db
0x008c66e4
0x00000000
0x00000000
0x00000000
0x008c66e4
0x008c6639
0x008c663b
0x008c6653
0x008c665b
0x008c665d
0x008c6675
0x008c667d
0x008c667f
0x008c6697
0x008c669f
0x008c66a1
0x008c66aa
0x008c66aa
0x00000000
0x008c66a1
0x008c6688
0x008c6691
0x00000000
0x00000000
0x00000000
0x008c6691
0x008c6666
0x008c666f
0x00000000
0x00000000
0x00000000
0x008c666f
0x008c6644
0x008c664d
0x00000000
0x00000000
0x00000000
0x008c664d
0x008c65a1
0x008c65a3
0x008c65bb
0x008c65c3
0x008c65c5
0x008c65dd
0x008c65e5
0x008c65e7
0x008c65ff
0x008c6607
0x008c6609
0x008c6612
0x008c6612
0x00000000
0x008c6609
0x008c65f0
0x008c65f9
0x00000000
0x00000000
0x00000000
0x008c65f9
0x008c65ce
0x008c65d7
0x00000000
0x00000000
0x00000000
0x008c65d7
0x008c65ac
0x008c65b5
0x00000000
0x00000000
0x00000000
0x008c65b5
0x008c650a
0x008c650c
0x008c6524
0x008c652c
0x008c652e
0x008c6546
0x008c654e
0x008c6550
0x008c6568
0x008c6570
0x008c6572
0x008c657b
0x008c657b
0x00000000
0x008c6572
0x008c6559
0x008c6562
0x00000000
0x00000000
0x00000000
0x008c6562
0x008c6537
0x008c6540
0x00000000
0x00000000
0x00000000
0x008c6540
0x008c6515
0x008c651e
0x00000000
0x00000000
0x00000000
0x008c651e
0x008c6473
0x008c6475
0x008c648d
0x008c6495
0x008c6497
0x008c64af
0x008c64b7
0x008c64b9
0x008c64d1
0x008c64d9
0x008c64db
0x008c64e4
0x008c64e4
0x00000000
0x008c64db
0x008c64c2
0x008c64cb
0x00000000
0x00000000
0x00000000
0x008c64cb
0x008c64a0
0x008c64a9
0x00000000
0x00000000
0x00000000
0x008c64a9
0x008c647e
0x008c6487
0x00000000
0x00000000
0x00000000
0x008c6487
0x008c63dc
0x008c63de
0x008c63f6
0x008c63fe
0x008c6400
0x008c6418
0x008c6420
0x008c6422
0x008c643a
0x008c6442
0x008c6444
0x008c644d
0x008c644d
0x00000000
0x008c6444
0x008c642b
0x008c6434
0x00000000
0x00000000
0x00000000
0x008c6434
0x008c6409
0x008c6412
0x00000000
0x00000000
0x00000000
0x008c6412
0x008c63e7
0x008c63f0
0x00000000
0x00000000
0x00000000
0x008c634a
0x008c634a
0x008c6351
0x008c6353
0x008c6367
0x008c6367
0x008c636f
0x008c6371
0x008c6385
0x008c6385
0x008c638d
0x008c638f
0x008c63a3
0x008c63a3
0x008c63ab
0x008c63ad
0x008c63b6
0x008c63b6
0x00000000
0x008c63ad
0x008c6395
0x008c6398
0x008c63a1
0x00000000
0x00000000
0x00000000
0x008c63a1
0x008c6377
0x008c637a
0x008c6383
0x00000000
0x00000000
0x00000000
0x008c6383
0x008c6359
0x008c635c
0x008c6365
0x00000000
0x00000000
0x00000000
0x008c6365
0x008c633a
0x008c633a
0x008c712b

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
Instruction ID: cdbc47ff3e9c54078b60f3046004e43f3b439b80a9b525bde7bd24cc1768c026
Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
Instruction Fuzzy Hash: 0FC164322051930ADF6E46398474A3EBAB1EAA17B931A477DD4B2CB1D4FF30C576D620

Uniqueness

Uniqueness Score: -1.00%

Function 008C5F2A, Relevance: .3, Instructions: 323
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E008C5F2A(void* __edx, void* __esi) {
				signed char _t177;
				void* _t178;
				signed char _t179;
				signed char _t180;
				signed char _t181;
				signed char _t183;
				signed char _t184;
				void* _t228;
				void* _t278;
				void* _t281;
				void* _t283;
				void* _t285;
				void* _t287;
				void* _t289;
				void* _t291;
				void* _t293;
				void* _t295;
				void* _t297;
				void* _t299;
				void* _t301;
				void* _t303;
				void* _t305;
				void* _t307;
				void* _t309;
				void* _t311;
				void* _t313;
				void* _t315;
				void* _t317;
				void* _t319;
				void* _t321;
				void* _t322;

				_t322 = __esi;
				_t278 = __edx;
				_t177 =  *(__esi - 0x1c);
				if(_t177 ==  *(__edx - 0x1c)) {
					_t228 = 0;
					L10:
					if(_t228 != 0) {
						L78:
						_t178 = _t228;
						return _t178;
					}
					_t179 =  *(_t322 - 0x18);
					if(_t179 ==  *(_t278 - 0x18)) {
						_t228 = 0;
						L21:
						if(_t228 != 0) {
							goto L78;
						}
						_t180 =  *(_t322 - 0x14);
						if(_t180 ==  *(_t278 - 0x14)) {
							_t228 = 0;
							L32:
							if(_t228 != 0) {
								goto L78;
							}
							_t181 =  *(_t322 - 0x10);
							if(_t181 ==  *(_t278 - 0x10)) {
								_t228 = 0;
								L43:
								if(_t228 != 0) {
									goto L78;
								}
								if( *(_t322 - 0xc) ==  *(_t278 - 0xc)) {
									_t228 = 0;
									L54:
									if(_t228 != 0) {
										goto L78;
									}
									_t183 =  *(_t322 - 8);
									if(_t183 ==  *(_t278 - 8)) {
										_t228 = 0;
										L65:
										if(_t228 != 0) {
											goto L78;
										}
										_t184 =  *(_t322 - 4);
										if(_t184 ==  *(_t278 - 4)) {
											_t228 = 0;
											L76:
											if(_t228 == 0) {
												_t228 = 0;
											}
											goto L78;
										}
										_t281 = (_t184 & 0x000000ff) - ( *(_t278 - 4) & 0x000000ff);
										if(_t281 == 0) {
											L69:
											_t283 = ( *(_t322 - 3) & 0x000000ff) - ( *(_t278 - 3) & 0x000000ff);
											if(_t283 == 0) {
												L71:
												_t285 = ( *(_t322 - 2) & 0x000000ff) - ( *(_t278 - 2) & 0x000000ff);
												if(_t285 == 0) {
													L73:
													_t228 = ( *(_t322 - 1) & 0x000000ff) - ( *(_t278 - 1) & 0x000000ff);
													if(_t228 != 0) {
														_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
													}
													goto L76;
												}
												_t228 = (0 | _t285 > 0x00000000) * 2 - 1;
												if(_t228 != 0) {
													goto L78;
												}
												goto L73;
											}
											_t228 = (0 | _t283 > 0x00000000) * 2 - 1;
											if(_t228 != 0) {
												goto L78;
											}
											goto L71;
										}
										_t228 = (0 | _t281 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L69;
									}
									_t287 = (_t183 & 0x000000ff) - ( *(_t278 - 8) & 0x000000ff);
									if(_t287 == 0) {
										L58:
										_t289 = ( *(_t322 - 7) & 0x000000ff) - ( *(_t278 - 7) & 0x000000ff);
										if(_t289 == 0) {
											L60:
											_t291 = ( *(_t322 - 6) & 0x000000ff) - ( *(_t278 - 6) & 0x000000ff);
											if(_t291 == 0) {
												L62:
												_t228 = ( *(_t322 - 5) & 0x000000ff) - ( *(_t278 - 5) & 0x000000ff);
												if(_t228 != 0) {
													_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
												}
												goto L65;
											}
											_t228 = (0 | _t291 > 0x00000000) * 2 - 1;
											if(_t228 != 0) {
												goto L78;
											}
											goto L62;
										}
										_t228 = (0 | _t289 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L60;
									}
									_t228 = (0 | _t287 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L58;
								}
								_t293 = ( *(_t322 - 0xc) & 0x000000ff) - ( *(_t278 - 0xc) & 0x000000ff);
								if(_t293 == 0) {
									L47:
									_t295 = ( *(_t322 - 0xb) & 0x000000ff) - ( *(_t278 - 0xb) & 0x000000ff);
									if(_t295 == 0) {
										L49:
										_t297 = ( *(_t322 - 0xa) & 0x000000ff) - ( *(_t278 - 0xa) & 0x000000ff);
										if(_t297 == 0) {
											L51:
											_t228 = ( *(_t322 - 9) & 0x000000ff) - ( *(_t278 - 9) & 0x000000ff);
											if(_t228 != 0) {
												_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
											}
											goto L54;
										}
										_t228 = (0 | _t297 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L51;
									}
									_t228 = (0 | _t295 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L49;
								}
								_t228 = (0 | _t293 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L47;
							}
							_t299 = (_t181 & 0x000000ff) - ( *(_t278 - 0x10) & 0x000000ff);
							if(_t299 == 0) {
								L36:
								_t301 = ( *(_t322 - 0xf) & 0x000000ff) - ( *(_t278 - 0xf) & 0x000000ff);
								if(_t301 == 0) {
									L38:
									_t303 = ( *(_t322 - 0xe) & 0x000000ff) - ( *(_t278 - 0xe) & 0x000000ff);
									if(_t303 == 0) {
										L40:
										_t228 = ( *(_t322 - 0xd) & 0x000000ff) - ( *(_t278 - 0xd) & 0x000000ff);
										if(_t228 != 0) {
											_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
										}
										goto L43;
									}
									_t228 = (0 | _t303 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L40;
								}
								_t228 = (0 | _t301 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L38;
							}
							_t228 = (0 | _t299 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L36;
						}
						_t305 = (_t180 & 0x000000ff) - ( *(_t278 - 0x14) & 0x000000ff);
						if(_t305 == 0) {
							L25:
							_t307 = ( *(_t322 - 0x13) & 0x000000ff) - ( *(_t278 - 0x13) & 0x000000ff);
							if(_t307 == 0) {
								L27:
								_t309 = ( *(_t322 - 0x12) & 0x000000ff) - ( *(_t278 - 0x12) & 0x000000ff);
								if(_t309 == 0) {
									L29:
									_t228 = ( *(_t322 - 0x11) & 0x000000ff) - ( *(_t278 - 0x11) & 0x000000ff);
									if(_t228 != 0) {
										_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
									}
									goto L32;
								}
								_t228 = (0 | _t309 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L29;
							}
							_t228 = (0 | _t307 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L27;
						}
						_t228 = (0 | _t305 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L25;
					}
					_t311 = (_t179 & 0x000000ff) - ( *(_t278 - 0x18) & 0x000000ff);
					if(_t311 == 0) {
						L14:
						_t313 = ( *(_t322 - 0x17) & 0x000000ff) - ( *(_t278 - 0x17) & 0x000000ff);
						if(_t313 == 0) {
							L16:
							_t315 = ( *(_t322 - 0x16) & 0x000000ff) - ( *(_t278 - 0x16) & 0x000000ff);
							if(_t315 == 0) {
								L18:
								_t228 = ( *(_t322 - 0x15) & 0x000000ff) - ( *(_t278 - 0x15) & 0x000000ff);
								if(_t228 != 0) {
									_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
								}
								goto L21;
							}
							_t228 = (0 | _t315 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L18;
						}
						_t228 = (0 | _t313 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L16;
					}
					_t228 = (0 | _t311 > 0x00000000) * 2 - 1;
					if(_t228 != 0) {
						goto L78;
					}
					goto L14;
				}
				_t317 = (_t177 & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
				if(_t317 == 0) {
					L3:
					_t319 = ( *(_t322 - 0x1b) & 0x000000ff) - ( *(_t278 - 0x1b) & 0x000000ff);
					if(_t319 == 0) {
						L5:
						_t321 = ( *(_t322 - 0x1a) & 0x000000ff) - ( *(_t278 - 0x1a) & 0x000000ff);
						if(_t321 == 0) {
							L7:
							_t228 = ( *(_t322 - 0x19) & 0x000000ff) - ( *(_t278 - 0x19) & 0x000000ff);
							if(_t228 != 0) {
								_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
							}
							goto L10;
						}
						_t228 = (0 | _t321 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L7;
					}
					_t228 = (0 | _t319 > 0x00000000) * 2 - 1;
					if(_t228 != 0) {
						goto L78;
					}
					goto L5;
				}
				_t228 = (0 | _t317 > 0x00000000) * 2 - 1;
				if(_t228 != 0) {
					goto L78;
				}
				goto L3;
			}

0x008c5f2a
0x008c5f2a
0x008c5f2a
0x008c5f30
0x008c5fb7
0x008c5fb9
0x008c5fbb
0x008c633a
0x008c633a
0x008c712b
0x008c712b
0x008c5fc1
0x008c5fc7
0x008c604e
0x008c6050
0x008c6052
0x00000000
0x00000000
0x008c6058
0x008c605e
0x008c60e5
0x008c60e7
0x008c60e9
0x00000000
0x00000000
0x008c60ef
0x008c60f5
0x008c617c
0x008c617e
0x008c6180
0x00000000
0x00000000
0x008c618c
0x008c6214
0x008c6216
0x008c6218
0x00000000
0x00000000
0x008c621e
0x008c6224
0x008c62ab
0x008c62ad
0x008c62af
0x00000000
0x00000000
0x008c62b5
0x008c62bb
0x008c6332
0x008c6334
0x008c6336
0x008c6338
0x008c6338
0x00000000
0x008c6336
0x008c62c4
0x008c62c6
0x008c62da
0x008c62e2
0x008c62e4
0x008c62f8
0x008c6300
0x008c6302
0x008c6316
0x008c631e
0x008c6320
0x008c6329
0x008c6329
0x00000000
0x008c6320
0x008c630b
0x008c6314
0x00000000
0x00000000
0x00000000
0x008c6314
0x008c62ed
0x008c62f6
0x00000000
0x00000000
0x00000000
0x008c62f6
0x008c62cf
0x008c62d8
0x00000000
0x00000000
0x00000000
0x008c62d8
0x008c6231
0x008c6233
0x008c624b
0x008c6253
0x008c6255
0x008c626d
0x008c6275
0x008c6277
0x008c628f
0x008c6297
0x008c6299
0x008c62a2
0x008c62a2
0x00000000
0x008c6299
0x008c6280
0x008c6289
0x00000000
0x00000000
0x00000000
0x008c6289
0x008c625e
0x008c6267
0x00000000
0x00000000
0x00000000
0x008c6267
0x008c623c
0x008c6245
0x00000000
0x00000000
0x00000000
0x008c6245
0x008c619a
0x008c619c
0x008c61b4
0x008c61bc
0x008c61be
0x008c61d6
0x008c61de
0x008c61e0
0x008c61f8
0x008c6200
0x008c6202
0x008c620b
0x008c620b
0x00000000
0x008c6202
0x008c61e9
0x008c61f2
0x00000000
0x00000000
0x00000000
0x008c61f2
0x008c61c7
0x008c61d0
0x00000000
0x00000000
0x00000000
0x008c61d0
0x008c61a5
0x008c61ae
0x00000000
0x00000000
0x00000000
0x008c61ae
0x008c6102
0x008c6104
0x008c611c
0x008c6124
0x008c6126
0x008c613e
0x008c6146
0x008c6148
0x008c6160
0x008c6168
0x008c616a
0x008c6173
0x008c6173
0x00000000
0x008c616a
0x008c6151
0x008c615a
0x00000000
0x00000000
0x00000000
0x008c615a
0x008c612f
0x008c6138
0x00000000
0x00000000
0x00000000
0x008c6138
0x008c610d
0x008c6116
0x00000000
0x00000000
0x00000000
0x008c6116
0x008c606b
0x008c606d
0x008c6085
0x008c608d
0x008c608f
0x008c60a7
0x008c60af
0x008c60b1
0x008c60c9
0x008c60d1
0x008c60d3
0x008c60dc
0x008c60dc
0x00000000
0x008c60d3
0x008c60ba
0x008c60c3
0x00000000
0x00000000
0x00000000
0x008c60c3
0x008c6098
0x008c60a1
0x00000000
0x00000000
0x00000000
0x008c60a1
0x008c6076
0x008c607f
0x00000000
0x00000000
0x00000000
0x008c607f
0x008c5fd4
0x008c5fd6
0x008c5fee
0x008c5ff6
0x008c5ff8
0x008c6010
0x008c6018
0x008c601a
0x008c6032
0x008c603a
0x008c603c
0x008c6045
0x008c6045
0x00000000
0x008c603c
0x008c6023
0x008c602c
0x00000000
0x00000000
0x00000000
0x008c602c
0x008c6001
0x008c600a
0x00000000
0x00000000
0x00000000
0x008c600a
0x008c5fdf
0x008c5fe8
0x00000000
0x00000000
0x00000000
0x008c5fe8
0x008c5f3d
0x008c5f3f
0x008c5f57
0x008c5f5f
0x008c5f61
0x008c5f79
0x008c5f81
0x008c5f83
0x008c5f9b
0x008c5fa3
0x008c5fa5
0x008c5fae
0x008c5fae
0x00000000
0x008c5fa5
0x008c5f8c
0x008c5f95
0x00000000
0x00000000
0x00000000
0x008c5f95
0x008c5f6a
0x008c5f73
0x00000000
0x00000000
0x00000000
0x008c5f73
0x008c5f48
0x008c5f51
0x00000000
0x00000000
0x00000000

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
Instruction ID: 9342b50c2f786744dca8a6ec7f304faffe9bab91831954126716df76c5bd234f
Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
Instruction Fuzzy Hash: 70C1603220909309DF2E46398474A3EBAB1EAA27B531A477DD4B3CB1C5FE30D576D620

Uniqueness

Uniqueness Score: -1.00%

Function 008C0870, Relevance: .1, Instructions: 76
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E008C0870(signed int _a4, signed char _a8, intOrPtr _a12) {
				intOrPtr _t13;
				void* _t14;
				signed char _t20;
				signed char _t24;
				signed int _t27;
				signed char _t32;
				unsigned int _t33;
				signed char _t35;
				signed char _t37;
				signed int _t39;

				_t13 = _a12;
				if(_t13 == 0) {
					L11:
					return _t13;
				} else {
					_t39 = _a4;
					_t20 = _a8;
					if((_t39 & 0x00000003) == 0) {
						L5:
						_t14 = _t13 - 4;
						if(_t14 < 0) {
							L8:
							_t13 = _t14 + 4;
							if(_t13 == 0) {
								goto L11;
							} else {
								while(1) {
									_t24 =  *_t39;
									_t39 = _t39 + 1;
									if((_t24 ^ _t20) == 0) {
										goto L20;
									}
									_t13 = _t13 - 1;
									if(_t13 != 0) {
										continue;
									} else {
										goto L11;
									}
									goto L24;
								}
								goto L20;
							}
						} else {
							_t20 = ((_t20 << 8) + _t20 << 0x10) + (_t20 << 8) + _t20;
							do {
								_t27 =  *_t39 ^ _t20;
								_t39 = _t39 + 4;
								if(((_t27 ^ 0xffffffff ^ 0x7efefeff + _t27) & 0x81010100) == 0) {
									goto L12;
								} else {
									_t32 =  *(_t39 - 4) ^ _t20;
									if(_t32 == 0) {
										return _t39 - 4;
									} else {
										_t33 = _t32 ^ _t20;
										if(_t33 == 0) {
											return _t39 - 3;
										} else {
											_t35 = _t33 >> 0x00000010 ^ _t20;
											if(_t35 == 0) {
												return _t39 - 2;
											} else {
												if((_t35 ^ _t20) == 0) {
													goto L20;
												} else {
													goto L12;
												}
											}
										}
									}
								}
								goto L24;
								L12:
								_t14 = _t14 - 4;
							} while (_t14 >= 0);
							goto L8;
						}
					} else {
						while(1) {
							_t37 =  *_t39;
							_t39 = _t39 + 1;
							if((_t37 ^ _t20) == 0) {
								break;
							}
							_t13 = _t13 - 1;
							if(_t13 == 0) {
								goto L11;
							} else {
								if((_t39 & 0x00000003) != 0) {
									continue;
								} else {
									goto L5;
								}
							}
							goto L24;
						}
						L20:
						return _t39 - 1;
					}
				}
				L24:
			}

0x008c0870
0x008c0877
0x008c08cc
0x008c08cc
0x008c0879
0x008c0879
0x008c087f
0x008c0889
0x008c08a1
0x008c08a1
0x008c08a4
0x008c08b8
0x008c08b8
0x008c08bb
0x00000000
0x008c08bd
0x008c08bd
0x008c08bd
0x008c08bf
0x008c08c4
0x00000000
0x00000000
0x008c08c6
0x008c08c9
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x008c08c9
0x00000000
0x008c08bd
0x008c08a6
0x008c08b3
0x008c08d2
0x008c08d4
0x008c08e2
0x008c08eb
0x00000000
0x008c08ed
0x008c08f0
0x008c08f2
0x008c091c
0x008c08f4
0x008c08f4
0x008c08f6
0x008c0916
0x008c08f8
0x008c08fb
0x008c08fd
0x008c0910
0x008c08ff
0x008c0901
0x00000000
0x008c0903
0x00000000
0x008c0903
0x008c0901
0x008c08fd
0x008c08f6
0x008c08f2
0x00000000
0x008c08cd
0x008c08cd
0x008c08cd
0x00000000
0x008c08b7
0x008c088b
0x008c088b
0x008c088b
0x008c088d
0x008c0892
0x00000000
0x00000000
0x008c0894
0x008c0897
0x00000000
0x008c0899
0x008c089f
0x00000000
0x00000000
0x00000000
0x00000000
0x008c089f
0x00000000
0x008c0897
0x008c0906
0x008c090a
0x008c090a
0x008c0889
0x00000000

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 990c331f26b5ba84d60ffe16b8ade906d1072bda427956ed6e6c81ebe8b1f724
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: B411D377201146C3AA04862DDCB4FA7A7B5FAC93A5B2D827ED042CBB59D232D9499E40

Uniqueness

Uniqueness Score: -1.00%

Function 008BC9B9, Relevance: 28.8, APIs: 19, Instructions: 288
COMMON

Download Yara Rule

C-Code - Quality: 56%

			E008BC9B9(void* __ebx, intOrPtr __edx, signed int __edi) {
				intOrPtr* _t49;
				void* _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;
				void* _t57;
				void* _t58;
				void* _t62;
				void* _t63;
				intOrPtr _t65;
				intOrPtr* _t69;
				void* _t70;
				intOrPtr* _t73;
				void* _t74;
				intOrPtr* _t77;
				void* _t78;
				intOrPtr* _t92;
				void* _t93;
				intOrPtr* _t98;
				void* _t99;
				void* _t108;
				void* _t135;
				signed int _t138;
				intOrPtr* _t139;
				void* _t140;
				intOrPtr* _t141;
				void* _t142;
				intOrPtr* _t143;
				intOrPtr* _t144;
				intOrPtr* _t145;
				intOrPtr* _t146;
				intOrPtr* _t147;
				intOrPtr* _t148;
				intOrPtr* _t149;
				void* _t150;
				void* _t151;
				void* _t152;

				_t138 = __edi;
				_t137 = __edx;
				_t108 = __ebx;
				_t155 = __edi;
				if(__edi != 0) {
					_t49 = E0089ABF0();
					_push(__edi);
					_t139 = _t49;
					_t50 = E008BB1A4(__ebx, __edx, __edi, _t139, __eflags);
					_push(_t139);
					_push(_t50);
					_push(__ebx);
					E008AB28B(__ebx, __edi, _t139, __eflags);
					_t152 = _t151 + 0x10;
				} else {
					_t149 = E008BED02(__ebx, __edi, _t155);
					_t135 = 0x10;
					_t156 = _t149;
					if(_t149 == 0) {
						_t139 = 0;
						__eflags = 0;
					} else {
						 *(_t149 + 4) =  *(_t149 + 4) & __edi;
						 *_t149 = 0x8e565c;
						 *((intOrPtr*)(_t149 + 8)) = E008BE8B6(_t135);
						 *((intOrPtr*)(_t149 + 0xc)) = _t137;
					}
					_push(E0089ABF0());
					_push(_t139);
					_push(_t108);
					E008AB28B(_t108, _t138, _t139, _t156);
					_t152 = _t151 + 0xc;
				}
				_t52 =  *(_t150 + 0xc);
				if((_t52 & 0x00000020) != 0) {
					_t158 = _t138;
					if(_t138 != 0) {
						_t98 = E0089ABF0();
						_push(_t138);
						_t139 = _t98;
						_t99 = E008BB23D(_t108, _t138, _t139, __eflags);
						_push(_t139);
						_push(_t99);
						_push(_t108);
						E008AB28B(_t108, _t138, _t139, __eflags);
						_t152 = _t152 + 0x10;
					} else {
						_push(8);
						_t148 = E008BED02(_t108, _t138, _t158);
						_t159 = _t148;
						if(_t148 == 0) {
							_t139 = 0;
							__eflags = 0;
						} else {
							 *(_t148 + 4) =  *(_t148 + 4) & _t138;
							 *_t148 = 0x8e5678;
						}
						_push(E0089ABF0());
						_push(_t139);
						_push(_t108);
						E008AB28B(_t108, _t138, _t139, _t159);
						_t152 = _t152 + 0xc;
					}
					_t52 =  *(_t150 + 0xc);
				}
				_t53 = _t52 & 0x00000004;
				 *(_t150 - 0x10) = _t53;
				if(_t53 != 0) {
					_t161 = _t138;
					if(_t138 != 0) {
						_t92 = E0089ABF0();
						_push(_t138);
						_t139 = _t92;
						_t93 = E008BB2D6(_t108, _t138, _t139, __eflags);
						_push(_t139);
						_push(_t93);
						_push(_t108);
						E008AB28B(_t108, _t138, _t139, __eflags);
						_t152 = _t152 + 0x10;
					} else {
						_push(8);
						_t147 = E008BED02(_t108, _t138, _t161);
						_t162 = _t147;
						if(_t147 == 0) {
							_t139 = 0;
							__eflags = 0;
						} else {
							 *(_t147 + 4) =  *(_t147 + 4) & _t138;
							 *_t147 = 0x8e5694;
						}
						_push(E0089ABF0());
						_push(_t139);
						_push(_t108);
						E008AB28B(_t108, _t138, _t139, _t162);
						_t152 = _t152 + 0xc;
					}
					_t53 =  *(_t150 - 0x10);
				}
				if(_t53 != 0) {
					_t164 = _t138;
					if(_t138 != 0) {
						_t69 = E0089ABF0();
						_push(_t138);
						_t139 = _t69;
						_t70 = E008BB36F(_t108, _t138, _t139, __eflags);
						_push(_t139);
						_push(_t70);
						_push(_t108);
						E008AB28B(_t108, _t138, _t139, __eflags);
						_t152 = _t152 + 0x10;
					} else {
						_push(8);
						_t146 = E008BED02(_t108, _t138, _t164);
						_t165 = _t146;
						if(_t146 == 0) {
							_t139 = 0;
							__eflags = 0;
						} else {
							 *(_t146 + 4) =  *(_t146 + 4) & _t138;
							 *_t146 = 0x8e56ac;
						}
						_push(E0089ABF0());
						_push(_t139);
						_push(_t108);
						E008AB28B(_t108, _t138, _t139, _t165);
						_t152 = _t152 + 0xc;
					}
					if( *(_t150 - 0x10) != 0) {
						_t167 = _t138;
						if(_t138 != 0) {
							_t73 = E0089ABF0();
							_push(_t138);
							_t139 = _t73;
							_t74 = E008BB4A1(_t108, _t138, _t139, __eflags);
							_push(_t139);
							_push(_t74);
							_push(_t108);
							E008AB28B(_t108, _t138, _t139, __eflags);
							_t152 = _t152 + 0x10;
						} else {
							_push(0x58);
							_t145 = E008BED02(_t108, _t138, _t167);
							 *((intOrPtr*)(_t150 - 0x14)) = _t145;
							 *(_t150 - 4) = 7;
							_t168 = _t145;
							if(_t145 == 0) {
								_t139 = 0;
								__eflags = 0;
							} else {
								 *((intOrPtr*)(_t145 + 4)) = 0;
								_push(0);
								_push( *((intOrPtr*)(_t150 + 8)));
								 *(_t150 - 4) = 8;
								 *_t145 = 0x8e56c4;
								 *((char*)(_t145 + 0x28)) = 0;
								E008BC82D(_t108, _t145, _t138, _t145, _t168);
								 *_t145 = 0x8e56f8;
							}
							 *(_t150 - 4) =  *(_t150 - 4) | 0xffffffff;
							_push(E0089ABF0());
							_push(_t139);
							_push(_t108);
							E008AB28B(_t108, _t138, _t139, _t168);
							_t152 = _t152 + 0xc;
						}
						if( *(_t150 - 0x10) != 0) {
							_t170 = _t138;
							if(_t138 != 0) {
								_t77 = E0089ABF0();
								_push(_t138);
								_t139 = _t77;
								_t78 = E008BB408(_t108, _t138, _t139, __eflags);
								_push(_t139);
								_push(_t78);
								_push(_t108);
								E008AB28B(_t108, _t138, _t139, __eflags);
								_t152 = _t152 + 0x10;
							} else {
								_push(0x58);
								_t144 = E008BED02(_t108, _t138, _t170);
								 *((intOrPtr*)(_t150 - 0x14)) = _t144;
								 *(_t150 - 4) = 0xd;
								_t171 = _t144;
								if(_t144 == 0) {
									_t139 = 0;
									__eflags = 0;
								} else {
									 *(_t144 + 4) =  *(_t144 + 4) & _t138;
									_push(_t138);
									_push( *((intOrPtr*)(_t150 + 8)));
									 *(_t150 - 4) = 0xe;
									 *_t144 = 0x8e56c4;
									 *((char*)(_t144 + 0x28)) = 1;
									E008BC82D(_t108, _t144, _t138, _t144, _t171);
									 *_t144 = 0x8e572c;
								}
								 *(_t150 - 4) =  *(_t150 - 4) | 0xffffffff;
								_push(E0089ABF0());
								_push(_t139);
								_push(_t108);
								E008AB28B(_t108, _t138, _t139, _t171);
								_t152 = _t152 + 0xc;
							}
						}
					}
				}
				_t55 =  *(_t150 + 0xc) & 0x00000010;
				 *(_t150 + 0xc) = _t55;
				if(_t55 != 0) {
					_t173 = _t138;
					if(_t138 != 0) {
						_t62 = E0089ABF0();
						_push(_t138);
						_t142 = _t62;
						_t63 = E008BB53A(_t108, _t138, _t142, __eflags);
						_push(_t142);
						_push(_t63);
						_push(_t108);
						E008AB28B(_t108, _t138, _t142, __eflags);
						_t152 = _t152 + 0x10;
					} else {
						_push(0x44);
						_t65 = E008BED02(_t108, _t138, _t173);
						 *((intOrPtr*)(_t150 - 0x14)) = _t65;
						 *(_t150 - 4) = 0x12;
						_t174 = _t65;
						if(_t65 == 0) {
							_t143 = 0;
							__eflags = 0;
						} else {
							_push(_t138);
							_push( *((intOrPtr*)(_t150 + 8)));
							_t143 = E008BB66C(_t65, _t139, _t174);
						}
						 *(_t150 - 4) =  *(_t150 - 4) | 0xffffffff;
						_push(E0089ABF0());
						_push(_t143);
						_push(_t108);
						E008AB28B(_t108, _t138, _t143, _t174);
						_t152 = _t152 + 0xc;
					}
					_t55 =  *(_t150 + 0xc);
				}
				if(_t55 != 0) {
					_t176 = _t138;
					if(_t138 != 0) {
						_t57 = E0089ABF0();
						_push(_t138);
						_t140 = _t57;
						_t58 = L008BB5D3(_t108, _t138, _t140, __eflags);
						_push(_t140);
						_push(_t58);
						_push(_t108);
						_t55 = E008AB28B(_t108, _t138, _t140, __eflags);
					} else {
						_push(0xc);
						_t141 = E008BED02(_t108, _t138, _t176);
						_t177 = _t141;
						if(_t141 == 0) {
							_t141 = 0;
							__eflags = 0;
						} else {
							 *(_t141 + 4) =  *(_t141 + 4) & _t138;
							 *_t141 = 0x8e578c;
							 *(_t141 + 8) =  *(_t141 + 8) & _t138;
							L008BC960(_t177,  *((intOrPtr*)(_t150 + 8)));
						}
						_push(E0089ABF0());
						_push(_t141);
						_push(_t108);
						_t55 = E008AB28B(_t108, _t138, _t141, _t177);
					}
				}
				return E008C1E2B(_t55);
			}

0x008bc9b9
0x008bc9b9
0x008bc9b9
0x008bc9b9
0x008bc9bb
0x008bc9ff
0x008bca04
0x008bca05
0x008bca07
0x008bca0c
0x008bca0d
0x008bca0e
0x008bca0f
0x008bca14
0x008bc9bd
0x008bc9c4
0x008bc9c6
0x008bc9c7
0x008bc9c9
0x008bc9e1
0x008bc9e1
0x008bc9cb
0x008bc9cb
0x008bc9ce
0x008bc9d9
0x008bc9dc
0x008bc9dc
0x008bc9ed
0x008bc9ee
0x008bc9ef
0x008bc9f0
0x008bc9f5
0x008bc9f5
0x008bca17
0x008bca1c
0x008bca1e
0x008bca20
0x008bca59
0x008bca5e
0x008bca5f
0x008bca61
0x008bca66
0x008bca67
0x008bca68
0x008bca69
0x008bca6e
0x008bca22
0x008bca22
0x008bca29
0x008bca2c
0x008bca2e
0x008bca3b
0x008bca3b
0x008bca30
0x008bca30
0x008bca33
0x008bca33
0x008bca47
0x008bca48
0x008bca49
0x008bca4a
0x008bca4f
0x008bca4f
0x008bca71
0x008bca71
0x008bca74
0x008bca77
0x008bca7a
0x008bca7c
0x008bca7e
0x008bcab7
0x008bcabc
0x008bcabd
0x008bcabf
0x008bcac4
0x008bcac5
0x008bcac6
0x008bcac7
0x008bcacc
0x008bca80
0x008bca80
0x008bca87
0x008bca8a
0x008bca8c
0x008bca99
0x008bca99
0x008bca8e
0x008bca8e
0x008bca91
0x008bca91
0x008bcaa5
0x008bcaa6
0x008bcaa7
0x008bcaa8
0x008bcaad
0x008bcaad
0x008bcacf
0x008bcacf
0x008bcad4
0x008bcada
0x008bcadc
0x008bcb15
0x008bcb1a
0x008bcb1b
0x008bcb1d
0x008bcb22
0x008bcb23
0x008bcb24
0x008bcb25
0x008bcb2a
0x008bcade
0x008bcade
0x008bcae5
0x008bcae8
0x008bcaea
0x008bcaf7
0x008bcaf7
0x008bcaec
0x008bcaec
0x008bcaef
0x008bcaef
0x008bcb03
0x008bcb04
0x008bcb05
0x008bcb06
0x008bcb0b
0x008bcb0b
0x008bcb32
0x008bcb38
0x008bcb3a
0x008bcb9b
0x008bcba0
0x008bcba1
0x008bcba3
0x008bcba8
0x008bcba9
0x008bcbaa
0x008bcbab
0x008bcbb0
0x008bcb3c
0x008bcb3c
0x008bcb43
0x008bcb46
0x008bcb49
0x008bcb50
0x008bcb52
0x008bcb79
0x008bcb79
0x008bcb54
0x008bcb56
0x008bcb59
0x008bcb5a
0x008bcb5f
0x008bcb63
0x008bcb69
0x008bcb6c
0x008bcb71
0x008bcb71
0x008bcb7b
0x008bcb89
0x008bcb8a
0x008bcb8b
0x008bcb8c
0x008bcb91
0x008bcb91
0x008bcbb8
0x008bcbba
0x008bcbbc
0x008bcc1c
0x008bcc21
0x008bcc22
0x008bcc24
0x008bcc29
0x008bcc2a
0x008bcc2b
0x008bcc2c
0x008bcc31
0x008bcbbe
0x008bcbbe
0x008bcbc5
0x008bcbc8
0x008bcbcb
0x008bcbd2
0x008bcbd4
0x008bcbfa
0x008bcbfa
0x008bcbd6
0x008bcbd6
0x008bcbd9
0x008bcbda
0x008bcbdf
0x008bcbe3
0x008bcbe9
0x008bcbed
0x008bcbf2
0x008bcbf2
0x008bcbfc
0x008bcc0a
0x008bcc0b
0x008bcc0c
0x008bcc0d
0x008bcc12
0x008bcc12
0x008bcbbc
0x008bcbb8
0x008bcb32
0x008bcc37
0x008bcc3a
0x008bcc3d
0x008bcc3f
0x008bcc41
0x008bcc8a
0x008bcc8f
0x008bcc90
0x008bcc92
0x008bcc97
0x008bcc98
0x008bcc99
0x008bcc9a
0x008bcc9f
0x008bcc43
0x008bcc43
0x008bcc45
0x008bcc4b
0x008bcc4e
0x008bcc55
0x008bcc57
0x008bcc68
0x008bcc68
0x008bcc59
0x008bcc59
0x008bcc5a
0x008bcc64
0x008bcc64
0x008bcc6a
0x008bcc78
0x008bcc79
0x008bcc7a
0x008bcc7b
0x008bcc80
0x008bcc80
0x008bcca2
0x008bcca2
0x008bcca7
0x008bcca9
0x008bccab
0x008bccf1
0x008bccf6
0x008bccf7
0x008bccf9
0x008bccfe
0x008bccff
0x008bcd00
0x008bcd01
0x008bccad
0x008bccad
0x008bccb4
0x008bccb7
0x008bccb9
0x008bccd3
0x008bccd3
0x008bccbb
0x008bccbb
0x008bccc3
0x008bccc9
0x008bcccc
0x008bcccc
0x008bccdf
0x008bcce0
0x008bcce1
0x008bcce2
0x008bcce7
0x008bccab
0x008bcd0e

APIs

__Getcoll.LIBCPMT ref: 008BC9D4

Part of subcall function 008BE8B6: ____lc_collate_cp_func.LIBCMT ref: 008BE8B7
Part of subcall function 008BE8B6: ____lc_locale_name_func.LIBCMT ref: 008BE8BE

Part of subcall function 0089ABF0: std::_Lockit::_Lockit.LIBCPMT ref: 0089ABFF

Part of subcall function 008BB4A1: __EH_prolog3.LIBCMT ref: 008BB4A8
Part of subcall function 008BB4A1: std::_Lockit::_Lockit.LIBCPMT ref: 008BB4B2

std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 008BC9F0
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 008BCA0F
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 008BCA4A
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 008BCA69
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 008BCAA8
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 008BCAC7
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 008BCB06
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 008BCB25
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 008BCB8C
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 008BCBAB

Part of subcall function 008AB28B: __EH_prolog3.LIBCMT ref: 008AB292
Part of subcall function 008AB28B: std::_Lockit::_Lockit.LIBCPMT ref: 008AB29C
Part of subcall function 008AB28B: __realloc_crt.LIBCMT ref: 008AB2C4
Part of subcall function 008AB28B: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 008AB2CF

Part of subcall function 008BB408: __EH_prolog3.LIBCMT ref: 008BB40F
Part of subcall function 008BB408: std::_Lockit::_Lockit.LIBCPMT ref: 008BB419

_Mpunct.LIBCPMT ref: 008BCBED
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 008BCC0D
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 008BCC2C
numpunct.LIBCPMT ref: 008BCC5F

Part of subcall function 008BB66C: __EH_prolog3.LIBCMT ref: 008BB673

std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 008BCC7B

Part of subcall function 008BED02: std::exception::exception.LIBCMT ref: 008BED38
Part of subcall function 008BED02: __CxxThrowException@8.LIBCMT ref: 008BED4D

_Mpunct.LIBCPMT ref: 008BCB6C

Part of subcall function 008BED02: _malloc.LIBCMT ref: 008BED1A

std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 008BCCE2

Part of subcall function 008BC94E: _free.LIBCMT ref: 008BC97E

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: AddfacLocimp::_Locimp_std::locale::_$H_prolog3LockitLockit::_std::_$Mpunct$Concurrency::details::_Concurrent_queue_base_v4::_Exception@8GetcollInternal_throw_exceptionThrow____lc_collate_cp_func____lc_locale_name_func__realloc_crt_free_mallocnumpunctstd::exception::exception
String ID:
API String ID: 2260282896-0
Opcode ID: d615cc66f8f74aede1e76049ab9c1cb92fa011e7efe4c4d5943a2790dd82e8c1
Instruction ID: 6c8bef0f26dcb47a769427335f47800396d2f7b5584529c45f11f9418ba0d317
Opcode Fuzzy Hash: d615cc66f8f74aede1e76049ab9c1cb92fa011e7efe4c4d5943a2790dd82e8c1
Instruction Fuzzy Hash: 8691F8B1C012156BD720BBBD4C16AFF6A98FF51760B18551EBD99E7353EA70DC0082A3

Uniqueness

Uniqueness Score: -1.00%

Function 008C71AE, Relevance: 19.8, APIs: 13, Instructions: 253
stringCOMMON

Download Yara Rule

C-Code - Quality: 92%

			E008C71AE(signed int __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16, short* _a20, char* _a24, int _a28, int _a32) {
				signed int _v8;
				char _v22;
				struct _cpinfo _v28;
				signed int _v32;
				signed int _v36;
				char* _v40;
				short* _v44;
				intOrPtr _v48;
				void* _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t65;
				int _t72;
				short* _t73;
				short* _t75;
				short* _t80;
				signed int _t85;
				void* _t89;
				signed int _t92;
				void* _t96;
				intOrPtr* _t101;
				intOrPtr* _t103;
				short* _t107;
				short* _t108;
				int _t113;
				int _t115;
				short* _t121;
				short* _t122;
				signed int _t127;
				int _t130;
				short* _t131;
				signed int _t132;
				short* _t133;

				_t127 = __edx;
				_t65 =  *0x8f21d0; // 0x28a5f8b6
				_v8 = _t65 ^ _t132;
				_t109 = _a24;
				_v36 = _a4;
				_t131 = _a20;
				_v48 = _a8;
				_t69 = _a16;
				_v32 = _a16;
				_v40 = _a24;
				if(_t131 <= 0) {
					__eflags = _t131 - 0xffffffff;
					if(_t131 >= 0xffffffff) {
						L2:
						_t130 = _a28;
						if(_t130 <= 0) {
							__eflags = _t130 - 0xffffffff;
							if(_t130 < 0xffffffff) {
								goto L5;
							}
							L7:
							_t72 = _a32;
							_t108 = 0;
							_v44 = 0;
							if(_t72 == 0) {
								_t72 =  *( *_v36 + 4);
								_a32 = _t72;
							}
							if(_t131 == 0 || _t130 == 0) {
								if(_t131 != _t130) {
									__eflags = _t130 - 1;
									if(_t130 <= 1) {
										__eflags = _t131 - 1;
										if(_t131 <= 1) {
											_t73 = GetCPInfo(_t72,  &_v28);
											__eflags = _t73;
											if(_t73 == 0) {
												goto L5;
											}
											__eflags = _t131;
											if(_t131 <= 0) {
												__eflags = _t130;
												if(_t130 <= 0) {
													goto L37;
												}
												__eflags = _v28 - 2;
												if(_v28 < 2) {
													goto L15;
												}
												_t101 =  &_v22;
												__eflags = _v22 - _t108;
												if(_v22 == _t108) {
													goto L15;
												}
												_t131 = _v40;
												while(1) {
													_t121 =  *((intOrPtr*)(_t101 + 1));
													__eflags = _t121;
													if(_t121 == 0) {
														goto L15;
													}
													_t127 =  *_t131;
													__eflags = _t127 -  *_t101;
													if(_t127 <  *_t101) {
														L35:
														_t101 = _t101 + 2;
														__eflags =  *_t101 - _t108;
														if( *_t101 != _t108) {
															continue;
														}
														goto L15;
													}
													__eflags = _t127 - _t121;
													if(_t127 <= _t121) {
														goto L12;
													}
													goto L35;
												}
												goto L15;
											}
											__eflags = _v28 - 2;
											if(_v28 < 2) {
												goto L17;
											}
											_t103 =  &_v22;
											__eflags = _v22 - _t108;
											if(_v22 == _t108) {
												goto L17;
											}
											_t131 = _v32;
											while(1) {
												_t122 =  *((intOrPtr*)(_t103 + 1));
												__eflags = _t122;
												if(_t122 == 0) {
													goto L17;
												}
												_t127 =  *_t131;
												__eflags = _t127 -  *_t103;
												if(_t127 <  *_t103) {
													L26:
													_t103 = _t103 + 2;
													__eflags =  *_t103 - _t108;
													if( *_t103 != _t108) {
														continue;
													}
													goto L17;
												}
												__eflags = _t127 - _t122;
												if(_t127 <= _t122) {
													goto L12;
												}
												goto L26;
											}
										}
										L17:
										_push(3);
										L13:
										goto L68;
									}
									L15:
									goto L68;
								}
								L12:
								_push(2);
								goto L13;
							} else {
								L37:
								_t113 = MultiByteToWideChar(_a32, 9, _v32, _t131, _t108, _t108);
								_v36 = _t113;
								__eflags = _t113;
								if(__eflags == 0) {
									goto L5;
								}
								if(__eflags <= 0) {
									L48:
									__eflags = _t108;
									if(_t108 == 0) {
										goto L5;
									}
									_t131 = _a32;
									_t75 = MultiByteToWideChar(_t131, 1, _v32, _t131, _t108, _t113);
									__eflags = _t75;
									if(_t75 == 0) {
										L67:
										E008C34DA(_t108);
										L68:
										return E008BF888(_t108, _v8 ^ _t132, _t127, _t130, _t131);
									}
									_t115 = MultiByteToWideChar(_t131, 9, _v40, _t130, 0, 0);
									_v32 = _t115;
									__eflags = _t115;
									if(__eflags == 0) {
										goto L67;
									}
									if(__eflags <= 0) {
										L62:
										_t131 = 0;
										__eflags = 0;
										L63:
										__eflags = _t131;
										if(_t131 != 0) {
											_t80 = MultiByteToWideChar(_a32, 1, _v40, _t130, _t131, _t115);
											__eflags = _t80;
											if(_t80 != 0) {
												_v44 = E008C7518(_v48, _a12, _t108, _v36, _t131, _v32);
											}
											E008C34DA(_t131);
										}
										goto L67;
									}
									_t85 = 0xffffffe0;
									_t127 = _t85 % _t115;
									__eflags = _t85 / _t115 - 2;
									if(_t85 / _t115 < 2) {
										goto L62;
									}
									_t49 = _t115 + _t115 + 8; // 0x8
									__eflags = _t49 - _t115 + _t115;
									if(_t49 <= _t115 + _t115) {
										_t115 = _v32;
										goto L62;
									}
									_t89 = 8 + _v32 * 2;
									__eflags = _t89 - 0x400;
									if(_t89 > 0x400) {
										_t131 = E008C1BD4(_t108, _t127, _t130, _t89);
										__eflags = _t131;
										if(_t131 == 0) {
											L60:
											_t115 = _v32;
											goto L63;
										}
										 *_t131 = 0xdddd;
										L59:
										_t131 =  &(_t131[4]);
										__eflags = _t131;
										goto L60;
									}
									E008CDE90(_t89);
									_t131 = _t133;
									__eflags = _t131;
									if(_t131 == 0) {
										goto L60;
									}
									 *_t131 = 0xcccc;
									goto L59;
								}
								_t92 = 0xffffffe0;
								_t127 = _t92 % _t113;
								__eflags = _t92 / _t113 - 2;
								if(_t92 / _t113 < 2) {
									goto L48;
								}
								_t36 = _t113 + _t113 + 8; // 0x8
								__eflags = _t36 - _t113 + _t113;
								if(_t36 <= _t113 + _t113) {
									L47:
									_t113 = _v36;
									goto L48;
								}
								_t96 = 8 + _v36 * 2;
								__eflags = _t96 - 0x400;
								if(_t96 > 0x400) {
									_t108 = E008C1BD4(_t108, _t127, _t130, _t96);
									__eflags = _t108;
									if(_t108 == 0) {
										goto L47;
									}
									 *_t108 = 0xdddd;
									L46:
									_t108 =  &(_t108[4]);
									__eflags = _t108;
									goto L47;
								}
								E008CDE90(_t96);
								_t108 = _t133;
								__eflags = _t108;
								if(_t108 == 0) {
									goto L47;
								}
								 *_t108 = 0xcccc;
								goto L46;
							}
						}
						_t130 = E008C7432(_t109, _t130);
						goto L7;
					}
					L5:
					goto L68;
				}
				_t107 = E008C7432(_t69, _t131);
				_t109 = _v40;
				_t131 = _t107;
				goto L2;
			}

0x008c71ae
0x008c71b4
0x008c71bb
0x008c71c1
0x008c71c5
0x008c71cc
0x008c71cf
0x008c71d2
0x008c71d5
0x008c71d8
0x008c71de
0x008c7202
0x008c7205
0x008c71ee
0x008c71ee
0x008c71f3
0x008c720e
0x008c7211
0x00000000
0x00000000
0x008c7213
0x008c7213
0x008c7216
0x008c7218
0x008c721d
0x008c7224
0x008c7227
0x008c7227
0x008c722c
0x008c7238
0x008c7242
0x008c7245
0x008c724f
0x008c7252
0x008c725d
0x008c7263
0x008c7265
0x00000000
0x00000000
0x008c7267
0x008c7269
0x008c7296
0x008c7298
0x00000000
0x00000000
0x008c729a
0x008c729e
0x00000000
0x00000000
0x008c72a0
0x008c72a3
0x008c72a6
0x00000000
0x00000000
0x008c72a8
0x008c72ab
0x008c72ab
0x008c72ae
0x008c72b0
0x00000000
0x00000000
0x008c72b2
0x008c72b4
0x008c72b6
0x008c72c0
0x008c72c0
0x008c72c3
0x008c72c5
0x00000000
0x00000000
0x00000000
0x008c72c7
0x008c72b8
0x008c72ba
0x00000000
0x00000000
0x00000000
0x008c72ba
0x00000000
0x008c72ab
0x008c726b
0x008c726f
0x00000000
0x00000000
0x008c7271
0x008c7274
0x008c7277
0x00000000
0x00000000
0x008c7279
0x008c727c
0x008c727c
0x008c727f
0x008c7281
0x00000000
0x00000000
0x008c7283
0x008c7285
0x008c7287
0x008c728d
0x008c728d
0x008c7290
0x008c7292
0x00000000
0x00000000
0x00000000
0x008c7294
0x008c7289
0x008c728b
0x00000000
0x00000000
0x00000000
0x008c728b
0x008c727c
0x008c7254
0x008c7254
0x008c723c
0x00000000
0x008c723c
0x008c7247
0x00000000
0x008c7249
0x008c723a
0x008c723a
0x00000000
0x008c72cc
0x008c72cc
0x008c72dd
0x008c72df
0x008c72e2
0x008c72e4
0x00000000
0x00000000
0x008c72ea
0x008c733e
0x008c733e
0x008c7340
0x00000000
0x00000000
0x008c734c
0x008c7352
0x008c7358
0x008c735a
0x008c7414
0x008c7415
0x008c741e
0x008c7431
0x008c7431
0x008c7371
0x008c7373
0x008c7376
0x008c7378
0x00000000
0x00000000
0x008c737e
0x008c73d7
0x008c73d7
0x008c73d7
0x008c73d9
0x008c73d9
0x008c73db
0x008c73e8
0x008c73ee
0x008c73f0
0x008c740a
0x008c740a
0x008c740e
0x008c7413
0x00000000
0x008c73db
0x008c7384
0x008c7385
0x008c7387
0x008c738a
0x00000000
0x00000000
0x008c738e
0x008c7391
0x008c7393
0x008c73d4
0x00000000
0x008c73d4
0x008c7398
0x008c739f
0x008c73a4
0x008c73bf
0x008c73c2
0x008c73c4
0x008c73cf
0x008c73cf
0x00000000
0x008c73cf
0x008c73c6
0x008c73cc
0x008c73cc
0x008c73cc
0x00000000
0x008c73cc
0x008c73a6
0x008c73ab
0x008c73ad
0x008c73af
0x00000000
0x00000000
0x008c73b1
0x00000000
0x008c73b1
0x008c72f0
0x008c72f1
0x008c72f3
0x008c72f6
0x00000000
0x00000000
0x008c72fa
0x008c72fd
0x008c72ff
0x008c733b
0x008c733b
0x00000000
0x008c733b
0x008c7304
0x008c730b
0x008c7310
0x008c732b
0x008c732e
0x008c7330
0x00000000
0x00000000
0x008c7332
0x008c7338
0x008c7338
0x008c7338
0x00000000
0x008c7338
0x008c7312
0x008c7317
0x008c7319
0x008c731b
0x00000000
0x00000000
0x008c731d
0x00000000
0x008c731d
0x008c722c
0x008c71fe
0x00000000
0x008c71fe
0x008c7207
0x00000000
0x008c7207
0x008c71e2
0x008c71e9
0x008c71ec
0x00000000

APIs

strncnt.LIBCMT ref: 008C71E2
strncnt.LIBCMT ref: 008C71F7
GetCPInfo.KERNEL32(?,?,?,?,?,?,008C7481,?,?,?,?,?,?,?,?,?), ref: 008C725D
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000,?,008C7481,?,?,?,?,?,?,?,?), ref: 008C72D7
__alloca_probe_16.LIBCMT ref: 008C7312
__alloca_probe_16.LIBCMT ref: 008C73A6
_malloc.LIBCMT ref: 008C7326

Part of subcall function 008C1BD4: __FF_MSGBANNER.LIBCMT ref: 008C1BEB
Part of subcall function 008C1BD4: __NMSG_WRITE.LIBCMT ref: 008C1BF2
Part of subcall function 008C1BD4: HeapAlloc.KERNEL32(?,00000000,00000001,00000000,00000000,00000000,?,008C3556,00000000,00000000,00000000,00000000,?,008C1FFF,00000018,008F0810), ref: 008C1C17

MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,00000000,?,008C7481,?,?,?,?,?,?,?,?), ref: 008C7352
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000,?,008C7481,?,?,?,?,?,?,?,?), ref: 008C736B
_malloc.LIBCMT ref: 008C73BA
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,00000000,?,008C7481,?,?,?,?,?,?,?,?), ref: 008C73E8
__freea.LIBCMT ref: 008C740E
__freea.LIBCMT ref: 008C7415

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: ByteCharMultiWide$__alloca_probe_16__freea_mallocstrncnt$AllocHeapInfo
String ID:
API String ID: 2708373476-0
Opcode ID: 29755aed06bbe69e8d0da778b6773b8c5940ad1f74bb3cbaf9e5fac815f69e68
Instruction ID: d7a72285c784890a859e24bcd68c0e46c80ea81f85d72b18014ec46ed6b4c200
Opcode Fuzzy Hash: 29755aed06bbe69e8d0da778b6773b8c5940ad1f74bb3cbaf9e5fac815f69e68
Instruction Fuzzy Hash: 1681CE72A081599BDF259BA8D881FAE7BBAFF49320B54416DF816E7241D730DC05CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 008AB3E8, Relevance: 18.2, APIs: 12, Instructions: 201
COMMON

Download Yara Rule

C-Code - Quality: 55%

			E008AB3E8(signed int __ebx, void* __edx, void* __edi) {
				void* _t30;
				void* _t31;
				signed int _t34;
				void* _t42;
				void* _t43;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;
				void* _t62;
				void* _t63;
				void* _t68;
				signed int _t72;
				signed int _t73;
				void* _t74;
				void* _t83;
				void* _t84;
				intOrPtr _t86;
				intOrPtr* _t88;
				signed int _t91;
				intOrPtr* _t92;
				intOrPtr* _t94;
				intOrPtr* _t95;
				void* _t96;
				void* _t97;
				void* _t98;

				_t84 = __edi;
				_t83 = __edx;
				_t72 = __ebx;
				_t100 = __ebx;
				if(__ebx != 0) {
					_t74 = 0x8f4ae0;
					_t30 = E0089ABF0();
					_t31 = E00897EE0(__ebx);
					_push(_t30);
					_push(_t31);
					_push(__edi);
					E008AB28B(__ebx, __edi, _t30, __eflags);
					_t98 = _t97 + 0x10;
					L6:
					_t34 =  *(_t96 + 0xc) & 0x00000008;
					 *(_t96 + 0x10) = _t34;
					if(_t34 != 0) {
						_t103 = _t72;
						if(_t72 != 0) {
							_t74 = 0x8f4a00;
							_t62 = E0089ABF0();
							_t63 = E00898010(_t72);
							_push(_t62);
							_push(_t63);
							_push(_t84);
							E008AB28B(_t72, _t84, _t62, __eflags);
							_t98 = _t98 + 0x10;
						} else {
							_push(8);
							_t94 = E008BED02(_t72, _t84, _t103);
							_t104 = _t94;
							if(_t94 == 0) {
								_t94 = 0;
								__eflags = 0;
							} else {
								 *(_t94 + 4) =  *(_t94 + 4) & _t72;
								 *_t94 = 0x8e4c00;
							}
							_t74 = 0x8f4a00;
							_push(E0089ABF0());
							_push(_t94);
							_push(_t84);
							E008AB28B(_t72, _t84, _t94, _t104);
							_t98 = _t98 + 0xc;
						}
						_t34 =  *(_t96 + 0x10);
					}
					if(_t34 != 0) {
						_t106 = _t72;
						if(_t72 != 0) {
							_t74 = 0x8f49e4;
							_t48 = E0089ABF0();
							_t49 = E00898140(_t72);
							_push(_t48);
							_push(_t49);
							_push(_t84);
							E008AB28B(_t72, _t84, _t48, __eflags);
							_t98 = _t98 + 0x10;
						} else {
							_push(8);
							_t92 = E008BED02(_t72, _t84, _t106);
							_t107 = _t92;
							if(_t92 == 0) {
								_t92 = 0;
								__eflags = 0;
							} else {
								 *(_t92 + 4) =  *(_t92 + 4) & _t72;
								 *_t92 = 0x8e4c3c;
							}
							_t74 = 0x8f49e4;
							_push(E0089ABF0());
							_push(_t92);
							_push(_t84);
							E008AB28B(_t72, _t84, _t92, _t107);
							_t98 = _t98 + 0xc;
						}
						if( *(_t96 + 0x10) != 0) {
							_t109 = _t72;
							if(_t72 != 0) {
								_t74 = 0x8f49bc;
								_t52 = E0089ABF0();
								_t53 = E00898270(_t72);
								_push(_t52);
								_push(_t53);
								_push(_t84);
								E008AB28B(_t72, _t84, _t52, __eflags);
								_t98 = _t98 + 0x10;
							} else {
								_push(0x18);
								_t91 = E008BED02(_t72, _t84, _t109);
								 *(_t96 + 0x10) = _t91;
								 *(_t96 - 4) = 7;
								_t110 = _t91;
								if(_t91 == 0) {
									_t91 = 0;
									__eflags = 0;
								} else {
									 *(_t91 + 4) =  *(_t91 + 4) & _t72;
									 *(_t96 - 4) = 8;
									 *_t91 = 0x8e4c6c;
									E0089F6B0(_t91,  *((intOrPtr*)(_t96 + 8)), _t72);
								}
								 *(_t96 - 4) =  *(_t96 - 4) | 0xffffffff;
								_t74 = 0x8f49bc;
								_push(E0089ABF0());
								_push(_t91);
								_push(_t84);
								E008AB28B(_t72, _t84, _t91, _t110);
								_t98 = _t98 + 0xc;
							}
						}
					}
					if( *((intOrPtr*)(_t96 - 0x10)) != 0) {
						_t112 = _t72;
						if(_t72 != 0) {
							_t74 = 0x8f49f4;
							_t42 = E0089ABF0();
							_t43 = E00897DB0(_t72);
							_push(_t42);
							_push(_t43);
							_push(_t84);
							E008AB28B(_t72, _t84, _t42, __eflags);
							_t98 = _t98 + 0x10;
						} else {
							_push(8);
							_t88 = E008BED02(_t72, _t84, _t112);
							_t113 = _t88;
							if(_t88 == 0) {
								_t88 = 0;
								__eflags = 0;
							} else {
								 *(_t88 + 4) =  *(_t88 + 4) & _t72;
								 *_t88 = 0x8e4c90;
							}
							_t74 = 0x8f49f4;
							_push(E0089ABF0());
							_push(_t88);
							_push(_t84);
							E008AB28B(_t72, _t84, _t88, _t113);
							_t98 = _t98 + 0xc;
						}
					}
					_t86 =  *((intOrPtr*)(_t96 + 8));
					_push(_t72);
					_push(_t84);
					_push( *(_t96 + 0xc));
					_push(_t86);
					L008BC98B(_t72, _t74, _t83, _t84, _t86, _t113);
					_push(_t72);
					_push(_t84);
					_push( *(_t96 + 0xc));
					_push(_t86);
					E008B5422(_t72, _t83, _t84, _t86, _t113);
					_push(_t72);
					_t73 =  *(_t96 + 0xc);
					_push(_t84);
					_push(_t73);
					_push(_t86);
					E008B4E78(_t73, _t83, _t84, _t86, _t113);
					 *(_t84 + 0x10) =  *(_t84 + 0x10) | _t73;
					_t38 =  *((intOrPtr*)(_t86 + 0x2c));
					if( *((intOrPtr*)(_t86 + 0x2c)) == 0) {
						_t38 = _t86 + 0x30;
					}
					E008A7B20(_t84 + 0x18, _t86, _t38);
					return E008C1E2B(_t84);
				}
				_push(0x18);
				_t68 = E008BED02(__ebx, __edi, _t100);
				_t101 = _t68;
				if(_t68 == 0) {
					_t95 = 0;
					__eflags = 0;
				} else {
					_push(__ebx);
					_t95 = E00898D20(_t68,  *((intOrPtr*)(_t96 + 8)));
				}
				_t74 = 0x8f4ae0;
				_push(E0089ABF0());
				_push(_t95);
				_push(_t84);
				E008AB28B(_t72, _t84, _t95, _t101);
				_t98 = _t97 + 0xc;
				goto L6;
			}

0x008ab3e8
0x008ab3e8
0x008ab3e8
0x008ab3e8
0x008ab3ea
0x008ab420
0x008ab425
0x008ab42d
0x008ab432
0x008ab433
0x008ab434
0x008ab435
0x008ab43a
0x008ab43d
0x008ab440
0x008ab443
0x008ab446
0x008ab448
0x008ab44a
0x008ab47e
0x008ab483
0x008ab48b
0x008ab490
0x008ab491
0x008ab492
0x008ab493
0x008ab498
0x008ab44c
0x008ab44c
0x008ab453
0x008ab456
0x008ab458
0x008ab465
0x008ab465
0x008ab45a
0x008ab45a
0x008ab45d
0x008ab45d
0x008ab467
0x008ab471
0x008ab472
0x008ab473
0x008ab474
0x008ab479
0x008ab479
0x008ab49b
0x008ab49b
0x008ab4a0
0x008ab4a6
0x008ab4a8
0x008ab4dc
0x008ab4e1
0x008ab4e9
0x008ab4ee
0x008ab4ef
0x008ab4f0
0x008ab4f1
0x008ab4f6
0x008ab4aa
0x008ab4aa
0x008ab4b1
0x008ab4b4
0x008ab4b6
0x008ab4c3
0x008ab4c3
0x008ab4b8
0x008ab4b8
0x008ab4bb
0x008ab4bb
0x008ab4c5
0x008ab4cf
0x008ab4d0
0x008ab4d1
0x008ab4d2
0x008ab4d7
0x008ab4d7
0x008ab4fe
0x008ab500
0x008ab502
0x008ab553
0x008ab558
0x008ab560
0x008ab565
0x008ab566
0x008ab567
0x008ab568
0x008ab56d
0x008ab504
0x008ab504
0x008ab50b
0x008ab50e
0x008ab511
0x008ab518
0x008ab51a
0x008ab536
0x008ab536
0x008ab51c
0x008ab51c
0x008ab525
0x008ab529
0x008ab52f
0x008ab52f
0x008ab538
0x008ab53c
0x008ab546
0x008ab547
0x008ab548
0x008ab549
0x008ab54e
0x008ab54e
0x008ab502
0x008ab4fe
0x008ab574
0x008ab576
0x008ab578
0x008ab5ac
0x008ab5b1
0x008ab5b9
0x008ab5be
0x008ab5bf
0x008ab5c0
0x008ab5c1
0x008ab5c6
0x008ab57a
0x008ab57a
0x008ab581
0x008ab584
0x008ab586
0x008ab593
0x008ab593
0x008ab588
0x008ab588
0x008ab58b
0x008ab58b
0x008ab595
0x008ab59f
0x008ab5a0
0x008ab5a1
0x008ab5a2
0x008ab5a7
0x008ab5a7
0x008ab578
0x008ab5c9
0x008ab5cc
0x008ab5cd
0x008ab5ce
0x008ab5d1
0x008ab5d2
0x008ab5d7
0x008ab5d8
0x008ab5d9
0x008ab5dc
0x008ab5dd
0x008ab5e2
0x008ab5e3
0x008ab5e6
0x008ab5e7
0x008ab5e8
0x008ab5e9
0x008ab5ee
0x008ab5f4
0x008ab5f9
0x008ab5fb
0x008ab5fb
0x008ab602
0x008ab60e
0x008ab60e
0x008ab3ec
0x008ab3ee
0x008ab3f4
0x008ab3f6
0x008ab407
0x008ab407
0x008ab3f8
0x008ab3f8
0x008ab403
0x008ab403
0x008ab409
0x008ab413
0x008ab414
0x008ab415
0x008ab416
0x008ab41b
0x00000000

APIs

std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 008AB416
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 008AB435
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 008AB474
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 008AB493
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 008AB4D2
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 008AB4F1
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 008AB568
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 008AB549

Part of subcall function 008BED02: _malloc.LIBCMT ref: 008BED1A

std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 008AB5A2
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 008AB5C1

Part of subcall function 008AB28B: __EH_prolog3.LIBCMT ref: 008AB292
Part of subcall function 008AB28B: std::_Lockit::_Lockit.LIBCPMT ref: 008AB29C
Part of subcall function 008AB28B: __realloc_crt.LIBCMT ref: 008AB2C4
Part of subcall function 008AB28B: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 008AB2CF

std::locale::_Locimp::_Makeushloc.LIBCPMT ref: 008AB5DD
std::locale::_Locimp::_Makeushloc.LIBCPMT ref: 008AB5E9

Part of subcall function 00898D20: __Getctype.LIBCPMT ref: 00898D64

Part of subcall function 0089ABF0: std::_Lockit::_Lockit.LIBCPMT ref: 0089ABFF

Part of subcall function 00897DB0: std::_Lockit::_Lockit.LIBCPMT ref: 00897DDD
Part of subcall function 00897DB0: std::_Lockit::_Lockit.LIBCPMT ref: 00897E03

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: Locimp::_std::locale::_$AddfacLocimp_$LockitLockit::_std::_$Makeushloc$Concurrency::details::_Concurrent_queue_base_v4::_GetctypeH_prolog3Internal_throw_exception__realloc_crt_malloc
String ID:
API String ID: 183959045-0
Opcode ID: 69afaa5be38c49fe7f5cf4823421451149e28493c1fbaaf9b8455f26558feb76
Instruction ID: 2f889c3ec9b34d41fb777b811bd2765802fe14fce1c43f359470abe0ee2c0441
Opcode Fuzzy Hash: 69afaa5be38c49fe7f5cf4823421451149e28493c1fbaaf9b8455f26558feb76
Instruction Fuzzy Hash: 585103B1901215AAEB203ABE4C46BBF2A9CFF07760B08402DFE05D7643EF259D0442E3

Uniqueness

Uniqueness Score: -1.00%

Function 00892F40, Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 334
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E00892F40(signed int __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t116;
				signed int _t118;
				signed int _t122;
				intOrPtr _t126;
				void* _t127;
				signed int _t134;
				signed int _t140;
				signed int _t141;
				signed int _t148;
				signed int _t155;
				signed int _t158;
				signed int _t160;
				signed int _t165;
				intOrPtr _t167;
				intOrPtr _t168;
				signed int _t169;
				intOrPtr _t170;
				signed int _t172;
				signed int _t173;
				signed int _t180;
				signed int _t191;
				intOrPtr _t201;
				intOrPtr _t202;
				intOrPtr _t211;
				intOrPtr _t212;
				signed int _t213;
				intOrPtr _t221;
				signed int _t235;
				signed int _t236;
				signed int _t243;
				signed int _t249;
				signed int _t251;
				signed int _t258;
				signed int _t259;
				signed int _t260;
				signed int _t261;
				signed int _t262;
				intOrPtr _t263;
				signed int _t264;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				signed int _t268;
				intOrPtr _t270;
				signed int _t272;
				signed int _t273;
				signed int _t275;
				signed int _t277;
				signed int _t278;
				signed int _t279;
				signed int _t281;
				char* _t282;
				signed int _t284;
				signed int _t290;
				signed int _t291;
				signed int _t292;
				signed int _t298;
				signed int _t299;
				signed int _t301;
				signed int _t303;
				signed int _t305;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t311;
				signed int _t313;
				signed int _t315;
				signed int _t316;
				signed int _t317;

				_t243 = __ecx;
				_push(_t235);
				_push(_t298);
				_t290 = __ecx;
				_t281 =  *(_t317 + 0x14);
				_t116 =  *((intOrPtr*)(__ecx + 0x10));
				if(_t116 < _t281) {
					L102:
					_push("invalid string position");
					E008A9C28(__eflags);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t298);
					_t299 =  *(_t317 + 0x10);
					_push(_t290);
					_t291 = _t243;
					__eflags = _t299;
					if(_t299 == 0) {
						L116:
						_t270 =  *((intOrPtr*)(_t291 + 0x10));
						_t118 =  *(_t317 + 0xc);
						__eflags = _t270 - _t118;
						if(__eflags < 0) {
							_push("invalid string position");
							E008A9C28(__eflags);
							goto L147;
						} else {
							_push(_t235);
							_t235 =  *(_t317 + 0x1c);
							_t243 = _t270 - _t118;
							_push(_t281);
							_t284 =  *(_t317 + 0x18);
							__eflags = _t243 - _t284;
							_t281 =  <  ? _t243 : _t284;
							__eflags = (_t118 | 0xffffffff) - _t235 - _t270 - _t281;
							if(__eflags <= 0) {
								L147:
								_push("string too long");
								E008A9BFA(__eflags);
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								_push(0xffffffff);
								_push(E008DEAD9);
								_push( *[fs:0x0]);
								_push(_t243);
								_push(_t235);
								_push(_t299);
								_push(_t291);
								_push(_t281);
								_t122 =  *0x8f21d0; // 0x28a5f8b6
								_push(_t122 ^ _t317);
								 *[fs:0x0] = _t317 + 0x18;
								_t292 = _t243;
								 *(_t317 + 0x14) = 0;
								_t282 =  *((intOrPtr*)(_t317 + 0x28));
								 *((intOrPtr*)(_t282 + 0x14)) = 0xf;
								 *(_t282 + 0x10) = 0;
								 *_t282 = 0;
								_t236 =  *(_t292 + 0x10);
								 *(_t317 + 0x20) = 0;
								 *(_t317 + 0x14) = 1;
								__eflags = _t236;
								if(_t236 != 0) {
									_t126 =  *((intOrPtr*)(_t292 + 0x14));
									__eflags = _t126 - 8;
									if(_t126 < 8) {
										_t301 = _t292;
									} else {
										_t301 =  *_t292;
									}
									__eflags = _t126 - 8;
									if(_t126 >= 8) {
										_t292 =  *_t292;
									}
									_t127 = L008A8290();
									__eflags = _t236 * 2 + _t301;
									E008A70A0(_t301, _t292, _t236 * 2 + _t301, _t282, _t127);
									_t317 = _t317 + 0x10;
								}
								 *[fs:0x0] =  *(_t317 + 0x18);
								return _t282;
							} else {
								_t249 = _t243 - _t281;
								 *(_t317 + 0x20) = _t249;
								__eflags = _t235 - _t281;
								if(_t235 < _t281) {
									_t148 =  *(_t291 + 0x14);
									__eflags = _t148 - 0x10;
									if(_t148 < 0x10) {
										 *(_t317 + 0x18) = _t291;
									} else {
										 *(_t317 + 0x18) =  *_t291;
									}
									__eflags = _t148 - 0x10;
									if(_t148 < 0x10) {
										_t273 = _t291;
									} else {
										_t273 =  *_t291;
									}
									__eflags = _t249;
									if(_t249 != 0) {
										__eflags = _t273 +  *(_t317 + 0x18) + _t235;
										E008BEEA0(_t273 +  *(_t317 + 0x18) + _t235,  *(_t317 + 0x18) +  *(_t317 + 0x18) + _t281, _t249);
										_t317 = _t317 + 0xc;
									}
								}
								__eflags = _t235;
								if(_t235 != 0) {
									L129:
									 *(_t317 + 0x24) = _t235 - _t281 +  *((intOrPtr*)(_t291 + 0x10));
									_t134 = E00892460(_t235, _t291, _t281, _t291, _t299, _t235 - _t281 +  *((intOrPtr*)(_t291 + 0x10)), 0);
									__eflags = _t134;
									if(_t134 != 0) {
										__eflags = _t281 - _t235;
										if(_t281 < _t235) {
											_t140 =  *(_t291 + 0x14);
											__eflags = _t140 - 0x10;
											if(_t140 < 0x10) {
												 *(_t317 + 0x18) = _t291;
											} else {
												 *(_t317 + 0x18) =  *_t291;
											}
											__eflags = _t140 - 0x10;
											if(_t140 < 0x10) {
												_t272 = _t291;
											} else {
												_t272 =  *_t291;
											}
											_t141 =  *(_t317 + 0x20);
											__eflags = _t141;
											if(_t141 != 0) {
												__eflags = _t272 +  *(_t317 + 0x14) + _t235;
												E008BEEA0(_t272 +  *(_t317 + 0x14) + _t235,  *(_t317 + 0x1c) +  *(_t317 + 0x14) + _t281, _t141);
												_t317 = _t317 + 0xc;
											}
										}
										__eflags =  *(_t291 + 0x14) - 0x10;
										if( *(_t291 + 0x14) < 0x10) {
											_t251 = _t291;
										} else {
											_t251 =  *_t291;
										}
										__eflags = _t235;
										if(_t235 != 0) {
											__eflags =  *(_t317 + 0x14) + _t251;
											E008BFCF0( *(_t317 + 0x14) + _t251, _t299, _t235);
											_t317 = _t317 + 0xc;
										}
										E00892400(_t291,  *(_t317 + 0x1c));
									}
								} else {
									__eflags = _t281;
									if(_t281 != 0) {
										goto L129;
									}
								}
								return _t291;
							}
						}
					} else {
						_t243 =  *(_t291 + 0x14);
						__eflags = _t243 - 0x10;
						if(_t243 < 0x10) {
							_t155 = _t291;
						} else {
							_t155 =  *_t291;
						}
						__eflags = _t299 - _t155;
						if(_t299 < _t155) {
							goto L116;
						} else {
							__eflags = _t243 - 0x10;
							if(_t243 < 0x10) {
								_t275 = _t291;
							} else {
								_t275 =  *_t291;
							}
							__eflags =  *((intOrPtr*)(_t291 + 0x10)) + _t275 - _t299;
							if( *((intOrPtr*)(_t291 + 0x10)) + _t275 <= _t299) {
								goto L116;
							} else {
								__eflags = _t243 - 0x10;
								if(_t243 < 0x10) {
									_t158 = _t291;
								} else {
									_t158 =  *_t291;
								}
								_push( *(_t317 + 0x18));
								_t303 = _t299 - _t158;
								__eflags = _t303;
								_push(_t303);
								_push(_t291);
								_push( *(_t317 + 0x1c));
								return E00892F40(_t291,  *(_t317 + 0x1c));
							}
						}
					}
				} else {
					_t298 =  *(_t317 + 0x1c);
					_t235 =  *(_t298 + 0x10);
					if(_t235 <  *(_t317 + 0x20)) {
						goto L102;
					} else {
						_t243 = _t116 - _t281;
						_t277 =  <  ? _t243 :  *(_t317 + 0x18);
						 *(_t317 + 0x1c) = _t235 -  *(_t317 + 0x20);
						 *(_t317 + 0x18) = _t277;
						_t235 =  <  ?  *(_t317 + 0x1c) :  *(_t317 + 0x24);
						_t160 = _t116 - _t277;
						 *(_t317 + 0x24) = _t160;
						if((_t160 | 0xffffffff) - _t235 <=  *(_t317 + 0x24)) {
							_push("string too long");
							E008A9BFA(__eflags);
							goto L102;
						} else {
							_t258 = _t243 - _t277;
							_t165 =  *(_t317 + 0x24) + _t235;
							 *(_t317 + 0x1c) = _t258;
							 *(_t317 + 0x24) = _t165;
							if( *((intOrPtr*)(__ecx + 0x10)) < _t165) {
								E00892460(_t235, __ecx, _t281, __ecx, _t298, _t165, 0);
								_t258 =  *(_t317 + 0x1c);
								_t277 =  *(_t317 + 0x18);
							}
							if(_t290 == _t298) {
								__eflags = _t235 - _t277;
								if(_t235 > _t277) {
									_t305 =  *(_t317 + 0x20);
									__eflags = _t305 - _t281;
									if(_t305 > _t281) {
										__eflags = _t281 + _t277 - _t305;
										_t167 =  *((intOrPtr*)(_t290 + 0x14));
										if(_t281 + _t277 > _t305) {
											__eflags = _t167 - 0x10;
											if(_t167 < 0x10) {
												_t306 = _t290;
											} else {
												_t306 =  *_t290;
											}
											__eflags = _t167 - 0x10;
											if(_t167 < 0x10) {
												_t259 = _t290;
											} else {
												_t259 =  *_t290;
											}
											__eflags = _t277;
											if(_t277 != 0) {
												__eflags =  *(_t317 + 0x20) + _t306;
												E008BEEA0(_t259 + _t281,  *(_t317 + 0x20) + _t306, _t277);
												_t277 =  *(_t317 + 0x24);
												_t317 = _t317 + 0xc;
											}
											_t168 =  *((intOrPtr*)(_t290 + 0x14));
											__eflags = _t168 - 0x10;
											if(_t168 < 0x10) {
												_t307 = _t290;
											} else {
												_t307 =  *_t290;
											}
											__eflags = _t168 - 0x10;
											if(_t168 < 0x10) {
												_t260 = _t290;
											} else {
												_t260 =  *_t290;
											}
											_t169 =  *(_t317 + 0x1c);
											__eflags = _t169;
											if(_t169 != 0) {
												__eflags = _t260 + _t281 + _t235;
												E008BEEA0(_t260 + _t281 + _t235, _t281 + _t307 + _t277, _t169);
												_t317 = _t317 + 0xc;
											}
											_t170 =  *((intOrPtr*)(_t290 + 0x14));
											__eflags = _t170 - 0x10;
											if(_t170 < 0x10) {
												_t308 = _t290;
											} else {
												_t308 =  *_t290;
											}
											__eflags = _t170 - 0x10;
											if(_t170 < 0x10) {
												_t278 = _t290;
											} else {
												_t278 =  *_t290;
											}
											_t261 =  *(_t317 + 0x18);
											_t172 = _t235 - _t261;
											__eflags = _t172;
											if(_t172 != 0) {
												_push(_t172);
												_push( *(_t317 + 0x24) + _t308 + _t235);
												_t180 = _t278 + _t281 + _t261;
												__eflags = _t180;
												goto L96;
											}
										} else {
											__eflags = _t167 - 0x10;
											if(_t167 < 0x10) {
												 *(_t317 + 0x14) = _t290;
											} else {
												 *(_t317 + 0x14) =  *_t290;
											}
											__eflags = _t167 - 0x10;
											if(_t167 < 0x10) {
												_t311 = _t290;
											} else {
												_t311 =  *_t290;
											}
											__eflags = _t258;
											if(_t258 != 0) {
												__eflags = _t281 + _t311 + _t235;
												E008BEEA0(_t281 + _t311 + _t235,  *(_t317 + 0x14) + _t281 + _t277, _t258);
												_t277 =  *(_t317 + 0x24);
												_t317 = _t317 + 0xc;
											}
											_t263 =  *((intOrPtr*)(_t290 + 0x14));
											__eflags = _t263 - 0x10;
											if(_t263 < 0x10) {
												_t191 = _t290;
											} else {
												_t191 =  *_t290;
											}
											__eflags = _t263 - 0x10;
											if(_t263 < 0x10) {
												_t264 = _t290;
											} else {
												_t264 =  *_t290;
											}
											__eflags = _t235;
											if(_t235 != 0) {
												_push(_t235);
												_push(_t191 - _t277 +  *(_t317 + 0x20) + _t235);
												_t180 = _t264 + _t281;
												goto L96;
											}
										}
									} else {
										_t201 =  *((intOrPtr*)(_t290 + 0x14));
										__eflags = _t201 - 0x10;
										if(_t201 < 0x10) {
											 *(_t317 + 0x18) = _t290;
										} else {
											 *(_t317 + 0x18) =  *_t290;
										}
										__eflags = _t201 - 0x10;
										if(_t201 < 0x10) {
											_t313 = _t290;
										} else {
											_t313 =  *_t290;
										}
										__eflags = _t258;
										if(_t258 != 0) {
											__eflags = _t281 + _t313 + _t235;
											E008BEEA0(_t281 + _t313 + _t235,  *(_t317 + 0x18) + _t281 + _t277, _t258);
											_t317 = _t317 + 0xc;
										}
										_t202 =  *((intOrPtr*)(_t290 + 0x14));
										__eflags = _t202 - 0x10;
										if(_t202 < 0x10) {
											_t279 = _t290;
										} else {
											_t279 =  *_t290;
										}
										__eflags = _t202 - 0x10;
										if(_t202 < 0x10) {
											_t265 = _t290;
										} else {
											_t265 =  *_t290;
										}
										__eflags = _t235;
										if(_t235 != 0) {
											_push(_t235);
											_push( *(_t317 + 0x20) + _t279);
											_t180 = _t265 + _t281;
											goto L96;
										}
									}
								} else {
									_t211 =  *((intOrPtr*)(_t290 + 0x14));
									__eflags = _t211 - 0x10;
									if(_t211 < 0x10) {
										_t315 = _t290;
									} else {
										_t315 =  *_t290;
									}
									__eflags = _t211 - 0x10;
									if(_t211 < 0x10) {
										_t266 = _t290;
									} else {
										_t266 =  *_t290;
									}
									__eflags = _t235;
									if(_t235 != 0) {
										__eflags =  *(_t317 + 0x20) + _t315;
										E008BEEA0(_t266 + _t281,  *(_t317 + 0x20) + _t315, _t235);
										_t277 =  *(_t317 + 0x24);
										_t317 = _t317 + 0xc;
									}
									_t212 =  *((intOrPtr*)(_t290 + 0x14));
									__eflags = _t212 - 0x10;
									if(_t212 < 0x10) {
										_t316 = _t290;
									} else {
										_t316 =  *_t290;
									}
									__eflags = _t212 - 0x10;
									if(_t212 < 0x10) {
										_t267 = _t290;
									} else {
										_t267 =  *_t290;
									}
									_t213 =  *(_t317 + 0x1c);
									__eflags = _t213;
									if(_t213 != 0) {
										_push(_t213);
										_push(_t281 + _t316 + _t277);
										_t180 = _t267 + _t281 + _t235;
										L96:
										_push(_t180);
										E008BEEA0();
										goto L97;
									}
								}
							} else {
								_t221 =  *((intOrPtr*)(_t290 + 0x14));
								if(_t221 < 0x10) {
									 *(_t317 + 0x18) = _t290;
								} else {
									 *(_t317 + 0x18) =  *_t290;
									_t281 =  *(_t317 + 0x14);
								}
								if(_t221 < 0x10) {
									 *(_t317 + 0x14) = _t290;
								} else {
									 *(_t317 + 0x14) =  *_t290;
								}
								if(_t258 != 0) {
									E008BEEA0( *(_t317 + 0x1c) + _t281 + _t235,  *(_t317 + 0x18) + _t281 + _t277, _t258);
									_t317 = _t317 + 0xc;
								}
								if( *((intOrPtr*)(_t298 + 0x14)) >= 0x10) {
									_t298 =  *_t298;
								}
								if( *((intOrPtr*)(_t290 + 0x14)) < 0x10) {
									_t268 = _t290;
								} else {
									_t268 =  *_t290;
								}
								if(_t235 != 0) {
									E008BFCF0(_t268 + _t281,  *(_t317 + 0x20) + _t298, _t235);
									L97:
									_t317 = _t317 + 0xc;
								}
							}
							_t262 =  *(_t317 + 0x24);
							 *(_t290 + 0x10) = _t262;
							if( *((intOrPtr*)(_t290 + 0x14)) < 0x10) {
								_t173 = _t290;
								 *((char*)(_t173 + _t262)) = 0;
								return _t173;
							} else {
								 *((char*)( *_t290 + _t262)) = 0;
								return _t290;
							}
						}
					}
				}
			}

0x00892f40
0x00892f40
0x00892f41
0x00892f43
0x00892f46
0x00892f4a
0x00892f4f
0x00893279
0x00893279
0x0089327e
0x00893283
0x00893284
0x00893285
0x00893286
0x00893287
0x00893288
0x00893289
0x0089328a
0x0089328b
0x0089328c
0x0089328d
0x0089328e
0x0089328f
0x00893290
0x00893291
0x00893295
0x00893296
0x00893298
0x0089329a
0x008932e9
0x008932e9
0x008932ec
0x008932f0
0x008932f2
0x00893404
0x00893409
0x00000000
0x008932f8
0x008932f8
0x008932f9
0x008932ff
0x00893301
0x00893302
0x00893306
0x00893308
0x00893312
0x00893314
0x0089340e
0x0089340e
0x00893413
0x00893418
0x00893419
0x0089341a
0x0089341b
0x0089341c
0x0089341d
0x0089341e
0x0089341f
0x00893420
0x00893422
0x0089342d
0x0089342e
0x0089342f
0x00893430
0x00893431
0x00893432
0x00893433
0x0089343a
0x0089343f
0x00893445
0x00893447
0x0089344f
0x00893453
0x0089345a
0x00893461
0x00893464
0x00893467
0x0089346f
0x00893477
0x00893479
0x0089347b
0x0089347e
0x00893481
0x00893487
0x00893483
0x00893483
0x00893483
0x00893489
0x0089348c
0x0089348e
0x0089348e
0x00893490
0x0089349e
0x008934a2
0x008934a7
0x008934a7
0x008934b0
0x008934bf
0x0089331a
0x0089331a
0x0089331c
0x00893320
0x00893322
0x00893324
0x00893327
0x0089332a
0x00893334
0x0089332c
0x0089332e
0x0089332e
0x00893338
0x0089333b
0x00893341
0x0089333d
0x0089333d
0x0089333d
0x00893343
0x00893345
0x00893358
0x0089335b
0x00893360
0x00893360
0x00893345
0x00893363
0x00893365
0x0089336f
0x0089337b
0x0089337f
0x00893384
0x00893386
0x00893388
0x0089338a
0x0089338c
0x0089338f
0x00893392
0x0089339c
0x00893394
0x00893396
0x00893396
0x008933a0
0x008933a3
0x008933a9
0x008933a5
0x008933a5
0x008933a5
0x008933ab
0x008933af
0x008933b1
0x008933c4
0x008933c7
0x008933cc
0x008933cc
0x008933b1
0x008933cf
0x008933d3
0x008933d9
0x008933d5
0x008933d5
0x008933d5
0x008933db
0x008933dd
0x008933e4
0x008933e8
0x008933ed
0x008933ed
0x008933f6
0x008933f6
0x00893367
0x00893367
0x00893369
0x00000000
0x00000000
0x00893369
0x00893401
0x00893401
0x00893314
0x0089329c
0x0089329c
0x0089329f
0x008932a2
0x008932a8
0x008932a4
0x008932a4
0x008932a4
0x008932aa
0x008932ac
0x00000000
0x008932ae
0x008932ae
0x008932b1
0x008932b7
0x008932b3
0x008932b3
0x008932b3
0x008932be
0x008932c0
0x00000000
0x008932c2
0x008932c2
0x008932c5
0x008932cb
0x008932c7
0x008932c7
0x008932c7
0x008932cd
0x008932d1
0x008932d1
0x008932d5
0x008932d6
0x008932d7
0x008932e6
0x008932e6
0x008932c0
0x008932ac
0x00892f55
0x00892f55
0x00892f59
0x00892f60
0x00000000
0x00892f66
0x00892f6c
0x00892f70
0x00892f77
0x00892f83
0x00892f87
0x00892f8c
0x00892f8e
0x00892f9b
0x0089326f
0x00893274
0x00000000
0x00892fa1
0x00892fa5
0x00892fa7
0x00892fa9
0x00892fad
0x00892fb4
0x00892fbb
0x00892fc0
0x00892fc4
0x00892fc4
0x00892fca
0x00893047
0x00893049
0x008930b6
0x008930ba
0x008930bc
0x0089312d
0x0089312f
0x00893132
0x008931a3
0x008931a6
0x008931ac
0x008931a8
0x008931a8
0x008931a8
0x008931ae
0x008931b1
0x008931b7
0x008931b3
0x008931b3
0x008931b3
0x008931b9
0x008931bb
0x008931c2
0x008931c9
0x008931ce
0x008931d2
0x008931d2
0x008931d5
0x008931d8
0x008931db
0x008931e1
0x008931dd
0x008931dd
0x008931dd
0x008931e3
0x008931e6
0x008931ec
0x008931e8
0x008931e8
0x008931e8
0x008931ee
0x008931f2
0x008931f4
0x00893200
0x00893203
0x00893208
0x00893208
0x0089320b
0x0089320e
0x00893211
0x00893217
0x00893213
0x00893213
0x00893213
0x00893219
0x0089321c
0x00893222
0x0089321e
0x0089321e
0x0089321e
0x00893224
0x0089322a
0x0089322a
0x0089322c
0x0089322e
0x00893237
0x0089323b
0x0089323b
0x00000000
0x0089323b
0x00893134
0x00893134
0x00893137
0x00893141
0x00893139
0x0089313b
0x0089313b
0x00893145
0x00893148
0x0089314e
0x0089314a
0x0089314a
0x0089314a
0x00893150
0x00893152
0x00893161
0x00893164
0x00893169
0x0089316d
0x0089316d
0x00893170
0x00893173
0x00893176
0x0089317c
0x00893178
0x00893178
0x00893178
0x0089317e
0x00893181
0x00893187
0x00893183
0x00893183
0x00893183
0x00893189
0x0089318b
0x00893199
0x0089319a
0x0089319b
0x00000000
0x0089319b
0x0089318b
0x008930be
0x008930be
0x008930c1
0x008930c4
0x008930ce
0x008930c6
0x008930c8
0x008930c8
0x008930d2
0x008930d5
0x008930db
0x008930d7
0x008930d7
0x008930d7
0x008930dd
0x008930df
0x008930ee
0x008930f1
0x008930f6
0x008930f6
0x008930f9
0x008930fc
0x008930ff
0x00893105
0x00893101
0x00893101
0x00893101
0x00893107
0x0089310a
0x00893110
0x0089310c
0x0089310c
0x0089310c
0x00893112
0x00893114
0x00893120
0x00893121
0x00893122
0x00000000
0x00893122
0x00893114
0x0089304b
0x0089304b
0x0089304e
0x00893051
0x00893057
0x00893053
0x00893053
0x00893053
0x00893059
0x0089305c
0x00893062
0x0089305e
0x0089305e
0x0089305e
0x00893064
0x00893066
0x0089306c
0x00893074
0x00893079
0x0089307d
0x0089307d
0x00893080
0x00893083
0x00893086
0x0089308c
0x00893088
0x00893088
0x00893088
0x0089308e
0x00893091
0x00893097
0x00893093
0x00893093
0x00893093
0x00893099
0x0089309d
0x0089309f
0x008930a5
0x008930ab
0x008930af
0x0089323d
0x0089323d
0x0089323e
0x00000000
0x0089323e
0x0089309f
0x00892fcc
0x00892fcc
0x00892fd2
0x00892fe0
0x00892fd4
0x00892fd6
0x00892fda
0x00892fda
0x00892fe7
0x00892ff1
0x00892fe9
0x00892feb
0x00892feb
0x00892ff7
0x0089300c
0x00893011
0x00893011
0x00893018
0x0089301a
0x0089301a
0x00893021
0x00893027
0x00893023
0x00893023
0x00893023
0x0089302b
0x0089303d
0x00893243
0x00893243
0x00893243
0x0089302b
0x0089324a
0x0089324e
0x00893251
0x00893263
0x00893268
0x0089326c
0x00893253
0x00893256
0x0089325f
0x0089325f
0x00893251
0x00892f9b
0x00892f60

APIs

_memmove.LIBCMT ref: 0089300C
_memmove.LIBCMT ref: 0089303D
_memmove.LIBCMT ref: 00893074
_memmove.LIBCMT ref: 008930F1
_memmove.LIBCMT ref: 00893164
_memmove.LIBCMT ref: 008931C9
_memmove.LIBCMT ref: 00893203
_memmove.LIBCMT ref: 0089323E

Strings

invalid string position, xrefs: 00893279
string too long, xrefs: 0089326F, 0089340E

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: _memmove
String ID: invalid string position$string too long
API String ID: 4104443479-4289949731
Opcode ID: 83302239f33355e6ffa05fe0240c228bf5b4f5e423b6cee4eaa029515cbd83f9
Instruction ID: 5e27c1447036874c0f791962dacb81026800b0cccccc303c49f884580689fa5a
Opcode Fuzzy Hash: 83302239f33355e6ffa05fe0240c228bf5b4f5e423b6cee4eaa029515cbd83f9
Instruction Fuzzy Hash: 16B15F71308649CBDB28EF4CD88496AB3EAFF84708B28092DF492C7751D731EE458B95

Uniqueness

Uniqueness Score: -1.00%

Function 008B4768, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 75
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E008B4768(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t35;
				short _t49;
				intOrPtr _t55;
				signed int _t58;
				void* _t60;
				intOrPtr _t65;
				void* _t69;
				void* _t76;

				_t76 = __eflags;
				_t60 = __edx;
				_push(0x98);
				E008C1EFC(E008E1142, __ebx, __edi, __esi);
				_t55 = __ecx;
				 *((intOrPtr*)(_t69 - 0x4c)) = __ecx;
				 *((intOrPtr*)(_t69 - 0x48)) = E008C177C(__ecx, __esi, _t76);
				_t35 = E008A9EC7(_t69 - 0x78);
				_t58 = 0xb;
				memcpy(_t69 - 0x40, _t35, _t58 << 2);
				_t65 =  *((intOrPtr*)(_t69 - 0x48));
				_t77 =  *((char*)(_t69 + 0xc));
				 *((intOrPtr*)(_t55 + 8)) = 0;
				 *((intOrPtr*)(_t55 + 0x10)) = 0;
				 *((intOrPtr*)(_t55 + 0x14)) = 0;
				 *((intOrPtr*)(_t69 - 4)) = 0;
				if( *((char*)(_t69 + 0xc)) == 0) {
					 *((intOrPtr*)(_t69 - 0x44)) =  *((intOrPtr*)(_t65 + 8));
				} else {
					 *((intOrPtr*)(_t69 - 0x44)) = 0x8e236f;
				}
				E008A9EC7(_t69 - 0x78);
				_push(_t69 - 0xa4);
				_push(0);
				 *((intOrPtr*)(_t55 + 8)) = E008956F0( *((intOrPtr*)(_t69 - 0x44)));
				 *((intOrPtr*)(_t55 + 0x10)) = E008AE15E(_t60, _t77, "false", 0, _t69 - 0x40);
				 *((intOrPtr*)(_t55 + 0x14)) = E008AE15E(_t60, _t77, "true", 0, _t69 - 0x40);
				if( *((char*)(_t69 + 0xc)) == 0) {
					 *((short*)(_t55 + 0xc)) =  *((intOrPtr*)( *((intOrPtr*)(_t65 + 0x30))));
					_t49 =  *((intOrPtr*)( *((intOrPtr*)(_t65 + 0x34))));
				} else {
					 *((short*)(_t55 + 0xc)) = E008AE130(0, 0x2e, 0, _t69 - 0x40);
					_t49 = E008AE130(0, 0x2c, 0, _t69 - 0x40);
				}
				 *((short*)(_t55 + 0xe)) = _t49;
				return E008C1E4E(_t55, _t65, 0);
			}

0x008b4768
0x008b4768
0x008b4768
0x008b4772
0x008b4777
0x008b4779
0x008b4781
0x008b4788
0x008b4790
0x008b4796
0x008b4798
0x008b479d
0x008b47a1
0x008b47a4
0x008b47a7
0x008b47aa
0x008b47ad
0x008b47bb
0x008b47af
0x008b47af
0x008b47af
0x008b47c2
0x008b47cd
0x008b47ce
0x008b47da
0x008b47ef
0x008b4804
0x008b480b
0x008b483e
0x008b4845
0x008b480d
0x008b4819
0x008b4824
0x008b4829
0x008b482c
0x008b4835

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 008B4772
_localeconv.LIBCMT ref: 008B477C
__Getcvt.LIBCPMT ref: 008B4788

Part of subcall function 008A9EC7: ____lc_codepage_func.LIBCMT ref: 008A9EDE
Part of subcall function 008A9EC7: ____mb_cur_max_func.LIBCMT ref: 008A9EE7
Part of subcall function 008A9EC7: ____lc_locale_name_func.LIBCMT ref: 008A9EEF

__Getcvt.LIBCPMT ref: 008B47C2
_Maklocstr.LIBCPMT ref: 008B47E7
_Maklocstr.LIBCPMT ref: 008B47FC
_Maklocchr.LIBCPMT ref: 008B4814
_Maklocchr.LIBCPMT ref: 008B4824

Strings

false, xrefs: 008B47E2
true, xrefs: 008B47F7

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: GetcvtMaklocchrMaklocstr$H_prolog3_catch_____lc_codepage_func____lc_locale_name_func____mb_cur_max_func_localeconv
String ID: false$true
API String ID: 623391249-2658103896
Opcode ID: f7fefedad67279e4b1ef78d362df6b26c8ff68af43ede38f76804796170ddbb1
Instruction ID: 86871583ddc32ae1c757ff020fc7587d4116ffc85d0117be18a1cc9ec2832ab3
Opcode Fuzzy Hash: f7fefedad67279e4b1ef78d362df6b26c8ff68af43ede38f76804796170ddbb1
Instruction Fuzzy Hash: 4A215CB5D01258AADF11EFA4C8869DEBBB8FF0A710F04445AF904DB702E7709955CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 008C0490, Relevance: 16.6, APIs: 11, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E008C0490(void* __eax, void* __edx, void* __edi, void* __esi) {
				void* _t12;
				void* _t13;
				void* _t18;
				void* _t19;
				void* _t20;
				void* _t21;
				void* _t41;
				void* _t42;
				void* _t43;
				void* _t45;

				_t43 = __esi;
				_t42 = __edi;
				_t41 = __edx;
				if( *((intOrPtr*)(__eax + 0x890018)) == 0x10b) {
					__ebx = 0;
					__eflags =  *((intOrPtr*)(__eax + 0x890074)) - 0xe;
					if( *((intOrPtr*)(__eax + 0x890074)) > 0xe) {
						__eflags =  *(__eax + 0x8900e8);
						_t5 =  *(__eax + 0x8900e8) != 0;
						__eflags = _t5;
						__ebx = 0 | _t5;
					}
				}
				 *((intOrPtr*)(_t45 - 0x1c)) = 0;
				_t12 = E008C9F02();
				_t47 = _t12;
				if(_t12 == 0) {
					E008C05A1(0x1c);
				}
				_t13 = E008C9035(0, _t41, _t42, _t47);
				_t48 = _t13;
				if(_t13 == 0) {
					_t13 = E008C05A1(0x10);
				}
				E008CA7DE(_t13);
				 *(_t45 - 4) =  *(_t45 - 4) & 0x00000000;
				if(E008C9F17(0, _t41, _t42, _t43, _t48) < 0) {
					E008C05A1(0x1b);
				}
				 *0x8f6c48 = GetCommandLineA();
				 *0x8f4ca8 = E008CA81E(_t41);
				_t18 = E008CA1CB();
				_t50 = _t18;
				if(_t18 < 0) {
					E008C7BC0(0, _t41, _t42, _t43, _t50, 8);
				}
				_t19 = E008CA3FA(0, _t41, _t42, _t43);
				_t51 = _t19;
				if(_t19 < 0) {
					E008C7BC0(0, _t41, _t42, _t43, _t51, 9);
				}
				_t20 = E008C7BFA(1);
				_t52 = _t20;
				if(_t20 != 0) {
					E008C7BC0(0, _t41, _t42, _t43, _t52, _t20);
				}
				_t21 = E008CA8AB();
				_push(_t43);
				_push(_t21);
				_push(0);
				_t44 = L008934D0(_t45, 0x890000);
				 *((intOrPtr*)(_t45 - 0x24)) = _t22;
				if(0 == 0) {
					E008C7E63(_t44);
				}
				E008C7BEB();
				 *(_t45 - 4) = 0xfffffffe;
				return E008C7EF5(_t44);
			}

0x008c0490
0x008c0490
0x008c0490
0x008c049c
0x008c049e
0x008c04a0
0x008c04a7
0x008c04a9
0x008c04af
0x008c04af
0x008c04af
0x008c04af
0x008c04a7
0x008c04b2
0x008c04b5
0x008c04ba
0x008c04bc
0x008c04c0
0x008c04c5
0x008c04c6
0x008c04cb
0x008c04cd
0x008c04d1
0x008c04d6
0x008c04d7
0x008c04dc
0x008c04e7
0x008c04eb
0x008c04f0
0x008c04f7
0x008c0501
0x008c0506
0x008c050b
0x008c050d
0x008c0511
0x008c0516
0x008c0517
0x008c051c
0x008c051e
0x008c0522
0x008c0527
0x008c052a
0x008c0530
0x008c0532
0x008c0535
0x008c053a
0x008c053b
0x008c0540
0x008c0541
0x008c0542
0x008c054e
0x008c0550
0x008c0555
0x008c0558
0x008c0558
0x008c055d
0x008c0592
0x008c05a0

APIs

_fast_error_exit.LIBCMT ref: 008C04C0

Part of subcall function 008C05A1: __FF_MSGBANNER.LIBCMT ref: 008C05AD
Part of subcall function 008C05A1: __NMSG_WRITE.LIBCMT ref: 008C05B5

Part of subcall function 008C9035: __init_pointers.LIBCMT ref: 008C9035
Part of subcall function 008C9035: __mtinitlocks.LIBCMT ref: 008C903A
Part of subcall function 008C9035: __mtterm.LIBCMT ref: 008C9043

_fast_error_exit.LIBCMT ref: 008C04D1
__RTC_Initialize.LIBCMT ref: 008C04D7
__ioinit.LIBCMT ref: 008C04E0
_fast_error_exit.LIBCMT ref: 008C04EB
GetCommandLineA.KERNEL32(008F06C8,00000014), ref: 008C04F1
___crtGetEnvironmentStringsA.LIBCMT ref: 008C04FC

Part of subcall function 008CA81E: GetEnvironmentStringsW.KERNEL32(?,?,?,008C0501), ref: 008CA823
Part of subcall function 008CA81E: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?,?,?,008C0501), ref: 008CA857
Part of subcall function 008CA81E: __malloc_crt.LIBCMT ref: 008CA865
Part of subcall function 008CA81E: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,?,00000000,00000000,?,?,?,?,008C0501), ref: 008CA87D
Part of subcall function 008CA81E: _free.LIBCMT ref: 008CA888
Part of subcall function 008CA81E: FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,008C0501), ref: 008CA891

__setargv.LIBCMT ref: 008C0506

Part of subcall function 008CA1CB: ___initmbctable.LIBCMT ref: 008CA1D9
Part of subcall function 008CA1CB: GetModuleFileNameA.KERNEL32(00000000,008F5290,00000104,?,?,00000000,?,?,?,008C050B), ref: 008CA1F5
Part of subcall function 008CA1CB: _parse_cmdline.LIBCMT ref: 008CA21C
Part of subcall function 008CA1CB: __malloc_crt.LIBCMT ref: 008CA23F
Part of subcall function 008CA1CB: _parse_cmdline.LIBCMT ref: 008CA259

__setenvp.LIBCMT ref: 008C0517

Part of subcall function 008C7BC0: __FF_MSGBANNER.LIBCMT ref: 008C7BC3
Part of subcall function 008C7BC0: __NMSG_WRITE.LIBCMT ref: 008C7BCB

__cinit.LIBCMT ref: 008C052A

Part of subcall function 008C7BFA: __IsNonwritableInCurrentImage.LIBCMT ref: 008C7C0B
Part of subcall function 008C7BFA: __initp_misc_cfltcvt_tab.LIBCMT ref: 008C7C1F
Part of subcall function 008C7BFA: __initterm_e.LIBCMT ref: 008C7C2E
Part of subcall function 008C7BFA: __initterm.LIBCMT ref: 008C7C4F
Part of subcall function 008C7BFA: __IsNonwritableInCurrentImage.LIBCMT ref: 008C7C64

__wincmdln.LIBCMT ref: 008C053B

Part of subcall function 008C7E63: _doexit.LIBCMT ref: 008C7E6D

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: EnvironmentStrings_fast_error_exit$ByteCharCurrentImageMultiNonwritableWide__malloc_crt_parse_cmdline$CommandFileFreeInitializeLineModuleName___crt___initmbctable__cinit__init_pointers__initp_misc_cfltcvt_tab__initterm__initterm_e__ioinit__mtinitlocks__mtterm__setargv__setenvp__wincmdln_doexit_free
String ID:
API String ID: 3193088840-0
Opcode ID: 2d0d9c78cdd870fabf01d586de3bef86c4b4dea5f9b317483bead66a927a3cec
Instruction ID: 7a2e2e6a543798f1e222a2ebaa200469fe1bab0c09e17824e237fcf68b42b950
Opcode Fuzzy Hash: 2d0d9c78cdd870fabf01d586de3bef86c4b4dea5f9b317483bead66a927a3cec
Instruction Fuzzy Hash: 0911D621A04305DADB6477BC8847F2E2174FF10798F14446DF645EA1C3EEB4CA818D57

Uniqueness

Uniqueness Score: -1.00%

Function 008B454B, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E008B454B(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t31;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t46;
				intOrPtr _t51;
				signed int _t53;
				void* _t63;
				void* _t69;
				void* _t74;

				_t74 = __eflags;
				_push(0x34);
				E008C1EC6(E008E10FF, __ebx, __edi, __esi);
				_t51 = __ecx;
				 *((intOrPtr*)(_t69 - 0x14)) = __ecx;
				_t31 = E008A9EC7(_t69 - 0x40);
				_t53 = 0xb;
				memcpy(_t51 + 0x2c, _t31, _t53 << 2);
				_t63 = E008C177C(_t51, _t31, _t74);
				 *((intOrPtr*)(_t51 + 8)) = 0;
				_push(_t51 + 0x2c);
				 *((intOrPtr*)(_t51 + 0x10)) = 0;
				 *((intOrPtr*)(_t51 + 0x14)) = 0;
				 *((intOrPtr*)(_t51 + 0x18)) = 0;
				_push(0);
				 *((intOrPtr*)(_t69 - 4)) = 0;
				 *((intOrPtr*)(_t51 + 8)) = E008956F0( *((intOrPtr*)(_t63 + 0x1c)));
				E008ADFE9(_t51, 0, _t63);
				if( *((char*)(_t51 + 0x28)) == 0) {
					_t37 =  *((intOrPtr*)(_t63 + 0x29));
				} else {
					_t37 =  *((intOrPtr*)(_t63 + 0x28));
				}
				_t38 = _t37;
				 *((intOrPtr*)(_t51 + 0x1c)) = _t38;
				if(_t38 < 0 || _t38 >= 0x7f) {
					 *((intOrPtr*)(_t51 + 0x1c)) = 0;
				}
				_t68 = _t51 + 0x20;
				E008BCD0F(_t51, _t51 + 0x20,  *((char*)(_t63 + 0x2b)),  *((char*)(_t63 + 0x2a)),  *((char*)(_t63 + 0x2e)));
				_t46 = E008BCD0F(_t51, _t51 + 0x24,  *((char*)(_t63 + 0x2d)),  *((char*)(_t63 + 0x2c)),  *((char*)(_t63 + 0x2f)));
				if( *((char*)(_t69 + 0xc)) != 0) {
					E008BFCF0(_t68, "$+xv", 4);
					_t46 = E008BFCF0(_t51 + 0x24, "$+xv", 4);
				}
				return E008C1E2B(_t46);
			}

0x008b454b
0x008b454b
0x008b4552
0x008b4557
0x008b4559
0x008b4560
0x008b4567
0x008b456d
0x008b4574
0x008b457b
0x008b457e
0x008b457f
0x008b4582
0x008b4585
0x008b4588
0x008b458c
0x008b4597
0x008b459e
0x008b45a7
0x008b45ae
0x008b45a9
0x008b45a9
0x008b45a9
0x008b45b1
0x008b45b4
0x008b45b9
0x008b45c0
0x008b45c0
0x008b45c7
0x008b45d8
0x008b45f2
0x008b45fb
0x008b4606
0x008b4612
0x008b4617
0x008b461f

APIs

__EH_prolog3_catch.LIBCMT ref: 008B4552
__Getcvt.LIBCPMT ref: 008B4560

Part of subcall function 008A9EC7: ____lc_codepage_func.LIBCMT ref: 008A9EDE
Part of subcall function 008A9EC7: ____mb_cur_max_func.LIBCMT ref: 008A9EE7
Part of subcall function 008A9EC7: ____lc_locale_name_func.LIBCMT ref: 008A9EEF

_localeconv.LIBCMT ref: 008B456F
_Getvals.LIBCPMT ref: 008B459E

Part of subcall function 008ADFE9: std::_Maklocwcs.LIBCPMT ref: 008AE002
Part of subcall function 008ADFE9: std::_Maklocwcs.LIBCPMT ref: 008AE01A
Part of subcall function 008ADFE9: std::_Maklocwcs.LIBCPMT ref: 008AE032

_Mpunct.LIBCPMT ref: 008B45D8
_Mpunct.LIBCPMT ref: 008B45F2
_memmove.LIBCMT ref: 008B4606
_memmove.LIBCMT ref: 008B4612

Strings

$+xv, xrefs: 008B45FF, 008B4604, 008B4610

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: Maklocwcsstd::_$Mpunct_memmove$GetcvtGetvalsH_prolog3_catch____lc_codepage_func____lc_locale_name_func____mb_cur_max_func_localeconv
String ID: $+xv
API String ID: 1512028485-1686923651
Opcode ID: 10301c879dfb1ea1a1ad825b7d48dad07c54104e96d48fee4a3a7478c1235600
Instruction ID: e4d6a311de0c486b610df54e08b9c2d9026fe8cf8bf83a9f10347ab66a6bc39d
Opcode Fuzzy Hash: 10301c879dfb1ea1a1ad825b7d48dad07c54104e96d48fee4a3a7478c1235600
Instruction Fuzzy Hash: 4B21E5B14049916EDF15EF688895AAB7FACFF0E700B14019AFD08CB647C634DA15CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 008C0447, Relevance: 15.1, APIs: 10, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 90%

			_entry_(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t17;
				void* _t18;
				void* _t19;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;
				signed int _t39;
				void* _t49;
				signed int _t52;
				void* _t54;
				void* _t56;

				_t50 = __edi;
				_t49 = __edx;
				E008CA742();
				_push(0x14);
				_push(0x8f06c8);
				E008C7EB0(__ebx, __edi, __esi);
				_t52 = E008C3DFA() & 0x0000ffff;
				E008CA6F5(2);
				_t56 =  *0x890000 - 0x5a4d; // 0x5a4d
				if(_t56 == 0) {
					_t17 =  *0x89003c; // 0xf8
					__eflags =  *((intOrPtr*)(_t17 + 0x890000)) - 0x4550;
					if( *((intOrPtr*)(_t17 + 0x890000)) != 0x4550) {
						goto L2;
					} else {
						__eflags =  *((intOrPtr*)(_t17 + 0x890018)) - 0x10b;
						if( *((intOrPtr*)(_t17 + 0x890018)) != 0x10b) {
							goto L2;
						} else {
							_t39 = 0;
							__eflags =  *((intOrPtr*)(_t17 + 0x890074)) - 0xe;
							if( *((intOrPtr*)(_t17 + 0x890074)) > 0xe) {
								__eflags =  *(_t17 + 0x8900e8);
								_t6 =  *(_t17 + 0x8900e8) != 0;
								__eflags = _t6;
								_t39 = 0 | _t6;
							}
						}
					}
				} else {
					L2:
					_t39 = 0;
				}
				 *(_t54 - 0x1c) = _t39;
				_t18 = E008C9F02();
				_t57 = _t18;
				if(_t18 == 0) {
					E008C05A1(0x1c);
				}
				_t19 = E008C9035(_t39, _t49, _t50, _t57);
				_t58 = _t19;
				if(_t19 == 0) {
					_t19 = E008C05A1(0x10);
				}
				E008CA7DE(_t19);
				 *(_t54 - 4) =  *(_t54 - 4) & 0x00000000;
				if(E008C9F17(_t39, _t49, _t50, _t52, _t58) < 0) {
					E008C05A1(0x1b);
				}
				 *0x8f6c48 = GetCommandLineA();
				 *0x8f4ca8 = E008CA81E(_t49);
				_t24 = E008CA1CB();
				_t60 = _t24;
				if(_t24 < 0) {
					E008C7BC0(_t39, _t49, _t50, _t52, _t60, 8);
				}
				_t25 = E008CA3FA(_t39, _t49, _t50, _t52);
				_t61 = _t25;
				if(_t25 < 0) {
					E008C7BC0(_t39, _t49, _t50, _t52, _t61, 9);
				}
				_t26 = E008C7BFA(1);
				_t62 = _t26;
				if(_t26 != 0) {
					E008C7BC0(_t39, _t49, _t50, _t52, _t62, _t26);
				}
				_t27 = E008CA8AB();
				_push(_t52);
				_push(_t27);
				_push(0);
				_t53 = L008934D0(_t54, 0x890000);
				 *((intOrPtr*)(_t54 - 0x24)) = _t28;
				if(_t39 == 0) {
					E008C7E63(_t53);
				}
				E008C7BEB();
				 *(_t54 - 4) = 0xfffffffe;
				return E008C7EF5(_t53);
			}

0x008c0447
0x008c0447
0x008c0447
0x008c0451
0x008c0453
0x008c0458
0x008c0462
0x008c0467
0x008c0472
0x008c0479
0x008c047f
0x008c0484
0x008c048e
0x00000000
0x008c0490
0x008c0495
0x008c049c
0x00000000
0x008c049e
0x008c049e
0x008c04a0
0x008c04a7
0x008c04a9
0x008c04af
0x008c04af
0x008c04af
0x008c04af
0x008c04a7
0x008c049c
0x008c047b
0x008c047b
0x008c047b
0x008c047b
0x008c04b2
0x008c04b5
0x008c04ba
0x008c04bc
0x008c04c0
0x008c04c5
0x008c04c6
0x008c04cb
0x008c04cd
0x008c04d1
0x008c04d6
0x008c04d7
0x008c04dc
0x008c04e7
0x008c04eb
0x008c04f0
0x008c04f7
0x008c0501
0x008c0506
0x008c050b
0x008c050d
0x008c0511
0x008c0516
0x008c0517
0x008c051c
0x008c051e
0x008c0522
0x008c0527
0x008c052a
0x008c0530
0x008c0532
0x008c0535
0x008c053a
0x008c053b
0x008c0540
0x008c0541
0x008c0542
0x008c054e
0x008c0550
0x008c0555
0x008c0558
0x008c0558
0x008c055d
0x008c0592
0x008c05a0

APIs

___security_init_cookie.LIBCMT ref: 008C0447
___crtGetShowWindowMode.LIBCMT ref: 008C045D

Part of subcall function 008C3DFA: GetStartupInfoW.KERNEL32(?), ref: 008C3E04

Part of subcall function 008C9F02: GetProcessHeap.KERNEL32(008C04BA,008F06C8,00000014), ref: 008C9F02

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: HeapInfoModeProcessShowStartupWindow___crt___security_init_cookie
String ID:
API String ID: 3192242368-0
Opcode ID: 4ea7c5e34f83c3d07bf1bfcd124677c0b8d305236b316b0cbf3a645315958249
Instruction ID: 5b4b6bb6c07b7168f22f4090560ced68a6fd48c6c6c78a9756204843825396f5
Opcode Fuzzy Hash: 4ea7c5e34f83c3d07bf1bfcd124677c0b8d305236b316b0cbf3a645315958249
Instruction Fuzzy Hash: 1B018C60A01719DAEB1877BD9C46F3A21B4FF10B8DF14406DFA46D6192EEB4C940CE6B

Uniqueness

Uniqueness Score: -1.00%

Function 008A5030, Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 261
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E008A5030(void* __ebx, intOrPtr* __ecx, void* __ebp, signed int _a4, intOrPtr* _a8, intOrPtr _a12, signed int _a16) {
				signed int _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				intOrPtr _v36;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v68;
				char _v128;
				char _v132;
				signed int _v140;
				intOrPtr _v144;
				char _v148;
				intOrPtr _v152;
				intOrPtr _v160;
				intOrPtr _v164;
				intOrPtr _v184;
				char _v196;
				char _v200;
				intOrPtr _v208;
				intOrPtr _v212;
				char _v216;
				intOrPtr _v220;
				intOrPtr _v228;
				intOrPtr _v232;
				intOrPtr _v252;
				signed int* _v264;
				signed int _v268;
				void* __edi;
				void* __esi;
				signed int _t120;
				signed int _t124;
				signed int _t126;
				intOrPtr _t130;
				signed int _t137;
				intOrPtr _t141;
				signed int _t148;
				intOrPtr _t152;
				signed int _t159;
				signed int* _t164;
				signed int _t166;
				signed int _t169;
				signed int _t172;
				signed int _t175;
				signed int _t181;
				intOrPtr _t188;
				signed int _t189;
				intOrPtr _t196;
				intOrPtr* _t203;
				intOrPtr* _t206;
				void* _t208;
				intOrPtr* _t209;
				signed int _t210;
				intOrPtr* _t213;
				void* _t214;
				void* _t217;
				void* _t220;
				signed int _t227;
				signed int _t229;
				intOrPtr* _t231;
				signed int _t237;
				signed int _t238;
				intOrPtr* _t240;
				intOrPtr* _t241;
				intOrPtr* _t243;
				intOrPtr _t244;
				signed int _t245;
				intOrPtr* _t251;
				signed int _t252;
				void* _t253;
				signed int _t254;
				void* _t256;
				signed int _t257;
				signed int _t258;
				signed int _t259;

				_t253 = __ebp;
				_t213 = __ecx;
				_t208 = __ebx;
				_t244 = _a12;
				_t251 = __ecx;
				if(_t244 == 0) {
					L13:
					_t237 =  *(_t251 + 0x10);
					_t120 = _a4;
					__eflags = _t237 - _t120;
					if(__eflags < 0) {
						_push("invalid string position");
						E008A9C28(__eflags);
						goto L44;
					} else {
						_t213 = _t237 - _t120;
						_push(_t208);
						_t209 = _a8;
						__eflags = _t213 - _t209;
						_push(_t253);
						_t254 = _a16;
						_t210 =  <  ? _t213 : _t209;
						__eflags = (_t120 | 0xffffffff) - _t254 - _t237 - _t210;
						if(__eflags <= 0) {
							L44:
							_push("string too long");
							E008A9BFA(__eflags);
							asm("int3");
							_t214 = _t213 -  *((intOrPtr*)(_t213 - 4));
							_push(0xffffffff);
							_push(E008E04C9);
							_push( *[fs:0x0]);
							_t257 = _t256 - 0x68;
							_t124 =  *0x8f21d0; // 0x28a5f8b6
							_v32 = _t124 ^ _t257;
							_t126 =  *0x8f21d0; // 0x28a5f8b6
							_push(_t126 ^ _t257);
							 *[fs:0x0] =  &_v28;
							_v132 = 0;
							_v44 = 0x8e33e0;
							_v36 = 0x8e25bc;
							_v20 = 0;
							_v132 = 1;
							E00898D90(__eflags, _t214 + 0xffffffa4);
							_t130 = _v48;
							_v132 = 0x8e33c8;
							_v68 = 0x8e33d0;
							_t59 = _t130 + 4; // 0x8
							_v24 = 0xffffffff;
							 *((intOrPtr*)(_t257 +  *_t59 + 0x60)) = 0x8e33d4;
							_t64 = _v48 + 4; // 0x8a51d7
							 *((intOrPtr*)(_t257 +  *_t64 + 0x5c)) = 0;
							E008BF897( &_v132, 0x8eecac);
							asm("int3");
							_t217 =  &_v128 -  *((intOrPtr*)( &_v128 - 4));
							_push(0xffffffff);
							_push(E008E0519);
							_push( *[fs:0x0]);
							_t258 = _t257 - 0x34;
							_t137 =  *0x8f21d0; // 0x28a5f8b6
							_push(_t137 ^ _t258);
							 *[fs:0x0] =  &_v148;
							_v200 = 0;
							_v160 = 0x8e3a74;
							_v152 = 0x8e25bc;
							_v140 = 0;
							_v200 = 1;
							E00898E30(__eflags, _t217 + 0xffffffd4);
							_t141 = _v164;
							_v200 = 0x8e3a5c;
							_v184 = 0x8e3a64;
							_t79 = _t141 + 4; // 0x8
							_v144 = 0xffffffff;
							 *((intOrPtr*)(_t258 +  *_t79 + 0x30)) = 0x8e3a68;
							_t84 = _v164 + 4; // 0x8a5289
							 *((intOrPtr*)(_t258 +  *_t84 + 0x2c)) = 0;
							E008BF897( &_v200, 0x8eeea0);
							asm("int3");
							_t220 =  &_v196 -  *((intOrPtr*)( &_v196 - 4));
							_push(0xffffffff);
							_push(E008E0519);
							_push( *[fs:0x0]);
							_t259 = _t258 - 0x34;
							_t148 =  *0x8f21d0; // 0x28a5f8b6
							_push(_t148 ^ _t259);
							 *[fs:0x0] =  &_v216;
							_v268 = 0;
							_v228 = 0x8e3a28;
							_v220 = 0x8e25bc;
							_v208 = 0;
							_v268 = 1;
							E00898E30(__eflags, _t220 + 0xffffffd4);
							_t152 = _v232;
							_v268 = 0x8e3a10;
							_v252 = 0x8e3a18;
							_t99 = _t152 + 4; // 0x8
							_v212 = 0xffffffff;
							 *((intOrPtr*)(_t259 +  *_t99 + 0x30)) = 0x8e3a1c;
							_t104 = _v232 + 4; // 0x8a533e
							 *((intOrPtr*)(_t259 +  *_t104 + 0x2c)) = 0;
							E008BF897( &_v268, 0x8eee6c);
							asm("int3");
							asm("int3");
							asm("int3");
							_t238 = _v268;
							_push(_t251);
							_push(_t244);
							_t252 =  *(_t238 + 8);
							 *(_t238 + 8) =  *(_t252 + 4);
							_t159 =  *(_t252 + 4);
							__eflags = _t159;
							if(_t159 != 0) {
								_t227 =  *_t159 & 0x00000001 | _t238;
								__eflags = _t227;
								 *_t159 = _t227;
							}
							 *_t252 = ( *_t252 ^  *_t238) & 0x00000001 ^  *_t238;
							_t164 = _v264;
							_t245 =  *_t164;
							__eflags = _t238 - (_t245 & 0xfffffffe);
							if(_t238 != (_t245 & 0xfffffffe)) {
								_t166 =  *_t238 & 0xfffffffe;
								__eflags = _t238 -  *(_t166 + 4);
								if(_t238 !=  *(_t166 + 4)) {
									 *(_t166 + 8) = _t252;
									 *(_t252 + 4) = _t238;
									_t169 =  *_t238 & 0x00000001 | _t252;
									__eflags = _t169;
									 *_t238 = _t169;
									return _t169;
								} else {
									 *(_t166 + 4) = _t252;
									 *(_t252 + 4) = _t238;
									_t172 =  *_t238 & 0x00000001 | _t252;
									__eflags = _t172;
									 *_t238 = _t172;
									return _t172;
								}
							} else {
								 *_t164 = _t245 & 0x00000001 | _t252;
								 *(_t252 + 4) = _t238;
								_t175 =  *_t238 & 0x00000001 | _t252;
								__eflags = _t175;
								 *_t238 = _t175;
								return _t175;
							}
						} else {
							_t229 = _t213 - _t210;
							_a16 = _t229;
							__eflags = _t254 - _t210;
							if(_t254 < _t210) {
								_t196 =  *((intOrPtr*)(_t251 + 0x14));
								__eflags = _t196 - 8;
								if(_t196 < 8) {
									_a8 = _t251;
								} else {
									_a8 =  *_t251;
								}
								__eflags = _t196 - 8;
								if(_t196 < 8) {
									_t241 = _t251;
								} else {
									_t241 =  *_t251;
								}
								__eflags = _t229;
								if(_t229 != 0) {
									E008BEEA0(_t241 + (_a4 + _t254) * 2, _a8 + (_a4 + _t210) * 2, _t229 + _t229);
									_t244 = _a12;
									_t256 = _t256 + 0xc;
								}
							}
							__eflags = _t254;
							if(_t254 != 0) {
								L26:
								_a12 = _t254 - _t210 +  *(_t251 + 0x10);
								_t181 = E00892510(_t210, _t251, _t244, _t251, _t254, _t254 - _t210 +  *(_t251 + 0x10), 0);
								__eflags = _t181;
								if(_t181 != 0) {
									__eflags = _t210 - _t254;
									if(_t210 < _t254) {
										_t188 =  *((intOrPtr*)(_t251 + 0x14));
										__eflags = _t188 - 8;
										if(_t188 < 8) {
											_a8 = _t251;
										} else {
											_a8 =  *_t251;
										}
										__eflags = _t188 - 8;
										if(_t188 < 8) {
											_t240 = _t251;
										} else {
											_t240 =  *_t251;
										}
										_t189 = _a16;
										__eflags = _t189;
										if(_t189 != 0) {
											__eflags = _t189 + _t189;
											E008BEEA0(_t240 + (_a4 + _t254) * 2, _a8 + (_a4 + _t210) * 2, _t189 + _t189);
											_t256 = _t256 + 0xc;
										}
									}
									__eflags =  *((intOrPtr*)(_t251 + 0x14)) - 8;
									if( *((intOrPtr*)(_t251 + 0x14)) < 8) {
										_t231 = _t251;
									} else {
										_t231 =  *_t251;
									}
									__eflags = _t254;
									if(_t254 != 0) {
										E008BFCF0(_t231 + _a4 * 2, _t244, _t254 * 2);
									}
									E00892420(_t251, _a12);
								}
							} else {
								__eflags = _t210;
								if(_t210 != 0) {
									goto L26;
								}
							}
							return _t251;
						}
					}
				} else {
					_t213 =  *((intOrPtr*)(__ecx + 0x14));
					if(_t213 < 8) {
						_t203 = __ecx;
					} else {
						_t203 =  *__ecx;
					}
					if(_t244 < _t203) {
						goto L13;
					} else {
						if(_t213 < 8) {
							_t243 = _t251;
						} else {
							_t243 =  *_t251;
						}
						if(_t243 +  *(_t251 + 0x10) * 2 <= _t244) {
							goto L13;
						} else {
							if(_t213 < 8) {
								_t206 = _t251;
							} else {
								_t206 =  *_t251;
							}
							return L008A4CC0(_t208, _t251, _t253, _a4, _a8, _t251, _t244 - _t206 >> 1, _a16);
						}
					}
				}
			}

0x008a5030
0x008a5030
0x008a5030
0x008a5032
0x008a5036
0x008a503a
0x008a508c
0x008a508c
0x008a508f
0x008a5093
0x008a5095
0x008a51c2
0x008a51c7
0x00000000
0x008a509b
0x008a509d
0x008a509f
0x008a50a0
0x008a50a4
0x008a50a6
0x008a50a7
0x008a50ab
0x008a50b5
0x008a50b7
0x008a51cc
0x008a51cc
0x008a51d1
0x008a51d6
0x008a51d7
0x008a51e0
0x008a51e2
0x008a51ed
0x008a51ee
0x008a51f1
0x008a51f8
0x008a51fc
0x008a5203
0x008a5208
0x008a520e
0x008a5219
0x008a5221
0x008a522e
0x008a5236
0x008a523e
0x008a5243
0x008a5247
0x008a524f
0x008a525c
0x008a525f
0x008a5267
0x008a5273
0x008a5276
0x008a5283
0x008a5288
0x008a5289
0x008a52a0
0x008a52a2
0x008a52ad
0x008a52ae
0x008a52b1
0x008a52b8
0x008a52bd
0x008a52c3
0x008a52ce
0x008a52d6
0x008a52e3
0x008a52eb
0x008a52f3
0x008a52f8
0x008a52fc
0x008a5304
0x008a5311
0x008a5314
0x008a531c
0x008a5328
0x008a532b
0x008a5338
0x008a533d
0x008a533e
0x008a5350
0x008a5352
0x008a535d
0x008a535e
0x008a5361
0x008a5368
0x008a536d
0x008a5373
0x008a537e
0x008a5386
0x008a5393
0x008a539b
0x008a53a3
0x008a53a8
0x008a53ac
0x008a53b4
0x008a53c1
0x008a53c4
0x008a53cc
0x008a53d8
0x008a53db
0x008a53e8
0x008a53ed
0x008a53ee
0x008a53ef
0x008a53f0
0x008a53f4
0x008a53f5
0x008a53f6
0x008a53fc
0x008a53ff
0x008a5402
0x008a5404
0x008a540b
0x008a540b
0x008a540d
0x008a540d
0x008a5418
0x008a541a
0x008a541e
0x008a5425
0x008a5427
0x008a5441
0x008a5444
0x008a5447
0x008a545b
0x008a545e
0x008a5466
0x008a5466
0x008a5469
0x008a546c
0x008a5449
0x008a5449
0x008a544c
0x008a5454
0x008a5454
0x008a5457
0x008a545a
0x008a545a
0x008a5429
0x008a542e
0x008a5430
0x008a5438
0x008a5438
0x008a543b
0x008a543e
0x008a543e
0x008a50bd
0x008a50bd
0x008a50bf
0x008a50c3
0x008a50c5
0x008a50c7
0x008a50ca
0x008a50cd
0x008a50d7
0x008a50cf
0x008a50d1
0x008a50d1
0x008a50db
0x008a50de
0x008a50e4
0x008a50e0
0x008a50e0
0x008a50e0
0x008a50e6
0x008a50e8
0x008a5104
0x008a5109
0x008a510d
0x008a510d
0x008a50e8
0x008a5110
0x008a5112
0x008a511c
0x008a5128
0x008a512c
0x008a5131
0x008a5133
0x008a5139
0x008a513b
0x008a513d
0x008a5140
0x008a5143
0x008a514d
0x008a5145
0x008a5147
0x008a5147
0x008a5151
0x008a5154
0x008a515a
0x008a5156
0x008a5156
0x008a5156
0x008a515c
0x008a5160
0x008a5162
0x008a5168
0x008a517d
0x008a5182
0x008a5182
0x008a5162
0x008a5185
0x008a5189
0x008a518f
0x008a518b
0x008a518b
0x008a518b
0x008a5191
0x008a5193
0x008a51a6
0x008a51ab
0x008a51b4
0x008a51b4
0x008a5114
0x008a5114
0x008a5116
0x00000000
0x00000000
0x008a5116
0x008a51bf
0x008a51bf
0x008a50b7
0x008a503c
0x008a503c
0x008a5042
0x008a5048
0x008a5044
0x008a5044
0x008a5044
0x008a504c
0x00000000
0x008a504e
0x008a5051
0x008a5057
0x008a5053
0x008a5053
0x008a5053
0x008a5061
0x00000000
0x008a5063
0x008a5066
0x008a506c
0x008a5068
0x008a5068
0x008a5068
0x008a5089
0x008a5089
0x008a5061
0x008a504c

APIs

_memmove.LIBCMT ref: 008A5104
_memmove.LIBCMT ref: 008A517D
_memmove.LIBCMT ref: 008A51A6

Strings

invalid string position, xrefs: 008A5016, 008A51C2
string too long, xrefs: 008A500C, 008A51CC

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: _memmove
String ID: invalid string position$string too long
API String ID: 4104443479-4289949731
Opcode ID: f08592857f0c395e7dc5ff3511b897681d236eafbb001717db56d0bc62dea145
Instruction ID: c541a80f4e270bcef8fa320682168a3fce33b893a1c6e7d9542215ebe6af8a84
Opcode Fuzzy Hash: f08592857f0c395e7dc5ff3511b897681d236eafbb001717db56d0bc62dea145
Instruction Fuzzy Hash: 82A1BE70204B459FC710DF68C988A1BBBE9FB86718F204A1DF595C7791D734E988CB92

Uniqueness

Uniqueness Score: -1.00%

Function 008BD504, Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 257
COMMON

Download Yara Rule

C-Code - Quality: 42%

			E008BD504(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t109;
				intOrPtr* _t114;
				void* _t129;
				intOrPtr* _t137;
				signed int* _t139;
				void* _t140;

				_push(0x58);
				E008C1E5D(E008E1941, __ebx, __edi, __esi);
				_t137 = __ecx;
				_t109 = E008A36A0(_t140 - 0x14);
				 *(_t140 - 4) =  *(_t140 - 4) & 0x00000000;
				E00897EE0(_t109);
				 *(_t140 - 4) =  *(_t140 - 4) | 0xffffffff;
				E0089A750(_t140 - 0x14);
				_t139 =  *(_t140 + 0x20);
				_t129 =  *((intOrPtr*)(_t140 + 0x28)) + 0xffffffbf;
				 *((intOrPtr*)(_t140 - 0x10)) = 0;
				if(_t129 > 0x38) {
					L36:
					 *_t139 =  *_t139 | 0x00000002;
					L37:
					if(E008A2B90(_t140 + 0xc, _t140 + 0x14) != 0) {
						 *_t139 =  *_t139 | 0x00000001;
					}
					_t114 =  *((intOrPtr*)(_t140 + 8));
					 *_t114 =  *((intOrPtr*)(_t140 + 0xc));
					 *((intOrPtr*)(_t114 + 4)) =  *((intOrPtr*)(_t140 + 0x10));
					return E008C1E2B(_t114);
				}
				switch( *((intOrPtr*)(( *(_t129 + 0x8bd834) & 0x000000ff) * 4 +  &M008BD7D8))) {
					case 0:
						_push( *((intOrPtr*)(_t140 + 0x24)));
						_push(_t139);
						_push( *((intOrPtr*)(_t140 + 0x1c)));
						_push( *((intOrPtr*)(_t140 + 0x18)));
						_push( *((intOrPtr*)(_t140 + 0x14)));
						_push( *((intOrPtr*)(_t140 + 0x10)));
						_push( *((intOrPtr*)(_t140 + 0xc)));
						_push(_t140 - 0x1c);
						 *((intOrPtr*)( *_t137 + 0x18))();
						 *((intOrPtr*)(_t140 + 0xc)) =  *((intOrPtr*)(_t140 - 0x1c));
						_t120 =  *((intOrPtr*)(_t140 - 0x18));
						goto L3;
					case 1:
						_push( *(__ebp + 0x24));
						__eax =  *__edi;
						__ecx = __ebp - 0x24;
						_push(__esi);
						_push( *((intOrPtr*)(__ebp + 0x1c)));
						_push( *((intOrPtr*)(__ebp + 0x18)));
						_push( *(__ebp + 0x14));
						_push( *((intOrPtr*)(__ebp + 0x10)));
						_push( *(__ebp + 0xc));
						_push(__ebp - 0x24);
						__ecx = __edi;
						 *((intOrPtr*)( *__edi + 0x1c))() =  *(__ebp - 0x24);
						 *(__ebp + 0xc) =  *(__ebp - 0x24);
						__eax =  *(__ebp - 0x20);
						goto L3;
					case 2:
						__ebp - 0x10 = __ebp + 0x14;
						__eax = __ebp + 0xc;
						__eax = E008BBC39(__edi, __ebp + 0xc, __ebp + 0x14, 0, 0x63, __ebp - 0x10, __ebx);
						 *__esi = __eax;
						__eflags = __al & 0x00000002;
						if((__al & 0x00000002) != 0) {
							goto L37;
						} else {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) + 0xffffffed;
							__ecx = ( *(__ebp - 0x10) + 0xffffffed) * 0x64;
							__eflags = __ecx;
							goto L9;
						}
					case 3:
						_push("%m / %d / %y");
						__eax = __ebp - 0x3c;
						goto L6;
					case 4:
						__eax =  *(__ebp + 0x24);
						_push(__ebx);
						__eax =  *(__ebp + 0x24) + 8;
						__eflags = __eax;
						_push(__eax);
						_push(0x17);
						goto L15;
					case 5:
						__eax =  *(__ebp + 0x24);
						_push(__ebx);
						__eax =  *(__ebp + 0x24) + 8;
						_push( *(__ebp + 0x24) + 8);
						_push(0xb);
						goto L15;
					case 6:
						__eax =  *(__ebp + 0x24);
						_push(__ebx);
						__eax =  *(__ebp + 0x24) + 4;
						__eflags = __eax;
						_push(__eax);
						goto L21;
					case 7:
						_push("%H : %M");
						__eax = __ebp - 0x54;
						goto L6;
					case 8:
						_push(__ebx);
						_push( *(__ebp + 0x24));
						L21:
						_push(0x3b);
						goto L15;
					case 9:
						_push("%H : %M : S");
						__eax = __ebp - 0x5c;
						goto L6;
					case 0xa:
						__eax =  *(__ebp + 0x24);
						_push(__ebx);
						__eax =  *(__ebp + 0x24) + 0x1c;
						_push( *(__ebp + 0x24) + 0x1c);
						_push(0x35);
						goto L15;
					case 0xb:
						_push( *(__ebp + 0x24));
						__eax =  *__edi;
						__ecx = __ebp - 0x2c;
						_push(__esi);
						_push( *((intOrPtr*)(__ebp + 0x1c)));
						_push( *((intOrPtr*)(__ebp + 0x18)));
						_push( *(__ebp + 0x14));
						_push( *((intOrPtr*)(__ebp + 0x10)));
						_push( *(__ebp + 0xc));
						_push(__ebp - 0x2c);
						__ecx = __edi;
						 *((intOrPtr*)( *__edi + 0x20))() =  *(__ebp - 0x2c);
						 *(__ebp + 0xc) =  *(__ebp - 0x2c);
						__eax =  *(__ebp - 0x28);
						goto L3;
					case 0xc:
						_push("%b %d %H : %M : %S %Y");
						__eax = __ebp - 0x34;
						goto L6;
					case 0xd:
						__eax =  *(__ebp + 0x24);
						_push(__ebx);
						__eax =  *(__ebp + 0x24) + 0xc;
						__eflags = __eax;
						_push(__eax);
						_push(0x1f);
						goto L11;
					case 0xe:
						__eax =  *(__ebp + 0x24);
						_push(__ebx);
						__eax =  *(__ebp + 0x24) + 0x1c;
						_push( *(__ebp + 0x24) + 0x1c);
						_push(0x16e);
						L11:
						_push(1);
						goto L12;
					case 0xf:
						__ebp - 0x10 = __ebp + 0x14;
						__eax = __ebp + 0xc;
						__eax = E008BBC39(__edi, __ebp + 0xc, __ebp + 0x14, 1, 0xc, __ebp - 0x10, __ebx);
						 *__esi = __eax;
						__eflags = __al & 0x00000002;
						if((__al & 0x00000002) == 0) {
							__eax =  *(__ebp + 0x24);
							__ecx =  *(__ebp - 0x10);
							__ecx =  *(__ebp - 0x10) - 1;
							 *( *(__ebp + 0x24) + 0x10) = __ecx;
						}
						goto L37;
					case 0x10:
						_push(" ");
						__eax = __ebp - 0x44;
						goto L6;
					case 0x11:
						_push(":AM:am:PM:pm");
						_push(0);
						__eax = __ebp + 0x14;
						_push(__ebp + 0x14);
						__eax = __ebp + 0xc;
						_push(__ebp + 0xc);
						__eax = E008952A0();
						__esp = __esp + 0x10;
						__eflags = __eax;
						if(__eax < 0) {
							goto L36;
						}
						__ecx =  *(__ebp + 0x24);
						 *((intOrPtr*)(__ecx + 8)) =  *((intOrPtr*)(__ecx + 8)) + __eax;
						goto L37;
					case 0x12:
						_push("%I : %M : %S %p");
						__eax = __ebp - 0x4c;
						goto L6;
					case 0x13:
						__eax =  *(__ebp + 0x24);
						_push(__ebx);
						__eax =  *(__ebp + 0x24) + 0x18;
						_push( *(__ebp + 0x24) + 0x18);
						_push(6);
						L15:
						_push(__edx);
						L12:
						__eax = __ebp + 0x14;
						_push(__ebp + 0x14);
						__eax = __ebp + 0xc;
						_push(__ebp + 0xc);
						_push(__edi);
						__eax = E008BBC39();
						__esp = __esp + 0x1c;
						 *__esi =  *__esi | __eax;
						goto L37;
					case 0x14:
						_push("%d / %m / %y");
						__eax = __ebp - 0x64;
						L6:
						_push( *(__ebp + 0x24));
						__ecx = __edi;
						_push(__esi);
						_push( *((intOrPtr*)(__ebp + 0x1c)));
						_push( *((intOrPtr*)(__ebp + 0x18)));
						_push( *(__ebp + 0x14));
						_push( *((intOrPtr*)(__ebp + 0x10)));
						_push( *(__ebp + 0xc));
						_push(__eax);
						__eax = E008BBB2E(__ebx, __edi, __edi, __esi, __eflags);
						__ecx =  *__eax;
						 *(__ebp + 0xc) = __ecx;
						__eax =  *(__eax + 4);
						L3:
						 *((intOrPtr*)(_t140 + 0x10)) = _t120;
						goto L37;
					case 0x15:
						__ebp - 0x10 = __ebp + 0x14;
						__eax = __ebp + 0xc;
						__eax = E008BBC39(__edi, __ebp + 0xc, __ebp + 0x14, 0, 0x63, __ebp - 0x10, __ebx);
						 *__esi = __eax;
						__eflags = __al & 0x00000002;
						if((__al & 0x00000002) != 0) {
							goto L37;
						}
						__ecx =  *(__ebp - 0x10);
						__eflags = __ecx - 0x45;
						if(__ecx < 0x45) {
							__ecx = __ecx + 0x64;
						}
						L9:
						__eax =  *(__ebp + 0x24);
						 *( *(__ebp + 0x24) + 0x14) = __ecx;
						goto L37;
					case 0x16:
						goto L36;
				}
			}

0x008bd504
0x008bd50b
0x008bd510
0x008bd519
0x008bd51e
0x008bd523
0x008bd528
0x008bd532
0x008bd53c
0x008bd542
0x008bd545
0x008bd54b
0x008bd7a9
0x008bd7a9
0x008bd7ac
0x008bd7ba
0x008bd7bc
0x008bd7bc
0x008bd7bf
0x008bd7c5
0x008bd7ca
0x008bd7d2
0x008bd7d2
0x008bd558
0x00000000
0x008bd55f
0x008bd567
0x008bd568
0x008bd56b
0x008bd56e
0x008bd571
0x008bd574
0x008bd577
0x008bd57a
0x008bd580
0x008bd583
0x00000000
0x00000000
0x008bd58e
0x008bd591
0x008bd593
0x008bd596
0x008bd597
0x008bd59a
0x008bd59d
0x008bd5a0
0x008bd5a3
0x008bd5a6
0x008bd5a7
0x008bd5ac
0x008bd5af
0x008bd5b2
0x00000000
0x00000000
0x008bd5ec
0x008bd5f0
0x008bd5f5
0x008bd5ff
0x008bd601
0x008bd603
0x00000000
0x008bd609
0x008bd60c
0x008bd60f
0x008bd60f
0x00000000
0x008bd60f
0x00000000
0x008bd641
0x008bd646
0x00000000
0x00000000
0x008bd64e
0x008bd651
0x008bd652
0x008bd652
0x008bd655
0x008bd656
0x00000000
0x00000000
0x008bd65b
0x008bd65e
0x008bd65f
0x008bd662
0x008bd663
0x00000000
0x00000000
0x008bd6ab
0x008bd6ae
0x008bd6af
0x008bd6af
0x008bd6b2
0x00000000
0x00000000
0x008bd6fd
0x008bd702
0x00000000
0x00000000
0x008bd70a
0x008bd70b
0x008bd6b3
0x008bd6b3
0x00000000
0x00000000
0x008bd710
0x008bd715
0x00000000
0x00000000
0x008bd71d
0x008bd720
0x008bd721
0x008bd724
0x008bd725
0x00000000
0x00000000
0x008bd77d
0x008bd780
0x008bd782
0x008bd785
0x008bd786
0x008bd789
0x008bd78c
0x008bd78f
0x008bd792
0x008bd795
0x008bd796
0x008bd79b
0x008bd79e
0x008bd7a1
0x00000000
0x00000000
0x008bd5b7
0x008bd5bc
0x00000000
0x00000000
0x008bd61d
0x008bd620
0x008bd621
0x008bd621
0x008bd624
0x008bd625
0x00000000
0x00000000
0x008bd667
0x008bd66a
0x008bd66b
0x008bd66e
0x008bd66f
0x008bd627
0x008bd627
0x00000000
0x00000000
0x008bd67f
0x008bd683
0x008bd688
0x008bd692
0x008bd694
0x008bd696
0x008bd69c
0x008bd69f
0x008bd6a2
0x008bd6a3
0x008bd6a3
0x00000000
0x00000000
0x008bd6b7
0x008bd6bc
0x00000000
0x00000000
0x008bd6c4
0x008bd6c9
0x008bd6ca
0x008bd6cd
0x008bd6ce
0x008bd6d1
0x008bd6d2
0x008bd6d7
0x008bd6da
0x008bd6dc
0x00000000
0x00000000
0x008bd6e2
0x008bd6e8
0x00000000
0x00000000
0x008bd6f0
0x008bd6f5
0x00000000
0x00000000
0x008bd72c
0x008bd72f
0x008bd730
0x008bd733
0x008bd734
0x008bd658
0x008bd658
0x008bd629
0x008bd629
0x008bd62c
0x008bd62d
0x008bd630
0x008bd631
0x008bd632
0x008bd637
0x008bd63a
0x00000000
0x00000000
0x008bd73b
0x008bd740
0x008bd5bf
0x008bd5bf
0x008bd5c2
0x008bd5c4
0x008bd5c5
0x008bd5c8
0x008bd5cb
0x008bd5ce
0x008bd5d1
0x008bd5d4
0x008bd5d5
0x008bd5da
0x008bd5dc
0x008bd5df
0x008bd586
0x008bd586
0x00000000
0x00000000
0x008bd750
0x008bd754
0x008bd759
0x008bd763
0x008bd765
0x008bd767
0x00000000
0x00000000
0x008bd769
0x008bd76c
0x008bd76f
0x008bd775
0x008bd775
0x008bd612
0x008bd612
0x008bd615
0x00000000
0x00000000
0x00000000
0x00000000

APIs

__EH_prolog3.LIBCMT ref: 008BD50B

Part of subcall function 00897EE0: std::_Lockit::_Lockit.LIBCPMT ref: 00897F0D
Part of subcall function 00897EE0: std::_Lockit::_Lockit.LIBCPMT ref: 00897F33

Strings

%d / %m / %y, xrefs: 008BD73B
%H : %M : S, xrefs: 008BD710
%H : %M, xrefs: 008BD6FD
%m / %d / %y, xrefs: 008BD641
%I : %M : %S %p, xrefs: 008BD6F0
%b %d %H : %M : %S %Y, xrefs: 008BD5B7
:AM:am:PM:pm, xrefs: 008BD6C4

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: LockitLockit::_std::_$H_prolog3
String ID: %H : %M$%H : %M : S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
API String ID: 297366252-2659852414
Opcode ID: 2bfb9bdaf5fbfabe7ba4821ae229d23e01570337463f7f646482543e78451f1a
Instruction ID: d90bb057d96c59198ac1858490185bb0b464fc21a5e6d3015d1803e404a14e10
Opcode Fuzzy Hash: 2bfb9bdaf5fbfabe7ba4821ae229d23e01570337463f7f646482543e78451f1a
Instruction Fuzzy Hash: C19102B650020DBFCB15DE88C881DEE7BB9FB08318F144019F91AEA291E735EA11DB65

Uniqueness

Uniqueness Score: -1.00%

Function 008B7FA9, Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 257
COMMON

Download Yara Rule

C-Code - Quality: 45%

			E008B7FA9(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t109;
				intOrPtr* _t114;
				void* _t129;
				intOrPtr* _t137;
				signed int* _t139;
				void* _t140;
				void* _t141;

				_t141 = __eflags;
				_push(0x58);
				E008C1E5D(E008E1941, __ebx, __edi, __esi);
				_t137 = __ecx;
				_t109 = E008A36A0(_t140 - 0x14);
				 *(_t140 - 4) =  *(_t140 - 4) & 0x00000000;
				_push(_t109);
				E008AE3F2(__ebx, __ecx, __esi, _t141);
				 *(_t140 - 4) =  *(_t140 - 4) | 0xffffffff;
				E0089A750(_t140 - 0x14);
				_t139 =  *(_t140 + 0x20);
				_t129 =  *((intOrPtr*)(_t140 + 0x28)) + 0xffffffbf;
				 *((intOrPtr*)(_t140 - 0x10)) = 0;
				if(_t129 > 0x38) {
					L36:
					 *_t139 =  *_t139 | 0x00000002;
					__eflags =  *_t139;
					L37:
					if(E008BACCB(_t140 + 0xc, _t140 + 0x14) != 0) {
						 *_t139 =  *_t139 | 0x00000001;
					}
					_t114 =  *((intOrPtr*)(_t140 + 8));
					 *_t114 =  *((intOrPtr*)(_t140 + 0xc));
					 *((intOrPtr*)(_t114 + 4)) =  *((intOrPtr*)(_t140 + 0x10));
					return E008C1E2B(_t114);
				}
				switch( *((intOrPtr*)(( *(_t129 + 0x8b82d9) & 0x000000ff) * 4 +  &M008B827D))) {
					case 0:
						_push( *((intOrPtr*)(_t140 + 0x24)));
						_push(_t139);
						_push( *((intOrPtr*)(_t140 + 0x1c)));
						_push( *((intOrPtr*)(_t140 + 0x18)));
						_push( *((intOrPtr*)(_t140 + 0x14)));
						_push( *((intOrPtr*)(_t140 + 0x10)));
						_push( *((intOrPtr*)(_t140 + 0xc)));
						_push(_t140 - 0x1c);
						 *((intOrPtr*)( *_t137 + 0x18))();
						 *((intOrPtr*)(_t140 + 0xc)) =  *((intOrPtr*)(_t140 - 0x1c));
						_t120 =  *((intOrPtr*)(_t140 - 0x18));
						goto L3;
					case 1:
						_push( *(__ebp + 0x24));
						__eax =  *__edi;
						__ecx = __ebp - 0x24;
						_push(__esi);
						_push( *((intOrPtr*)(__ebp + 0x1c)));
						_push( *((intOrPtr*)(__ebp + 0x18)));
						_push( *(__ebp + 0x14));
						_push( *((intOrPtr*)(__ebp + 0x10)));
						_push( *(__ebp + 0xc));
						_push(__ebp - 0x24);
						__ecx = __edi;
						 *((intOrPtr*)( *__edi + 0x1c))() =  *(__ebp - 0x24);
						 *(__ebp + 0xc) =  *(__ebp - 0x24);
						__eax =  *(__ebp - 0x20);
						goto L3;
					case 2:
						__ebp - 0x10 = __ebp + 0x14;
						__eax = __ebp + 0xc;
						__eax = E008B2CB7(__edi, __ebp + 0xc, __ebp + 0x14, 0, 0x63, __ebp - 0x10, __ebx);
						 *__esi = __eax;
						__eflags = __al & 0x00000002;
						if((__al & 0x00000002) != 0) {
							goto L37;
						} else {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) + 0xffffffed;
							__ecx = ( *(__ebp - 0x10) + 0xffffffed) * 0x64;
							__eflags = __ecx;
							goto L9;
						}
					case 3:
						_push("%m / %d / %y");
						__eax = __ebp - 0x3c;
						goto L6;
					case 4:
						__eax =  *(__ebp + 0x24);
						_push(__ebx);
						__eax =  *(__ebp + 0x24) + 8;
						__eflags = __eax;
						_push(__eax);
						_push(0x17);
						goto L15;
					case 5:
						__eax =  *(__ebp + 0x24);
						_push(__ebx);
						__eax =  *(__ebp + 0x24) + 8;
						_push( *(__ebp + 0x24) + 8);
						_push(0xb);
						goto L15;
					case 6:
						__eax =  *(__ebp + 0x24);
						_push(__ebx);
						__eax =  *(__ebp + 0x24) + 4;
						__eflags = __eax;
						_push(__eax);
						goto L21;
					case 7:
						_push("%H : %M");
						__eax = __ebp - 0x54;
						goto L6;
					case 8:
						_push(__ebx);
						_push( *(__ebp + 0x24));
						L21:
						_push(0x3b);
						goto L15;
					case 9:
						_push("%H : %M : S");
						__eax = __ebp - 0x5c;
						goto L6;
					case 0xa:
						__eax =  *(__ebp + 0x24);
						_push(__ebx);
						__eax =  *(__ebp + 0x24) + 0x1c;
						_push( *(__ebp + 0x24) + 0x1c);
						_push(0x35);
						goto L15;
					case 0xb:
						_push( *(__ebp + 0x24));
						__eax =  *__edi;
						__ecx = __ebp - 0x2c;
						_push(__esi);
						_push( *((intOrPtr*)(__ebp + 0x1c)));
						_push( *((intOrPtr*)(__ebp + 0x18)));
						_push( *(__ebp + 0x14));
						_push( *((intOrPtr*)(__ebp + 0x10)));
						_push( *(__ebp + 0xc));
						_push(__ebp - 0x2c);
						__ecx = __edi;
						 *((intOrPtr*)( *__edi + 0x20))() =  *(__ebp - 0x2c);
						 *(__ebp + 0xc) =  *(__ebp - 0x2c);
						__eax =  *(__ebp - 0x28);
						goto L3;
					case 0xc:
						_push("%b %d %H : %M : %S %Y");
						__eax = __ebp - 0x34;
						goto L6;
					case 0xd:
						__eax =  *(__ebp + 0x24);
						_push(__ebx);
						__eax =  *(__ebp + 0x24) + 0xc;
						__eflags = __eax;
						_push(__eax);
						_push(0x1f);
						goto L11;
					case 0xe:
						__eax =  *(__ebp + 0x24);
						_push(__ebx);
						__eax =  *(__ebp + 0x24) + 0x1c;
						_push( *(__ebp + 0x24) + 0x1c);
						_push(0x16e);
						L11:
						_push(1);
						goto L12;
					case 0xf:
						__ebp - 0x10 = __ebp + 0x14;
						__eax = __ebp + 0xc;
						__eax = E008B2CB7(__edi, __ebp + 0xc, __ebp + 0x14, 1, 0xc, __ebp - 0x10, __ebx);
						 *__esi = __eax;
						__eflags = __al & 0x00000002;
						if((__al & 0x00000002) == 0) {
							__eax =  *(__ebp + 0x24);
							__ecx =  *(__ebp - 0x10);
							__ecx =  *(__ebp - 0x10) - 1;
							 *( *(__ebp + 0x24) + 0x10) = __ecx;
						}
						goto L37;
					case 0x10:
						_push(" ");
						__eax = __ebp - 0x44;
						goto L6;
					case 0x11:
						_push(":AM:am:PM:pm");
						_push(0);
						__eax = __ebp + 0x14;
						_push(__ebp + 0x14);
						__eax = __ebp + 0xc;
						_push(__ebp + 0xc);
						__eax = E008ADB7A(__ebx, __edi, __esi, __eflags);
						__esp = __esp + 0x10;
						__eflags = __eax;
						if(__eax < 0) {
							goto L36;
						}
						__ecx =  *(__ebp + 0x24);
						 *((intOrPtr*)(__ecx + 8)) =  *((intOrPtr*)(__ecx + 8)) + __eax;
						goto L37;
					case 0x12:
						_push("%I : %M : %S %p");
						__eax = __ebp - 0x4c;
						goto L6;
					case 0x13:
						__eax =  *(__ebp + 0x24);
						_push(__ebx);
						__eax =  *(__ebp + 0x24) + 0x18;
						_push( *(__ebp + 0x24) + 0x18);
						_push(6);
						L15:
						_push(__edx);
						L12:
						__eax = __ebp + 0x14;
						_push(__ebp + 0x14);
						__eax = __ebp + 0xc;
						_push(__ebp + 0xc);
						_push(__edi);
						__eax = E008B2CB7();
						__esp = __esp + 0x1c;
						 *__esi =  *__esi | __eax;
						goto L37;
					case 0x14:
						_push("%d / %m / %y");
						__eax = __ebp - 0x64;
						L6:
						_push( *(__ebp + 0x24));
						__ecx = __edi;
						_push(__esi);
						_push( *((intOrPtr*)(__ebp + 0x1c)));
						_push( *((intOrPtr*)(__ebp + 0x18)));
						_push( *(__ebp + 0x14));
						_push( *((intOrPtr*)(__ebp + 0x10)));
						_push( *(__ebp + 0xc));
						_push(__eax);
						__eax = E008B2393(__ebx, __edi, __edi, __esi, __eflags);
						__ecx =  *__eax;
						 *(__ebp + 0xc) = __ecx;
						__eax =  *(__eax + 4);
						L3:
						 *((intOrPtr*)(_t140 + 0x10)) = _t120;
						goto L37;
					case 0x15:
						__ebp - 0x10 = __ebp + 0x14;
						__eax = __ebp + 0xc;
						__eax = E008B2CB7(__edi, __ebp + 0xc, __ebp + 0x14, 0, 0x63, __ebp - 0x10, __ebx);
						 *__esi = __eax;
						__eflags = __al & 0x00000002;
						if((__al & 0x00000002) != 0) {
							goto L37;
						}
						__ecx =  *(__ebp - 0x10);
						__eflags = __ecx - 0x45;
						if(__ecx < 0x45) {
							__ecx = __ecx + 0x64;
						}
						L9:
						__eax =  *(__ebp + 0x24);
						 *( *(__ebp + 0x24) + 0x14) = __ecx;
						goto L37;
					case 0x16:
						goto L36;
				}
			}

0x008b7fa9
0x008b7fa9
0x008b7fb0
0x008b7fb5
0x008b7fbe
0x008b7fc3
0x008b7fc7
0x008b7fc8
0x008b7fcd
0x008b7fd7
0x008b7fe1
0x008b7fe7
0x008b7fea
0x008b7ff0
0x008b824e
0x008b824e
0x008b824e
0x008b8251
0x008b825f
0x008b8261
0x008b8261
0x008b8264
0x008b826a
0x008b826f
0x008b8277
0x008b8277
0x008b7ffd
0x00000000
0x008b8004
0x008b800c
0x008b800d
0x008b8010
0x008b8013
0x008b8016
0x008b8019
0x008b801c
0x008b801f
0x008b8025
0x008b8028
0x00000000
0x00000000
0x008b8033
0x008b8036
0x008b8038
0x008b803b
0x008b803c
0x008b803f
0x008b8042
0x008b8045
0x008b8048
0x008b804b
0x008b804c
0x008b8051
0x008b8054
0x008b8057
0x00000000
0x00000000
0x008b8091
0x008b8095
0x008b809a
0x008b80a4
0x008b80a6
0x008b80a8
0x00000000
0x008b80ae
0x008b80b1
0x008b80b4
0x008b80b4
0x00000000
0x008b80b4
0x00000000
0x008b80e6
0x008b80eb
0x00000000
0x00000000
0x008b80f3
0x008b80f6
0x008b80f7
0x008b80f7
0x008b80fa
0x008b80fb
0x00000000
0x00000000
0x008b8100
0x008b8103
0x008b8104
0x008b8107
0x008b8108
0x00000000
0x00000000
0x008b8150
0x008b8153
0x008b8154
0x008b8154
0x008b8157
0x00000000
0x00000000
0x008b81a2
0x008b81a7
0x00000000
0x00000000
0x008b81af
0x008b81b0
0x008b8158
0x008b8158
0x00000000
0x00000000
0x008b81b5
0x008b81ba
0x00000000
0x00000000
0x008b81c2
0x008b81c5
0x008b81c6
0x008b81c9
0x008b81ca
0x00000000
0x00000000
0x008b8222
0x008b8225
0x008b8227
0x008b822a
0x008b822b
0x008b822e
0x008b8231
0x008b8234
0x008b8237
0x008b823a
0x008b823b
0x008b8240
0x008b8243
0x008b8246
0x00000000
0x00000000
0x008b805c
0x008b8061
0x00000000
0x00000000
0x008b80c2
0x008b80c5
0x008b80c6
0x008b80c6
0x008b80c9
0x008b80ca
0x00000000
0x00000000
0x008b810c
0x008b810f
0x008b8110
0x008b8113
0x008b8114
0x008b80cc
0x008b80cc
0x00000000
0x00000000
0x008b8124
0x008b8128
0x008b812d
0x008b8137
0x008b8139
0x008b813b
0x008b8141
0x008b8144
0x008b8147
0x008b8148
0x008b8148
0x00000000
0x00000000
0x008b815c
0x008b8161
0x00000000
0x00000000
0x008b8169
0x008b816e
0x008b816f
0x008b8172
0x008b8173
0x008b8176
0x008b8177
0x008b817c
0x008b817f
0x008b8181
0x00000000
0x00000000
0x008b8187
0x008b818d
0x00000000
0x00000000
0x008b8195
0x008b819a
0x00000000
0x00000000
0x008b81d1
0x008b81d4
0x008b81d5
0x008b81d8
0x008b81d9
0x008b80fd
0x008b80fd
0x008b80ce
0x008b80ce
0x008b80d1
0x008b80d2
0x008b80d5
0x008b80d6
0x008b80d7
0x008b80dc
0x008b80df
0x00000000
0x00000000
0x008b81e0
0x008b81e5
0x008b8064
0x008b8064
0x008b8067
0x008b8069
0x008b806a
0x008b806d
0x008b8070
0x008b8073
0x008b8076
0x008b8079
0x008b807a
0x008b807f
0x008b8081
0x008b8084
0x008b802b
0x008b802b
0x00000000
0x00000000
0x008b81f5
0x008b81f9
0x008b81fe
0x008b8208
0x008b820a
0x008b820c
0x00000000
0x00000000
0x008b820e
0x008b8211
0x008b8214
0x008b821a
0x008b821a
0x008b80b7
0x008b80b7
0x008b80ba
0x00000000
0x00000000
0x00000000
0x00000000

APIs

__EH_prolog3.LIBCMT ref: 008B7FB0

Part of subcall function 008AE3F2: __EH_prolog3.LIBCMT ref: 008AE3F9
Part of subcall function 008AE3F2: std::_Lockit::_Lockit.LIBCPMT ref: 008AE403

Strings

%d / %m / %y, xrefs: 008B81E0
%H : %M : S, xrefs: 008B81B5
%H : %M, xrefs: 008B81A2
%m / %d / %y, xrefs: 008B80E6
%I : %M : %S %p, xrefs: 008B8195
%b %d %H : %M : %S %Y, xrefs: 008B805C
:AM:am:PM:pm, xrefs: 008B8169

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: H_prolog3$LockitLockit::_std::_
String ID: %H : %M$%H : %M : S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
API String ID: 2181796688-2659852414
Opcode ID: 8cf694e54cbb33c296a384e9fe127ab42dc9fa051d3a4204d77388b4a265e313
Instruction ID: dff8b81a7018b60c642f09e4442235d0495cd4d9d541af3615ec6589fbcc923b
Opcode Fuzzy Hash: 8cf694e54cbb33c296a384e9fe127ab42dc9fa051d3a4204d77388b4a265e313
Instruction Fuzzy Hash: 4F9114B2500609EFCB15DF88C891DEE7BB9FF08318F104419FA25E6291DB35EA15DB21

Uniqueness

Uniqueness Score: -1.00%

Function 0089F5F0, Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 173
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E0089F5F0(intOrPtr __ecx, intOrPtr _a4, char _a8, signed char _a12) {
				char _v4;
				intOrPtr _v16;
				intOrPtr _v20;
				signed char** _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v84;
				char _v116;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t61;
				signed int _t64;
				char _t72;
				intOrPtr _t74;
				intOrPtr _t75;
				signed int _t79;
				char _t92;
				intOrPtr _t94;
				intOrPtr _t97;
				void* _t98;
				intOrPtr _t99;
				char _t100;
				char _t101;
				signed char** _t102;
				intOrPtr _t107;
				intOrPtr _t111;
				void* _t113;
				char _t115;
				intOrPtr _t117;
				intOrPtr _t118;
				intOrPtr* _t119;
				char _t121;
				char _t122;
				char _t123;
				intOrPtr _t128;
				intOrPtr _t130;
				intOrPtr* _t131;
				intOrPtr* _t132;
				char* _t133;
				signed int _t140;

				_t97 = __ecx;
				_t61 = _a12;
				_t92 = _a8;
				_t128 = __ecx;
				 *((intOrPtr*)(__ecx + 0x38)) = 0;
				 *(__ecx + 0x3c) = _t61;
				if(_t92 == 0) {
					L10:
					return _t61;
				} else {
					_t61 = _t61 & 0x00000006;
					if(_t61 == 6) {
						goto L10;
					} else {
						_push(_t118);
						_t152 = _t92 - 0xffffffff;
						if(_t92 > 0xffffffff) {
							L11:
							E008A9BC9(__eflags);
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							_push(0xffffffff);
							_push(E008DFDB0);
							_push( *[fs:0x0]);
							_push(_t92);
							_push(_t128);
							_push(_t118);
							_t64 =  *0x8f21d0; // 0x28a5f8b6
							_push(_t64 ^ _t140);
							 *[fs:0x0] =  &_v28;
							_v32 = _t140 - 0x64;
							_t94 = _t97;
							_v36 = _t94;
							_t130 = E008C177C(_t94, _t128, __eflags);
							_v40 = _t130;
							E008A9EC7( &_v84);
							 *((intOrPtr*)(_t94 + 8)) = 0;
							__eflags = _v4;
							 *((intOrPtr*)(_t94 + 0x10)) = 0;
							 *((intOrPtr*)(_t94 + 0x14)) = 0;
							_v20 = 0;
							if(_v4 == 0) {
								_t131 =  *((intOrPtr*)(_t130 + 8));
							} else {
								_t131 = 0x8e236f;
							}
							E008A9EC7( &_v116);
							_t119 = _t131;
							_t40 = _t119 + 1; // 0x8e2370
							_t98 = _t40;
							do {
								_t72 =  *_t119;
								_t119 = _t119 + 1;
								__eflags = _t72;
							} while (__eflags != 0);
							_t121 = _t119 - _t98 + 1;
							_push(_t121);
							_t111 = E008A9AFF(_t94, _t121, __eflags);
							_t99 = _t111;
							__eflags = _t121;
							while(__eflags != 0) {
								_t99 = _t99 + 1;
								 *((char*)(_t99 - 1)) =  *_t131;
								_t43 = _t131 + 1; // 0x656e6567
								_t131 = _t43;
								_t121 = _t121 - 1;
								__eflags = _t121;
							}
							_t122 = 6;
							 *((intOrPtr*)(_t94 + 8)) = _t111;
							_push(6);
							_t132 = "false";
							_t74 = E008A9AFF(_t94, 6, __eflags);
							_t113 = _t74 - _t132;
							do {
								_t100 =  *_t132;
								_t132 = _t132 + 1;
								 *((char*)(_t113 + _t132 - 1)) = _t100;
								_t122 = _t122 - 1;
								__eflags = _t122;
							} while (__eflags != 0);
							_t123 = 5;
							 *((intOrPtr*)(_t94 + 0x10)) = _t74;
							_push(5);
							_t133 = "true";
							_t75 = E008A9AFF(_t94, 5, __eflags);
							_t115 = _t75 - _t133;
							__eflags = _t115;
							do {
								_t101 =  *_t133;
								_t133 =  &(_t133[1]);
								 *((char*)(_t115 + _t133 - 1)) = _t101;
								_t123 = _t123 - 1;
								__eflags = _t123;
							} while (_t123 != 0);
							__eflags = _a8;
							 *((intOrPtr*)(_t94 + 0x14)) = _t75;
							if(_a8 == 0) {
								_t102 = _v28;
								 *((char*)(_t94 + 0xc)) =  *( *_t102) & 0x000000ff;
								_t79 =  *(_t102[1]) & 0x000000ff;
								 *(_t94 + 0xd) = _t79;
								 *[fs:0x0] = _v16;
								return _t79;
							} else {
								 *((short*)(_t94 + 0xc)) = 0x2c2e;
								 *[fs:0x0] = _v16;
								return _t75;
							}
						} else {
							_push(_t92);
							_t118 = E008BED02(_t92, _t118, _t152);
							_t140 = _t140 + 4;
							if(_t118 == 0) {
								goto L11;
							} else {
								E008BFCF0(_t118, _a4, _t92);
								_t107 = _t118 + _t92;
								 *((intOrPtr*)(_t128 + 0x38)) = _t107;
								if(( *(_t128 + 0x3c) & 0x00000004) == 0) {
									 *((intOrPtr*)( *((intOrPtr*)(_t128 + 0xc)))) = _t118;
									 *( *(_t128 + 0x1c)) = _t118;
									 *( *(_t128 + 0x2c)) = _t92;
								}
								_t61 =  *(_t128 + 0x3c);
								if((_t61 & 0x00000002) == 0) {
									_t117 =  !=  ? _t107 : _t118;
									 *((intOrPtr*)( *((intOrPtr*)(_t128 + 0x10)))) = _t118;
									 *((intOrPtr*)( *((intOrPtr*)(_t128 + 0x20)))) = _t117;
									 *((intOrPtr*)( *((intOrPtr*)(_t128 + 0x30)))) = _t118 - _t117 + _t92;
									_t61 =  *(_t128 + 0x1c);
									if( *_t61 == 0) {
										 *((intOrPtr*)( *((intOrPtr*)(_t128 + 0xc)))) = _t118;
										 *( *(_t128 + 0x1c)) = 0;
										_t61 =  *(_t128 + 0x2c);
										 *_t61 = _t118;
									}
								}
								 *(_t128 + 0x3c) =  *(_t128 + 0x3c) | 0x00000001;
								goto L10;
							}
						}
					}
				}
			}

0x0089f5f0
0x0089f5f0
0x0089f5f5
0x0089f5fa
0x0089f5fc
0x0089f603
0x0089f608
0x0089f69e
0x0089f6a0
0x0089f60e
0x0089f60e
0x0089f613
0x00000000
0x0089f619
0x0089f619
0x0089f61a
0x0089f61d
0x0089f6a3
0x0089f6a3
0x0089f6a8
0x0089f6a9
0x0089f6aa
0x0089f6ab
0x0089f6ac
0x0089f6ad
0x0089f6ae
0x0089f6af
0x0089f6b3
0x0089f6b5
0x0089f6c0
0x0089f6c4
0x0089f6c5
0x0089f6c6
0x0089f6c7
0x0089f6ce
0x0089f6d2
0x0089f6d8
0x0089f6db
0x0089f6dd
0x0089f6e5
0x0089f6eb
0x0089f6ee
0x0089f6f6
0x0089f6fd
0x0089f701
0x0089f708
0x0089f70f
0x0089f716
0x0089f71f
0x0089f718
0x0089f718
0x0089f718
0x0089f726
0x0089f72b
0x0089f730
0x0089f730
0x0089f733
0x0089f733
0x0089f735
0x0089f736
0x0089f736
0x0089f73c
0x0089f73d
0x0089f746
0x0089f748
0x0089f74a
0x0089f74c
0x0089f752
0x0089f755
0x0089f758
0x0089f758
0x0089f75b
0x0089f75b
0x0089f75b
0x0089f75e
0x0089f763
0x0089f766
0x0089f767
0x0089f76c
0x0089f776
0x0089f780
0x0089f780
0x0089f782
0x0089f785
0x0089f789
0x0089f789
0x0089f789
0x0089f78c
0x0089f791
0x0089f794
0x0089f795
0x0089f79a
0x0089f7a4
0x0089f7a4
0x0089f7a6
0x0089f7a6
0x0089f7a8
0x0089f7ab
0x0089f7af
0x0089f7af
0x0089f7af
0x0089f7b2
0x0089f7b6
0x0089f7b9
0x0089f7d5
0x0089f7dd
0x0089f7e3
0x0089f7e6
0x0089f7ec
0x0089f7fa
0x0089f7bb
0x0089f7bb
0x0089f7c4
0x0089f7d2
0x0089f7d2
0x0089f623
0x0089f623
0x0089f629
0x0089f62b
0x0089f630
0x00000000
0x0089f632
0x0089f638
0x0089f640
0x0089f647
0x0089f64a
0x0089f64f
0x0089f654
0x0089f659
0x0089f659
0x0089f65b
0x0089f660
0x0089f669
0x0089f672
0x0089f677
0x0089f67c
0x0089f67e
0x0089f684
0x0089f689
0x0089f68e
0x0089f694
0x0089f697
0x0089f697
0x0089f684
0x0089f699
0x00000000
0x0089f69d
0x0089f630
0x0089f61d
0x0089f613

APIs

_memmove.LIBCMT ref: 0089F638
Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 0089F6A3
_localeconv.LIBCMT ref: 0089F6E0
__Getcvt.LIBCPMT ref: 0089F6EE
__Getcvt.LIBCPMT ref: 0089F726

Part of subcall function 008BED02: _malloc.LIBCMT ref: 008BED1A

Strings

false, xrefs: 0089F767
.,, xrefs: 0089F7BB
true, xrefs: 0089F795

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: Getcvt$Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception_localeconv_malloc_memmove
String ID: .,$false$true
API String ID: 247213733-276263365
Opcode ID: bd51ae76868a897a30c555e5097f42f75ca3c446e83ab49746f6d9e79424664e
Instruction ID: 495d943e162ff63deec0f4d230e3d6d735eb6fc93d83f604bc7cf7417a7cd3c8
Opcode Fuzzy Hash: bd51ae76868a897a30c555e5097f42f75ca3c446e83ab49746f6d9e79424664e
Instruction Fuzzy Hash: 1E51FDB19047408FCB26DF58C480B56BBE5FF85310F18852EE986CB712D772E805CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00891FD0, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 76
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00891FD0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, char _a12) {
				intOrPtr _v8;
				char _v12;
				void* _t10;
				char* _t11;
				void* _t19;
				intOrPtr _t26;
				void* _t28;

				_push(_a8);
				if(_a12 == 0) {
					_push(_a4);
					return E008916E0();
				} else {
					_push( &_v12);
					_t10 = E008916E0();
					if(_t10 != 0) {
						_t26 = _v8;
						if(_t26 != 0) {
							_t11 = E008BF620(_t26, "-----BEGIN");
							_t23 = _t11;
							if(_t11 == 0) {
								L10:
								_push(_t26);
								_push(_a4);
								L00894022();
								_t19 =  !=  ? 0 : 1;
							} else {
								_t28 = E008BF4F0(_t23, 0xa);
								if(_t28 != 0) {
									L8:
									_t26 = _t28 + 1;
									_t11 = E008BF620(_t26, "-----END");
									if(_t11 == 0) {
										goto L12;
									} else {
										 *_t11 = 0;
										goto L10;
									}
								} else {
									_t28 = E008BF4F0(_t23, 0xd);
									if(_t28 == 0) {
										L12:
										_t19 = 0;
									} else {
										goto L8;
									}
								}
							}
							_push(_v8);
							L00894010();
							return _t19;
						} else {
							return 0;
						}
					} else {
						return _t10;
					}
				}
			}

0x00891fd8
0x00891fdc
0x00892087
0x00892096
0x00891fe2
0x00891fe6
0x00891fe7
0x00891ff1
0x00891ff8
0x00891ffe
0x00892011
0x00892016
0x0089201d
0x00892057
0x00892057
0x00892058
0x0089205c
0x0089206b
0x0089201f
0x00892027
0x0089202e
0x00892041
0x00892041
0x00892048
0x00892052
0x00000000
0x00892054
0x00892054
0x00000000
0x00892054
0x00892030
0x00892038
0x0089203f
0x00892083
0x00892083
0x00000000
0x00000000
0x00000000
0x0089203f
0x0089202e
0x0089206e
0x00892072
0x00892082
0x00892000
0x00892006
0x00892006
0x00891ff6
0x00891ff6
0x00891ff6
0x00891ff1

Strings

-----BEGIN, xrefs: 00892009
-----END, xrefs: 00892042

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: AllocFileInfoItem_OpenReadUtil
String ID: -----BEGIN$-----END
API String ID: 584242313-4029955520
Opcode ID: 8ee9f550464d1dfe173a0ac7c84046db687291c577d21d2c911425e27cb6d74c
Instruction ID: 322cd33aa1fdedd7af3d36f9bc0bec2107eafe279f58144e57ee65923a9ee9a1
Opcode Fuzzy Hash: 8ee9f550464d1dfe173a0ac7c84046db687291c577d21d2c911425e27cb6d74c
Instruction Fuzzy Hash: 82119066D4461137CE2175287C47BAB3784FF92756F4C0128FC88E2362E65A5A19D1E3

Uniqueness

Uniqueness Score: -1.00%

Function 00892680, Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 413
COMMON

Download Yara Rule

C-Code - Quality: 44%

			E00892680(signed int __ebx, void* __edi, void* __ebp, signed int _a4, intOrPtr* _a8, intOrPtr _a12) {
				intOrPtr _v8;
				signed int _v12;
				void _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v52;
				signed int _v56;
				void _v64;
				signed int _v68;
				intOrPtr* _v72;
				intOrPtr _v96;
				intOrPtr* _v100;
				void* __esi;
				signed int _t91;
				signed int _t94;
				intOrPtr _t97;
				signed int _t99;
				signed int _t111;
				intOrPtr* _t112;
				intOrPtr _t113;
				signed int _t121;
				signed int _t125;
				signed int _t128;
				signed int _t129;
				signed int _t135;
				signed int _t139;
				signed int _t142;
				signed int _t143;
				intOrPtr _t144;
				signed int _t151;
				signed int _t155;
				intOrPtr _t159;
				char* _t164;
				signed int _t168;
				signed int _t172;
				signed int _t184;
				signed int _t185;
				intOrPtr* _t186;
				signed int _t187;
				intOrPtr* _t188;
				signed int _t198;
				signed int _t200;
				intOrPtr _t211;
				short _t214;
				signed int _t215;
				intOrPtr* _t216;
				signed int _t217;
				signed int _t218;
				signed int _t227;
				signed int _t232;
				signed int _t234;
				void* _t235;
				signed int _t236;
				signed int _t237;
				signed int _t238;
				intOrPtr _t239;
				void* _t240;
				signed int _t241;
				void* _t251;
				signed int _t264;
				intOrPtr* _t265;
				signed int _t266;
				signed int _t267;
				signed int _t268;
				intOrPtr _t269;
				void* _t294;
				intOrPtr _t295;
				signed int _t296;
				intOrPtr _t307;
				void* _t310;

				_t294 = __ebp;
				_t235 = __edi;
				_t184 = __ebx;
				_t91 = _a4;
				_t214 = 0;
				if(_t91 == 0) {
					L3:
					return _t214;
				} else {
					_t317 = _t91 - 0x7fffffff;
					if(_t91 > 0x7fffffff) {
						L4:
						E008A9BC9(__eflags);
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_t94 = _a4;
						_t215 = 0;
						__eflags = _t94;
						if(_t94 == 0) {
							L8:
							return _t215;
						} else {
							__eflags = _t94 - 0xffffffff;
							if(__eflags > 0) {
								L9:
								E008A9BC9(__eflags);
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								_push(_t235);
								_t236 = _a4;
								_t264 = _t215;
								_t216 = _a8;
								_t97 =  *((intOrPtr*)(_t236 + 0x10));
								__eflags = _t97 - _t216;
								if(__eflags < 0) {
									_push("invalid string position");
									E008A9C28(__eflags);
									goto L27;
								} else {
									_t168 = _t97 - _t216;
									_t216 =  *((intOrPtr*)(_t264 + 0x10));
									_push(_t184);
									_t211 = _a12;
									__eflags = _t168 - _t211;
									_t184 =  <  ? _t168 : _t211;
									__eflags = (_t168 | 0xffffffff) - _t216 - _t184;
									if(__eflags <= 0) {
										L27:
										_push("string too long");
										_t99 = E008A9BFA(__eflags);
										asm("int3");
										asm("int3");
										_push(_t184);
										_t185 = _v12;
										_push(_t264);
										_t265 = _t216;
										_t217 =  *(_t265 + 0x10);
										__eflags = (_t99 | 0xffffffff) - _t217 - _t185;
										if(__eflags <= 0) {
											_push("string too long");
											E008A9BFA(__eflags);
											goto L42;
										} else {
											_push(_t236);
											__eflags = _t185;
											if(_t185 == 0) {
												L40:
												return _t265;
											} else {
												_t236 = _t217 + _t185;
												__eflags = _t236 - 0xfffffffe;
												if(__eflags > 0) {
													L42:
													_push("string too long");
													E008A9BFA(__eflags);
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													_push(_t185);
													_t186 = _v28;
													_push(_t294);
													_t295 = _v24;
													_push(_t265);
													_push(_t236);
													_t237 =  *(_t186 + 0x10);
													_t266 = _t217;
													__eflags = _t237 - _t295;
													if(__eflags < 0) {
														_push("invalid string position");
														E008A9C28(__eflags);
														goto L68;
													} else {
														_t251 = _t237 - _t295;
														__eflags = _v20 - _t251;
														_t237 =  <  ? _v20 : _t251;
														__eflags = _t266 - _t186;
														if(_t266 != _t186) {
															__eflags = _t237 - 0xfffffffe;
															if(__eflags > 0) {
																goto L69;
															} else {
																_t144 =  *((intOrPtr*)(_t266 + 0x14));
																__eflags = _t144 - _t237;
																if(_t144 >= _t237) {
																	__eflags = _t237;
																	if(_t237 != 0) {
																		goto L52;
																	} else {
																		 *(_t266 + 0x10) = _t237;
																		__eflags = _t144 - 0x10;
																		if(_t144 < 0x10) {
																			_t151 = _t266;
																			 *_t151 = 0;
																			return _t151;
																		} else {
																			 *( *_t266) = 0;
																			return _t266;
																		}
																	}
																} else {
																	E00892150(_t217, _t237,  *(_t266 + 0x10));
																	__eflags = _t237;
																	if(_t237 == 0) {
																		L66:
																		return _t266;
																	} else {
																		L52:
																		__eflags =  *((intOrPtr*)(_t186 + 0x14)) - 0x10;
																		if( *((intOrPtr*)(_t186 + 0x14)) >= 0x10) {
																			_t186 =  *_t186;
																		}
																		__eflags =  *((intOrPtr*)(_t266 + 0x14)) - 0x10;
																		if( *((intOrPtr*)(_t266 + 0x14)) < 0x10) {
																			_t227 = _t266;
																		} else {
																			_t227 =  *_t266;
																		}
																		__eflags = _t237;
																		if(_t237 != 0) {
																			E008BFCF0(_t227, _t186 + _t295, _t237);
																		}
																		__eflags =  *((intOrPtr*)(_t266 + 0x14)) - 0x10;
																		 *(_t266 + 0x10) = _t237;
																		if( *((intOrPtr*)(_t266 + 0x14)) < 0x10) {
																			 *((char*)(_t266 + _t237)) = 0;
																			goto L66;
																		} else {
																			 *((char*)( *_t266 + _t237)) = 0;
																			return _t266;
																		}
																	}
																}
															}
														} else {
															_t155 = _t237 + _t295;
															__eflags =  *(_t266 + 0x10) - _t155;
															if(__eflags < 0) {
																L68:
																_push("invalid string position");
																E008A9C28(__eflags);
																L69:
																_push("string too long");
																E008A9BFA(__eflags);
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																_push(_t186);
																_t187 = _v56;
																_push(_t266);
																_t267 = _t217;
																__eflags = _t187;
																if(_t187 == 0) {
																	L82:
																	_push(_t237);
																	_t238 = _v52;
																	__eflags = _t238 - 0xfffffffe;
																	if(__eflags > 0) {
																		_push("string too long");
																		E008A9BFA(__eflags);
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		_push(_t187);
																		_t188 = _v72;
																		_push(_t295);
																		_t296 = _v68;
																		_push(_t267);
																		_push(_t238);
																		_t239 =  *((intOrPtr*)(_t188 + 0x10));
																		_t268 = _t217;
																		__eflags = _t239 - _t296;
																		if(__eflags < 0) {
																			_push("invalid string position");
																			E008A9C28(__eflags);
																			goto L124;
																		} else {
																			_t240 = _t239 - _t296;
																			__eflags = _v64 - _t240;
																			_t241 =  <  ? _v64 : _t240;
																			__eflags = _t268 - _t188;
																			if(_t268 != _t188) {
																				__eflags = _t241 - 0x7ffffffe;
																				if(__eflags > 0) {
																					goto L125;
																				} else {
																					_t113 =  *((intOrPtr*)(_t268 + 0x14));
																					__eflags = _t113 - _t241;
																					if(_t113 >= _t241) {
																						__eflags = _t241;
																						if(_t241 != 0) {
																							goto L108;
																						} else {
																							 *(_t268 + 0x10) = _t241;
																							__eflags = _t113 - 8;
																							if(_t113 < 8) {
																								_t121 = _t268;
																								__eflags = 0;
																								 *_t121 = 0;
																								return _t121;
																							} else {
																								__eflags = 0;
																								 *( *_t268) = 0;
																								return _t268;
																							}
																						}
																					} else {
																						E008922A0(_t217, _t241,  *(_t268 + 0x10));
																						__eflags = _t241;
																						if(_t241 == 0) {
																							L122:
																							return _t268;
																						} else {
																							L108:
																							__eflags =  *((intOrPtr*)(_t188 + 0x14)) - 8;
																							if( *((intOrPtr*)(_t188 + 0x14)) >= 8) {
																								_t188 =  *_t188;
																							}
																							__eflags =  *((intOrPtr*)(_t268 + 0x14)) - 8;
																							if( *((intOrPtr*)(_t268 + 0x14)) < 8) {
																								_t218 = _t268;
																							} else {
																								_t218 =  *_t268;
																							}
																							__eflags = _t241;
																							if(_t241 != 0) {
																								E008BFCF0(_t218, _t188 + _t296 * 2, _t241 + _t241);
																							}
																							__eflags =  *((intOrPtr*)(_t268 + 0x14)) - 8;
																							 *(_t268 + 0x10) = _t241;
																							if( *((intOrPtr*)(_t268 + 0x14)) < 8) {
																								__eflags = 0;
																								 *((short*)(_t268 + _t241 * 2)) = 0;
																								goto L122;
																							} else {
																								__eflags = 0;
																								 *((short*)( *_t268 + _t241 * 2)) = 0;
																								return _t268;
																							}
																						}
																					}
																				}
																			} else {
																				_t125 = _t241 + _t296;
																				__eflags =  *(_t268 + 0x10) - _t125;
																				if(__eflags < 0) {
																					L124:
																					_push("invalid string position");
																					E008A9C28(__eflags);
																					L125:
																					_push("string too long");
																					E008A9BFA(__eflags);
																					asm("int3");
																					asm("int3");
																					asm("int3");
																					asm("int3");
																					asm("int3");
																					asm("int3");
																					asm("int3");
																					asm("int3");
																					asm("int3");
																					asm("int3");
																					asm("int3");
																					asm("int3");
																					asm("int3");
																					_push(_t268);
																					_t269 = _v96;
																					_t111 = E008A9C56(_t269);
																					__eflags = _t111;
																					_t112 = _v100;
																					 *_t112 = _t269;
																					if(_t111 == 0) {
																						 *((intOrPtr*)(_t112 + 4)) = 0x8f2008;
																						return _t112;
																					} else {
																						 *((intOrPtr*)(_t112 + 4)) = 0x8f2000;
																						return _t112;
																					}
																				} else {
																					__eflags =  *((intOrPtr*)(_t268 + 0x14)) - 8;
																					 *(_t268 + 0x10) = _t125;
																					if( *((intOrPtr*)(_t268 + 0x14)) >= 8) {
																						_t217 =  *_t268;
																					}
																					__eflags = 0;
																					 *((short*)(_t217 + _t125 * 2)) = 0;
																					E00892D30(_t188, _t268, _t296, 0, _t296);
																					return _t268;
																				}
																			}
																		}
																	} else {
																		_t128 =  *(_t267 + 0x14);
																		__eflags = _t128 - _t238;
																		if(_t128 >= _t238) {
																			__eflags = _t238;
																			if(_t238 != 0) {
																				goto L85;
																			} else {
																				 *(_t267 + 0x10) = _t238;
																				__eflags = _t128 - 0x10;
																				if(_t128 < 0x10) {
																					_t135 = _t267;
																					 *_t135 = 0;
																					return _t135;
																				} else {
																					 *( *_t267) = 0;
																					return _t267;
																				}
																			}
																		} else {
																			E00892150(_t267, _t238,  *(_t267 + 0x10));
																			__eflags = _t238;
																			if(_t238 == 0) {
																				L97:
																				return _t267;
																			} else {
																				L85:
																				__eflags =  *(_t267 + 0x14) - 0x10;
																				if( *(_t267 + 0x14) < 0x10) {
																					_t129 = _t267;
																				} else {
																					_t129 =  *_t267;
																				}
																				__eflags = _t238;
																				if(_t238 != 0) {
																					E008BFCF0(_t129, _t187, _t238);
																				}
																				__eflags =  *(_t267 + 0x14) - 0x10;
																				 *(_t267 + 0x10) = _t238;
																				if( *(_t267 + 0x14) < 0x10) {
																					 *((char*)(_t267 + _t238)) = 0;
																					goto L97;
																				} else {
																					 *((char*)( *_t267 + _t238)) = 0;
																					return _t267;
																				}
																			}
																		}
																	}
																} else {
																	_t217 =  *(_t267 + 0x14);
																	__eflags = _t217 - 0x10;
																	if(_t217 < 0x10) {
																		_t139 = _t267;
																	} else {
																		_t139 =  *_t267;
																	}
																	__eflags = _t187 - _t139;
																	if(_t187 < _t139) {
																		goto L82;
																	} else {
																		__eflags = _t217 - 0x10;
																		if(_t217 < 0x10) {
																			_t234 = _t267;
																		} else {
																			_t234 =  *_t267;
																		}
																		__eflags =  *(_t267 + 0x10) + _t234 - _t187;
																		if( *(_t267 + 0x10) + _t234 <= _t187) {
																			goto L82;
																		} else {
																			__eflags = _t217 - 0x10;
																			if(_t217 < 0x10) {
																				_push(_v52);
																				_t142 = _t267;
																				_t198 = _t187 - _t142;
																				__eflags = _t198;
																				_push(_t198);
																				_push(_t267);
																				L43();
																				return _t142;
																			} else {
																				_push(_v52);
																				_t143 =  *_t267;
																				_t200 = _t187 - _t143;
																				__eflags = _t200;
																				_push(_t200);
																				_push(_t267);
																				L43();
																				return _t143;
																			}
																		}
																	}
																}
															} else {
																__eflags =  *((intOrPtr*)(_t266 + 0x14)) - 0x10;
																 *(_t266 + 0x10) = _t155;
																if( *((intOrPtr*)(_t266 + 0x14)) >= 0x10) {
																	_t217 =  *_t266;
																}
																 *((char*)(_t217 + _t155)) = 0;
																E00892C50(_t186, _t266, _t295, 0, _t295);
																return _t266;
															}
														}
													}
												} else {
													_t159 =  *((intOrPtr*)(_t265 + 0x14));
													__eflags = _t159 - _t236;
													if(_t159 >= _t236) {
														__eflags = _t236;
														if(_t236 != 0) {
															goto L33;
														} else {
															 *(_t265 + 0x10) = _t236;
															__eflags = _t159 - 0x10;
															if(_t159 < 0x10) {
																_t164 = _t265;
																 *_t164 = 0;
																return _t164;
															} else {
																 *((char*)( *_t265)) = 0;
																return _t265;
															}
														}
													} else {
														E00892150(_t265, _t236, _t217);
														__eflags = _t236;
														if(_t236 == 0) {
															goto L40;
														} else {
															L33:
															E00892100(_t265,  *(_t265 + 0x10), _t185, _v8);
															__eflags =  *((intOrPtr*)(_t265 + 0x14)) - 0x10;
															 *(_t265 + 0x10) = _t236;
															if( *((intOrPtr*)(_t265 + 0x14)) < 0x10) {
																 *((char*)(_t265 + _t236)) = 0;
																goto L40;
															} else {
																 *((char*)( *_t265 + _t236)) = 0;
																return _t265;
															}
														}
													}
												}
											}
										}
									} else {
										__eflags = _t184;
										if(_t184 == 0) {
											L25:
											return _t264;
										} else {
											_push(_t294);
											_t307 = _t216 + _t184;
											_t172 = E00892460(_t184, _t264, _t236, _t264, _t307, _t307, 0);
											__eflags = _t172;
											if(_t172 == 0) {
												L24:
												goto L25;
											} else {
												__eflags =  *((intOrPtr*)(_t236 + 0x14)) - 0x10;
												if( *((intOrPtr*)(_t236 + 0x14)) >= 0x10) {
													_t236 =  *_t236;
												}
												__eflags =  *((intOrPtr*)(_t264 + 0x14)) - 0x10;
												if( *((intOrPtr*)(_t264 + 0x14)) < 0x10) {
													_t232 = _t264;
												} else {
													_t232 =  *_t264;
												}
												__eflags = _t184;
												if(_t184 != 0) {
													__eflags =  *((intOrPtr*)(_t264 + 0x10)) + _t232;
													E008BFCF0( *((intOrPtr*)(_t264 + 0x10)) + _t232, _a8 + _t236, _t184);
												}
												__eflags =  *((intOrPtr*)(_t264 + 0x14)) - 0x10;
												 *((intOrPtr*)(_t264 + 0x10)) = _t307;
												if( *((intOrPtr*)(_t264 + 0x14)) < 0x10) {
													 *((char*)(_t264 + _t307)) = 0;
													goto L24;
												} else {
													 *((char*)( *_t264 + _t307)) = 0;
													return _t264;
												}
											}
										}
									}
								}
							} else {
								_push(_t94);
								_t215 = E008BED02(_t184, _t235, __eflags);
								_t310 = _t310 + 4;
								__eflags = _t215;
								if(__eflags == 0) {
									goto L9;
								} else {
									goto L8;
								}
							}
						}
					} else {
						_push(_t91 + _t91);
						_t214 = E008BED02(__ebx, __edi, _t317);
						_t310 = _t310 + 4;
						if(_t214 == 0) {
							goto L4;
						} else {
							goto L3;
						}
					}
				}
			}

0x00892680
0x00892680
0x00892680
0x00892680
0x00892684
0x00892688
0x008926a2
0x008926a4
0x0089268a
0x0089268a
0x0089268f
0x008926a7
0x008926a7
0x008926ac
0x008926ad
0x008926ae
0x008926af
0x008926b0
0x008926b4
0x008926b6
0x008926b8
0x008926ce
0x008926d0
0x008926ba
0x008926ba
0x008926bd
0x008926d3
0x008926d3
0x008926d8
0x008926d9
0x008926da
0x008926db
0x008926dc
0x008926dd
0x008926de
0x008926df
0x008926e1
0x008926e2
0x008926e6
0x008926e8
0x008926ec
0x008926ef
0x008926f1
0x0089277a
0x0089277f
0x00000000
0x008926f7
0x008926f7
0x008926f9
0x008926fc
0x008926fd
0x00892701
0x00892703
0x0089270b
0x0089270d
0x00892784
0x00892784
0x00892789
0x0089278e
0x0089278f
0x00892790
0x00892791
0x00892798
0x00892799
0x0089279b
0x008927a0
0x008927a2
0x0089281d
0x00892822
0x00000000
0x008927a4
0x008927a4
0x008927a5
0x008927a7
0x00892815
0x0089281a
0x008927a9
0x008927a9
0x008927ac
0x008927af
0x00892827
0x00892827
0x0089282c
0x00892831
0x00892832
0x00892833
0x00892834
0x00892835
0x00892836
0x00892837
0x00892838
0x00892839
0x0089283a
0x0089283b
0x0089283c
0x0089283d
0x0089283e
0x0089283f
0x00892840
0x00892841
0x00892845
0x00892846
0x0089284a
0x0089284b
0x0089284c
0x0089284f
0x00892851
0x00892853
0x00892926
0x0089292b
0x00000000
0x00892859
0x00892859
0x0089285b
0x0089285f
0x00892864
0x00892866
0x00892896
0x00892899
0x00000000
0x0089289f
0x0089289f
0x008928a2
0x008928a4
0x008928c5
0x008928c7
0x00000000
0x008928c9
0x008928c9
0x008928cc
0x008928cf
0x008928e0
0x008928e5
0x008928e8
0x008928d1
0x008928d4
0x008928dc
0x008928dc
0x008928cf
0x008928a6
0x008928aa
0x008928af
0x008928b1
0x0089291d
0x00892923
0x008928b3
0x008928b3
0x008928b3
0x008928b7
0x008928b9
0x008928b9
0x008928bb
0x008928bf
0x008928eb
0x008928c1
0x008928c1
0x008928c1
0x008928ed
0x008928ef
0x008928f7
0x008928fc
0x008928ff
0x00892903
0x00892906
0x00892919
0x00000000
0x00892908
0x0089290a
0x00892914
0x00892914
0x00892906
0x008928b1
0x008928a4
0x00892868
0x00892868
0x0089286b
0x0089286e
0x00892930
0x00892930
0x00892935
0x0089293a
0x0089293a
0x0089293f
0x00892944
0x00892945
0x00892946
0x00892947
0x00892948
0x00892949
0x0089294a
0x0089294b
0x0089294c
0x0089294d
0x0089294e
0x0089294f
0x00892950
0x00892951
0x00892955
0x00892956
0x00892958
0x0089295a
0x008929b3
0x008929b3
0x008929b4
0x008929b8
0x008929bb
0x00892a37
0x00892a3c
0x00892a41
0x00892a42
0x00892a43
0x00892a44
0x00892a45
0x00892a46
0x00892a47
0x00892a48
0x00892a49
0x00892a4a
0x00892a4b
0x00892a4c
0x00892a4d
0x00892a4e
0x00892a4f
0x00892a50
0x00892a51
0x00892a55
0x00892a56
0x00892a5a
0x00892a5b
0x00892a5c
0x00892a5f
0x00892a61
0x00892a63
0x00892b45
0x00892b4a
0x00000000
0x00892a69
0x00892a69
0x00892a6b
0x00892a6f
0x00892a74
0x00892a76
0x00892aa7
0x00892aad
0x00000000
0x00892ab3
0x00892ab3
0x00892ab6
0x00892ab8
0x00892ad9
0x00892adb
0x00000000
0x00892add
0x00892add
0x00892ae0
0x00892ae3
0x00892af6
0x00892af8
0x00892afd
0x00892b00
0x00892ae5
0x00892ae7
0x00892aea
0x00892af2
0x00892af2
0x00892ae3
0x00892aba
0x00892abe
0x00892ac3
0x00892ac5
0x00892b3c
0x00892b42
0x00892ac7
0x00892ac7
0x00892ac7
0x00892acb
0x00892acd
0x00892acd
0x00892acf
0x00892ad3
0x00892b03
0x00892ad5
0x00892ad5
0x00892ad5
0x00892b05
0x00892b07
0x00892b12
0x00892b17
0x00892b1a
0x00892b1e
0x00892b21
0x00892b36
0x00892b38
0x00000000
0x00892b23
0x00892b25
0x00892b27
0x00892b31
0x00892b31
0x00892b21
0x00892ac5
0x00892ab8
0x00892a78
0x00892a78
0x00892a7b
0x00892a7e
0x00892b4f
0x00892b4f
0x00892b54
0x00892b59
0x00892b59
0x00892b5e
0x00892b63
0x00892b64
0x00892b65
0x00892b66
0x00892b67
0x00892b68
0x00892b69
0x00892b6a
0x00892b6b
0x00892b6c
0x00892b6d
0x00892b6e
0x00892b6f
0x00892b70
0x00892b71
0x00892b76
0x00892b7e
0x00892b80
0x00892b84
0x00892b86
0x00892b93
0x00892b9b
0x00892b88
0x00892b88
0x00892b90
0x00892b90
0x00892a84
0x00892a84
0x00892a88
0x00892a8b
0x00892a8d
0x00892a8d
0x00892a8f
0x00892a92
0x00892a99
0x00892aa4
0x00892aa4
0x00892a7e
0x00892a76
0x008929bd
0x008929bd
0x008929c0
0x008929c2
0x008929dd
0x008929df
0x00000000
0x008929e1
0x008929e1
0x008929e4
0x008929e7
0x008929f6
0x008929fb
0x008929fe
0x008929e9
0x008929ec
0x008929f3
0x008929f3
0x008929e7
0x008929c4
0x008929ca
0x008929cf
0x008929d1
0x00892a2f
0x00892a34
0x008929d3
0x008929d3
0x008929d3
0x008929d7
0x00892a01
0x008929d9
0x008929d9
0x008929d9
0x00892a03
0x00892a05
0x00892a0a
0x00892a0f
0x00892a12
0x00892a16
0x00892a19
0x00892a2b
0x00000000
0x00892a1b
0x00892a1d
0x00892a26
0x00892a26
0x00892a19
0x008929d1
0x008929c2
0x0089295c
0x0089295c
0x0089295f
0x00892962
0x00892968
0x00892964
0x00892964
0x00892964
0x0089296a
0x0089296c
0x00000000
0x0089296e
0x0089296e
0x00892971
0x00892977
0x00892973
0x00892973
0x00892973
0x0089297e
0x00892980
0x00000000
0x00892982
0x00892982
0x00892985
0x0089299d
0x008929a1
0x008929a5
0x008929a5
0x008929a7
0x008929a8
0x008929a9
0x008929b0
0x00892987
0x00892987
0x0089298b
0x0089298f
0x0089298f
0x00892991
0x00892992
0x00892993
0x0089299a
0x0089299a
0x00892985
0x00892980
0x0089296c
0x00892874
0x00892874
0x00892878
0x0089287b
0x0089287d
0x0089287d
0x00892880
0x00892888
0x00892893
0x00892893
0x0089286e
0x00892866
0x008927b1
0x008927b1
0x008927b4
0x008927b6
0x008927eb
0x008927ed
0x00000000
0x008927ef
0x008927ef
0x008927f2
0x008927f5
0x00892804
0x00892809
0x0089280c
0x008927f7
0x008927fa
0x00892801
0x00892801
0x008927f5
0x008927b8
0x008927bc
0x008927c1
0x008927c3
0x00000000
0x008927c5
0x008927c5
0x008927cf
0x008927d4
0x008927d8
0x008927db
0x00892811
0x00000000
0x008927dd
0x008927df
0x008927e8
0x008927e8
0x008927db
0x008927c3
0x008927b6
0x008927af
0x008927a7
0x0089270f
0x0089270f
0x00892711
0x00892772
0x00892777
0x00892713
0x00892713
0x00892714
0x0089271c
0x00892721
0x00892723
0x00892771
0x00000000
0x00892725
0x00892725
0x00892729
0x0089272b
0x0089272b
0x0089272d
0x00892731
0x00892737
0x00892733
0x00892733
0x00892733
0x00892739
0x0089273b
0x00892748
0x0089274b
0x00892750
0x00892753
0x00892757
0x0089275a
0x0089276d
0x00000000
0x0089275c
0x0089275e
0x00892768
0x00892768
0x0089275a
0x00892723
0x00892711
0x0089270d
0x008926bf
0x008926bf
0x008926c5
0x008926c7
0x008926ca
0x008926cc
0x00000000
0x00000000
0x00000000
0x00000000
0x008926cc
0x008926bd
0x00892691
0x00892693
0x00892699
0x0089269b
0x008926a0
0x00000000
0x00000000
0x00000000
0x00000000
0x008926a0
0x0089268f

APIs

Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 008926A7

Part of subcall function 008BED02: _malloc.LIBCMT ref: 008BED1A

Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 008926D3
_memmove.LIBCMT ref: 0089274B

Strings

invalid string position, xrefs: 00892930
string too long, xrefs: 00892784, 00892827, 0089293A

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception$_malloc_memmove
String ID: invalid string position$string too long
API String ID: 4023115364-4289949731
Opcode ID: 4996f9122746b053bd02098434c5c72fe598f1e8a7e26ea0650d2cde61ced2f9
Instruction ID: b7419fd21074c01918994787ab86ac5dc8ca3dd98970acd3b8c95af27272679b
Opcode Fuzzy Hash: 4996f9122746b053bd02098434c5c72fe598f1e8a7e26ea0650d2cde61ced2f9
Instruction Fuzzy Hash: 66B1E432300314ABDB34BE5CA880E5BF7E9FBA1721F18092EE591D7691C761DC44C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 008A0650, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 96
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E008A0650(void* __ebx, void* __ecx, void* __ebp, signed int _a4, char _a8) {
				char _v20;
				char _v32;
				char _v40;
				char _v48;
				char _v56;
				intOrPtr _v60;
				char _v64;
				signed int _t28;
				signed int _t40;
				void* _t46;
				void* _t49;
				signed char _t52;
				char* _t53;
				void* _t54;
				intOrPtr _t55;
				void* _t62;
				void* _t64;
				void* _t67;
				char* _t68;

				_t67 = __ebp;
				_t49 = __ebx;
				_t68 =  &_v20;
				_t28 = _a4 & 0x00000017;
				 *(__ecx + 0xc) = _t28;
				_t52 =  *(__ecx + 0x10) & _t28;
				if(_t52 == 0) {
					return _t28;
				} else {
					if(_a8 != 0) {
						E008BF897(0, 0);
						goto L7;
					} else {
						if((_t52 & 0x00000004) != 0) {
							L7:
							_push("ios_base::badbit set");
							_push(0x8f2004);
							_t53 =  &_v20;
							E00899D90(_t49, _t53, _t67, 1);
							_v32 = 0x8e2520;
							E008BF897( &_v32, 0x8eeadc);
							goto L8;
						} else {
							_t74 = _t52 & 0x00000002;
							_t53 = _t68;
							if((_t52 & 0x00000002) != 0) {
								L8:
								_push("ios_base::failbit set");
								_push(0x8f2004);
								E00899D90(_t49, _t53, _t67, 1);
								_v40 = 0x8e2520;
								E008BF897( &_v40, 0x8eeadc);
							} else {
							}
						}
					}
					_push("ios_base::eofbit set");
					_push(0x8f2004);
					E00899D90(_t49, _t53, _t67, 1);
					_v48 = 0x8e2520;
					E008BF897( &_v48, 0x8eeadc);
					asm("int3");
					_t54 = _t53 -  *((intOrPtr*)(_t53 - 4));
					_push(0xffffffff);
					_push(E008DFEDB);
					_push( *[fs:0x0]);
					_t40 =  *0x8f21d0; // 0x28a5f8b6
					_push(_t40 ^ _t68 - 0x00000008);
					 *[fs:0x0] =  &_v56;
					_t64 = _t54;
					_push(0x60);
					_t55 = E008BED02(_t49, _t62, _t74);
					_v60 = _t55;
					_v48 = 0;
					if(_t55 == 0) {
						L13:
						__eflags = 0;
						 *[fs:0x0] = _v56;
						return 0;
					} else {
						_push(1);
						_v64 = 0;
						_t21 = _t64 - 0x5c; // 0xffffffa3
						_t46 = E008988D0(_t55, _t21, _v64);
						if(_t46 == 0) {
							goto L13;
						} else {
							 *[fs:0x0] = _v60;
							return _t46 + 0x54 +  *((intOrPtr*)( *((intOrPtr*)(_t46 + 0x54)) + 4));
						}
					}
				}
			}

0x008a0650
0x008a0650
0x008a0654
0x008a0657
0x008a065a
0x008a0660
0x008a0662
0x008a067d
0x008a0664
0x008a0669
0x008a0684
0x00000000
0x008a066b
0x008a066e
0x008a0689
0x008a0689
0x008a068e
0x008a0695
0x008a0699
0x008a06a7
0x008a06b0
0x00000000
0x008a0670
0x008a0670
0x008a0673
0x008a0676
0x008a06b5
0x008a06b5
0x008a06ba
0x008a06c1
0x008a06cf
0x008a06d8
0x00000000
0x008a0678
0x008a0676
0x008a066e
0x008a06dd
0x008a06e2
0x008a06e9
0x008a06f7
0x008a0700
0x008a0705
0x008a0706
0x008a0710
0x008a0712
0x008a071d
0x008a0722
0x008a0729
0x008a072e
0x008a0734
0x008a0736
0x008a073d
0x008a0742
0x008a0746
0x008a0750
0x008a0786
0x008a0786
0x008a078c
0x008a0798
0x008a0752
0x008a0752
0x008a0754
0x008a0759
0x008a0761
0x008a0768
0x00000000
0x008a076a
0x008a0779
0x008a0785
0x008a0785
0x008a0768
0x008a0750

APIs

__CxxThrowException@8.LIBCMT ref: 008A0684
__CxxThrowException@8.LIBCMT ref: 008A06B0
__CxxThrowException@8.LIBCMT ref: 008A06D8
__CxxThrowException@8.LIBCMT ref: 008A0700

Strings

ios_base::failbit set, xrefs: 008A06B5
ios_base::eofbit set, xrefs: 008A06DD
ios_base::badbit set, xrefs: 008A0689

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: Exception@8Throw
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2005118841-1866435925
Opcode ID: 0de23da893fe200b9fb9a74cb66ab3ca5682bb52cc5d84fd6f01c92751a663b7
Instruction ID: 6764fcec1b3fe71e8bfbc850bdce132622ec09bcaf7ad9d0c6c08167c26bac54
Opcode Fuzzy Hash: 0de23da893fe200b9fb9a74cb66ab3ca5682bb52cc5d84fd6f01c92751a663b7
Instruction Fuzzy Hash: DB310571648340AFE704EB28C942B5A77E4FB91B14F44882CF299D23C2E7B9E408CA57

Uniqueness

Uniqueness Score: -1.00%

Function 00891500, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 72
COMMON

Download Yara Rule

C-Code - Quality: 81%

			E00891500(intOrPtr _a4, char _a8, intOrPtr _a28) {
				char _v4;
				char _v12;
				signed char _v13;
				signed int _t13;
				intOrPtr _t22;
				void* _t24;
				void* _t35;
				void* _t37;
				signed int _t38;
				void* _t39;
				void* _t40;
				void* _t42;

				_push(0xffffffff);
				_push(E008DE768);
				_push( *[fs:0x0]);
				_t13 =  *0x8f21d0; // 0x28a5f8b6
				_push(_t13 ^ _t38);
				 *[fs:0x0] =  &_v12;
				_t22 = _a4;
				_t35 =  >=  ? _a8 :  &_a8;
				_v4 = 0;
				_v13 = 1;
				_t31 = E008BF620(_t35, "-----BEGIN");
				_t39 = _t38 + 8;
				if(_t16 == 0) {
					L5:
					_push(_t35);
					_push(_t22);
					L00894022();
					_t40 = _t39 + 8;
					_t24 =  !=  ? 0 : _v13 & 0x000000ff;
				} else {
					_t37 = E008BF4F0(_t31, 0xa);
					_t42 = _t39 + 8;
					if(_t37 != 0) {
						L3:
						_t35 = _t37 + 1;
						_t16 = E008BF620(_t35, "-----END");
						_t40 = _t42 + 8;
						if(_t16 == 0) {
							goto L9;
						} else {
							 *_t16 = 0;
							goto L5;
						}
					} else {
						_t37 = E008BF4F0(_t31, 0xd);
						_t40 = _t42 + 8;
						if(_t37 == 0) {
							L9:
							_t24 = 0;
						} else {
							goto L3;
						}
					}
				}
				if(_a28 >= 0x10) {
					L008BED53(_a8);
					_t40 = _t40 + 4;
				}
				 *[fs:0x0] = _v12;
				return _t24;
			}

0x00891500
0x00891502
0x0089150d
0x00891512
0x00891519
0x0089151e
0x00891524
0x00891536
0x0089153c
0x00891544
0x0089154e
0x00891550
0x00891555
0x0089158f
0x0089158f
0x00891590
0x00891591
0x0089159d
0x008915a2
0x00891557
0x0089155f
0x00891561
0x00891566
0x00891579
0x00891579
0x00891580
0x00891585
0x0089158a
0x00000000
0x0089158c
0x0089158c
0x00000000
0x0089158c
0x00891568
0x00891570
0x00891572
0x00891577
0x008915cd
0x008915cd
0x00000000
0x00000000
0x00000000
0x00891577
0x00891566
0x008915aa
0x008915b0
0x008915b5
0x008915b5
0x008915be
0x008915cc

APIs

_strstr.LIBCMT ref: 00891549
___from_strstr_to_strchr.LIBCMT ref: 0089155A
___from_strstr_to_strchr.LIBCMT ref: 0089156B
_strstr.LIBCMT ref: 00891580
ATOB_ConvertAsciiToItem_Util.NSS3(?,?), ref: 00891591

Strings

-----BEGIN, xrefs: 00891531
-----END, xrefs: 0089157A

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: ___from_strstr_to_strchr_strstr$AsciiConvertItem_Util
String ID: -----BEGIN$-----END
API String ID: 2731616114-4029955520
Opcode ID: d48cb6fbd47b4d56e6641e3aabb5ab5e1c41d90364b85f5d9ab553bbf58e1971
Instruction ID: 76d27f5f7e86a2f9166d40ad7d55678d77a02a19b887504fcd03e1725765c8cd
Opcode Fuzzy Hash: d48cb6fbd47b4d56e6641e3aabb5ab5e1c41d90364b85f5d9ab553bbf58e1971
Instruction Fuzzy Hash: 4B113831948310ABDB119B288C02B9B77D8FB85721F49062DFC59E3351D3699904C6B3

Uniqueness

Uniqueness Score: -1.00%

Function 008BB1A4, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E008BB1A4(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				void* _t22;
				intOrPtr* _t41;
				void* _t44;

				_push(0x14);
				E008C1E5D(E008E0C70, __ebx, __edi, __esi);
				E008A9CD8(_t44 - 0x14, 0);
				_t41 =  *0x8f4c80; // 0x0
				 *(_t44 - 4) =  *(_t44 - 4) & 0x00000000;
				 *((intOrPtr*)(_t44 - 0x10)) = _t41;
				_t17 = E0089D7D0( *((intOrPtr*)(_t44 + 8)), E0089ABF0());
				_t43 = _t17;
				if(_t17 == 0) {
					if(_t41 == 0) {
						_push( *((intOrPtr*)(_t44 + 8)));
						_push(_t44 - 0x10);
						_t22 = E008BB767(__ebx, __edx, _t41, _t43, __eflags);
						__eflags = _t22 - 0xffffffff;
						if(_t22 == 0xffffffff) {
							E008C0981(_t44 - 0x20, "bad cast");
							E008BF897(_t44 - 0x20, 0x8eeb58);
						}
						_t43 =  *((intOrPtr*)(_t44 - 0x10));
						 *0x8f4c80 = _t43;
						 *((intOrPtr*)( *_t43 + 4))();
						E008AA1B7(_t43);
					} else {
						_t43 = _t41;
					}
				}
				E008A9D33(_t44 - 0x14);
				return E008C1E2B(_t43);
			}

0x008bb1a4
0x008bb1ab
0x008bb1b5
0x008bb1ba
0x008bb1c5
0x008bb1c9
0x008bb1d5
0x008bb1da
0x008bb1de
0x008bb1e2
0x008bb1e8
0x008bb1ee
0x008bb1ef
0x008bb1f6
0x008bb1f9
0x008bb203
0x008bb211
0x008bb211
0x008bb216
0x008bb21b
0x008bb223
0x008bb227
0x008bb1e4
0x008bb1e4
0x008bb1e4
0x008bb1e2
0x008bb230
0x008bb23c

APIs

__EH_prolog3.LIBCMT ref: 008BB1AB
std::_Lockit::_Lockit.LIBCPMT ref: 008BB1B5

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

Part of subcall function 0089ABF0: std::_Lockit::_Lockit.LIBCPMT ref: 0089ABFF

collate.LIBCPMT ref: 008BB1EF
std::bad_exception::bad_exception.LIBCMT ref: 008BB203
__CxxThrowException@8.LIBCMT ref: 008BB211
std::_Facet_Register.LIBCPMT ref: 008BB227

Strings

bad cast, xrefs: 008BB1FB

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__lockcollatestd::bad_exception::bad_exception
String ID: bad cast
API String ID: 100112561-3145022300
Opcode ID: 5cd863e137fd2972fe48eea793fbb06303e0aec47f81527b2bebc33e7456fd8b
Instruction ID: 0f07c48d51ba93fb1268e405bdf2b592d5ac1ec1a765b9d71254ae9e093ad00f
Opcode Fuzzy Hash: 5cd863e137fd2972fe48eea793fbb06303e0aec47f81527b2bebc33e7456fd8b
Instruction Fuzzy Hash: D801AD319002199BDF14FBA8D852EEE7378FF41760F250519F921EB292DFB499048792

Uniqueness

Uniqueness Score: -1.00%

Function 008AE2C0, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E008AE2C0(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				void* _t22;
				intOrPtr* _t41;
				void* _t44;

				_push(0x14);
				E008C1E5D(E008E0C70, __ebx, __edi, __esi);
				E008A9CD8(_t44 - 0x14, 0);
				_t41 =  *0x8f4c38; // 0x0
				 *(_t44 - 4) =  *(_t44 - 4) & 0x00000000;
				 *((intOrPtr*)(_t44 - 0x10)) = _t41;
				_t17 = E0089D7D0( *((intOrPtr*)(_t44 + 8)), E0089ABF0());
				_t43 = _t17;
				if(_t17 == 0) {
					if(_t41 == 0) {
						_push( *((intOrPtr*)(_t44 + 8)));
						_push(_t44 - 0x10);
						_t22 = E008AFF58(__ebx, __edx, _t41, _t43, __eflags);
						__eflags = _t22 - 0xffffffff;
						if(_t22 == 0xffffffff) {
							E008C0981(_t44 - 0x20, "bad cast");
							E008BF897(_t44 - 0x20, 0x8eeb58);
						}
						_t43 =  *((intOrPtr*)(_t44 - 0x10));
						 *0x8f4c38 = _t43;
						 *((intOrPtr*)( *_t43 + 4))();
						E008AA1B7(_t43);
					} else {
						_t43 = _t41;
					}
				}
				E008A9D33(_t44 - 0x14);
				return E008C1E2B(_t43);
			}

0x008ae2c0
0x008ae2c7
0x008ae2d1
0x008ae2d6
0x008ae2e1
0x008ae2e5
0x008ae2f1
0x008ae2f6
0x008ae2fa
0x008ae2fe
0x008ae304
0x008ae30a
0x008ae30b
0x008ae312
0x008ae315
0x008ae31f
0x008ae32d
0x008ae32d
0x008ae332
0x008ae337
0x008ae33f
0x008ae343
0x008ae300
0x008ae300
0x008ae300
0x008ae2fe
0x008ae34c
0x008ae358

APIs

__EH_prolog3.LIBCMT ref: 008AE2C7
std::_Lockit::_Lockit.LIBCPMT ref: 008AE2D1

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

Part of subcall function 0089ABF0: std::_Lockit::_Lockit.LIBCPMT ref: 0089ABFF

collate.LIBCPMT ref: 008AE30B
std::bad_exception::bad_exception.LIBCMT ref: 008AE31F
__CxxThrowException@8.LIBCMT ref: 008AE32D
std::_Facet_Register.LIBCPMT ref: 008AE343

Strings

bad cast, xrefs: 008AE317

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__lockcollatestd::bad_exception::bad_exception
String ID: bad cast
API String ID: 100112561-3145022300
Opcode ID: d42339ac9cf084463a07260fb060a35877cd2b95c6523f2a5c0a8db7afc9cd71
Instruction ID: 9063a5a9bd0356a50f8b45bef941545167594f33bf2b930911cdb8a5b52d106f
Opcode Fuzzy Hash: d42339ac9cf084463a07260fb060a35877cd2b95c6523f2a5c0a8db7afc9cd71
Instruction Fuzzy Hash: A001AD359002199BEF04EBA8C842EBE7378FF02720F540919F511EB692DF749904C792

Uniqueness

Uniqueness Score: -1.00%

Function 008AE227, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E008AE227(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				void* _t22;
				intOrPtr* _t40;
				void* _t43;

				_push(0x14);
				E008C1E5D(E008E0C70, __ebx, __edi, __esi);
				E008A9CD8(_t43 - 0x14, 0);
				_t40 =  *0x8f4c58; // 0x0
				 *(_t43 - 4) =  *(_t43 - 4) & 0x00000000;
				 *((intOrPtr*)(_t43 - 0x10)) = _t40;
				_t17 = E0089D7D0( *((intOrPtr*)(_t43 + 8)), E0089ABF0());
				_t42 = _t17;
				if(_t17 == 0) {
					if(_t40 == 0) {
						_push( *((intOrPtr*)(_t43 + 8)));
						_push(_t43 - 0x10);
						_t22 = E008AFEF2(__ebx, _t40, _t42, __eflags);
						__eflags = _t22 - 0xffffffff;
						if(_t22 == 0xffffffff) {
							E008C0981(_t43 - 0x20, "bad cast");
							E008BF897(_t43 - 0x20, 0x8eeb58);
						}
						_t42 =  *((intOrPtr*)(_t43 - 0x10));
						 *0x8f4c58 = _t42;
						 *((intOrPtr*)( *_t42 + 4))();
						E008AA1B7(_t42);
					} else {
						_t42 = _t40;
					}
				}
				E008A9D33(_t43 - 0x14);
				return E008C1E2B(_t42);
			}

0x008ae227
0x008ae22e
0x008ae238
0x008ae23d
0x008ae248
0x008ae24c
0x008ae258
0x008ae25d
0x008ae261
0x008ae265
0x008ae26b
0x008ae271
0x008ae272
0x008ae279
0x008ae27c
0x008ae286
0x008ae294
0x008ae294
0x008ae299
0x008ae29e
0x008ae2a6
0x008ae2aa
0x008ae267
0x008ae267
0x008ae267
0x008ae265
0x008ae2b3
0x008ae2bf

APIs

__EH_prolog3.LIBCMT ref: 008AE22E
std::_Lockit::_Lockit.LIBCPMT ref: 008AE238

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

Part of subcall function 0089ABF0: std::_Lockit::_Lockit.LIBCPMT ref: 0089ABFF

codecvt.LIBCPMT ref: 008AE272
std::bad_exception::bad_exception.LIBCMT ref: 008AE286
__CxxThrowException@8.LIBCMT ref: 008AE294
std::_Facet_Register.LIBCPMT ref: 008AE2AA

Strings

bad cast, xrefs: 008AE27E

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__lockcodecvtstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 1512642153-3145022300
Opcode ID: a2dda3a5e0c3fa276e00dc9b97661b74e9a37ee8ee9474dd6750651ba6a73243
Instruction ID: cb1a661b09e2cd5d5d37faa631e1fab989af0275c2e9f5138a39cf091c5fb20e
Opcode Fuzzy Hash: a2dda3a5e0c3fa276e00dc9b97661b74e9a37ee8ee9474dd6750651ba6a73243
Instruction Fuzzy Hash: 0F01A13590025997DF05EBA8C852EEE7378FF01720F140919F511EB692DF7499048792

Uniqueness

Uniqueness Score: -1.00%

Function 008BB23D, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E008BB23D(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				void* _t22;
				intOrPtr* _t40;
				void* _t43;

				_push(0x14);
				E008C1E5D(E008E0C70, __ebx, __edi, __esi);
				E008A9CD8(_t43 - 0x14, 0);
				_t40 =  *0x8f4c84; // 0x0
				 *(_t43 - 4) =  *(_t43 - 4) & 0x00000000;
				 *((intOrPtr*)(_t43 - 0x10)) = _t40;
				_t17 = E0089D7D0( *((intOrPtr*)(_t43 + 8)), E0089ABF0());
				_t42 = _t17;
				if(_t17 == 0) {
					if(_t40 == 0) {
						_push( *((intOrPtr*)(_t43 + 8)));
						_push(_t43 - 0x10);
						_t22 = E008BB80D(__ebx, _t40, _t42, __eflags);
						__eflags = _t22 - 0xffffffff;
						if(_t22 == 0xffffffff) {
							E008C0981(_t43 - 0x20, "bad cast");
							E008BF897(_t43 - 0x20, 0x8eeb58);
						}
						_t42 =  *((intOrPtr*)(_t43 - 0x10));
						 *0x8f4c84 = _t42;
						 *((intOrPtr*)( *_t42 + 4))();
						E008AA1B7(_t42);
					} else {
						_t42 = _t40;
					}
				}
				E008A9D33(_t43 - 0x14);
				return E008C1E2B(_t42);
			}

0x008bb23d
0x008bb244
0x008bb24e
0x008bb253
0x008bb25e
0x008bb262
0x008bb26e
0x008bb273
0x008bb277
0x008bb27b
0x008bb281
0x008bb287
0x008bb288
0x008bb28f
0x008bb292
0x008bb29c
0x008bb2aa
0x008bb2aa
0x008bb2af
0x008bb2b4
0x008bb2bc
0x008bb2c0
0x008bb27d
0x008bb27d
0x008bb27d
0x008bb27b
0x008bb2c9
0x008bb2d5

APIs

__EH_prolog3.LIBCMT ref: 008BB244
std::_Lockit::_Lockit.LIBCPMT ref: 008BB24E

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

Part of subcall function 0089ABF0: std::_Lockit::_Lockit.LIBCPMT ref: 0089ABFF

messages.LIBCPMT ref: 008BB288
std::bad_exception::bad_exception.LIBCMT ref: 008BB29C
__CxxThrowException@8.LIBCMT ref: 008BB2AA
std::_Facet_Register.LIBCPMT ref: 008BB2C0

Strings

bad cast, xrefs: 008BB294

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__lockmessagesstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 274672093-3145022300
Opcode ID: 7d2187bdbbf9eee9ccb14c111e0b0932a5e41184d3d83c3b21ebcbd50cb62ccb
Instruction ID: 8f2f4a331fac1a3d7b5b849bd615ba2e0dd5ae35218dc3e1dcbf96084a3deacc
Opcode Fuzzy Hash: 7d2187bdbbf9eee9ccb14c111e0b0932a5e41184d3d83c3b21ebcbd50cb62ccb
Instruction Fuzzy Hash: 3201AD319002189BDF15EBA8C842EEE7778FF11760F240519F910EB292DFB499048B92

Uniqueness

Uniqueness Score: -1.00%

Function 008AE3F2, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E008AE3F2(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				void* _t22;
				intOrPtr* _t40;
				void* _t43;

				_push(0x14);
				E008C1E5D(E008E0C70, __ebx, __edi, __esi);
				E008A9CD8(_t43 - 0x14, 0);
				_t40 =  *0x8f4bfc; // 0x0
				 *(_t43 - 4) =  *(_t43 - 4) & 0x00000000;
				 *((intOrPtr*)(_t43 - 0x10)) = _t40;
				_t17 = E0089D7D0( *((intOrPtr*)(_t43 + 8)), E0089ABF0());
				_t42 = _t17;
				if(_t17 == 0) {
					if(_t40 == 0) {
						_push( *((intOrPtr*)(_t43 + 8)));
						_push(_t43 - 0x10);
						_t22 = E008B00A4(__ebx, _t40, _t42, __eflags);
						__eflags = _t22 - 0xffffffff;
						if(_t22 == 0xffffffff) {
							E008C0981(_t43 - 0x20, "bad cast");
							E008BF897(_t43 - 0x20, 0x8eeb58);
						}
						_t42 =  *((intOrPtr*)(_t43 - 0x10));
						 *0x8f4bfc = _t42;
						 *((intOrPtr*)( *_t42 + 4))();
						E008AA1B7(_t42);
					} else {
						_t42 = _t40;
					}
				}
				E008A9D33(_t43 - 0x14);
				return E008C1E2B(_t42);
			}

0x008ae3f2
0x008ae3f9
0x008ae403
0x008ae408
0x008ae413
0x008ae417
0x008ae423
0x008ae428
0x008ae42c
0x008ae430
0x008ae436
0x008ae43c
0x008ae43d
0x008ae444
0x008ae447
0x008ae451
0x008ae45f
0x008ae45f
0x008ae464
0x008ae469
0x008ae471
0x008ae475
0x008ae432
0x008ae432
0x008ae432
0x008ae430
0x008ae47e
0x008ae48a

APIs

__EH_prolog3.LIBCMT ref: 008AE3F9
std::_Lockit::_Lockit.LIBCPMT ref: 008AE403

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

Part of subcall function 0089ABF0: std::_Lockit::_Lockit.LIBCPMT ref: 0089ABFF

ctype.LIBCPMT ref: 008AE43D
std::bad_exception::bad_exception.LIBCMT ref: 008AE451
__CxxThrowException@8.LIBCMT ref: 008AE45F
std::_Facet_Register.LIBCPMT ref: 008AE475

Strings

bad cast, xrefs: 008AE449

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__lockctypestd::bad_exception::bad_exception
String ID: bad cast
API String ID: 3821627282-3145022300
Opcode ID: 7df0ef31cbb9a2c94eb8e72563e4a2a55c670dc333db487b7da5bc6efdfa1b8f
Instruction ID: 84bd8976c4b7610359ac3b7fd51b1e3b6ebabe42a03c2876aef929621b5018cb
Opcode Fuzzy Hash: 7df0ef31cbb9a2c94eb8e72563e4a2a55c670dc333db487b7da5bc6efdfa1b8f
Instruction Fuzzy Hash: 1B01C0359006199BEF14FBE8C842EEE7378FF45720F540919FA50EB692DB749904CB92

Uniqueness

Uniqueness Score: -1.00%

Function 008AE359, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E008AE359(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				void* _t22;
				intOrPtr* _t41;
				void* _t44;

				_push(0x14);
				E008C1E5D(E008E0C70, __ebx, __edi, __esi);
				E008A9CD8(_t44 - 0x14, 0);
				_t41 =  *0x8f4c0c; // 0x0
				 *(_t44 - 4) =  *(_t44 - 4) & 0x00000000;
				 *((intOrPtr*)(_t44 - 0x10)) = _t41;
				_t17 = E0089D7D0( *((intOrPtr*)(_t44 + 8)), E0089ABF0());
				_t43 = _t17;
				if(_t17 == 0) {
					if(_t41 == 0) {
						_push( *((intOrPtr*)(_t44 + 8)));
						_push(_t44 - 0x10);
						_t22 = E008AFFFE(__ebx, __edx, _t41, _t43, __eflags);
						__eflags = _t22 - 0xffffffff;
						if(_t22 == 0xffffffff) {
							E008C0981(_t44 - 0x20, "bad cast");
							E008BF897(_t44 - 0x20, 0x8eeb58);
						}
						_t43 =  *((intOrPtr*)(_t44 - 0x10));
						 *0x8f4c0c = _t43;
						 *((intOrPtr*)( *_t43 + 4))();
						E008AA1B7(_t43);
					} else {
						_t43 = _t41;
					}
				}
				E008A9D33(_t44 - 0x14);
				return E008C1E2B(_t43);
			}

0x008ae359
0x008ae360
0x008ae36a
0x008ae36f
0x008ae37a
0x008ae37e
0x008ae38a
0x008ae38f
0x008ae393
0x008ae397
0x008ae39d
0x008ae3a3
0x008ae3a4
0x008ae3ab
0x008ae3ae
0x008ae3b8
0x008ae3c6
0x008ae3c6
0x008ae3cb
0x008ae3d0
0x008ae3d8
0x008ae3dc
0x008ae399
0x008ae399
0x008ae399
0x008ae397
0x008ae3e5
0x008ae3f1

APIs

__EH_prolog3.LIBCMT ref: 008AE360
std::_Lockit::_Lockit.LIBCPMT ref: 008AE36A

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

Part of subcall function 0089ABF0: std::_Lockit::_Lockit.LIBCPMT ref: 0089ABFF

collate.LIBCPMT ref: 008AE3A4
std::bad_exception::bad_exception.LIBCMT ref: 008AE3B8
__CxxThrowException@8.LIBCMT ref: 008AE3C6
std::_Facet_Register.LIBCPMT ref: 008AE3DC

Strings

bad cast, xrefs: 008AE3B0

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__lockcollatestd::bad_exception::bad_exception
String ID: bad cast
API String ID: 100112561-3145022300
Opcode ID: 0328eb109fc637e62adc0efaeb9817f697df2e4cad19982b9bf6a287dae39890
Instruction ID: b8d9e5d2a195a458407dfa2b66d0a9f5b79e8ca99d6ddffcaba049102c1c0f7d
Opcode Fuzzy Hash: 0328eb109fc637e62adc0efaeb9817f697df2e4cad19982b9bf6a287dae39890
Instruction Fuzzy Hash: 6801C0329001189BEF04FBA8C852EAE7374FF42720F644919FA11EB692DF749D048B92

Uniqueness

Uniqueness Score: -1.00%

Function 008AE48B, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E008AE48B(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				void* _t22;
				intOrPtr* _t40;
				void* _t43;

				_push(0x14);
				E008C1E5D(E008E0C70, __ebx, __edi, __esi);
				E008A9CD8(_t43 - 0x14, 0);
				_t40 =  *0x8f4bf8; // 0x0
				 *(_t43 - 4) =  *(_t43 - 4) & 0x00000000;
				 *((intOrPtr*)(_t43 - 0x10)) = _t40;
				_t17 = E0089D7D0( *((intOrPtr*)(_t43 + 8)), E0089ABF0());
				_t42 = _t17;
				if(_t17 == 0) {
					if(_t40 == 0) {
						_push( *((intOrPtr*)(_t43 + 8)));
						_push(_t43 - 0x10);
						_t22 = E008B0114(__ebx, _t40, _t42, __eflags);
						__eflags = _t22 - 0xffffffff;
						if(_t22 == 0xffffffff) {
							E008C0981(_t43 - 0x20, "bad cast");
							E008BF897(_t43 - 0x20, 0x8eeb58);
						}
						_t42 =  *((intOrPtr*)(_t43 - 0x10));
						 *0x8f4bf8 = _t42;
						 *((intOrPtr*)( *_t42 + 4))();
						E008AA1B7(_t42);
					} else {
						_t42 = _t40;
					}
				}
				E008A9D33(_t43 - 0x14);
				return E008C1E2B(_t42);
			}

0x008ae48b
0x008ae492
0x008ae49c
0x008ae4a1
0x008ae4ac
0x008ae4b0
0x008ae4bc
0x008ae4c1
0x008ae4c5
0x008ae4c9
0x008ae4cf
0x008ae4d5
0x008ae4d6
0x008ae4dd
0x008ae4e0
0x008ae4ea
0x008ae4f8
0x008ae4f8
0x008ae4fd
0x008ae502
0x008ae50a
0x008ae50e
0x008ae4cb
0x008ae4cb
0x008ae4cb
0x008ae4c9
0x008ae517
0x008ae523

APIs

__EH_prolog3.LIBCMT ref: 008AE492
std::_Lockit::_Lockit.LIBCPMT ref: 008AE49C

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

Part of subcall function 0089ABF0: std::_Lockit::_Lockit.LIBCPMT ref: 0089ABFF

ctype.LIBCPMT ref: 008AE4D6
std::bad_exception::bad_exception.LIBCMT ref: 008AE4EA
__CxxThrowException@8.LIBCMT ref: 008AE4F8
std::_Facet_Register.LIBCPMT ref: 008AE50E

Strings

bad cast, xrefs: 008AE4E2

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__lockctypestd::bad_exception::bad_exception
String ID: bad cast
API String ID: 3821627282-3145022300
Opcode ID: ab7aabe8498f116ac3adbeb239c4f1f328c51d15cc7b13b5322bb05b9be4c868
Instruction ID: 5acfb96b666c34df2aceee3ff203c339467ccd08d09b8d8313fcc17275e7aaf8
Opcode Fuzzy Hash: ab7aabe8498f116ac3adbeb239c4f1f328c51d15cc7b13b5322bb05b9be4c868
Instruction Fuzzy Hash: 1B01C43590012997DF04FBA8C842EEE7378FF05720F150919F510E7692DF749904C792

Uniqueness

Uniqueness Score: -1.00%

Function 008BB4A1, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E008BB4A1(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				void* _t22;
				intOrPtr* _t40;
				void* _t43;

				_push(0x14);
				E008C1E5D(E008E0C70, __ebx, __edi, __esi);
				E008A9CD8(_t43 - 0x14, 0);
				_t40 =  *0x8f4c90; // 0x0
				 *(_t43 - 4) =  *(_t43 - 4) & 0x00000000;
				 *((intOrPtr*)(_t43 - 0x10)) = _t40;
				_t17 = E0089D7D0( *((intOrPtr*)(_t43 + 8)), E0089ABF0());
				_t42 = _t17;
				if(_t17 == 0) {
					if(_t40 == 0) {
						_push( *((intOrPtr*)(_t43 + 8)));
						_push(_t43 - 0x10);
						_t22 = E008BB9C9(__ebx, _t40, _t42, __eflags);
						__eflags = _t22 - 0xffffffff;
						if(_t22 == 0xffffffff) {
							E008C0981(_t43 - 0x20, "bad cast");
							E008BF897(_t43 - 0x20, 0x8eeb58);
						}
						_t42 =  *((intOrPtr*)(_t43 - 0x10));
						 *0x8f4c90 = _t42;
						 *((intOrPtr*)( *_t42 + 4))();
						E008AA1B7(_t42);
					} else {
						_t42 = _t40;
					}
				}
				E008A9D33(_t43 - 0x14);
				return E008C1E2B(_t42);
			}

0x008bb4a1
0x008bb4a8
0x008bb4b2
0x008bb4b7
0x008bb4c2
0x008bb4c6
0x008bb4d2
0x008bb4d7
0x008bb4db
0x008bb4df
0x008bb4e5
0x008bb4eb
0x008bb4ec
0x008bb4f3
0x008bb4f6
0x008bb500
0x008bb50e
0x008bb50e
0x008bb513
0x008bb518
0x008bb520
0x008bb524
0x008bb4e1
0x008bb4e1
0x008bb4e1
0x008bb4df
0x008bb52d
0x008bb539

APIs

__EH_prolog3.LIBCMT ref: 008BB4A8
std::_Lockit::_Lockit.LIBCPMT ref: 008BB4B2

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

Part of subcall function 0089ABF0: std::_Lockit::_Lockit.LIBCPMT ref: 0089ABFF

moneypunct.LIBCPMT ref: 008BB4EC
std::bad_exception::bad_exception.LIBCMT ref: 008BB500
__CxxThrowException@8.LIBCMT ref: 008BB50E
std::_Facet_Register.LIBCPMT ref: 008BB524

Strings

bad cast, xrefs: 008BB4F8

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__lockmoneypunctstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 3008301872-3145022300
Opcode ID: 9a5cc5ab4a0b2aeb1e9142d4e1441fb615d3a3c33e9a7fd866adde1d982a7e38
Instruction ID: fcef17dc7fc2c080e845b1d92202b6ff488474edf0d6598d8917bbe5440afbd7
Opcode Fuzzy Hash: 9a5cc5ab4a0b2aeb1e9142d4e1441fb615d3a3c33e9a7fd866adde1d982a7e38
Instruction Fuzzy Hash: A901AD31900219ABDF14EBA8D852AEE7774FF01720F140519F511EB292DFB49A04C792

Uniqueness

Uniqueness Score: -1.00%

Function 008BB408, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E008BB408(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				void* _t22;
				intOrPtr* _t40;
				void* _t43;

				_push(0x14);
				E008C1E5D(E008E0C70, __ebx, __edi, __esi);
				E008A9CD8(_t43 - 0x14, 0);
				_t40 =  *0x8f4c94; // 0x0
				 *(_t43 - 4) =  *(_t43 - 4) & 0x00000000;
				 *((intOrPtr*)(_t43 - 0x10)) = _t40;
				_t17 = E0089D7D0( *((intOrPtr*)(_t43 + 8)), E0089ABF0());
				_t42 = _t17;
				if(_t17 == 0) {
					if(_t40 == 0) {
						_push( *((intOrPtr*)(_t43 + 8)));
						_push(_t43 - 0x10);
						_t22 = E008BB945(__ebx, _t40, _t42, __eflags);
						__eflags = _t22 - 0xffffffff;
						if(_t22 == 0xffffffff) {
							E008C0981(_t43 - 0x20, "bad cast");
							E008BF897(_t43 - 0x20, 0x8eeb58);
						}
						_t42 =  *((intOrPtr*)(_t43 - 0x10));
						 *0x8f4c94 = _t42;
						 *((intOrPtr*)( *_t42 + 4))();
						E008AA1B7(_t42);
					} else {
						_t42 = _t40;
					}
				}
				E008A9D33(_t43 - 0x14);
				return E008C1E2B(_t42);
			}

0x008bb408
0x008bb40f
0x008bb419
0x008bb41e
0x008bb429
0x008bb42d
0x008bb439
0x008bb43e
0x008bb442
0x008bb446
0x008bb44c
0x008bb452
0x008bb453
0x008bb45a
0x008bb45d
0x008bb467
0x008bb475
0x008bb475
0x008bb47a
0x008bb47f
0x008bb487
0x008bb48b
0x008bb448
0x008bb448
0x008bb448
0x008bb446
0x008bb494
0x008bb4a0

APIs

__EH_prolog3.LIBCMT ref: 008BB40F
std::_Lockit::_Lockit.LIBCPMT ref: 008BB419

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

Part of subcall function 0089ABF0: std::_Lockit::_Lockit.LIBCPMT ref: 0089ABFF

moneypunct.LIBCPMT ref: 008BB453
std::bad_exception::bad_exception.LIBCMT ref: 008BB467
__CxxThrowException@8.LIBCMT ref: 008BB475
std::_Facet_Register.LIBCPMT ref: 008BB48B

Strings

bad cast, xrefs: 008BB45F

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__lockmoneypunctstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 3008301872-3145022300
Opcode ID: 6cbdec1511ef37ae0bde2ca112f37941a2b601f517543fc264897a66e98e135a
Instruction ID: d071f57cc02e4a42a0f1969cbaaa4cf5bb64533bf832962ae130fcb2a6ff004c
Opcode Fuzzy Hash: 6cbdec1511ef37ae0bde2ca112f37941a2b601f517543fc264897a66e98e135a
Instruction Fuzzy Hash: A701AD31900229ABDF14EBA8C842AEE7774FF41720F140519F551EB392DFB49904C796

Uniqueness

Uniqueness Score: -1.00%

Function 008AE5BD, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E008AE5BD(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				void* _t22;
				intOrPtr* _t40;
				void* _t43;

				_push(0x14);
				E008C1E5D(E008E0C70, __ebx, __edi, __esi);
				E008A9CD8(_t43 - 0x14, 0);
				_t40 =  *0x8f4c10; // 0x0
				 *(_t43 - 4) =  *(_t43 - 4) & 0x00000000;
				 *((intOrPtr*)(_t43 - 0x10)) = _t40;
				_t17 = E0089D7D0( *((intOrPtr*)(_t43 + 8)), E0089ABF0());
				_t42 = _t17;
				if(_t17 == 0) {
					if(_t40 == 0) {
						_push( *((intOrPtr*)(_t43 + 8)));
						_push(_t43 - 0x10);
						_t22 = E008B01EC(__ebx, _t40, _t42, __eflags);
						__eflags = _t22 - 0xffffffff;
						if(_t22 == 0xffffffff) {
							E008C0981(_t43 - 0x20, "bad cast");
							E008BF897(_t43 - 0x20, 0x8eeb58);
						}
						_t42 =  *((intOrPtr*)(_t43 - 0x10));
						 *0x8f4c10 = _t42;
						 *((intOrPtr*)( *_t42 + 4))();
						E008AA1B7(_t42);
					} else {
						_t42 = _t40;
					}
				}
				E008A9D33(_t43 - 0x14);
				return E008C1E2B(_t42);
			}

0x008ae5bd
0x008ae5c4
0x008ae5ce
0x008ae5d3
0x008ae5de
0x008ae5e2
0x008ae5ee
0x008ae5f3
0x008ae5f7
0x008ae5fb
0x008ae601
0x008ae607
0x008ae608
0x008ae60f
0x008ae612
0x008ae61c
0x008ae62a
0x008ae62a
0x008ae62f
0x008ae634
0x008ae63c
0x008ae640
0x008ae5fd
0x008ae5fd
0x008ae5fd
0x008ae5fb
0x008ae649
0x008ae655

APIs

__EH_prolog3.LIBCMT ref: 008AE5C4
std::_Lockit::_Lockit.LIBCPMT ref: 008AE5CE

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

Part of subcall function 0089ABF0: std::_Lockit::_Lockit.LIBCPMT ref: 0089ABFF

messages.LIBCPMT ref: 008AE608
std::bad_exception::bad_exception.LIBCMT ref: 008AE61C
__CxxThrowException@8.LIBCMT ref: 008AE62A
std::_Facet_Register.LIBCPMT ref: 008AE640

Strings

bad cast, xrefs: 008AE614

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__lockmessagesstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 274672093-3145022300
Opcode ID: 112f6eb5dd0e69f5bc380866c14ae548592b8411a593fe01aa549f9a02514f77
Instruction ID: ed58198770289c9daa14587624060b2a3bfad33d43139658060a9099cadd31fa
Opcode Fuzzy Hash: 112f6eb5dd0e69f5bc380866c14ae548592b8411a593fe01aa549f9a02514f77
Instruction Fuzzy Hash: 0B01C43190011897DF14FBA8C842EEE7378FF65760F140919F511E7692DF749904CB92

Uniqueness

Uniqueness Score: -1.00%

Function 008AE524, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E008AE524(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				void* _t22;
				intOrPtr* _t40;
				void* _t43;

				_push(0x14);
				E008C1E5D(E008E0C70, __ebx, __edi, __esi);
				E008A9CD8(_t43 - 0x14, 0);
				_t40 =  *0x8f4c3c; // 0x0
				 *(_t43 - 4) =  *(_t43 - 4) & 0x00000000;
				 *((intOrPtr*)(_t43 - 0x10)) = _t40;
				_t17 = E0089D7D0( *((intOrPtr*)(_t43 + 8)), E0089ABF0());
				_t42 = _t17;
				if(_t17 == 0) {
					if(_t40 == 0) {
						_push( *((intOrPtr*)(_t43 + 8)));
						_push(_t43 - 0x10);
						_t22 = E008B0184(__ebx, _t40, _t42, __eflags);
						__eflags = _t22 - 0xffffffff;
						if(_t22 == 0xffffffff) {
							E008C0981(_t43 - 0x20, "bad cast");
							E008BF897(_t43 - 0x20, 0x8eeb58);
						}
						_t42 =  *((intOrPtr*)(_t43 - 0x10));
						 *0x8f4c3c = _t42;
						 *((intOrPtr*)( *_t42 + 4))();
						E008AA1B7(_t42);
					} else {
						_t42 = _t40;
					}
				}
				E008A9D33(_t43 - 0x14);
				return E008C1E2B(_t42);
			}

0x008ae524
0x008ae52b
0x008ae535
0x008ae53a
0x008ae545
0x008ae549
0x008ae555
0x008ae55a
0x008ae55e
0x008ae562
0x008ae568
0x008ae56e
0x008ae56f
0x008ae576
0x008ae579
0x008ae583
0x008ae591
0x008ae591
0x008ae596
0x008ae59b
0x008ae5a3
0x008ae5a7
0x008ae564
0x008ae564
0x008ae564
0x008ae562
0x008ae5b0
0x008ae5bc

APIs

__EH_prolog3.LIBCMT ref: 008AE52B
std::_Lockit::_Lockit.LIBCPMT ref: 008AE535

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

Part of subcall function 0089ABF0: std::_Lockit::_Lockit.LIBCPMT ref: 0089ABFF

messages.LIBCPMT ref: 008AE56F
std::bad_exception::bad_exception.LIBCMT ref: 008AE583
__CxxThrowException@8.LIBCMT ref: 008AE591
std::_Facet_Register.LIBCPMT ref: 008AE5A7

Strings

bad cast, xrefs: 008AE57B

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__lockmessagesstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 274672093-3145022300
Opcode ID: 9fd73e73fc264e85df18c2d368b52fc027849708003a2e5e46314150d662b78a
Instruction ID: 0c63cf1bafd6c9e34ed0128ba939b5b08067468721d7adb4a88f67614d35d605
Opcode Fuzzy Hash: 9fd73e73fc264e85df18c2d368b52fc027849708003a2e5e46314150d662b78a
Instruction Fuzzy Hash: 7C018B32D002189BEF14FBA8C846AAE7374FF06764F540919F911EB692DF749A05CB92

Uniqueness

Uniqueness Score: -1.00%

Function 008AE8BA, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E008AE8BA(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				void* _t22;
				void* _t39;
				intOrPtr* _t41;
				void* _t44;

				_push(0x14);
				E008C1E5D(E008E0C70, __ebx, __edi, __esi);
				E008A9CD8(_t44 - 0x14, 0);
				_t41 =  *0x8f4c4c; // 0x0
				 *(_t44 - 4) =  *(_t44 - 4) & 0x00000000;
				 *((intOrPtr*)(_t44 - 0x10)) = _t41;
				_t17 = E0089D7D0( *((intOrPtr*)(_t44 + 8)), E0089ABF0());
				_t43 = _t17;
				if(_t17 == 0) {
					if(_t41 == 0) {
						_push( *((intOrPtr*)(_t44 + 8)));
						_push(_t44 - 0x10);
						_t22 = E008B03F4(__ebx, _t39, _t41, _t43, __eflags);
						__eflags = _t22 - 0xffffffff;
						if(_t22 == 0xffffffff) {
							E008C0981(_t44 - 0x20, "bad cast");
							E008BF897(_t44 - 0x20, 0x8eeb58);
						}
						_t43 =  *((intOrPtr*)(_t44 - 0x10));
						 *0x8f4c4c = _t43;
						 *((intOrPtr*)( *_t43 + 4))();
						E008AA1B7(_t43);
					} else {
						_t43 = _t41;
					}
				}
				E008A9D33(_t44 - 0x14);
				return E008C1E2B(_t43);
			}

0x008ae8ba
0x008ae8c1
0x008ae8cb
0x008ae8d0
0x008ae8db
0x008ae8df
0x008ae8eb
0x008ae8f0
0x008ae8f4
0x008ae8f8
0x008ae8fe
0x008ae904
0x008ae905
0x008ae90c
0x008ae90f
0x008ae919
0x008ae927
0x008ae927
0x008ae92c
0x008ae931
0x008ae939
0x008ae93d
0x008ae8fa
0x008ae8fa
0x008ae8fa
0x008ae8f8
0x008ae946
0x008ae952

APIs

__EH_prolog3.LIBCMT ref: 008AE8C1
std::_Lockit::_Lockit.LIBCPMT ref: 008AE8CB

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

Part of subcall function 0089ABF0: std::_Lockit::_Lockit.LIBCPMT ref: 0089ABFF

moneypunct.LIBCPMT ref: 008AE905
std::bad_exception::bad_exception.LIBCMT ref: 008AE919
__CxxThrowException@8.LIBCMT ref: 008AE927
std::_Facet_Register.LIBCPMT ref: 008AE93D

Strings

bad cast, xrefs: 008AE911

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__lockmoneypunctstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 3008301872-3145022300
Opcode ID: 530c3258c8f09bee110d3a0d3b5ecf968b1805469fed469fd7f73ca4b02ba325
Instruction ID: 5ff791eb645a50afd8c819ec41dd104e832d950ef298194d13d8d47bb78c26f5
Opcode Fuzzy Hash: 530c3258c8f09bee110d3a0d3b5ecf968b1805469fed469fd7f73ca4b02ba325
Instruction Fuzzy Hash: E601A13591021897DF14FBA8C842AAE7778FF05720F180919F510E76A2DF749A048B92

Uniqueness

Uniqueness Score: -1.00%

Function 008AE9EC, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E008AE9EC(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				void* _t22;
				intOrPtr* _t40;
				void* _t43;

				_push(0x14);
				E008C1E5D(E008E0C70, __ebx, __edi, __esi);
				E008A9CD8(_t43 - 0x14, 0);
				_t40 =  *0x8f4c20; // 0x0
				 *(_t43 - 4) =  *(_t43 - 4) & 0x00000000;
				 *((intOrPtr*)(_t43 - 0x10)) = _t40;
				_t17 = E0089D7D0( *((intOrPtr*)(_t43 + 8)), E0089ABF0());
				_t42 = _t17;
				if(_t17 == 0) {
					if(_t40 == 0) {
						_push( *((intOrPtr*)(_t43 + 8)));
						_push(_t43 - 0x10);
						_t22 = E008B04FD(__ebx, _t40, _t42, __eflags);
						__eflags = _t22 - 0xffffffff;
						if(_t22 == 0xffffffff) {
							E008C0981(_t43 - 0x20, "bad cast");
							E008BF897(_t43 - 0x20, 0x8eeb58);
						}
						_t42 =  *((intOrPtr*)(_t43 - 0x10));
						 *0x8f4c20 = _t42;
						 *((intOrPtr*)( *_t42 + 4))();
						E008AA1B7(_t42);
					} else {
						_t42 = _t40;
					}
				}
				E008A9D33(_t43 - 0x14);
				return E008C1E2B(_t42);
			}

0x008ae9ec
0x008ae9f3
0x008ae9fd
0x008aea02
0x008aea0d
0x008aea11
0x008aea1d
0x008aea22
0x008aea26
0x008aea2a
0x008aea30
0x008aea36
0x008aea37
0x008aea3e
0x008aea41
0x008aea4b
0x008aea59
0x008aea59
0x008aea5e
0x008aea63
0x008aea6b
0x008aea6f
0x008aea2c
0x008aea2c
0x008aea2c
0x008aea2a
0x008aea78
0x008aea84

APIs

__EH_prolog3.LIBCMT ref: 008AE9F3
std::_Lockit::_Lockit.LIBCPMT ref: 008AE9FD

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

Part of subcall function 0089ABF0: std::_Lockit::_Lockit.LIBCPMT ref: 0089ABFF

moneypunct.LIBCPMT ref: 008AEA37
std::bad_exception::bad_exception.LIBCMT ref: 008AEA4B
__CxxThrowException@8.LIBCMT ref: 008AEA59
std::_Facet_Register.LIBCPMT ref: 008AEA6F

Strings

bad cast, xrefs: 008AEA43

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__lockmoneypunctstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 3008301872-3145022300
Opcode ID: c6016a5b3f48b095799bac5f5f3eb6fa65a7fde6ce364c7312148005759d588f
Instruction ID: 33f2908fbfc505d9eacebf97e99bd7c46a895d898521a54e7c61ec004b071348
Opcode Fuzzy Hash: c6016a5b3f48b095799bac5f5f3eb6fa65a7fde6ce364c7312148005759d588f
Instruction Fuzzy Hash: A501C0359002299BDF04FBA8C852EEE7375FF15720F140919FA11EB692DF749A048B92

Uniqueness

Uniqueness Score: -1.00%

Function 008AE953, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E008AE953(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				void* _t22;
				void* _t39;
				intOrPtr* _t41;
				void* _t44;

				_push(0x14);
				E008C1E5D(E008E0C70, __ebx, __edi, __esi);
				E008A9CD8(_t44 - 0x14, 0);
				_t41 =  *0x8f4c48; // 0x0
				 *(_t44 - 4) =  *(_t44 - 4) & 0x00000000;
				 *((intOrPtr*)(_t44 - 0x10)) = _t41;
				_t17 = E0089D7D0( *((intOrPtr*)(_t44 + 8)), E0089ABF0());
				_t43 = _t17;
				if(_t17 == 0) {
					if(_t41 == 0) {
						_push( *((intOrPtr*)(_t44 + 8)));
						_push(_t44 - 0x10);
						_t22 = E008B0478(__ebx, _t39, _t41, _t43, __eflags);
						__eflags = _t22 - 0xffffffff;
						if(_t22 == 0xffffffff) {
							E008C0981(_t44 - 0x20, "bad cast");
							E008BF897(_t44 - 0x20, 0x8eeb58);
						}
						_t43 =  *((intOrPtr*)(_t44 - 0x10));
						 *0x8f4c48 = _t43;
						 *((intOrPtr*)( *_t43 + 4))();
						E008AA1B7(_t43);
					} else {
						_t43 = _t41;
					}
				}
				E008A9D33(_t44 - 0x14);
				return E008C1E2B(_t43);
			}

0x008ae953
0x008ae95a
0x008ae964
0x008ae969
0x008ae974
0x008ae978
0x008ae984
0x008ae989
0x008ae98d
0x008ae991
0x008ae997
0x008ae99d
0x008ae99e
0x008ae9a5
0x008ae9a8
0x008ae9b2
0x008ae9c0
0x008ae9c0
0x008ae9c5
0x008ae9ca
0x008ae9d2
0x008ae9d6
0x008ae993
0x008ae993
0x008ae993
0x008ae991
0x008ae9df
0x008ae9eb

APIs

__EH_prolog3.LIBCMT ref: 008AE95A
std::_Lockit::_Lockit.LIBCPMT ref: 008AE964

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

Part of subcall function 0089ABF0: std::_Lockit::_Lockit.LIBCPMT ref: 0089ABFF

moneypunct.LIBCPMT ref: 008AE99E
std::bad_exception::bad_exception.LIBCMT ref: 008AE9B2
__CxxThrowException@8.LIBCMT ref: 008AE9C0
std::_Facet_Register.LIBCPMT ref: 008AE9D6

Strings

bad cast, xrefs: 008AE9AA

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__lockmoneypunctstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 3008301872-3145022300
Opcode ID: cf0c3cb36cd0ea55e4f43bf6d8f5d1f4703cd75f8b4cd5e98fde78e70c3558a2
Instruction ID: 35e76549a820aae03800db78805007992e079431bc02bfd813f93299024bd481
Opcode Fuzzy Hash: cf0c3cb36cd0ea55e4f43bf6d8f5d1f4703cd75f8b4cd5e98fde78e70c3558a2
Instruction Fuzzy Hash: F501C4359002189BDF14FBA8C842EEE7774FF41720F540919F510E76A2DF749904C792

Uniqueness

Uniqueness Score: -1.00%

Function 008AEA85, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E008AEA85(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				void* _t22;
				intOrPtr* _t40;
				void* _t43;

				_push(0x14);
				E008C1E5D(E008E0C70, __ebx, __edi, __esi);
				E008A9CD8(_t43 - 0x14, 0);
				_t40 =  *0x8f4c1c; // 0x0
				 *(_t43 - 4) =  *(_t43 - 4) & 0x00000000;
				 *((intOrPtr*)(_t43 - 0x10)) = _t40;
				_t17 = E0089D7D0( *((intOrPtr*)(_t43 + 8)), E0089ABF0());
				_t42 = _t17;
				if(_t17 == 0) {
					if(_t40 == 0) {
						_push( *((intOrPtr*)(_t43 + 8)));
						_push(_t43 - 0x10);
						_t22 = E008B0581(__ebx, _t40, _t42, __eflags);
						__eflags = _t22 - 0xffffffff;
						if(_t22 == 0xffffffff) {
							E008C0981(_t43 - 0x20, "bad cast");
							E008BF897(_t43 - 0x20, 0x8eeb58);
						}
						_t42 =  *((intOrPtr*)(_t43 - 0x10));
						 *0x8f4c1c = _t42;
						 *((intOrPtr*)( *_t42 + 4))();
						E008AA1B7(_t42);
					} else {
						_t42 = _t40;
					}
				}
				E008A9D33(_t43 - 0x14);
				return E008C1E2B(_t42);
			}

0x008aea85
0x008aea8c
0x008aea96
0x008aea9b
0x008aeaa6
0x008aeaaa
0x008aeab6
0x008aeabb
0x008aeabf
0x008aeac3
0x008aeac9
0x008aeacf
0x008aead0
0x008aead7
0x008aeada
0x008aeae4
0x008aeaf2
0x008aeaf2
0x008aeaf7
0x008aeafc
0x008aeb04
0x008aeb08
0x008aeac5
0x008aeac5
0x008aeac5
0x008aeac3
0x008aeb11
0x008aeb1d

APIs

__EH_prolog3.LIBCMT ref: 008AEA8C
std::_Lockit::_Lockit.LIBCPMT ref: 008AEA96

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

Part of subcall function 0089ABF0: std::_Lockit::_Lockit.LIBCPMT ref: 0089ABFF

moneypunct.LIBCPMT ref: 008AEAD0
std::bad_exception::bad_exception.LIBCMT ref: 008AEAE4
__CxxThrowException@8.LIBCMT ref: 008AEAF2
std::_Facet_Register.LIBCPMT ref: 008AEB08

Strings

bad cast, xrefs: 008AEADC

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__lockmoneypunctstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 3008301872-3145022300
Opcode ID: a58a6da3b68476bd2a3b4fa82bdf337d6c574b9c78cfd241b9a2e30215a2b075
Instruction ID: 321d1ea0ff923c37f01adac74667bf242fdb853301c9a8cf243fae7da868d49e
Opcode Fuzzy Hash: a58a6da3b68476bd2a3b4fa82bdf337d6c574b9c78cfd241b9a2e30215a2b075
Instruction Fuzzy Hash: FD01A1319001299BDF14EBE8C846EAE7374FF51720F140919FA11F7692DF749905CB92

Uniqueness

Uniqueness Score: -1.00%

Function 008AED82, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E008AED82(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				void* _t22;
				void* _t39;
				intOrPtr* _t41;
				void* _t44;

				_push(0x14);
				E008C1E5D(E008E0C70, __ebx, __edi, __esi);
				E008A9CD8(_t44 - 0x14, 0);
				_t41 =  *0x8f4c34; // 0x0
				 *(_t44 - 4) =  *(_t44 - 4) & 0x00000000;
				 *((intOrPtr*)(_t44 - 0x10)) = _t41;
				_t17 = E0089D7D0( *((intOrPtr*)(_t44 + 8)), E0089ABF0());
				_t43 = _t17;
				if(_t17 == 0) {
					if(_t41 == 0) {
						_push( *((intOrPtr*)(_t44 + 8)));
						_push(_t44 - 0x10);
						_t22 = E008B07A6(__ebx, _t39, _t41, _t43, __eflags);
						__eflags = _t22 - 0xffffffff;
						if(_t22 == 0xffffffff) {
							E008C0981(_t44 - 0x20, "bad cast");
							E008BF897(_t44 - 0x20, 0x8eeb58);
						}
						_t43 =  *((intOrPtr*)(_t44 - 0x10));
						 *0x8f4c34 = _t43;
						 *((intOrPtr*)( *_t43 + 4))();
						E008AA1B7(_t43);
					} else {
						_t43 = _t41;
					}
				}
				E008A9D33(_t44 - 0x14);
				return E008C1E2B(_t43);
			}

0x008aed82
0x008aed89
0x008aed93
0x008aed98
0x008aeda3
0x008aeda7
0x008aedb3
0x008aedb8
0x008aedbc
0x008aedc0
0x008aedc6
0x008aedcc
0x008aedcd
0x008aedd4
0x008aedd7
0x008aede1
0x008aedef
0x008aedef
0x008aedf4
0x008aedf9
0x008aee01
0x008aee05
0x008aedc2
0x008aedc2
0x008aedc2
0x008aedc0
0x008aee0e
0x008aee1a

APIs

__EH_prolog3.LIBCMT ref: 008AED89
std::_Lockit::_Lockit.LIBCPMT ref: 008AED93

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

Part of subcall function 0089ABF0: std::_Lockit::_Lockit.LIBCPMT ref: 0089ABFF

numpunct.LIBCPMT ref: 008AEDCD
std::bad_exception::bad_exception.LIBCMT ref: 008AEDE1
__CxxThrowException@8.LIBCMT ref: 008AEDEF
std::_Facet_Register.LIBCPMT ref: 008AEE05

Strings

bad cast, xrefs: 008AEDD9

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__locknumpunctstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 3335846020-3145022300
Opcode ID: 028ad883d7034f4cc95e7cf0845ff040556dc8d07c2459cae8675c6ec4397267
Instruction ID: eed6e2ded52ce4e3b6785d5cae0f92052a4e30cfea4036957b248163a52044df
Opcode Fuzzy Hash: 028ad883d7034f4cc95e7cf0845ff040556dc8d07c2459cae8675c6ec4397267
Instruction Fuzzy Hash: A501AD319001199BDF14EBA8C842EAE7374FF42760F140919F510EB692DF7499048B92

Uniqueness

Uniqueness Score: -1.00%

Function 008AEE1B, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E008AEE1B(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				void* _t22;
				void* _t39;
				intOrPtr* _t41;
				void* _t44;

				_push(0x14);
				E008C1E5D(E008E0C70, __ebx, __edi, __esi);
				E008A9CD8(_t44 - 0x14, 0);
				_t41 =  *0x8f4c08; // 0x0
				 *(_t44 - 4) =  *(_t44 - 4) & 0x00000000;
				 *((intOrPtr*)(_t44 - 0x10)) = _t41;
				_t17 = E0089D7D0( *((intOrPtr*)(_t44 + 8)), E0089ABF0());
				_t43 = _t17;
				if(_t17 == 0) {
					if(_t41 == 0) {
						_push( *((intOrPtr*)(_t44 + 8)));
						_push(_t44 - 0x10);
						_t22 = E008B0821(__ebx, _t39, _t41, _t43, __eflags);
						__eflags = _t22 - 0xffffffff;
						if(_t22 == 0xffffffff) {
							E008C0981(_t44 - 0x20, "bad cast");
							E008BF897(_t44 - 0x20, 0x8eeb58);
						}
						_t43 =  *((intOrPtr*)(_t44 - 0x10));
						 *0x8f4c08 = _t43;
						 *((intOrPtr*)( *_t43 + 4))();
						E008AA1B7(_t43);
					} else {
						_t43 = _t41;
					}
				}
				E008A9D33(_t44 - 0x14);
				return E008C1E2B(_t43);
			}

0x008aee1b
0x008aee22
0x008aee2c
0x008aee31
0x008aee3c
0x008aee40
0x008aee4c
0x008aee51
0x008aee55
0x008aee59
0x008aee5f
0x008aee65
0x008aee66
0x008aee6d
0x008aee70
0x008aee7a
0x008aee88
0x008aee88
0x008aee8d
0x008aee92
0x008aee9a
0x008aee9e
0x008aee5b
0x008aee5b
0x008aee5b
0x008aee59
0x008aeea7
0x008aeeb3

APIs

__EH_prolog3.LIBCMT ref: 008AEE22
std::_Lockit::_Lockit.LIBCPMT ref: 008AEE2C

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

Part of subcall function 0089ABF0: std::_Lockit::_Lockit.LIBCPMT ref: 0089ABFF

numpunct.LIBCPMT ref: 008AEE66
std::bad_exception::bad_exception.LIBCMT ref: 008AEE7A
__CxxThrowException@8.LIBCMT ref: 008AEE88
std::_Facet_Register.LIBCPMT ref: 008AEE9E

Strings

bad cast, xrefs: 008AEE72

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__locknumpunctstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 3335846020-3145022300
Opcode ID: 84eba4ebac3b1320f45dde89257dcc2dc6b2ea1b771d21813825df193d3fb459
Instruction ID: d7a322f0d32385bdb5fa4140ecb05bf781752082bc8050d35af2864d5833c167
Opcode Fuzzy Hash: 84eba4ebac3b1320f45dde89257dcc2dc6b2ea1b771d21813825df193d3fb459
Instruction Fuzzy Hash: 49016D359002199BDF15FBA8C842EAE7379FF01720F640919F511EB692DF749D04CB92

Uniqueness

Uniqueness Score: -1.00%

Function 008A6860, Relevance: 10.7, APIs: 7, Instructions: 190
registryCOMMON

Download Yara Rule

C-Code - Quality: 88%

			E008A6860(CHAR* _a4, CHAR* _a8, int _a16, void* _a20) {
				char _v4;
				CHAR* _v12;
				void* _v16;
				char _v20;
				CHAR* _v24;
				int _v28;
				void* _v32;
				CHAR* _v36;
				void* __ebx;
				void* __edi;
				signed int _t40;
				char* _t43;
				char* _t45;
				char* _t50;
				int _t54;
				intOrPtr* _t72;
				CHAR* _t74;
				int _t80;
				void* _t89;
				char* _t92;
				CHAR* _t94;
				void* _t99;
				CHAR* _t101;
				long _t106;
				void* _t107;
				signed int _t108;
				void* _t110;
				void* _t112;
				void* _t113;

				_push(0xffffffff);
				_push(E008E0668);
				_push( *[fs:0x0]);
				_t108 = _t107 - 0x14;
				_t40 =  *0x8f21d0; // 0x28a5f8b6
				_push(_t40 ^ _t108);
				 *[fs:0x0] =  &_v12;
				_t72 = _a16;
				 *(_t72 + 0x10) = 0;
				if( *((intOrPtr*)(_t72 + 0x14)) < 0x10) {
					_t43 = _t72;
				} else {
					_t43 =  *_t72;
				}
				_t89 = _a4;
				 *_t43 = 0;
				if(_t89 == 0) {
					L26:
					__eflags = 0;
					 *[fs:0x0] = _v12;
					return 0;
				} else {
					_t45 = _a8;
					if(_t45[0x10] == 0) {
						goto L26;
					} else {
						_v32 = 0;
						_t79 =  !=  ? 0x100 : 0;
						_t80 = ( !=  ? 0x100 : 0) | 0x00000001;
						if(_t45[0x14] >= 0x10) {
							_t45 =  *_t45;
						}
						if(RegOpenKeyExA(_t89, _t45, 0, _t80,  &_v32) != 0) {
							goto L26;
						} else {
							_t99 = _v32;
							_v20 = _t99;
							E008A64D0(_t99, E008A6660);
							_push(_t99);
							_push(_t99);
							_push( &_v28);
							E008A6E40( &_v28);
							_t110 = _t108 + 0xc;
							_t92 = _a4;
							_v12 = 0;
							_v36 = 0;
							_a8 = 0;
							if(_t92[0x14] < 0x10) {
								_t50 = _t92;
							} else {
								_t50 =  *_t92;
							}
							if(RegQueryValueExA(_v32, _t50, 0,  &_v28, 0,  &_a16) != 0) {
								L24:
								_t74 = 0;
								__eflags = 0;
							} else {
								_t54 = _v28;
								if(_t54 == 1) {
									L14:
									_push(_a16);
									_t101 = E008A9AFF(_t72, _t92, _t126);
									_t112 = _t110 + 4;
									_a4 = _t101;
									_v4 = 1;
									if(_t101 == 0) {
										L23:
										_t74 = 0;
										L008BF883(_t101);
										_t110 = _t112 + 4;
									} else {
										E008C0340(_t101, 0, _a16);
										_t112 = _t112 + 0xc;
										if(_t92[0x14] >= 0x10) {
											_t92 =  *_t92;
										}
										if(RegQueryValueExA(_v32, _t92, 0, 0, _t101,  &_a16) != 0) {
											goto L23;
										} else {
											if(_v28 == 2) {
												_t106 = ExpandEnvironmentStringsA(_t101, 0, 0);
												_push(_t106);
												_t94 = E008A9AFF(_t72, _t92, __eflags);
												_t113 = _t112 + 4;
												_v24 = _t94;
												_v4 = 2;
												__eflags = _t94;
												if(_t94 != 0) {
													E008C0340(_t94, 0, _t106);
													ExpandEnvironmentStringsA(_t101, _t94, _t106);
													E00891350(_t94, _t94);
													_t74 = 1;
													L008BF883(_t94);
													L008BF883(_t101);
													_t110 = _t113 + 0x14;
												} else {
													_t74 = 0;
													L008BF883(_t94);
													L008BF883(_t101);
													_t110 = _t113 + 8;
												}
											} else {
												E00891350(_t92, _t101);
												_t74 = 1;
												L008BF883(_t101);
												_t110 = _t112 + 4;
											}
										}
									}
								} else {
									_t126 = _t54 - 2;
									if(_t54 != 2) {
										goto L24;
									} else {
										goto L14;
									}
								}
							}
							_v4 = 0xffffffff;
							E008A6600( &_v20);
							 *[fs:0x0] = _v12;
							return _t74;
						}
					}
				}
			}

0x008a6860
0x008a6862
0x008a686d
0x008a686e
0x008a6875
0x008a687c
0x008a6881
0x008a6887
0x008a688f
0x008a6896
0x008a689c
0x008a6898
0x008a6898
0x008a6898
0x008a689e
0x008a68a2
0x008a68a7
0x008a6a86
0x008a6a86
0x008a6a8c
0x008a6a9b
0x008a68ad
0x008a68ad
0x008a68b5
0x00000000
0x008a68bb
0x008a68bd
0x008a68ce
0x008a68d1
0x008a68d8
0x008a68da
0x008a68da
0x008a68ee
0x00000000
0x008a68f4
0x008a68f4
0x008a6902
0x008a6906
0x008a690b
0x008a6910
0x008a6911
0x008a6912
0x008a6917
0x008a691a
0x008a691e
0x008a6926
0x008a692e
0x008a693a
0x008a6940
0x008a693c
0x008a693c
0x008a693c
0x008a695f
0x008a6a5d
0x008a6a5d
0x008a6a5d
0x008a6965
0x008a6965
0x008a696c
0x008a6977
0x008a6977
0x008a6980
0x008a6982
0x008a6985
0x008a6989
0x008a6990
0x008a6a50
0x008a6a51
0x008a6a53
0x008a6a58
0x008a6996
0x008a699d
0x008a69a2
0x008a69a9
0x008a69ab
0x008a69ab
0x008a69c0
0x00000000
0x008a69c6
0x008a69cb
0x008a69ed
0x008a69ef
0x008a69f5
0x008a69f7
0x008a69fa
0x008a69fe
0x008a6a03
0x008a6a05
0x008a6a21
0x008a6a2c
0x008a6a35
0x008a6a3b
0x008a6a3d
0x008a6a46
0x008a6a4b
0x008a6a07
0x008a6a08
0x008a6a0a
0x008a6a13
0x008a6a18
0x008a6a18
0x008a69cd
0x008a69d0
0x008a69d6
0x008a69d8
0x008a69dd
0x008a69dd
0x008a69cb
0x008a69c0
0x008a696e
0x008a696e
0x008a6971
0x00000000
0x00000000
0x00000000
0x00000000
0x008a6971
0x008a696c
0x008a6a63
0x008a6a6b
0x008a6a76
0x008a6a85
0x008a6a85
0x008a68ee
0x008a68b5

APIs

RegOpenKeyExA.ADVAPI32(?,?,00000000,00000000,00000000), ref: 008A68E6
RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,00000000), ref: 008A695B
_memset.LIBCMT ref: 008A699D
RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,?,?,?,?,00000000,80000002,00000000,?), ref: 008A69BC
ExpandEnvironmentStringsA.KERNEL32(00000000,00000000,00000000), ref: 008A69E7
_memset.LIBCMT ref: 008A6A21
ExpandEnvironmentStringsA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,00000000,80000002,00000000), ref: 008A6A2C

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: EnvironmentExpandQueryStringsValue_memset$Open
String ID:
API String ID: 1914370947-0
Opcode ID: e110cc4b9a079cd18334d6383d21058b0758706a4f1fa4861689d18722232108
Instruction ID: bdd553aa539f6e612d7cdbadd2da9e545d9629be954b80a83ef9dc9d5e86e591
Opcode Fuzzy Hash: e110cc4b9a079cd18334d6383d21058b0758706a4f1fa4861689d18722232108
Instruction Fuzzy Hash: 5151DF71608310ABE7149B249C41B5BBBE8FF86714F080929F546E7692E376E914CB93

Uniqueness

Uniqueness Score: -1.00%

Function 008C4821, Relevance: 10.7, APIs: 7, Instructions: 184
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E008C4821(intOrPtr* __eax, void* __edx, void* _a1, void* _a4, void* _a8, void* _a12, void* _a16, void* _a20, void* _a24, void* _a28, void* _a32) {
				void* _v0;
				intOrPtr* _t88;

				_t88 = __eax;
				 *__eax =  *__eax + __eax;
			}

0x008c4821
0x008c4824

APIs

_W_store_num.LIBCMT ref: 008C489D
_W_store_winword.LIBCMT ref: 008C48C3
__mbstowcs_s_l.LIBCMT ref: 008C49F4
_W_store_str.LIBCMT ref: 008C4AD4
__invoke_watson.LIBCMT ref: 008C4AE9
_W_store_number.LIBCMT ref: 008C4B03

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: W_store_numW_store_numberW_store_strW_store_winword__invoke_watson__mbstowcs_s_l
String ID:
API String ID: 3873715077-0
Opcode ID: dc11c38291d468f303b6fa9479854b7206f83591e9b24a99ce1d90b4b8ed774f
Instruction ID: e071300abd224a469d40904e6a49f0db77a9931b424ad018fbf11458fe2e503e
Opcode Fuzzy Hash: dc11c38291d468f303b6fa9479854b7206f83591e9b24a99ce1d90b4b8ed774f
Instruction Fuzzy Hash: BB51793150022AEFCF259F58CC61FAA7B75FF09324F155129F905DA1A1D335D8A0DBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0089F6B0, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 116
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E0089F6B0(intOrPtr __ecx, char _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed char** _v28;
				char _v72;
				char _v116;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t35;
				intOrPtr _t43;
				intOrPtr _t45;
				intOrPtr _t46;
				signed int _t50;
				intOrPtr _t53;
				void* _t57;
				intOrPtr _t58;
				char _t59;
				char _t60;
				signed char** _t61;
				intOrPtr _t66;
				void* _t68;
				void* _t70;
				intOrPtr* _t72;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t79;
				signed char** _t80;
				intOrPtr* _t81;
				intOrPtr* _t82;
				char* _t83;
				signed int _t86;
				void* _t87;
				void* _t94;

				_push(0xffffffff);
				_push(E008DFDB0);
				_push( *[fs:0x0]);
				_push(_t79);
				_t35 =  *0x8f21d0; // 0x28a5f8b6
				_push(_t35 ^ _t86);
				 *[fs:0x0] =  &_v16;
				_v20 = _t87 - 0x64;
				_t53 = __ecx;
				_v24 = __ecx;
				_t80 = E008C177C(__ecx, _t79, _t94);
				_v28 = _t80;
				E008A9EC7( &_v72);
				 *((intOrPtr*)(_t53 + 8)) = 0;
				 *((intOrPtr*)(_t53 + 0x10)) = 0;
				 *((intOrPtr*)(_t53 + 0x14)) = 0;
				_v8 = 0;
				if(_a8 == 0) {
					_t81 =  *((intOrPtr*)(_t80 + 8));
				} else {
					_t81 = 0x8e236f;
				}
				E008A9EC7( &_v116);
				_t72 = _t81;
				_t13 = _t72 + 1; // 0x8e2370
				_t57 = _t13;
				do {
					_t43 =  *_t72;
					_t72 = _t72 + 1;
					_t96 = _t43;
				} while (_t43 != 0);
				_t74 = _t72 - _t57 + 1;
				_push(_t74);
				_t66 = E008A9AFF(_t53, _t74, _t96);
				_t58 = _t66;
				if(_t74 == 0) {
					L8:
					_t75 = 6;
					 *((intOrPtr*)(_t53 + 8)) = _t66;
					_push(6);
					_t82 = "false";
					_t45 = E008A9AFF(_t53, 6, _t98);
					_t68 = _t45 - _t82;
					do {
						_t59 =  *_t82;
						_t82 = _t82 + 1;
						 *((char*)(_t68 + _t82 - 1)) = _t59;
						_t75 = _t75 - 1;
						_t99 = _t75;
					} while (_t75 != 0);
					_t76 = 5;
					 *((intOrPtr*)(_t53 + 0x10)) = _t45;
					_push(5);
					_t83 = "true";
					_t46 = E008A9AFF(_t53, 5, _t99);
					_t70 = _t46 - _t83;
					do {
						_t60 =  *_t83;
						_t83 =  &(_t83[1]);
						 *((char*)(_t70 + _t83 - 1)) = _t60;
						_t76 = _t76 - 1;
					} while (_t76 != 0);
					 *((intOrPtr*)(_t53 + 0x14)) = _t46;
					if(_a8 == 0) {
						_t61 = _v28;
						 *((char*)(_t53 + 0xc)) =  *( *_t61) & 0x000000ff;
						_t50 =  *(_t61[1]) & 0x000000ff;
						 *(_t53 + 0xd) = _t50;
						 *[fs:0x0] = _v16;
						return _t50;
					} else {
						 *((short*)(_t53 + 0xc)) = 0x2c2e;
						 *[fs:0x0] = _v16;
						return _t46;
					}
				}
				do {
					_t58 = _t58 + 1;
					 *((char*)(_t58 - 1)) =  *_t81;
					_t16 = _t81 + 1; // 0x656e6567
					_t81 = _t16;
					_t74 = _t74 - 1;
					_t98 = _t74;
				} while (_t74 != 0);
				goto L8;
			}

0x0089f6b3
0x0089f6b5
0x0089f6c0
0x0089f6c5
0x0089f6c7
0x0089f6ce
0x0089f6d2
0x0089f6d8
0x0089f6db
0x0089f6dd
0x0089f6e5
0x0089f6eb
0x0089f6ee
0x0089f6f6
0x0089f701
0x0089f708
0x0089f70f
0x0089f716
0x0089f71f
0x0089f718
0x0089f718
0x0089f718
0x0089f726
0x0089f72b
0x0089f730
0x0089f730
0x0089f733
0x0089f733
0x0089f735
0x0089f736
0x0089f736
0x0089f73c
0x0089f73d
0x0089f746
0x0089f748
0x0089f74c
0x0089f75e
0x0089f75e
0x0089f763
0x0089f766
0x0089f767
0x0089f76c
0x0089f776
0x0089f780
0x0089f780
0x0089f782
0x0089f785
0x0089f789
0x0089f789
0x0089f789
0x0089f78c
0x0089f791
0x0089f794
0x0089f795
0x0089f79a
0x0089f7a4
0x0089f7a6
0x0089f7a6
0x0089f7a8
0x0089f7ab
0x0089f7af
0x0089f7af
0x0089f7b6
0x0089f7b9
0x0089f7d5
0x0089f7dd
0x0089f7e3
0x0089f7e6
0x0089f7ec
0x0089f7fa
0x0089f7bb
0x0089f7bb
0x0089f7c4
0x0089f7d2
0x0089f7d2
0x0089f7b9
0x0089f750
0x0089f752
0x0089f755
0x0089f758
0x0089f758
0x0089f75b
0x0089f75b
0x0089f75b
0x00000000

APIs

_localeconv.LIBCMT ref: 0089F6E0
__Getcvt.LIBCPMT ref: 0089F6EE

Part of subcall function 008A9EC7: ____lc_codepage_func.LIBCMT ref: 008A9EDE
Part of subcall function 008A9EC7: ____mb_cur_max_func.LIBCMT ref: 008A9EE7
Part of subcall function 008A9EC7: ____lc_locale_name_func.LIBCMT ref: 008A9EEF

__Getcvt.LIBCPMT ref: 0089F726

Strings

false, xrefs: 0089F767
.,, xrefs: 0089F7BB
true, xrefs: 0089F795

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: Getcvt$____lc_codepage_func____lc_locale_name_func____mb_cur_max_func_localeconv
String ID: .,$false$true
API String ID: 3073657462-276263365
Opcode ID: 63e809b54b838d43e47469b71da7ae141ebfb52b3c834c0cec1cb0df04cfee3d
Instruction ID: 3724697b3cb69b53172db358b203e6900e470c0141fe2dc8298ed2cc038a6d80
Opcode Fuzzy Hash: 63e809b54b838d43e47469b71da7ae141ebfb52b3c834c0cec1cb0df04cfee3d
Instruction Fuzzy Hash: CA4145729082819FCB15DF68C48076ABBA5FF42310F1881BED985CB302DA76E904CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 008C27F5, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 103
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E008C27F5(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				char _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t44;
				void* _t45;
				signed int _t49;
				intOrPtr _t54;
				intOrPtr _t58;
				intOrPtr _t61;
				intOrPtr* _t64;
				intOrPtr _t70;
				signed int* _t73;
				void* _t75;
				void* _t76;

				_t57 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t64 = _a4;
				_t77 =  *_t64 - 0x80000003;
				if( *_t64 == 0x80000003) {
					L19:
					return _t44;
				}
				_t45 = E008C8EFB(_t64, _t77);
				_t54 = _a20;
				_t78 =  *((intOrPtr*)(_t45 + 0x80));
				if( *((intOrPtr*)(_t45 + 0x80)) == 0) {
					L6:
					if( *((intOrPtr*)(_t54 + 0xc)) == 0) {
						E008C911C();
					}
					_t44 = E008BFB08(_t57, _t54, _a28, _a24,  &_v12,  &_v8);
					_t58 = _v12;
					_t76 = _t75 + 0x14;
					_t61 = _v8;
					if(_t58 >= _t61) {
						L18:
						goto L19;
					} else {
						_t17 = _t44 + 0xc; // 0xc
						_t73 = _t17;
						_t44 = _a24;
						do {
							if(_t44 >=  *((intOrPtr*)(_t73 - 0xc)) && _t44 <=  *((intOrPtr*)(_t73 - 8))) {
								_t49 =  *_t73 << 4;
								if( *((intOrPtr*)(_t73[1] + _t49 - 0xc)) == 0) {
									L14:
									_t50 = _t49 + _t73[1] + 0xfffffff0;
									_t70 = _a4;
									if(( *(_t49 + _t73[1] + 0xfffffff0) & 0x00000040) == 0) {
										_push(1);
										_t35 = _t73 - 0xc; // 0x0
										E008C2390(_t54, _t73, _t70, _a8, _a12, _a16, _t54, _t50, 0, _t35, _a28, _a32);
										_t61 = _v8;
										_t76 = _t76 + 0x2c;
										_t58 = _v12;
									}
									L16:
									_t44 = _a24;
									goto L17;
								}
								_t61 = _v8;
								_t54 = _a20;
								if( *((char*)( *((intOrPtr*)(_t73[1] + _t49 - 0xc)) + 8)) != 0) {
									goto L16;
								}
								goto L14;
							}
							L17:
							_t58 = _t58 + 1;
							_t73 =  &(_t73[5]);
							_v12 = _t58;
						} while (_t58 < _t61);
						goto L18;
					}
				}
				__imp__EncodePointer(0);
				if( *((intOrPtr*)(E008C8EFB(_t64, _t78) + 0x80)) != _t45 &&  *_t64 != 0xe0434f4d &&  *_t64 != 0xe0434352) {
					_t44 = E008BFA31(_t64, _a8, _a12, _a16, _t54, _a28, _a32);
					_t75 = _t75 + 0x1c;
					if(_t44 != 0) {
						goto L18;
					}
				}
			}

0x008c27f5
0x008c27f8
0x008c27f9
0x008c27fb
0x008c27fe
0x008c2804
0x008c290c
0x008c2910
0x008c2910
0x008c280c
0x008c2811
0x008c2814
0x008c281b
0x008c2865
0x008c2869
0x008c286b
0x008c286b
0x008c287f
0x008c2884
0x008c2887
0x008c288a
0x008c288f
0x008c290a
0x00000000
0x008c2891
0x008c2891
0x008c2891
0x008c2894
0x008c2897
0x008c289a
0x008c28a6
0x008c28af
0x008c28c4
0x008c28ca
0x008c28cc
0x008c28d2
0x008c28d4
0x008c28d9
0x008c28ee
0x008c28f3
0x008c28f6
0x008c28f9
0x008c28f9
0x008c28fc
0x008c28fc
0x00000000
0x008c28fc
0x008c28b8
0x008c28bf
0x008c28c2
0x00000000
0x00000000
0x00000000
0x008c28c2
0x008c28ff
0x008c28ff
0x008c2900
0x008c2903
0x008c2906
0x00000000
0x008c2897
0x008c288f
0x008c281f
0x008c2832
0x008c2855
0x008c285a
0x008c285f
0x00000000
0x00000000
0x008c285f

APIs

Part of subcall function 008C8EFB: __getptd_noexit.LIBCMT ref: 008C8EFC

EncodePointer.KERNEL32(00000000), ref: 008C281F
_CallSETranslator.LIBCMT ref: 008C2855
_GetRangeOfTrysToCheck.LIBCMT ref: 008C287F

Strings

MOC, xrefs: 008C2834
f, xrefs: 008C280C
RCC, xrefs: 008C283C

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: CallCheckEncodePointerRangeTranslatorTrys__getptd_noexit
String ID: MOC$RCC$f
API String ID: 3337196757-726124777
Opcode ID: 973add1e43c5392d3aa75574faac84d524edecca791256900789c95a3664c99c
Instruction ID: d4df56fa1be10710a877d5541563a7f458c85939a6904c366110ac618e199605
Opcode Fuzzy Hash: 973add1e43c5392d3aa75574faac84d524edecca791256900789c95a3664c99c
Instruction Fuzzy Hash: 75415732500249AFDF11DF48C881FAABB76FF48314F184168F914A7291D779ED51DB91

Uniqueness

Uniqueness Score: -1.00%

Function 00898010, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E00898010(intOrPtr* _a4) {
				intOrPtr _v8;
				char _v12;
				char _v24;
				char _v28;
				char _v32;
				void* _v36;
				intOrPtr _v40;
				signed int _t25;
				void* _t32;
				void* _t38;
				signed int _t43;
				signed int _t44;
				intOrPtr _t46;
				intOrPtr _t49;
				signed int _t59;
				intOrPtr* _t62;
				void* _t67;
				signed int _t68;
				void* _t70;
				void* _t72;

				_push(0xffffffff);
				_push(E008DF138);
				_push( *[fs:0x0]);
				_t68 = _t67 - 0x18;
				_t25 =  *0x8f21d0; // 0x28a5f8b6
				_push(_t25 ^ _t68);
				 *[fs:0x0] =  &_v12;
				E008A9CD8( &_v28, 0);
				_t59 =  *0x8f4a00; // 0x0
				_t46 =  *0x8f4a04; // 0x0
				_v8 = 0;
				_v40 = _t46;
				if(_t59 == 0) {
					E008A9CD8( &_v32, _t59);
					_t72 =  *0x8f4a00 - _t59; // 0x0
					if(_t72 == 0) {
						_t43 =  *0x8f4ad0; // 0x0
						_t44 = _t43 + 1;
						 *0x8f4ad0 = _t44;
						 *0x8f4a00 = _t44;
					}
					E008A9D33( &_v32);
					_t59 =  *0x8f4a00; // 0x0
				}
				_t65 = _a4;
				_t49 =  *_a4;
				if(_t59 >=  *((intOrPtr*)(_t49 + 0xc))) {
					_t62 = 0;
					goto L8;
				} else {
					_t62 =  *((intOrPtr*)( *((intOrPtr*)(_t49 + 8)) + _t59 * 4));
					if(_t62 != 0) {
						L17:
						E008A9D33( &_v28);
						 *[fs:0x0] = _v12;
						return _t62;
					}
					L8:
					if( *((char*)(_t49 + 0x14)) == 0) {
						L11:
						if(_t62 != 0) {
							goto L17;
						}
						L12:
						if(_t46 == 0) {
							_t32 = E0089D580( &_v36, _t65);
							_t70 = _t68 + 8;
							if(_t32 == 0xffffffff) {
								E008C0981( &_v24, "bad cast");
								E008BF897( &_v28, 0x8eeb58);
							}
							_t62 = _v36;
							 *0x8f4a04 = _t62;
							 *((intOrPtr*)( *_t62 + 4))();
							E008AA1B7(_t62);
							_t68 = _t70 + 4;
						} else {
							_t62 = _t46;
						}
						goto L17;
					}
					_t38 = E008AA1DF();
					if(_t59 >=  *((intOrPtr*)(_t38 + 0xc))) {
						goto L12;
					}
					_t62 =  *((intOrPtr*)( *((intOrPtr*)(_t38 + 8)) + _t59 * 4));
					goto L11;
				}
			}

0x00898010
0x00898012
0x0089801d
0x0089801e
0x00898025
0x0089802c
0x00898031
0x0089803d
0x00898042
0x00898048
0x0089804e
0x00898056
0x0089805c
0x00898063
0x00898068
0x0089806e
0x00898070
0x00898075
0x00898076
0x0089807b
0x0089807b
0x00898084
0x00898089
0x00898089
0x0089808f
0x00898093
0x00898099
0x008980a7
0x00000000
0x0089809b
0x0089809e
0x008980a3
0x00898115
0x00898119
0x00898124
0x00898133
0x00898133
0x008980a9
0x008980ad
0x008980bf
0x008980c1
0x00000000
0x00000000
0x008980c3
0x008980c5
0x008980d1
0x008980d6
0x008980dc
0x008980e7
0x008980f6
0x008980f6
0x008980fb
0x00898101
0x00898109
0x0089810d
0x00898112
0x008980c7
0x008980c7
0x008980c7
0x00000000
0x008980c5
0x008980af
0x008980b7
0x00000000
0x00000000
0x008980bc
0x00000000
0x008980bc

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0089803D

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

std::_Lockit::_Lockit.LIBCPMT ref: 00898063
std::bad_exception::bad_exception.LIBCMT ref: 008980E7
__CxxThrowException@8.LIBCMT ref: 008980F6
std::_Facet_Register.LIBCPMT ref: 0089810D

Strings

bad cast, xrefs: 008980DE

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_RegisterThrow__lockstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 153433846-3145022300
Opcode ID: 932e08298aa1bafb92b2b4f8a72f84aaf8b6159549f484f9b00f06bb5ece5f05
Instruction ID: 36871bfcdf621c7607a4666ec756541c4b1f839814515260c101448bd283884e
Opcode Fuzzy Hash: 932e08298aa1bafb92b2b4f8a72f84aaf8b6159549f484f9b00f06bb5ece5f05
Instruction Fuzzy Hash: 8631E432548651CFDB10EF28E881E6BB3E4FB45724F45462AF842D7652DB31AD05CB92

Uniqueness

Uniqueness Score: -1.00%

Function 00898140, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E00898140(intOrPtr* _a4) {
				intOrPtr _v8;
				char _v12;
				char _v24;
				char _v28;
				char _v32;
				void* _v36;
				intOrPtr _v40;
				signed int _t25;
				void* _t32;
				void* _t38;
				signed int _t43;
				signed int _t44;
				intOrPtr _t46;
				intOrPtr _t49;
				signed int _t59;
				intOrPtr* _t62;
				void* _t67;
				signed int _t68;
				void* _t70;
				void* _t72;

				_push(0xffffffff);
				_push(E008DF138);
				_push( *[fs:0x0]);
				_t68 = _t67 - 0x18;
				_t25 =  *0x8f21d0; // 0x28a5f8b6
				_push(_t25 ^ _t68);
				 *[fs:0x0] =  &_v12;
				E008A9CD8( &_v28, 0);
				_t59 =  *0x8f49e4; // 0x0
				_t46 =  *0x8f49ec; // 0x0
				_v8 = 0;
				_v40 = _t46;
				if(_t59 == 0) {
					E008A9CD8( &_v32, _t59);
					_t72 =  *0x8f49e4 - _t59; // 0x0
					if(_t72 == 0) {
						_t43 =  *0x8f4ad0; // 0x0
						_t44 = _t43 + 1;
						 *0x8f4ad0 = _t44;
						 *0x8f49e4 = _t44;
					}
					E008A9D33( &_v32);
					_t59 =  *0x8f49e4; // 0x0
				}
				_t65 = _a4;
				_t49 =  *_a4;
				if(_t59 >=  *((intOrPtr*)(_t49 + 0xc))) {
					_t62 = 0;
					goto L8;
				} else {
					_t62 =  *((intOrPtr*)( *((intOrPtr*)(_t49 + 8)) + _t59 * 4));
					if(_t62 != 0) {
						L17:
						E008A9D33( &_v28);
						 *[fs:0x0] = _v12;
						return _t62;
					}
					L8:
					if( *((char*)(_t49 + 0x14)) == 0) {
						L11:
						if(_t62 != 0) {
							goto L17;
						}
						L12:
						if(_t46 == 0) {
							_t32 = E0089D640( &_v36, _t65);
							_t70 = _t68 + 8;
							if(_t32 == 0xffffffff) {
								E008C0981( &_v24, "bad cast");
								E008BF897( &_v28, 0x8eeb58);
							}
							_t62 = _v36;
							 *0x8f49ec = _t62;
							 *((intOrPtr*)( *_t62 + 4))();
							E008AA1B7(_t62);
							_t68 = _t70 + 4;
						} else {
							_t62 = _t46;
						}
						goto L17;
					}
					_t38 = E008AA1DF();
					if(_t59 >=  *((intOrPtr*)(_t38 + 0xc))) {
						goto L12;
					}
					_t62 =  *((intOrPtr*)( *((intOrPtr*)(_t38 + 8)) + _t59 * 4));
					goto L11;
				}
			}

0x00898140
0x00898142
0x0089814d
0x0089814e
0x00898155
0x0089815c
0x00898161
0x0089816d
0x00898172
0x00898178
0x0089817e
0x00898186
0x0089818c
0x00898193
0x00898198
0x0089819e
0x008981a0
0x008981a5
0x008981a6
0x008981ab
0x008981ab
0x008981b4
0x008981b9
0x008981b9
0x008981bf
0x008981c3
0x008981c9
0x008981d7
0x00000000
0x008981cb
0x008981ce
0x008981d3
0x00898245
0x00898249
0x00898254
0x00898263
0x00898263
0x008981d9
0x008981dd
0x008981ef
0x008981f1
0x00000000
0x00000000
0x008981f3
0x008981f5
0x00898201
0x00898206
0x0089820c
0x00898217
0x00898226
0x00898226
0x0089822b
0x00898231
0x00898239
0x0089823d
0x00898242
0x008981f7
0x008981f7
0x008981f7
0x00000000
0x008981f5
0x008981df
0x008981e7
0x00000000
0x00000000
0x008981ec
0x00000000
0x008981ec

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0089816D

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

std::_Lockit::_Lockit.LIBCPMT ref: 00898193
std::bad_exception::bad_exception.LIBCMT ref: 00898217
__CxxThrowException@8.LIBCMT ref: 00898226
std::_Facet_Register.LIBCPMT ref: 0089823D

Strings

bad cast, xrefs: 0089820E

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_RegisterThrow__lockstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 153433846-3145022300
Opcode ID: 3053ca6d6b8b080460391f7f8e53f2428a33fad54e0cc495e713aec668fce993
Instruction ID: 0f9aa81e8316c9de2479f506358037fc0ddbac5d187a0f52a40a12285b293401
Opcode Fuzzy Hash: 3053ca6d6b8b080460391f7f8e53f2428a33fad54e0cc495e713aec668fce993
Instruction Fuzzy Hash: F631E635604201CFDB10EF24D841A6BB7E8FB85724F44062AF845D72A1DB30AD05CB92

Uniqueness

Uniqueness Score: -1.00%

Function 00898270, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E00898270(intOrPtr* _a4) {
				intOrPtr _v8;
				char _v12;
				char _v24;
				char _v28;
				char _v32;
				void* _v36;
				intOrPtr _v40;
				signed int _t25;
				void* _t32;
				void* _t38;
				signed int _t43;
				signed int _t44;
				intOrPtr _t46;
				intOrPtr _t49;
				signed int _t59;
				intOrPtr* _t62;
				void* _t67;
				signed int _t68;
				void* _t70;
				void* _t72;

				_push(0xffffffff);
				_push(E008DF138);
				_push( *[fs:0x0]);
				_t68 = _t67 - 0x18;
				_t25 =  *0x8f21d0; // 0x28a5f8b6
				_push(_t25 ^ _t68);
				 *[fs:0x0] =  &_v12;
				E008A9CD8( &_v28, 0);
				_t59 =  *0x8f49bc; // 0x0
				_t46 =  *0x8f49f0; // 0x0
				_v8 = 0;
				_v40 = _t46;
				if(_t59 == 0) {
					E008A9CD8( &_v32, _t59);
					_t72 =  *0x8f49bc - _t59; // 0x0
					if(_t72 == 0) {
						_t43 =  *0x8f4ad0; // 0x0
						_t44 = _t43 + 1;
						 *0x8f4ad0 = _t44;
						 *0x8f49bc = _t44;
					}
					E008A9D33( &_v32);
					_t59 =  *0x8f49bc; // 0x0
				}
				_t65 = _a4;
				_t49 =  *_a4;
				if(_t59 >=  *((intOrPtr*)(_t49 + 0xc))) {
					_t62 = 0;
					goto L8;
				} else {
					_t62 =  *((intOrPtr*)( *((intOrPtr*)(_t49 + 8)) + _t59 * 4));
					if(_t62 != 0) {
						L17:
						E008A9D33( &_v28);
						 *[fs:0x0] = _v12;
						return _t62;
					}
					L8:
					if( *((char*)(_t49 + 0x14)) == 0) {
						L11:
						if(_t62 != 0) {
							goto L17;
						}
						L12:
						if(_t46 == 0) {
							_t32 = E0089D700( &_v36, _t65);
							_t70 = _t68 + 8;
							if(_t32 == 0xffffffff) {
								E008C0981( &_v24, "bad cast");
								E008BF897( &_v28, 0x8eeb58);
							}
							_t62 = _v36;
							 *0x8f49f0 = _t62;
							 *((intOrPtr*)( *_t62 + 4))();
							E008AA1B7(_t62);
							_t68 = _t70 + 4;
						} else {
							_t62 = _t46;
						}
						goto L17;
					}
					_t38 = E008AA1DF();
					if(_t59 >=  *((intOrPtr*)(_t38 + 0xc))) {
						goto L12;
					}
					_t62 =  *((intOrPtr*)( *((intOrPtr*)(_t38 + 8)) + _t59 * 4));
					goto L11;
				}
			}

0x00898270
0x00898272
0x0089827d
0x0089827e
0x00898285
0x0089828c
0x00898291
0x0089829d
0x008982a2
0x008982a8
0x008982ae
0x008982b6
0x008982bc
0x008982c3
0x008982c8
0x008982ce
0x008982d0
0x008982d5
0x008982d6
0x008982db
0x008982db
0x008982e4
0x008982e9
0x008982e9
0x008982ef
0x008982f3
0x008982f9
0x00898307
0x00000000
0x008982fb
0x008982fe
0x00898303
0x00898375
0x00898379
0x00898384
0x00898393
0x00898393
0x00898309
0x0089830d
0x0089831f
0x00898321
0x00000000
0x00000000
0x00898323
0x00898325
0x00898331
0x00898336
0x0089833c
0x00898347
0x00898356
0x00898356
0x0089835b
0x00898361
0x00898369
0x0089836d
0x00898372
0x00898327
0x00898327
0x00898327
0x00000000
0x00898325
0x0089830f
0x00898317
0x00000000
0x00000000
0x0089831c
0x00000000
0x0089831c

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0089829D

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

std::_Lockit::_Lockit.LIBCPMT ref: 008982C3
std::bad_exception::bad_exception.LIBCMT ref: 00898347
__CxxThrowException@8.LIBCMT ref: 00898356
std::_Facet_Register.LIBCPMT ref: 0089836D

Strings

bad cast, xrefs: 0089833E

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_RegisterThrow__lockstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 153433846-3145022300
Opcode ID: a2fcec0d873281233859de5d3e4f3d3213113ba1b61748cd35eaecf3e9ad55df
Instruction ID: 2e8a4146d24a0809ff4b6f2773d1f44f618563aac9b2101e4df5c5797ec31c4c
Opcode Fuzzy Hash: a2fcec0d873281233859de5d3e4f3d3213113ba1b61748cd35eaecf3e9ad55df
Instruction Fuzzy Hash: 5131D272608201DFDB10EF24D840A2BB7E8FB45B24F44462EE846D77A1DB70ED05CB92

Uniqueness

Uniqueness Score: -1.00%

Function 008A7830, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E008A7830(intOrPtr* _a4) {
				intOrPtr _v8;
				char _v12;
				char _v24;
				char _v28;
				char _v32;
				void* _v36;
				intOrPtr _v40;
				signed int _t25;
				void* _t32;
				void* _t38;
				signed int _t43;
				signed int _t44;
				intOrPtr _t46;
				intOrPtr _t49;
				signed int _t59;
				intOrPtr* _t62;
				void* _t67;
				signed int _t68;
				void* _t70;
				void* _t72;

				_push(0xffffffff);
				_push(E008DF138);
				_push( *[fs:0x0]);
				_t68 = _t67 - 0x18;
				_t25 =  *0x8f21d0; // 0x28a5f8b6
				_push(_t25 ^ _t68);
				 *[fs:0x0] =  &_v12;
				E008A9CD8( &_v28, 0);
				_t59 =  *0x8f4af0; // 0x0
				_t46 =  *0x8f4a3c; // 0x0
				_v8 = 0;
				_v40 = _t46;
				if(_t59 == 0) {
					E008A9CD8( &_v32, _t59);
					_t72 =  *0x8f4af0 - _t59; // 0x0
					if(_t72 == 0) {
						_t43 =  *0x8f4ad0; // 0x0
						_t44 = _t43 + 1;
						 *0x8f4ad0 = _t44;
						 *0x8f4af0 = _t44;
					}
					E008A9D33( &_v32);
					_t59 =  *0x8f4af0; // 0x0
				}
				_t65 = _a4;
				_t49 =  *_a4;
				if(_t59 >=  *((intOrPtr*)(_t49 + 0xc))) {
					_t62 = 0;
					goto L8;
				} else {
					_t62 =  *((intOrPtr*)( *((intOrPtr*)(_t49 + 8)) + _t59 * 4));
					if(_t62 != 0) {
						L17:
						E008A9D33( &_v28);
						 *[fs:0x0] = _v12;
						return _t62;
					}
					L8:
					if( *((char*)(_t49 + 0x14)) == 0) {
						L11:
						if(_t62 != 0) {
							goto L17;
						}
						L12:
						if(_t46 == 0) {
							_t32 = E008A7D70( &_v36, _t65);
							_t70 = _t68 + 8;
							if(_t32 == 0xffffffff) {
								E008C0981( &_v24, "bad cast");
								E008BF897( &_v28, 0x8eeb58);
							}
							_t62 = _v36;
							 *0x8f4a3c = _t62;
							 *((intOrPtr*)( *_t62 + 4))();
							E008AA1B7(_t62);
							_t68 = _t70 + 4;
						} else {
							_t62 = _t46;
						}
						goto L17;
					}
					_t38 = E008AA1DF();
					if(_t59 >=  *((intOrPtr*)(_t38 + 0xc))) {
						goto L12;
					}
					_t62 =  *((intOrPtr*)( *((intOrPtr*)(_t38 + 8)) + _t59 * 4));
					goto L11;
				}
			}

0x008a7830
0x008a7832
0x008a783d
0x008a783e
0x008a7845
0x008a784c
0x008a7851
0x008a785d
0x008a7862
0x008a7868
0x008a786e
0x008a7876
0x008a787c
0x008a7883
0x008a7888
0x008a788e
0x008a7890
0x008a7895
0x008a7896
0x008a789b
0x008a789b
0x008a78a4
0x008a78a9
0x008a78a9
0x008a78af
0x008a78b3
0x008a78b9
0x008a78c7
0x00000000
0x008a78bb
0x008a78be
0x008a78c3
0x008a7935
0x008a7939
0x008a7944
0x008a7953
0x008a7953
0x008a78c9
0x008a78cd
0x008a78df
0x008a78e1
0x00000000
0x00000000
0x008a78e3
0x008a78e5
0x008a78f1
0x008a78f6
0x008a78fc
0x008a7907
0x008a7916
0x008a7916
0x008a791b
0x008a7921
0x008a7929
0x008a792d
0x008a7932
0x008a78e7
0x008a78e7
0x008a78e7
0x00000000
0x008a78e5
0x008a78cf
0x008a78d7
0x00000000
0x00000000
0x008a78dc
0x00000000
0x008a78dc

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 008A785D

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

std::_Lockit::_Lockit.LIBCPMT ref: 008A7883
std::bad_exception::bad_exception.LIBCMT ref: 008A7907
__CxxThrowException@8.LIBCMT ref: 008A7916
std::_Facet_Register.LIBCPMT ref: 008A792D

Strings

bad cast, xrefs: 008A78FE

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_RegisterThrow__lockstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 153433846-3145022300
Opcode ID: 3a52484affcf481a7e1519c3dfd8738be88f56c208c2edb406fc1236a1615b5e
Instruction ID: d80269c6a8eabc155274d63eecb63e55875d26c2960fa7399816ac4986b94d44
Opcode Fuzzy Hash: 3a52484affcf481a7e1519c3dfd8738be88f56c208c2edb406fc1236a1615b5e
Instruction Fuzzy Hash: 6E31B0329082119FE710DF24EC80E6BB7E4FB46724F45062EE856D7A91D735ED05CB92

Uniqueness

Uniqueness Score: -1.00%

Function 00897DB0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E00897DB0(intOrPtr* _a4) {
				intOrPtr _v8;
				char _v12;
				char _v24;
				char _v28;
				char _v32;
				void* _v36;
				intOrPtr _v40;
				signed int _t25;
				void* _t32;
				void* _t38;
				signed int _t43;
				signed int _t44;
				intOrPtr _t46;
				intOrPtr _t49;
				signed int _t59;
				intOrPtr* _t62;
				void* _t67;
				signed int _t68;
				void* _t70;
				void* _t72;

				_push(0xffffffff);
				_push(E008DF138);
				_push( *[fs:0x0]);
				_t68 = _t67 - 0x18;
				_t25 =  *0x8f21d0; // 0x28a5f8b6
				_push(_t25 ^ _t68);
				 *[fs:0x0] =  &_v12;
				E008A9CD8( &_v28, 0);
				_t59 =  *0x8f49f4; // 0x0
				_t46 =  *0x8f49fc; // 0x0
				_v8 = 0;
				_v40 = _t46;
				if(_t59 == 0) {
					E008A9CD8( &_v32, _t59);
					_t72 =  *0x8f49f4 - _t59; // 0x0
					if(_t72 == 0) {
						_t43 =  *0x8f4ad0; // 0x0
						_t44 = _t43 + 1;
						 *0x8f4ad0 = _t44;
						 *0x8f49f4 = _t44;
					}
					E008A9D33( &_v32);
					_t59 =  *0x8f49f4; // 0x0
				}
				_t65 = _a4;
				_t49 =  *_a4;
				if(_t59 >=  *((intOrPtr*)(_t49 + 0xc))) {
					_t62 = 0;
					goto L8;
				} else {
					_t62 =  *((intOrPtr*)( *((intOrPtr*)(_t49 + 8)) + _t59 * 4));
					if(_t62 != 0) {
						L17:
						E008A9D33( &_v28);
						 *[fs:0x0] = _v12;
						return _t62;
					}
					L8:
					if( *((char*)(_t49 + 0x14)) == 0) {
						L11:
						if(_t62 != 0) {
							goto L17;
						}
						L12:
						if(_t46 == 0) {
							_t32 = E0089D3E0( &_v36, _t65);
							_t70 = _t68 + 8;
							if(_t32 == 0xffffffff) {
								E008C0981( &_v24, "bad cast");
								E008BF897( &_v28, 0x8eeb58);
							}
							_t62 = _v36;
							 *0x8f49fc = _t62;
							 *((intOrPtr*)( *_t62 + 4))();
							E008AA1B7(_t62);
							_t68 = _t70 + 4;
						} else {
							_t62 = _t46;
						}
						goto L17;
					}
					_t38 = E008AA1DF();
					if(_t59 >=  *((intOrPtr*)(_t38 + 0xc))) {
						goto L12;
					}
					_t62 =  *((intOrPtr*)( *((intOrPtr*)(_t38 + 8)) + _t59 * 4));
					goto L11;
				}
			}

0x00897db0
0x00897db2
0x00897dbd
0x00897dbe
0x00897dc5
0x00897dcc
0x00897dd1
0x00897ddd
0x00897de2
0x00897de8
0x00897dee
0x00897df6
0x00897dfc
0x00897e03
0x00897e08
0x00897e0e
0x00897e10
0x00897e15
0x00897e16
0x00897e1b
0x00897e1b
0x00897e24
0x00897e29
0x00897e29
0x00897e2f
0x00897e33
0x00897e39
0x00897e47
0x00000000
0x00897e3b
0x00897e3e
0x00897e43
0x00897eb5
0x00897eb9
0x00897ec4
0x00897ed3
0x00897ed3
0x00897e49
0x00897e4d
0x00897e5f
0x00897e61
0x00000000
0x00000000
0x00897e63
0x00897e65
0x00897e71
0x00897e76
0x00897e7c
0x00897e87
0x00897e96
0x00897e96
0x00897e9b
0x00897ea1
0x00897ea9
0x00897ead
0x00897eb2
0x00897e67
0x00897e67
0x00897e67
0x00000000
0x00897e65
0x00897e4f
0x00897e57
0x00000000
0x00000000
0x00897e5c
0x00000000
0x00897e5c

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00897DDD

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

std::_Lockit::_Lockit.LIBCPMT ref: 00897E03
std::bad_exception::bad_exception.LIBCMT ref: 00897E87
__CxxThrowException@8.LIBCMT ref: 00897E96
std::_Facet_Register.LIBCPMT ref: 00897EAD

Strings

bad cast, xrefs: 00897E7E

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_RegisterThrow__lockstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 153433846-3145022300
Opcode ID: 3336052e181d95d61a222855aceb4c930def0065e54559a868559a885b93693b
Instruction ID: f9281b8374b59ad481d20c9a1270bb79a29c0ef09d8b6e1c325ba4472944d330
Opcode Fuzzy Hash: 3336052e181d95d61a222855aceb4c930def0065e54559a868559a885b93693b
Instruction Fuzzy Hash: DF31C2726082019FDB14EF24D880E6BB7E4FB94B24F44466AF855D73A1D730AD05CB92

Uniqueness

Uniqueness Score: -1.00%

Function 00897EE0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E00897EE0(intOrPtr* _a4) {
				intOrPtr _v8;
				char _v12;
				char _v24;
				char _v28;
				char _v32;
				void* _v36;
				intOrPtr _v40;
				signed int _t25;
				void* _t32;
				void* _t38;
				signed int _t43;
				signed int _t44;
				intOrPtr _t46;
				intOrPtr _t49;
				signed int _t59;
				intOrPtr* _t62;
				void* _t67;
				signed int _t68;
				void* _t70;
				void* _t72;

				_push(0xffffffff);
				_push(E008DF138);
				_push( *[fs:0x0]);
				_t68 = _t67 - 0x18;
				_t25 =  *0x8f21d0; // 0x28a5f8b6
				_push(_t25 ^ _t68);
				 *[fs:0x0] =  &_v12;
				E008A9CD8( &_v28, 0);
				_t59 =  *0x8f4ae0; // 0x0
				_t46 =  *0x8f49e8; // 0x0
				_v8 = 0;
				_v40 = _t46;
				if(_t59 == 0) {
					E008A9CD8( &_v32, _t59);
					_t72 =  *0x8f4ae0 - _t59; // 0x0
					if(_t72 == 0) {
						_t43 =  *0x8f4ad0; // 0x0
						_t44 = _t43 + 1;
						 *0x8f4ad0 = _t44;
						 *0x8f4ae0 = _t44;
					}
					E008A9D33( &_v32);
					_t59 =  *0x8f4ae0; // 0x0
				}
				_t65 = _a4;
				_t49 =  *_a4;
				if(_t59 >=  *((intOrPtr*)(_t49 + 0xc))) {
					_t62 = 0;
					goto L8;
				} else {
					_t62 =  *((intOrPtr*)( *((intOrPtr*)(_t49 + 8)) + _t59 * 4));
					if(_t62 != 0) {
						L17:
						E008A9D33( &_v28);
						 *[fs:0x0] = _v12;
						return _t62;
					}
					L8:
					if( *((char*)(_t49 + 0x14)) == 0) {
						L11:
						if(_t62 != 0) {
							goto L17;
						}
						L12:
						if(_t46 == 0) {
							_t32 = E0089D4A0( &_v36, _t65);
							_t70 = _t68 + 8;
							if(_t32 == 0xffffffff) {
								E008C0981( &_v24, "bad cast");
								E008BF897( &_v28, 0x8eeb58);
							}
							_t62 = _v36;
							 *0x8f49e8 = _t62;
							 *((intOrPtr*)( *_t62 + 4))();
							E008AA1B7(_t62);
							_t68 = _t70 + 4;
						} else {
							_t62 = _t46;
						}
						goto L17;
					}
					_t38 = E008AA1DF();
					if(_t59 >=  *((intOrPtr*)(_t38 + 0xc))) {
						goto L12;
					}
					_t62 =  *((intOrPtr*)( *((intOrPtr*)(_t38 + 8)) + _t59 * 4));
					goto L11;
				}
			}

0x00897ee0
0x00897ee2
0x00897eed
0x00897eee
0x00897ef5
0x00897efc
0x00897f01
0x00897f0d
0x00897f12
0x00897f18
0x00897f1e
0x00897f26
0x00897f2c
0x00897f33
0x00897f38
0x00897f3e
0x00897f40
0x00897f45
0x00897f46
0x00897f4b
0x00897f4b
0x00897f54
0x00897f59
0x00897f59
0x00897f5f
0x00897f63
0x00897f69
0x00897f77
0x00000000
0x00897f6b
0x00897f6e
0x00897f73
0x00897fe5
0x00897fe9
0x00897ff4
0x00898003
0x00898003
0x00897f79
0x00897f7d
0x00897f8f
0x00897f91
0x00000000
0x00000000
0x00897f93
0x00897f95
0x00897fa1
0x00897fa6
0x00897fac
0x00897fb7
0x00897fc6
0x00897fc6
0x00897fcb
0x00897fd1
0x00897fd9
0x00897fdd
0x00897fe2
0x00897f97
0x00897f97
0x00897f97
0x00000000
0x00897f95
0x00897f7f
0x00897f87
0x00000000
0x00000000
0x00897f8c
0x00000000
0x00897f8c

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00897F0D

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

std::_Lockit::_Lockit.LIBCPMT ref: 00897F33
std::bad_exception::bad_exception.LIBCMT ref: 00897FB7
__CxxThrowException@8.LIBCMT ref: 00897FC6
std::_Facet_Register.LIBCPMT ref: 00897FDD

Strings

bad cast, xrefs: 00897FAE

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_RegisterThrow__lockstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 153433846-3145022300
Opcode ID: 2b67b972ca900bc8e9f101ba485e36f75e066878362d4449b49182016e3813e8
Instruction ID: b9b84abf3b66475d190577543814d20c6ce0ca51678c08b60f0a575f60b82cef
Opcode Fuzzy Hash: 2b67b972ca900bc8e9f101ba485e36f75e066878362d4449b49182016e3813e8
Instruction Fuzzy Hash: 1631B03650C2109FDB10EF24E881E6BB7E4FB54724F45062AF856E76A1DB30ED05CB92

Uniqueness

Uniqueness Score: -1.00%

Function 0089A620, Relevance: 10.6, APIs: 7, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0089A620(signed int* __ecx, void* __esi) {
				signed int _t20;
				signed int* _t32;
				signed int* _t36;
				void* _t38;
				void* _t39;

				_t36 = __ecx;
				E008AA305(__ecx);
				_t14 = _t36[0xb];
				_t39 = _t38 + 4;
				if(_t36[0xb] != 0) {
					E008C05C8(_t14);
					_t39 = _t39 + 4;
				}
				_t36[0xb] = 0;
				_t15 = _t36[9];
				if(_t36[9] != 0) {
					E008C05C8(_t15);
					_t39 = _t39 + 4;
				}
				_t36[9] = 0;
				_t16 = _t36[7];
				if(_t36[7] != 0) {
					E008C05C8(_t16);
					_t39 = _t39 + 4;
				}
				_t36[7] = 0;
				_t17 = _t36[5];
				if(_t36[5] != 0) {
					E008C05C8(_t17);
					_t39 = _t39 + 4;
				}
				_t36[5] = 0;
				_t18 = _t36[3];
				if(_t36[3] != 0) {
					E008C05C8(_t18);
					_t39 = _t39 + 4;
				}
				_t36[3] = 0;
				_t19 = _t36[1];
				if(_t36[1] != 0) {
					E008C05C8(_t19);
				}
				_t36[1] = 0;
				_t32 = _t36;
				_t20 =  *_t32;
				if(_t20 != 0) {
					if(_t20 < 4) {
						return E008AB642(0x8f4a70 + _t20 * 0x18, 0x8f4a70 + _t20 * 0x18);
					}
					return _t20;
				} else {
					return E008C209F(0xc);
				}
			}

0x0089a621
0x0089a624
0x0089a629
0x0089a62c
0x0089a631
0x0089a634
0x0089a639
0x0089a639
0x0089a63c
0x0089a643
0x0089a648
0x0089a64b
0x0089a650
0x0089a650
0x0089a653
0x0089a65a
0x0089a65f
0x0089a662
0x0089a667
0x0089a667
0x0089a66a
0x0089a671
0x0089a676
0x0089a679
0x0089a67e
0x0089a67e
0x0089a681
0x0089a688
0x0089a68d
0x0089a690
0x0089a695
0x0089a695
0x0089a698
0x0089a69f
0x0089a6a4
0x0089a6a7
0x0089a6ac
0x0089a6af
0x0089a6b6
0x008a9d33
0x008a9d37
0x008a9d45
0x00000000
0x008a9d55
0x008a9d56
0x008a9d39
0x008a9d41
0x008a9d41

APIs

std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 0089A624

Part of subcall function 008AA305: _setlocale.LIBCMT ref: 008AA31E

_free.LIBCMT ref: 0089A634

Part of subcall function 008C05C8: HeapFree.KERNEL32(00000000,00000000,?,008C8F73,00000000,008C3658,008CDFEC,00000000,?,008C350C,?,?,00000000), ref: 008C05DC
Part of subcall function 008C05C8: GetLastError.KERNEL32(00000000,?,008C8F73,00000000,008C3658,008CDFEC,00000000,?,008C350C,?,?,00000000,?,?,?,008C906D), ref: 008C05EE

_free.LIBCMT ref: 0089A64B
_free.LIBCMT ref: 0089A662
_free.LIBCMT ref: 0089A679
_free.LIBCMT ref: 0089A690
_free.LIBCMT ref: 0089A6A7

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: _free$ErrorFreeHeapLastLocinfo::_Locinfo_dtor_setlocalestd::_
String ID:
API String ID: 3515823920-0
Opcode ID: 9a4e955e77080c6cb2f67b4c2c204f1b74c298bd989b511723beb45e2bda05c0
Instruction ID: fef99aaa13589982d44e88f22d386c9ddb4984859901648399f38826902bbc13
Opcode Fuzzy Hash: 9a4e955e77080c6cb2f67b4c2c204f1b74c298bd989b511723beb45e2bda05c0
Instruction Fuzzy Hash: F801EDE0A017008BEF25AE29D805B1772E8FF14744F08492CE44AD7641EB75E518CF97

Uniqueness

Uniqueness Score: -1.00%

Function 008AF081, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E008AF081(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				void* _t22;
				intOrPtr* _t40;
				void* _t43;

				_push(0x14);
				E008C1E5D(E008E0C70, __ebx, __edi, __esi);
				E008A9CD8(_t43 - 0x14, 0);
				_t40 =  *0x8f4c28; // 0x0
				 *(_t43 - 4) =  *(_t43 - 4) & 0x00000000;
				 *((intOrPtr*)(_t43 - 0x10)) = _t40;
				_t17 = E0089D7D0( *((intOrPtr*)(_t43 + 8)), E0089ABF0());
				_t42 = _t17;
				if(_t17 == 0) {
					if(_t40 == 0) {
						_push( *((intOrPtr*)(_t43 + 8)));
						_push(_t43 - 0x10);
						_t22 = E008B09E8(__ebx, _t40, _t42, __eflags);
						__eflags = _t22 - 0xffffffff;
						if(_t22 == 0xffffffff) {
							E008C0981(_t43 - 0x20, "bad cast");
							E008BF897(_t43 - 0x20, 0x8eeb58);
						}
						_t42 =  *((intOrPtr*)(_t43 - 0x10));
						 *0x8f4c28 = _t42;
						 *((intOrPtr*)( *_t42 + 4))();
						E008AA1B7(_t42);
					} else {
						_t42 = _t40;
					}
				}
				E008A9D33(_t43 - 0x14);
				return E008C1E2B(_t42);
			}

0x008af081
0x008af088
0x008af092
0x008af097
0x008af0a2
0x008af0a6
0x008af0b2
0x008af0b7
0x008af0bb
0x008af0bf
0x008af0c5
0x008af0cb
0x008af0cc
0x008af0d3
0x008af0d6
0x008af0e0
0x008af0ee
0x008af0ee
0x008af0f3
0x008af0f8
0x008af100
0x008af104
0x008af0c1
0x008af0c1
0x008af0c1
0x008af0bf
0x008af10d
0x008af119

APIs

__EH_prolog3.LIBCMT ref: 008AF088
std::_Lockit::_Lockit.LIBCPMT ref: 008AF092

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

Part of subcall function 0089ABF0: std::_Lockit::_Lockit.LIBCPMT ref: 0089ABFF

std::bad_exception::bad_exception.LIBCMT ref: 008AF0E0
__CxxThrowException@8.LIBCMT ref: 008AF0EE
std::_Facet_Register.LIBCPMT ref: 008AF104

Strings

bad cast, xrefs: 008AF0D8

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__lockstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 1668375557-3145022300
Opcode ID: c46a7e6517fe97c122de80b93f00adfbb021825b81bb6bf116ed52c3438487e3
Instruction ID: 8de0ea01e60cd2e20af418a419d61e01d9dd38deef54aeea91090549c88b9f92
Opcode Fuzzy Hash: c46a7e6517fe97c122de80b93f00adfbb021825b81bb6bf116ed52c3438487e3
Instruction Fuzzy Hash: EE01A13590011997EF15EBA8C842AAE7374FF05720F140529F611E7692DF749A048B92

Uniqueness

Uniqueness Score: -1.00%

Function 008BB2D6, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E008BB2D6(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				void* _t22;
				intOrPtr* _t40;
				void* _t43;

				_push(0x14);
				E008C1E5D(E008E0C70, __ebx, __edi, __esi);
				E008A9CD8(_t43 - 0x14, 0);
				_t40 =  *0x8f4c88; // 0x0
				 *(_t43 - 4) =  *(_t43 - 4) & 0x00000000;
				 *((intOrPtr*)(_t43 - 0x10)) = _t40;
				_t17 = E0089D7D0( *((intOrPtr*)(_t43 + 8)), E0089ABF0());
				_t42 = _t17;
				if(_t17 == 0) {
					if(_t40 == 0) {
						_push( *((intOrPtr*)(_t43 + 8)));
						_push(_t43 - 0x10);
						_t22 = E008BB875(__ebx, _t40, _t42, __eflags);
						__eflags = _t22 - 0xffffffff;
						if(_t22 == 0xffffffff) {
							E008C0981(_t43 - 0x20, "bad cast");
							E008BF897(_t43 - 0x20, 0x8eeb58);
						}
						_t42 =  *((intOrPtr*)(_t43 - 0x10));
						 *0x8f4c88 = _t42;
						 *((intOrPtr*)( *_t42 + 4))();
						E008AA1B7(_t42);
					} else {
						_t42 = _t40;
					}
				}
				E008A9D33(_t43 - 0x14);
				return E008C1E2B(_t42);
			}

0x008bb2d6
0x008bb2dd
0x008bb2e7
0x008bb2ec
0x008bb2f7
0x008bb2fb
0x008bb307
0x008bb30c
0x008bb310
0x008bb314
0x008bb31a
0x008bb320
0x008bb321
0x008bb328
0x008bb32b
0x008bb335
0x008bb343
0x008bb343
0x008bb348
0x008bb34d
0x008bb355
0x008bb359
0x008bb316
0x008bb316
0x008bb316
0x008bb314
0x008bb362
0x008bb36e

APIs

__EH_prolog3.LIBCMT ref: 008BB2DD
std::_Lockit::_Lockit.LIBCPMT ref: 008BB2E7

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

Part of subcall function 0089ABF0: std::_Lockit::_Lockit.LIBCPMT ref: 0089ABFF

std::bad_exception::bad_exception.LIBCMT ref: 008BB335
__CxxThrowException@8.LIBCMT ref: 008BB343
std::_Facet_Register.LIBCPMT ref: 008BB359

Strings

bad cast, xrefs: 008BB32D

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__lockstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 1668375557-3145022300
Opcode ID: 6e6fef2ce3093f0b0d5264112d548fbd8cec8aeb4e2bc96a1d31841cc4fbae25
Instruction ID: 8dfa0b59c81c6f5c3d8066845b81f1f78a655fa0753b3d1d32fec34366a2434e
Opcode Fuzzy Hash: 6e6fef2ce3093f0b0d5264112d548fbd8cec8aeb4e2bc96a1d31841cc4fbae25
Instruction Fuzzy Hash: 1901A1319002199BDF04EBA8C842EEE73B8FF45720F240519F910E7392DFB49904C792

Uniqueness

Uniqueness Score: -1.00%

Function 008BB36F, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E008BB36F(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				void* _t22;
				intOrPtr* _t40;
				void* _t43;

				_push(0x14);
				E008C1E5D(E008E0C70, __ebx, __edi, __esi);
				E008A9CD8(_t43 - 0x14, 0);
				_t40 =  *0x8f4c8c; // 0x0
				 *(_t43 - 4) =  *(_t43 - 4) & 0x00000000;
				 *((intOrPtr*)(_t43 - 0x10)) = _t40;
				_t17 = E0089D7D0( *((intOrPtr*)(_t43 + 8)), E0089ABF0());
				_t42 = _t17;
				if(_t17 == 0) {
					if(_t40 == 0) {
						_push( *((intOrPtr*)(_t43 + 8)));
						_push(_t43 - 0x10);
						_t22 = E008BB8DD(__ebx, _t40, _t42, __eflags);
						__eflags = _t22 - 0xffffffff;
						if(_t22 == 0xffffffff) {
							E008C0981(_t43 - 0x20, "bad cast");
							E008BF897(_t43 - 0x20, 0x8eeb58);
						}
						_t42 =  *((intOrPtr*)(_t43 - 0x10));
						 *0x8f4c8c = _t42;
						 *((intOrPtr*)( *_t42 + 4))();
						E008AA1B7(_t42);
					} else {
						_t42 = _t40;
					}
				}
				E008A9D33(_t43 - 0x14);
				return E008C1E2B(_t42);
			}

0x008bb36f
0x008bb376
0x008bb380
0x008bb385
0x008bb390
0x008bb394
0x008bb3a0
0x008bb3a5
0x008bb3a9
0x008bb3ad
0x008bb3b3
0x008bb3b9
0x008bb3ba
0x008bb3c1
0x008bb3c4
0x008bb3ce
0x008bb3dc
0x008bb3dc
0x008bb3e1
0x008bb3e6
0x008bb3ee
0x008bb3f2
0x008bb3af
0x008bb3af
0x008bb3af
0x008bb3ad
0x008bb3fb
0x008bb407

APIs

__EH_prolog3.LIBCMT ref: 008BB376
std::_Lockit::_Lockit.LIBCPMT ref: 008BB380

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

Part of subcall function 0089ABF0: std::_Lockit::_Lockit.LIBCPMT ref: 0089ABFF

std::bad_exception::bad_exception.LIBCMT ref: 008BB3CE
__CxxThrowException@8.LIBCMT ref: 008BB3DC
std::_Facet_Register.LIBCPMT ref: 008BB3F2

Strings

bad cast, xrefs: 008BB3C6

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__lockstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 1668375557-3145022300
Opcode ID: e78bd846cb68996a52b8ab2c021d62fb24a7fdbfe3f8f444a04a687b590a9c3a
Instruction ID: 7770ac1f4ca731da48df591387db1cbeec7dcb87784f2b6d7fe30fa5212c5be4
Opcode Fuzzy Hash: e78bd846cb68996a52b8ab2c021d62fb24a7fdbfe3f8f444a04a687b590a9c3a
Instruction Fuzzy Hash: CD01C43190061997DF14FBA8C842EEE73B8FF05710F140519F510E7391DFB499048B92

Uniqueness

Uniqueness Score: -1.00%

Function 008BB53A, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E008BB53A(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				void* _t22;
				intOrPtr* _t40;
				void* _t43;

				_push(0x14);
				E008C1E5D(E008E0C70, __ebx, __edi, __esi);
				E008A9CD8(_t43 - 0x14, 0);
				_t40 =  *0x8f4c98; // 0x0
				 *(_t43 - 4) =  *(_t43 - 4) & 0x00000000;
				 *((intOrPtr*)(_t43 - 0x10)) = _t40;
				_t17 = E0089D7D0( *((intOrPtr*)(_t43 + 8)), E0089ABF0());
				_t42 = _t17;
				if(_t17 == 0) {
					if(_t40 == 0) {
						_push( *((intOrPtr*)(_t43 + 8)));
						_push(_t43 - 0x10);
						_t22 = E008BBA4E(__ebx, _t40, _t42, __eflags);
						__eflags = _t22 - 0xffffffff;
						if(_t22 == 0xffffffff) {
							E008C0981(_t43 - 0x20, "bad cast");
							E008BF897(_t43 - 0x20, 0x8eeb58);
						}
						_t42 =  *((intOrPtr*)(_t43 - 0x10));
						 *0x8f4c98 = _t42;
						 *((intOrPtr*)( *_t42 + 4))();
						E008AA1B7(_t42);
					} else {
						_t42 = _t40;
					}
				}
				E008A9D33(_t43 - 0x14);
				return E008C1E2B(_t42);
			}

0x008bb53a
0x008bb541
0x008bb54b
0x008bb550
0x008bb55b
0x008bb55f
0x008bb56b
0x008bb570
0x008bb574
0x008bb578
0x008bb57e
0x008bb584
0x008bb585
0x008bb58c
0x008bb58f
0x008bb599
0x008bb5a7
0x008bb5a7
0x008bb5ac
0x008bb5b1
0x008bb5b9
0x008bb5bd
0x008bb57a
0x008bb57a
0x008bb57a
0x008bb578
0x008bb5c6
0x008bb5d2

APIs

__EH_prolog3.LIBCMT ref: 008BB541
std::_Lockit::_Lockit.LIBCPMT ref: 008BB54B

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

Part of subcall function 0089ABF0: std::_Lockit::_Lockit.LIBCPMT ref: 0089ABFF

std::bad_exception::bad_exception.LIBCMT ref: 008BB599
__CxxThrowException@8.LIBCMT ref: 008BB5A7
std::_Facet_Register.LIBCPMT ref: 008BB5BD

Strings

bad cast, xrefs: 008BB591

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__lockstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 1668375557-3145022300
Opcode ID: 437a533110b675a9efc6369e0811974e54198680070879ce9fb5b079f27234b3
Instruction ID: f86f319ad7433635080d2d8d9f14a407925e68ac267e9d7675f33d721dfa081f
Opcode Fuzzy Hash: 437a533110b675a9efc6369e0811974e54198680070879ce9fb5b079f27234b3
Instruction Fuzzy Hash: DE01AD319002199BDF14FBA8C852EEE7778FF01720F240519F511EB292DFB49A048BA2

Uniqueness

Uniqueness Score: -1.00%

Function 008AE6EF, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E008AE6EF(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				void* _t22;
				intOrPtr* _t40;
				void* _t43;

				_push(0x14);
				E008C1E5D(E008E0C70, __ebx, __edi, __esi);
				E008A9CD8(_t43 - 0x14, 0);
				_t40 =  *0x8f4c14; // 0x0
				 *(_t43 - 4) =  *(_t43 - 4) & 0x00000000;
				 *((intOrPtr*)(_t43 - 0x10)) = _t40;
				_t17 = E0089D7D0( *((intOrPtr*)(_t43 + 8)), E0089ABF0());
				_t42 = _t17;
				if(_t17 == 0) {
					if(_t40 == 0) {
						_push( *((intOrPtr*)(_t43 + 8)));
						_push(_t43 - 0x10);
						_t22 = E008B02BC(__ebx, _t40, _t42, __eflags);
						__eflags = _t22 - 0xffffffff;
						if(_t22 == 0xffffffff) {
							E008C0981(_t43 - 0x20, "bad cast");
							E008BF897(_t43 - 0x20, 0x8eeb58);
						}
						_t42 =  *((intOrPtr*)(_t43 - 0x10));
						 *0x8f4c14 = _t42;
						 *((intOrPtr*)( *_t42 + 4))();
						E008AA1B7(_t42);
					} else {
						_t42 = _t40;
					}
				}
				E008A9D33(_t43 - 0x14);
				return E008C1E2B(_t42);
			}

0x008ae6ef
0x008ae6f6
0x008ae700
0x008ae705
0x008ae710
0x008ae714
0x008ae720
0x008ae725
0x008ae729
0x008ae72d
0x008ae733
0x008ae739
0x008ae73a
0x008ae741
0x008ae744
0x008ae74e
0x008ae75c
0x008ae75c
0x008ae761
0x008ae766
0x008ae76e
0x008ae772
0x008ae72f
0x008ae72f
0x008ae72f
0x008ae72d
0x008ae77b
0x008ae787

APIs

__EH_prolog3.LIBCMT ref: 008AE6F6
std::_Lockit::_Lockit.LIBCPMT ref: 008AE700

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

Part of subcall function 0089ABF0: std::_Lockit::_Lockit.LIBCPMT ref: 0089ABFF

std::bad_exception::bad_exception.LIBCMT ref: 008AE74E
__CxxThrowException@8.LIBCMT ref: 008AE75C
std::_Facet_Register.LIBCPMT ref: 008AE772

Strings

bad cast, xrefs: 008AE746

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__lockstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 1668375557-3145022300
Opcode ID: 9fbfd023aadec45a5bdcebe009cbe6ba8eb3b7bd3a5005649350393cc867f9fb
Instruction ID: eec5c89e713d8d738289b05bdcf46eeda2b14296a6dcf2a1c8f4495e25c9e775
Opcode Fuzzy Hash: 9fbfd023aadec45a5bdcebe009cbe6ba8eb3b7bd3a5005649350393cc867f9fb
Instruction Fuzzy Hash: 1801A13590011997EF14FBA8C942AAE7374FF41720F140919F511E7692DF7499448792

Uniqueness

Uniqueness Score: -1.00%

Function 008AE656, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E008AE656(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				void* _t22;
				intOrPtr* _t40;
				void* _t43;

				_push(0x14);
				E008C1E5D(E008E0C70, __ebx, __edi, __esi);
				E008A9CD8(_t43 - 0x14, 0);
				_t40 =  *0x8f4c40; // 0x0
				 *(_t43 - 4) =  *(_t43 - 4) & 0x00000000;
				 *((intOrPtr*)(_t43 - 0x10)) = _t40;
				_t17 = E0089D7D0( *((intOrPtr*)(_t43 + 8)), E0089ABF0());
				_t42 = _t17;
				if(_t17 == 0) {
					if(_t40 == 0) {
						_push( *((intOrPtr*)(_t43 + 8)));
						_push(_t43 - 0x10);
						_t22 = E008B0254(__ebx, _t40, _t42, __eflags);
						__eflags = _t22 - 0xffffffff;
						if(_t22 == 0xffffffff) {
							E008C0981(_t43 - 0x20, "bad cast");
							E008BF897(_t43 - 0x20, 0x8eeb58);
						}
						_t42 =  *((intOrPtr*)(_t43 - 0x10));
						 *0x8f4c40 = _t42;
						 *((intOrPtr*)( *_t42 + 4))();
						E008AA1B7(_t42);
					} else {
						_t42 = _t40;
					}
				}
				E008A9D33(_t43 - 0x14);
				return E008C1E2B(_t42);
			}

0x008ae656
0x008ae65d
0x008ae667
0x008ae66c
0x008ae677
0x008ae67b
0x008ae687
0x008ae68c
0x008ae690
0x008ae694
0x008ae69a
0x008ae6a0
0x008ae6a1
0x008ae6a8
0x008ae6ab
0x008ae6b5
0x008ae6c3
0x008ae6c3
0x008ae6c8
0x008ae6cd
0x008ae6d5
0x008ae6d9
0x008ae696
0x008ae696
0x008ae696
0x008ae694
0x008ae6e2
0x008ae6ee

APIs

__EH_prolog3.LIBCMT ref: 008AE65D
std::_Lockit::_Lockit.LIBCPMT ref: 008AE667

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

Part of subcall function 0089ABF0: std::_Lockit::_Lockit.LIBCPMT ref: 0089ABFF

std::bad_exception::bad_exception.LIBCMT ref: 008AE6B5
__CxxThrowException@8.LIBCMT ref: 008AE6C3
std::_Facet_Register.LIBCPMT ref: 008AE6D9

Strings

bad cast, xrefs: 008AE6AD

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__lockstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 1668375557-3145022300
Opcode ID: 44c87dd1b1e28811f4a18a722312ca265eb39f756b1ae1329f13d4d048c9a6a6
Instruction ID: a167c81a426d47ce281bfc6bd603aa9986f72342530ecbc6a5153a9d82411953
Opcode Fuzzy Hash: 44c87dd1b1e28811f4a18a722312ca265eb39f756b1ae1329f13d4d048c9a6a6
Instruction Fuzzy Hash: B001AD359002189BEF14EBA8C852AAE7374FF65760F540919F510EB6A2DF749904CB92

Uniqueness

Uniqueness Score: -1.00%

Function 008AE788, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E008AE788(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				void* _t22;
				intOrPtr* _t40;
				void* _t43;

				_push(0x14);
				E008C1E5D(E008E0C70, __ebx, __edi, __esi);
				E008A9CD8(_t43 - 0x14, 0);
				_t40 =  *0x8f4c44; // 0x0
				 *(_t43 - 4) =  *(_t43 - 4) & 0x00000000;
				 *((intOrPtr*)(_t43 - 0x10)) = _t40;
				_t17 = E0089D7D0( *((intOrPtr*)(_t43 + 8)), E0089ABF0());
				_t42 = _t17;
				if(_t17 == 0) {
					if(_t40 == 0) {
						_push( *((intOrPtr*)(_t43 + 8)));
						_push(_t43 - 0x10);
						_t22 = E008B0324(__ebx, _t40, _t42, __eflags);
						__eflags = _t22 - 0xffffffff;
						if(_t22 == 0xffffffff) {
							E008C0981(_t43 - 0x20, "bad cast");
							E008BF897(_t43 - 0x20, 0x8eeb58);
						}
						_t42 =  *((intOrPtr*)(_t43 - 0x10));
						 *0x8f4c44 = _t42;
						 *((intOrPtr*)( *_t42 + 4))();
						E008AA1B7(_t42);
					} else {
						_t42 = _t40;
					}
				}
				E008A9D33(_t43 - 0x14);
				return E008C1E2B(_t42);
			}

0x008ae788
0x008ae78f
0x008ae799
0x008ae79e
0x008ae7a9
0x008ae7ad
0x008ae7b9
0x008ae7be
0x008ae7c2
0x008ae7c6
0x008ae7cc
0x008ae7d2
0x008ae7d3
0x008ae7da
0x008ae7dd
0x008ae7e7
0x008ae7f5
0x008ae7f5
0x008ae7fa
0x008ae7ff
0x008ae807
0x008ae80b
0x008ae7c8
0x008ae7c8
0x008ae7c8
0x008ae7c6
0x008ae814
0x008ae820

APIs

__EH_prolog3.LIBCMT ref: 008AE78F
std::_Lockit::_Lockit.LIBCPMT ref: 008AE799

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

Part of subcall function 0089ABF0: std::_Lockit::_Lockit.LIBCPMT ref: 0089ABFF

std::bad_exception::bad_exception.LIBCMT ref: 008AE7E7
__CxxThrowException@8.LIBCMT ref: 008AE7F5
std::_Facet_Register.LIBCPMT ref: 008AE80B

Strings

bad cast, xrefs: 008AE7DF

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__lockstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 1668375557-3145022300
Opcode ID: 2c938911c2c8ef1d5c1c99c4e9d006add468d30f01fbd99e4e79c25ae30ac947
Instruction ID: bfb7440daaf30d8236efff51cba3dcb2e105c627dcefb417445aa223d85d4c10
Opcode Fuzzy Hash: 2c938911c2c8ef1d5c1c99c4e9d006add468d30f01fbd99e4e79c25ae30ac947
Instruction Fuzzy Hash: 7601AD359001199BDF14EBA8C842AAE73B8FF41720F240919F511EB692DF749904CB92

Uniqueness

Uniqueness Score: -1.00%

Function 008AE821, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E008AE821(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				void* _t22;
				intOrPtr* _t40;
				void* _t43;

				_push(0x14);
				E008C1E5D(E008E0C70, __ebx, __edi, __esi);
				E008A9CD8(_t43 - 0x14, 0);
				_t40 =  *0x8f4c18; // 0x0
				 *(_t43 - 4) =  *(_t43 - 4) & 0x00000000;
				 *((intOrPtr*)(_t43 - 0x10)) = _t40;
				_t17 = E0089D7D0( *((intOrPtr*)(_t43 + 8)), E0089ABF0());
				_t42 = _t17;
				if(_t17 == 0) {
					if(_t40 == 0) {
						_push( *((intOrPtr*)(_t43 + 8)));
						_push(_t43 - 0x10);
						_t22 = E008B038C(__ebx, _t40, _t42, __eflags);
						__eflags = _t22 - 0xffffffff;
						if(_t22 == 0xffffffff) {
							E008C0981(_t43 - 0x20, "bad cast");
							E008BF897(_t43 - 0x20, 0x8eeb58);
						}
						_t42 =  *((intOrPtr*)(_t43 - 0x10));
						 *0x8f4c18 = _t42;
						 *((intOrPtr*)( *_t42 + 4))();
						E008AA1B7(_t42);
					} else {
						_t42 = _t40;
					}
				}
				E008A9D33(_t43 - 0x14);
				return E008C1E2B(_t42);
			}

0x008ae821
0x008ae828
0x008ae832
0x008ae837
0x008ae842
0x008ae846
0x008ae852
0x008ae857
0x008ae85b
0x008ae85f
0x008ae865
0x008ae86b
0x008ae86c
0x008ae873
0x008ae876
0x008ae880
0x008ae88e
0x008ae88e
0x008ae893
0x008ae898
0x008ae8a0
0x008ae8a4
0x008ae861
0x008ae861
0x008ae861
0x008ae85f
0x008ae8ad
0x008ae8b9

APIs

__EH_prolog3.LIBCMT ref: 008AE828
std::_Lockit::_Lockit.LIBCPMT ref: 008AE832

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

Part of subcall function 0089ABF0: std::_Lockit::_Lockit.LIBCPMT ref: 0089ABFF

std::bad_exception::bad_exception.LIBCMT ref: 008AE880
__CxxThrowException@8.LIBCMT ref: 008AE88E
std::_Facet_Register.LIBCPMT ref: 008AE8A4

Strings

bad cast, xrefs: 008AE878

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__lockstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 1668375557-3145022300
Opcode ID: 8ee8cdcbd4093d4a4c48b61187d7777a54a9eeeb2ffbacb56875754c1cb028c1
Instruction ID: 2c1c4e49c82bbe3b2bf7163a43313dc8ca1c2bb2384f497f9854e081963174b1
Opcode Fuzzy Hash: 8ee8cdcbd4093d4a4c48b61187d7777a54a9eeeb2ffbacb56875754c1cb028c1
Instruction Fuzzy Hash: 4C01AD319002189BDF14FBA8C842AAE7374FF45720F150969F911EB692DF789A44CB92

Uniqueness

Uniqueness Score: -1.00%

Function 008AEBB7, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E008AEBB7(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				void* _t22;
				intOrPtr* _t40;
				void* _t43;

				_push(0x14);
				E008C1E5D(E008E0C70, __ebx, __edi, __esi);
				E008A9CD8(_t43 - 0x14, 0);
				_t40 =  *0x8f4c00; // 0x0
				 *(_t43 - 4) =  *(_t43 - 4) & 0x00000000;
				 *((intOrPtr*)(_t43 - 0x10)) = _t40;
				_t17 = E0089D7D0( *((intOrPtr*)(_t43 + 8)), E0089ABF0());
				_t42 = _t17;
				if(_t17 == 0) {
					if(_t40 == 0) {
						_push( *((intOrPtr*)(_t43 + 8)));
						_push(_t43 - 0x10);
						_t22 = E008B066E(__ebx, _t40, _t42, __eflags);
						__eflags = _t22 - 0xffffffff;
						if(_t22 == 0xffffffff) {
							E008C0981(_t43 - 0x20, "bad cast");
							E008BF897(_t43 - 0x20, 0x8eeb58);
						}
						_t42 =  *((intOrPtr*)(_t43 - 0x10));
						 *0x8f4c00 = _t42;
						 *((intOrPtr*)( *_t42 + 4))();
						E008AA1B7(_t42);
					} else {
						_t42 = _t40;
					}
				}
				E008A9D33(_t43 - 0x14);
				return E008C1E2B(_t42);
			}

0x008aebb7
0x008aebbe
0x008aebc8
0x008aebcd
0x008aebd8
0x008aebdc
0x008aebe8
0x008aebed
0x008aebf1
0x008aebf5
0x008aebfb
0x008aec01
0x008aec02
0x008aec09
0x008aec0c
0x008aec16
0x008aec24
0x008aec24
0x008aec29
0x008aec2e
0x008aec36
0x008aec3a
0x008aebf7
0x008aebf7
0x008aebf7
0x008aebf5
0x008aec43
0x008aec4f

APIs

__EH_prolog3.LIBCMT ref: 008AEBBE
std::_Lockit::_Lockit.LIBCPMT ref: 008AEBC8

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

Part of subcall function 0089ABF0: std::_Lockit::_Lockit.LIBCPMT ref: 0089ABFF

std::bad_exception::bad_exception.LIBCMT ref: 008AEC16
__CxxThrowException@8.LIBCMT ref: 008AEC24
std::_Facet_Register.LIBCPMT ref: 008AEC3A

Strings

bad cast, xrefs: 008AEC0E

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__lockstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 1668375557-3145022300
Opcode ID: 258b91ea9efe3b302567f7e43b55814c68e5e7e83bbaf8fd1e5b84f03a633163
Instruction ID: d6085e9bb22f83ea372ef58e96c614513af134e0f37c3d61e2ab5ea53e0ac2fb
Opcode Fuzzy Hash: 258b91ea9efe3b302567f7e43b55814c68e5e7e83bbaf8fd1e5b84f03a633163
Instruction Fuzzy Hash: AC01C0359002189BEF04FBA8C856EEE7378FF02720F150919F911EB692DF74D9048B92

Uniqueness

Uniqueness Score: -1.00%

Function 008AEB1E, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E008AEB1E(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				void* _t22;
				intOrPtr* _t40;
				void* _t43;

				_push(0x14);
				E008C1E5D(E008E0C70, __ebx, __edi, __esi);
				E008A9CD8(_t43 - 0x14, 0);
				_t40 =  *0x8f4c2c; // 0x0
				 *(_t43 - 4) =  *(_t43 - 4) & 0x00000000;
				 *((intOrPtr*)(_t43 - 0x10)) = _t40;
				_t17 = E0089D7D0( *((intOrPtr*)(_t43 + 8)), E0089ABF0());
				_t42 = _t17;
				if(_t17 == 0) {
					if(_t40 == 0) {
						_push( *((intOrPtr*)(_t43 + 8)));
						_push(_t43 - 0x10);
						_t22 = E008B0606(__ebx, _t40, _t42, __eflags);
						__eflags = _t22 - 0xffffffff;
						if(_t22 == 0xffffffff) {
							E008C0981(_t43 - 0x20, "bad cast");
							E008BF897(_t43 - 0x20, 0x8eeb58);
						}
						_t42 =  *((intOrPtr*)(_t43 - 0x10));
						 *0x8f4c2c = _t42;
						 *((intOrPtr*)( *_t42 + 4))();
						E008AA1B7(_t42);
					} else {
						_t42 = _t40;
					}
				}
				E008A9D33(_t43 - 0x14);
				return E008C1E2B(_t42);
			}

0x008aeb1e
0x008aeb25
0x008aeb2f
0x008aeb34
0x008aeb3f
0x008aeb43
0x008aeb4f
0x008aeb54
0x008aeb58
0x008aeb5c
0x008aeb62
0x008aeb68
0x008aeb69
0x008aeb70
0x008aeb73
0x008aeb7d
0x008aeb8b
0x008aeb8b
0x008aeb90
0x008aeb95
0x008aeb9d
0x008aeba1
0x008aeb5e
0x008aeb5e
0x008aeb5e
0x008aeb5c
0x008aebaa
0x008aebb6

APIs

__EH_prolog3.LIBCMT ref: 008AEB25
std::_Lockit::_Lockit.LIBCPMT ref: 008AEB2F

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

Part of subcall function 0089ABF0: std::_Lockit::_Lockit.LIBCPMT ref: 0089ABFF

std::bad_exception::bad_exception.LIBCMT ref: 008AEB7D
__CxxThrowException@8.LIBCMT ref: 008AEB8B
std::_Facet_Register.LIBCPMT ref: 008AEBA1

Strings

bad cast, xrefs: 008AEB75

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__lockstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 1668375557-3145022300
Opcode ID: 77546485ca6aab0eb3318f0f5d7363dc729e42c2d2293f0b16dfee049a4509d7
Instruction ID: b1aa29c3f27c60d55d53e8c7c5ec5db19e873c5e43c4c20e125bc4896834e71e
Opcode Fuzzy Hash: 77546485ca6aab0eb3318f0f5d7363dc729e42c2d2293f0b16dfee049a4509d7
Instruction Fuzzy Hash: 7301A1319002199BEF14EBA8C856EAE7374FF15720F140919F511F7692DF749905CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 008AECE9, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E008AECE9(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				void* _t22;
				intOrPtr* _t40;
				void* _t43;

				_push(0x14);
				E008C1E5D(E008E0C70, __ebx, __edi, __esi);
				E008A9CD8(_t43 - 0x14, 0);
				_t40 =  *0x8f4c04; // 0x0
				 *(_t43 - 4) =  *(_t43 - 4) & 0x00000000;
				 *((intOrPtr*)(_t43 - 0x10)) = _t40;
				_t17 = E0089D7D0( *((intOrPtr*)(_t43 + 8)), E0089ABF0());
				_t42 = _t17;
				if(_t17 == 0) {
					if(_t40 == 0) {
						_push( *((intOrPtr*)(_t43 + 8)));
						_push(_t43 - 0x10);
						_t22 = E008B073E(__ebx, _t40, _t42, __eflags);
						__eflags = _t22 - 0xffffffff;
						if(_t22 == 0xffffffff) {
							E008C0981(_t43 - 0x20, "bad cast");
							E008BF897(_t43 - 0x20, 0x8eeb58);
						}
						_t42 =  *((intOrPtr*)(_t43 - 0x10));
						 *0x8f4c04 = _t42;
						 *((intOrPtr*)( *_t42 + 4))();
						E008AA1B7(_t42);
					} else {
						_t42 = _t40;
					}
				}
				E008A9D33(_t43 - 0x14);
				return E008C1E2B(_t42);
			}

0x008aece9
0x008aecf0
0x008aecfa
0x008aecff
0x008aed0a
0x008aed0e
0x008aed1a
0x008aed1f
0x008aed23
0x008aed27
0x008aed2d
0x008aed33
0x008aed34
0x008aed3b
0x008aed3e
0x008aed48
0x008aed56
0x008aed56
0x008aed5b
0x008aed60
0x008aed68
0x008aed6c
0x008aed29
0x008aed29
0x008aed29
0x008aed27
0x008aed75
0x008aed81

APIs

__EH_prolog3.LIBCMT ref: 008AECF0
std::_Lockit::_Lockit.LIBCPMT ref: 008AECFA

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

Part of subcall function 0089ABF0: std::_Lockit::_Lockit.LIBCPMT ref: 0089ABFF

std::bad_exception::bad_exception.LIBCMT ref: 008AED48
__CxxThrowException@8.LIBCMT ref: 008AED56
std::_Facet_Register.LIBCPMT ref: 008AED6C

Strings

bad cast, xrefs: 008AED40

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__lockstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 1668375557-3145022300
Opcode ID: 131b384aeff841dae296eb1872a9b814a1584ce53031a7c97118158947688cd8
Instruction ID: 33089b56b937b50f0d9668f15a18b0cd5f7b4a128df0f2dd0ffd1121c198e09e
Opcode Fuzzy Hash: 131b384aeff841dae296eb1872a9b814a1584ce53031a7c97118158947688cd8
Instruction Fuzzy Hash: 5501AD719002189BEF04EBACC852AAE7374FF01720F140919F911EB692DF749D048B92

Uniqueness

Uniqueness Score: -1.00%

Function 008AEC50, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E008AEC50(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				void* _t22;
				intOrPtr* _t40;
				void* _t43;

				_push(0x14);
				E008C1E5D(E008E0C70, __ebx, __edi, __esi);
				E008A9CD8(_t43 - 0x14, 0);
				_t40 =  *0x8f4c30; // 0x0
				 *(_t43 - 4) =  *(_t43 - 4) & 0x00000000;
				 *((intOrPtr*)(_t43 - 0x10)) = _t40;
				_t17 = E0089D7D0( *((intOrPtr*)(_t43 + 8)), E0089ABF0());
				_t42 = _t17;
				if(_t17 == 0) {
					if(_t40 == 0) {
						_push( *((intOrPtr*)(_t43 + 8)));
						_push(_t43 - 0x10);
						_t22 = E008B06D6(__ebx, _t40, _t42, __eflags);
						__eflags = _t22 - 0xffffffff;
						if(_t22 == 0xffffffff) {
							E008C0981(_t43 - 0x20, "bad cast");
							E008BF897(_t43 - 0x20, 0x8eeb58);
						}
						_t42 =  *((intOrPtr*)(_t43 - 0x10));
						 *0x8f4c30 = _t42;
						 *((intOrPtr*)( *_t42 + 4))();
						E008AA1B7(_t42);
					} else {
						_t42 = _t40;
					}
				}
				E008A9D33(_t43 - 0x14);
				return E008C1E2B(_t42);
			}

0x008aec50
0x008aec57
0x008aec61
0x008aec66
0x008aec71
0x008aec75
0x008aec81
0x008aec86
0x008aec8a
0x008aec8e
0x008aec94
0x008aec9a
0x008aec9b
0x008aeca2
0x008aeca5
0x008aecaf
0x008aecbd
0x008aecbd
0x008aecc2
0x008aecc7
0x008aeccf
0x008aecd3
0x008aec90
0x008aec90
0x008aec90
0x008aec8e
0x008aecdc
0x008aece8

APIs

__EH_prolog3.LIBCMT ref: 008AEC57
std::_Lockit::_Lockit.LIBCPMT ref: 008AEC61

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

Part of subcall function 0089ABF0: std::_Lockit::_Lockit.LIBCPMT ref: 0089ABFF

std::bad_exception::bad_exception.LIBCMT ref: 008AECAF
__CxxThrowException@8.LIBCMT ref: 008AECBD
std::_Facet_Register.LIBCPMT ref: 008AECD3

Strings

bad cast, xrefs: 008AECA7

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__lockstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 1668375557-3145022300
Opcode ID: c0e4afad7e06bd5cd2923a50658708f7819ff4181b4aaf5e1b4e544c0ce38934
Instruction ID: c25f0e4e005d93067ba0e3a6c84193b90174801451c074bbe8b96212af25b314
Opcode Fuzzy Hash: c0e4afad7e06bd5cd2923a50658708f7819ff4181b4aaf5e1b4e544c0ce38934
Instruction Fuzzy Hash: 4701AD369102199BDF14EBA8C842ABE7374FF52720F140919F911EB692DF749904CB92

Uniqueness

Uniqueness Score: -1.00%

Function 008AEEB4, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E008AEEB4(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				void* _t22;
				intOrPtr* _t40;
				void* _t43;

				_push(0x14);
				E008C1E5D(E008E0C70, __ebx, __edi, __esi);
				E008A9CD8(_t43 - 0x14, 0);
				_t40 =  *0x8f4c50; // 0x0
				 *(_t43 - 4) =  *(_t43 - 4) & 0x00000000;
				 *((intOrPtr*)(_t43 - 0x10)) = _t40;
				_t17 = E0089D7D0( *((intOrPtr*)(_t43 + 8)), E0089ABF0());
				_t42 = _t17;
				if(_t17 == 0) {
					if(_t40 == 0) {
						_push( *((intOrPtr*)(_t43 + 8)));
						_push(_t43 - 0x10);
						_t22 = E008B089C(__ebx, _t40, _t42, __eflags);
						__eflags = _t22 - 0xffffffff;
						if(_t22 == 0xffffffff) {
							E008C0981(_t43 - 0x20, "bad cast");
							E008BF897(_t43 - 0x20, 0x8eeb58);
						}
						_t42 =  *((intOrPtr*)(_t43 - 0x10));
						 *0x8f4c50 = _t42;
						 *((intOrPtr*)( *_t42 + 4))();
						E008AA1B7(_t42);
					} else {
						_t42 = _t40;
					}
				}
				E008A9D33(_t43 - 0x14);
				return E008C1E2B(_t42);
			}

0x008aeeb4
0x008aeebb
0x008aeec5
0x008aeeca
0x008aeed5
0x008aeed9
0x008aeee5
0x008aeeea
0x008aeeee
0x008aeef2
0x008aeef8
0x008aeefe
0x008aeeff
0x008aef06
0x008aef09
0x008aef13
0x008aef21
0x008aef21
0x008aef26
0x008aef2b
0x008aef33
0x008aef37
0x008aeef4
0x008aeef4
0x008aeef4
0x008aeef2
0x008aef40
0x008aef4c

APIs

__EH_prolog3.LIBCMT ref: 008AEEBB
std::_Lockit::_Lockit.LIBCPMT ref: 008AEEC5

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

Part of subcall function 0089ABF0: std::_Lockit::_Lockit.LIBCPMT ref: 0089ABFF

std::bad_exception::bad_exception.LIBCMT ref: 008AEF13
__CxxThrowException@8.LIBCMT ref: 008AEF21
std::_Facet_Register.LIBCPMT ref: 008AEF37

Strings

bad cast, xrefs: 008AEF0B

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__lockstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 1668375557-3145022300
Opcode ID: 237c12d8cd82c7c2d3c994ad1de1610c7ac91a4ab357c1682353ea4e4eaa3cd2
Instruction ID: 9cf3b27f4a0ecc98324d37a7441a5290672c1eaea894ccc6b865b7432a2b0053
Opcode Fuzzy Hash: 237c12d8cd82c7c2d3c994ad1de1610c7ac91a4ab357c1682353ea4e4eaa3cd2
Instruction Fuzzy Hash: 6A01ED328002599BEF10FBA8C802EAE7374FF12360F100919F520EB6A2CF7099048B92

Uniqueness

Uniqueness Score: -1.00%

Function 008AEFE8, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E008AEFE8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				void* _t22;
				intOrPtr* _t40;
				void* _t43;

				_push(0x14);
				E008C1E5D(E008E0C70, __ebx, __edi, __esi);
				E008A9CD8(_t43 - 0x14, 0);
				_t40 =  *0x8f4c54; // 0x0
				 *(_t43 - 4) =  *(_t43 - 4) & 0x00000000;
				 *((intOrPtr*)(_t43 - 0x10)) = _t40;
				_t17 = E0089D7D0( *((intOrPtr*)(_t43 + 8)), E0089ABF0());
				_t42 = _t17;
				if(_t17 == 0) {
					if(_t40 == 0) {
						_push( *((intOrPtr*)(_t43 + 8)));
						_push(_t43 - 0x10);
						_t22 = E008B0974(__ebx, _t40, _t42, __eflags);
						__eflags = _t22 - 0xffffffff;
						if(_t22 == 0xffffffff) {
							E008C0981(_t43 - 0x20, "bad cast");
							E008BF897(_t43 - 0x20, 0x8eeb58);
						}
						_t42 =  *((intOrPtr*)(_t43 - 0x10));
						 *0x8f4c54 = _t42;
						 *((intOrPtr*)( *_t42 + 4))();
						E008AA1B7(_t42);
					} else {
						_t42 = _t40;
					}
				}
				E008A9D33(_t43 - 0x14);
				return E008C1E2B(_t42);
			}

0x008aefe8
0x008aefef
0x008aeff9
0x008aeffe
0x008af009
0x008af00d
0x008af019
0x008af01e
0x008af022
0x008af026
0x008af02c
0x008af032
0x008af033
0x008af03a
0x008af03d
0x008af047
0x008af055
0x008af055
0x008af05a
0x008af05f
0x008af067
0x008af06b
0x008af028
0x008af028
0x008af028
0x008af026
0x008af074
0x008af080

APIs

__EH_prolog3.LIBCMT ref: 008AEFEF
std::_Lockit::_Lockit.LIBCPMT ref: 008AEFF9

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

Part of subcall function 0089ABF0: std::_Lockit::_Lockit.LIBCPMT ref: 0089ABFF

std::bad_exception::bad_exception.LIBCMT ref: 008AF047
__CxxThrowException@8.LIBCMT ref: 008AF055
std::_Facet_Register.LIBCPMT ref: 008AF06B

Strings

bad cast, xrefs: 008AF03F

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__lockstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 1668375557-3145022300
Opcode ID: f10ef9291f4653f4440db2742a815986cf35d43fc3e47fcf035b580f9c21a837
Instruction ID: ed65f065e39f8f2cd59d625f7fdb6e3d020ce02923ce14058a5b8009c129f4fe
Opcode Fuzzy Hash: f10ef9291f4653f4440db2742a815986cf35d43fc3e47fcf035b580f9c21a837
Instruction Fuzzy Hash: 4B01AD369005189BEF15EBB8C852AAE7374FF21720F140529F611EB693DF749944CB92

Uniqueness

Uniqueness Score: -1.00%

Function 008AEF4D, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E008AEF4D(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				void* _t22;
				intOrPtr* _t40;
				void* _t43;

				_push(0x14);
				E008C1E5D(E008E0C70, __ebx, __edi, __esi);
				E008A9CD8(_t43 - 0x14, 0);
				_t40 =  *0x8f4c24; // 0x0
				 *(_t43 - 4) =  *(_t43 - 4) & 0x00000000;
				 *((intOrPtr*)(_t43 - 0x10)) = _t40;
				_t17 = E0089D7D0( *((intOrPtr*)(_t43 + 8)), E0089ABF0());
				_t42 = _t17;
				if(_t17 == 0) {
					if(_t40 == 0) {
						_push( *((intOrPtr*)(_t43 + 8)));
						_push(_t43 - 0x10);
						_t22 = E008B0908(__ebx, _t40, _t42, __eflags);
						__eflags = _t22 - 0xffffffff;
						if(_t22 == 0xffffffff) {
							E008C0981(_t43 - 0x20, "bad cast");
							E008BF897(_t43 - 0x20, 0x8eeb58);
						}
						_t42 =  *((intOrPtr*)(_t43 - 0x10));
						 *0x8f4c24 = _t42;
						 *((intOrPtr*)( *_t42 + 4))();
						E008AA1B7(_t42);
					} else {
						_t42 = _t40;
					}
				}
				E008A9D33(_t43 - 0x14);
				return E008C1E2B(_t42);
			}

0x008aef4d
0x008aef54
0x008aef5e
0x008aef63
0x008aef6e
0x008aef72
0x008aef7e
0x008aef83
0x008aef87
0x008aef8b
0x008aef91
0x008aef97
0x008aef98
0x008aef9f
0x008aefa2
0x008aefac
0x008aefba
0x008aefba
0x008aefbf
0x008aefc4
0x008aefcc
0x008aefd0
0x008aef8d
0x008aef8d
0x008aef8d
0x008aef8b
0x008aefd9
0x008aefe5

APIs

__EH_prolog3.LIBCMT ref: 008AEF54
std::_Lockit::_Lockit.LIBCPMT ref: 008AEF5E

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

Part of subcall function 0089ABF0: std::_Lockit::_Lockit.LIBCPMT ref: 0089ABFF

std::bad_exception::bad_exception.LIBCMT ref: 008AEFAC
__CxxThrowException@8.LIBCMT ref: 008AEFBA
std::_Facet_Register.LIBCPMT ref: 008AEFD0

Strings

bad cast, xrefs: 008AEFA4

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__lockstd::bad_exception::bad_exception
String ID: bad cast
API String ID: 1668375557-3145022300
Opcode ID: 38cede2ac9471d1ab45926f83e82e9c2bbe22ad4567f146e3814a6518abc3a52
Instruction ID: eb9569d1b10012eaeda94a7fe01ef72433e3c5bbb1fdd65baa8970d4237e83a0
Opcode Fuzzy Hash: 38cede2ac9471d1ab45926f83e82e9c2bbe22ad4567f146e3814a6518abc3a52
Instruction Fuzzy Hash: D501AD329001189BEF14EBA8C842AAE77B8FF05720F150919F950EB692DF749A048B92

Uniqueness

Uniqueness Score: -1.00%

Function 008C9035, Relevance: 10.5, APIs: 7, Instructions: 45
threadCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E008C9035(void* __ebx, void* __edx, void* __edi, void* __eflags) {
				void* __esi;
				void* _t3;
				intOrPtr _t6;
				long _t14;
				long* _t28;

				E008C7C92(_t3);
				if(E008C2066() != 0) {
					_t6 = E008C3D7C(E008C8DC6);
					 *0x8f28b4 = _t6;
					__eflags = _t6 - 0xffffffff;
					if(_t6 == 0xffffffff) {
						goto L1;
					} else {
						_t28 = E008C34F8(1, 0x3bc);
						__eflags = _t28;
						if(_t28 == 0) {
							L6:
							E008C90AB();
							__eflags = 0;
							return 0;
						} else {
							__eflags = E008C3DD8( *0x8f28b4, _t28);
							if(__eflags == 0) {
								goto L6;
							} else {
								_push(0);
								_push(_t28);
								E008C8F82(__ebx, __edx, __edi, _t28, __eflags);
								_t14 = GetCurrentThreadId();
								_t28[1] = _t28[1] | 0xffffffff;
								 *_t28 = _t14;
								__eflags = 1;
								return 1;
							}
						}
					}
				} else {
					L1:
					E008C90AB();
					return 0;
				}
			}

0x008c9035
0x008c9041
0x008c9050
0x008c9055
0x008c905b
0x008c905e
0x00000000
0x008c9060
0x008c906d
0x008c9071
0x008c9073
0x008c90a2
0x008c90a2
0x008c90a7
0x008c90aa
0x008c9075
0x008c9083
0x008c9085
0x00000000
0x008c9087
0x008c9087
0x008c9089
0x008c908a
0x008c9091
0x008c9097
0x008c909b
0x008c909f
0x008c90a1
0x008c90a1
0x008c9085
0x008c9073
0x008c9043
0x008c9043
0x008c9043
0x008c904a
0x008c904a

APIs

__init_pointers.LIBCMT ref: 008C9035

Part of subcall function 008C7C92: EncodePointer.KERNEL32(00000000,?,008C903A,008C04CB,008F06C8,00000014), ref: 008C7C95
Part of subcall function 008C7C92: __initp_misc_winsig.LIBCMT ref: 008C7CB0

__mtinitlocks.LIBCMT ref: 008C903A
__mtterm.LIBCMT ref: 008C9043
__calloc_crt.LIBCMT ref: 008C9068
__initptd.LIBCMT ref: 008C908A
GetCurrentThreadId.KERNEL32 ref: 008C9091

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: CurrentEncodePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm
String ID:
API String ID: 1469070506-0
Opcode ID: eba2d62e24eeb97e3aa34d0f0bfcadba10355d64d3404632cba76989231c55ff
Instruction ID: 3782a439915d5276535b0effbe1d306797edf16ceceae4d1e019d2ebc3f4b2f7
Opcode Fuzzy Hash: eba2d62e24eeb97e3aa34d0f0bfcadba10355d64d3404632cba76989231c55ff
Instruction Fuzzy Hash: 47F09032159A115EE238777CBC0BF5A26B4FF02770B24866DF5A0D50D5EE35C9428196

Uniqueness

Uniqueness Score: -1.00%

Function 0089B70B, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 127
registryCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E0089B70B(short* __ebx, void* __edx, void* __edi, char** __esi) {
				intOrPtr _t55;
				void* _t59;
				void* _t63;
				void* _t65;
				short* _t82;
				void* _t83;
				void* _t91;
				void* _t93;
				char* _t97;
				void* _t98;
				signed int _t101;
				void* _t103;
				void* _t107;

				_t92 = __edi;
				_t91 = __edx;
				_t82 = __ebx;
				_t97 =  *__esi;
				if(RegLoadKeyA(0x80000003, "NTUSER.DAT", _t97) == 0) {
					_t63 = E00891210(_t101 - 0x74, __edi, "NTUSER.DAT");
					_push("\\");
					 *((char*)(_t101 - 4)) = 2;
					_t65 = E00894D60(__ebx, _t101, _t101 - 0x5c, _t63);
					_push("Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders");
					 *((char*)(_t101 - 4)) = 3;
					E00894D60(__ebx, _t101, _t101 - 0x8c, _t65);
					_t107 = _t103 + 0x18;
					if( *((intOrPtr*)(_t101 - 0x48)) >= 0x10) {
						L008BED53( *((intOrPtr*)(_t101 - 0x5c)));
						_t107 = _t107 + 4;
					}
					 *((intOrPtr*)(_t101 - 0x48)) = 0xf;
					 *((intOrPtr*)(_t101 - 0x4c)) = 0;
					 *((char*)(_t101 - 0x5c)) = 0;
					 *((char*)(_t101 - 4)) = 6;
					if( *((intOrPtr*)(_t101 - 0x60)) >= 0x10) {
						L008BED53( *((intOrPtr*)(_t101 - 0x74)));
						_t107 = _t107 + 4;
					}
					 *((intOrPtr*)(_t101 - 0x60)) = 0xf;
					 *((intOrPtr*)(_t101 - 0x64)) = 0;
					 *((char*)(_t101 - 0x74)) = 0;
					E00891210(_t101 - 0xa4, _t92, "AppData");
					 *((char*)(_t101 - 4)) = 7;
					_t70 =  >=  ?  *((void*)(_t101 - 0x8c)) : _t101 - 0x8c;
					E00891210(_t101 - 0x44, _t92,  >=  ?  *((void*)(_t101 - 0x8c)) : _t101 - 0x8c);
					_push(0);
					 *((char*)(_t101 - 4)) = 8;
					E008A6860(0x80000003, _t101 - 0x44, _t101 - 0xa4, _t101 - 0x2c);
					_t103 = _t107 + 0x14;
					if( *((intOrPtr*)(_t101 - 0x30)) >= 0x10) {
						L008BED53( *((intOrPtr*)(_t101 - 0x44)));
						_t103 = _t103 + 4;
					}
					 *((intOrPtr*)(_t101 - 0x30)) = 0xf;
					 *((intOrPtr*)(_t101 - 0x34)) = 0;
					 *((char*)(_t101 - 0x44)) = 0;
					 *((char*)(_t101 - 4)) = 6;
					if( *((intOrPtr*)(_t101 - 0x90)) >= 0x10) {
						L008BED53( *((intOrPtr*)(_t101 - 0xa4)));
						_t103 = _t103 + 4;
					}
					RegUnLoadKeyA(0x80000003, "NTUSER.DAT");
					if( *((intOrPtr*)(_t101 - 0x78)) >= 0x10) {
						L008BED53( *((intOrPtr*)(_t101 - 0x8c)));
						_t103 = _t103 + 4;
					}
				}
				 *((intOrPtr*)(_t82 + 0x14)) = 7;
				 *((intOrPtr*)(_t82 + 0x10)) = 0;
				 *((intOrPtr*)(_t101 - 4)) = 0;
				 *_t82 = 0;
				_t55 =  *((intOrPtr*)(_t101 - 0x1c));
				 *((char*)(_t101 - 4)) = 0xa;
				 *((intOrPtr*)(_t101 - 0xa8)) = _t55;
				if(_t55 != 0) {
					_t95 =  >=  ?  *((void*)(_t101 - 0x2c)) : _t101 - 0x2c;
					_t100 =  >=  ?  *((void*)(_t101 - 0x2c)) : _t101 - 0x2c;
					_t59 = L008A8290();
					_t61 =  *((intOrPtr*)(_t101 - 0xa8)) + ( >=  ?  *((void*)(_t101 - 0x2c)) : _t101 - 0x2c);
					E008A6F80(_t101,  >=  ?  *((void*)(_t101 - 0x2c)) : _t101 - 0x2c,  *((intOrPtr*)(_t101 - 0xa8)) + ( >=  ?  *((void*)(_t101 - 0x2c)) : _t101 - 0x2c), _t82, _t59);
					_t103 = _t103 + 0x10;
				}
				if( *((intOrPtr*)(_t101 - 0x18)) >= 0x10) {
					L008BED53( *((intOrPtr*)(_t101 - 0x2c)));
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t101 - 0xc));
				_pop(_t93);
				_pop(_t98);
				_pop(_t83);
				return E008BF888(_t83,  *(_t101 - 0x14) ^ _t101, _t91, _t93, _t98);
			}

0x0089b70b
0x0089b70b
0x0089b70b
0x0089b70b
0x0089b720
0x0089b72e
0x0089b733
0x0089b73c
0x0089b741
0x0089b749
0x0089b755
0x0089b75a
0x0089b75f
0x0089b766
0x0089b76b
0x0089b770
0x0089b770
0x0089b773
0x0089b77a
0x0089b781
0x0089b789
0x0089b78d
0x0089b792
0x0089b797
0x0089b797
0x0089b7a5
0x0089b7ac
0x0089b7b3
0x0089b7b7
0x0089b7c9
0x0089b7cd
0x0089b7d5
0x0089b7da
0x0089b7df
0x0089b7f4
0x0089b7f9
0x0089b800
0x0089b805
0x0089b80a
0x0089b80a
0x0089b814
0x0089b81b
0x0089b822
0x0089b826
0x0089b82a
0x0089b832
0x0089b837
0x0089b837
0x0089b844
0x0089b84e
0x0089b856
0x0089b85b
0x0089b85b
0x0089b84e
0x0089b86e
0x0089b875
0x0089b87c
0x0089b883
0x0089b886
0x0089b889
0x0089b88d
0x0089b895
0x0089b8a1
0x0089b8a5
0x0089b8a9
0x0089b8b6
0x0089b8ba
0x0089b8bf
0x0089b8bf
0x0089b8c6
0x0089b8cb
0x0089b8d0
0x0089b8d8
0x0089b8e0
0x0089b8e1
0x0089b8e2
0x0089b8f0

APIs

RegLoadKeyA.ADVAPI32(80000003,NTUSER.DAT,0089C28A,28A5F8B6), ref: 0089B718

Part of subcall function 00894D60: _memmove.LIBCMT ref: 00894DBA

RegUnLoadKeyA.ADVAPI32(80000003,NTUSER.DAT), ref: 0089B844

Strings

AppData, xrefs: 0089B79A
NTUSER.DAT, xrefs: 0089B70E, 0089B726, 0089B83A
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, xrefs: 0089B749

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: Load$_memmove
String ID: AppData$NTUSER.DAT$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
API String ID: 1967696584-220251516
Opcode ID: d507e48dfc96605938ca39e5c4c4e1b35ed1be462c975153d0bb60db60a52388
Instruction ID: 2e1e49dac9b9df256a25a033315e1d8be72c9e87c36a6666d238d50ad9432769
Opcode Fuzzy Hash: d507e48dfc96605938ca39e5c4c4e1b35ed1be462c975153d0bb60db60a52388
Instruction Fuzzy Hash: 76519F71D0024CDEEF11EBA8D945BCEBBB8FF15304F1480A9E415B7292D7756A48CB62

Uniqueness

Uniqueness Score: -1.00%

Function 008A3960, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 117
COMMON

Download Yara Rule

C-Code - Quality: 65%

			E008A3960(intOrPtr* __ecx, intOrPtr __ebp, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v20;
				char _v36;
				void* _v40;
				char _v48;
				intOrPtr _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				intOrPtr* _t61;
				char _t62;
				char _t70;
				intOrPtr _t71;
				char _t73;
				intOrPtr _t82;
				signed int _t83;
				intOrPtr _t90;
				intOrPtr _t97;
				intOrPtr* _t106;
				intOrPtr _t107;
				char _t108;
				intOrPtr* _t109;
				intOrPtr* _t111;
				char _t112;
				intOrPtr* _t118;
				intOrPtr _t121;
				intOrPtr* _t124;
				intOrPtr* _t125;
				intOrPtr* _t126;
				intOrPtr* _t127;
				intOrPtr* _t128;
				char _t129;
				intOrPtr _t130;
				intOrPtr* _t137;
				intOrPtr* _t138;
				char _t139;
				intOrPtr _t141;
				intOrPtr* _t142;
				intOrPtr _t146;
				intOrPtr _t147;
				void* _t151;

				_t146 = __ebp;
				_push(__ebp);
				_t137 = __ecx;
				_t111 =  *((intOrPtr*)(__ecx + 0x10));
				if(_t111 < _a4) {
					L35:
					_push("invalid string position");
					_t56 = E008A9C28(__eflags);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t106);
					_t107 = _v12;
					_push(_t137);
					_t138 = _t111;
					_t112 =  *((intOrPtr*)(_t138 + 0x10));
					__eflags = _t112 - _t107;
					if(__eflags < 0) {
						_push("invalid string position");
						E008A9C28(__eflags);
						goto L54;
					} else {
						_push(_t129);
						_t129 = _v8;
						__eflags = (_t56 | 0xffffffff) - _t112 - _t129;
						if(__eflags <= 0) {
							L54:
							_push("string too long");
							E008A9BFA(__eflags);
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							_push(_t107);
							_push(_t138);
							_t139 = _t112;
							_push(_t129);
							__eflags = _t139;
							if(__eflags == 0) {
								__eflags = 0;
							}
							_v40 = 0;
							_push(_v40);
							_push(_v20);
							_push( &_v40);
							E00896770(__eflags);
							_t108 = _v48;
							_t130 = _v52;
							__eflags = _t108;
							if(_t108 != 0) {
								__eflags = _t139;
								if(_t139 == 0) {
									_t141 = 0;
									__eflags = 0;
								} else {
									_t141 = _t139 + 0xfffffff7;
								}
								_t62 = _v36;
								__eflags = _t62 -  *((intOrPtr*)(_t141 + 4));
								if(_t62 !=  *((intOrPtr*)(_t141 + 4))) {
									__eflags = _t130;
									if(_t130 == 0) {
										_t124 = 0;
										__eflags = 0;
									} else {
										_t47 = _t130 + 0x40; // 0x40
										_t124 = _t47;
									}
									__eflags = _t62;
									if(_t62 == 0) {
										_t142 = 0;
										__eflags = 0;
									} else {
										_t142 = _t62 + 0x40;
									}
									 *((intOrPtr*)( *_t124 + 4)) =  *((intOrPtr*)(_t124 + 4));
									 *((intOrPtr*)( *((intOrPtr*)(_t124 + 4)))) =  *_t124;
									 *_t124 =  *_t142;
									 *((intOrPtr*)(_t124 + 4)) = _t142;
									 *_t142 = _t124;
									 *((intOrPtr*)( *_t124 + 4)) = _t124;
								}
							}
							_t61 = _v40;
							 *_t61 = _t130;
							 *((char*)(_t61 + 4)) = _t108;
							return _t61;
						} else {
							__eflags = _t129;
							if(_t129 == 0) {
								L52:
								return _t138;
							} else {
								_push(_t146);
								_t147 = _t112 + _t129;
								_t70 = E00892460(_t107, _t138, _t129, _t138, _t147, _t147, 0);
								__eflags = _t70;
								if(_t70 == 0) {
									L51:
									goto L52;
								} else {
									_t71 =  *((intOrPtr*)(_t138 + 0x14));
									__eflags = _t71 - 0x10;
									if(_t71 < 0x10) {
										_t125 = _t138;
									} else {
										_t125 =  *_t138;
									}
									__eflags = _t71 - 0x10;
									if(_t71 < 0x10) {
										_t118 = _t138;
									} else {
										_t118 =  *_t138;
									}
									_t73 =  *((intOrPtr*)(_t138 + 0x10)) - _t107;
									__eflags = _t73;
									if(_t73 != 0) {
										__eflags = _t118 + _t107 + _t129;
										E008BEEA0(_t118 + _t107 + _t129, _t125 + _t107, _t73);
									}
									E00892100(_t138, _t107, _t129, _v4);
									__eflags =  *((intOrPtr*)(_t138 + 0x14)) - 0x10;
									 *((intOrPtr*)(_t138 + 0x10)) = _t147;
									if( *((intOrPtr*)(_t138 + 0x14)) < 0x10) {
										 *((char*)(_t138 + _t147)) = 0;
										goto L51;
									} else {
										 *((char*)( *_t138 + _t147)) = 0;
										return _t138;
									}
								}
							}
						}
					}
				} else {
					_t106 = _a8;
					_t146 = _a12;
					_t82 =  *((intOrPtr*)(_t106 + 0x10));
					if(_t82 < _t146) {
						goto L35;
					} else {
						_t83 = _t82 - _t146;
						_push(_t129);
						_t129 =  <  ? _t83 : _a16;
						if((_t83 | 0xffffffff) - _t111 <= _t129) {
							_push("string too long");
							E008A9BFA(__eflags);
							goto L35;
						} else {
							if(_t129 != 0) {
								_a12 = _t111 + _t129;
								if(E00892460(_t106, __ecx, _t129, __ecx, _t146, _t111 + _t129, 0) != 0) {
									_t90 =  *((intOrPtr*)(__ecx + 0x14));
									if(_t90 < 0x10) {
										_a8 = __ecx;
									} else {
										_a8 =  *__ecx;
									}
									if(_t90 < 0x10) {
										_t126 = _t137;
									} else {
										_t126 =  *_t137;
									}
									_t121 = _a4;
									_t92 =  *((intOrPtr*)(_t137 + 0x10)) != _t121;
									if( *((intOrPtr*)(_t137 + 0x10)) != _t121) {
										E008BEEA0(_t126 + _t121 + _t129, _a8 + _t121, _t92);
										_t121 = _a4;
										_t151 = _t151 + 0xc;
									}
									if(_t137 != _t106) {
										__eflags =  *((intOrPtr*)(_t106 + 0x14)) - 0x10;
										if( *((intOrPtr*)(_t106 + 0x14)) >= 0x10) {
											_t106 =  *_t106;
										}
										__eflags =  *((intOrPtr*)(_t137 + 0x14)) - 0x10;
										if( *((intOrPtr*)(_t137 + 0x14)) < 0x10) {
											_t127 = _t137;
										} else {
											_t127 =  *_t137;
										}
										__eflags = _t129;
										if(_t129 != 0) {
											E008BFCF0(_t127 + _t121, _t106 + _t146, _t129);
											goto L31;
										}
									} else {
										if(_t121 < _t146) {
											_t146 = _t146 + _t129;
										}
										_t97 =  *((intOrPtr*)(_t137 + 0x14));
										if(_t97 < 0x10) {
											_t109 = _t137;
										} else {
											_t109 =  *_t137;
										}
										if(_t97 < 0x10) {
											_t128 = _t137;
										} else {
											_t128 =  *_t137;
										}
										if(_t129 != 0) {
											E008BEEA0(_t128 + _t121, _t109 + _t146, _t129);
											L31:
										}
									}
									E00892400(_t137, _a12);
								}
							}
							return _t137;
						}
					}
				}
			}

0x008a3960
0x008a3961
0x008a3963
0x008a3965
0x008a396c
0x008a3a81
0x008a3a81
0x008a3a86
0x008a3a8b
0x008a3a8c
0x008a3a8d
0x008a3a8e
0x008a3a8f
0x008a3a90
0x008a3a91
0x008a3a95
0x008a3a96
0x008a3a98
0x008a3a9b
0x008a3a9d
0x008a3b32
0x008a3b37
0x00000000
0x008a3aa3
0x008a3aa6
0x008a3aa7
0x008a3aad
0x008a3aaf
0x008a3b3c
0x008a3b3c
0x008a3b41
0x008a3b46
0x008a3b47
0x008a3b48
0x008a3b49
0x008a3b4a
0x008a3b4b
0x008a3b4c
0x008a3b4d
0x008a3b4e
0x008a3b4f
0x008a3b53
0x008a3b54
0x008a3b55
0x008a3b57
0x008a3b58
0x008a3b5a
0x008a3b61
0x008a3b61
0x008a3b63
0x008a3b6c
0x008a3b70
0x008a3b74
0x008a3b75
0x008a3b7a
0x008a3b7e
0x008a3b82
0x008a3b84
0x008a3b86
0x008a3b88
0x008a3b8f
0x008a3b8f
0x008a3b8a
0x008a3b8a
0x008a3b8a
0x008a3b91
0x008a3b95
0x008a3b98
0x008a3b9a
0x008a3b9c
0x008a3ba3
0x008a3ba3
0x008a3b9e
0x008a3b9e
0x008a3b9e
0x008a3b9e
0x008a3ba5
0x008a3ba7
0x008a3bae
0x008a3bae
0x008a3ba9
0x008a3ba9
0x008a3ba9
0x008a3bb5
0x008a3bbd
0x008a3bc1
0x008a3bc3
0x008a3bc6
0x008a3bca
0x008a3bca
0x008a3b98
0x008a3bcd
0x008a3bd1
0x008a3bd5
0x008a3bdc
0x008a3ab5
0x008a3ab5
0x008a3ab7
0x008a3b2a
0x008a3b2f
0x008a3ab9
0x008a3ab9
0x008a3aba
0x008a3ac2
0x008a3ac7
0x008a3ac9
0x008a3b29
0x00000000
0x008a3acb
0x008a3acb
0x008a3ace
0x008a3ad1
0x008a3ad7
0x008a3ad3
0x008a3ad3
0x008a3ad3
0x008a3ad9
0x008a3adc
0x008a3ae2
0x008a3ade
0x008a3ade
0x008a3ade
0x008a3ae7
0x008a3ae7
0x008a3ae9
0x008a3af3
0x008a3af6
0x008a3afb
0x008a3b06
0x008a3b0b
0x008a3b0f
0x008a3b12
0x008a3b25
0x00000000
0x008a3b14
0x008a3b16
0x008a3b20
0x008a3b20
0x008a3b12
0x008a3ac9
0x008a3ab7
0x008a3aaf
0x008a3972
0x008a3972
0x008a3976
0x008a397a
0x008a397f
0x00000000
0x008a3985
0x008a3985
0x008a3987
0x008a398e
0x008a3998
0x008a3a77
0x008a3a7c
0x00000000
0x008a399e
0x008a39a0
0x008a39ae
0x008a39b9
0x008a39bf
0x008a39c5
0x008a39cf
0x008a39c7
0x008a39c9
0x008a39c9
0x008a39d6
0x008a39dc
0x008a39d8
0x008a39d8
0x008a39d8
0x008a39e1
0x008a39e5
0x008a39e7
0x008a39f7
0x008a39fc
0x008a3a00
0x008a3a00
0x008a3a05
0x008a3a3a
0x008a3a3e
0x008a3a40
0x008a3a40
0x008a3a42
0x008a3a46
0x008a3a4c
0x008a3a48
0x008a3a48
0x008a3a48
0x008a3a4e
0x008a3a50
0x008a3a5b
0x00000000
0x008a3a5b
0x008a3a07
0x008a3a09
0x008a3a0b
0x008a3a0b
0x008a3a0d
0x008a3a13
0x008a3a19
0x008a3a15
0x008a3a15
0x008a3a15
0x008a3a1e
0x008a3a24
0x008a3a20
0x008a3a20
0x008a3a20
0x008a3a28
0x008a3a33
0x008a3a60
0x008a3a60
0x008a3a28
0x008a3a69
0x008a3a69
0x008a39b9
0x008a3a74
0x008a3a74
0x008a3998
0x008a397f

APIs

_memmove.LIBCMT ref: 008A39F7
_memmove.LIBCMT ref: 008A3A33
_memmove.LIBCMT ref: 008A3A5B

Strings

invalid string position, xrefs: 008A3A81
string too long, xrefs: 008A3A77

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: _memmove
String ID: invalid string position$string too long
API String ID: 4104443479-4289949731
Opcode ID: 3dbebb0d19e98e17cb563f318a664636ea341cbf472d38a6436db8d350a1c9e4
Instruction ID: 1663717f6fe1905a8f90ffee97bb36fa658a06ae2dcac94460fb81bc8b682f67
Opcode Fuzzy Hash: 3dbebb0d19e98e17cb563f318a664636ea341cbf472d38a6436db8d350a1c9e4
Instruction Fuzzy Hash: D831C0713046388BEB24DE5CD88085BB7AAFB86704B20091DF4D2C7A86D770FB4587A6

Uniqueness

Uniqueness Score: -1.00%

Function 008A5D10, Relevance: 7.7, APIs: 5, Instructions: 169
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E008A5D10(void* __ecx, void* __ebp) {
				intOrPtr _v4;
				char _v12;
				signed int _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v40;
				char _v48;
				char _v52;
				char _v56;
				char _v57;
				char _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t64;
				signed int _t66;
				void* _t71;
				signed int _t82;
				intOrPtr _t84;
				char _t85;
				void* _t101;
				void* _t102;
				signed int _t104;
				intOrPtr _t114;
				signed int* _t115;
				void* _t119;
				signed int _t122;
				void* _t124;
				signed int _t129;
				void* _t130;
				void* _t133;
				void* _t134;
				signed int _t135;

				_push(0xffffffff);
				_push(E008E0548);
				_push( *[fs:0x0]);
				_t135 = _t134 - 0x28;
				_t64 =  *0x8f21d0; // 0x28a5f8b6
				_v16 = _t64 ^ _t135;
				_push(__ebp);
				_push(_t118);
				_t66 =  *0x8f21d0; // 0x28a5f8b6
				_push(_t66 ^ _t135);
				 *[fs:0x0] =  &_v12;
				_t101 = __ecx;
				_t69 =  *(__ecx + 0x1c);
				_t104 =  *( *(__ecx + 0x1c));
				if(_t104 == 0) {
					L3:
					__eflags =  *(_t101 + 0x50);
					if( *(_t101 + 0x50) != 0) {
						_t122 =  *(_t101 + 0xc);
						__eflags =  *_t122 - _t101 + 0x44;
						if( *_t122 == _t101 + 0x44) {
							_t114 =  *((intOrPtr*)(_t101 + 0x38));
							_t116 =  *((intOrPtr*)(_t101 + 0x3c)) - _t114;
							__eflags = _t116;
							 *_t122 = _t114;
							 *((intOrPtr*)( *((intOrPtr*)(_t101 + 0x1c)))) = _t114;
							 *( *(_t101 + 0x2c)) = _t116;
						}
						__eflags =  *(_t101 + 0x40);
						if(__eflags != 0) {
							_v20 = 0xf;
							_v24 = 0;
							_v40 = 0;
							_push( *(_t101 + 0x50));
							_v4 = 0;
							_t71 = E008C0D9D(_t101, _t118, _t122, __eflags);
							_t135 = _t135 + 4;
							__eflags = _t71 - 0xffffffff;
							if(_t71 == 0xffffffff) {
								L21:
								__eflags = _t122 | 0xffffffff;
							} else {
								_t133 = _t101 + 0x48;
								while(1) {
									E00892790(_t71, _t101,  &_v40, _t118, _t133, 1, _t71);
									__eflags = _v28 - 0x10;
									_t118 =  >=  ? _v48 :  &_v48;
									_t122 =  >=  ? _v48 :  &_v48;
									_t116 =  *( *(_t101 + 0x40));
									_t81 = _v32 + ( >=  ? _v48 :  &_v48);
									_t82 =  *((intOrPtr*)( *( *(_t101 + 0x40)) + 0x18))(_t133, _t122, _v32 + ( >=  ? _v48 :  &_v48),  &_v56,  &_v57,  &_v56,  &_v52);
									__eflags = _t82;
									if(_t82 < 0) {
										goto L21;
									}
									__eflags = _t82 - 1;
									if(_t82 <= 1) {
										__eflags = _v72 -  &_v77;
										_t84 = _v76;
										if(_v72 !=  &_v77) {
											__eflags = _v48 - 0x10;
											_t127 =  >=  ? _v68 :  &_v68;
											_t128 = ( >=  ? _v68 :  &_v68) - _t84;
											_t129 = ( >=  ? _v68 :  &_v68) - _t84 + _v52;
											__eflags = _t129;
											if(__eflags > 0) {
												while(1) {
													_push( *(_t101 + 0x50));
													_t85 =  *((char*)(_t129 + _t84 - 1));
													_t129 = _t129 - 1;
													_push(_t85);
													E008C1539(_t101, _t118, _t129, __eflags);
													_t135 = _t135 + 8;
													__eflags = _t129;
													if(__eflags <= 0) {
														goto L17;
													}
													_t84 = _v76;
												}
											}
											goto L17;
										} else {
											__eflags = _v48 - 0x10;
											_t112 =  >=  ? _v68 :  &_v68;
											_t87 = _t84 - ( >=  ? _v68 :  &_v68);
											__eflags = _t84 - ( >=  ? _v68 :  &_v68);
											E00892C50(_t101,  &_v68, _t133, 0, _t84 - ( >=  ? _v68 :  &_v68));
											goto L20;
										}
									} else {
										__eflags = _t82 - 3;
										if(_t82 != 3) {
											goto L21;
										} else {
											__eflags = _v52 - 1;
											if(__eflags < 0) {
												L20:
												_push( *(_t101 + 0x50));
												_t71 = E008C0D9D(_t101, _t118, _t122, __eflags);
												_t135 = _t135 + 4;
												__eflags = _t71 - 0xffffffff;
												if(_t71 != 0xffffffff) {
													continue;
												} else {
													goto L21;
												}
											} else {
												__eflags = _v48 - 0x10;
												_t90 =  >=  ? _v68 :  &_v68;
												E008C07EC( &_v77, 1,  >=  ? _v68 :  &_v68, 1);
												_t135 = _t135 + 0x10;
												L17:
											}
										}
									}
									goto L22;
								}
								goto L21;
							}
							L22:
							__eflags = _v20 - 0x10;
							if(_v20 >= 0x10) {
								L008BED53(_v40);
								_t135 = _t135 + 4;
							}
						} else {
							_push( *(_t101 + 0x50));
							_t69 = E008C0D9D(_t101, _t118, _t122, __eflags);
							_t135 = _t135 + 4;
							__eflags = _t69 - 0xffffffff;
							if(_t69 == 0xffffffff) {
								goto L4;
							} else {
							}
						}
					} else {
						L4:
					}
				} else {
					_t116 =  *(__ecx + 0x2c);
					_t130 =  *_t116;
					_t69 = _t130 + _t104;
					if(_t104 >= _t130 + _t104) {
						goto L3;
					} else {
						 *_t116 = _t130 - 1;
						_t115 =  *(__ecx + 0x1c);
						_t116 =  *_t115;
						 *_t115 =  *_t115 + 1;
					}
				}
				 *[fs:0x0] = _v12;
				_pop(_t119);
				_pop(_t124);
				_pop(_t102);
				return E008BF888(_t102, _v16 ^ _t135, _t116, _t119, _t124);
			}

0x008a5d10
0x008a5d12
0x008a5d1d
0x008a5d1e
0x008a5d21
0x008a5d28
0x008a5d2d
0x008a5d2f
0x008a5d30
0x008a5d37
0x008a5d3c
0x008a5d42
0x008a5d44
0x008a5d47
0x008a5d4b
0x008a5d70
0x008a5d70
0x008a5d74
0x008a5d7e
0x008a5d84
0x008a5d86
0x008a5d8b
0x008a5d8e
0x008a5d8e
0x008a5d90
0x008a5d95
0x008a5d9a
0x008a5d9a
0x008a5d9c
0x008a5da0
0x008a5dba
0x008a5dc2
0x008a5dca
0x008a5dcf
0x008a5dd2
0x008a5dda
0x008a5ddf
0x008a5de2
0x008a5de5
0x008a5eb2
0x008a5eb2
0x008a5deb
0x008a5deb
0x008a5df0
0x008a5df7
0x008a5dfc
0x008a5e0c
0x008a5e15
0x008a5e1b
0x008a5e30
0x008a5e35
0x008a5e38
0x008a5e3a
0x00000000
0x00000000
0x008a5e3c
0x008a5e3f
0x008a5e78
0x008a5e7c
0x008a5e80
0x008a5ee9
0x008a5ef2
0x008a5ef7
0x008a5ef9
0x008a5efd
0x008a5eff
0x008a5f05
0x008a5f05
0x008a5f08
0x008a5f0d
0x008a5f0e
0x008a5f0f
0x008a5f14
0x008a5f17
0x008a5f19
0x00000000
0x00000000
0x008a5f1f
0x008a5f1f
0x008a5f05
0x00000000
0x008a5e82
0x008a5e82
0x008a5e8b
0x008a5e90
0x008a5e90
0x008a5e99
0x00000000
0x008a5e99
0x008a5e41
0x008a5e41
0x008a5e44
0x00000000
0x008a5e46
0x008a5e46
0x008a5e4b
0x008a5e9e
0x008a5e9e
0x008a5ea1
0x008a5ea6
0x008a5ea9
0x008a5eac
0x00000000
0x00000000
0x00000000
0x00000000
0x008a5e4d
0x008a5e4d
0x008a5e58
0x008a5e65
0x008a5e6a
0x008a5e6d
0x008a5e6d
0x008a5e4b
0x008a5e44
0x00000000
0x008a5e3f
0x00000000
0x008a5df0
0x008a5eb5
0x008a5eb5
0x008a5eba
0x008a5ec0
0x008a5ec5
0x008a5ec5
0x008a5da2
0x008a5da2
0x008a5da5
0x008a5daa
0x008a5dad
0x008a5db0
0x00000000
0x008a5db2
0x008a5db2
0x008a5db0
0x008a5d76
0x008a5d76
0x008a5d76
0x008a5d4d
0x008a5d4d
0x008a5d50
0x008a5d52
0x008a5d57
0x00000000
0x008a5d59
0x008a5d5c
0x008a5d5e
0x008a5d61
0x008a5d66
0x008a5d68
0x008a5d57
0x008a5ece
0x008a5ed6
0x008a5ed7
0x008a5ed9
0x008a5ee8

APIs

_fgetc.LIBCMT ref: 008A5DA5
_ungetc.LIBCMT ref: 008A5F0F

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: _fgetc_ungetc
String ID:
API String ID: 2224984641-0
Opcode ID: eb295613103596b3392054122970436aef34f6f28304caaec7ab032dbc3436ec
Instruction ID: 758db59d1e2068a9f283a7d23e51cd530829abac09e77acb66a9f91e86936721
Opcode Fuzzy Hash: eb295613103596b3392054122970436aef34f6f28304caaec7ab032dbc3436ec
Instruction Fuzzy Hash: 9561AC71608601DFDB14CF28C880A6AB7F8FF99315F440A6DF895D7691E335EA84CB92

Uniqueness

Uniqueness Score: -1.00%

Function 008A6670, Relevance: 7.6, APIs: 5, Instructions: 130
registryCOMMON

Download Yara Rule

C-Code - Quality: 83%

			E008A6670(void* __ebp, int* _a4, void* _a8, char* _a12, void* _a16) {
				void* _v4;
				char _v12;
				signed int _v16;
				char _v1039;
				char _v1040;
				intOrPtr _v1044;
				int _v1048;
				intOrPtr _v1056;
				char _v1064;
				int _v1068;
				int _v1072;
				void* _v1076;
				int _v1080;
				void* _v1084;
				char _v1088;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t47;
				signed int _t49;
				char* _t52;
				long _t55;
				intOrPtr* _t62;
				void* _t63;
				int _t72;
				void* _t73;
				void* _t74;
				void* _t75;
				intOrPtr _t80;
				int _t83;
				int* _t86;
				void* _t87;
				void* _t89;
				int _t92;
				int _t94;
				void* _t96;
				signed int _t97;

				_push(0xffffffff);
				_push(E008E0616);
				_push( *[fs:0x0]);
				_t97 = _t96 - 0x430;
				_t47 =  *0x8f21d0; // 0x28a5f8b6
				_v16 = _t47 ^ _t97;
				_t49 =  *0x8f21d0; // 0x28a5f8b6
				_push(_t49 ^ _t97);
				 *[fs:0x0] =  &_v12;
				_t86 = _a4;
				_t72 = 0;
				_t75 = _a8;
				_t94 = 0;
				_t52 = _a12;
				_v1068 = 0;
				_v1080 = 0;
				_v1076 = 0;
				_v1072 = 0;
				_v4 = 0;
				if(_t75 == 0 || _t52[0x10] == 0) {
					 *_t86 = 0;
					_t86[1] = 0;
					_t86[2] = 0;
				} else {
					_v1084 = 0;
					_t83 =  !=  ? 0x108 : 8;
					if(_t52[0x14] >= 0x10) {
						_t52 =  *_t52;
					}
					_t55 = RegOpenKeyExA(_t75, _t52, 0, _t83,  &_v1084);
					if(_t55 == 0) {
						_v1040 = _t55;
						E008C0340( &_v1039, _t55, 0x3ff);
						_t97 = _t97 + 0xc;
						_t92 = 0;
						if(RegEnumKeyA(_v1084, 0,  &_v1040, 0x400) == 0) {
							_t74 = RegEnumKeyA;
							do {
								_v1044 = 0xf;
								_v1048 = 0;
								_v1064 = 0;
								if(_v1040 != 0) {
									_t62 =  &_v1040;
									_t25 = _t62 + 1; // 0x1
									_t83 = _t25;
									do {
										_t80 =  *_t62;
										_t62 = _t62 + 1;
									} while (_t80 != 0);
									_t63 = _t62 - _t83;
								} else {
									_t63 = 0;
								}
								E00892950(_t74,  &_v1064, _t86, _t94,  &_v1040, _t63);
								_v12 = 1;
								E008A6DC0(_t74,  &_v1088, _t94,  &_v1072);
								_v16 = 0;
								if(_v1056 >= 0x10) {
									L008BED53(_v1064);
									_t97 = _t97 + 4;
								}
								_t92 = _t92 + 1;
							} while (RegEnumKeyA(_v1084, _t92,  &_v1040, 0x400) == 0);
							_t94 = _v1076;
							_t72 = _v1080;
						}
						RegCloseKey(_v1084);
					}
					 *_t86 = _t72;
					_t86[1] = _t94;
					_t86[2] = _v1072;
				}
				 *[fs:0x0] = _v12;
				_pop(_t87);
				_pop(_t89);
				_pop(_t73);
				return E008BF888(_t73, _v16 ^ _t97, _t83, _t87, _t89);
			}

0x008a6670
0x008a6672
0x008a667d
0x008a667e
0x008a6684
0x008a668b
0x008a6696
0x008a669d
0x008a66a5
0x008a66ab
0x008a66b2
0x008a66b4
0x008a66bb
0x008a66bd
0x008a66c4
0x008a66cc
0x008a66d0
0x008a66d4
0x008a66d8
0x008a66e1
0x008a681a
0x008a6820
0x008a6827
0x008a66f0
0x008a6701
0x008a6705
0x008a670c
0x008a670e
0x008a670e
0x008a671a
0x008a6722
0x008a672e
0x008a6737
0x008a673c
0x008a6743
0x008a6758
0x008a675e
0x008a6770
0x008a6775
0x008a677d
0x008a6785
0x008a678a
0x008a6790
0x008a6794
0x008a6794
0x008a6797
0x008a6797
0x008a6799
0x008a679a
0x008a679e
0x008a678c
0x008a678c
0x008a678c
0x008a67aa
0x008a67b3
0x008a67c0
0x008a67ca
0x008a67d2
0x008a67d8
0x008a67dd
0x008a67dd
0x008a67e9
0x008a67f2
0x008a67fa
0x008a67fe
0x008a67fe
0x008a6806
0x008a6806
0x008a6810
0x008a6812
0x008a6815
0x008a6815
0x008a6837
0x008a683f
0x008a6840
0x008a6842
0x008a6857

APIs

RegOpenKeyExA.ADVAPI32(?,?,00000000,00000008,28A5F8B6), ref: 008A671A
_memset.LIBCMT ref: 008A6737
RegEnumKeyA.ADVAPI32(?,00000000,?,00000400), ref: 008A6750
RegEnumKeyA.ADVAPI32(?,00000001,?,00000400), ref: 008A67F0
RegCloseKey.ADVAPI32(?), ref: 008A6806

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: Enum$CloseOpen_memset
String ID:
API String ID: 3961431169-0
Opcode ID: 4f423ec38dd75cefdea1b9e3600fab01c187057a6168aff68a57a8dfa7cc2346
Instruction ID: c58774387e99f3f2d8e2e20dea9b383fcc469c4c0ae368cc6d039cac02364f6f
Opcode Fuzzy Hash: 4f423ec38dd75cefdea1b9e3600fab01c187057a6168aff68a57a8dfa7cc2346
Instruction Fuzzy Hash: 6C518EB1518385DFE320CF15C884B6BBBE8FF89348F44492DF58887251E775A918CB96

Uniqueness

Uniqueness Score: -1.00%

Function 008CDEBC, Relevance: 7.6, APIs: 5, Instructions: 67
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E008CDEBC(void* __ebx, void* __edx, void* __edi, void* _a4, long _a8) {
				void* _t7;
				long _t8;
				intOrPtr* _t9;
				intOrPtr* _t12;
				long _t20;
				long _t31;

				if(_a4 != 0) {
					_t31 = _a8;
					__eflags = _t31;
					if(_t31 != 0) {
						_push(__ebx);
						while(1) {
							__eflags = _t31 - 0xffffffe0;
							if(_t31 > 0xffffffe0) {
								break;
							}
							__eflags = _t31;
							if(_t31 == 0) {
								_t31 = _t31 + 1;
								__eflags = _t31;
							}
							_t7 = HeapReAlloc( *0x8f518c, 0, _a4, _t31);
							_t20 = _t7;
							__eflags = _t20;
							if(_t20 != 0) {
								L17:
								_t8 = _t20;
							} else {
								__eflags =  *0x8f59d8 - _t7;
								if(__eflags == 0) {
									_t9 = E008C3653(__eflags);
									 *_t9 = E008C3666(GetLastError());
									goto L17;
								} else {
									__eflags = E008C7A91(_t7, _t31);
									if(__eflags == 0) {
										_t12 = E008C3653(__eflags);
										 *_t12 = E008C3666(GetLastError());
										L12:
										_t8 = 0;
										__eflags = 0;
									} else {
										continue;
									}
								}
							}
							goto L14;
						}
						E008C7A91(_t6, _t31);
						 *((intOrPtr*)(E008C3653(__eflags))) = 0xc;
						goto L12;
					} else {
						E008C05C8(_a4);
						_t8 = 0;
					}
					L14:
					return _t8;
				} else {
					return E008C1BD4(__ebx, __edx, __edi, _a8);
				}
			}

0x008cdec3
0x008cded1
0x008cded4
0x008cded6
0x008cdee5
0x008cdf18
0x008cdf18
0x008cdf1b
0x00000000
0x00000000
0x008cdee8
0x008cdeea
0x008cdeec
0x008cdeec
0x008cdeec
0x008cdef9
0x008cdeff
0x008cdf01
0x008cdf03
0x008cdf63
0x008cdf63
0x008cdf05
0x008cdf05
0x008cdf0b
0x008cdf4d
0x008cdf61
0x00000000
0x008cdf0d
0x008cdf14
0x008cdf16
0x008cdf35
0x008cdf49
0x008cdf2f
0x008cdf2f
0x008cdf2f
0x00000000
0x00000000
0x00000000
0x008cdf16
0x008cdf0b
0x00000000
0x008cdf31
0x008cdf1e
0x008cdf29
0x00000000
0x008cded8
0x008cdedb
0x008cdee1
0x008cdee1
0x008cdf32
0x008cdf34
0x008cdec5
0x008cdecf
0x008cdecf

APIs

_malloc.LIBCMT ref: 008CDEC8

Part of subcall function 008C1BD4: __FF_MSGBANNER.LIBCMT ref: 008C1BEB
Part of subcall function 008C1BD4: __NMSG_WRITE.LIBCMT ref: 008C1BF2
Part of subcall function 008C1BD4: HeapAlloc.KERNEL32(?,00000000,00000001,00000000,00000000,00000000,?,008C3556,00000000,00000000,00000000,00000000,?,008C1FFF,00000018,008F0810), ref: 008C1C17

_free.LIBCMT ref: 008CDEDB

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: AllocHeap_free_malloc
String ID:
API String ID: 2734353464-0
Opcode ID: 754bb727cd3f4c18eda069c4d680fee56f96cb2f19d701492c78b0c2fb495006
Instruction ID: d6048e7f76b5e4397303e06bb8e263a9e536775eb8ac0a16429faa2b866de9cb
Opcode Fuzzy Hash: 754bb727cd3f4c18eda069c4d680fee56f96cb2f19d701492c78b0c2fb495006
Instruction Fuzzy Hash: 2711A732518719ABCB217F78AC44F6A37B8FF14360F20843DF54ADB291DE30C9419691

Uniqueness

Uniqueness Score: -1.00%

Function 008D9601, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E008D9601(char _a4, intOrPtr _a8) {
				intOrPtr _t12;
				short* _t28;

				_t28 = _a4;
				if(_t28 != 0 &&  *_t28 != 0 && E008D90C4(_t28, ?str?) != 0) {
					if(E008D90C4(_t28, ?str?) != 0) {
						return E008DD601(_t28);
					}
					if(E008C76A4(_a8 + 0x250, 0x2000000b,  &_a4, 2) == 0) {
						L9:
						return 0;
					}
					return _a4;
				}
				if(E008C76A4(_a8 + 0x250, 0x20001004,  &_a4, 2) == 0) {
					goto L9;
				}
				_t12 = _a4;
				if(_t12 == 0) {
					return GetACP();
				}
				return _t12;
			}

0x008d9605
0x008d960a
0x008d9632
0x00000000
0x008d9660
0x008d9652
0x008d9683
0x00000000
0x008d9683
0x00000000
0x008d9654
0x008d9681
0x00000000
0x00000000
0x008d9687
0x008d968c
0x008d9690
0x008d9690
0x008d9659

APIs

_wcscmp.LIBCMT ref: 008D9618
_wcscmp.LIBCMT ref: 008D9629

Strings

ACP, xrefs: 008D9612
OCP, xrefs: 008D9623

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: _wcscmp
String ID: ACP$OCP
API String ID: 856254489-711371036
Opcode ID: 20704266d07e9946d8c954a507b06916ef250a5471a2d8867356cd43fc95e938
Instruction ID: ccac4cbec316020329b5ddb950e0fa786f5b5667225f4fc28eb7c75fff5e9016
Opcode Fuzzy Hash: 20704266d07e9946d8c954a507b06916ef250a5471a2d8867356cd43fc95e938
Instruction Fuzzy Hash: E801802260460566EB20AA1CEC86F9A339CFF21764F044557FA58DA381E775EA4087D9

Uniqueness

Uniqueness Score: -1.00%

Function 008BB623, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 24
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E008BB623(void* __eax) {
				intOrPtr* _t22;
				void* _t23;

				if(__eax == 0xffffffff) {
					E008C0981(_t23 - 0x20, "bad cast");
					E008BF897(_t23 - 0x20, 0x8eeb58);
				}
				_t22 =  *((intOrPtr*)(_t23 - 0x10));
				 *0x8f4c9c = _t22;
				 *((intOrPtr*)( *_t22 + 4))();
				E008AA1B7(_t22);
				E008A9D33(_t23 - 0x14);
				return E008C1E2B(_t22);
			}

0x008bb628
0x008bb632
0x008bb640
0x008bb640
0x008bb645
0x008bb64a
0x008bb652
0x008bb656
0x008bb65f
0x008bb66b

APIs

std::bad_exception::bad_exception.LIBCMT ref: 008BB632

Part of subcall function 008C0981: std::exception::exception.LIBCMT ref: 008C098B

__CxxThrowException@8.LIBCMT ref: 008BB640

Part of subcall function 008BF897: RaiseException.KERNEL32(?,?,008A9C27,?,?,?,?,?,?,?,008A9C27,?,008EF51C,?), ref: 008BF8EC

std::_Facet_Register.LIBCPMT ref: 008BB656

Strings

bad cast, xrefs: 008BB62A

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: ExceptionException@8Facet_RaiseRegisterThrowstd::_std::bad_exception::bad_exceptionstd::exception::exception
String ID: bad cast
API String ID: 3500215629-3145022300
Opcode ID: 7f43e8188db71a2cb74159685e65705331e8e67d291fe0d85e0e6291b88429b4
Instruction ID: 1424cb43f88d9d0b869ca9c26e60f9996a8014c10bcb0fb85168b9b9d01828c2
Opcode Fuzzy Hash: 7f43e8188db71a2cb74159685e65705331e8e67d291fe0d85e0e6291b88429b4
Instruction Fuzzy Hash: 6BE092359101249A9F04FB68CC46CDD7778FE15720750051AF021E36D2DF7499058B52

Uniqueness

Uniqueness Score: -1.00%

Function 008AF82C, Relevance: 6.3, APIs: 4, Instructions: 321
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E008AF82C(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t150;
				short _t152;
				signed int _t157;
				void* _t159;
				intOrPtr _t160;
				signed short _t163;
				intOrPtr _t167;
				signed short _t178;
				signed short _t184;
				intOrPtr _t185;
				intOrPtr _t187;
				signed int _t188;
				signed int _t190;
				intOrPtr _t191;
				intOrPtr* _t193;
				intOrPtr _t194;
				intOrPtr* _t200;
				intOrPtr _t207;
				intOrPtr _t217;
				intOrPtr* _t221;
				intOrPtr _t222;
				intOrPtr _t224;
				intOrPtr _t226;
				intOrPtr _t227;
				signed int _t244;
				intOrPtr* _t250;
				intOrPtr* _t251;
				intOrPtr _t252;
				void* _t256;
				intOrPtr _t258;
				intOrPtr _t260;
				intOrPtr* _t262;
				intOrPtr* _t263;
				signed int _t264;
				intOrPtr* _t265;
				short _t266;
				intOrPtr _t267;
				signed int _t269;
				void* _t272;
				void* _t273;
				void* _t274;
				intOrPtr _t290;

				_push(0x68);
				E008C1E90(E008E0CE9, __ebx, __edi, __esi);
				_t227 =  *((intOrPtr*)(_t272 + 0x30));
				_t224 =  *((intOrPtr*)(_t272 + 0x18));
				_t262 =  *((intOrPtr*)(_t272 + 0x20));
				 *((intOrPtr*)(_t272 - 0x74)) =  *((intOrPtr*)(_t272 + 0xc));
				 *((intOrPtr*)(_t272 - 0x64)) = _t224;
				 *((intOrPtr*)(_t272 - 0x58)) = _t227;
				if(_t227 == 0) {
					L4:
					_t269 = 0;
					__eflags = 0;
				} else {
					_t222 =  *_t262;
					if(_t222 == 0x2b || _t222 == 0x2d) {
						_t269 = 1;
					} else {
						goto L4;
					}
				}
				_t281 = ( *(_t224 + 0x14) & 0x00003000) - 0x3000;
				if(( *(_t224 + 0x14) & 0x00003000) == 0x3000) {
					_t9 = _t269 + 2; // 0x2
					_t150 = _t9;
					_t256 = "pP";
					__eflags = _t150 - _t227;
					if(_t150 <= _t227) {
						__eflags =  *((char*)(_t262 + _t269)) - 0x30;
						if( *((char*)(_t262 + _t269)) == 0x30) {
							_t227 =  *((intOrPtr*)(_t262 + _t269 + 1));
							__eflags = _t227 - 0x78;
							if(_t227 == 0x78) {
								L11:
								_t269 = _t150;
							} else {
								__eflags = _t227 - 0x58;
								if(_t227 == 0x58) {
									goto L11;
								}
							}
						}
					}
				} else {
					_t256 = "eE";
				}
				 *((intOrPtr*)(_t272 - 0x4c)) = E008C0920(_t227, _t262, _t256);
				_t152 = 0x2e;
				 *((short*)(_t272 - 0x48)) = _t152;
				 *((char*)(_t272 - 0x48)) =  *((intOrPtr*)( *((intOrPtr*)(E008C177C(_t224, _t269, _t281)))));
				_t157 = E008C0920(_t227, _t262, _t272 - 0x48);
				_t274 = _t273 + 0x10;
				 *(_t272 - 0x70) = _t157;
				_t159 = E008A36A0(_t272 - 0x54);
				 *(_t272 - 4) =  *(_t272 - 4) & 0x00000000;
				_t160 = E008AE3F2(_t224, _t262, _t269, _t281);
				 *(_t272 - 4) =  *(_t272 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t272 - 0x44)) = _t160;
				E0089A750(_t272 - 0x54);
				_t163 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t272 - 0x44)))) + 0x30))(0x30, _t159);
				 *(_t272 - 0x18) =  *(_t272 - 0x18) & 0x00000000;
				 *(_t272 - 0x50) = _t163 & 0x0000ffff;
				_push(0);
				 *((intOrPtr*)(_t272 - 0x14)) = 7;
				 *((short*)(_t272 - 0x28)) = 0;
				E008B685C(_t224, _t272 - 0x28,  *((intOrPtr*)(_t272 - 0x58)));
				_t282 =  *((intOrPtr*)(_t272 - 0x14)) - 8;
				_t167 =  *((intOrPtr*)(_t272 - 0x28));
				 *(_t272 - 4) = 1;
				if( *((intOrPtr*)(_t272 - 0x14)) < 8) {
					_t167 = _t272 - 0x28;
				}
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t272 - 0x44)))) + 0x2c))(_t262,  *((intOrPtr*)(_t272 - 0x58)) + _t262, _t167);
				 *(_t272 - 4) = 2;
				_t263 = E008AED82(_t224, _t262, _t269, _t282);
				 *(_t272 - 4) = 1;
				 *((intOrPtr*)(_t272 - 0x5c)) = _t263;
				E0089A750(_t272 - 0x54);
				E008BADBD(_t263, _t272 - 0x40);
				 *(_t272 - 4) = 3;
				_t178 =  *((intOrPtr*)( *_t263 + 0x10))(E008A36A0(_t272 - 0x54));
				_t264 =  *(_t272 - 0x70);
				_t258 =  *((intOrPtr*)(_t272 - 0x4c));
				_push( *(_t272 - 0x50));
				_t179 = _t178 & 0x0000ffff;
				 *(_t272 - 0x68) = _t178 & 0x0000ffff;
				if(_t264 !=  *((intOrPtr*)(_t272 - 0x58))) {
					 *((intOrPtr*)(_t272 - 0x44)) =  *((intOrPtr*)(_t272 + 0x24)) + _t264;
					E008BADD6(_t179, _t224, _t272 - 0x28, _t264, _t269, _t258,  *((intOrPtr*)(_t272 + 0x2c)));
					E008BADD6(_t264 + 1, _t224, _t272 - 0x28, _t264, _t269, _t264 + 1,  *((intOrPtr*)(_t272 + 0x28)));
					_t184 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t272 - 0x5c)))) + 0xc))( *(_t272 - 0x50));
					__eflags =  *((intOrPtr*)(_t272 - 0x14)) - 8;
					_t244 = _t184 & 0x0000ffff;
					_t185 =  *((intOrPtr*)(_t272 - 0x28));
					if( *((intOrPtr*)(_t272 - 0x14)) < 8) {
						_t185 = _t272 - 0x28;
					}
					_push( *(_t272 - 0x50));
					 *(_t185 + _t264 * 2) = _t244;
					_push( *((intOrPtr*)(_t272 + 0x24)));
					_push(_t264);
				} else {
					_t185 =  *((intOrPtr*)(_t272 + 0x24));
					_push(_t185);
					_push(_t258);
					 *((intOrPtr*)(_t272 - 0x44)) = _t258 + _t185;
				}
				E008BADD6(_t185, _t224, _t272 - 0x28, _t264, _t269);
				_t265 =  *((intOrPtr*)(_t272 - 0x40));
				if( *((intOrPtr*)(_t272 - 0x2c)) < 0x10) {
					_t265 = _t272 - 0x40;
				}
				_t187 =  *_t265;
				if(_t187 != 0x7f) {
					_t226 =  *((intOrPtr*)(_t272 - 0x44));
					while(_t187 > 0) {
						_t252 = _t187;
						_t219 = _t226 - _t269;
						if(_t252 < _t226 - _t269) {
							_push( *(_t272 - 0x68));
							_t226 = _t226 - _t252;
							E008BADD6(_t219, _t226, _t272 - 0x28, _t265, _t269, _t226, 1);
							_t221 = _t265 + 1;
							if( *_t221 > 0) {
								_t265 = _t221;
							}
							_t187 =  *_t265;
							if(_t187 != 0x7f) {
								continue;
							}
						}
						break;
					}
					_t224 =  *((intOrPtr*)(_t272 - 0x64));
				}
				_t290 =  *((intOrPtr*)(_t224 + 0x24));
				_t188 =  *(_t272 - 0x18);
				 *(_t272 - 0x68) = _t188;
				if(_t290 < 0 || _t290 <= 0 &&  *((intOrPtr*)(_t224 + 0x20)) <= 0) {
					L34:
					_t266 = 0;
					__eflags = 0;
				} else {
					_t267 =  *((intOrPtr*)(_t224 + 0x20));
					if(_t267 <= _t188) {
						goto L34;
					} else {
						_t266 = _t267 - _t188;
					}
				}
				_t190 =  *(_t224 + 0x14) & 0x000001c0;
				if(_t190 == 0x40) {
					__eflags =  *((intOrPtr*)(_t272 - 0x14)) - 8;
					_t191 =  *((intOrPtr*)(_t272 - 0x28));
					if( *((intOrPtr*)(_t272 - 0x14)) < 8) {
						_t191 = _t272 - 0x28;
					}
					_t225 =  *((intOrPtr*)(_t272 + 8));
					_push(_t269);
					_push(_t191);
					_push( *((intOrPtr*)(_t272 + 0x14)));
					_push( *((intOrPtr*)(_t272 + 0x10)));
					goto L46;
				} else {
					if(_t190 == 0x100) {
						__eflags =  *((intOrPtr*)(_t272 - 0x14)) - 8;
						_t207 =  *((intOrPtr*)(_t272 - 0x28));
						if( *((intOrPtr*)(_t272 - 0x14)) < 8) {
							_t207 = _t272 - 0x28;
						}
						_t225 =  *((intOrPtr*)(_t272 + 8));
						_t250 = E008B5A6F( *((intOrPtr*)(_t272 + 8)), _t272 - 0x60,  *((intOrPtr*)(_t272 + 0x10)),  *((intOrPtr*)(_t272 + 0x14)), _t207, _t269);
						 *((intOrPtr*)(_t272 + 0x10)) =  *_t250;
						 *((intOrPtr*)(_t272 + 0x14)) =  *((intOrPtr*)(_t250 + 4));
						_t193 = E008B6596( *((intOrPtr*)(_t272 + 8)), _t272 - 0x60,  *_t250,  *((intOrPtr*)(_t250 + 4)),  *((intOrPtr*)(_t272 + 0x1c)), _t266);
						_t266 = 0;
					} else {
						_t225 =  *((intOrPtr*)(_t272 + 8));
						_t251 = E008B6596(_t225, _t272 - 0x60,  *((intOrPtr*)(_t272 + 0x10)),  *((intOrPtr*)(_t272 + 0x14)),  *((intOrPtr*)(_t272 + 0x1c)), _t266);
						_t274 = _t274 + 0x18;
						_t266 = 0;
						 *((intOrPtr*)(_t272 + 0x10)) =  *_t251;
						 *((intOrPtr*)(_t272 + 0x14)) =  *((intOrPtr*)(_t251 + 4));
						_t217 =  *((intOrPtr*)(_t272 - 0x28));
						if( *((intOrPtr*)(_t272 - 0x14)) < 8) {
							_t217 = _t272 - 0x28;
						}
						_push(_t269);
						_push(_t217);
						_push( *((intOrPtr*)(_t251 + 4)));
						_push( *_t251);
						L46:
						_push(_t272 - 0x60);
						_push(_t225);
						_t193 = E008B5A6F();
					}
				}
				_t246 =  *_t193;
				 *((intOrPtr*)(_t272 + 0x10)) =  *_t193;
				_t259 =  *((intOrPtr*)(_t193 + 4));
				_t194 =  *((intOrPtr*)(_t272 - 0x28));
				 *((intOrPtr*)(_t272 + 0x14)) =  *((intOrPtr*)(_t193 + 4));
				if( *((intOrPtr*)(_t272 - 0x14)) < 8) {
					_t194 = _t272 - 0x28;
				}
				 *((intOrPtr*)(_t272 - 0x4c)) = _t194;
				_t200 = E008B5A6F(_t225, _t272 - 0x6c, _t246, _t259,  *((intOrPtr*)(_t272 - 0x4c)) + _t269 * 2,  *(_t272 - 0x68) - _t269);
				_t260 =  *((intOrPtr*)(_t272 - 0x64));
				 *((intOrPtr*)(_t272 + 0x10)) =  *_t200;
				 *(_t260 + 0x20) =  *(_t260 + 0x20) & 0x00000000;
				 *(_t260 + 0x24) =  *(_t260 + 0x24) & 0x00000000;
				 *((intOrPtr*)(_t272 + 0x14)) =  *((intOrPtr*)(_t200 + 4));
				E008B6596(_t225,  *((intOrPtr*)(_t272 - 0x74)),  *_t200,  *((intOrPtr*)(_t200 + 4)),  *((intOrPtr*)(_t272 + 0x1c)), _t266);
				E008925E0(_t272 - 0x40, 1, 0);
				E008B65E8(_t272 - 0x28, 1, 0);
				return E008C1E3F(_t225, _t266,  *((intOrPtr*)(_t272 - 0x74)));
			}

0x008af82c
0x008af833
0x008af838
0x008af83e
0x008af841
0x008af844
0x008af847
0x008af84a
0x008af84f
0x008af860
0x008af860
0x008af860
0x008af851
0x008af851
0x008af855
0x008af85d
0x00000000
0x00000000
0x00000000
0x008af855
0x008af86c
0x008af86e
0x008af877
0x008af877
0x008af87a
0x008af87f
0x008af881
0x008af883
0x008af887
0x008af889
0x008af88d
0x008af890
0x008af897
0x008af897
0x008af892
0x008af892
0x008af895
0x00000000
0x00000000
0x008af895
0x008af890
0x008af887
0x008af870
0x008af870
0x008af870
0x008af8a0
0x008af8a5
0x008af8a6
0x008af8b3
0x008af8bb
0x008af8c0
0x008af8c3
0x008af8cc
0x008af8d1
0x008af8d6
0x008af8db
0x008af8e3
0x008af8e6
0x008af8f2
0x008af8f5
0x008af8ff
0x008af904
0x008af908
0x008af90f
0x008af913
0x008af918
0x008af91c
0x008af91f
0x008af926
0x008af928
0x008af928
0x008af938
0x008af947
0x008af951
0x008af953
0x008af95a
0x008af95d
0x008af968
0x008af971
0x008af975
0x008af978
0x008af97b
0x008af97e
0x008af981
0x008af984
0x008af98a
0x008af9a1
0x008af9a8
0x008af9ba
0x008af9c4
0x008af9c7
0x008af9cb
0x008af9ce
0x008af9d1
0x008af9d3
0x008af9d3
0x008af9d6
0x008af9d9
0x008af9dd
0x008af9e0
0x008af98c
0x008af98c
0x008af98f
0x008af990
0x008af994
0x008af994
0x008af9e4
0x008af9ed
0x008af9f0
0x008af9f2
0x008af9f2
0x008af9f5
0x008af9f9
0x008af9fb
0x008af9fe
0x008afa02
0x008afa07
0x008afa0b
0x008afa0d
0x008afa10
0x008afa18
0x008afa1d
0x008afa23
0x008afa25
0x008afa25
0x008afa27
0x008afa2b
0x00000000
0x00000000
0x008afa2b
0x00000000
0x008afa0b
0x008afa2d
0x008afa2d
0x008afa30
0x008afa34
0x008afa37
0x008afa3a
0x008afa4f
0x008afa4f
0x008afa4f
0x008afa44
0x008afa44
0x008afa49
0x00000000
0x008afa4b
0x008afa4b
0x008afa4b
0x008afa49
0x008afa54
0x008afa5c
0x008afaef
0x008afaf3
0x008afaf6
0x008afaf8
0x008afaf8
0x008afafb
0x008afafe
0x008afaff
0x008afb00
0x008afb03
0x00000000
0x008afa62
0x008afa67
0x008afaa7
0x008afaab
0x008afaae
0x008afab0
0x008afab0
0x008afab3
0x008afac8
0x008afad0
0x008afad6
0x008afae3
0x008afaeb
0x008afa69
0x008afa69
0x008afa80
0x008afa82
0x008afa85
0x008afa8d
0x008afa93
0x008afa96
0x008afa99
0x008afa9b
0x008afa9b
0x008afa9e
0x008afa9f
0x008afaa0
0x008afaa3
0x008afb06
0x008afb09
0x008afb0a
0x008afb0b
0x008afb10
0x008afa67
0x008afb17
0x008afb19
0x008afb1c
0x008afb1f
0x008afb22
0x008afb25
0x008afb27
0x008afb27
0x008afb2a
0x008afb41
0x008afb46
0x008afb52
0x008afb58
0x008afb5c
0x008afb64
0x008afb67
0x008afb76
0x008afb82
0x008afb8e

APIs

__EH_prolog3_GS.LIBCMT ref: 008AF833
_strcspn.LIBCMT ref: 008AF89B
_localeconv.LIBCMT ref: 008AF8AA
_strcspn.LIBCMT ref: 008AF8BB

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: _strcspn$H_prolog3__localeconv
String ID:
API String ID: 3239618802-0
Opcode ID: 254cf6d2828157a1d071caa0658825e17e9489fbcaebc7b3d998fa51268c1dce
Instruction ID: 9e2b93d6a95266041dde6ac758ef65767163845f88c10d6e65311297c3c78223
Opcode Fuzzy Hash: 254cf6d2828157a1d071caa0658825e17e9489fbcaebc7b3d998fa51268c1dce
Instruction Fuzzy Hash: 29C15875900209AFEF14DFE8C884AEEBBB9FF09314F144029E905EB652D734AE55CB61

Uniqueness

Uniqueness Score: -1.00%

Function 008AFB8F, Relevance: 6.3, APIs: 4, Instructions: 321
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E008AFB8F(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t150;
				short _t152;
				signed int _t157;
				void* _t159;
				intOrPtr _t160;
				signed short _t163;
				intOrPtr _t167;
				signed short _t178;
				signed short _t184;
				intOrPtr _t185;
				intOrPtr _t187;
				signed int _t188;
				signed int _t190;
				intOrPtr _t191;
				intOrPtr* _t193;
				intOrPtr _t194;
				intOrPtr* _t200;
				intOrPtr _t207;
				intOrPtr _t217;
				intOrPtr* _t221;
				intOrPtr _t222;
				intOrPtr _t224;
				intOrPtr _t226;
				intOrPtr _t227;
				signed int _t244;
				intOrPtr* _t250;
				intOrPtr* _t251;
				intOrPtr _t252;
				void* _t256;
				intOrPtr _t258;
				intOrPtr _t260;
				intOrPtr* _t262;
				intOrPtr* _t263;
				signed int _t264;
				intOrPtr* _t265;
				short _t266;
				intOrPtr _t267;
				signed int _t269;
				void* _t272;
				void* _t273;
				void* _t274;
				intOrPtr _t290;

				_push(0x68);
				E008C1E90(E008E0D2E, __ebx, __edi, __esi);
				_t227 =  *((intOrPtr*)(_t272 + 0x30));
				_t224 =  *((intOrPtr*)(_t272 + 0x18));
				_t262 =  *((intOrPtr*)(_t272 + 0x20));
				 *((intOrPtr*)(_t272 - 0x74)) =  *((intOrPtr*)(_t272 + 0xc));
				 *((intOrPtr*)(_t272 - 0x64)) = _t224;
				 *((intOrPtr*)(_t272 - 0x58)) = _t227;
				if(_t227 == 0) {
					L4:
					_t269 = 0;
					__eflags = 0;
				} else {
					_t222 =  *_t262;
					if(_t222 == 0x2b || _t222 == 0x2d) {
						_t269 = 1;
					} else {
						goto L4;
					}
				}
				_t281 = ( *(_t224 + 0x14) & 0x00003000) - 0x3000;
				if(( *(_t224 + 0x14) & 0x00003000) == 0x3000) {
					_t9 = _t269 + 2; // 0x2
					_t150 = _t9;
					_t256 = "pP";
					__eflags = _t150 - _t227;
					if(_t150 <= _t227) {
						__eflags =  *((char*)(_t262 + _t269)) - 0x30;
						if( *((char*)(_t262 + _t269)) == 0x30) {
							_t227 =  *((intOrPtr*)(_t262 + _t269 + 1));
							__eflags = _t227 - 0x78;
							if(_t227 == 0x78) {
								L11:
								_t269 = _t150;
							} else {
								__eflags = _t227 - 0x58;
								if(_t227 == 0x58) {
									goto L11;
								}
							}
						}
					}
				} else {
					_t256 = "eE";
				}
				 *((intOrPtr*)(_t272 - 0x4c)) = E008C0920(_t227, _t262, _t256);
				_t152 = 0x2e;
				 *((short*)(_t272 - 0x48)) = _t152;
				 *((char*)(_t272 - 0x48)) =  *((intOrPtr*)( *((intOrPtr*)(E008C177C(_t224, _t269, _t281)))));
				_t157 = E008C0920(_t227, _t262, _t272 - 0x48);
				_t274 = _t273 + 0x10;
				 *(_t272 - 0x70) = _t157;
				_t159 = E008A36A0(_t272 - 0x54);
				 *(_t272 - 4) =  *(_t272 - 4) & 0x00000000;
				_t160 = E008AE48B(_t224, _t262, _t269, _t281);
				 *(_t272 - 4) =  *(_t272 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t272 - 0x44)) = _t160;
				E0089A750(_t272 - 0x54);
				_t163 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t272 - 0x44)))) + 0x30))(0x30, _t159);
				 *(_t272 - 0x18) =  *(_t272 - 0x18) & 0x00000000;
				 *(_t272 - 0x50) = _t163 & 0x0000ffff;
				 *((intOrPtr*)(_t272 - 0x14)) = 7;
				 *((short*)(_t272 - 0x28)) = 0;
				E008A7FB0(_t272 - 0x28, _t272,  *((intOrPtr*)(_t272 - 0x58)), 0);
				_t282 =  *((intOrPtr*)(_t272 - 0x14)) - 8;
				_t167 =  *((intOrPtr*)(_t272 - 0x28));
				 *(_t272 - 4) = 1;
				if( *((intOrPtr*)(_t272 - 0x14)) < 8) {
					_t167 = _t272 - 0x28;
				}
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t272 - 0x44)))) + 0x2c))(_t262,  *((intOrPtr*)(_t272 - 0x58)) + _t262, _t167);
				 *(_t272 - 4) = 2;
				_t263 = E008AEE1B(_t224, _t262, _t269, _t282);
				 *(_t272 - 4) = 1;
				 *((intOrPtr*)(_t272 - 0x5c)) = _t263;
				E0089A750(_t272 - 0x54);
				E008BADBD(_t263, _t272 - 0x40);
				 *(_t272 - 4) = 3;
				_t178 =  *((intOrPtr*)( *_t263 + 0x10))(E008A36A0(_t272 - 0x54));
				_t264 =  *(_t272 - 0x70);
				_t258 =  *((intOrPtr*)(_t272 - 0x4c));
				_push( *(_t272 - 0x50));
				_t179 = _t178 & 0x0000ffff;
				 *(_t272 - 0x68) = _t178 & 0x0000ffff;
				if(_t264 !=  *((intOrPtr*)(_t272 - 0x58))) {
					 *((intOrPtr*)(_t272 - 0x44)) =  *((intOrPtr*)(_t272 + 0x24)) + _t264;
					E008A8CD0(_t179, _t224, _t272 - 0x28, _t264, _t269, _t272);
					E008A8CD0(_t264 + 1, _t224, _t272 - 0x28, _t264, _t269, _t272, _t264 + 1,  *((intOrPtr*)(_t272 + 0x28)),  *(_t272 - 0x50));
					_t184 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t272 - 0x5c)))) + 0xc))(_t258,  *((intOrPtr*)(_t272 + 0x2c)));
					__eflags =  *((intOrPtr*)(_t272 - 0x14)) - 8;
					_t244 = _t184 & 0x0000ffff;
					_t185 =  *((intOrPtr*)(_t272 - 0x28));
					if( *((intOrPtr*)(_t272 - 0x14)) < 8) {
						_t185 = _t272 - 0x28;
					}
					_push( *(_t272 - 0x50));
					 *(_t185 + _t264 * 2) = _t244;
					_push( *((intOrPtr*)(_t272 + 0x24)));
					_push(_t264);
				} else {
					_t185 =  *((intOrPtr*)(_t272 + 0x24));
					_push(_t185);
					_push(_t258);
					 *((intOrPtr*)(_t272 - 0x44)) = _t258 + _t185;
				}
				E008A8CD0(_t185, _t224, _t272 - 0x28, _t264, _t269, _t272);
				_t265 =  *((intOrPtr*)(_t272 - 0x40));
				if( *((intOrPtr*)(_t272 - 0x2c)) < 0x10) {
					_t265 = _t272 - 0x40;
				}
				_t187 =  *_t265;
				if(_t187 != 0x7f) {
					_t226 =  *((intOrPtr*)(_t272 - 0x44));
					while(_t187 > 0) {
						_t252 = _t187;
						_t219 = _t226 - _t269;
						if(_t252 < _t226 - _t269) {
							_t226 = _t226 - _t252;
							E008A8CD0(_t219, _t226, _t272 - 0x28, _t265, _t269, _t272, _t226, 1,  *(_t272 - 0x68));
							_t221 = _t265 + 1;
							if( *_t221 > 0) {
								_t265 = _t221;
							}
							_t187 =  *_t265;
							if(_t187 != 0x7f) {
								continue;
							}
						}
						break;
					}
					_t224 =  *((intOrPtr*)(_t272 - 0x64));
				}
				_t290 =  *((intOrPtr*)(_t224 + 0x24));
				_t188 =  *(_t272 - 0x18);
				 *(_t272 - 0x68) = _t188;
				if(_t290 < 0 || _t290 <= 0 &&  *((intOrPtr*)(_t224 + 0x20)) <= 0) {
					L34:
					_t266 = 0;
					__eflags = 0;
				} else {
					_t267 =  *((intOrPtr*)(_t224 + 0x20));
					if(_t267 <= _t188) {
						goto L34;
					} else {
						_t266 = _t267 - _t188;
					}
				}
				_t190 =  *(_t224 + 0x14) & 0x000001c0;
				if(_t190 == 0x40) {
					__eflags =  *((intOrPtr*)(_t272 - 0x14)) - 8;
					_t191 =  *((intOrPtr*)(_t272 - 0x28));
					if( *((intOrPtr*)(_t272 - 0x14)) < 8) {
						_t191 = _t272 - 0x28;
					}
					_t225 =  *((intOrPtr*)(_t272 + 8));
					_push(_t269);
					_push(_t191);
					_push( *((intOrPtr*)(_t272 + 0x14)));
					_push( *((intOrPtr*)(_t272 + 0x10)));
					goto L46;
				} else {
					if(_t190 == 0x100) {
						__eflags =  *((intOrPtr*)(_t272 - 0x14)) - 8;
						_t207 =  *((intOrPtr*)(_t272 - 0x28));
						if( *((intOrPtr*)(_t272 - 0x14)) < 8) {
							_t207 = _t272 - 0x28;
						}
						_t225 =  *((intOrPtr*)(_t272 + 8));
						_t250 = E008B5A6F( *((intOrPtr*)(_t272 + 8)), _t272 - 0x60,  *((intOrPtr*)(_t272 + 0x10)),  *((intOrPtr*)(_t272 + 0x14)), _t207, _t269);
						 *((intOrPtr*)(_t272 + 0x10)) =  *_t250;
						 *((intOrPtr*)(_t272 + 0x14)) =  *((intOrPtr*)(_t250 + 4));
						_t193 = E008B6596( *((intOrPtr*)(_t272 + 8)), _t272 - 0x60,  *_t250,  *((intOrPtr*)(_t250 + 4)),  *((intOrPtr*)(_t272 + 0x1c)), _t266);
						_t266 = 0;
					} else {
						_t225 =  *((intOrPtr*)(_t272 + 8));
						_t251 = E008B6596(_t225, _t272 - 0x60,  *((intOrPtr*)(_t272 + 0x10)),  *((intOrPtr*)(_t272 + 0x14)),  *((intOrPtr*)(_t272 + 0x1c)), _t266);
						_t274 = _t274 + 0x18;
						_t266 = 0;
						 *((intOrPtr*)(_t272 + 0x10)) =  *_t251;
						 *((intOrPtr*)(_t272 + 0x14)) =  *((intOrPtr*)(_t251 + 4));
						_t217 =  *((intOrPtr*)(_t272 - 0x28));
						if( *((intOrPtr*)(_t272 - 0x14)) < 8) {
							_t217 = _t272 - 0x28;
						}
						_push(_t269);
						_push(_t217);
						_push( *((intOrPtr*)(_t251 + 4)));
						_push( *_t251);
						L46:
						_push(_t272 - 0x60);
						_push(_t225);
						_t193 = E008B5A6F();
					}
				}
				_t246 =  *_t193;
				 *((intOrPtr*)(_t272 + 0x10)) =  *_t193;
				_t259 =  *((intOrPtr*)(_t193 + 4));
				_t194 =  *((intOrPtr*)(_t272 - 0x28));
				 *((intOrPtr*)(_t272 + 0x14)) =  *((intOrPtr*)(_t193 + 4));
				if( *((intOrPtr*)(_t272 - 0x14)) < 8) {
					_t194 = _t272 - 0x28;
				}
				 *((intOrPtr*)(_t272 - 0x4c)) = _t194;
				_t200 = E008B5A6F(_t225, _t272 - 0x6c, _t246, _t259,  *((intOrPtr*)(_t272 - 0x4c)) + _t269 * 2,  *(_t272 - 0x68) - _t269);
				_t260 =  *((intOrPtr*)(_t272 - 0x64));
				 *((intOrPtr*)(_t272 + 0x10)) =  *_t200;
				 *(_t260 + 0x20) =  *(_t260 + 0x20) & 0x00000000;
				 *(_t260 + 0x24) =  *(_t260 + 0x24) & 0x00000000;
				 *((intOrPtr*)(_t272 + 0x14)) =  *((intOrPtr*)(_t200 + 4));
				E008B6596(_t225,  *((intOrPtr*)(_t272 - 0x74)),  *_t200,  *((intOrPtr*)(_t200 + 4)),  *((intOrPtr*)(_t272 + 0x1c)), _t266);
				E008925E0(_t272 - 0x40, 1, 0);
				E00892630(_t272 - 0x28, 1, 0);
				return E008C1E3F(_t225, _t266,  *((intOrPtr*)(_t272 - 0x74)));
			}

0x008afb8f
0x008afb96
0x008afb9b
0x008afba1
0x008afba4
0x008afba7
0x008afbaa
0x008afbad
0x008afbb2
0x008afbc3
0x008afbc3
0x008afbc3
0x008afbb4
0x008afbb4
0x008afbb8
0x008afbc0
0x00000000
0x00000000
0x00000000
0x008afbb8
0x008afbcf
0x008afbd1
0x008afbda
0x008afbda
0x008afbdd
0x008afbe2
0x008afbe4
0x008afbe6
0x008afbea
0x008afbec
0x008afbf0
0x008afbf3
0x008afbfa
0x008afbfa
0x008afbf5
0x008afbf5
0x008afbf8
0x00000000
0x00000000
0x008afbf8
0x008afbf3
0x008afbea
0x008afbd3
0x008afbd3
0x008afbd3
0x008afc03
0x008afc08
0x008afc09
0x008afc16
0x008afc1e
0x008afc23
0x008afc26
0x008afc2f
0x008afc34
0x008afc39
0x008afc3e
0x008afc46
0x008afc49
0x008afc55
0x008afc58
0x008afc62
0x008afc6b
0x008afc72
0x008afc76
0x008afc7b
0x008afc7f
0x008afc82
0x008afc89
0x008afc8b
0x008afc8b
0x008afc9b
0x008afcaa
0x008afcb4
0x008afcb6
0x008afcbd
0x008afcc0
0x008afccb
0x008afcd4
0x008afcd8
0x008afcdb
0x008afcde
0x008afce1
0x008afce4
0x008afce7
0x008afced
0x008afd04
0x008afd0b
0x008afd1d
0x008afd27
0x008afd2a
0x008afd2e
0x008afd31
0x008afd34
0x008afd36
0x008afd36
0x008afd39
0x008afd3c
0x008afd40
0x008afd43
0x008afcef
0x008afcef
0x008afcf2
0x008afcf3
0x008afcf7
0x008afcf7
0x008afd47
0x008afd50
0x008afd53
0x008afd55
0x008afd55
0x008afd58
0x008afd5c
0x008afd5e
0x008afd61
0x008afd65
0x008afd6a
0x008afd6e
0x008afd73
0x008afd7b
0x008afd80
0x008afd86
0x008afd88
0x008afd88
0x008afd8a
0x008afd8e
0x00000000
0x00000000
0x008afd8e
0x00000000
0x008afd6e
0x008afd90
0x008afd90
0x008afd93
0x008afd97
0x008afd9a
0x008afd9d
0x008afdb2
0x008afdb2
0x008afdb2
0x008afda7
0x008afda7
0x008afdac
0x00000000
0x008afdae
0x008afdae
0x008afdae
0x008afdac
0x008afdb7
0x008afdbf
0x008afe52
0x008afe56
0x008afe59
0x008afe5b
0x008afe5b
0x008afe5e
0x008afe61
0x008afe62
0x008afe63
0x008afe66
0x00000000
0x008afdc5
0x008afdca
0x008afe0a
0x008afe0e
0x008afe11
0x008afe13
0x008afe13
0x008afe16
0x008afe2b
0x008afe33
0x008afe39
0x008afe46
0x008afe4e
0x008afdcc
0x008afdcc
0x008afde3
0x008afde5
0x008afde8
0x008afdf0
0x008afdf6
0x008afdf9
0x008afdfc
0x008afdfe
0x008afdfe
0x008afe01
0x008afe02
0x008afe03
0x008afe06
0x008afe69
0x008afe6c
0x008afe6d
0x008afe6e
0x008afe73
0x008afdca
0x008afe7a
0x008afe7c
0x008afe7f
0x008afe82
0x008afe85
0x008afe88
0x008afe8a
0x008afe8a
0x008afe8d
0x008afea4
0x008afea9
0x008afeb5
0x008afebb
0x008afebf
0x008afec7
0x008afeca
0x008afed9
0x008afee5
0x008afef1

APIs

__EH_prolog3_GS.LIBCMT ref: 008AFB96
_strcspn.LIBCMT ref: 008AFBFE
_localeconv.LIBCMT ref: 008AFC0D
_strcspn.LIBCMT ref: 008AFC1E

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: _strcspn$H_prolog3__localeconv
String ID:
API String ID: 3239618802-0
Opcode ID: 83b42ed6e6701f37a1835cd68d8053e015cba05c9edb7517e1edb3c7697083b6
Instruction ID: 1127b32bff05cd81725094f8d4bb996631b187562c4c209e42139a984771e716
Opcode Fuzzy Hash: 83b42ed6e6701f37a1835cd68d8053e015cba05c9edb7517e1edb3c7697083b6
Instruction Fuzzy Hash: 34C13975900249EFEF15DFE8C884AEEBBB9FF09310F144029E905EB652D730AA55CB61

Uniqueness

Uniqueness Score: -1.00%

Function 008C2A5D, Relevance: 6.2, APIs: 4, Instructions: 162
COMMON

Download Yara Rule

C-Code - Quality: 41%

			E008C2A5D(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed char* _t41;
				intOrPtr _t42;
				intOrPtr* _t64;
				intOrPtr _t69;
				signed int _t70;
				signed char _t72;
				signed char _t73;
				signed char* _t95;
				signed char _t100;
				signed char** _t102;
				signed char* _t105;
				void* _t106;

				_push(0xc);
				_push(0x8f0918);
				E008C7EB0(__ebx, __edi, __esi);
				_t69 = 0;
				_t41 =  *(_t106 + 0x10);
				_t72 = _t41[4];
				if(_t72 == 0 ||  *((intOrPtr*)(_t72 + 8)) == 0) {
					L34:
					_t42 = 0;
				} else {
					_t100 = _t41[8];
					if(_t100 != 0 || ( *_t41 & 0x80000000) != 0) {
						_t73 =  *_t41;
						_t102 =  *(_t106 + 0xc);
						if(_t73 >= 0) {
							_t102 =  &(_t102[3]) + _t100;
						}
						 *((intOrPtr*)(_t106 - 4)) = _t69;
						_t105 =  *(_t106 + 0x14);
						if(_t73 >= 0 || ( *_t105 & 0x00000010) == 0) {
							L14:
							_push(1);
							_t16 =  *((intOrPtr*)(_t106 + 8)) + 0x18; // 0x66eae8
							_push( *_t16);
							if((_t73 & 0x00000008) == 0) {
								if(( *_t105 & 0x00000001) == 0) {
									if(_t105[0x18] != _t69) {
										if(E008CC76A() == 0) {
											goto L32;
										} else {
											_push(1);
											if(E008CC76A(_t102) == 0 || E008CC76A(_t105[0x18]) == 0) {
												goto L32;
											} else {
												_t70 = 0;
												_t69 = (_t70 & 0xffffff00 | ( *_t105 & 0x00000004) != 0x00000000) + 1;
												 *((intOrPtr*)(_t106 - 0x1c)) = _t69;
											}
										}
									} else {
										if(E008CC76A() == 0) {
											goto L32;
										} else {
											_push(1);
											if(E008CC76A(_t102) == 0) {
												goto L32;
											} else {
												_t32 =  *((intOrPtr*)(_t106 + 8)) + 0x18; // 0x66eae8
												E008BEEA0(_t102, E008C29AA( *_t32,  &(_t105[8])), _t105[0x14]);
											}
										}
									}
								} else {
									if(E008CC76A() == 0) {
										goto L32;
									} else {
										_push(1);
										if(E008CC76A(_t102) == 0) {
											goto L32;
										} else {
											_t25 =  *((intOrPtr*)(_t106 + 8)) + 0x18; // 0x66eae8
											E008BEEA0(_t102,  *_t25, _t105[0x14]);
											if(_t105[0x14] == 4 &&  *_t102 != 0) {
												_push( &(_t105[8]));
												_push( *_t102);
												goto L13;
											}
										}
									}
								}
							} else {
								if(E008CC76A() == 0) {
									goto L32;
								} else {
									_push(1);
									if(E008CC76A(_t102) == 0) {
										goto L32;
									} else {
										_t20 =  *((intOrPtr*)(_t106 + 8)) + 0x18; // 0x66eae8
										_t95 =  *_t20;
										goto L12;
									}
								}
							}
						} else {
							_t64 =  *0x8f4e18; // 0x0
							if(_t64 == 0) {
								goto L14;
							} else {
								 *(_t106 + 0x10) =  *_t64();
								_push(1);
								if(E008CC76A(_t65) == 0) {
									L32:
									E008C911C();
								} else {
									_push(1);
									if(E008CC76A(_t102) == 0) {
										goto L32;
									} else {
										_t95 =  *(_t106 + 0x10);
										L12:
										 *_t102 = _t95;
										_push( &(_t105[8]));
										_push(_t95);
										L13:
										 *_t102 = E008C29AA();
									}
								}
							}
						}
						 *((intOrPtr*)(_t106 - 4)) = 0xfffffffe;
						_t42 = _t69;
					} else {
						goto L34;
					}
				}
				return E008C7EF5(_t42);
			}

0x008c2a5d
0x008c2a5f
0x008c2a64
0x008c2a69
0x008c2a6b
0x008c2a6e
0x008c2a73
0x008c2c17
0x008c2c17
0x008c2a82
0x008c2a82
0x008c2a87
0x008c2a95
0x008c2a97
0x008c2a9c
0x008c2aa1
0x008c2aa1
0x008c2aa3
0x008c2aa6
0x008c2aab
0x008c2afc
0x008c2afc
0x008c2b01
0x008c2b01
0x008c2b07
0x008c2b35
0x008c2b8b
0x008c2bcf
0x00000000
0x008c2bd1
0x008c2bd1
0x008c2bdd
0x00000000
0x008c2bec
0x008c2bf1
0x008c2bf5
0x008c2bf6
0x008c2bf6
0x008c2bdd
0x008c2b8d
0x008c2b96
0x00000000
0x008c2b98
0x008c2b98
0x008c2ba4
0x00000000
0x008c2ba6
0x008c2bb0
0x008c2bbc
0x008c2bc1
0x008c2ba4
0x008c2b96
0x008c2b37
0x008c2b40
0x00000000
0x008c2b46
0x008c2b46
0x008c2b52
0x00000000
0x008c2b58
0x008c2b5e
0x008c2b62
0x008c2b6e
0x008c2b80
0x008c2b81
0x00000000
0x008c2b81
0x008c2b6e
0x008c2b52
0x008c2b40
0x008c2b09
0x008c2b12
0x00000000
0x008c2b18
0x008c2b18
0x008c2b24
0x00000000
0x008c2b2a
0x008c2b2d
0x008c2b2d
0x00000000
0x008c2b2d
0x008c2b24
0x008c2b12
0x008c2ab2
0x008c2ab2
0x008c2ab9
0x00000000
0x008c2abb
0x008c2abd
0x008c2ac0
0x008c2acc
0x008c2bfb
0x008c2bfb
0x008c2ad2
0x008c2ad2
0x008c2ade
0x00000000
0x008c2ae4
0x008c2ae4
0x008c2ae7
0x008c2ae7
0x008c2aec
0x008c2aed
0x008c2aee
0x008c2af5
0x008c2af5
0x008c2ade
0x008c2acc
0x008c2ab9
0x008c2c00
0x008c2c07
0x00000000
0x00000000
0x00000000
0x008c2a87
0x008c2c1e

APIs

___AdjustPointer.LIBCMT ref: 008C2AEE
_memmove.LIBCMT ref: 008C2B62
___AdjustPointer.LIBCMT ref: 008C2BB3
_memmove.LIBCMT ref: 008C2BBC

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: AdjustPointer_memmove
String ID:
API String ID: 1721217611-0
Opcode ID: 3fa872271062d6b1f556c98e522709c1f0ddca14242b7d84c7c660fc099288cb
Instruction ID: df23ecab611f3729181de4ca13f39864af693a4b5013efa3c154965e9750c168
Opcode Fuzzy Hash: 3fa872271062d6b1f556c98e522709c1f0ddca14242b7d84c7c660fc099288cb
Instruction Fuzzy Hash: AD414D352483079EEB28AF29D892F6A77B5FF45B30F24441DE889C65D1EF71E880DA11

Uniqueness

Uniqueness Score: -1.00%

Function 008AB134, Relevance: 6.1, APIs: 4, Instructions: 137
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E008AB134(unsigned int __edx, short* _a4, char* _a8, intOrPtr _a12, char* _a16, int* _a20) {
				signed int _v8;
				void _v52;
				char _v53;
				char* _v60;
				char* _v64;
				char _v108;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t41;
				char _t45;
				signed char _t48;
				short* _t61;
				short* _t66;
				short** _t67;
				void* _t70;
				short* _t73;
				char* _t74;
				signed int _t81;
				unsigned int _t83;
				signed int _t84;
				char* _t85;
				int* _t89;
				signed int _t91;

				_t83 = __edx;
				_t41 =  *0x8f21d0; // 0x28a5f8b6
				_v8 = _t41 ^ _t91;
				_t74 = _a16;
				_t73 = _a4;
				_t89 = _a20;
				_t85 = _a8;
				_v64 = _t85;
				_v60 = _t74;
				if(_t85 == 0 || _a12 == 0) {
					L5:
					goto L6;
				} else {
					if( *_t85 != 0) {
						__eflags = _t89;
						if(_t89 == 0) {
							_t70 = E008A9EC7( &_v108);
							_t81 = 0xb;
							memcpy( &_v52, _t70, _t81 << 2);
							_t85 = _v64;
							_t89 =  &_v52;
							_t74 = _v60;
						}
						__eflags = _t89[2];
						if(_t89[2] == 0) {
							__eflags =  *_t74;
							_t45 =  *_t85;
							if( *_t74 == 0) {
								_t84 = _t45 & 0x000000ff;
								_v53 = _t45;
								_t83 = _t84 >> 3;
								_t48 = 1 << (_t84 & 0x00000007);
								__eflags =  *( &(_t89[3]) + _t83) & _t48;
								if(( *( &(_t89[3]) + _t83) & _t48) == 0) {
									__eflags = _t73;
									__eflags = MultiByteToWideChar( *_t89, 9, _t85, 1, _t73, 0 | _t73 != 0x00000000);
									if(__eflags != 0) {
										goto L12;
									}
									L20:
									 *((intOrPtr*)(E008C3653(__eflags))) = 0x2a;
									goto L6;
								}
								__eflags = _a12 - _t89[1];
								if(_a12 >= _t89[1]) {
									__eflags = _t89[1] - 1;
									if(_t89[1] <= 1) {
										L26:
										__eflags = _t85[1];
										if(__eflags != 0) {
											L17:
											goto L6;
										}
										 *_v60 =  *_v60 & 0x00000000;
										goto L20;
									}
									__eflags = _t73;
									_t61 = MultiByteToWideChar( *_t89, 9, _t85, _t89[1], _t73, 0 | _t73 != 0x00000000);
									__eflags = _t61;
									if(_t61 != 0) {
										goto L17;
									}
									goto L26;
								}
								_push(0xfffffffe);
								 *_v60 = _v53;
								goto L6;
							}
							_t74[1] = _t45;
							__eflags = _t89[1] - 1;
							if(_t89[1] <= 1) {
								L19:
								 *_t74 =  *_t74 & 0x00000000;
								__eflags =  *_t74;
								goto L20;
							}
							__eflags = _t73;
							_t66 = MultiByteToWideChar( *_t89, 9, _t74, 2, _t73, 0 | _t73 != 0x00000000);
							__eflags = _t66;
							if(_t66 == 0) {
								_t74 = _v60;
								goto L19;
							}
							_t67 = _v60;
							 *_t67 =  *_t67 & 0x00000000;
							__eflags =  *_t67;
							goto L17;
						} else {
							__eflags = _t73;
							if(_t73 != 0) {
								 *_t73 =  *_t85 & 0x000000ff;
							}
							L12:
							L6:
							return E008BF888(_t73, _v8 ^ _t91, _t83, _t85, _t89);
						}
					} else {
						if(_t73 != 0) {
							 *_t73 = 0;
						}
						goto L5;
					}
				}
			}

0x008ab134
0x008ab13a
0x008ab141
0x008ab144
0x008ab148
0x008ab14c
0x008ab150
0x008ab153
0x008ab156
0x008ab15b
0x008ab171
0x00000000
0x008ab163
0x008ab166
0x008ab184
0x008ab186
0x008ab18c
0x008ab194
0x008ab19a
0x008ab19c
0x008ab19f
0x008ab1a2
0x008ab1a2
0x008ab1a5
0x008ab1a9
0x008ab1ba
0x008ab1bd
0x008ab1bf
0x008ab208
0x008ab20b
0x008ab212
0x008ab219
0x008ab21b
0x008ab21f
0x008ab26a
0x008ab27e
0x008ab280
0x00000000
0x00000000
0x008ab1f5
0x008ab1fa
0x00000000
0x008ab200
0x008ab224
0x008ab227
0x008ab239
0x008ab23d
0x008ab25a
0x008ab25a
0x008ab25e
0x008ab1ea
0x00000000
0x008ab1ea
0x008ab263
0x00000000
0x008ab263
0x008ab241
0x008ab250
0x008ab256
0x008ab258
0x00000000
0x00000000
0x00000000
0x008ab258
0x008ab22f
0x008ab231
0x00000000
0x008ab233
0x008ab1c1
0x008ab1c4
0x008ab1c8
0x008ab1f2
0x008ab1f2
0x008ab1f2
0x00000000
0x008ab1f2
0x008ab1cc
0x008ab1da
0x008ab1e0
0x008ab1e2
0x008ab1ef
0x00000000
0x008ab1ef
0x008ab1e4
0x008ab1e7
0x008ab1e7
0x00000000
0x008ab1ab
0x008ab1ab
0x008ab1ad
0x008ab1b2
0x008ab1b2
0x008ab1b5
0x008ab173
0x008ab183
0x008ab183
0x008ab168
0x008ab16a
0x008ab16e
0x008ab16e
0x00000000
0x008ab16a
0x008ab166

APIs

__Getcvt.LIBCPMT ref: 008AB18C
MultiByteToWideChar.KERNEL32(?,00000009,?,00000002,?,00000000), ref: 008AB1DA
MultiByteToWideChar.KERNEL32(?,00000009,?,00000001,?,00000000), ref: 008AB250
MultiByteToWideChar.KERNEL32(?,00000009,?,00000001,?,00000000), ref: 008AB278

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: ByteCharMultiWide$Getcvt
String ID:
API String ID: 3195005509-0
Opcode ID: 474eb81bd46ac0216fda44a6e528e3a5d989f694ffd13ad8ee211d42ab51fb4c
Instruction ID: f13b5d5ae5f263000bac77fa85cb6792ae813b6ccf60623ef33fe34a8802cff2
Opcode Fuzzy Hash: 474eb81bd46ac0216fda44a6e528e3a5d989f694ffd13ad8ee211d42ab51fb4c
Instruction Fuzzy Hash: 3041CD31A04349EFEB218FA4D850B6ABBB9FF42314F14452AF851DB592D770EC40CB50

Uniqueness

Uniqueness Score: -1.00%

Function 008C115C, Relevance: 6.1, APIs: 4, Instructions: 136
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E008C115C(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t49;
				signed int _t50;
				void* _t57;
				signed int _t59;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t65;
				signed int _t70;
				signed int _t71;
				signed int _t73;
				signed int _t74;
				signed int _t79;
				signed int _t87;
				signed int _t92;
				intOrPtr* _t96;
				void* _t97;

				_push(_t72);
				_t73 = _a8;
				if(_t73 == 0) {
					L4:
					_t50 = 0;
					L5:
					return _t50;
				}
				_t70 = _a12;
				if(_t70 == 0) {
					goto L4;
				}
				_t96 = _a16;
				_t100 = _t96;
				if(_t96 != 0) {
					__eflags = _a4;
					if(__eflags == 0) {
						goto L3;
					}
					__eflags = _t70 - (_t49 | 0xffffffff) / _t73;
					if(__eflags > 0) {
						goto L3;
					}
					_t92 = _t73 * _t70;
					__eflags =  *(_t96 + 0xc) & 0x0000010c;
					_t71 = _t92;
					if(( *(_t96 + 0xc) & 0x0000010c) == 0) {
						_t74 = 0x1000;
					} else {
						_t74 =  *(_t96 + 0x18);
					}
					_v8 = _t74;
					__eflags = _t92;
					if(_t92 == 0) {
						L34:
						_t50 = _a12;
						goto L5;
					} else {
						do {
							_t84 =  *(_t96 + 0xc) & 0x00000108;
							__eflags = _t84;
							if(_t84 == 0) {
								L18:
								__eflags = _t71 - _t74;
								if(_t71 < _t74) {
									_t57 = E008CBC96( *_a4, _t96);
									__eflags = _t57 - 0xffffffff;
									if(_t57 == 0xffffffff) {
										L36:
										_t50 = (_t92 - _t71) / _a8;
										goto L5;
									}
									_a4 = _a4 + 1;
									_t71 = _t71 - 1;
									_t74 =  *(_t96 + 0x18);
									_v8 = _t74;
									__eflags = _t74;
									if(_t74 <= 0) {
										_t74 = 1;
										__eflags = 1;
										_v8 = 1;
									}
									goto L33;
								}
								__eflags = _t84;
								if(_t84 == 0) {
									L22:
									_t59 = _t71;
									__eflags = _t74;
									if(_t74 == 0) {
										_v12 = _t71;
									} else {
										_t84 = _t59 % _t74;
										_t59 = _t71 - _t59 % _t74;
										_v12 = _t59;
									}
									_push(_t59);
									_push(_a4);
									_push(E008CAB1F(_t96));
									_t61 = E008CADD1(_t71, _t84, _t92, _t96, __eflags);
									_t97 = _t97 + 0xc;
									__eflags = _t61 - 0xffffffff;
									if(_t61 == 0xffffffff) {
										L35:
										_t43 = _t96 + 0xc;
										 *_t43 =  *(_t96 + 0xc) | 0x00000020;
										__eflags =  *_t43;
										goto L36;
									} else {
										_t79 = _v12;
										_t87 = _t79;
										__eflags = _t61 - _t79;
										if(_t61 <= _t79) {
											_t87 = _t61;
										}
										_a4 = _a4 + _t87;
										_t71 = _t71 - _t87;
										__eflags = _t61 - _t79;
										if(_t61 < _t79) {
											goto L35;
										} else {
											L29:
											_t74 = _v8;
											goto L33;
										}
									}
								}
								_t62 = E008C0BF3(_t84, _t96);
								__eflags = _t62;
								if(_t62 != 0) {
									goto L36;
								}
								_t74 = _v8;
								goto L22;
							}
							_t63 =  *(_t96 + 4);
							_v12 = _t63;
							__eflags = _t63;
							if(__eflags == 0) {
								goto L18;
							}
							if(__eflags < 0) {
								goto L35;
							}
							__eflags = _t71 - _t63;
							if(_t71 < _t63) {
								_t63 = _t71;
								_v12 = _t71;
							}
							E008BFCF0( *_t96, _a4, _t63);
							_t65 = _v12;
							_t97 = _t97 + 0xc;
							 *(_t96 + 4) =  *(_t96 + 4) - _t65;
							_t71 = _t71 - _t65;
							 *_t96 =  *_t96 + _t65;
							_a4 = _a4 + _t65;
							goto L29;
							L33:
							__eflags = _t71;
						} while (_t71 != 0);
						goto L34;
					}
				}
				L3:
				 *((intOrPtr*)(E008C3653(_t100))) = 0x16;
				E008CAA8F();
				goto L4;
			}

0x008c1160
0x008c1161
0x008c1169
0x008c1189
0x008c1189
0x008c118b
0x008c1191
0x008c1191
0x008c116b
0x008c1170
0x00000000
0x00000000
0x008c1172
0x008c1175
0x008c1177
0x008c1192
0x008c1196
0x00000000
0x00000000
0x008c119f
0x008c11a1
0x00000000
0x00000000
0x008c11a5
0x008c11a8
0x008c11af
0x008c11b1
0x008c11b8
0x008c11b3
0x008c11b3
0x008c11b3
0x008c11bd
0x008c11c0
0x008c11c2
0x008c129b
0x008c129b
0x00000000
0x008c11c8
0x008c11c8
0x008c11cb
0x008c11cb
0x008c11d1
0x008c1209
0x008c1209
0x008c120b
0x008c1273
0x008c127a
0x008c127d
0x008c12a7
0x008c12ad
0x00000000
0x008c12ad
0x008c127f
0x008c1282
0x008c1283
0x008c1286
0x008c1289
0x008c128b
0x008c128f
0x008c128f
0x008c1290
0x008c1290
0x00000000
0x008c128b
0x008c120d
0x008c120f
0x008c1223
0x008c1223
0x008c1225
0x008c1227
0x008c1236
0x008c1229
0x008c122b
0x008c122f
0x008c1231
0x008c1231
0x008c1239
0x008c123a
0x008c1244
0x008c1245
0x008c124a
0x008c124d
0x008c1250
0x008c12a3
0x008c12a3
0x008c12a3
0x008c12a3
0x00000000
0x008c1252
0x008c1252
0x008c1255
0x008c1257
0x008c1259
0x008c125b
0x008c125b
0x008c125d
0x008c1260
0x008c1262
0x008c1264
0x00000000
0x008c1266
0x008c1266
0x008c1266
0x00000000
0x008c1266
0x008c1264
0x008c1250
0x008c1212
0x008c1218
0x008c121a
0x00000000
0x00000000
0x008c1220
0x00000000
0x008c1220
0x008c11d3
0x008c11d6
0x008c11d9
0x008c11db
0x00000000
0x00000000
0x008c11dd
0x00000000
0x00000000
0x008c11e3
0x008c11e5
0x008c11e7
0x008c11e9
0x008c11e9
0x008c11f2
0x008c11f7
0x008c11fa
0x008c11fd
0x008c1200
0x008c1202
0x008c1204
0x00000000
0x008c1293
0x008c1293
0x008c1293
0x00000000
0x008c11c8
0x008c11c2
0x008c1179
0x008c117e
0x008c1184
0x00000000

APIs

_memmove.LIBCMT ref: 008C11F2
__flush.LIBCMT ref: 008C1212
__write.LIBCMT ref: 008C1245
__flsbuf.LIBCMT ref: 008C1273

Part of subcall function 008C3653: __getptd_noexit.LIBCMT ref: 008C3653

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: __flsbuf__flush__getptd_noexit__write_memmove
String ID:
API String ID: 2782032738-0
Opcode ID: ba2ee1807777e996d4562c8d0204556ee36bd70db9d40268ef9302b3a485de14
Instruction ID: b7652b02c2d690130c58e394942df86efafcf6d162cf6a6c25da2a2a6657cdab
Opcode Fuzzy Hash: ba2ee1807777e996d4562c8d0204556ee36bd70db9d40268ef9302b3a485de14
Instruction Fuzzy Hash: 59418275A0060AABDF18CEA9D8C8F6E77B9FF46360B24C12EE515C7642DB74DE408740

Uniqueness

Uniqueness Score: -1.00%

Function 008A8690, Relevance: 6.1, APIs: 4, Instructions: 117
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E008A8690(intOrPtr __ecx, void* __ebp, intOrPtr _a4, signed short* _a8, intOrPtr _a12, signed short** _a16, signed int _a20, intOrPtr _a24, signed int* _a28) {
				signed int _v4;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				void* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t30;
				signed short* _t35;
				void* _t38;
				void* _t60;
				signed int _t61;
				signed int _t72;
				void* _t76;
				signed short** _t77;
				signed int* _t78;
				intOrPtr _t80;
				signed int _t81;
				signed int _t82;

				_t81 =  &_v28;
				_t30 =  *0x8f21d0; // 0x28a5f8b6
				_v4 = _t30 ^ _t81;
				_t78 = _a28;
				_t77 = _a16;
				_v28 = _a4;
				_v20 = __ecx;
				 *_t77 = _a8;
				 *_t78 = _a20;
				_t35 =  *_t77;
				_v24 = 0 | _t35 != _a12;
				if(_t35 == _a12) {
					L10:
					return E008BF888(_t61, _v4 ^ _t81, _t76, _t77, _t78);
				} else {
					_t80 = _a24;
					while(1) {
						_t85 =  *_t78 - _t80;
						if( *_t78 == _t80) {
							goto L10;
						}
						_t61 =  *_t78;
						_t38 = E008C1816(_t61, _t76, _t78, _t85);
						_t68 = _t80 - _t61;
						if(_t38 > _t80 - _t61) {
							_v16 =  *_v28;
							_t61 = E008A9F30(_v28,  &_v12,  *( *_t77) & 0x0000ffff, _v28, _v20 + 8);
							_t82 = _t81 + 0x10;
							__eflags = _t61;
							if(_t61 < 0) {
								goto L11;
							} else {
								_t72 =  *_t78;
								__eflags = _t80 - _t72 - _t61;
								if(_t80 - _t72 < _t61) {
									 *_v28 = _v16;
									__eflags = _v4 ^ _t82;
									return E008BF888(_t61, _v4 ^ _t82, _t76, _t77, _t78);
								} else {
									E008BFCF0(_t72,  &_v12, _t61);
									 *_t77 =  &(( *_t77)[1]);
									_t81 = _t82 + 0xc;
									 *_t78 =  *_t78 + _t61;
									__eflags =  *_t78;
									goto L9;
								}
							}
						} else {
							_t60 = E008A9F30(_t68, _t61,  *( *_t77) & 0x0000ffff, _v28, _v20 + 8);
							_t82 = _t81 + 0x10;
							if(_t60 < 0) {
								L11:
								__eflags = _v4 ^ _t82;
								return E008BF888(_t61, _v4 ^ _t82, _t76, _t77, _t78);
							} else {
								 *_t77 =  &(( *_t77)[1]);
								 *_t78 =  *_t78 + _t60;
								L9:
								_v24 = 0;
								if( *_t77 != _a12) {
									continue;
								} else {
									goto L10;
								}
							}
						}
						goto L13;
					}
					goto L10;
				}
				L13:
			}

0x008a8690
0x008a8693
0x008a869a
0x008a86a5
0x008a86aa
0x008a86ae
0x008a86b6
0x008a86bc
0x008a86c2
0x008a86c4
0x008a86cd
0x008a86d5
0x008a877c
0x008a878d
0x008a86db
0x008a86db
0x008a86e0
0x008a86e0
0x008a86e2
0x00000000
0x00000000
0x008a86e8
0x008a86ea
0x008a86f1
0x008a86f5
0x008a8723
0x008a8740
0x008a8742
0x008a8745
0x008a8747
0x00000000
0x008a8749
0x008a8749
0x008a874f
0x008a8751
0x008a87b4
0x008a87c0
0x008a87ca
0x008a8753
0x008a875a
0x008a875f
0x008a8762
0x008a8765
0x008a8765
0x00000000
0x008a8765
0x008a8751
0x008a86f7
0x008a870a
0x008a870f
0x008a8714
0x008a8793
0x008a879d
0x008a87a7
0x008a8716
0x008a8716
0x008a8719
0x008a8767
0x008a876d
0x008a8773
0x00000000
0x00000000
0x00000000
0x00000000
0x008a8773
0x008a8714
0x00000000
0x008a86f5
0x00000000
0x008a86e0
0x00000000

APIs

____mb_cur_max_func.LIBCMT ref: 008A86EA
__Wcrtomb.LIBCPMT ref: 008A870A
__Wcrtomb.LIBCPMT ref: 008A873B
_memmove.LIBCMT ref: 008A875A

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: Wcrtomb$____mb_cur_max_func_memmove
String ID:
API String ID: 1288906269-0
Opcode ID: cddb213ec21ca3d05626481bc492a9a185fc703654fc678daae78f0ffe1d903a
Instruction ID: b7a3d9fd06a8d9a805cd2cb80d2e8ca7ed099a2c5b0cac8e6ef6380669e9ce8b
Opcode Fuzzy Hash: cddb213ec21ca3d05626481bc492a9a185fc703654fc678daae78f0ffe1d903a
Instruction Fuzzy Hash: D14117B6618302DFD344DF2CD88196AB7E4FBA9354F60082EF585C7212EB35E954CB62

Uniqueness

Uniqueness Score: -1.00%

Function 008D0D65, Relevance: 6.1, APIs: 4, Instructions: 97
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E008D0D65(void* __edx, short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				intOrPtr _v12;
				signed int _v20;
				void* __ebx;
				signed int _t35;
				int _t38;
				signed int _t41;
				intOrPtr* _t44;
				int _t47;
				short* _t49;
				intOrPtr _t50;
				intOrPtr _t54;
				int _t55;
				signed int _t60;
				char* _t63;

				_t63 = _a8;
				if(_t63 == 0) {
					L5:
					return 0;
				}
				_t50 = _a12;
				if(_t50 == 0) {
					goto L5;
				}
				if( *_t63 != 0) {
					E008C2EB7(_t50,  &_v20, __edx, _a16);
					_t35 = _v20;
					__eflags =  *(_t35 + 0xa8);
					if( *(_t35 + 0xa8) != 0) {
						_t38 = E008CE5D9( *_t63 & 0x000000ff,  &_v20);
						__eflags = _t38;
						if(_t38 == 0) {
							__eflags = _a4;
							_t41 = _v20;
							_t60 = 1;
							_t28 = _t41 + 4; // 0x840ffff8
							__eflags = MultiByteToWideChar( *_t28, 9, _t63, 1, _a4, 0 | _a4 != 0x00000000);
							if(__eflags != 0) {
								L21:
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t31 = _t54 + 0x70;
									 *_t31 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t31;
								}
								return _t60;
							}
							L20:
							_t44 = E008C3653(__eflags);
							_t60 = _t60 | 0xffffffff;
							__eflags = _t60;
							 *_t44 = 0x2a;
							goto L21;
						}
						_t60 = _v20;
						__eflags =  *(_t60 + 0x74) - 1;
						if( *(_t60 + 0x74) <= 1) {
							L15:
							_t20 = _t60 + 0x74; // 0xe1c11fe1
							__eflags = _t50 -  *_t20;
							L16:
							if(__eflags < 0) {
								goto L20;
							}
							__eflags = _t63[1];
							if(__eflags == 0) {
								goto L20;
							}
							L18:
							_t22 = _t60 + 0x74; // 0xe1c11fe1
							_t60 =  *_t22;
							goto L21;
						}
						_t12 = _t60 + 0x74; // 0xe1c11fe1
						__eflags = _t50 -  *_t12;
						if(__eflags < 0) {
							goto L16;
						}
						__eflags = _a4;
						_t17 = _t60 + 0x74; // 0xe1c11fe1
						_t18 = _t60 + 4; // 0x840ffff8
						_t47 = MultiByteToWideChar( *_t18, 9, _t63,  *_t17, _a4, 0 | _a4 != 0x00000000);
						_t60 = _v20;
						__eflags = _t47;
						if(_t47 != 0) {
							goto L18;
						}
						goto L15;
					}
					_t55 = _a4;
					__eflags = _t55;
					if(_t55 != 0) {
						 *_t55 =  *_t63 & 0x000000ff;
					}
					_t60 = 1;
					goto L21;
				}
				_t49 = _a4;
				if(_t49 != 0) {
					 *_t49 = 0;
				}
				goto L5;
			}

0x008d0d6d
0x008d0d72
0x008d0d8c
0x00000000
0x008d0d8c
0x008d0d74
0x008d0d79
0x00000000
0x00000000
0x008d0d7e
0x008d0d9b
0x008d0da0
0x008d0da3
0x008d0daa
0x008d0dc9
0x008d0dd0
0x008d0dd2
0x008d0e16
0x008d0e22
0x008d0e25
0x008d0e2a
0x008d0e33
0x008d0e35
0x008d0e45
0x008d0e45
0x008d0e49
0x008d0e4b
0x008d0e4e
0x008d0e4e
0x008d0e4e
0x008d0e4e
0x00000000
0x008d0e54
0x008d0e37
0x008d0e37
0x008d0e3c
0x008d0e3c
0x008d0e3f
0x00000000
0x008d0e3f
0x008d0dd4
0x008d0dd7
0x008d0ddb
0x008d0e04
0x008d0e04
0x008d0e04
0x008d0e07
0x008d0e07
0x00000000
0x00000000
0x008d0e09
0x008d0e0d
0x00000000
0x00000000
0x008d0e0f
0x008d0e0f
0x008d0e0f
0x00000000
0x008d0e0f
0x008d0ddd
0x008d0ddd
0x008d0de0
0x00000000
0x00000000
0x008d0de4
0x008d0dee
0x008d0df4
0x008d0df7
0x008d0dfd
0x008d0e00
0x008d0e02
0x00000000
0x00000000
0x00000000
0x008d0e02
0x008d0dac
0x008d0daf
0x008d0db1
0x008d0db6
0x008d0db6
0x008d0dbb
0x00000000
0x008d0dbb
0x008d0d80
0x008d0d85
0x008d0d89
0x008d0d89
0x00000000

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 008D0D9B
__isleadbyte_l.LIBCMT ref: 008D0DC9
MultiByteToWideChar.KERNEL32(840FFFF8,00000009,00000000,E1C11FE1,00BFBBEF,00000000,?,00000000,00000000,?,008DAC95,00000000,00BFBBEF,00000003), ref: 008D0DF7
MultiByteToWideChar.KERNEL32(840FFFF8,00000009,00000000,00000001,00BFBBEF,00000000,?,00000000,00000000,?,008DAC95,00000000,00BFBBEF,00000003), ref: 008D0E2D

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: 9f89e2758c0a5d64985e56ac187a60b5670111329de050fde2cd1c7c9a14f02c
Instruction ID: fab1dd14d1d4b45bbdbea493fedffa3f884e079bb9ddc18d6f7f6abc6cfe123d
Opcode Fuzzy Hash: 9f89e2758c0a5d64985e56ac187a60b5670111329de050fde2cd1c7c9a14f02c
Instruction Fuzzy Hash: 1731903160025AEFDB219E65C844BAA7BBAFF41320F154A6AE855CB291E730E850DF91

Uniqueness

Uniqueness Score: -1.00%

Function 00899800, Relevance: 6.1, APIs: 4, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E00899800(char __ecx, char* _a4) {
				intOrPtr _v0;
				char _v8;
				char _v12;
				char _v24;
				char _v28;
				void* __esi;
				signed int _t25;
				intOrPtr _t30;
				void* _t36;
				void* _t41;
				void* _t42;
				char _t44;
				void* _t46;

				_push(0xffffffff);
				_push(E008DF61A);
				_push( *[fs:0x0]);
				_t25 =  *0x8f21d0; // 0x28a5f8b6
				_push(_t25 ^ _t46 - 0x00000010);
				 *[fs:0x0] =  &_v12;
				_t44 = __ecx;
				_v28 = __ecx;
				E008A9CD8(__ecx, 0);
				_v8 = 0;
				 *((intOrPtr*)(__ecx + 4)) = 0;
				 *((char*)(__ecx + 8)) = 0;
				 *((intOrPtr*)(__ecx + 0xc)) = 0;
				 *((char*)(__ecx + 0x10)) = 0;
				 *((intOrPtr*)(__ecx + 0x14)) = 0;
				 *((short*)(__ecx + 0x18)) = 0;
				 *((intOrPtr*)(__ecx + 0x1c)) = 0;
				 *((short*)(__ecx + 0x20)) = 0;
				 *((intOrPtr*)(__ecx + 0x24)) = 0;
				 *((char*)(__ecx + 0x28)) = 0;
				 *((intOrPtr*)(__ecx + 0x2c)) = 0;
				 *((char*)(__ecx + 0x30)) = 0;
				_t30 = _v0;
				_v8 = 6;
				_t50 = _t30;
				if(_t30 == 0) {
					_a4 = "bad locale name";
					E008C099D( &_v24,  &_a4);
					_v28 = 0x8e3c74;
					_t30 = E008BF897( &_v28, 0x8eea88);
				}
				E008AA2BA(_t36, _t41, _t42, _t44, _t50, _t44, _t30);
				 *[fs:0x0] = _v12;
				return _t44;
			}

0x00899800
0x00899802
0x0089980d
0x00899812
0x00899819
0x0089981e
0x00899824
0x00899826
0x0089982c
0x00899831
0x00899839
0x00899840
0x00899844
0x0089984b
0x00899851
0x00899858
0x0089985c
0x0089985f
0x00899863
0x00899866
0x00899869
0x0089986c
0x0089986f
0x00899873
0x00899878
0x0089987a
0x00899880
0x0089988d
0x0089989b
0x008998a4
0x008998a4
0x008998ab
0x008998b9
0x008998c5

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0089982C

Part of subcall function 008A9CD8: __lock.LIBCMT ref: 008A9CE9

std::exception::exception.LIBCMT ref: 0089988D

Part of subcall function 008C099D: std::exception::_Copy_str.LIBCMT ref: 008C09B6

__CxxThrowException@8.LIBCMT ref: 008998A4

Part of subcall function 008BF897: RaiseException.KERNEL32(?,?,008A9C27,?,?,?,?,?,?,?,008A9C27,?,008EF51C,?), ref: 008BF8EC

std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 008998AB

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::_$Copy_strExceptionException@8Locinfo::_Locinfo_ctorLockitLockit::_RaiseThrow__lockstd::exception::_std::exception::exception
String ID:
API String ID: 271752322-0
Opcode ID: 0008b6040a8762a3d831cc51f44552e6196a0c97add0d87833efd99208d7075d
Instruction ID: 2eeb1786533464708a3d04ac409e34182d51750c680c9d06bdbd5161b1fb49ae
Opcode Fuzzy Hash: 0008b6040a8762a3d831cc51f44552e6196a0c97add0d87833efd99208d7075d
Instruction Fuzzy Hash: BC2106B1408B808FD320DF29C845B47BBE4FB59714F044E2EE499D7B92E775E2088B96

Uniqueness

Uniqueness Score: -1.00%

Function 008916E0, Relevance: 6.1, APIs: 4, Instructions: 51
memoryCOMMON

Download Yara Rule

C-Code - Quality: 16%

			E008916E0(intOrPtr _a4, intOrPtr _a8) {
				signed int _v4;
				intOrPtr _v24;
				void* _v28;
				void* __edi;
				void* __esi;
				signed int _t13;
				signed int _t15;
				void* _t20;
				void* _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				signed int _t28;
				signed int _t29;
				signed int _t30;

				_t28 =  &_v28;
				_t13 =  *0x8f21d0; // 0x28a5f8b6
				_v4 = _t13 ^ _t28;
				_t27 = _a4;
				_t15 =  &_v28;
				_t26 = _a8;
				__imp__PR_GetOpenFileInfo(_t26, _t15);
				_t29 = _t28 + 8;
				if(_t15 != 0) {
					L5:
					return E008BF888(_t20, _v4 ^ _t29, _t25, _t26, _t27);
				} else {
					_push(_v24);
					 *((intOrPtr*)(_t27 + 4)) = _t15;
					_push(_t27);
					_push(_t15);
					L00894028();
					_t30 = _t29 + 0xc;
					if(_t15 == 0) {
						L4:
						_push(0);
						_push(_t27);
						L0089402E();
						_t29 = _t30 + 8;
						 *((intOrPtr*)(_t27 + 4)) = 0;
						goto L5;
					} else {
						__imp__PR_Read(_t26,  *((intOrPtr*)(_t27 + 4)), _v24);
						_t30 = _t30 + 0xc;
						if(_t15 != _v24) {
							goto L4;
						} else {
							return E008BF888(_t20, _v4 ^ _t30, _t25, _t26, _t27);
						}
					}
				}
			}

0x008916e0
0x008916e3
0x008916ea
0x008916ef
0x008916f3
0x008916f8
0x008916fe
0x00891704
0x00891709
0x0089175c
0x0089176e
0x0089170b
0x0089170b
0x0089170f
0x00891712
0x00891713
0x00891714
0x00891719
0x0089171e
0x0089174a
0x0089174a
0x0089174c
0x0089174d
0x00891752
0x00891755
0x00000000
0x00891720
0x00891728
0x0089172e
0x00891735
0x00000000
0x00891738
0x00891749
0x00891749
0x00891735
0x0089171e

APIs

PR_GetOpenFileInfo.NSS3(?,?,?,?), ref: 008916FE
SECITEM_AllocItem_Util.NSS3(00000000,?,?), ref: 00891714
PR_Read.NSS3(?,?,?), ref: 00891728
SECITEM_FreeItem_Util.NSS3(?,00000000), ref: 0089174D

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: Item_Util$AllocFileFreeInfoOpenRead
String ID:
API String ID: 412667125-0
Opcode ID: aa5b52950cd2e1e7e8f0bcb05ca99bec09bc90eb5a55c89cf6a566604b6e7f60
Instruction ID: 551f83e70155d22dfe9341f2c48e5fc6a41ade8434accf6a698cf6b8a0155e2a
Opcode Fuzzy Hash: aa5b52950cd2e1e7e8f0bcb05ca99bec09bc90eb5a55c89cf6a566604b6e7f60
Instruction Fuzzy Hash: 33019275504201ABCE00BF689C86A6BB7E8FF98314F44442DFA49C7252E631A51587A3

Uniqueness

Uniqueness Score: -1.00%

Function 008C9295, Relevance: 6.0, APIs: 4, Instructions: 48
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E008C9295(void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;
				void* _t28;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E008C97E6(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t35 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E008C931B(_t28, _a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E008C9A61(_t28, __esi, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E008C99A0(_t28, __esi, _t35, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}

0x008c9298
0x008c929e
0x008c9311
0x00000000
0x008c92a5
0x008c92a5
0x008c92a8
0x008c92c3
0x008c92c6
0x008c92e6
0x008c92f8
0x008c92c8
0x008c92c8
0x008c92cb
0x00000000
0x008c92cd
0x008c92df
0x008c92df
0x008c92cb
0x008c9316
0x008c931a
0x008c92aa
0x008c92c2
0x008c92c2
0x008c92a8

APIs

__cftof_l.LIBCMT ref: 008C92B9

Part of subcall function 008C99A0: __fltout2.LIBCMT ref: 008C99C9

__cftog_l.LIBCMT ref: 008C92DF
__cftoe_l.LIBCMT ref: 008C9311

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
Instruction ID: 31d0ec266092da66fc1edfe21d1ad52905fefb0805591a332ff3941427f6a50b
Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
Instruction Fuzzy Hash: E101723240418DBBCF225E88CC45DED3F32FB19354F448499FAA894131D732C971AB82

Uniqueness

Uniqueness Score: -1.00%

Function 008C2390, Relevance: 6.0, APIs: 4, Instructions: 48
COMMON

Download Yara Rule

C-Code - Quality: 21%

			E008C2390(void* __ebx, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr* _a32, intOrPtr _a36, intOrPtr _a40) {
				void* __edi;
				void* __ebp;
				void* _t25;
				void* _t28;
				void* _t29;
				intOrPtr _t30;
				void* _t31;
				intOrPtr* _t32;
				void* _t34;

				_t31 = __esi;
				_t27 = __ebx;
				_t36 = _a28;
				_t30 = _a8;
				if(_a28 != 0) {
					_push(_a28);
					_push(_a24);
					_push(_t30);
					_push(_a4);
					E008C29CF(__ebx, _t30, __esi, _t36);
					_t34 = _t34 + 0x10;
				}
				_t37 = _a40;
				_push(_a4);
				if(_a40 != 0) {
					_push(_a40);
				} else {
					_push(_t30);
				}
				E008BFBB8(_t28);
				_push(_t31);
				_t32 = _a32;
				_push( *_t32);
				_push(_a20);
				_push(_a16);
				_push(_t30);
				E008C2C6D(_t27, _t29, _t32, _t37);
				_push(0x100);
				_push(_a36);
				 *((intOrPtr*)(_t30 + 8)) =  *((intOrPtr*)(_t32 + 4)) + 1;
				_push( *((intOrPtr*)(_a24 + 0xc)));
				_push(_a20);
				_push(_a12);
				_push(_t30);
				_push(_a4);
				_t25 = E008C218A(_t27, _t29, _t30, _t32, _t37);
				if(_t25 != 0) {
					E008BFB86(_t25, _t30);
					return _t25;
				}
				return _t25;
			}

0x008c2390
0x008c2390
0x008c2393
0x008c2398
0x008c239b
0x008c239d
0x008c23a0
0x008c23a3
0x008c23a4
0x008c23a7
0x008c23ac
0x008c23ac
0x008c23af
0x008c23b3
0x008c23b6
0x008c23bb
0x008c23b8
0x008c23b8
0x008c23b8
0x008c23be
0x008c23c3
0x008c23c4
0x008c23c7
0x008c23c9
0x008c23cc
0x008c23cf
0x008c23d0
0x008c23d9
0x008c23de
0x008c23e1
0x008c23e7
0x008c23ea
0x008c23ed
0x008c23f0
0x008c23f1
0x008c23f4
0x008c23ff
0x008c2403
0x00000000
0x008c2403
0x008c240a

APIs

___BuildCatchObject.LIBCMT ref: 008C23A7

Part of subcall function 008C29CF: ___AdjustPointer.LIBCMT ref: 008C2A18

_UnwindNestedFrames.LIBCMT ref: 008C23BE
___FrameUnwindToState.LIBCMT ref: 008C23D0
CallCatchBlock.LIBCMT ref: 008C23F4

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
String ID:
API String ID: 2633735394-0
Opcode ID: 629ad0c054b8aa9296f5f847af28e5069c935bd2dc3160242091104367ef2aef
Instruction ID: 50729de3f92e4310173f5fe97797b53e59523aad0e9f0724b3131ec2763738d5
Opcode Fuzzy Hash: 629ad0c054b8aa9296f5f847af28e5069c935bd2dc3160242091104367ef2aef
Instruction Fuzzy Hash: 9A010C32000149BBCF126F59CC01FDA3BBAFF48754F158119FE18A5261C736E861EBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00891480, Relevance: 6.0, APIs: 4, Instructions: 42COMMON

Download Yara Rule

APIs

CERT_DecodeCertFromPackage.NSS3(?,00000000), ref: 0089149A
PK11_ImportCert.NSS3(?,00000000,00000000,?,00000000), ref: 008914BB
CERT_ChangeCertTrust.NSS3(?,00000000,?), ref: 008914D0
CERT_DestroyCertificate.NSS3(00000000), ref: 008914E0

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: Cert$CertificateChangeDecodeDestroyFromImportK11_PackageTrust
String ID:
API String ID: 375906459-0
Opcode ID: 6c9c6498ab8147bbf360d502c79a6daa4231b9be48e43520bc2bfeb195dd5d68
Instruction ID: 3cea5da8e710686d378a90de2420ab721cdab285fe13e6d1925ccb3ea4925fd9
Opcode Fuzzy Hash: 6c9c6498ab8147bbf360d502c79a6daa4231b9be48e43520bc2bfeb195dd5d68
Instruction Fuzzy Hash: B8F0D1320093216ADE227B64CC09B8BBFD2EF45350F0C8468F68885063E235C8AAD783

Uniqueness

Uniqueness Score: -1.00%

Function 008B4622, Relevance: 6.0, APIs: 4, Instructions: 39
COMMON

Download Yara Rule

C-Code - Quality: 42%

			E008B4622(void* __edx) {
				char _v20;
				char _v64;
				void* _t12;
				char _t17;
				signed int _t20;

				_t17 = _v20;
				E008B65C0(_t17);
				E008BF897(0, 0);
				asm("int3");
				_push(0);
				E008A9D5C(__edx,  &_v20);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t12 = E008A9EC7( &_v64);
				_t20 = 0xb;
				return memcpy(_t17 + 0x18, _t12, _t20 << 2);
			}

0x008b4622
0x008b4625
0x008b462e
0x008b4633
0x008b463e
0x008b4643
0x008b4651
0x008b4652
0x008b4653
0x008b4654
0x008b4655
0x008b465e
0x008b466c

APIs

_Mpunct.LIBCPMT ref: 008B4625
__CxxThrowException@8.LIBCMT ref: 008B462E

Part of subcall function 008BF897: RaiseException.KERNEL32(?,?,008A9C27,?,?,?,?,?,?,?,008A9C27,?,008EF51C,?), ref: 008BF8EC

__Getctype.LIBCPMT ref: 008B4643

Part of subcall function 008A9D5C: ____lc_codepage_func.LIBCMT ref: 008A9D60
Part of subcall function 008A9D5C: __calloc_crt.LIBCMT ref: 008A9D71
Part of subcall function 008A9D5C: ___pctype_func.LIBCMT ref: 008A9D84
Part of subcall function 008A9D5C: _memmove.LIBCMT ref: 008A9D8D
Part of subcall function 008A9D5C: ____lc_locale_name_func.LIBCMT ref: 008A9DAA

__Getcvt.LIBCPMT ref: 008B4655

Part of subcall function 008A9EC7: ____lc_codepage_func.LIBCMT ref: 008A9EDE
Part of subcall function 008A9EC7: ____mb_cur_max_func.LIBCMT ref: 008A9EE7
Part of subcall function 008A9EC7: ____lc_locale_name_func.LIBCMT ref: 008A9EEF

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: ____lc_codepage_func____lc_locale_name_func$ExceptionException@8GetctypeGetcvtMpunctRaiseThrow____mb_cur_max_func___pctype_func__calloc_crt_memmove
String ID:
API String ID: 1532042237-0
Opcode ID: c53f10782613710180a2d30c986d934f7623fab1756b024890ec4a10d6528043
Instruction ID: f66d76c3bde6b74659a75277d961b28155eee6881863a1ced9f45320f2cbe528
Opcode Fuzzy Hash: c53f10782613710180a2d30c986d934f7623fab1756b024890ec4a10d6528043
Instruction Fuzzy Hash: 45F0EC33500118668725ED69E846CDFB76DEF46360B000126FE04EF542EA926D19C7F1

Uniqueness

Uniqueness Score: -1.00%

Function 0089C580, Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 432
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E0089C580(char* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t200;
				signed int _t201;
				signed int* _t203;
				intOrPtr _t204;
				signed int _t205;
				void* _t208;
				void* _t210;
				signed int _t211;
				void* _t213;
				signed int _t214;
				char _t221;
				signed int _t227;
				signed int _t228;
				char _t230;
				char _t240;
				void* _t252;
				void* _t254;
				void* _t265;
				char _t273;
				void* _t279;
				signed int _t287;
				void* _t288;
				intOrPtr* _t292;
				char* _t298;
				char* _t302;
				char* _t307;
				intOrPtr _t311;
				char* _t313;
				char* _t317;
				intOrPtr* _t322;
				char* _t325;
				void* _t329;
				signed int _t330;
				void* _t331;
				void* _t334;
				intOrPtr _t335;
				intOrPtr _t339;
				signed int _t340;
				void* _t341;
				signed int _t342;
				intOrPtr _t343;
				signed int _t344;
				void* _t345;
				intOrPtr _t347;
				void* _t348;
				void* _t350;
				void* _t353;
				void* _t390;

				_t324 = __edx;
				_t344 = _t345 - 0xa8;
				_push(0xffffffff);
				_push(E008DFB55);
				_push( *[fs:0x0]);
				_t347 = _t345 - 0x80;
				_t200 =  *0x8f21d0; // 0x28a5f8b6
				_t201 = _t200 ^ _t344;
				 *(_t344 + 0xa4) = _t201;
				_push(_t329);
				_push(_t201);
				 *[fs:0x0] = _t344 - 0xc;
				 *((intOrPtr*)(_t344 - 0x10)) = _t347;
				_t203 =  *(_t344 + 0xb0);
				_t338 =  *((intOrPtr*)(_t344 + 0xb4));
				 *(_t344 - 0x1c) = 0;
				 *(_t344 - 0x24) = _t203;
				 *(_t344 - 0x28) = _t203;
				 *((intOrPtr*)(_t344 - 0x30)) =  *((intOrPtr*)(_t344 + 0xb4));
				 *_t203 = 0;
				_t203[1] = 0;
				_t203[2] = 0;
				_t287 = 1;
				 *((intOrPtr*)(_t344 + 0x14)) = 0xf;
				 *(_t344 - 0x1c) = 1;
				 *(_t344 - 4) = 1;
				 *(_t344 + 0x10) = 0;
				 *_t344 = 0;
				_push(0x10);
				 *(_t344 - 4) = 2;
				_t204 = E008BED02(1, _t329, _t353);
				_t348 = _t347 + 4;
				 *((intOrPtr*)(_t344 - 0x20)) = _t204;
				 *(_t344 - 4) = 3;
				_t354 = _t204;
				if(_t204 == 0) {
					_t205 = 0;
					__eflags = 0;
				} else {
					_t205 = E00899190(_t204);
				}
				 *(_t344 + 0x18) = _t205;
				_push(1);
				 *(_t344 - 4) = 4;
				 *((intOrPtr*)(_t344 - 0x18)) = E008AA1E5(_t287, _t329, _t338, _t354);
				 *(_t344 - 4) = 5;
				_t208 = E00893420(_t344 + 0x1c);
				 *(_t344 - 4) = 6;
				E00897920(_t324, _t208, _t344, _t344 - 0x18);
				_t350 = _t348 + 0x10;
				if( *((intOrPtr*)(_t344 + 0x30)) >= 0x10) {
					L008BED53( *((intOrPtr*)(_t344 + 0x1c)));
					_t350 = _t350 + 4;
				}
				_t292 =  *((intOrPtr*)(_t344 - 0x18));
				 *((intOrPtr*)(_t344 + 0x30)) = 0xf;
				 *(_t344 + 0x2c) = 0;
				 *((char*)(_t344 + 0x1c)) = 0;
				 *(_t344 - 4) = 4;
				if(_t292 != 0) {
					_t322 =  *((intOrPtr*)( *_t292 + 8))();
					if(_t322 != 0) {
						 *((intOrPtr*)( *_t322))(1);
					}
				}
				_t330 =  *(_t344 + 0x18);
				_t210 = _t330 + 9;
				if(_t210 == 0) {
					_t211 = 0;
					__eflags = 0;
				} else {
					_t211 = _t210 + 0xfffffff7;
				}
				_t339 =  *((intOrPtr*)( *((intOrPtr*)(_t211 + 4)) + 0x44));
				if(_t339 == 0) {
					_t340 = 0;
					__eflags = 0;
				} else {
					_t340 = _t339 + 0xffffffc0;
				}
				while(1) {
					_t213 = _t330 + 9;
					if(_t213 == 0) {
						_t214 = 0;
						__eflags = 0;
					} else {
						_t214 = _t213 + 0xfffffff7;
					}
					if(_t340 ==  *((intOrPtr*)(_t214 + 4))) {
						break;
					}
					_t298 = "Path";
					 *((intOrPtr*)(_t344 + 0x98)) = 0xf;
					 *(_t344 + 0x94) = 0;
					 *((char*)(_t344 + 0x84)) = 0;
					_t324 =  &(_t298[1]);
					do {
						_t221 =  *_t298;
						_t298 =  &(_t298[1]);
					} while (_t221 != 0);
					E00892950(_t287, _t344 + 0x84, _t330, _t344, "Path", _t298 - _t324);
					 *(_t344 + 0x9c) = 0x2e;
					_t224 =  >=  ?  *((void*)(_t344 + 0x84)) : _t344 + 0x84;
					 *((intOrPtr*)(_t344 + 0xa0)) =  >=  ?  *((void*)(_t344 + 0x84)) : _t344 + 0x84;
					 *(_t344 - 4) = 7;
					_t227 = E008A33E0(_t340 + 0x18, _t324, _t344, _t344 - 0x34, _t344 + 0x84);
					 *(_t344 - 4) = 4;
					_t228 = _t227 & 0xffffff00 |  *_t227 != 0x00000000;
					 *(_t344 - 0x11) = _t228;
					if( *((intOrPtr*)(_t344 + 0x98)) >= 0x10) {
						L008BED53( *((intOrPtr*)(_t344 + 0x84)));
						_t228 =  *(_t344 - 0x11);
						_t350 = _t350 + 4;
					}
					if(_t228 == 0) {
						L64:
						if(_t340 == 0) {
							_t342 = 0;
							__eflags = 0;
						} else {
							_t342 = _t340 + 0x40;
						}
						_t343 =  *((intOrPtr*)(_t342 + 4));
						if(_t343 == 0) {
							_t330 =  *(_t344 + 0x18);
							_t340 = 0;
						} else {
							_t330 =  *(_t344 + 0x18);
							_t340 = _t343 + 0xffffffc0;
						}
						continue;
					} else {
						 *((intOrPtr*)(_t344 + 0x48)) = 7;
						 *(_t344 + 0x44) = 0;
						 *((short*)(_t344 + 0x34)) = 0;
						_t302 = "IsRelative";
						 *(_t344 - 4) = 8;
						 *((intOrPtr*)(_t344 + 0x78)) = 0xf;
						 *((intOrPtr*)(_t344 + 0x74)) = 0;
						 *((char*)(_t344 + 0x64)) = 0;
						_t324 =  &(_t302[1]);
						do {
							_t230 =  *_t302;
							_t302 =  &(_t302[1]);
						} while (_t230 != 0);
						E00892950(_t287, _t344 + 0x64, _t330, _t344, "IsRelative", _t302 - _t324);
						 *(_t344 + 0x7c) = 0x2e;
						_t233 =  >=  ?  *((void*)(_t344 + 0x64)) : _t344 + 0x64;
						 *((intOrPtr*)(_t344 + 0x80)) =  >=  ?  *((void*)(_t344 + 0x64)) : _t344 + 0x64;
						 *(_t344 - 4) = 9;
						_t287 = _t287 | 0x00000002;
						 *(_t344 - 0x1c) = _t287;
						if( *((intOrPtr*)(E008A33E0(_t340 + 0x18, _t324, _t344, _t344 - 0x2c, _t344 + 0x64))) == 0) {
							L29:
							 *(_t344 - 0x11) = 0;
							L30:
							if((_t287 & 0x00000004) != 0) {
								_t287 = _t287 & 0xfffffffb;
								 *(_t344 - 0x1c) = _t287;
								if( *((intOrPtr*)(_t344 + 0x98)) >= 0x10) {
									L008BED53( *((intOrPtr*)(_t344 + 0x84)));
									_t350 = _t350 + 4;
								}
								 *((intOrPtr*)(_t344 + 0x98)) = 0xf;
								 *(_t344 + 0x94) = 0;
								 *((char*)(_t344 + 0x84)) = 0;
							}
							 *(_t344 - 4) = 8;
							if((_t287 & 0x00000002) != 0) {
								_t287 = _t287 & 0xfffffffd;
								 *(_t344 - 0x1c) = _t287;
								if( *((intOrPtr*)(_t344 + 0x78)) >= 0x10) {
									L008BED53( *((intOrPtr*)(_t344 + 0x64)));
									_t350 = _t350 + 4;
								}
							}
							if( *(_t344 - 0x11) == 0) {
								L62:
								E008A45D0(_t344 + 0x34);
								 *(_t344 - 4) = 4;
								if( *((intOrPtr*)(_t344 + 0x48)) >= 8) {
									L008BED53( *((intOrPtr*)(_t344 + 0x34)));
									_t350 = _t350 + 4;
								}
								goto L64;
							} else {
								_t307 = "Path";
								 *((intOrPtr*)(_t344 + 0x98)) = 0xf;
								 *(_t344 + 0x94) = 0;
								 *((char*)(_t344 + 0x84)) = 0;
								_t325 =  &(_t307[1]);
								do {
									_t240 =  *_t307;
									_t307 =  &(_t307[1]);
								} while (_t240 != 0);
								E00892950(_t287, _t344 + 0x84, _t330, _t344, "Path", _t307 - _t325);
								 *(_t344 + 0x9c) = 0x2e;
								_t243 =  >=  ?  *((void*)(_t344 + 0x84)) : _t344 + 0x84;
								 *((intOrPtr*)(_t344 + 0xa0)) =  >=  ?  *((void*)(_t344 + 0x84)) : _t344 + 0x84;
								 *(_t344 - 4) = 0xb;
								_push(_t344 + 0x84);
								E00896140(_t287, _t344,  *((intOrPtr*)(_t344 + 0x98)) - 0x10, _t344 + 0x4c);
								if( *((intOrPtr*)(_t344 + 0x98)) >= 0x10) {
									L008BED53( *((intOrPtr*)(_t344 + 0x84)));
									_t350 = _t350 + 4;
								}
								_t311 =  *((intOrPtr*)(_t344 + 0x5c));
								_t248 =  >=  ?  *((void*)(_t344 + 0x4c)) : _t344 + 0x4c;
								_t249 =  &(( >=  ?  *((void*)(_t344 + 0x4c)) : _t344 + 0x4c)[_t311]);
								 *((intOrPtr*)(_t344 - 0x20)) = _t311;
								_t313 =  >=  ?  *((void*)(_t344 + 0x4c)) : _t344 + 0x4c;
								_t324 = 0;
								_t334 =  >  ? 0 :  &(( >=  ?  *((void*)(_t344 + 0x4c)) : _t344 + 0x4c)[_t311]) - _t313;
								if(_t334 == 0) {
									_t335 =  *((intOrPtr*)(_t344 - 0x20));
									goto L48;
								} else {
									do {
										if( *_t313 == 0x2f) {
											 *_t313 = 0x5c;
										}
										_t324 =  &(_t324[1]);
										_t313 = _t313 + 1;
									} while (_t324 != _t334);
									_t335 =  *((intOrPtr*)(_t344 + 0x5c));
									L48:
									 *((intOrPtr*)(_t344 + 0x30)) = 7;
									 *(_t344 + 0x2c) = 0;
									 *((short*)(_t344 + 0x1c)) = 0;
									 *(_t344 - 4) = 0xe;
									if(_t335 != 0) {
										_t327 =  >=  ?  *((void*)(_t344 + 0x4c)) : _t344 + 0x4c;
										 *((intOrPtr*)(_t344 - 0x20)) =  >=  ?  *((void*)(_t344 + 0x4c)) : _t344 + 0x4c;
										_t324 =  >=  ?  *((void*)(_t344 + 0x4c)) : _t344 + 0x4c;
										 *((intOrPtr*)(_t344 - 0x18)) =  >=  ?  *((void*)(_t344 + 0x4c)) : _t344 + 0x4c;
										_t265 = L008A8290();
										_t390 =  *((intOrPtr*)(_t344 - 0x20)) + _t335;
										E008A6F80(_t344,  *((intOrPtr*)(_t344 - 0x18)),  *((intOrPtr*)(_t344 - 0x20)) + _t335, _t344 + 0x1c, _t265);
										_t350 = _t350 + 0x10;
									}
									 *(_t344 - 4) = 0xf;
									_t252 = E008A9310( *((intOrPtr*)(_t344 - 0x30)), _t344, _t390, _t344 + 0x8c);
									 *(_t344 - 4) = 0x10;
									_t254 = E00891390(_t287, _t324, _t344, _t390, _t344 + 0x6c, _t252, _t344 + 0x1c);
									_t350 = _t350 + 0xc;
									_t336 = _t254;
									 *(_t344 - 4) = 0x11;
									if(_t344 + 0x34 != _t254) {
										if( *((intOrPtr*)(_t344 + 0x48)) >= 8) {
											L008BED53( *((intOrPtr*)(_t344 + 0x34)));
											_t350 = _t350 + 4;
										}
										 *((intOrPtr*)(_t344 + 0x48)) = 7;
										 *(_t344 + 0x44) = 0;
										 *((short*)(_t344 + 0x34)) = 0;
										E0089CBC0(_t344 + 0x34, _t336);
									}
									if( *((intOrPtr*)(_t344 + 0x80)) >= 8) {
										L008BED53( *((intOrPtr*)(_t344 + 0x6c)));
										_t350 = _t350 + 4;
									}
									 *((intOrPtr*)(_t344 + 0x80)) = 7;
									 *(_t344 + 0x7c) = 0;
									 *((short*)(_t344 + 0x6c)) = 0;
									if( *((intOrPtr*)(_t344 + 0xa0)) >= 8) {
										L008BED53( *((intOrPtr*)(_t344 + 0x8c)));
										_t350 = _t350 + 4;
									}
									 *((intOrPtr*)(_t344 + 0xa0)) = 7;
									 *(_t344 + 0x9c) = 0;
									 *((short*)(_t344 + 0x8c)) = 0;
									if( *((intOrPtr*)(_t344 + 0x30)) >= 8) {
										L008BED53( *((intOrPtr*)(_t344 + 0x1c)));
										_t350 = _t350 + 4;
									}
									 *(_t344 - 4) = 8;
									if( *((intOrPtr*)(_t344 + 0x60)) >= 0x10) {
										L008BED53( *((intOrPtr*)(_t344 + 0x4c)));
										_t350 = _t350 + 4;
									}
									goto L62;
								}
							}
						}
						_t317 = "IsRelative";
						 *((intOrPtr*)(_t344 + 0x98)) = 0xf;
						 *(_t344 + 0x94) = 0;
						 *((char*)(_t344 + 0x84)) = 0;
						_t324 =  &(_t317[1]);
						do {
							_t273 =  *_t317;
							_t317 =  &(_t317[1]);
						} while (_t273 != 0);
						E00892950(_t287, _t344 + 0x84, _t330, _t344, "IsRelative", _t317 - _t324);
						 *(_t344 + 0x9c) = 0x2e;
						_t276 =  >=  ?  *((void*)(_t344 + 0x84)) : _t344 + 0x84;
						 *((intOrPtr*)(_t344 + 0xa0)) =  >=  ?  *((void*)(_t344 + 0x84)) : _t344 + 0x84;
						 *(_t344 - 4) = 0xa;
						_t287 = _t287 | 0x00000004;
						 *(_t344 - 0x1c) = _t287;
						_t279 = E00896170(E008A32B0(_t287, _t340 + 0x18, _t344, _t344 + 0x84),  *((intOrPtr*)(_t344 + 0x98)) - 0x10);
						 *(_t344 - 0x11) = 1;
						if(_t279 != 0) {
							goto L30;
						}
						goto L29;
					}
				}
				 *(_t344 - 4) = 0x12;
				 *(_t344 - 0x2c) = _t330;
				__eflags = _t330;
				if(_t330 != 0) {
					 *(_t344 - 4) = 0x13;
					E008A1120();
					L008BED53( *((intOrPtr*)(_t330 + 4)));
					L008BED53(_t330);
					_t350 = _t350 + 8;
				}
				__eflags =  *((intOrPtr*)(_t344 + 0x14)) - 0x10;
				if( *((intOrPtr*)(_t344 + 0x14)) >= 0x10) {
					L008BED53( *_t344);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t344 - 0xc));
				_pop(_t331);
				_pop(_t341);
				_pop(_t288);
				__eflags =  *(_t344 + 0xa4) ^ _t344;
				return E008BF888(_t288,  *(_t344 + 0xa4) ^ _t344, _t324, _t331, _t341);
			}

0x0089c580
0x0089c581
0x0089c58e
0x0089c590
0x0089c59b
0x0089c59c
0x0089c59f
0x0089c5a4
0x0089c5a6
0x0089c5ae
0x0089c5af
0x0089c5b3
0x0089c5b9
0x0089c5bc
0x0089c5c2
0x0089c5c8
0x0089c5cf
0x0089c5d2
0x0089c5d5
0x0089c5d8
0x0089c5de
0x0089c5e5
0x0089c5ec
0x0089c5f1
0x0089c5f8
0x0089c5fb
0x0089c5fe
0x0089c605
0x0089c609
0x0089c60b
0x0089c60f
0x0089c614
0x0089c617
0x0089c61a
0x0089c61e
0x0089c620
0x0089c62b
0x0089c62b
0x0089c622
0x0089c624
0x0089c624
0x0089c62d
0x0089c630
0x0089c632
0x0089c63e
0x0089c644
0x0089c64b
0x0089c653
0x0089c65d
0x0089c662
0x0089c669
0x0089c66e
0x0089c673
0x0089c673
0x0089c676
0x0089c679
0x0089c680
0x0089c687
0x0089c68b
0x0089c691
0x0089c698
0x0089c69c
0x0089c6a2
0x0089c6a2
0x0089c69c
0x0089c6a4
0x0089c6a7
0x0089c6ac
0x0089c6b3
0x0089c6b3
0x0089c6ae
0x0089c6ae
0x0089c6ae
0x0089c6b8
0x0089c6bd
0x0089c6c4
0x0089c6c4
0x0089c6bf
0x0089c6bf
0x0089c6bf
0x0089c6c6
0x0089c6c6
0x0089c6cb
0x0089c6d2
0x0089c6d2
0x0089c6cd
0x0089c6cd
0x0089c6cd
0x0089c6d7
0x00000000
0x00000000
0x0089c6dd
0x0089c6e2
0x0089c6ec
0x0089c6f6
0x0089c6fd
0x0089c700
0x0089c700
0x0089c702
0x0089c703
0x0089c715
0x0089c727
0x0089c72e
0x0089c735
0x0089c741
0x0089c74d
0x0089c752
0x0089c759
0x0089c763
0x0089c766
0x0089c76e
0x0089c773
0x0089c776
0x0089c776
0x0089c77b
0x0089cb24
0x0089cb26
0x0089cb2d
0x0089cb2d
0x0089cb28
0x0089cb28
0x0089cb28
0x0089cb2f
0x0089cb34
0x0089cb41
0x0089cb44
0x0089cb36
0x0089cb36
0x0089cb39
0x0089cb39
0x00000000
0x0089c781
0x0089c783
0x0089c78a
0x0089c791
0x0089c795
0x0089c79a
0x0089c79e
0x0089c7a5
0x0089c7a8
0x0089c7ab
0x0089c7b0
0x0089c7b0
0x0089c7b2
0x0089c7b3
0x0089c7c2
0x0089c7ce
0x0089c7d2
0x0089c7d6
0x0089c7df
0x0089c7e7
0x0089c7ee
0x0089c7f9
0x0089c888
0x0089c888
0x0089c88c
0x0089c88f
0x0089c891
0x0089c89b
0x0089c89e
0x0089c8a6
0x0089c8ab
0x0089c8ab
0x0089c8ae
0x0089c8b8
0x0089c8c2
0x0089c8c2
0x0089c8c9
0x0089c8d3
0x0089c8d5
0x0089c8dc
0x0089c8df
0x0089c8e4
0x0089c8e9
0x0089c8e9
0x0089c8df
0x0089c8f0
0x0089cb03
0x0089cb0a
0x0089cb13
0x0089cb17
0x0089cb1c
0x0089cb21
0x0089cb21
0x00000000
0x0089c8f6
0x0089c8f6
0x0089c8fb
0x0089c905
0x0089c90f
0x0089c916
0x0089c920
0x0089c920
0x0089c922
0x0089c923
0x0089c935
0x0089c947
0x0089c94e
0x0089c955
0x0089c961
0x0089c965
0x0089c96d
0x0089c979
0x0089c981
0x0089c986
0x0089c986
0x0089c990
0x0089c993
0x0089c997
0x0089c999
0x0089c9a5
0x0089c9a9
0x0089c9af
0x0089c9b4
0x0089c9c9
0x00000000
0x0089c9b6
0x0089c9b6
0x0089c9b9
0x0089c9bb
0x0089c9bb
0x0089c9be
0x0089c9bf
0x0089c9c0
0x0089c9c4
0x0089c9cc
0x0089c9ce
0x0089c9d5
0x0089c9dc
0x0089c9e0
0x0089c9e6
0x0089c9ef
0x0089c9f3
0x0089c9f9
0x0089c9fd
0x0089ca00
0x0089ca0d
0x0089ca13
0x0089ca18
0x0089ca18
0x0089ca25
0x0089ca29
0x0089ca31
0x0089ca3b
0x0089ca40
0x0089ca43
0x0089ca48
0x0089ca4e
0x0089ca54
0x0089ca59
0x0089ca5e
0x0089ca5e
0x0089ca63
0x0089ca6e
0x0089ca75
0x0089ca79
0x0089ca79
0x0089ca85
0x0089ca8a
0x0089ca8f
0x0089ca8f
0x0089ca94
0x0089caa5
0x0089caac
0x0089cab0
0x0089cab8
0x0089cabd
0x0089cabd
0x0089cac2
0x0089cad0
0x0089cada
0x0089cae1
0x0089cae6
0x0089caeb
0x0089caeb
0x0089caf2
0x0089caf6
0x0089cafb
0x0089cb00
0x0089cb00
0x00000000
0x0089caf6
0x0089c9b4
0x0089c8f0
0x0089c7ff
0x0089c804
0x0089c80e
0x0089c818
0x0089c81f
0x0089c822
0x0089c822
0x0089c824
0x0089c825
0x0089c837
0x0089c849
0x0089c850
0x0089c857
0x0089c863
0x0089c86a
0x0089c871
0x0089c87b
0x0089c880
0x0089c886
0x00000000
0x00000000
0x00000000
0x0089c886
0x0089c77b
0x0089cb4b
0x0089cb4f
0x0089cb52
0x0089cb54
0x0089cb59
0x0089cb5d
0x0089cb65
0x0089cb6b
0x0089cb70
0x0089cb70
0x0089cb73
0x0089cb77
0x0089cb7c
0x0089cb81
0x0089cb95
0x0089cb9d
0x0089cb9e
0x0089cb9f
0x0089cba6
0x0089cbb4

APIs

Part of subcall function 008BED02: _malloc.LIBCMT ref: 008BED1A

std::locale::_Init.LIBCPMT ref: 0089C636

Strings

Path, xrefs: 0089C6DD, 0089C709, 0089C70A, 0089C8F6, 0089C929, 0089C92A
IsRelative, xrefs: 0089C795, 0089C7B9, 0089C7BA, 0089C7FF, 0089C82B, 0089C82C

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: Init_mallocstd::locale::_
String ID: IsRelative$Path
API String ID: 2061806753-1267805088
Opcode ID: 105ab1951cf357d90a610dc9e6323e33f4bd27077a0caab51599ebee3a5de89e
Instruction ID: 58dbba6c4923f3feeba0e8213dc63dbdf533d8c04925ab79b3d11ec3dd4c9b79
Opcode Fuzzy Hash: 105ab1951cf357d90a610dc9e6323e33f4bd27077a0caab51599ebee3a5de89e
Instruction Fuzzy Hash: F812AE7190028CDFEF25DF28C8457DE7BA4FF15304F188129E959DB292E7769A08CB92

Uniqueness

Uniqueness Score: -1.00%

Function 008B25AB, Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 300
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E008B25AB(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t120;
				void* _t123;
				intOrPtr* _t130;
				char* _t131;
				void* _t138;
				intOrPtr _t139;
				intOrPtr _t140;
				signed int _t141;
				char* _t147;
				intOrPtr _t148;
				intOrPtr _t173;
				char* _t174;
				signed int _t175;
				signed int _t176;
				intOrPtr _t189;
				intOrPtr _t192;
				char* _t193;
				char _t201;
				intOrPtr _t202;
				intOrPtr _t213;
				intOrPtr* _t214;
				intOrPtr* _t216;
				signed int _t218;
				signed int _t220;
				intOrPtr _t222;
				intOrPtr _t223;
				void* _t224;
				void* _t225;

				_t225 = __eflags;
				_push(0x84);
				E008C1E90(E008E0ECA, __ebx, __edi, __esi);
				_t173 =  *((intOrPtr*)(_t224 + 0x1c));
				_t222 =  *((intOrPtr*)(_t224 + 0x10));
				 *((intOrPtr*)(_t224 - 0x8c)) =  *((intOrPtr*)(_t224 + 0xc));
				_push(_t173);
				 *((intOrPtr*)(_t224 - 0x80)) =  *((intOrPtr*)(_t224 + 0x14));
				_t216 = E008AED82(_t173, __edi, _t222, _t225);
				E008BADBD(_t216, _t224 - 0x74);
				 *(_t224 - 4) =  *(_t224 - 4) & 0x00000000;
				_t226 =  *((intOrPtr*)(_t224 - 0x64));
				if( *((intOrPtr*)(_t224 - 0x64)) != 0) {
					 *(_t224 - 0x88) =  *((intOrPtr*)( *_t216 + 0x10))() & 0x0000ffff;
				} else {
					 *(_t224 - 0x88) =  *(_t224 - 0x88) & 0x00000000;
				}
				_t120 = E008AE3F2(_t173, _t216, _t222, _t226);
				 *((intOrPtr*)( *_t120 + 0x2c))("0123456789ABCDEFabcdef-+Xx", 0x8e554e, _t224 - 0x44, _t173);
				_t174 =  *((intOrPtr*)(_t224 - 0x8c));
				 *((intOrPtr*)(_t224 - 0x7c)) = _t174;
				_t123 = E008BACCB(_t222,  *((intOrPtr*)(_t224 - 0x80)));
				if(_t123 != 0) {
					L13:
					_t218 =  *(_t224 + 0x18) & 0x00000e00;
					_t175 = 0xa;
					 *(_t224 - 0x90) = _t175;
					if(_t218 != 0x400) {
						__eflags = _t218 - 0x800;
						if(_t218 != 0x800) {
							asm("sbb edi, edi");
							_t220 =  ~_t218 & _t175;
							__eflags = _t220;
							L19:
							 *((char*)(_t224 - 0x75)) = 0;
							 *((char*)(_t224 - 0x84)) = 0;
							 *((char*)(_t224 - 0x76)) = 0;
							E008BACCB(_t222,  *((intOrPtr*)(_t224 - 0x80)));
							if(0 != 0) {
								L35:
								__eflags = _t220;
								if(_t220 == 0) {
									L38:
									 *(_t224 - 0x4c) =  *(_t224 - 0x4c) & 0x00000000;
									 *((intOrPtr*)(_t224 - 0x48)) = 0xf;
									 *((char*)(_t224 - 0x5c)) = 0;
									E008A0560(_t224 - 0x5c, _t220, _t222, 1,  *((intOrPtr*)(_t224 - 0x84)));
									 *(_t224 - 4) = 1;
									_t176 = 0;
									 *((intOrPtr*)(_t224 - 0x84)) =  *((intOrPtr*)(_t224 - 0x8c)) + 0x1f;
									if(E008BACCB(_t222,  *((intOrPtr*)(_t224 - 0x80))) != 0) {
										_t223 =  *((intOrPtr*)(_t224 - 0x48));
										L68:
										_t189 =  *((intOrPtr*)(_t224 - 0x75));
										L69:
										_t130 =  *((intOrPtr*)(_t224 - 0x74));
										if( *((intOrPtr*)(_t224 - 0x60)) < 0x10) {
											_t130 = _t224 - 0x74;
										}
										if(_t189 == 0) {
											L86:
											_t131 =  *((intOrPtr*)(_t224 - 0x8c));
											goto L87;
										} else {
											while(_t176 != 0) {
												_t192 =  *_t130;
												if(_t192 == 0x7f) {
													break;
												}
												_t176 = _t176 - 1;
												if(_t176 == 0) {
													L78:
													if(_t176 != 0) {
														L82:
														_t193 = _t130 + 1;
														if( *_t193 > 0) {
															_t130 = _t193;
														}
														continue;
													}
													_t214 =  *((intOrPtr*)(_t224 - 0x5c));
													if(_t223 < 0x10) {
														_t214 = _t224 - 0x5c;
													}
													if(_t192 <  *_t214) {
														goto L86;
													} else {
														goto L82;
													}
												}
												_t213 =  *((intOrPtr*)(_t224 - 0x5c));
												if(_t223 < 0x10) {
													_t213 = _t224 - 0x5c;
												}
												if(_t192 !=  *((intOrPtr*)(_t213 + _t176))) {
													goto L86;
												} else {
													goto L78;
												}
											}
											__eflags =  *((char*)(_t224 - 0x76));
											_t131 =  *((intOrPtr*)(_t224 - 0x7c));
											if( *((char*)(_t224 - 0x76)) == 0) {
												 *_t131 = 0x30;
												_t131 = _t131 + 1;
											}
											L87:
											__eflags = 0;
											 *_t131 = 0;
											E008925E0(_t224 - 0x5c, 1, 0);
											E008925E0(_t224 - 0x74, 1, 0);
											return E008C1E3F(0, _t220, _t223);
										}
									} else {
										goto L39;
									}
									do {
										L39:
										if( *((char*)(_t222 + 4)) == 0) {
											E008B5A0A(_t222);
										}
										_t138 = E008ADB56(_t224 - 0x44,  *(_t222 + 6) & 0x0000ffff);
										if(_t138 >=  *(_t224 - 0x90)) {
											__eflags =  *((intOrPtr*)(_t224 - 0x48)) - 0x10;
											_t139 =  *((intOrPtr*)(_t224 - 0x5c));
											if( *((intOrPtr*)(_t224 - 0x48)) < 0x10) {
												_t139 = _t224 - 0x5c;
											}
											__eflags =  *((char*)(_t139 + _t176));
											if( *((char*)(_t139 + _t176)) == 0) {
												break;
											} else {
												_t141 =  *(_t224 - 0x88);
												__eflags = _t141;
												if(_t141 == 0) {
													break;
												}
												__eflags =  *((char*)(_t222 + 4));
												if( *((char*)(_t222 + 4)) == 0) {
													E008B5A0A(_t222);
													_t141 =  *(_t224 - 0x88);
												}
												__eflags =  *(_t222 + 6) - _t141;
												if( *(_t222 + 6) != _t141) {
													break;
												} else {
													E00892790(_t141, _t176, _t224 - 0x5c, _t220, _t224, 1, 0);
													_t176 = _t176 + 1;
													__eflags = _t176;
													goto L60;
												}
											}
										} else {
											_t201 =  *((intOrPtr*)(_t138 + "0123456789ABCDEFabcdef-+Xx"));
											_t147 =  *((intOrPtr*)(_t224 - 0x7c));
											 *_t147 = _t201;
											if( *((char*)(_t224 - 0x76)) != 0 || _t201 != 0x30) {
												if(_t147 <  *((intOrPtr*)(_t224 - 0x84))) {
													 *((char*)(_t224 - 0x76)) = 1;
													 *((intOrPtr*)(_t224 - 0x7c)) = _t147 + 1;
												}
											}
											_t148 =  *((intOrPtr*)(_t224 - 0x5c));
											_t202 = _t148;
											 *((char*)(_t224 - 0x75)) = 1;
											if( *((intOrPtr*)(_t224 - 0x48)) < 0x10) {
												_t202 = _t224 - 0x5c;
											}
											if( *((char*)(_t202 + _t176)) != 0x7f) {
												if( *((intOrPtr*)(_t224 - 0x48)) < 0x10) {
													_t148 = _t224 - 0x5c;
												}
												 *((char*)(_t148 + _t176)) =  *((char*)(_t148 + _t176)) + 1;
											}
										}
										L60:
										E008B443B(_t222);
									} while (E008BACCB(_t222,  *((intOrPtr*)(_t224 - 0x80))) == 0);
									_t223 =  *((intOrPtr*)(_t224 - 0x48));
									if(_t176 == 0) {
										goto L68;
									}
									_t140 =  *((intOrPtr*)(_t224 - 0x5c));
									if(_t223 < 0x10) {
										_t140 = _t224 - 0x5c;
									}
									if( *((char*)(_t140 + _t176)) <= 0) {
										_t189 = 0;
										goto L69;
									} else {
										_t176 = _t176 + 1;
										goto L68;
									}
								}
								L36:
								__eflags = _t220 - _t175;
								if(_t220 == _t175) {
									goto L38;
								}
								L37:
								 *(_t224 - 0x90) = ((0 | _t220 != 0x00000008) - 0x00000001 & 0xfffffff2) + 0x16;
								goto L38;
							}
							if( *((intOrPtr*)(_t222 + 4)) == 0) {
								E008B5A0A(_t222);
							}
							if(( *(_t222 + 6) & 0x0000ffff) !=  *((intOrPtr*)(_t224 - 0x44))) {
								goto L35;
							} else {
								 *((char*)(_t224 - 0x75)) = 1;
								 *((char*)(_t224 - 0x84)) = 1;
								E008B443B(_t222);
								E008BACCB(_t222,  *((intOrPtr*)(_t224 - 0x80)));
								if(1 != 0) {
									L33:
									__eflags = _t220;
									if(_t220 != 0) {
										goto L36;
									}
									_t220 = 8;
									goto L35;
								}
								if( *((intOrPtr*)(_t222 + 4)) == 1) {
									E008B5A0A(_t222);
								}
								if(( *(_t222 + 6) & 0x0000ffff) ==  *((intOrPtr*)(_t224 - 0x12))) {
									L30:
									if(_t220 == 0 || _t220 == 0x10) {
										_t220 = 0x10;
										 *((char*)(_t224 - 0x75)) = 0;
										 *((char*)(_t224 - 0x84)) = 0;
										E008B443B(_t222);
										goto L37;
									} else {
										goto L33;
									}
								} else {
									if( *((char*)(_t222 + 4)) == 0) {
										E008B5A0A(_t222);
									}
									if(( *(_t222 + 6) & 0x0000ffff) !=  *((intOrPtr*)(_t224 - 0x14))) {
										goto L33;
									} else {
										goto L30;
									}
								}
							}
						}
						_push(0x10);
						L17:
						_pop(_t220);
						goto L19;
					}
					_push(8);
					goto L17;
				} else {
					if( *((intOrPtr*)(_t222 + 4)) == _t123) {
						E008B5A0A(_t222);
					}
					if(( *(_t222 + 6) & 0x0000ffff) !=  *((intOrPtr*)(_t224 - 0x16))) {
						__eflags =  *((char*)(_t222 + 4));
						if( *((char*)(_t222 + 4)) == 0) {
							E008B5A0A(_t222);
						}
						__eflags = ( *(_t222 + 6) & 0x0000ffff) -  *((intOrPtr*)(_t224 - 0x18));
						if(( *(_t222 + 6) & 0x0000ffff) !=  *((intOrPtr*)(_t224 - 0x18))) {
							goto L13;
						} else {
							 *_t174 = 0x2d;
							goto L12;
						}
					} else {
						 *_t174 = 0x2b;
						L12:
						 *((intOrPtr*)(_t224 - 0x7c)) = _t174 + 1;
						E008B443B(_t222);
						goto L13;
					}
				}
			}

0x008b25ab
0x008b25ab
0x008b25b5
0x008b25bd
0x008b25c0
0x008b25c3
0x008b25cc
0x008b25cd
0x008b25d5
0x008b25de
0x008b25e3
0x008b25e7
0x008b25eb
0x008b2600
0x008b25ed
0x008b25ed
0x008b25ed
0x008b2607
0x008b261f
0x008b2622
0x008b262f
0x008b2632
0x008b2639
0x008b267d
0x008b2682
0x008b2688
0x008b2689
0x008b2695
0x008b269b
0x008b26a1
0x008b26aa
0x008b26ac
0x008b26ac
0x008b26ae
0x008b26b5
0x008b26b8
0x008b26be
0x008b26c1
0x008b26c8
0x008b2758
0x008b2758
0x008b275a
0x008b2775
0x008b277b
0x008b2784
0x008b278b
0x008b278f
0x008b27a2
0x008b27a6
0x008b27a8
0x008b27b5
0x008b28a7
0x008b28aa
0x008b28aa
0x008b28ad
0x008b28b1
0x008b28b4
0x008b28b6
0x008b28b6
0x008b28bb
0x008b2909
0x008b2909
0x00000000
0x008b28bd
0x008b28bd
0x008b28c1
0x008b28c6
0x00000000
0x00000000
0x008b28c8
0x008b28c9
0x008b28db
0x008b28dd
0x008b28ee
0x008b28ee
0x008b28f4
0x008b28f6
0x008b28f6
0x00000000
0x008b28f4
0x008b28df
0x008b28e5
0x008b28e7
0x008b28e7
0x008b28ec
0x00000000
0x00000000
0x00000000
0x00000000
0x008b28ec
0x008b28cb
0x008b28d1
0x008b28d3
0x008b28d3
0x008b28d9
0x00000000
0x00000000
0x00000000
0x00000000
0x008b28d9
0x008b28fa
0x008b28fe
0x008b2901
0x008b2903
0x008b2906
0x008b2906
0x008b290f
0x008b290f
0x008b2917
0x008b2919
0x008b2924
0x008b2930
0x008b2930
0x00000000
0x00000000
0x00000000
0x008b27bb
0x008b27bb
0x008b27bf
0x008b27c3
0x008b27c3
0x008b27d1
0x008b27de
0x008b282c
0x008b2830
0x008b2833
0x008b2835
0x008b2835
0x008b2838
0x008b283c
0x00000000
0x008b283e
0x008b283e
0x008b2844
0x008b2847
0x00000000
0x00000000
0x008b2849
0x008b284d
0x008b2851
0x008b2856
0x008b2856
0x008b285c
0x008b2860
0x00000000
0x008b2862
0x008b2869
0x008b286e
0x008b286e
0x00000000
0x008b286e
0x008b2860
0x008b27e0
0x008b27e4
0x008b27ea
0x008b27ed
0x008b27ef
0x008b27fc
0x008b27ff
0x008b2803
0x008b2803
0x008b27fc
0x008b280a
0x008b280d
0x008b280f
0x008b2813
0x008b2815
0x008b2815
0x008b281c
0x008b2822
0x008b2824
0x008b2824
0x008b2827
0x008b2827
0x008b281c
0x008b286f
0x008b2871
0x008b2880
0x008b2888
0x008b288d
0x00000000
0x00000000
0x008b288f
0x008b2895
0x008b2897
0x008b2897
0x008b289e
0x008b28a3
0x00000000
0x008b28a0
0x008b28a0
0x00000000
0x008b28a0
0x008b289e
0x008b275c
0x008b275c
0x008b275e
0x00000000
0x00000000
0x008b2760
0x008b276f
0x00000000
0x008b276f
0x008b26d1
0x008b26d5
0x008b26d5
0x008b26e2
0x00000000
0x008b26e4
0x008b26e8
0x008b26eb
0x008b26f1
0x008b26fb
0x008b2702
0x008b2751
0x008b2751
0x008b2753
0x00000000
0x00000000
0x008b2757
0x00000000
0x008b2757
0x008b2707
0x008b270b
0x008b270b
0x008b2718
0x008b2731
0x008b2733
0x008b2740
0x008b2741
0x008b2744
0x008b274a
0x00000000
0x00000000
0x00000000
0x00000000
0x008b271a
0x008b271e
0x008b2722
0x008b2722
0x008b272f
0x00000000
0x00000000
0x00000000
0x00000000
0x008b272f
0x008b2718
0x008b26e2
0x008b26a3
0x008b26a5
0x008b26a5
0x00000000
0x008b26a5
0x008b2697
0x00000000
0x008b263b
0x008b263e
0x008b2642
0x008b2642
0x008b264f
0x008b2656
0x008b265a
0x008b265e
0x008b265e
0x008b2667
0x008b266b
0x00000000
0x008b266d
0x008b266d
0x00000000
0x008b266d
0x008b2651
0x008b2651
0x008b2670
0x008b2675
0x008b2678
0x00000000
0x008b2678
0x008b264f

APIs

__EH_prolog3_GS.LIBCMT ref: 008B25B5

Part of subcall function 008AED82: __EH_prolog3.LIBCMT ref: 008AED89
Part of subcall function 008AED82: std::_Lockit::_Lockit.LIBCPMT ref: 008AED93

_Find_elem.LIBCPMT ref: 008B27D1

Strings

0123456789ABCDEFabcdef-+Xx, xrefs: 008B261A

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: Find_elemH_prolog3H_prolog3_LockitLockit::_std::_
String ID: 0123456789ABCDEFabcdef-+Xx
API String ID: 2225271509-2799312399
Opcode ID: e71a0de59450964ff78b8f09ba58f868377207ea84457b2ecd99db8693d42db1
Instruction ID: ade35ed73697b2068b27e5def86165cd64272b8e457bea5e99f6af02aaa68682
Opcode Fuzzy Hash: e71a0de59450964ff78b8f09ba58f868377207ea84457b2ecd99db8693d42db1
Instruction Fuzzy Hash: 85B1BE30E002989FEF21DBA884917EDBBB1FF15300F548499D895EB382DB749D86CB56

Uniqueness

Uniqueness Score: -1.00%

Function 008B2931, Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 300
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E008B2931(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t120;
				void* _t123;
				intOrPtr* _t130;
				char* _t131;
				void* _t138;
				intOrPtr _t139;
				intOrPtr _t140;
				signed int _t141;
				char* _t147;
				intOrPtr _t148;
				intOrPtr _t173;
				char* _t174;
				signed int _t175;
				signed int _t176;
				intOrPtr _t189;
				intOrPtr _t192;
				char* _t193;
				char _t201;
				intOrPtr _t202;
				intOrPtr _t213;
				intOrPtr* _t214;
				intOrPtr* _t216;
				signed int _t218;
				signed int _t220;
				intOrPtr _t222;
				intOrPtr _t223;
				void* _t224;
				void* _t225;

				_t225 = __eflags;
				_push(0x84);
				E008C1E90(E008E0ECA, __ebx, __edi, __esi);
				_t173 =  *((intOrPtr*)(_t224 + 0x1c));
				_t222 =  *((intOrPtr*)(_t224 + 0x10));
				 *((intOrPtr*)(_t224 - 0x8c)) =  *((intOrPtr*)(_t224 + 0xc));
				_push(_t173);
				 *((intOrPtr*)(_t224 - 0x80)) =  *((intOrPtr*)(_t224 + 0x14));
				_t216 = E008AEE1B(_t173, __edi, _t222, _t225);
				E008BADBD(_t216, _t224 - 0x74);
				 *(_t224 - 4) =  *(_t224 - 4) & 0x00000000;
				_t226 =  *((intOrPtr*)(_t224 - 0x64));
				if( *((intOrPtr*)(_t224 - 0x64)) != 0) {
					 *(_t224 - 0x88) =  *((intOrPtr*)( *_t216 + 0x10))() & 0x0000ffff;
				} else {
					 *(_t224 - 0x88) =  *(_t224 - 0x88) & 0x00000000;
				}
				_t120 = E008AE48B(_t173, _t216, _t222, _t226);
				 *((intOrPtr*)( *_t120 + 0x2c))("0123456789ABCDEFabcdef-+Xx", 0x8e5516, _t224 - 0x44, _t173);
				_t174 =  *((intOrPtr*)(_t224 - 0x8c));
				 *((intOrPtr*)(_t224 - 0x7c)) = _t174;
				_t123 = E008BACCB(_t222,  *((intOrPtr*)(_t224 - 0x80)));
				if(_t123 != 0) {
					L13:
					_t218 =  *(_t224 + 0x18) & 0x00000e00;
					_t175 = 0xa;
					 *(_t224 - 0x90) = _t175;
					if(_t218 != 0x400) {
						__eflags = _t218 - 0x800;
						if(_t218 != 0x800) {
							asm("sbb edi, edi");
							_t220 =  ~_t218 & _t175;
							__eflags = _t220;
							L19:
							 *((char*)(_t224 - 0x75)) = 0;
							 *((char*)(_t224 - 0x84)) = 0;
							 *((char*)(_t224 - 0x76)) = 0;
							E008BACCB(_t222,  *((intOrPtr*)(_t224 - 0x80)));
							if(0 != 0) {
								L35:
								__eflags = _t220;
								if(_t220 == 0) {
									L38:
									 *(_t224 - 0x4c) =  *(_t224 - 0x4c) & 0x00000000;
									 *((intOrPtr*)(_t224 - 0x48)) = 0xf;
									 *((char*)(_t224 - 0x5c)) = 0;
									E008A0560(_t224 - 0x5c, _t220, _t222, 1,  *((intOrPtr*)(_t224 - 0x84)));
									 *(_t224 - 4) = 1;
									_t176 = 0;
									 *((intOrPtr*)(_t224 - 0x84)) =  *((intOrPtr*)(_t224 - 0x8c)) + 0x1f;
									if(E008BACCB(_t222,  *((intOrPtr*)(_t224 - 0x80))) != 0) {
										_t223 =  *((intOrPtr*)(_t224 - 0x48));
										L68:
										_t189 =  *((intOrPtr*)(_t224 - 0x75));
										L69:
										_t130 =  *((intOrPtr*)(_t224 - 0x74));
										if( *((intOrPtr*)(_t224 - 0x60)) < 0x10) {
											_t130 = _t224 - 0x74;
										}
										if(_t189 == 0) {
											L86:
											_t131 =  *((intOrPtr*)(_t224 - 0x8c));
											goto L87;
										} else {
											while(_t176 != 0) {
												_t192 =  *_t130;
												if(_t192 == 0x7f) {
													break;
												}
												_t176 = _t176 - 1;
												if(_t176 == 0) {
													L78:
													if(_t176 != 0) {
														L82:
														_t193 = _t130 + 1;
														if( *_t193 > 0) {
															_t130 = _t193;
														}
														continue;
													}
													_t214 =  *((intOrPtr*)(_t224 - 0x5c));
													if(_t223 < 0x10) {
														_t214 = _t224 - 0x5c;
													}
													if(_t192 <  *_t214) {
														goto L86;
													} else {
														goto L82;
													}
												}
												_t213 =  *((intOrPtr*)(_t224 - 0x5c));
												if(_t223 < 0x10) {
													_t213 = _t224 - 0x5c;
												}
												if(_t192 !=  *((intOrPtr*)(_t213 + _t176))) {
													goto L86;
												} else {
													goto L78;
												}
											}
											__eflags =  *((char*)(_t224 - 0x76));
											_t131 =  *((intOrPtr*)(_t224 - 0x7c));
											if( *((char*)(_t224 - 0x76)) == 0) {
												 *_t131 = 0x30;
												_t131 = _t131 + 1;
											}
											L87:
											__eflags = 0;
											 *_t131 = 0;
											E008925E0(_t224 - 0x5c, 1, 0);
											E008925E0(_t224 - 0x74, 1, 0);
											return E008C1E3F(0, _t220, _t223);
										}
									} else {
										goto L39;
									}
									do {
										L39:
										if( *((char*)(_t222 + 4)) == 0) {
											E008B5A0A(_t222);
										}
										_t138 = E008ADB56(_t224 - 0x44,  *(_t222 + 6) & 0x0000ffff);
										if(_t138 >=  *(_t224 - 0x90)) {
											__eflags =  *((intOrPtr*)(_t224 - 0x48)) - 0x10;
											_t139 =  *((intOrPtr*)(_t224 - 0x5c));
											if( *((intOrPtr*)(_t224 - 0x48)) < 0x10) {
												_t139 = _t224 - 0x5c;
											}
											__eflags =  *((char*)(_t139 + _t176));
											if( *((char*)(_t139 + _t176)) == 0) {
												break;
											} else {
												_t141 =  *(_t224 - 0x88);
												__eflags = _t141;
												if(_t141 == 0) {
													break;
												}
												__eflags =  *((char*)(_t222 + 4));
												if( *((char*)(_t222 + 4)) == 0) {
													E008B5A0A(_t222);
													_t141 =  *(_t224 - 0x88);
												}
												__eflags =  *(_t222 + 6) - _t141;
												if( *(_t222 + 6) != _t141) {
													break;
												} else {
													E00892790(_t141, _t176, _t224 - 0x5c, _t220, _t224, 1, 0);
													_t176 = _t176 + 1;
													__eflags = _t176;
													goto L60;
												}
											}
										} else {
											_t201 =  *((intOrPtr*)(_t138 + "0123456789ABCDEFabcdef-+Xx"));
											_t147 =  *((intOrPtr*)(_t224 - 0x7c));
											 *_t147 = _t201;
											if( *((char*)(_t224 - 0x76)) != 0 || _t201 != 0x30) {
												if(_t147 <  *((intOrPtr*)(_t224 - 0x84))) {
													 *((char*)(_t224 - 0x76)) = 1;
													 *((intOrPtr*)(_t224 - 0x7c)) = _t147 + 1;
												}
											}
											_t148 =  *((intOrPtr*)(_t224 - 0x5c));
											_t202 = _t148;
											 *((char*)(_t224 - 0x75)) = 1;
											if( *((intOrPtr*)(_t224 - 0x48)) < 0x10) {
												_t202 = _t224 - 0x5c;
											}
											if( *((char*)(_t202 + _t176)) != 0x7f) {
												if( *((intOrPtr*)(_t224 - 0x48)) < 0x10) {
													_t148 = _t224 - 0x5c;
												}
												 *((char*)(_t148 + _t176)) =  *((char*)(_t148 + _t176)) + 1;
											}
										}
										L60:
										E008B443B(_t222);
									} while (E008BACCB(_t222,  *((intOrPtr*)(_t224 - 0x80))) == 0);
									_t223 =  *((intOrPtr*)(_t224 - 0x48));
									if(_t176 == 0) {
										goto L68;
									}
									_t140 =  *((intOrPtr*)(_t224 - 0x5c));
									if(_t223 < 0x10) {
										_t140 = _t224 - 0x5c;
									}
									if( *((char*)(_t140 + _t176)) <= 0) {
										_t189 = 0;
										goto L69;
									} else {
										_t176 = _t176 + 1;
										goto L68;
									}
								}
								L36:
								__eflags = _t220 - _t175;
								if(_t220 == _t175) {
									goto L38;
								}
								L37:
								 *(_t224 - 0x90) = ((0 | _t220 != 0x00000008) - 0x00000001 & 0xfffffff2) + 0x16;
								goto L38;
							}
							if( *((intOrPtr*)(_t222 + 4)) == 0) {
								E008B5A0A(_t222);
							}
							if(( *(_t222 + 6) & 0x0000ffff) !=  *((intOrPtr*)(_t224 - 0x44))) {
								goto L35;
							} else {
								 *((char*)(_t224 - 0x75)) = 1;
								 *((char*)(_t224 - 0x84)) = 1;
								E008B443B(_t222);
								E008BACCB(_t222,  *((intOrPtr*)(_t224 - 0x80)));
								if(1 != 0) {
									L33:
									__eflags = _t220;
									if(_t220 != 0) {
										goto L36;
									}
									_t220 = 8;
									goto L35;
								}
								if( *((intOrPtr*)(_t222 + 4)) == 1) {
									E008B5A0A(_t222);
								}
								if(( *(_t222 + 6) & 0x0000ffff) ==  *((intOrPtr*)(_t224 - 0x12))) {
									L30:
									if(_t220 == 0 || _t220 == 0x10) {
										_t220 = 0x10;
										 *((char*)(_t224 - 0x75)) = 0;
										 *((char*)(_t224 - 0x84)) = 0;
										E008B443B(_t222);
										goto L37;
									} else {
										goto L33;
									}
								} else {
									if( *((char*)(_t222 + 4)) == 0) {
										E008B5A0A(_t222);
									}
									if(( *(_t222 + 6) & 0x0000ffff) !=  *((intOrPtr*)(_t224 - 0x14))) {
										goto L33;
									} else {
										goto L30;
									}
								}
							}
						}
						_push(0x10);
						L17:
						_pop(_t220);
						goto L19;
					}
					_push(8);
					goto L17;
				} else {
					if( *((intOrPtr*)(_t222 + 4)) == _t123) {
						E008B5A0A(_t222);
					}
					if(( *(_t222 + 6) & 0x0000ffff) !=  *((intOrPtr*)(_t224 - 0x16))) {
						__eflags =  *((char*)(_t222 + 4));
						if( *((char*)(_t222 + 4)) == 0) {
							E008B5A0A(_t222);
						}
						__eflags = ( *(_t222 + 6) & 0x0000ffff) -  *((intOrPtr*)(_t224 - 0x18));
						if(( *(_t222 + 6) & 0x0000ffff) !=  *((intOrPtr*)(_t224 - 0x18))) {
							goto L13;
						} else {
							 *_t174 = 0x2d;
							goto L12;
						}
					} else {
						 *_t174 = 0x2b;
						L12:
						 *((intOrPtr*)(_t224 - 0x7c)) = _t174 + 1;
						E008B443B(_t222);
						goto L13;
					}
				}
			}

0x008b2931
0x008b2931
0x008b293b
0x008b2943
0x008b2946
0x008b2949
0x008b2952
0x008b2953
0x008b295b
0x008b2964
0x008b2969
0x008b296d
0x008b2971
0x008b2986
0x008b2973
0x008b2973
0x008b2973
0x008b298d
0x008b29a5
0x008b29a8
0x008b29b5
0x008b29b8
0x008b29bf
0x008b2a03
0x008b2a08
0x008b2a0e
0x008b2a0f
0x008b2a1b
0x008b2a21
0x008b2a27
0x008b2a30
0x008b2a32
0x008b2a32
0x008b2a34
0x008b2a3b
0x008b2a3e
0x008b2a44
0x008b2a47
0x008b2a4e
0x008b2ade
0x008b2ade
0x008b2ae0
0x008b2afb
0x008b2b01
0x008b2b0a
0x008b2b11
0x008b2b15
0x008b2b28
0x008b2b2c
0x008b2b2e
0x008b2b3b
0x008b2c2d
0x008b2c30
0x008b2c30
0x008b2c33
0x008b2c37
0x008b2c3a
0x008b2c3c
0x008b2c3c
0x008b2c41
0x008b2c8f
0x008b2c8f
0x00000000
0x008b2c43
0x008b2c43
0x008b2c47
0x008b2c4c
0x00000000
0x00000000
0x008b2c4e
0x008b2c4f
0x008b2c61
0x008b2c63
0x008b2c74
0x008b2c74
0x008b2c7a
0x008b2c7c
0x008b2c7c
0x00000000
0x008b2c7a
0x008b2c65
0x008b2c6b
0x008b2c6d
0x008b2c6d
0x008b2c72
0x00000000
0x00000000
0x00000000
0x00000000
0x008b2c72
0x008b2c51
0x008b2c57
0x008b2c59
0x008b2c59
0x008b2c5f
0x00000000
0x00000000
0x00000000
0x00000000
0x008b2c5f
0x008b2c80
0x008b2c84
0x008b2c87
0x008b2c89
0x008b2c8c
0x008b2c8c
0x008b2c95
0x008b2c95
0x008b2c9d
0x008b2c9f
0x008b2caa
0x008b2cb6
0x008b2cb6
0x00000000
0x00000000
0x00000000
0x008b2b41
0x008b2b41
0x008b2b45
0x008b2b49
0x008b2b49
0x008b2b57
0x008b2b64
0x008b2bb2
0x008b2bb6
0x008b2bb9
0x008b2bbb
0x008b2bbb
0x008b2bbe
0x008b2bc2
0x00000000
0x008b2bc4
0x008b2bc4
0x008b2bca
0x008b2bcd
0x00000000
0x00000000
0x008b2bcf
0x008b2bd3
0x008b2bd7
0x008b2bdc
0x008b2bdc
0x008b2be2
0x008b2be6
0x00000000
0x008b2be8
0x008b2bef
0x008b2bf4
0x008b2bf4
0x00000000
0x008b2bf4
0x008b2be6
0x008b2b66
0x008b2b6a
0x008b2b70
0x008b2b73
0x008b2b75
0x008b2b82
0x008b2b85
0x008b2b89
0x008b2b89
0x008b2b82
0x008b2b90
0x008b2b93
0x008b2b95
0x008b2b99
0x008b2b9b
0x008b2b9b
0x008b2ba2
0x008b2ba8
0x008b2baa
0x008b2baa
0x008b2bad
0x008b2bad
0x008b2ba2
0x008b2bf5
0x008b2bf7
0x008b2c06
0x008b2c0e
0x008b2c13
0x00000000
0x00000000
0x008b2c15
0x008b2c1b
0x008b2c1d
0x008b2c1d
0x008b2c24
0x008b2c29
0x00000000
0x008b2c26
0x008b2c26
0x00000000
0x008b2c26
0x008b2c24
0x008b2ae2
0x008b2ae2
0x008b2ae4
0x00000000
0x00000000
0x008b2ae6
0x008b2af5
0x00000000
0x008b2af5
0x008b2a57
0x008b2a5b
0x008b2a5b
0x008b2a68
0x00000000
0x008b2a6a
0x008b2a6e
0x008b2a71
0x008b2a77
0x008b2a81
0x008b2a88
0x008b2ad7
0x008b2ad7
0x008b2ad9
0x00000000
0x00000000
0x008b2add
0x00000000
0x008b2add
0x008b2a8d
0x008b2a91
0x008b2a91
0x008b2a9e
0x008b2ab7
0x008b2ab9
0x008b2ac6
0x008b2ac7
0x008b2aca
0x008b2ad0
0x00000000
0x00000000
0x00000000
0x00000000
0x008b2aa0
0x008b2aa4
0x008b2aa8
0x008b2aa8
0x008b2ab5
0x00000000
0x00000000
0x00000000
0x00000000
0x008b2ab5
0x008b2a9e
0x008b2a68
0x008b2a29
0x008b2a2b
0x008b2a2b
0x00000000
0x008b2a2b
0x008b2a1d
0x00000000
0x008b29c1
0x008b29c4
0x008b29c8
0x008b29c8
0x008b29d5
0x008b29dc
0x008b29e0
0x008b29e4
0x008b29e4
0x008b29ed
0x008b29f1
0x00000000
0x008b29f3
0x008b29f3
0x00000000
0x008b29f3
0x008b29d7
0x008b29d7
0x008b29f6
0x008b29fb
0x008b29fe
0x00000000
0x008b29fe
0x008b29d5

APIs

__EH_prolog3_GS.LIBCMT ref: 008B293B

Part of subcall function 008AEE1B: __EH_prolog3.LIBCMT ref: 008AEE22
Part of subcall function 008AEE1B: std::_Lockit::_Lockit.LIBCPMT ref: 008AEE2C

_Find_elem.LIBCPMT ref: 008B2B57

Strings

0123456789ABCDEFabcdef-+Xx, xrefs: 008B29A0

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: Find_elemH_prolog3H_prolog3_LockitLockit::_std::_
String ID: 0123456789ABCDEFabcdef-+Xx
API String ID: 2225271509-2799312399
Opcode ID: bc0f160372c3b67a47c6b728ab0eff4788560b565f4aa3a1411eb260e3837ccc
Instruction ID: 2ca74246ba220cd734ae3a07aa632cc43b7e260f7abfe02d1ce1a3e392d89a67
Opcode Fuzzy Hash: bc0f160372c3b67a47c6b728ab0eff4788560b565f4aa3a1411eb260e3837ccc
Instruction Fuzzy Hash: E4B18D30E042A89EDF21DBA884917FDBBB1FF15700F548489D495EB382DB749D86CB52

Uniqueness

Uniqueness Score: -1.00%

Function 008B9744, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E008B9744(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				signed char _t55;
				void* _t59;
				intOrPtr _t60;
				signed short _t63;
				intOrPtr _t67;
				void* _t69;
				void* _t71;
				signed int _t80;
				intOrPtr _t81;
				short _t97;
				intOrPtr* _t99;
				void* _t100;
				signed long long* _t101;
				signed long long* _t102;
				signed long long _t111;

				_t81 = __ecx;
				_push(0x5c);
				E008C1E90(E008E14F7, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t100 - 0x68)) = __ecx;
				asm("fldz");
				_t55 =  *(_t100 + 0x18);
				asm("fcom st0, st1");
				_t99 =  *((intOrPtr*)(_t100 + 8));
				 *(_t100 - 0x54) = _t55;
				asm("fnstsw ax");
				 *((char*)(_t100 - 0x60)) = 0;
				st1 =  *((long long*)(_t100 + 0x20));
				if((_t55 & 0x00000005) == 0) {
					 *((char*)(_t100 - 0x60)) = 1;
					asm("fchs");
				}
				_t111 =  *0x8e3ab8;
				_t97 = 0;
				asm("fcom st0, st1");
				asm("fnstsw ax");
				if((_t55 & 0x00000041) == 0) {
					_t111 =  *0x8e3ab0;
					while(_t97 < 0x1388) {
						_t111 = _t111 / st0;
						_t97 = _t97 + 0xa;
						asm("fxch st0, st1");
						asm("fcom st0, st2");
						asm("fnstsw ax");
						if((_t55 & 0x00000041) != 0) {
							asm("fxch st0, st1");
							continue;
						} else {
							st0 = _t111;
						}
						goto L8;
					}
					st1 = _t111;
				}
				L8:
				st0 = _t111;
				 *_t101 = _t111;
				_t80 = swprintf(_t100 - 0x38, 0x28, "%.0Lf", _t81, _t81);
				_t102 =  &(_t101[2]);
				if(_t80 >= 0) {
					_t59 = E008A36A0(_t100 - 0x64);
					 *(_t100 - 4) =  *(_t100 - 4) & 0x00000000;
					_t60 = E008AE3F2(_t80, _t97, _t99, __eflags);
					 *(_t100 - 4) =  *(_t100 - 4) | 0xffffffff;
					 *((intOrPtr*)(_t100 - 0x5c)) = _t60;
					E0089A750(_t100 - 0x64);
					_t63 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t100 - 0x5c)))) + 0x30))(0x30, _t59);
					 *(_t100 - 0x40) =  *(_t100 - 0x40) & 0x00000000;
					 *(_t100 - 0x58) = _t63 & 0x0000ffff;
					_push(0);
					 *((intOrPtr*)(_t100 - 0x3c)) = 7;
					 *((short*)(_t100 - 0x50)) = 0;
					E008B685C(_t80, _t100 - 0x50, _t80);
					__eflags =  *((intOrPtr*)(_t100 - 0x3c)) - 8;
					_t67 =  *((intOrPtr*)(_t100 - 0x50));
					 *(_t100 - 4) = 1;
					if( *((intOrPtr*)(_t100 - 0x3c)) < 8) {
						_t67 = _t100 - 0x50;
					}
					_t69 = _t100 - 0x38 + _t80;
					__eflags = _t69;
					_t71 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t100 - 0x5c)))) + 0x2c))(_t100 - 0x38, _t69, _t67);
					_t80 =  *(_t100 - 0x58);
					_push(_t80);
					E008B6765(_t71, _t80, _t100 - 0x50, _t97);
					_push(_t80);
					E008AF11A(_t102 - 0x18, _t100 - 0x50);
					_push( *((intOrPtr*)(_t100 - 0x60)));
					_push( *((intOrPtr*)(_t100 + 0x1c)));
					_push( *(_t100 - 0x54));
					_push( *((intOrPtr*)(_t100 + 0x14)));
					_push( *((intOrPtr*)(_t100 + 0x10)));
					_push( *((intOrPtr*)(_t100 + 0xc)));
					_push(_t99);
					L008B5AA2(_t80,  *((intOrPtr*)( *((intOrPtr*)(_t100 - 0x5c)))), _t97, _t99, __eflags, _t111);
					E008B65E8(_t100 - 0x50, 1, 0);
				} else {
					 *_t99 =  *((intOrPtr*)(_t100 + 0xc));
					 *((intOrPtr*)(_t99 + 4)) =  *((intOrPtr*)(_t100 + 0x10));
				}
				return E008C1E3F(_t80, _t97, _t99);
			}

0x008b9744
0x008b9744
0x008b974b
0x008b9750
0x008b9753
0x008b9758
0x008b975b
0x008b975d
0x008b9760
0x008b9763
0x008b9765
0x008b9769
0x008b976e
0x008b9770
0x008b9774
0x008b9774
0x008b9776
0x008b977c
0x008b977e
0x008b9780
0x008b9785
0x008b9787
0x008b9791
0x008b9799
0x008b979b
0x008b979e
0x008b97a0
0x008b97a2
0x008b97a7
0x008b978f
0x00000000
0x008b97a9
0x008b97a9
0x008b97a9
0x00000000
0x008b97a7
0x008b97db
0x008b97db
0x008b97ab
0x008b97ad
0x008b97b2
0x008b97c2
0x008b97c4
0x008b97c9
0x008b97e6
0x008b97eb
0x008b97f0
0x008b97f5
0x008b97fd
0x008b9800
0x008b980e
0x008b9811
0x008b981b
0x008b9820
0x008b9822
0x008b9829
0x008b982d
0x008b9832
0x008b9836
0x008b9839
0x008b9840
0x008b9842
0x008b9842
0x008b984c
0x008b984c
0x008b9855
0x008b9858
0x008b985e
0x008b9860
0x008b9865
0x008b986f
0x008b9874
0x008b987a
0x008b987d
0x008b9880
0x008b9883
0x008b9886
0x008b9889
0x008b988a
0x008b9896
0x008b97cb
0x008b97ce
0x008b97d3
0x008b97d3
0x008b98a2

APIs

__EH_prolog3_GS.LIBCMT ref: 008B974B
swprintf.LIBCMT ref: 008B97BD

Part of subcall function 008AE3F2: __EH_prolog3.LIBCMT ref: 008AE3F9
Part of subcall function 008AE3F2: std::_Lockit::_Lockit.LIBCPMT ref: 008AE403

Strings

%.0Lf, xrefs: 008B97B5

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: H_prolog3H_prolog3_LockitLockit::_std::_swprintf
String ID: %.0Lf
API String ID: 4082241743-1402515088
Opcode ID: 7b068e18b30b0ee371bf2e6025addb2cd65c8fa92a41cf7637744f8e288d285a
Instruction ID: 1cdc02e7f094a211cadad1de4dee71182699e3d3a5e640da323003253986e2da
Opcode Fuzzy Hash: 7b068e18b30b0ee371bf2e6025addb2cd65c8fa92a41cf7637744f8e288d285a
Instruction Fuzzy Hash: E841BB71E00208ABDF01EFE4C885AED7BB9FF09304F108418F945EB391EB7599198B95

Uniqueness

Uniqueness Score: -1.00%

Function 008B99C4, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E008B99C4(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				signed char _t55;
				void* _t59;
				intOrPtr _t60;
				signed short _t63;
				intOrPtr _t67;
				void* _t69;
				void* _t71;
				signed int _t80;
				intOrPtr _t81;
				short _t97;
				intOrPtr* _t99;
				void* _t100;
				signed long long* _t101;
				signed long long* _t102;
				signed long long _t111;

				_t81 = __ecx;
				_push(0x5c);
				E008C1E90(E008E1561, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t100 - 0x68)) = __ecx;
				asm("fldz");
				_t55 =  *(_t100 + 0x18);
				asm("fcom st0, st1");
				_t99 =  *((intOrPtr*)(_t100 + 8));
				 *(_t100 - 0x54) = _t55;
				asm("fnstsw ax");
				 *((char*)(_t100 - 0x60)) = 0;
				st1 =  *((long long*)(_t100 + 0x20));
				if((_t55 & 0x00000005) == 0) {
					 *((char*)(_t100 - 0x60)) = 1;
					asm("fchs");
				}
				_t111 =  *0x8e3ab8;
				_t97 = 0;
				asm("fcom st0, st1");
				asm("fnstsw ax");
				if((_t55 & 0x00000041) == 0) {
					_t111 =  *0x8e3ab0;
					while(_t97 < 0x1388) {
						_t111 = _t111 / st0;
						_t97 = _t97 + 0xa;
						asm("fxch st0, st1");
						asm("fcom st0, st2");
						asm("fnstsw ax");
						if((_t55 & 0x00000041) != 0) {
							asm("fxch st0, st1");
							continue;
						} else {
							st0 = _t111;
						}
						goto L8;
					}
					st1 = _t111;
				}
				L8:
				st0 = _t111;
				 *_t101 = _t111;
				_t80 = swprintf(_t100 - 0x38, 0x28, "%.0Lf", _t81, _t81);
				_t102 =  &(_t101[2]);
				if(_t80 >= 0) {
					_t59 = E008A36A0(_t100 - 0x64);
					 *(_t100 - 4) =  *(_t100 - 4) & 0x00000000;
					_t60 = E008AE48B(_t80, _t97, _t99, __eflags);
					 *(_t100 - 4) =  *(_t100 - 4) | 0xffffffff;
					 *((intOrPtr*)(_t100 - 0x5c)) = _t60;
					E0089A750(_t100 - 0x64);
					_t63 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t100 - 0x5c)))) + 0x30))(0x30, _t59);
					 *(_t100 - 0x40) =  *(_t100 - 0x40) & 0x00000000;
					 *(_t100 - 0x58) = _t63 & 0x0000ffff;
					 *((intOrPtr*)(_t100 - 0x3c)) = 7;
					 *((short*)(_t100 - 0x50)) = 0;
					E008A7FB0(_t100 - 0x50, _t100, _t80, 0);
					__eflags =  *((intOrPtr*)(_t100 - 0x3c)) - 8;
					_t67 =  *((intOrPtr*)(_t100 - 0x50));
					 *(_t100 - 4) = 1;
					if( *((intOrPtr*)(_t100 - 0x3c)) < 8) {
						_t67 = _t100 - 0x50;
					}
					_t69 = _t100 - 0x38 + _t80;
					__eflags = _t69;
					_t71 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t100 - 0x5c)))) + 0x2c))(_t100 - 0x38, _t69, _t67);
					_t80 =  *(_t100 - 0x58);
					E008A7EF0(_t71, _t100 - 0x50, _t100, _t97, _t80);
					_push(_t80);
					E00891260(_t102 - 0x18, _t100 - 0x50);
					_push( *((intOrPtr*)(_t100 - 0x60)));
					_push( *((intOrPtr*)(_t100 + 0x1c)));
					_push( *(_t100 - 0x54));
					_push( *((intOrPtr*)(_t100 + 0x14)));
					_push( *((intOrPtr*)(_t100 + 0x10)));
					_push( *((intOrPtr*)(_t100 + 0xc)));
					_push(_t99);
					L008B6007(_t80,  *((intOrPtr*)( *((intOrPtr*)(_t100 - 0x5c)))), _t97, _t99, __eflags, _t111);
					E00892630(_t100 - 0x50, 1, 0);
				} else {
					 *_t99 =  *((intOrPtr*)(_t100 + 0xc));
					 *((intOrPtr*)(_t99 + 4)) =  *((intOrPtr*)(_t100 + 0x10));
				}
				return E008C1E3F(_t80, _t97, _t99);
			}

0x008b99c4
0x008b99c4
0x008b99cb
0x008b99d0
0x008b99d3
0x008b99d8
0x008b99db
0x008b99dd
0x008b99e0
0x008b99e3
0x008b99e5
0x008b99e9
0x008b99ee
0x008b99f0
0x008b99f4
0x008b99f4
0x008b99f6
0x008b99fc
0x008b99fe
0x008b9a00
0x008b9a05
0x008b9a07
0x008b9a11
0x008b9a19
0x008b9a1b
0x008b9a1e
0x008b9a20
0x008b9a22
0x008b9a27
0x008b9a0f
0x00000000
0x008b9a29
0x008b9a29
0x008b9a29
0x00000000
0x008b9a27
0x008b9a5b
0x008b9a5b
0x008b9a2b
0x008b9a2d
0x008b9a32
0x008b9a42
0x008b9a44
0x008b9a49
0x008b9a66
0x008b9a6b
0x008b9a70
0x008b9a75
0x008b9a7d
0x008b9a80
0x008b9a8e
0x008b9a91
0x008b9a9b
0x008b9aa2
0x008b9aa9
0x008b9aad
0x008b9ab2
0x008b9ab6
0x008b9ab9
0x008b9ac0
0x008b9ac2
0x008b9ac2
0x008b9acc
0x008b9acc
0x008b9ad5
0x008b9ad8
0x008b9ae0
0x008b9ae5
0x008b9aef
0x008b9af4
0x008b9afa
0x008b9afd
0x008b9b00
0x008b9b03
0x008b9b06
0x008b9b09
0x008b9b0a
0x008b9b16
0x008b9a4b
0x008b9a4e
0x008b9a53
0x008b9a53
0x008b9b22

APIs

__EH_prolog3_GS.LIBCMT ref: 008B99CB
swprintf.LIBCMT ref: 008B9A3D

Part of subcall function 008AE48B: __EH_prolog3.LIBCMT ref: 008AE492
Part of subcall function 008AE48B: std::_Lockit::_Lockit.LIBCPMT ref: 008AE49C

Strings

%.0Lf, xrefs: 008B9A35

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: H_prolog3H_prolog3_LockitLockit::_std::_swprintf
String ID: %.0Lf
API String ID: 4082241743-1402515088
Opcode ID: 0aed12dd2453a4ec8479ce71b288a6169a9cf5e7d265af55210ad268ed0e80b5
Instruction ID: 7515a758402ee2da79967c4710cde2323e946b9baf1ed81af913b05349fd7f51
Opcode Fuzzy Hash: 0aed12dd2453a4ec8479ce71b288a6169a9cf5e7d265af55210ad268ed0e80b5
Instruction Fuzzy Hash: F941AC71E0021CABDF01EFE4C884AEEBBB9FB05300F108408F955EB295DB7499598B91

Uniqueness

Uniqueness Score: -1.00%

Function 008BE06A, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E008BE06A(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				signed char _t55;
				intOrPtr* _t59;
				intOrPtr _t60;
				intOrPtr _t66;
				void* _t68;
				int _t79;
				intOrPtr _t80;
				char _t96;
				intOrPtr* _t98;
				void* _t99;
				signed long long* _t100;
				signed long long* _t101;
				signed long long _t110;

				_t80 = __ecx;
				_push(0x5c);
				E008C1E90(E008E19C4, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t99 - 0x68)) = __ecx;
				asm("fldz");
				_t55 =  *(_t99 + 0x18);
				asm("fcom st0, st1");
				_t98 =  *((intOrPtr*)(_t99 + 8));
				 *(_t99 - 0x54) = _t55;
				asm("fnstsw ax");
				 *((char*)(_t99 - 0x60)) = 0;
				st1 =  *((long long*)(_t99 + 0x20));
				if((_t55 & 0x00000005) == 0) {
					 *((char*)(_t99 - 0x60)) = 1;
					asm("fchs");
				}
				_t110 =  *0x8e3ab8;
				_t96 = 0;
				asm("fcom st0, st1");
				asm("fnstsw ax");
				if((_t55 & 0x00000041) == 0) {
					_t110 =  *0x8e3ab0;
					while(_t96 < 0x1388) {
						_t110 = _t110 / st0;
						_t96 = _t96 + 0xa;
						asm("fxch st0, st1");
						asm("fcom st0, st2");
						asm("fnstsw ax");
						if((_t55 & 0x00000041) != 0) {
							asm("fxch st0, st1");
							continue;
						} else {
							st0 = _t110;
						}
						goto L8;
					}
					st1 = _t110;
				}
				L8:
				st0 = _t110;
				 *_t100 = _t110;
				_t79 = swprintf(_t99 - 0x38, 0x28, "%.0Lf", _t80, _t80);
				_t101 =  &(_t100[2]);
				if(_t79 >= 0) {
					_t59 = E008A36A0(_t99 - 0x58);
					 *(_t99 - 4) =  *(_t99 - 4) & 0x00000000;
					_t60 = E00897EE0(_t59);
					 *(_t99 - 4) =  *(_t99 - 4) | 0xffffffff;
					 *((intOrPtr*)(_t99 - 0x5c)) = _t60;
					E0089A750(_t99 - 0x58);
					 *((char*)(_t99 - 0x64)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t99 - 0x5c)))) + 0x20))(0x30);
					 *((intOrPtr*)(_t99 - 0x3c)) = 0xf;
					 *((intOrPtr*)(_t99 - 0x40)) = 0;
					 *((char*)(_t99 - 0x50)) = 0;
					E008A0560(_t99 - 0x50, _t96, _t98, _t79, 0);
					__eflags =  *((intOrPtr*)(_t99 - 0x3c)) - 0x10;
					_t66 =  *((intOrPtr*)(_t99 - 0x50));
					 *(_t99 - 4) = 1;
					if( *((intOrPtr*)(_t99 - 0x3c)) < 0x10) {
						_t66 = _t99 - 0x50;
					}
					_t68 = _t99 - 0x38 + _t79;
					__eflags = _t68;
					E00892790( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t99 - 0x5c)))) + 0x1c))(_t99 - 0x38, _t68, _t66), _t79, _t99 - 0x50, _t96, _t99, _t96,  *((intOrPtr*)(_t99 - 0x64)));
					_push( *((intOrPtr*)(_t99 - 0x64)));
					E008911E0(_t101 - 0x18, _t99 - 0x50);
					_push( *((intOrPtr*)(_t99 - 0x60)));
					_push( *((intOrPtr*)(_t99 + 0x1c)));
					_push( *(_t99 - 0x54));
					_push( *((intOrPtr*)(_t99 + 0x14)));
					_push( *((intOrPtr*)(_t99 + 0x10)));
					_push( *((intOrPtr*)(_t99 + 0xc)));
					_push(_t98);
					L008BCD8E(_t79, _t96, _t98, __eflags);
					E008925E0(_t99 - 0x50, 1, 0);
				} else {
					 *_t98 =  *((intOrPtr*)(_t99 + 0xc));
					 *((intOrPtr*)(_t98 + 4)) =  *((intOrPtr*)(_t99 + 0x10));
				}
				return E008C1E3F(_t79, _t96, _t98);
			}

0x008be06a
0x008be06a
0x008be071
0x008be076
0x008be079
0x008be07e
0x008be081
0x008be083
0x008be086
0x008be089
0x008be08b
0x008be08f
0x008be094
0x008be096
0x008be09a
0x008be09a
0x008be09c
0x008be0a2
0x008be0a4
0x008be0a6
0x008be0ab
0x008be0ad
0x008be0b7
0x008be0bf
0x008be0c1
0x008be0c4
0x008be0c6
0x008be0c8
0x008be0cd
0x008be0b5
0x00000000
0x008be0cf
0x008be0cf
0x008be0cf
0x00000000
0x008be0cd
0x008be101
0x008be101
0x008be0d1
0x008be0d3
0x008be0d8
0x008be0e8
0x008be0ea
0x008be0ef
0x008be10c
0x008be111
0x008be116
0x008be11b
0x008be123
0x008be126
0x008be137
0x008be13f
0x008be148
0x008be14b
0x008be14e
0x008be153
0x008be157
0x008be15a
0x008be161
0x008be163
0x008be163
0x008be16d
0x008be16d
0x008be180
0x008be185
0x008be191
0x008be196
0x008be19c
0x008be19f
0x008be1a2
0x008be1a5
0x008be1a8
0x008be1ab
0x008be1ac
0x008be1b8
0x008be0f1
0x008be0f4
0x008be0f9
0x008be0f9
0x008be1c4

APIs

__EH_prolog3_GS.LIBCMT ref: 008BE071
swprintf.LIBCMT ref: 008BE0E3

Part of subcall function 00897EE0: std::_Lockit::_Lockit.LIBCPMT ref: 00897F0D
Part of subcall function 00897EE0: std::_Lockit::_Lockit.LIBCPMT ref: 00897F33

Strings

%.0Lf, xrefs: 008BE0DB

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: LockitLockit::_std::_$H_prolog3_swprintf
String ID: %.0Lf
API String ID: 1815561682-1402515088
Opcode ID: c57ca686333b161772966788b70c630e229952dc14c77f0433145b7c1d3aab28
Instruction ID: fc62385002d8255ebbd1662b63432f2980db2f977fb36bc7041d2ca16f50e176
Opcode Fuzzy Hash: c57ca686333b161772966788b70c630e229952dc14c77f0433145b7c1d3aab28
Instruction Fuzzy Hash: 5C416871E00209AFCF05EFE8C889ADEBBB9FF09300F104558E955EB292DB7599458B51

Uniqueness

Uniqueness Score: -1.00%

Function 00892A50, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 117
COMMON

Download Yara Rule

C-Code - Quality: 50%

			E00892A50(void* __ebx, intOrPtr* __ecx, void* __edi, void* __ebp, intOrPtr* _a4, signed int _a8, void _a12) {
				intOrPtr _v20;
				intOrPtr* _v24;
				signed int _t33;
				intOrPtr* _t34;
				intOrPtr _t35;
				signed int _t47;
				intOrPtr* _t51;
				intOrPtr* _t58;
				intOrPtr _t66;
				signed int _t68;
				intOrPtr _t76;
				signed int _t85;

				_t57 = __ecx;
				_t51 = _a4;
				_t85 = _a8;
				_t66 =  *((intOrPtr*)(_t51 + 0x10));
				_t75 = __ecx;
				if(_t66 < _t85) {
					_push("invalid string position");
					E008A9C28(__eflags);
					goto L25;
				} else {
					_t68 =  <  ? _a12 : _t66 - _t85;
					if(__ecx != _t51) {
						__eflags = _t68 - 0x7ffffffe;
						if(__eflags > 0) {
							goto L26;
						} else {
							_t35 =  *((intOrPtr*)(__ecx + 0x14));
							__eflags = _t35 - _t68;
							if(_t35 >= _t68) {
								__eflags = _t68;
								if(_t68 != 0) {
									goto L9;
								} else {
									 *(__ecx + 0x10) = _t68;
									__eflags = _t35 - 8;
									if(_t35 < 8) {
										__eflags = 0;
										 *((short*)(__ecx)) = 0;
										return __ecx;
									} else {
										__eflags = 0;
										 *((short*)( *__ecx)) = 0;
										return __ecx;
									}
								}
							} else {
								E008922A0(__ecx, _t68,  *(__ecx + 0x10));
								__eflags = _t68;
								if(_t68 == 0) {
									L23:
									return _t75;
								} else {
									L9:
									__eflags =  *((intOrPtr*)(_t51 + 0x14)) - 8;
									if( *((intOrPtr*)(_t51 + 0x14)) >= 8) {
										_t51 =  *_t51;
									}
									__eflags =  *((intOrPtr*)(_t75 + 0x14)) - 8;
									if( *((intOrPtr*)(_t75 + 0x14)) < 8) {
										_t58 = _t75;
									} else {
										_t58 =  *_t75;
									}
									__eflags = _t68;
									if(_t68 != 0) {
										E008BFCF0(_t58, _t51 + _t85 * 2, _t68 + _t68);
									}
									__eflags =  *((intOrPtr*)(_t75 + 0x14)) - 8;
									 *(_t75 + 0x10) = _t68;
									if( *((intOrPtr*)(_t75 + 0x14)) < 8) {
										__eflags = 0;
										 *((short*)(_t75 + _t68 * 2)) = 0;
										goto L23;
									} else {
										__eflags = 0;
										 *((short*)( *_t75 + _t68 * 2)) = 0;
										return _t75;
									}
								}
							}
						}
					} else {
						_t47 = _t68 + _t85;
						if( *(__ecx + 0x10) < _t47) {
							L25:
							_push("invalid string position");
							E008A9C28(__eflags);
							L26:
							_push("string too long");
							E008A9BFA(__eflags);
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							_push(_t75);
							_t76 = _v20;
							_t33 = E008A9C56(_t76);
							__eflags = _t33;
							_t34 = _v24;
							 *_t34 = _t76;
							if(_t33 == 0) {
								 *((intOrPtr*)(_t34 + 4)) = 0x8f2008;
								return _t34;
							} else {
								 *((intOrPtr*)(_t34 + 4)) = 0x8f2000;
								return _t34;
							}
						} else {
							 *(__ecx + 0x10) = _t47;
							if( *((intOrPtr*)(__ecx + 0x14)) >= 8) {
								_t57 =  *__ecx;
							}
							 *((short*)(_t57 + _t47 * 2)) = 0;
							E00892D30(_t51, _t75, _t85, 0, _t85);
							return _t75;
						}
					}
				}
			}

0x00892a50
0x00892a51
0x00892a56
0x00892a5c
0x00892a5f
0x00892a63
0x00892b45
0x00892b4a
0x00000000
0x00892a69
0x00892a6f
0x00892a76
0x00892aa7
0x00892aad
0x00000000
0x00892ab3
0x00892ab3
0x00892ab6
0x00892ab8
0x00892ad9
0x00892adb
0x00000000
0x00892add
0x00892add
0x00892ae0
0x00892ae3
0x00892af8
0x00892afd
0x00892b00
0x00892ae5
0x00892ae7
0x00892aea
0x00892af2
0x00892af2
0x00892ae3
0x00892aba
0x00892abe
0x00892ac3
0x00892ac5
0x00892b3c
0x00892b42
0x00892ac7
0x00892ac7
0x00892ac7
0x00892acb
0x00892acd
0x00892acd
0x00892acf
0x00892ad3
0x00892b03
0x00892ad5
0x00892ad5
0x00892ad5
0x00892b05
0x00892b07
0x00892b12
0x00892b17
0x00892b1a
0x00892b1e
0x00892b21
0x00892b36
0x00892b38
0x00000000
0x00892b23
0x00892b25
0x00892b27
0x00892b31
0x00892b31
0x00892b21
0x00892ac5
0x00892ab8
0x00892a78
0x00892a78
0x00892a7e
0x00892b4f
0x00892b4f
0x00892b54
0x00892b59
0x00892b59
0x00892b5e
0x00892b63
0x00892b64
0x00892b65
0x00892b66
0x00892b67
0x00892b68
0x00892b69
0x00892b6a
0x00892b6b
0x00892b6c
0x00892b6d
0x00892b6e
0x00892b6f
0x00892b70
0x00892b71
0x00892b76
0x00892b7e
0x00892b80
0x00892b84
0x00892b86
0x00892b93
0x00892b9b
0x00892b88
0x00892b88
0x00892b90
0x00892b90
0x00892a84
0x00892a88
0x00892a8b
0x00892a8d
0x00892a8d
0x00892a92
0x00892a99
0x00892aa4
0x00892aa4
0x00892a7e
0x00892a76

Strings

invalid string position, xrefs: 00892B45, 00892B4F
string too long, xrefs: 00892B59

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID:
String ID: invalid string position$string too long
API String ID: 0-4289949731
Opcode ID: ed5a08a44956d2d716eb7ec29d11e84d9c493ca5a939e35abeefb8226669e539
Instruction ID: 4ff2e066bc2d60ca680ee6b1fb97c6c304c7fff2865d2dfceeaa594ee507c9bd
Opcode Fuzzy Hash: ed5a08a44956d2d716eb7ec29d11e84d9c493ca5a939e35abeefb8226669e539
Instruction Fuzzy Hash: EC31CD33305324EB8B24EF5CE88096AF3E9FF96721315496EE541C7611DB31A844CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 008A2F40, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 106
COMMON

Download Yara Rule

C-Code - Quality: 32%

			E008A2F40(void* __ebx, void* __ebp, void* __eflags, char* _a4, intOrPtr _a12) {
				intOrPtr _v0;
				intOrPtr _v4;
				char _v12;
				intOrPtr _v20;
				char _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v112;
				intOrPtr _v116;
				char _v164;
				char _v172;
				char _v176;
				intOrPtr _v180;
				intOrPtr _v188;
				intOrPtr _v192;
				intOrPtr _v196;
				signed int _t61;
				intOrPtr _t74;
				char* _t79;
				intOrPtr _t82;
				void* _t107;
				signed int _t108;
				void* _t109;

				_push(0xffffffff);
				_push(E008E019B);
				_push( *[fs:0x0]);
				_t108 = _t107 - 0xb8;
				_t61 =  *0x8f21d0; // 0x28a5f8b6
				_push(_t61 ^ _t108);
				 *[fs:0x0] =  &_v12;
				_v192 = 0;
				_v188 = 0x8e2630;
				_v172 = 0x8e2638;
				_push(0);
				_v4 = 0;
				asm("xorps xmm0, xmm0");
				_v192 = 2;
				_v84 = 0x8e2574;
				_v88 = 0x50;
				asm("movlpd [esp+0x1c], xmm0");
				E008A38A0(__ebx,  &_v84, __ebp, __eflags,  &_v164);
				_t12 = _v180 + 4; // 0x58
				 *((intOrPtr*)(_t108 +  *_t12 + 0x1c)) = 0x8e25b4;
				_t16 = _v180 + 4; // 0x8bece0
				_t17 =  *_t16 - 8; // 0x8becd8
				 *((intOrPtr*)(_t108 +  *_t16 + 0x18)) = _t17;
				 *((intOrPtr*)(_t108 +  *((intOrPtr*)(_v196 + 4)) + 0xc)) = 0x8e25ec;
				_t25 = _v196 + 4; // 0x89b1a0
				_t26 =  *_t25 - 0x20; // 0x89b180
				 *((intOrPtr*)(_t108 +  *_t25 + 8)) = _t26;
				_t74 = _v196;
				_v12 = 5;
				_t31 = _t74 + 4; // 0x89b1a0
				 *((intOrPtr*)(_t108 +  *_t31 + 0xc)) = 0x8e262c;
				_t35 = _v196 + 4; // 0x0
				_t36 =  *_t35 - 0x68; // -104
				 *((intOrPtr*)(_t108 +  *_t35 + 8)) = _t36;
				E00898840(__ebx,  &_v172);
				_v172 = 0x8e25f0;
				_v116 = 0;
				_v112 = 0;
				_t79 = _a4;
				_v12 = 7;
				if(_t79[0x10] != 0) {
					__eflags = _t79[0x14] - 0x10;
					if(_t79[0x14] >= 0x10) {
						_t79 =  *_t79;
					}
				} else {
					_t79 = "<unspecified file>";
				}
				_push(_t79);
				_push( &_v176);
				E00894A30();
				_t82 = _a12;
				_t109 = _t108 + 8;
				_t117 = _t82;
				if(_t82 != 0) {
					E00894770(E0089AA40(E00894770( &_v176, 0x28), _t82), 0x29);
					_t109 = _t109 + 0x10;
				}
				_push(_a4);
				_push(": ");
				_push( &_v176);
				_push(E00894A30());
				E00894500();
				E008A5C40(_v0);
				_v12 = 0xffffffff;
				E0089A0D0( &_v92, _t117);
				_v92 = 0x8e2570;
				E008AA43A( &_v92);
				 *[fs:0x0] = _v20;
				return _v4;
			}

0x008a2f40
0x008a2f42
0x008a2f4d
0x008a2f4e
0x008a2f54
0x008a2f5b
0x008a2f63
0x008a2f69
0x008a2f71
0x008a2f79
0x008a2f81
0x008a2f87
0x008a2f92
0x008a2f95
0x008a2fa2
0x008a2faa
0x008a2fb2
0x008a2fb8
0x008a2fc1
0x008a2fc4
0x008a2fd0
0x008a2fd3
0x008a2fd6
0x008a2fe1
0x008a2fed
0x008a2ff0
0x008a2ff3
0x008a2ff7
0x008a2ffb
0x008a3006
0x008a3009
0x008a3015
0x008a3018
0x008a301b
0x008a3023
0x008a3028
0x008a3030
0x008a3038
0x008a3040
0x008a3047
0x008a3056
0x008a305f
0x008a3063
0x008a3065
0x008a3065
0x008a3058
0x008a3058
0x008a3058
0x008a3067
0x008a306c
0x008a306d
0x008a3072
0x008a3079
0x008a307c
0x008a307e
0x008a309a
0x008a309f
0x008a309f
0x008a30a2
0x008a30ad
0x008a30b2
0x008a30bb
0x008a30bc
0x008a30cf
0x008a30d8
0x008a30e3
0x008a30ec
0x008a30f5
0x008a310b
0x008a3119

APIs

Part of subcall function 008A38A0: std::ios_base::_Addstd.LIBCPMT ref: 008A3943

Part of subcall function 00898840: std::locale::_Init.LIBCPMT ref: 0089885C

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 008A30F5

Strings

P, xrefs: 008A2FAA
<unspecified file>, xrefs: 008A3058

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: std::ios_base::_$AddstdInitIos_base_dtorstd::locale::_
String ID: <unspecified file>$P
API String ID: 3640179778-2118177464
Opcode ID: 0fbf6b6741d0237c2e45ddde6d769e45c0bc1de57af16eb5046bd8fd6904a5fa
Instruction ID: 13acbfa1389426e8339d353e704ac9de53ac0ad30d01eb632fd2d6d4126caabe
Opcode Fuzzy Hash: 0fbf6b6741d0237c2e45ddde6d769e45c0bc1de57af16eb5046bd8fd6904a5fa
Instruction Fuzzy Hash: 874134B45083809FD720DF69D949B4ABBE8FB89308F148A2DF89887291D774E508CF52

Uniqueness

Uniqueness Score: -1.00%

Function 008B9625, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E008B9625(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				void* _t49;
				intOrPtr* _t50;
				void* _t55;
				intOrPtr* _t63;
				intOrPtr* _t67;
				signed int _t70;
				intOrPtr* _t87;
				signed int _t92;
				void* _t95;
				void* _t96;
				void* _t98;
				void* _t109;

				_t109 = __fp0;
				_t98 = __eflags;
				E008C1E90(E008E14C2, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t95 - 0x54)) = __ecx;
				_t87 =  *((intOrPtr*)(_t95 + 0x20));
				 *((intOrPtr*)(_t95 - 0x4c)) =  *((intOrPtr*)(_t95 + 8));
				 *((intOrPtr*)(_t95 - 0x50)) =  *((intOrPtr*)(_t95 + 0x18));
				_t49 = E008A36A0(_t95 - 0x44);
				 *(_t95 - 4) =  *(_t95 - 4) & 0x00000000;
				_t50 = E008AE3F2(__ebx, _t87, __esi, _t98);
				 *(_t95 - 4) =  *(_t95 - 4) | 0xffffffff;
				E0089A750(_t95 - 0x44);
				_t85 =  *_t50;
				 *((intOrPtr*)( *_t50 + 0x2c))("0123456789-", 0x8e54fb, _t95 - 0x28, _t49, 0x48);
				_t70 = 0;
				 *((char*)(_t95 - 0x48)) = 0;
				if( *((intOrPtr*)(_t87 + 0x10)) != 0) {
					if( *((intOrPtr*)(_t87 + 0x14)) < 8) {
						_t67 = _t87;
					} else {
						_t67 =  *_t87;
					}
					if( *_t67 ==  *((intOrPtr*)(_t95 - 0x14))) {
						 *((char*)(_t95 - 0x48)) = 1;
						_t70 = 1;
					}
				}
				_t92 = _t70;
				if(_t70 >=  *((intOrPtr*)(_t87 + 0x10))) {
					L12:
					if( *((intOrPtr*)(_t87 + 0x14)) >= 8) {
						_t87 =  *_t87;
					}
					_t55 = E008AF167(_t95 - 0x40, _t87 + _t70 * 2, _t92 - _t70);
					_t108 =  *((intOrPtr*)(_t95 - 0x30));
					 *(_t95 - 4) = 1;
					if( *((intOrPtr*)(_t95 - 0x30)) == 0) {
						_push( *((intOrPtr*)(_t95 - 0x28)));
						E008B6765(_t55, _t70, _t95 - 0x40, 1);
					}
					_push( *((intOrPtr*)(_t95 - 0x28)));
					E008AF11A(_t96 - 0x18, _t95 - 0x40);
					_push( *((intOrPtr*)(_t95 - 0x48)));
					_t94 =  *((intOrPtr*)(_t95 - 0x4c));
					_push( *((intOrPtr*)(_t95 + 0x1c)));
					_push( *((intOrPtr*)(_t95 - 0x50)));
					_push( *((intOrPtr*)(_t95 + 0x14)));
					_push( *((intOrPtr*)(_t95 + 0x10)));
					_push( *((intOrPtr*)(_t95 + 0xc)));
					_push( *((intOrPtr*)(_t95 - 0x4c)));
					L008B5AA2(_t70, _t85, 1,  *((intOrPtr*)(_t95 - 0x4c)), _t108, _t109);
					E008B65E8(_t95 - 0x40, 1, 0);
					return E008C1E3F(_t70, 1, _t94);
				} else {
					L7:
					L7:
					if( *((intOrPtr*)(_t87 + 0x14)) < 8) {
						_t63 = _t87;
					} else {
						_t63 =  *_t87;
					}
					if(E008ADB56(_t95 - 0x28,  *(_t63 + _t92 * 2) & 0x0000ffff) >= 0xa) {
						goto L12;
					}
					_t92 = _t92 + 1;
					if(_t92 <  *((intOrPtr*)(_t87 + 0x10))) {
						goto L7;
					}
					goto L12;
				}
			}

0x008b9625
0x008b9625
0x008b962c
0x008b9631
0x008b963a
0x008b963d
0x008b9646
0x008b9649
0x008b964e
0x008b9653
0x008b9658
0x008b9662
0x008b9667
0x008b9679
0x008b967c
0x008b967e
0x008b9685
0x008b968b
0x008b9691
0x008b968d
0x008b968d
0x008b968d
0x008b969a
0x008b969e
0x008b96a2
0x008b96a2
0x008b969a
0x008b96a3
0x008b96a8
0x008b96d1
0x008b96d5
0x008b96d7
0x008b96d7
0x008b96e3
0x008b96eb
0x008b96ef
0x008b96f2
0x008b96f4
0x008b96fb
0x008b96fb
0x008b9700
0x008b970c
0x008b9711
0x008b9714
0x008b9717
0x008b971d
0x008b9720
0x008b9723
0x008b9726
0x008b9729
0x008b972a
0x008b9735
0x008b9741
0x008b96aa
0x00000000
0x008b96aa
0x008b96ae
0x008b96b4
0x008b96b0
0x008b96b0
0x008b96b0
0x008b96c9
0x00000000
0x00000000
0x008b96cb
0x008b96cf
0x00000000
0x00000000
0x00000000
0x008b96cf

APIs

__EH_prolog3_GS.LIBCMT ref: 008B962C

Part of subcall function 008AE3F2: __EH_prolog3.LIBCMT ref: 008AE3F9
Part of subcall function 008AE3F2: std::_Lockit::_Lockit.LIBCPMT ref: 008AE403

_Find_elem.LIBCPMT ref: 008B96BF

Strings

0123456789-, xrefs: 008B9672

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: Find_elemH_prolog3H_prolog3_LockitLockit::_std::_
String ID: 0123456789-
API String ID: 2225271509-3850129594
Opcode ID: 47515c3916def39bc3e3b63d9ddd9c98099486446413a85220cb92f673496fa8
Instruction ID: b3246d2b306ae11205c6a7cd42223a60133cd1a48c3512e15844d062b0c811ab
Opcode Fuzzy Hash: 47515c3916def39bc3e3b63d9ddd9c98099486446413a85220cb92f673496fa8
Instruction Fuzzy Hash: 6C416931A00109EFCF15EFE8C885AEEBBB5FF16324F100119E551E7251DB70A966CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 008B98A5, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E008B98A5(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				void* _t49;
				intOrPtr* _t50;
				void* _t55;
				intOrPtr* _t63;
				intOrPtr* _t67;
				signed int _t70;
				intOrPtr* _t87;
				signed int _t92;
				void* _t95;
				void* _t96;
				void* _t98;
				void* _t109;

				_t109 = __fp0;
				_t98 = __eflags;
				E008C1E90(E008E152C, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t95 - 0x54)) = __ecx;
				_t87 =  *((intOrPtr*)(_t95 + 0x20));
				 *((intOrPtr*)(_t95 - 0x4c)) =  *((intOrPtr*)(_t95 + 8));
				 *((intOrPtr*)(_t95 - 0x50)) =  *((intOrPtr*)(_t95 + 0x18));
				_t49 = E008A36A0(_t95 - 0x44);
				 *(_t95 - 4) =  *(_t95 - 4) & 0x00000000;
				_t50 = E008AE48B(__ebx, _t87, __esi, _t98);
				 *(_t95 - 4) =  *(_t95 - 4) | 0xffffffff;
				E0089A750(_t95 - 0x44);
				_t85 =  *_t50;
				 *((intOrPtr*)( *_t50 + 0x2c))("0123456789-", 0x8e547f, _t95 - 0x28, _t49, 0x48);
				_t70 = 0;
				 *((char*)(_t95 - 0x48)) = 0;
				if( *((intOrPtr*)(_t87 + 0x10)) != 0) {
					if( *((intOrPtr*)(_t87 + 0x14)) < 8) {
						_t67 = _t87;
					} else {
						_t67 =  *_t87;
					}
					if( *_t67 ==  *((intOrPtr*)(_t95 - 0x14))) {
						 *((char*)(_t95 - 0x48)) = 1;
						_t70 = 1;
					}
				}
				_t92 = _t70;
				if(_t70 >=  *((intOrPtr*)(_t87 + 0x10))) {
					L12:
					if( *((intOrPtr*)(_t87 + 0x14)) >= 8) {
						_t87 =  *_t87;
					}
					_t55 = E008AF18F(_t95 - 0x40, _t87 + _t70 * 2, _t92 - _t70);
					_t108 =  *((intOrPtr*)(_t95 - 0x30));
					 *(_t95 - 4) = 1;
					if( *((intOrPtr*)(_t95 - 0x30)) == 0) {
						E008A7EF0(_t55, _t95 - 0x40, _t95, 1,  *((intOrPtr*)(_t95 - 0x28)));
					}
					_push( *((intOrPtr*)(_t95 - 0x28)));
					E00891260(_t96 - 0x18, _t95 - 0x40);
					_push( *((intOrPtr*)(_t95 - 0x48)));
					_t94 =  *((intOrPtr*)(_t95 - 0x4c));
					_push( *((intOrPtr*)(_t95 + 0x1c)));
					_push( *((intOrPtr*)(_t95 - 0x50)));
					_push( *((intOrPtr*)(_t95 + 0x14)));
					_push( *((intOrPtr*)(_t95 + 0x10)));
					_push( *((intOrPtr*)(_t95 + 0xc)));
					_push( *((intOrPtr*)(_t95 - 0x4c)));
					L008B6007(_t70, _t85, 1,  *((intOrPtr*)(_t95 - 0x4c)), _t108, _t109);
					E00892630(_t95 - 0x40, 1, 0);
					return E008C1E3F(_t70, 1, _t94);
				} else {
					L7:
					L7:
					if( *((intOrPtr*)(_t87 + 0x14)) < 8) {
						_t63 = _t87;
					} else {
						_t63 =  *_t87;
					}
					if(E008ADB56(_t95 - 0x28,  *(_t63 + _t92 * 2) & 0x0000ffff) >= 0xa) {
						goto L12;
					}
					_t92 = _t92 + 1;
					if(_t92 <  *((intOrPtr*)(_t87 + 0x10))) {
						goto L7;
					}
					goto L12;
				}
			}

0x008b98a5
0x008b98a5
0x008b98ac
0x008b98b1
0x008b98ba
0x008b98bd
0x008b98c6
0x008b98c9
0x008b98ce
0x008b98d3
0x008b98d8
0x008b98e2
0x008b98e7
0x008b98f9
0x008b98fc
0x008b98fe
0x008b9905
0x008b990b
0x008b9911
0x008b990d
0x008b990d
0x008b990d
0x008b991a
0x008b991e
0x008b9922
0x008b9922
0x008b991a
0x008b9923
0x008b9928
0x008b9951
0x008b9955
0x008b9957
0x008b9957
0x008b9963
0x008b996b
0x008b996f
0x008b9972
0x008b997b
0x008b997b
0x008b9980
0x008b998c
0x008b9991
0x008b9994
0x008b9997
0x008b999d
0x008b99a0
0x008b99a3
0x008b99a6
0x008b99a9
0x008b99aa
0x008b99b5
0x008b99c1
0x008b992a
0x00000000
0x008b992a
0x008b992e
0x008b9934
0x008b9930
0x008b9930
0x008b9930
0x008b9949
0x00000000
0x00000000
0x008b994b
0x008b994f
0x00000000
0x00000000
0x00000000
0x008b994f

APIs

__EH_prolog3_GS.LIBCMT ref: 008B98AC

Part of subcall function 008AE48B: __EH_prolog3.LIBCMT ref: 008AE492
Part of subcall function 008AE48B: std::_Lockit::_Lockit.LIBCPMT ref: 008AE49C

_Find_elem.LIBCPMT ref: 008B993F

Strings

0123456789-, xrefs: 008B98F2

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: Find_elemH_prolog3H_prolog3_LockitLockit::_std::_
String ID: 0123456789-
API String ID: 2225271509-3850129594
Opcode ID: aaf1dd5bfe8386ecbdd97f8bd0155a83cf889679732b0922966f7e48d8479981
Instruction ID: d5d943099d110499c97916950edefadeea232ea2c181777105f9c6ad9b489a9e
Opcode Fuzzy Hash: aaf1dd5bfe8386ecbdd97f8bd0155a83cf889679732b0922966f7e48d8479981
Instruction Fuzzy Hash: 44416832A00209EBCF15EFE8C885AEEBBB5FF05310F54011DE545E7251D730AA56CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 008A3A90, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83
COMMON

Download Yara Rule

C-Code - Quality: 59%

			E008A3A90(signed int __eax, intOrPtr* __ecx, void* __ebp, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v4;
				char _v20;
				void* _v24;
				char _v32;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t37;
				char _t38;
				intOrPtr _t47;
				intOrPtr _t58;
				char _t59;
				char _t61;
				intOrPtr* _t67;
				intOrPtr* _t69;
				intOrPtr* _t70;
				intOrPtr _t71;
				intOrPtr _t72;
				intOrPtr* _t76;
				char _t77;
				intOrPtr _t78;
				intOrPtr* _t79;
				intOrPtr _t81;

				_t58 = _a4;
				_t76 = __ecx;
				_t61 =  *((intOrPtr*)(__ecx + 0x10));
				if(_t61 < _t58) {
					_push("invalid string position");
					E008A9C28(__eflags);
					goto L18;
				} else {
					_push(_t71);
					_t71 = _a8;
					if((__eax | 0xffffffff) - _t61 <= _t71) {
						L18:
						_push("string too long");
						E008A9BFA(__eflags);
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(_t58);
						_push(_t76);
						_t77 = _t61;
						_push(_t71);
						__eflags = _t77;
						if(__eflags == 0) {
							__eflags = 0;
						}
						_v24 = 0;
						_push(_v24);
						_push(_v4);
						_push( &_v24);
						E00896770(__eflags);
						_t59 = _v32;
						_t72 = _v36;
						__eflags = _t59;
						if(_t59 != 0) {
							__eflags = _t77;
							if(_t77 == 0) {
								_t78 = 0;
								__eflags = 0;
							} else {
								_t78 = _t77 + 0xfffffff7;
							}
							_t38 = _v20;
							__eflags = _t38 -  *((intOrPtr*)(_t78 + 4));
							if(_t38 !=  *((intOrPtr*)(_t78 + 4))) {
								__eflags = _t72;
								if(_t72 == 0) {
									_t69 = 0;
									__eflags = 0;
								} else {
									_t23 = _t72 + 0x40; // 0x40
									_t69 = _t23;
								}
								__eflags = _t38;
								if(_t38 == 0) {
									_t79 = 0;
									__eflags = 0;
								} else {
									_t79 = _t38 + 0x40;
								}
								 *((intOrPtr*)( *_t69 + 4)) =  *((intOrPtr*)(_t69 + 4));
								 *((intOrPtr*)( *((intOrPtr*)(_t69 + 4)))) =  *_t69;
								 *_t69 =  *_t79;
								 *((intOrPtr*)(_t69 + 4)) = _t79;
								 *_t79 = _t69;
								 *((intOrPtr*)( *_t69 + 4)) = _t69;
							}
						}
						_t37 = _v24;
						 *_t37 = _t72;
						 *((char*)(_t37 + 4)) = _t59;
						return _t37;
					} else {
						if(_t71 == 0) {
							L16:
							return _t76;
						} else {
							_push(__ebp);
							_t81 = _t61 + _t71;
							if(E00892460(_t58, __ecx, _t71, __ecx, _t81, _t81, 0) == 0) {
								L15:
								goto L16;
							} else {
								_t47 =  *((intOrPtr*)(__ecx + 0x14));
								if(_t47 < 0x10) {
									_t70 = __ecx;
								} else {
									_t70 =  *__ecx;
								}
								if(_t47 < 0x10) {
									_t67 = _t76;
								} else {
									_t67 =  *_t76;
								}
								_t49 =  *((intOrPtr*)(_t76 + 0x10)) != _t58;
								if( *((intOrPtr*)(_t76 + 0x10)) != _t58) {
									E008BEEA0(_t67 + _t58 + _t71, _t70 + _t58, _t49);
								}
								E00892100(_t76, _t58, _t71, _a12);
								 *((intOrPtr*)(_t76 + 0x10)) = _t81;
								if( *((intOrPtr*)(_t76 + 0x14)) < 0x10) {
									 *((char*)(_t76 + _t81)) = 0;
									goto L15;
								} else {
									 *((char*)( *_t76 + _t81)) = 0;
									return _t76;
								}
							}
						}
					}
				}
			}

0x008a3a91
0x008a3a96
0x008a3a98
0x008a3a9d
0x008a3b32
0x008a3b37
0x00000000
0x008a3aa3
0x008a3aa6
0x008a3aa7
0x008a3aaf
0x008a3b3c
0x008a3b3c
0x008a3b41
0x008a3b46
0x008a3b47
0x008a3b48
0x008a3b49
0x008a3b4a
0x008a3b4b
0x008a3b4c
0x008a3b4d
0x008a3b4e
0x008a3b4f
0x008a3b53
0x008a3b54
0x008a3b55
0x008a3b57
0x008a3b58
0x008a3b5a
0x008a3b61
0x008a3b61
0x008a3b63
0x008a3b6c
0x008a3b70
0x008a3b74
0x008a3b75
0x008a3b7a
0x008a3b7e
0x008a3b82
0x008a3b84
0x008a3b86
0x008a3b88
0x008a3b8f
0x008a3b8f
0x008a3b8a
0x008a3b8a
0x008a3b8a
0x008a3b91
0x008a3b95
0x008a3b98
0x008a3b9a
0x008a3b9c
0x008a3ba3
0x008a3ba3
0x008a3b9e
0x008a3b9e
0x008a3b9e
0x008a3b9e
0x008a3ba5
0x008a3ba7
0x008a3bae
0x008a3bae
0x008a3ba9
0x008a3ba9
0x008a3ba9
0x008a3bb5
0x008a3bbd
0x008a3bc1
0x008a3bc3
0x008a3bc6
0x008a3bca
0x008a3bca
0x008a3b98
0x008a3bcd
0x008a3bd1
0x008a3bd5
0x008a3bdc
0x008a3ab5
0x008a3ab7
0x008a3b2a
0x008a3b2f
0x008a3ab9
0x008a3ab9
0x008a3aba
0x008a3ac9
0x008a3b29
0x00000000
0x008a3acb
0x008a3acb
0x008a3ad1
0x008a3ad7
0x008a3ad3
0x008a3ad3
0x008a3ad3
0x008a3adc
0x008a3ae2
0x008a3ade
0x008a3ade
0x008a3ade
0x008a3ae7
0x008a3ae9
0x008a3af6
0x008a3afb
0x008a3b06
0x008a3b0f
0x008a3b12
0x008a3b25
0x00000000
0x008a3b14
0x008a3b16
0x008a3b20
0x008a3b20
0x008a3b12
0x008a3ac9
0x008a3ab7
0x008a3aaf

APIs

_memmove.LIBCMT ref: 008A3AF6

Strings

invalid string position, xrefs: 008A3B32
string too long, xrefs: 008A3B3C

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: _memmove
String ID: invalid string position$string too long
API String ID: 4104443479-4289949731
Opcode ID: 06e9b3e50cc30503bbcae5d38aee2ca50bd6f800c04e65daf38c5b71564e8425
Instruction ID: 17f1a25d1c0aa2764a68abe940cd21237685951b2861c079958dabbee25ea1cc
Opcode Fuzzy Hash: 06e9b3e50cc30503bbcae5d38aee2ca50bd6f800c04e65daf38c5b71564e8425
Instruction Fuzzy Hash: 7D11DD317046789BD7349E5C9840E5BF7AAFB86720B20091EF192DBB81DA61E9058761

Uniqueness

Uniqueness Score: -1.00%

Function 008A7E30, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 82
COMMON

Download Yara Rule

C-Code - Quality: 51%

			E008A7E30(intOrPtr* __ecx, void* __ebp, signed int _a4, signed int _a8, intOrPtr _a12) {
				intOrPtr _v8;
				signed int _v12;
				intOrPtr _v24;
				signed int _v28;
				signed int _v40;
				signed int _v44;
				short* _v60;
				char _v68;
				char _v76;
				signed int _v80;
				intOrPtr _v84;
				char _v104;
				short* _v108;
				signed int _v112;
				char _v116;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t87;
				signed int _t89;
				signed int _t98;
				signed int _t100;
				void* _t107;
				signed int _t108;
				signed int _t109;
				signed int _t112;
				signed int _t115;
				signed int _t122;
				signed int _t126;
				signed int _t127;
				signed int _t129;
				intOrPtr _t131;
				signed int _t137;
				intOrPtr _t142;
				short* _t147;
				signed int _t151;
				void* _t165;
				signed int _t166;
				signed int _t167;
				short* _t168;
				void* _t169;
				intOrPtr* _t185;
				signed int _t186;
				intOrPtr* _t188;
				signed int _t189;
				signed int _t190;
				intOrPtr* _t196;
				signed int _t197;
				signed int _t198;
				signed int _t201;
				intOrPtr* _t220;
				intOrPtr* _t223;
				signed int _t224;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				void* _t230;
				intOrPtr* _t246;
				intOrPtr* _t247;
				signed int _t248;
				signed int _t249;
				void* _t251;
				void* _t252;
				signed int _t269;
				void* _t272;
				signed int _t273;
				signed int _t274;

				_t268 = __ebp;
				_t226 = _a4;
				_t246 = __ecx;
				_t185 = _a8;
				_t87 =  *((intOrPtr*)(_t226 + 0x10));
				if(_t87 < _t185) {
					_push("invalid string position");
					E008A9C28(__eflags);
					goto L17;
				} else {
					_t151 = _t87 - _t185;
					_t185 =  *((intOrPtr*)(__ecx + 0x10));
					_push(_t165);
					_t165 =  <  ? _t151 : _a12;
					if((_t151 | 0xffffffff) - _t185 <= _t165) {
						L17:
						_push("string too long");
						_t89 = E008A9BFA(__eflags);
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(_t165);
						_t166 = _v12;
						_push(_t246);
						_t247 = _t185;
						_t186 =  *(_t247 + 0x10);
						__eflags = (_t89 | 0xffffffff) - _t186 - _t166;
						if(__eflags <= 0) {
							_push("string too long");
							E008A9BFA(__eflags);
							goto L32;
						} else {
							_push(_t226);
							__eflags = _t166;
							if(_t166 == 0) {
								L30:
								return _t247;
							} else {
								_t226 = _t186 + _t166;
								__eflags = _t226 - 0x7ffffffe;
								if(__eflags > 0) {
									L32:
									_push("string too long");
									E008A9BFA(__eflags);
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									_push(_t247);
									_push(_t226);
									_t227 = _v28;
									_t248 = _t186;
									__eflags = _t227 - 0xffffffff;
									if(__eflags == 0) {
										_push("string too long");
										E008A9BFA(__eflags);
										goto L46;
									} else {
										__eflags = _t227 - 0x7ffffffe;
										if(__eflags > 0) {
											L46:
											_push("string too long");
											E008A9BFA(__eflags);
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											_push(_t166);
											_t167 = _v44;
											_push(_t248);
											_t249 = _t186;
											__eflags = _t167;
											if(_t167 == 0) {
												L60:
												_push(_t227);
												_t228 = _v40;
												__eflags = _t228 - 0x7ffffffe;
												if(__eflags > 0) {
													_push("string too long");
													E008A9BFA(__eflags);
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													_push(0xffffffff);
													_push(E008E0921);
													_push( *[fs:0x0]);
													_t273 = _t272 - 0x28;
													_t98 =  *0x8f21d0; // 0x28a5f8b6
													_v80 = _t98 ^ _t273;
													_push(_t167);
													_push(_t249);
													_push(_t228);
													_t100 =  *0x8f21d0; // 0x28a5f8b6
													_push(_t100 ^ _t273);
													 *[fs:0x0] =  &_v76;
													_t229 = _t186;
													_t168 = _v60;
													_v112 = 0;
													_v108 = _t168;
													 *((intOrPtr*)(_t168 + 0x14)) = 7;
													 *((intOrPtr*)(_t168 + 0x10)) = 0;
													 *_t168 = 0;
													_v68 = 0;
													_t250 = _t168 + 0x1c;
													_v112 = 1;
													 *(_t168 + 0x18) = _t186;
													E008A8B80(_t186, _t168 + 0x1c,  &_v116, 0xffffffff);
													_t274 = _t273 + 0x10;
													_t107 = E008A96C0( &_v104,  *((intOrPtr*)(_t168 + 0x1c)), _v116);
													_v80 = 1;
													__eflags = _t168 - _t107;
													if(_t168 != _t107) {
														_push(0xffffffff);
														E00892A50(_t168, _t168, _t229, _t268, _t107, 0);
													}
													__eflags = _v84 - 8;
													_v68 = 0;
													if(_v84 >= 8) {
														L008BED53(_v104);
														_t274 = _t274 + 4;
													}
													_t223 =  *0x8f2010; // 0x8e3b98
													__eflags =  *_t223;
													if( *_t223 != 0) {
														_t188 = _t223;
														_t82 = _t188 + 2; // 0x8e3b9a
														_t250 = _t82;
														do {
															_t108 =  *_t188;
															_t188 = _t188 + 2;
															__eflags = _t108;
														} while (_t108 != 0);
														_t189 = _t188 - _t250;
														__eflags = _t189;
														_t190 = _t189 >> 1;
													} else {
														_t190 = 0;
													}
													_t109 = E008A8310(_t168, _t168, _t250, _t268, 0,  *((intOrPtr*)(_t168 + 0x10)), _t223, _t190);
													__eflags = _t109;
													if(_t109 == 0) {
														_t223 =  *0x8f200c;
														__eflags =  *_t223 - _t109;
														if( *_t223 != _t109) {
															_t196 = _t223;
															_t252 = _t196 + 2;
															do {
																_t112 =  *_t196;
																_t196 = _t196 + 2;
																__eflags = _t112;
															} while (_t112 != 0);
															_t197 = _t196 - _t252;
															__eflags = _t197;
															_t198 = _t197 >> 1;
														} else {
															_t198 = 0;
														}
														_push(_t198);
														_push(_t223);
														L47();
													}
													 *[fs:0x0] = _v76;
													_pop(_t230);
													_pop(_t251);
													_pop(_t169);
													__eflags = _v80 ^ _t274;
													return E008BF888(_t169, _v80 ^ _t274, _t223, _t230, _t251);
												} else {
													_t115 =  *(_t249 + 0x14);
													__eflags = _t115 - _t228;
													if(_t115 >= _t228) {
														__eflags = _t228;
														if(_t228 != 0) {
															goto L63;
														} else {
															 *(_t249 + 0x10) = _t228;
															__eflags = _t115 - 8;
															if(_t115 < 8) {
																_t122 = _t249;
																__eflags = 0;
																 *_t122 = 0;
																return _t122;
															} else {
																__eflags = 0;
																 *( *_t249) = 0;
																return _t249;
															}
														}
													} else {
														E008922A0(_t249, _t228,  *(_t249 + 0x10));
														__eflags = _t228;
														if(_t228 == 0) {
															L75:
															return _t249;
														} else {
															L63:
															__eflags =  *(_t249 + 0x14) - 8;
															if( *(_t249 + 0x14) < 8) {
																_t201 = _t249;
															} else {
																_t201 =  *_t249;
															}
															__eflags = _t228;
															if(_t228 != 0) {
																E008BFCF0(_t201, _t167, _t228 + _t228);
															}
															__eflags =  *(_t249 + 0x14) - 8;
															 *(_t249 + 0x10) = _t228;
															if( *(_t249 + 0x14) < 8) {
																__eflags = 0;
																 *((short*)(_t249 + _t228 * 2)) = 0;
																goto L75;
															} else {
																__eflags = 0;
																 *((short*)( *_t249 + _t228 * 2)) = 0;
																return _t249;
															}
														}
													}
												}
											} else {
												_t186 =  *(_t249 + 0x14);
												__eflags = _t186 - 8;
												if(_t186 < 8) {
													_t126 = _t249;
												} else {
													_t126 =  *_t249;
												}
												__eflags = _t167 - _t126;
												if(_t167 < _t126) {
													goto L60;
												} else {
													__eflags = _t186 - 8;
													if(_t186 < 8) {
														_t224 = _t249;
													} else {
														_t224 =  *_t249;
													}
													_t127 =  *(_t249 + 0x10);
													__eflags = _t224 + _t127 * 2 - _t167;
													if(_t224 + _t127 * 2 <= _t167) {
														goto L60;
													} else {
														__eflags = _t186 - 8;
														if(_t186 < 8) {
															_t129 = _t249;
														} else {
															_t129 =  *_t249;
														}
														_push(_v40);
														_t174 = _t167 - _t129;
														__eflags = _t167 - _t129;
														return E00892A50(_t174 >> 1, _t249, _t227, _t268, _t249, _t174 >> 1);
													}
												}
											}
										} else {
											_t131 =  *((intOrPtr*)(_t248 + 0x14));
											__eflags = _t131 - _t227;
											if(_t131 >= _t227) {
												__eflags = _t227;
												if(_t227 != 0) {
													goto L37;
												} else {
													 *(_t248 + 0x10) = _t227;
													__eflags = _t131 - 8;
													if(_t131 < 8) {
														_t137 = _t248;
														__eflags = 0;
														 *_t137 = 0;
														return _t137;
													} else {
														__eflags = 0;
														 *((short*)( *_t248)) = 0;
														return _t248;
													}
												}
											} else {
												E008922A0(_t186, _t227,  *(_t248 + 0x10));
												__eflags = _t227;
												if(_t227 == 0) {
													L44:
													return _t248;
												} else {
													L37:
													E008A7D10(_t248, 0, _t227, _v24);
													__eflags =  *((intOrPtr*)(_t248 + 0x14)) - 8;
													 *(_t248 + 0x10) = _t227;
													if( *((intOrPtr*)(_t248 + 0x14)) < 8) {
														__eflags = 0;
														 *((short*)(_t248 + _t227 * 2)) = 0;
														goto L44;
													} else {
														__eflags = 0;
														 *((short*)( *_t248 + _t227 * 2)) = 0;
														return _t248;
													}
												}
											}
										}
									}
								} else {
									_t142 =  *((intOrPtr*)(_t247 + 0x14));
									__eflags = _t142 - _t226;
									if(_t142 >= _t226) {
										__eflags = _t226;
										if(_t226 != 0) {
											goto L23;
										} else {
											 *(_t247 + 0x10) = _t226;
											__eflags = _t142 - 8;
											if(_t142 < 8) {
												_t147 = _t247;
												__eflags = 0;
												 *_t147 = 0;
												return _t147;
											} else {
												__eflags = 0;
												 *((short*)( *_t247)) = 0;
												return _t247;
											}
										}
									} else {
										E008922A0(_t247, _t226, _t186);
										__eflags = _t226;
										if(_t226 == 0) {
											goto L30;
										} else {
											L23:
											E008A7D10(_t247,  *(_t247 + 0x10), _t166, _v8);
											__eflags =  *((intOrPtr*)(_t247 + 0x14)) - 8;
											 *(_t247 + 0x10) = _t226;
											if( *((intOrPtr*)(_t247 + 0x14)) < 8) {
												__eflags = 0;
												 *((short*)(_t247 + _t226 * 2)) = 0;
												goto L30;
											} else {
												__eflags = 0;
												 *((short*)( *_t247 + _t226 * 2)) = 0;
												return _t247;
											}
										}
									}
								}
							}
						}
					} else {
						if(_t165 == 0) {
							L15:
							return _t246;
						} else {
							_push(__ebp);
							_t269 = _t185 + _t165;
							if(E00892510(_t165, __ecx, _t226, __ecx, _t269, _t269, 0) == 0) {
								L14:
								goto L15;
							} else {
								if( *((intOrPtr*)(_t226 + 0x14)) >= 8) {
									_t226 =  *_t226;
								}
								if( *((intOrPtr*)(_t246 + 0x14)) < 8) {
									_t220 = _t246;
								} else {
									_t220 =  *_t246;
								}
								if(_t165 != 0) {
									E008BFCF0(_t220 +  *(_t246 + 0x10) * 2, _t226 + _a8 * 2, _t165 + _t165);
								}
								 *(_t246 + 0x10) = _t269;
								if( *((intOrPtr*)(_t246 + 0x14)) < 8) {
									__eflags = 0;
									 *((short*)(_t246 + _t269 * 2)) = 0;
									goto L14;
								} else {
									 *((short*)( *_t246 + _t269 * 2)) = 0;
									return _t246;
								}
							}
						}
					}
				}
			}

0x008a7e30
0x008a7e32
0x008a7e36
0x008a7e38
0x008a7e3c
0x008a7e41
0x008a7ed3
0x008a7ed8
0x00000000
0x008a7e47
0x008a7e47
0x008a7e49
0x008a7e4c
0x008a7e53
0x008a7e5d
0x008a7edd
0x008a7edd
0x008a7ee2
0x008a7ee7
0x008a7ee8
0x008a7ee9
0x008a7eea
0x008a7eeb
0x008a7eec
0x008a7eed
0x008a7eee
0x008a7eef
0x008a7ef0
0x008a7ef1
0x008a7ef8
0x008a7ef9
0x008a7efb
0x008a7f00
0x008a7f02
0x008a7f8c
0x008a7f91
0x00000000
0x008a7f08
0x008a7f08
0x008a7f09
0x008a7f0b
0x008a7f84
0x008a7f89
0x008a7f0d
0x008a7f0d
0x008a7f10
0x008a7f16
0x008a7f96
0x008a7f96
0x008a7f9b
0x008a7fa0
0x008a7fa1
0x008a7fa2
0x008a7fa3
0x008a7fa4
0x008a7fa5
0x008a7fa6
0x008a7fa7
0x008a7fa8
0x008a7fa9
0x008a7faa
0x008a7fab
0x008a7fac
0x008a7fad
0x008a7fae
0x008a7faf
0x008a7fb0
0x008a7fb1
0x008a7fb2
0x008a7fb6
0x008a7fb8
0x008a7fbb
0x008a8034
0x008a8039
0x00000000
0x008a7fbd
0x008a7fbd
0x008a7fc3
0x008a803e
0x008a803e
0x008a8043
0x008a8048
0x008a8049
0x008a804a
0x008a804b
0x008a804c
0x008a804d
0x008a804e
0x008a804f
0x008a8050
0x008a8051
0x008a8055
0x008a8056
0x008a8058
0x008a805a
0x008a80a4
0x008a80a4
0x008a80a5
0x008a80a9
0x008a80af
0x008a813a
0x008a813f
0x008a8144
0x008a8145
0x008a8146
0x008a8147
0x008a8148
0x008a8149
0x008a814a
0x008a814b
0x008a814c
0x008a814d
0x008a814e
0x008a814f
0x008a8150
0x008a8152
0x008a815d
0x008a815e
0x008a8161
0x008a8168
0x008a816c
0x008a816d
0x008a816e
0x008a816f
0x008a8176
0x008a817b
0x008a8181
0x008a8183
0x008a8189
0x008a8191
0x008a8195
0x008a819c
0x008a81a3
0x008a81a6
0x008a81aa
0x008a81b3
0x008a81be
0x008a81c1
0x008a81c6
0x008a81d6
0x008a81db
0x008a81e3
0x008a81e5
0x008a81e7
0x008a81ee
0x008a81ee
0x008a81f3
0x008a81f8
0x008a81fd
0x008a8203
0x008a8208
0x008a8208
0x008a820b
0x008a8211
0x008a8215
0x008a821b
0x008a821d
0x008a821d
0x008a8220
0x008a8220
0x008a8223
0x008a8226
0x008a8226
0x008a822b
0x008a822b
0x008a822d
0x008a8217
0x008a8217
0x008a8217
0x008a8238
0x008a823d
0x008a823f
0x008a8241
0x008a8247
0x008a824a
0x008a8250
0x008a8252
0x008a8255
0x008a8255
0x008a8258
0x008a825b
0x008a825b
0x008a8260
0x008a8260
0x008a8262
0x008a824c
0x008a824c
0x008a824c
0x008a8264
0x008a8265
0x008a8268
0x008a8268
0x008a8273
0x008a827b
0x008a827c
0x008a827d
0x008a8282
0x008a828c
0x008a80b5
0x008a80b5
0x008a80b8
0x008a80ba
0x008a80d5
0x008a80d7
0x00000000
0x008a80d9
0x008a80d9
0x008a80dc
0x008a80df
0x008a80f0
0x008a80f2
0x008a80f7
0x008a80fa
0x008a80e1
0x008a80e3
0x008a80e6
0x008a80ed
0x008a80ed
0x008a80df
0x008a80bc
0x008a80c2
0x008a80c7
0x008a80c9
0x008a8132
0x008a8137
0x008a80cb
0x008a80cb
0x008a80cb
0x008a80cf
0x008a80fd
0x008a80d1
0x008a80d1
0x008a80d1
0x008a80ff
0x008a8101
0x008a8109
0x008a810e
0x008a8111
0x008a8115
0x008a8118
0x008a812c
0x008a812e
0x00000000
0x008a811a
0x008a811c
0x008a811e
0x008a8127
0x008a8127
0x008a8118
0x008a80c9
0x008a80ba
0x008a805c
0x008a805c
0x008a805f
0x008a8062
0x008a8068
0x008a8064
0x008a8064
0x008a8064
0x008a806a
0x008a806c
0x00000000
0x008a806e
0x008a806e
0x008a8071
0x008a8077
0x008a8073
0x008a8073
0x008a8073
0x008a8079
0x008a807f
0x008a8081
0x00000000
0x008a8083
0x008a8083
0x008a8086
0x008a808c
0x008a8088
0x008a8088
0x008a8088
0x008a808e
0x008a8092
0x008a8092
0x008a80a1
0x008a80a1
0x008a8081
0x008a806c
0x008a7fc5
0x008a7fc5
0x008a7fc8
0x008a7fca
0x008a7fff
0x008a8001
0x00000000
0x008a8003
0x008a8003
0x008a8006
0x008a8009
0x008a8019
0x008a801b
0x008a801f
0x008a8022
0x008a800b
0x008a800d
0x008a8010
0x008a8016
0x008a8016
0x008a8009
0x008a7fcc
0x008a7fd0
0x008a7fd5
0x008a7fd7
0x008a802d
0x008a8031
0x008a7fd9
0x008a7fd9
0x008a7fe2
0x008a7fe7
0x008a7feb
0x008a7fee
0x008a8027
0x008a8029
0x00000000
0x008a7ff0
0x008a7ff2
0x008a7ff4
0x008a7ffc
0x008a7ffc
0x008a7fee
0x008a7fd7
0x008a7fca
0x008a7fc3
0x008a7f18
0x008a7f18
0x008a7f1b
0x008a7f1d
0x008a7f54
0x008a7f56
0x00000000
0x008a7f58
0x008a7f58
0x008a7f5b
0x008a7f5e
0x008a7f6f
0x008a7f71
0x008a7f76
0x008a7f79
0x008a7f60
0x008a7f62
0x008a7f65
0x008a7f6c
0x008a7f6c
0x008a7f5e
0x008a7f1f
0x008a7f23
0x008a7f28
0x008a7f2a
0x00000000
0x008a7f2c
0x008a7f2c
0x008a7f36
0x008a7f3b
0x008a7f3f
0x008a7f42
0x008a7f7e
0x008a7f80
0x00000000
0x008a7f44
0x008a7f46
0x008a7f48
0x008a7f51
0x008a7f51
0x008a7f42
0x008a7f2a
0x008a7f1d
0x008a7f16
0x008a7f0b
0x008a7e5f
0x008a7e61
0x008a7ecb
0x008a7ed0
0x008a7e63
0x008a7e63
0x008a7e64
0x008a7e73
0x008a7eca
0x00000000
0x008a7e75
0x008a7e79
0x008a7e7b
0x008a7e7b
0x008a7e81
0x008a7e87
0x008a7e83
0x008a7e83
0x008a7e83
0x008a7e8b
0x008a7ea0
0x008a7ea5
0x008a7eac
0x008a7eaf
0x008a7ec4
0x008a7ec6
0x00000000
0x008a7eb1
0x008a7eb5
0x008a7ebf
0x008a7ebf
0x008a7eaf
0x008a7e73
0x008a7e61
0x008a7e5d

APIs

_memmove.LIBCMT ref: 008A7EA0

Strings

invalid string position, xrefs: 008A7ED3
string too long, xrefs: 008A7EDD

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: _memmove
String ID: invalid string position$string too long
API String ID: 4104443479-4289949731
Opcode ID: 4c5f1c87b48d8927015a85d4c2b1b5819daf6b38672cba7ee35ea993a5454400
Instruction ID: 947ad8c625938cbf6072d79645799ed9f929cab7ba4e692ad2e8e2ef9c0597c5
Opcode Fuzzy Hash: 4c5f1c87b48d8927015a85d4c2b1b5819daf6b38672cba7ee35ea993a5454400
Instruction Fuzzy Hash: 7621DE3130831A9B9724DF6CEC8095AB3E8FB86B14710096EE552C7A91DB20EC29C7A5

Uniqueness

Uniqueness Score: -1.00%

Function 008A8CD0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 79
COMMON

Download Yara Rule

C-Code - Quality: 65%

			E008A8CD0(signed int __eax, void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __ebp, signed int _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v12;
				intOrPtr _t23;
				intOrPtr _t30;
				signed int _t43;
				intOrPtr _t47;
				intOrPtr* _t49;
				intOrPtr* _t53;
				intOrPtr _t55;
				intOrPtr* _t59;
				signed int _t63;

				_push(__ebx);
				_t43 = _a4;
				_push(__esi);
				_t59 = __ecx;
				_t47 =  *((intOrPtr*)(__ecx + 0x10));
				if(_t47 < _t43) {
					_push("invalid string position");
					E008A9C28(__eflags);
					goto L18;
				} else {
					_push(__edi);
					_t55 = _a8;
					if((__eax | 0xffffffff) - _t47 <= _t55) {
						L18:
						_push("string too long");
						E008A9BFA(__eflags);
						asm("int3");
						asm("int3");
						asm("int3");
						_t23 = _v12;
						__eflags = _t23 - 0x2f;
						if(_t23 == 0x2f) {
							L22:
							return 1;
						} else {
							__eflags = _t23 - 0x5c;
							if(_t23 == 0x5c) {
								goto L22;
							} else {
								__eflags = 0;
								return 0;
							}
						}
					} else {
						if(_t55 == 0) {
							L16:
							return _t59;
						} else {
							_push(__ebp);
							_t63 = _t47 + _t55;
							if(E00892510(_t43, __ecx, _t55, __ecx, _t63, _t63, 0) == 0) {
								L15:
								goto L16;
							} else {
								_t30 =  *((intOrPtr*)(__ecx + 0x14));
								if(_t30 < 8) {
									_t53 = __ecx;
								} else {
									_t53 =  *__ecx;
								}
								if(_t30 < 8) {
									_t49 = _t59;
								} else {
									_t49 =  *_t59;
								}
								_t32 =  *(_t59 + 0x10) != _t43;
								if( *(_t59 + 0x10) != _t43) {
									E008BEEA0(_t49 + (_t43 + _t55) * 2, _t53 + _t43 * 2, _t32 + _t32);
								}
								E008A7D10(_t59, _t43, _t55, _a12);
								 *(_t59 + 0x10) = _t63;
								if( *((intOrPtr*)(_t59 + 0x14)) < 8) {
									__eflags = 0;
									 *((short*)(_t59 + _t63 * 2)) = 0;
									goto L15;
								} else {
									 *((short*)( *_t59 + _t63 * 2)) = 0;
									return _t59;
								}
							}
						}
					}
				}
			}

0x008a8cd0
0x008a8cd1
0x008a8cd5
0x008a8cd6
0x008a8cd8
0x008a8cdd
0x008a8d79
0x008a8d7e
0x00000000
0x008a8ce3
0x008a8ce6
0x008a8ce7
0x008a8cef
0x008a8d83
0x008a8d83
0x008a8d88
0x008a8d8d
0x008a8d8e
0x008a8d8f
0x008a8d90
0x008a8d95
0x008a8d99
0x008a8da4
0x008a8da6
0x008a8d9b
0x008a8d9b
0x008a8d9f
0x00000000
0x008a8da1
0x008a8da1
0x008a8da3
0x008a8da3
0x008a8d9f
0x008a8cf5
0x008a8cf7
0x008a8d71
0x008a8d76
0x008a8cf9
0x008a8cf9
0x008a8cfa
0x008a8d09
0x008a8d70
0x00000000
0x008a8d0b
0x008a8d0b
0x008a8d11
0x008a8d17
0x008a8d13
0x008a8d13
0x008a8d13
0x008a8d1c
0x008a8d22
0x008a8d1e
0x008a8d1e
0x008a8d1e
0x008a8d27
0x008a8d29
0x008a8d39
0x008a8d3e
0x008a8d49
0x008a8d52
0x008a8d55
0x008a8d6a
0x008a8d6c
0x00000000
0x008a8d57
0x008a8d5b
0x008a8d65
0x008a8d65
0x008a8d55
0x008a8d09
0x008a8cf7
0x008a8cef

APIs

_memmove.LIBCMT ref: 008A8D39

Strings

invalid string position, xrefs: 008A8D79
string too long, xrefs: 008A8D83

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: _memmove
String ID: invalid string position$string too long
API String ID: 4104443479-4289949731
Opcode ID: 717d5c1be1d46c16561e2c84a447b196d183fa6c521b9b3e293ee3b93b6d5334
Instruction ID: 7af3f60c5fb17bf87889e4bc3d0a82549d5fdc51808c63828e626b07ef858016
Opcode Fuzzy Hash: 717d5c1be1d46c16561e2c84a447b196d183fa6c521b9b3e293ee3b93b6d5334
Instruction Fuzzy Hash: BA21C332704208DBD7349E6CE88096BB7A9FF96711720092EF192D7B91DE31E8048771

Uniqueness

Uniqueness Score: -1.00%

Function 008BA8C3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 78
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E008BA8C3(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				short _t41;
				intOrPtr _t44;
				intOrPtr _t53;
				intOrPtr _t58;
				intOrPtr _t64;
				void* _t67;
				void* _t68;
				void* _t69;

				_push(0x34);
				E008C1E90(E008E15F8, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t68 - 0x40)) = __ecx;
				 *(_t68 - 0x24) =  *(_t68 - 0x24) & 0x00000000;
				 *((intOrPtr*)(_t68 - 0x3c)) =  *((intOrPtr*)(_t68 + 0x1c));
				 *((intOrPtr*)(_t68 - 0x38)) =  *((intOrPtr*)(_t68 + 8));
				asm("movsd");
				 *((intOrPtr*)(_t68 - 0x20)) = 7;
				 *((short*)(_t68 - 0x34)) = 0;
				asm("movsd");
				asm("movsw");
				 *(_t68 - 4) =  *(_t68 - 4) & 0;
				_t41 =  *((intOrPtr*)(_t68 + 0x24));
				if(_t41 != 0) {
					asm("cbw");
					 *((short*)(_t68 - 0x18)) = _t41;
					_t42 =  *((intOrPtr*)(_t68 + 0x20));
					asm("cbw");
					 *((short*)(_t68 - 0x16)) =  *((intOrPtr*)(_t68 + 0x20));
				} else {
					_t42 =  *((intOrPtr*)(_t68 + 0x20));
					asm("cbw");
					 *((short*)(_t68 - 0x18)) =  *((intOrPtr*)(_t68 + 0x20));
				}
				_t64 =  *((intOrPtr*)(_t68 - 0x40));
				_t53 =  *((intOrPtr*)(_t68 - 0x3c));
				_t67 = 0x10;
				while(1) {
					E008A7EF0(_t42, _t68 - 0x34, _t68, _t67, 0);
					_t44 =  *((intOrPtr*)(_t68 - 0x34));
					if( *((intOrPtr*)(_t68 - 0x20)) < 8) {
						_t44 = _t68 - 0x34;
					}
					_t61 = E008C58D5(_t44,  *(_t68 - 0x24), _t68 - 0x1c, _t53,  *((intOrPtr*)(_t64 + 8)));
					_t69 = _t69 + 0x14;
					if(_t42 != 0) {
						break;
					}
					_t67 = _t67 + _t67;
				}
				_t58 =  *((intOrPtr*)(_t68 - 0x34));
				_t45 = _t58;
				if( *((intOrPtr*)(_t68 - 0x20)) < 8) {
					_t45 = _t68 - 0x34;
					_t58 = _t68 - 0x34;
				}
				_t54 =  *((intOrPtr*)(_t68 - 0x38));
				E008AE1F7(_t58 + 2,  *((intOrPtr*)(_t68 - 0x38)), _t58 + 2, _t45 + _t61 * 2,  *((intOrPtr*)(_t68 + 0xc)),  *((intOrPtr*)(_t68 + 0x10)));
				E00892630(_t68 - 0x34, 1, 0);
				return E008C1E3F(_t54, _t64, _t67);
			}

0x008ba8c3
0x008ba8ca
0x008ba8cf
0x008ba8e0
0x008ba8e4
0x008ba8e9
0x008ba8ec
0x008ba8ed
0x008ba8f4
0x008ba8f8
0x008ba8f9
0x008ba8fb
0x008ba8fe
0x008ba903
0x008ba910
0x008ba912
0x008ba916
0x008ba919
0x008ba91b
0x008ba905
0x008ba905
0x008ba908
0x008ba90a
0x008ba90a
0x008ba91f
0x008ba922
0x008ba927
0x008ba928
0x008ba92e
0x008ba937
0x008ba93a
0x008ba93c
0x008ba93c
0x008ba950
0x008ba952
0x008ba957
0x00000000
0x00000000
0x008ba959
0x008ba959
0x008ba961
0x008ba964
0x008ba966
0x008ba968
0x008ba96b
0x008ba96b
0x008ba970
0x008ba97f
0x008ba98e
0x008ba99a

APIs

__EH_prolog3_GS.LIBCMT ref: 008BA8CA
_mbstowcs_s.LIBCMT ref: 008BA94B

Strings

!%x, xrefs: 008BA8DB

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: H_prolog3__mbstowcs_s
String ID: !%x
API String ID: 324237982-1893981228
Opcode ID: b5d5dc169edbf55936f226d2dfd628c13d6ecfa1c0a22c525d0dc60564d0871d
Instruction ID: f92c9e82e43cf1ced65008eb18783a4f8adadaa47ea70b13c7fc9c30eca5f29a
Opcode Fuzzy Hash: b5d5dc169edbf55936f226d2dfd628c13d6ecfa1c0a22c525d0dc60564d0871d
Instruction Fuzzy Hash: D8214571E00249ABDF04DF98C881BEEBBB6FF08304F514019F915A7252E771AA59CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 008BE1C7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E008BE1C7(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				char _t37;
				char _t38;
				char _t39;
				intOrPtr _t42;
				intOrPtr _t51;
				intOrPtr _t56;
				void* _t61;
				void* _t63;
				void* _t64;
				void* _t65;

				_push(0x2c);
				E008C1E90(E008E19F1, __ebx, __edi, __esi);
				_t61 = __ecx;
				 *(_t64 - 0x20) =  *(_t64 - 0x20) & 0x00000000;
				 *((intOrPtr*)(_t64 - 0x38)) =  *((intOrPtr*)(_t64 + 0x1c));
				_t37 = "!%x"; // 0x782521
				 *((intOrPtr*)(_t64 - 0x18)) = _t37;
				_t38 =  *0x8e57ac; // 0x0
				 *((intOrPtr*)(_t64 - 0x34)) =  *((intOrPtr*)(_t64 + 8));
				 *((char*)(_t64 - 0x14)) = _t38;
				 *((intOrPtr*)(_t64 - 0x1c)) = 0xf;
				 *((char*)(_t64 - 0x30)) = 0;
				_t39 =  *((intOrPtr*)(_t64 + 0x24));
				 *(_t64 - 4) =  *(_t64 - 4) & 0x00000000;
				if(_t39 != 0) {
					 *((char*)(_t64 - 0x16)) = _t39;
					_t40 =  *((intOrPtr*)(_t64 + 0x20));
					 *((char*)(_t64 - 0x15)) =  *((intOrPtr*)(_t64 + 0x20));
				} else {
					_t40 =  *((intOrPtr*)(_t64 + 0x20));
					 *((char*)(_t64 - 0x16)) =  *((intOrPtr*)(_t64 + 0x20));
				}
				_t51 =  *((intOrPtr*)(_t64 - 0x38));
				_t63 = 0x10;
				while(1) {
					E00892790(_t40, _t51, _t64 - 0x30, _t61, _t64, _t63, 0);
					_t42 =  *((intOrPtr*)(_t64 - 0x30));
					if( *((intOrPtr*)(_t64 - 0x1c)) < 0x10) {
						_t42 = _t64 - 0x30;
					}
					_t59 = E008C4488(_t42,  *(_t64 - 0x20), _t64 - 0x18, _t51,  *((intOrPtr*)(_t61 + 8)));
					_t65 = _t65 + 0x14;
					if(_t40 != 0) {
						break;
					}
					_t63 = _t63 + _t63;
				}
				_t56 =  *((intOrPtr*)(_t64 - 0x30));
				_t43 = _t56;
				if( *((intOrPtr*)(_t64 - 0x1c)) < 0x10) {
					_t43 = _t64 - 0x30;
					_t56 = _t64 - 0x30;
				}
				_t52 =  *((intOrPtr*)(_t64 - 0x34));
				E008BB174(_t56 + 1,  *((intOrPtr*)(_t64 - 0x34)), _t56 + 1, _t43 + _t59,  *((intOrPtr*)(_t64 + 0xc)),  *((intOrPtr*)(_t64 + 0x10)));
				E008925E0(_t64 - 0x30, 1, 0);
				return E008C1E3F(_t52, _t61, _t63);
			}

0x008be1c7
0x008be1ce
0x008be1d3
0x008be1db
0x008be1df
0x008be1e2
0x008be1e7
0x008be1ea
0x008be1ef
0x008be1f2
0x008be1f5
0x008be1fc
0x008be200
0x008be203
0x008be209
0x008be213
0x008be216
0x008be219
0x008be20b
0x008be20b
0x008be20e
0x008be20e
0x008be21c
0x008be221
0x008be222
0x008be228
0x008be231
0x008be234
0x008be236
0x008be236
0x008be24a
0x008be24c
0x008be251
0x00000000
0x00000000
0x008be253
0x008be253
0x008be25b
0x008be25e
0x008be260
0x008be262
0x008be265
0x008be265
0x008be26a
0x008be276
0x008be285
0x008be291

APIs

__EH_prolog3_GS.LIBCMT ref: 008BE1CE
_mbstowcs_s.LIBCMT ref: 008BE245

Strings

!%x, xrefs: 008BE1E2

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: H_prolog3__mbstowcs_s
String ID: !%x
API String ID: 324237982-1893981228
Opcode ID: cb958ed7c68a0d00c9957291dbdd97b9cc8b1e9657787faf10e05f065db18d30
Instruction ID: 54e6df0ccef8e868eff2da248be5d7142d5772360dee01f4d685473f784df5ff
Opcode Fuzzy Hash: cb958ed7c68a0d00c9957291dbdd97b9cc8b1e9657787faf10e05f065db18d30
Instruction Fuzzy Hash: 4221F071A04249AFEF05DF98D882BEEBBB9FB19304F040019F905AB242D6759A54CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 008B769F, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71
COMMON

Download Yara Rule

C-Code - Quality: 64%

			E008B769F(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t39;
				void* _t43;
				intOrPtr* _t50;
				signed int* _t54;
				void* _t64;
				void* _t67;
				signed int _t68;
				void* _t69;
				void* _t73;

				_t73 = __eflags;
				_push(0x38);
				E008C1E90(E008E13F0, __ebx, __edi, __esi);
				_t66 =  *((intOrPtr*)(_t69 + 0x1c));
				_t54 =  *(_t69 + 0x20);
				 *(_t69 - 0x34) =  *(_t69 - 0x34) & 0x00000000;
				 *((intOrPtr*)(_t69 - 0x3c)) =  *((intOrPtr*)(_t69 + 8));
				 *(_t69 - 0x40) =  *(_t69 + 0x24);
				_t39 = E008A36A0(_t69 - 0x44);
				 *(_t69 - 4) =  *(_t69 - 4) & 0x00000000;
				_push(_t39);
				_push( *((intOrPtr*)( *((intOrPtr*)(_t69 + 0x1c)) + 0x14)));
				_push(_t69 + 0x14);
				_push(_t69 + 0xc);
				_push(_t69 - 0x30);
				_push(__ecx);
				_t43 = E008B2931(_t54,  *((intOrPtr*)(_t69 + 0x1c)), __ecx, _t66, _t73);
				 *(_t69 - 4) =  *(_t69 - 4) | 0xffffffff;
				_t67 = _t43;
				E0089A750(_t69 - 0x44);
				_t64 = _t69 - 0x2f;
				if( *((char*)(_t69 - 0x30)) != 0x2d) {
					_t64 = _t69 - 0x30;
				}
				_t68 = E008AAC3D(_t64, _t69 - 0x38, _t67, _t69 - 0x34);
				if(E008BACCB(_t69 + 0xc, _t69 + 0x14) != 0) {
					 *_t54 =  *_t54 | 0x00000001;
				}
				if( *((intOrPtr*)(_t69 - 0x38)) == _t64 ||  *(_t69 - 0x34) != 0 || _t68 > 0xffff) {
					 *_t54 =  *_t54 | 0x00000002;
					__eflags =  *_t54;
				} else {
					if( *((char*)(_t69 - 0x30)) == 0x2d) {
						_t68 =  ~_t68;
					}
					 *( *(_t69 - 0x40)) = _t68;
				}
				_t50 =  *((intOrPtr*)(_t69 - 0x3c));
				 *_t50 =  *((intOrPtr*)(_t69 + 0xc));
				 *((intOrPtr*)(_t50 + 4)) =  *((intOrPtr*)(_t69 + 0x10));
				return E008C1E3F(_t54, _t64, _t68);
			}

0x008b769f
0x008b769f
0x008b76a6
0x008b76b0
0x008b76b5
0x008b76b8
0x008b76bc
0x008b76c2
0x008b76c9
0x008b76ce
0x008b76d2
0x008b76d3
0x008b76d9
0x008b76dd
0x008b76e1
0x008b76e2
0x008b76e3
0x008b76e8
0x008b76f2
0x008b76f4
0x008b76fd
0x008b7700
0x008b7702
0x008b7702
0x008b771a
0x008b7727
0x008b7729
0x008b7729
0x008b772f
0x008b774f
0x008b774f
0x008b773f
0x008b7743
0x008b7745
0x008b7745
0x008b774a
0x008b774a
0x008b7752
0x008b7758
0x008b775d
0x008b7765

APIs

__EH_prolog3_GS.LIBCMT ref: 008B76A6

Part of subcall function 008B2931: __EH_prolog3_GS.LIBCMT ref: 008B293B

__Stoulx.LIBCPMT ref: 008B770F

Strings

-, xrefs: 008B773F

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: H_prolog3_$Stoulx
String ID: -
API String ID: 1299326519-2547889144
Opcode ID: a2ff1b4972ed3119ac3adf9b6fbd08702e49da63aaa8d02c7d750cac515a647c
Instruction ID: 9ced5459e95e98bf801a7047d27e18d16ed9c3aa316d29e4e58e8e17c3f98725
Opcode Fuzzy Hash: a2ff1b4972ed3119ac3adf9b6fbd08702e49da63aaa8d02c7d750cac515a647c
Instruction Fuzzy Hash: 71211771800209AFDF25DF94D985AEEB7B9FF49310F04415AF815E7241DB34AA05CB96

Uniqueness

Uniqueness Score: -1.00%

Function 008B7768, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71
COMMON

Download Yara Rule

C-Code - Quality: 64%

			E008B7768(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t39;
				void* _t43;
				intOrPtr* _t50;
				signed int* _t54;
				void* _t64;
				void* _t67;
				signed int _t68;
				void* _t69;
				void* _t73;

				_t73 = __eflags;
				_push(0x38);
				E008C1E90(E008E13F0, __ebx, __edi, __esi);
				_t66 =  *((intOrPtr*)(_t69 + 0x1c));
				_t54 =  *(_t69 + 0x20);
				 *(_t69 - 0x34) =  *(_t69 - 0x34) & 0x00000000;
				 *((intOrPtr*)(_t69 - 0x3c)) =  *((intOrPtr*)(_t69 + 8));
				 *(_t69 - 0x40) =  *(_t69 + 0x24);
				_t39 = E008A36A0(_t69 - 0x44);
				 *(_t69 - 4) =  *(_t69 - 4) & 0x00000000;
				_push(_t39);
				_push( *((intOrPtr*)( *((intOrPtr*)(_t69 + 0x1c)) + 0x14)));
				_push(_t69 + 0x14);
				_push(_t69 + 0xc);
				_push(_t69 - 0x30);
				_push(__ecx);
				_t43 = E008B2931(_t54,  *((intOrPtr*)(_t69 + 0x1c)), __ecx, _t66, _t73);
				 *(_t69 - 4) =  *(_t69 - 4) | 0xffffffff;
				_t67 = _t43;
				E0089A750(_t69 - 0x44);
				_t64 = _t69 - 0x2f;
				if( *((char*)(_t69 - 0x30)) != 0x2d) {
					_t64 = _t69 - 0x30;
				}
				_t68 = E008AAC3D(_t64, _t69 - 0x38, _t67, _t69 - 0x34);
				if(E008BACCB(_t69 + 0xc, _t69 + 0x14) != 0) {
					 *_t54 =  *_t54 | 0x00000001;
				}
				if( *((intOrPtr*)(_t69 - 0x38)) == _t64 ||  *(_t69 - 0x34) != 0 || _t68 > 0xffffffff) {
					 *_t54 =  *_t54 | 0x00000002;
					__eflags =  *_t54;
				} else {
					if( *((char*)(_t69 - 0x30)) == 0x2d) {
						_t68 =  ~_t68;
					}
					 *( *(_t69 - 0x40)) = _t68;
				}
				_t50 =  *((intOrPtr*)(_t69 - 0x3c));
				 *_t50 =  *((intOrPtr*)(_t69 + 0xc));
				 *((intOrPtr*)(_t50 + 4)) =  *((intOrPtr*)(_t69 + 0x10));
				return E008C1E3F(_t54, _t64, _t68);
			}

0x008b7768
0x008b7768
0x008b776f
0x008b7779
0x008b777e
0x008b7781
0x008b7785
0x008b778b
0x008b7792
0x008b7797
0x008b779b
0x008b779c
0x008b77a2
0x008b77a6
0x008b77aa
0x008b77ab
0x008b77ac
0x008b77b1
0x008b77bb
0x008b77bd
0x008b77c6
0x008b77c9
0x008b77cb
0x008b77cb
0x008b77e3
0x008b77f0
0x008b77f2
0x008b77f2
0x008b77f8
0x008b7814
0x008b7814
0x008b7805
0x008b7809
0x008b780b
0x008b780b
0x008b7810
0x008b7810
0x008b7817
0x008b781d
0x008b7822
0x008b782a

APIs

__EH_prolog3_GS.LIBCMT ref: 008B776F

Part of subcall function 008B2931: __EH_prolog3_GS.LIBCMT ref: 008B293B

__Stoulx.LIBCPMT ref: 008B77D8

Strings

-, xrefs: 008B7805

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: H_prolog3_$Stoulx
String ID: -
API String ID: 1299326519-2547889144
Opcode ID: 0e67723a5bb614fa0248924894f69cb391ab447ff70db4dc26568c2e1f237730
Instruction ID: 4b5d1ba0bd0b5687f7f5cc9129e53439d2fb95c0cfc120400ec3f81e589ce07b
Opcode Fuzzy Hash: 0e67723a5bb614fa0248924894f69cb391ab447ff70db4dc26568c2e1f237730
Instruction Fuzzy Hash: 93212671800218AFDF25DFA8D985AEEB7B8FB49310F00456AF815E7281D734AE05CB62

Uniqueness

Uniqueness Score: -1.00%

Function 008B6D97, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71
COMMON

Download Yara Rule

C-Code - Quality: 64%

			E008B6D97(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t39;
				void* _t43;
				intOrPtr* _t50;
				signed int* _t54;
				void* _t64;
				void* _t67;
				signed int _t68;
				void* _t69;
				void* _t73;

				_t73 = __eflags;
				_push(0x38);
				E008C1E90(E008E13F0, __ebx, __edi, __esi);
				_t66 =  *((intOrPtr*)(_t69 + 0x1c));
				_t54 =  *(_t69 + 0x20);
				 *(_t69 - 0x34) =  *(_t69 - 0x34) & 0x00000000;
				 *((intOrPtr*)(_t69 - 0x3c)) =  *((intOrPtr*)(_t69 + 8));
				 *(_t69 - 0x40) =  *(_t69 + 0x24);
				_t39 = E008A36A0(_t69 - 0x44);
				 *(_t69 - 4) =  *(_t69 - 4) & 0x00000000;
				_push(_t39);
				_push( *((intOrPtr*)( *((intOrPtr*)(_t69 + 0x1c)) + 0x14)));
				_push(_t69 + 0x14);
				_push(_t69 + 0xc);
				_push(_t69 - 0x30);
				_push(__ecx);
				_t43 = E008B25AB(_t54,  *((intOrPtr*)(_t69 + 0x1c)), __ecx, _t66, _t73);
				 *(_t69 - 4) =  *(_t69 - 4) | 0xffffffff;
				_t67 = _t43;
				E0089A750(_t69 - 0x44);
				_t64 = _t69 - 0x2f;
				if( *((char*)(_t69 - 0x30)) != 0x2d) {
					_t64 = _t69 - 0x30;
				}
				_t68 = E008AAC3D(_t64, _t69 - 0x38, _t67, _t69 - 0x34);
				if(E008BACCB(_t69 + 0xc, _t69 + 0x14) != 0) {
					 *_t54 =  *_t54 | 0x00000001;
				}
				if( *((intOrPtr*)(_t69 - 0x38)) == _t64 ||  *(_t69 - 0x34) != 0 || _t68 > 0xffff) {
					 *_t54 =  *_t54 | 0x00000002;
					__eflags =  *_t54;
				} else {
					if( *((char*)(_t69 - 0x30)) == 0x2d) {
						_t68 =  ~_t68;
					}
					 *( *(_t69 - 0x40)) = _t68;
				}
				_t50 =  *((intOrPtr*)(_t69 - 0x3c));
				 *_t50 =  *((intOrPtr*)(_t69 + 0xc));
				 *((intOrPtr*)(_t50 + 4)) =  *((intOrPtr*)(_t69 + 0x10));
				return E008C1E3F(_t54, _t64, _t68);
			}

0x008b6d97
0x008b6d97
0x008b6d9e
0x008b6da8
0x008b6dad
0x008b6db0
0x008b6db4
0x008b6dba
0x008b6dc1
0x008b6dc6
0x008b6dca
0x008b6dcb
0x008b6dd1
0x008b6dd5
0x008b6dd9
0x008b6dda
0x008b6ddb
0x008b6de0
0x008b6dea
0x008b6dec
0x008b6df5
0x008b6df8
0x008b6dfa
0x008b6dfa
0x008b6e12
0x008b6e1f
0x008b6e21
0x008b6e21
0x008b6e27
0x008b6e47
0x008b6e47
0x008b6e37
0x008b6e3b
0x008b6e3d
0x008b6e3d
0x008b6e42
0x008b6e42
0x008b6e4a
0x008b6e50
0x008b6e55
0x008b6e5d

APIs

__EH_prolog3_GS.LIBCMT ref: 008B6D9E

Part of subcall function 008B25AB: __EH_prolog3_GS.LIBCMT ref: 008B25B5

__Stoulx.LIBCPMT ref: 008B6E07

Strings

-, xrefs: 008B6E37

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: H_prolog3_$Stoulx
String ID: -
API String ID: 1299326519-2547889144
Opcode ID: 6680734e49f8164cce2b862504faced54c7fd6e5f10511a07e88a0f2becc14bb
Instruction ID: b5b977738d9072de1ad3adb8d8a97d62a3402511f2db7940589f07fd7dd89c78
Opcode Fuzzy Hash: 6680734e49f8164cce2b862504faced54c7fd6e5f10511a07e88a0f2becc14bb
Instruction Fuzzy Hash: 8C214BB6800209AFDF25DF94D885AEDB7B9FF05314F144156F805E7241E734AE15CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 008B6E60, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71
COMMON

Download Yara Rule

C-Code - Quality: 64%

			E008B6E60(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t39;
				void* _t43;
				intOrPtr* _t50;
				signed int* _t54;
				void* _t64;
				void* _t67;
				signed int _t68;
				void* _t69;
				void* _t73;

				_t73 = __eflags;
				_push(0x38);
				E008C1E90(E008E13F0, __ebx, __edi, __esi);
				_t66 =  *((intOrPtr*)(_t69 + 0x1c));
				_t54 =  *(_t69 + 0x20);
				 *(_t69 - 0x34) =  *(_t69 - 0x34) & 0x00000000;
				 *((intOrPtr*)(_t69 - 0x3c)) =  *((intOrPtr*)(_t69 + 8));
				 *(_t69 - 0x40) =  *(_t69 + 0x24);
				_t39 = E008A36A0(_t69 - 0x44);
				 *(_t69 - 4) =  *(_t69 - 4) & 0x00000000;
				_push(_t39);
				_push( *((intOrPtr*)( *((intOrPtr*)(_t69 + 0x1c)) + 0x14)));
				_push(_t69 + 0x14);
				_push(_t69 + 0xc);
				_push(_t69 - 0x30);
				_push(__ecx);
				_t43 = E008B25AB(_t54,  *((intOrPtr*)(_t69 + 0x1c)), __ecx, _t66, _t73);
				 *(_t69 - 4) =  *(_t69 - 4) | 0xffffffff;
				_t67 = _t43;
				E0089A750(_t69 - 0x44);
				_t64 = _t69 - 0x2f;
				if( *((char*)(_t69 - 0x30)) != 0x2d) {
					_t64 = _t69 - 0x30;
				}
				_t68 = E008AAC3D(_t64, _t69 - 0x38, _t67, _t69 - 0x34);
				if(E008BACCB(_t69 + 0xc, _t69 + 0x14) != 0) {
					 *_t54 =  *_t54 | 0x00000001;
				}
				if( *((intOrPtr*)(_t69 - 0x38)) == _t64 ||  *(_t69 - 0x34) != 0 || _t68 > 0xffffffff) {
					 *_t54 =  *_t54 | 0x00000002;
					__eflags =  *_t54;
				} else {
					if( *((char*)(_t69 - 0x30)) == 0x2d) {
						_t68 =  ~_t68;
					}
					 *( *(_t69 - 0x40)) = _t68;
				}
				_t50 =  *((intOrPtr*)(_t69 - 0x3c));
				 *_t50 =  *((intOrPtr*)(_t69 + 0xc));
				 *((intOrPtr*)(_t50 + 4)) =  *((intOrPtr*)(_t69 + 0x10));
				return E008C1E3F(_t54, _t64, _t68);
			}

0x008b6e60
0x008b6e60
0x008b6e67
0x008b6e71
0x008b6e76
0x008b6e79
0x008b6e7d
0x008b6e83
0x008b6e8a
0x008b6e8f
0x008b6e93
0x008b6e94
0x008b6e9a
0x008b6e9e
0x008b6ea2
0x008b6ea3
0x008b6ea4
0x008b6ea9
0x008b6eb3
0x008b6eb5
0x008b6ebe
0x008b6ec1
0x008b6ec3
0x008b6ec3
0x008b6edb
0x008b6ee8
0x008b6eea
0x008b6eea
0x008b6ef0
0x008b6f0c
0x008b6f0c
0x008b6efd
0x008b6f01
0x008b6f03
0x008b6f03
0x008b6f08
0x008b6f08
0x008b6f0f
0x008b6f15
0x008b6f1a
0x008b6f22

APIs

__EH_prolog3_GS.LIBCMT ref: 008B6E67

Part of subcall function 008B25AB: __EH_prolog3_GS.LIBCMT ref: 008B25B5

__Stoulx.LIBCPMT ref: 008B6ED0

Strings

-, xrefs: 008B6EFD

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: H_prolog3_$Stoulx
String ID: -
API String ID: 1299326519-2547889144
Opcode ID: 90012e447845cc84c09e4a9bd724c03c2612e10723b2a95b0f2a71448baae04d
Instruction ID: 1688ebe4c48fbbf550c5d6eaf59f332213d7aa416af751630c4cab3f30063fb1
Opcode Fuzzy Hash: 90012e447845cc84c09e4a9bd724c03c2612e10723b2a95b0f2a71448baae04d
Instruction Fuzzy Hash: 3B214871800218AFDF25DF98D985AEEB7B8FB09310F00415AFC11E7381EB34AA15CB62

Uniqueness

Uniqueness Score: -1.00%

Function 008926B0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23
COMMON

Download Yara Rule

C-Code - Quality: 44%

			E008926B0(signed int __ebx, void* __edi, void* __ebp, signed int _a4, intOrPtr* _a8, intOrPtr _a12) {
				intOrPtr _v8;
				signed int _v12;
				void _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v52;
				signed int _v56;
				void _v64;
				signed int _v68;
				intOrPtr* _v72;
				intOrPtr _v96;
				intOrPtr* _v100;
				void* __esi;
				signed int _t90;
				intOrPtr _t93;
				signed int _t95;
				signed int _t107;
				intOrPtr* _t108;
				intOrPtr _t109;
				signed int _t117;
				signed int _t121;
				signed int _t124;
				signed int _t125;
				signed int _t131;
				signed int _t135;
				signed int _t138;
				signed int _t139;
				intOrPtr _t140;
				signed int _t147;
				signed int _t151;
				intOrPtr _t155;
				char* _t160;
				signed int _t164;
				signed int _t168;
				signed int _t178;
				signed int _t179;
				intOrPtr* _t180;
				signed int _t181;
				intOrPtr* _t182;
				signed int _t192;
				signed int _t194;
				intOrPtr _t205;
				intOrPtr* _t208;
				intOrPtr* _t209;
				signed int _t210;
				signed int _t211;
				signed int _t220;
				intOrPtr* _t225;
				signed int _t227;
				void* _t228;
				signed int _t229;
				signed int _t230;
				signed int _t231;
				intOrPtr _t232;
				void* _t233;
				signed int _t234;
				void* _t244;
				intOrPtr* _t257;
				intOrPtr* _t258;
				signed int _t259;
				signed int _t260;
				signed int _t261;
				intOrPtr _t262;
				void* _t287;
				intOrPtr _t288;
				signed int _t289;
				intOrPtr _t300;
				void* _t303;

				_t287 = __ebp;
				_t228 = __edi;
				_t178 = __ebx;
				_t90 = _a4;
				_t208 = 0;
				if(_t90 == 0) {
					L3:
					return _t208;
				} else {
					_t310 = _t90 - 0xffffffff;
					if(_t90 > 0xffffffff) {
						L4:
						E008A9BC9(__eflags);
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(_t228);
						_t229 = _a4;
						_t257 = _t208;
						_t209 = _a8;
						_t93 =  *((intOrPtr*)(_t229 + 0x10));
						__eflags = _t93 - _t209;
						if(__eflags < 0) {
							_push("invalid string position");
							E008A9C28(__eflags);
							goto L22;
						} else {
							_t164 = _t93 - _t209;
							_t209 =  *((intOrPtr*)(_t257 + 0x10));
							_push(_t178);
							_t205 = _a12;
							__eflags = _t164 - _t205;
							_t178 =  <  ? _t164 : _t205;
							__eflags = (_t164 | 0xffffffff) - _t209 - _t178;
							if(__eflags <= 0) {
								L22:
								_push("string too long");
								_t95 = E008A9BFA(__eflags);
								asm("int3");
								asm("int3");
								_push(_t178);
								_t179 = _v12;
								_push(_t257);
								_t258 = _t209;
								_t210 =  *(_t258 + 0x10);
								__eflags = (_t95 | 0xffffffff) - _t210 - _t179;
								if(__eflags <= 0) {
									_push("string too long");
									E008A9BFA(__eflags);
									goto L37;
								} else {
									_push(_t229);
									__eflags = _t179;
									if(_t179 == 0) {
										L35:
										return _t258;
									} else {
										_t229 = _t210 + _t179;
										__eflags = _t229 - 0xfffffffe;
										if(__eflags > 0) {
											L37:
											_push("string too long");
											E008A9BFA(__eflags);
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											_push(_t179);
											_t180 = _v28;
											_push(_t287);
											_t288 = _v24;
											_push(_t258);
											_push(_t229);
											_t230 =  *(_t180 + 0x10);
											_t259 = _t210;
											__eflags = _t230 - _t288;
											if(__eflags < 0) {
												_push("invalid string position");
												E008A9C28(__eflags);
												goto L63;
											} else {
												_t244 = _t230 - _t288;
												__eflags = _v20 - _t244;
												_t230 =  <  ? _v20 : _t244;
												__eflags = _t259 - _t180;
												if(_t259 != _t180) {
													__eflags = _t230 - 0xfffffffe;
													if(__eflags > 0) {
														goto L64;
													} else {
														_t140 =  *((intOrPtr*)(_t259 + 0x14));
														__eflags = _t140 - _t230;
														if(_t140 >= _t230) {
															__eflags = _t230;
															if(_t230 != 0) {
																goto L47;
															} else {
																 *(_t259 + 0x10) = _t230;
																__eflags = _t140 - 0x10;
																if(_t140 < 0x10) {
																	_t147 = _t259;
																	 *_t147 = 0;
																	return _t147;
																} else {
																	 *( *_t259) = 0;
																	return _t259;
																}
															}
														} else {
															E00892150(_t210, _t230,  *(_t259 + 0x10));
															__eflags = _t230;
															if(_t230 == 0) {
																L61:
																return _t259;
															} else {
																L47:
																__eflags =  *((intOrPtr*)(_t180 + 0x14)) - 0x10;
																if( *((intOrPtr*)(_t180 + 0x14)) >= 0x10) {
																	_t180 =  *_t180;
																}
																__eflags =  *((intOrPtr*)(_t259 + 0x14)) - 0x10;
																if( *((intOrPtr*)(_t259 + 0x14)) < 0x10) {
																	_t220 = _t259;
																} else {
																	_t220 =  *_t259;
																}
																__eflags = _t230;
																if(_t230 != 0) {
																	E008BFCF0(_t220, _t180 + _t288, _t230);
																}
																__eflags =  *((intOrPtr*)(_t259 + 0x14)) - 0x10;
																 *(_t259 + 0x10) = _t230;
																if( *((intOrPtr*)(_t259 + 0x14)) < 0x10) {
																	 *((char*)(_t259 + _t230)) = 0;
																	goto L61;
																} else {
																	 *((char*)( *_t259 + _t230)) = 0;
																	return _t259;
																}
															}
														}
													}
												} else {
													_t151 = _t230 + _t288;
													__eflags =  *(_t259 + 0x10) - _t151;
													if(__eflags < 0) {
														L63:
														_push("invalid string position");
														E008A9C28(__eflags);
														L64:
														_push("string too long");
														E008A9BFA(__eflags);
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														_push(_t180);
														_t181 = _v56;
														_push(_t259);
														_t260 = _t210;
														__eflags = _t181;
														if(_t181 == 0) {
															L77:
															_push(_t230);
															_t231 = _v52;
															__eflags = _t231 - 0xfffffffe;
															if(__eflags > 0) {
																_push("string too long");
																E008A9BFA(__eflags);
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																_push(_t181);
																_t182 = _v72;
																_push(_t288);
																_t289 = _v68;
																_push(_t260);
																_push(_t231);
																_t232 =  *((intOrPtr*)(_t182 + 0x10));
																_t261 = _t210;
																__eflags = _t232 - _t289;
																if(__eflags < 0) {
																	_push("invalid string position");
																	E008A9C28(__eflags);
																	goto L119;
																} else {
																	_t233 = _t232 - _t289;
																	__eflags = _v64 - _t233;
																	_t234 =  <  ? _v64 : _t233;
																	__eflags = _t261 - _t182;
																	if(_t261 != _t182) {
																		__eflags = _t234 - 0x7ffffffe;
																		if(__eflags > 0) {
																			goto L120;
																		} else {
																			_t109 =  *((intOrPtr*)(_t261 + 0x14));
																			__eflags = _t109 - _t234;
																			if(_t109 >= _t234) {
																				__eflags = _t234;
																				if(_t234 != 0) {
																					goto L103;
																				} else {
																					 *(_t261 + 0x10) = _t234;
																					__eflags = _t109 - 8;
																					if(_t109 < 8) {
																						_t117 = _t261;
																						__eflags = 0;
																						 *_t117 = 0;
																						return _t117;
																					} else {
																						__eflags = 0;
																						 *( *_t261) = 0;
																						return _t261;
																					}
																				}
																			} else {
																				E008922A0(_t210, _t234,  *(_t261 + 0x10));
																				__eflags = _t234;
																				if(_t234 == 0) {
																					L117:
																					return _t261;
																				} else {
																					L103:
																					__eflags =  *((intOrPtr*)(_t182 + 0x14)) - 8;
																					if( *((intOrPtr*)(_t182 + 0x14)) >= 8) {
																						_t182 =  *_t182;
																					}
																					__eflags =  *((intOrPtr*)(_t261 + 0x14)) - 8;
																					if( *((intOrPtr*)(_t261 + 0x14)) < 8) {
																						_t211 = _t261;
																					} else {
																						_t211 =  *_t261;
																					}
																					__eflags = _t234;
																					if(_t234 != 0) {
																						E008BFCF0(_t211, _t182 + _t289 * 2, _t234 + _t234);
																					}
																					__eflags =  *((intOrPtr*)(_t261 + 0x14)) - 8;
																					 *(_t261 + 0x10) = _t234;
																					if( *((intOrPtr*)(_t261 + 0x14)) < 8) {
																						__eflags = 0;
																						 *((short*)(_t261 + _t234 * 2)) = 0;
																						goto L117;
																					} else {
																						__eflags = 0;
																						 *((short*)( *_t261 + _t234 * 2)) = 0;
																						return _t261;
																					}
																				}
																			}
																		}
																	} else {
																		_t121 = _t234 + _t289;
																		__eflags =  *(_t261 + 0x10) - _t121;
																		if(__eflags < 0) {
																			L119:
																			_push("invalid string position");
																			E008A9C28(__eflags);
																			L120:
																			_push("string too long");
																			E008A9BFA(__eflags);
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			_push(_t261);
																			_t262 = _v96;
																			_t107 = E008A9C56(_t262);
																			__eflags = _t107;
																			_t108 = _v100;
																			 *_t108 = _t262;
																			if(_t107 == 0) {
																				 *((intOrPtr*)(_t108 + 4)) = 0x8f2008;
																				return _t108;
																			} else {
																				 *((intOrPtr*)(_t108 + 4)) = 0x8f2000;
																				return _t108;
																			}
																		} else {
																			__eflags =  *((intOrPtr*)(_t261 + 0x14)) - 8;
																			 *(_t261 + 0x10) = _t121;
																			if( *((intOrPtr*)(_t261 + 0x14)) >= 8) {
																				_t210 =  *_t261;
																			}
																			__eflags = 0;
																			 *((short*)(_t210 + _t121 * 2)) = 0;
																			E00892D30(_t182, _t261, _t289, 0, _t289);
																			return _t261;
																		}
																	}
																}
															} else {
																_t124 =  *(_t260 + 0x14);
																__eflags = _t124 - _t231;
																if(_t124 >= _t231) {
																	__eflags = _t231;
																	if(_t231 != 0) {
																		goto L80;
																	} else {
																		 *(_t260 + 0x10) = _t231;
																		__eflags = _t124 - 0x10;
																		if(_t124 < 0x10) {
																			_t131 = _t260;
																			 *_t131 = 0;
																			return _t131;
																		} else {
																			 *( *_t260) = 0;
																			return _t260;
																		}
																	}
																} else {
																	E00892150(_t260, _t231,  *(_t260 + 0x10));
																	__eflags = _t231;
																	if(_t231 == 0) {
																		L92:
																		return _t260;
																	} else {
																		L80:
																		__eflags =  *(_t260 + 0x14) - 0x10;
																		if( *(_t260 + 0x14) < 0x10) {
																			_t125 = _t260;
																		} else {
																			_t125 =  *_t260;
																		}
																		__eflags = _t231;
																		if(_t231 != 0) {
																			E008BFCF0(_t125, _t181, _t231);
																		}
																		__eflags =  *(_t260 + 0x14) - 0x10;
																		 *(_t260 + 0x10) = _t231;
																		if( *(_t260 + 0x14) < 0x10) {
																			 *((char*)(_t260 + _t231)) = 0;
																			goto L92;
																		} else {
																			 *((char*)( *_t260 + _t231)) = 0;
																			return _t260;
																		}
																	}
																}
															}
														} else {
															_t210 =  *(_t260 + 0x14);
															__eflags = _t210 - 0x10;
															if(_t210 < 0x10) {
																_t135 = _t260;
															} else {
																_t135 =  *_t260;
															}
															__eflags = _t181 - _t135;
															if(_t181 < _t135) {
																goto L77;
															} else {
																__eflags = _t210 - 0x10;
																if(_t210 < 0x10) {
																	_t227 = _t260;
																} else {
																	_t227 =  *_t260;
																}
																__eflags =  *(_t260 + 0x10) + _t227 - _t181;
																if( *(_t260 + 0x10) + _t227 <= _t181) {
																	goto L77;
																} else {
																	__eflags = _t210 - 0x10;
																	if(_t210 < 0x10) {
																		_push(_v52);
																		_t138 = _t260;
																		_t192 = _t181 - _t138;
																		__eflags = _t192;
																		_push(_t192);
																		_push(_t260);
																		L38();
																		return _t138;
																	} else {
																		_push(_v52);
																		_t139 =  *_t260;
																		_t194 = _t181 - _t139;
																		__eflags = _t194;
																		_push(_t194);
																		_push(_t260);
																		L38();
																		return _t139;
																	}
																}
															}
														}
													} else {
														__eflags =  *((intOrPtr*)(_t259 + 0x14)) - 0x10;
														 *(_t259 + 0x10) = _t151;
														if( *((intOrPtr*)(_t259 + 0x14)) >= 0x10) {
															_t210 =  *_t259;
														}
														 *((char*)(_t210 + _t151)) = 0;
														E00892C50(_t180, _t259, _t288, 0, _t288);
														return _t259;
													}
												}
											}
										} else {
											_t155 =  *((intOrPtr*)(_t258 + 0x14));
											__eflags = _t155 - _t229;
											if(_t155 >= _t229) {
												__eflags = _t229;
												if(_t229 != 0) {
													goto L28;
												} else {
													 *(_t258 + 0x10) = _t229;
													__eflags = _t155 - 0x10;
													if(_t155 < 0x10) {
														_t160 = _t258;
														 *_t160 = 0;
														return _t160;
													} else {
														 *((char*)( *_t258)) = 0;
														return _t258;
													}
												}
											} else {
												E00892150(_t258, _t229, _t210);
												__eflags = _t229;
												if(_t229 == 0) {
													goto L35;
												} else {
													L28:
													E00892100(_t258,  *(_t258 + 0x10), _t179, _v8);
													__eflags =  *((intOrPtr*)(_t258 + 0x14)) - 0x10;
													 *(_t258 + 0x10) = _t229;
													if( *((intOrPtr*)(_t258 + 0x14)) < 0x10) {
														 *((char*)(_t258 + _t229)) = 0;
														goto L35;
													} else {
														 *((char*)( *_t258 + _t229)) = 0;
														return _t258;
													}
												}
											}
										}
									}
								}
							} else {
								__eflags = _t178;
								if(_t178 == 0) {
									L20:
									return _t257;
								} else {
									_push(_t287);
									_t300 = _t209 + _t178;
									_t168 = E00892460(_t178, _t257, _t229, _t257, _t300, _t300, 0);
									__eflags = _t168;
									if(_t168 == 0) {
										L19:
										goto L20;
									} else {
										__eflags =  *((intOrPtr*)(_t229 + 0x14)) - 0x10;
										if( *((intOrPtr*)(_t229 + 0x14)) >= 0x10) {
											_t229 =  *_t229;
										}
										__eflags =  *((intOrPtr*)(_t257 + 0x14)) - 0x10;
										if( *((intOrPtr*)(_t257 + 0x14)) < 0x10) {
											_t225 = _t257;
										} else {
											_t225 =  *_t257;
										}
										__eflags = _t178;
										if(_t178 != 0) {
											__eflags =  *((intOrPtr*)(_t257 + 0x10)) + _t225;
											E008BFCF0( *((intOrPtr*)(_t257 + 0x10)) + _t225, _a8 + _t229, _t178);
										}
										__eflags =  *((intOrPtr*)(_t257 + 0x14)) - 0x10;
										 *((intOrPtr*)(_t257 + 0x10)) = _t300;
										if( *((intOrPtr*)(_t257 + 0x14)) < 0x10) {
											 *((char*)(_t257 + _t300)) = 0;
											goto L19;
										} else {
											 *((char*)( *_t257 + _t300)) = 0;
											return _t257;
										}
									}
								}
							}
						}
					} else {
						_push(_t90);
						_t208 = E008BED02(__ebx, __edi, _t310);
						_t303 = _t303 + 4;
						if(_t208 == 0) {
							goto L4;
						} else {
							goto L3;
						}
					}
				}
			}

0x008926b0
0x008926b0
0x008926b0
0x008926b0
0x008926b4
0x008926b8
0x008926ce
0x008926d0
0x008926ba
0x008926ba
0x008926bd
0x008926d3
0x008926d3
0x008926d8
0x008926d9
0x008926da
0x008926db
0x008926dc
0x008926dd
0x008926de
0x008926df
0x008926e1
0x008926e2
0x008926e6
0x008926e8
0x008926ec
0x008926ef
0x008926f1
0x0089277a
0x0089277f
0x00000000
0x008926f7
0x008926f7
0x008926f9
0x008926fc
0x008926fd
0x00892701
0x00892703
0x0089270b
0x0089270d
0x00892784
0x00892784
0x00892789
0x0089278e
0x0089278f
0x00892790
0x00892791
0x00892798
0x00892799
0x0089279b
0x008927a0
0x008927a2
0x0089281d
0x00892822
0x00000000
0x008927a4
0x008927a4
0x008927a5
0x008927a7
0x00892815
0x0089281a
0x008927a9
0x008927a9
0x008927ac
0x008927af
0x00892827
0x00892827
0x0089282c
0x00892831
0x00892832
0x00892833
0x00892834
0x00892835
0x00892836
0x00892837
0x00892838
0x00892839
0x0089283a
0x0089283b
0x0089283c
0x0089283d
0x0089283e
0x0089283f
0x00892840
0x00892841
0x00892845
0x00892846
0x0089284a
0x0089284b
0x0089284c
0x0089284f
0x00892851
0x00892853
0x00892926
0x0089292b
0x00000000
0x00892859
0x00892859
0x0089285b
0x0089285f
0x00892864
0x00892866
0x00892896
0x00892899
0x00000000
0x0089289f
0x0089289f
0x008928a2
0x008928a4
0x008928c5
0x008928c7
0x00000000
0x008928c9
0x008928c9
0x008928cc
0x008928cf
0x008928e0
0x008928e5
0x008928e8
0x008928d1
0x008928d4
0x008928dc
0x008928dc
0x008928cf
0x008928a6
0x008928aa
0x008928af
0x008928b1
0x0089291d
0x00892923
0x008928b3
0x008928b3
0x008928b3
0x008928b7
0x008928b9
0x008928b9
0x008928bb
0x008928bf
0x008928eb
0x008928c1
0x008928c1
0x008928c1
0x008928ed
0x008928ef
0x008928f7
0x008928fc
0x008928ff
0x00892903
0x00892906
0x00892919
0x00000000
0x00892908
0x0089290a
0x00892914
0x00892914
0x00892906
0x008928b1
0x008928a4
0x00892868
0x00892868
0x0089286b
0x0089286e
0x00892930
0x00892930
0x00892935
0x0089293a
0x0089293a
0x0089293f
0x00892944
0x00892945
0x00892946
0x00892947
0x00892948
0x00892949
0x0089294a
0x0089294b
0x0089294c
0x0089294d
0x0089294e
0x0089294f
0x00892950
0x00892951
0x00892955
0x00892956
0x00892958
0x0089295a
0x008929b3
0x008929b3
0x008929b4
0x008929b8
0x008929bb
0x00892a37
0x00892a3c
0x00892a41
0x00892a42
0x00892a43
0x00892a44
0x00892a45
0x00892a46
0x00892a47
0x00892a48
0x00892a49
0x00892a4a
0x00892a4b
0x00892a4c
0x00892a4d
0x00892a4e
0x00892a4f
0x00892a50
0x00892a51
0x00892a55
0x00892a56
0x00892a5a
0x00892a5b
0x00892a5c
0x00892a5f
0x00892a61
0x00892a63
0x00892b45
0x00892b4a
0x00000000
0x00892a69
0x00892a69
0x00892a6b
0x00892a6f
0x00892a74
0x00892a76
0x00892aa7
0x00892aad
0x00000000
0x00892ab3
0x00892ab3
0x00892ab6
0x00892ab8
0x00892ad9
0x00892adb
0x00000000
0x00892add
0x00892add
0x00892ae0
0x00892ae3
0x00892af6
0x00892af8
0x00892afd
0x00892b00
0x00892ae5
0x00892ae7
0x00892aea
0x00892af2
0x00892af2
0x00892ae3
0x00892aba
0x00892abe
0x00892ac3
0x00892ac5
0x00892b3c
0x00892b42
0x00892ac7
0x00892ac7
0x00892ac7
0x00892acb
0x00892acd
0x00892acd
0x00892acf
0x00892ad3
0x00892b03
0x00892ad5
0x00892ad5
0x00892ad5
0x00892b05
0x00892b07
0x00892b12
0x00892b17
0x00892b1a
0x00892b1e
0x00892b21
0x00892b36
0x00892b38
0x00000000
0x00892b23
0x00892b25
0x00892b27
0x00892b31
0x00892b31
0x00892b21
0x00892ac5
0x00892ab8
0x00892a78
0x00892a78
0x00892a7b
0x00892a7e
0x00892b4f
0x00892b4f
0x00892b54
0x00892b59
0x00892b59
0x00892b5e
0x00892b63
0x00892b64
0x00892b65
0x00892b66
0x00892b67
0x00892b68
0x00892b69
0x00892b6a
0x00892b6b
0x00892b6c
0x00892b6d
0x00892b6e
0x00892b6f
0x00892b70
0x00892b71
0x00892b76
0x00892b7e
0x00892b80
0x00892b84
0x00892b86
0x00892b93
0x00892b9b
0x00892b88
0x00892b88
0x00892b90
0x00892b90
0x00892a84
0x00892a84
0x00892a88
0x00892a8b
0x00892a8d
0x00892a8d
0x00892a8f
0x00892a92
0x00892a99
0x00892aa4
0x00892aa4
0x00892a7e
0x00892a76
0x008929bd
0x008929bd
0x008929c0
0x008929c2
0x008929dd
0x008929df
0x00000000
0x008929e1
0x008929e1
0x008929e4
0x008929e7
0x008929f6
0x008929fb
0x008929fe
0x008929e9
0x008929ec
0x008929f3
0x008929f3
0x008929e7
0x008929c4
0x008929ca
0x008929cf
0x008929d1
0x00892a2f
0x00892a34
0x008929d3
0x008929d3
0x008929d3
0x008929d7
0x00892a01
0x008929d9
0x008929d9
0x008929d9
0x00892a03
0x00892a05
0x00892a0a
0x00892a0f
0x00892a12
0x00892a16
0x00892a19
0x00892a2b
0x00000000
0x00892a1b
0x00892a1d
0x00892a26
0x00892a26
0x00892a19
0x008929d1
0x008929c2
0x0089295c
0x0089295c
0x0089295f
0x00892962
0x00892968
0x00892964
0x00892964
0x00892964
0x0089296a
0x0089296c
0x00000000
0x0089296e
0x0089296e
0x00892971
0x00892977
0x00892973
0x00892973
0x00892973
0x0089297e
0x00892980
0x00000000
0x00892982
0x00892982
0x00892985
0x0089299d
0x008929a1
0x008929a5
0x008929a5
0x008929a7
0x008929a8
0x008929a9
0x008929b0
0x00892987
0x00892987
0x0089298b
0x0089298f
0x0089298f
0x00892991
0x00892992
0x00892993
0x0089299a
0x0089299a
0x00892985
0x00892980
0x0089296c
0x00892874
0x00892874
0x00892878
0x0089287b
0x0089287d
0x0089287d
0x00892880
0x00892888
0x00892893
0x00892893
0x0089286e
0x00892866
0x008927b1
0x008927b1
0x008927b4
0x008927b6
0x008927eb
0x008927ed
0x00000000
0x008927ef
0x008927ef
0x008927f2
0x008927f5
0x00892804
0x00892809
0x0089280c
0x008927f7
0x008927fa
0x00892801
0x00892801
0x008927f5
0x008927b8
0x008927bc
0x008927c1
0x008927c3
0x00000000
0x008927c5
0x008927c5
0x008927cf
0x008927d4
0x008927d8
0x008927db
0x00892811
0x00000000
0x008927dd
0x008927df
0x008927e8
0x008927e8
0x008927db
0x008927c3
0x008927b6
0x008927af
0x008927a7
0x0089270f
0x0089270f
0x00892711
0x00892772
0x00892777
0x00892713
0x00892713
0x00892714
0x0089271c
0x00892721
0x00892723
0x00892771
0x00000000
0x00892725
0x00892725
0x00892729
0x0089272b
0x0089272b
0x0089272d
0x00892731
0x00892737
0x00892733
0x00892733
0x00892733
0x00892739
0x0089273b
0x00892748
0x0089274b
0x00892750
0x00892753
0x00892757
0x0089275a
0x0089276d
0x00000000
0x0089275c
0x0089275e
0x00892768
0x00892768
0x0089275a
0x00892723
0x00892711
0x0089270d
0x008926bf
0x008926bf
0x008926c5
0x008926c7
0x008926cc
0x00000000
0x00000000
0x00000000
0x00000000
0x008926cc
0x008926bd

APIs

Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 008926D3

Part of subcall function 008BED02: _malloc.LIBCMT ref: 008BED1A

Strings

invalid string position, xrefs: 00892930, 00892B4F
string too long, xrefs: 00892784, 00892827, 0089293A, 00892B59

Memory Dump Source

Source File: 00000000.00000002.214794160.0000000000891000.00000020.00020000.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.214790253.0000000000890000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214831241.00000000008E2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214835116.00000000008E3000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.214845009.00000000008F2000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.214848772.00000000008F3000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.214857743.00000000008F7000.00000020.00020000.sdmp Download File
Associated: 00000000.00000002.214861741.00000000008F8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_Coopera.jbxd

Similarity

API ID: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception_malloc
String ID: invalid string position$string too long
API String ID: 657562460-4289949731
Opcode ID: 737d39719dfb5514b0e0365ef8def2ba1931d4df454a09b11e3cfcc8fefc574a
Instruction ID: d4c3f9ec9c8f1dbd4c278617b337260c87dc97a9fb6a0a11df79c02dfeb4085b
Opcode Fuzzy Hash: 737d39719dfb5514b0e0365ef8def2ba1931d4df454a09b11e3cfcc8fefc574a
Instruction Fuzzy Hash: 32D0A9B030920627AE197238AC2626F2084EF24330B1C0A3CB662C5DE2CA20C8608623

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report Coopera.exe

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

Cryptography:

Compliance:

Networking:

System Summary:

Data Obfuscation:

Malware Analysis System Evasion:

Anti Debugging:

Language, Device and Operating System Detection:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Network Behavior

Code Manipulations

Statistics

CPU Usage

Memory Usage

System Behavior

Analysis Process: Coopera.exe PID: 5276 Parent PID: 5704

General

Chronological Activities

Disassembly

Code Analysis

Analysis Process: Coopera.exe PID: 5276 Parent PID: 5704 Coopera.exeCOMMON

Executed Functions

Non-executed Functions

Function 008CF822, Relevance: 16.8, APIs: 11, Instructions: 250timeCOMMON

Function 008915E0, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 87encryptionCOMMON

Function 008A6AA0, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 76COMMON

Function 008CF822, Relevance: 16.8, APIs: 11, Instructions: 250
timeCOMMON

Function 008915E0, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 87
encryptionCOMMON

Function 008A6AA0, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 76
COMMON

Function 008D9DB5, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56
COMMON

Function 008C4147, Relevance: 3.0, APIs: 2, Instructions: 8
COMMON

Function 00891770, Relevance: 2.7, Strings: 2, Instructions: 160
COMMONCrypto

Function 008C761E, Relevance: 1.5, APIs: 1, Instructions: 20
COMMON

Function 008C4116, Relevance: 1.5, APIs: 1, Instructions: 6
COMMON

Function 008C6777, Relevance: .3, Instructions: 345
COMMONCrypto

Function 008C6BAC, Relevance: .3, Instructions: 341
COMMONCrypto

Function 008C6342, Relevance: .3, Instructions: 331
COMMONCrypto

Function 008C5F2A, Relevance: .3, Instructions: 323
COMMONCrypto

Function 008C0870, Relevance: .1, Instructions: 76
COMMONCrypto

Function 008BC9B9, Relevance: 28.8, APIs: 19, Instructions: 288
COMMON

Function 008C71AE, Relevance: 19.8, APIs: 13, Instructions: 253
stringCOMMON

Function 008AB3E8, Relevance: 18.2, APIs: 12, Instructions: 201
COMMON

Function 00892F40, Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 334
COMMON

Function 008B4768, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 75
COMMON

Function 008C0490, Relevance: 16.6, APIs: 11, Instructions: 73
COMMON

Function 008B454B, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79
COMMON

Function 008C0447, Relevance: 15.1, APIs: 10, Instructions: 51
COMMON

Function 008A5030, Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 261
COMMON

Function 008BD504, Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 257
COMMON

Function 008B7FA9, Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 257
COMMON

Function 0089F5F0, Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 173
COMMON

Function 00891FD0, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 76
COMMON

Function 00892680, Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 413
COMMON

Function 008A0650, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 96
COMMON

Function 00891500, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 72
COMMON

Function 008BB1A4, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Function 008AE2C0, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Function 008AE227, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Function 008BB23D, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Function 008AE3F2, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Function 008AE359, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Function 008AE48B, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Function 008BB4A1, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Function 008BB408, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Function 008AE5BD, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Function 008AE524, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Function 008AE8BA, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Function 008AE9EC, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Function 008AE953, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Function 008AEA85, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Function 008AED82, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Function 008AEE1B, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Function 008A6860, Relevance: 10.7, APIs: 7, Instructions: 190
registryCOMMON

Function 008C4821, Relevance: 10.7, APIs: 7, Instructions: 184
COMMON

Function 0089F6B0, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 116
COMMON

Function 008C27F5, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 103
COMMON

Function 00898010, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92
COMMON

Function 00898140, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92
COMMON

Function 00898270, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92
COMMON

Function 008A7830, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92
COMMON

Function 00897DB0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92
COMMON

Function 00897EE0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92
COMMON

Function 0089A620, Relevance: 10.6, APIs: 7, Instructions: 50
COMMON

Function 008AF081, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49
COMMON

Function 008BB2D6, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49
COMMON

Function 008BB36F, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49
COMMON

Function 008BB53A, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49
COMMON

Function 008AE6EF, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49
COMMON

Function 008AE656, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49
COMMON

Function 008AE788, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49
COMMON

Function 008AE821, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49
COMMON

Function 008AEBB7, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49
COMMON

Function 008AEB1E, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49
COMMON

Function 008AECE9, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49
COMMON

Function 008AEC50, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49
COMMON

Function 008AEEB4, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49
COMMON

Function 008AEFE8, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49
COMMON

Function 008AEF4D, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49
COMMON